Win64 compile fix after r1256490.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-09-30  Alex Christensen  <alex.christensen@flexsim.com>
2
3         Win64 compile fix after r1256490.
4         https://bugs.webkit.org/show_bug.cgi?id=122117
5
6         Reviewed by Michael Saboff.
7
8         * jit/JITStubsMSVC64.asm:
9         Implemented getHostCallReturnValue for Windows x86_64 processors.
10
11 2013-09-30  Andreas Kling  <akling@apple.com>
12
13         Pass VM instead of JSGlobalObject to RegExp constructor.
14         <https://webkit.org/b/122113>
15
16         Reviewed by Darin Adler.
17
18         RegExps don't need anything from the global object during their
19         construction and only use it to get to the VM. Reduce loads by
20         simply passing the VM around instead.
21
22         JSC release binary size -= 120 bytes(!)
23
24 2013-09-30  Patrick Gansterer  <paroga@webkit.org>
25
26         Fix compilation for COMPILER(MSVC) && !CPU(X86) after r156490.
27         https://bugs.webkit.org/show_bug.cgi?id=122102
28
29         Reviewed by Geoffrey Garen.
30
31         _AddressOfReturnAddress() is supported for all platforms of
32         ths Microsoft compiler, so we can use it for !CPU(X86) too.
33
34         * jit/JITOperationWrappers.h:
35
36 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
37
38         Unreviewed. Build fix for DEBUG_VERBOSE mode after r156511.
39
40         * dfg/DFGSpeculativeJIT.cpp:
41         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
42
43 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
44
45         Unreviewed. Speculative build fix on ARMv7 Thumb2 after r156490.
46
47         * dfg/DFGSpeculativeJIT.cpp:
48         (JSC::DFG::fmodAsDFGOperation):
49
50 2013-09-29  Nadav Rotem  <nrotem@apple.com>
51
52         FTL: refactor compileAdd and compileArithSub into one function.
53         https://bugs.webkit.org/show_bug.cgi?id=122081
54
55         Reviewed by Geoffrey Garen.
56
57         * ftl/FTLLowerDFGToLLVM.cpp:
58         (JSC::FTL::LowerDFGToLLVM::compileNode):
59         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
60
61 2013-09-29  Andreas Kling  <akling@apple.com>
62
63         Pass VM instead of JSGlobalObject to function constructors.
64         <https://webkit.org/b/122082>
65
66         Reviewed by Darin Adler.
67
68         Functions don't need anything from the global object during their
69         construction and only use it to get to the VM. Reduce loads by
70         simply passing the VM around instead.
71
72         This patch is mostly mechanical, I just changed the signature of
73         InternalFunction and worked my way from there until it built.
74
75         JSC release binary size -= 4840 bytes.
76
77 2013-09-29  Andreas Kling  <akling@apple.com>
78
79         Pass VM instead of JSGlobalObject to ArrayPrototype constructor.
80         <https://webkit.org/b/122079>
81
82         Reviewed by Geoffrey Garen.
83
84         ArrayPrototype doesn't need the global object for anything during
85         construction, so reduce the amount of loads by just passing the VM.
86
87 2013-09-29  Andreas Kling  <akling@apple.com>
88
89         Pass VM instead of ExecState to simple builtin constructors.
90         <https://webkit.org/b/122077>
91
92         Reviewed by Sam Weinig.
93
94         None of the simple builtins need the ExecState for anything during
95         their construction, so reduce the amount of loads by just passing
96         the VM around instead.
97
98 2013-09-29  Nadav Rotem  <nrotem@apple.com>
99
100         Refactor code for finding x86 scratch register.
101         https://bugs.webkit.org/show_bug.cgi?id=122072
102
103         Reviewed by Geoffrey Garen.
104
105         * assembler/MacroAssemblerX86Common.h:
106         (JSC::MacroAssemblerX86Common::getUnusedRegister):
107         (JSC::MacroAssemblerX86Common::store8):
108         (JSC::MacroAssemblerX86Common::store16):
109
110 2013-09-28  Mark Rowe  <mrowe@apple.com>
111
112         Take Xcode's advice and enable some extra warnings.
113
114         Reviewed by Sam Weinig.
115
116         * Configurations/Base.xcconfig:
117         * JavaScriptCore.xcodeproj/project.pbxproj:
118
119 2013-09-28  Andreas Kling  <akling@apple.com>
120
121         Pass VM instead of ExecState to JSFunction constructors.
122         <https://webkit.org/b/122014>
123
124         Reviewed by Geoffrey Garen.
125
126         JSFunction doesn't need the ExecState for anything during its
127         construction, so reduce the amount of loads by just passing the
128         VM around instead.
129
130         Factored out putDirectNonIndexAccessor() from the existing
131         putDirectAccessor() to avoid snowballing the patch (and because
132         it's kinda neat to avoid the extra branch.)
133
134         JSC release binary size -= 9680 bytes.
135
136 2013-09-28  Mark Rowe  <mrowe@apple.com>
137
138         JavaScriptCore fails to build with newer versions of clang.
139
140         Reviewed by Sam Weinig.
141
142         * interpreter/Interpreter.cpp: Remove an unused function.
143         * parser/SourceProvider.cpp: Ditto.
144         * runtime/GCActivityCallback.cpp: #if a constant that's only used on non-CF platforms.
145         * runtime/JSCJSValue.cpp: Remove an unused constant.
146         * runtime/JSString.cpp: Ditto.
147
148 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
149
150         Get rid of SetMyScope/SetCallee; use normal variables for the scope and callee of inlined call frames of closures
151         https://bugs.webkit.org/show_bug.cgi?id=122047
152
153         Reviewed by Oliver Hunt.
154         
155         Currently we have the DFG reserve space for inline call frames at exactly the same stack
156         offsets that you would have gotten if the baseline interpreter/JIT had made the calls.
157         We need to get rid of that. One of the weirder parts of this is that we have special DFG
158         operations for accessing these inlined call frame headers. It's really hard for any
159         analysis of DFG IR to see what the liveness of any of those frame header "variables" is;
160         the liveness behaves like flushed arguments (it's all live until end of the inlinee) but
161         we don't have anything like a Flush node for those special variables.
162         
163         This patch gets rid of the special operations for accessing inline call frame headers.
164         GetMyScope and GetCallee still remain, and are only for accessing the machine call
165         frame's scope/callee entries. The inline call frame's scope/callee now behave like
166         normal variables, and have Flush behavior just like inline arguments.
167
168         * dfg/DFGAbstractInterpreterInlines.h:
169         (JSC::DFG::::executeEffects):
170         * dfg/DFGByteCodeParser.cpp:
171         (JSC::DFG::ByteCodeParser::getDirect):
172         (JSC::DFG::ByteCodeParser::get):
173         (JSC::DFG::ByteCodeParser::setDirect):
174         (JSC::DFG::ByteCodeParser::set):
175         (JSC::DFG::ByteCodeParser::setLocal):
176         (JSC::DFG::ByteCodeParser::setArgument):
177         (JSC::DFG::ByteCodeParser::flush):
178         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
179         (JSC::DFG::ByteCodeParser::handleInlining):
180         (JSC::DFG::ByteCodeParser::getScope):
181         * dfg/DFGCSEPhase.cpp:
182         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
183         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
184         (JSC::DFG::CSEPhase::performNodeCSE):
185         * dfg/DFGClobberize.h:
186         (JSC::DFG::clobberize):
187         * dfg/DFGFixupPhase.cpp:
188         (JSC::DFG::FixupPhase::fixupNode):
189         * dfg/DFGNodeType.h:
190         * dfg/DFGPredictionPropagationPhase.cpp:
191         (JSC::DFG::PredictionPropagationPhase::propagate):
192         * dfg/DFGSafeToExecute.h:
193         (JSC::DFG::safeToExecute):
194         * dfg/DFGSpeculativeJIT32_64.cpp:
195         (JSC::DFG::SpeculativeJIT::compile):
196         * dfg/DFGSpeculativeJIT64.cpp:
197         (JSC::DFG::SpeculativeJIT::compile):
198
199 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
200
201         Deoptimize 32-bit deoptimization
202         https://bugs.webkit.org/show_bug.cgi?id=122025
203
204         Reviewed by Oliver Hunt.
205         
206         Just simplifying a bunch of code. I don't want the old, super-complicated,
207         deoptimization code to get in the way of changes I'll be making to DFG stack layout.
208
209         * bytecode/ValueRecovery.h:
210         (JSC::ValueRecovery::inGPR):
211         (JSC::ValueRecovery::isInRegisters):
212         (JSC::ValueRecovery::gpr):
213         (JSC::ValueRecovery::dumpInContext):
214         * dfg/DFGOSRExitCompiler32_64.cpp:
215         (JSC::DFG::OSRExitCompiler::compileExit):
216         * dfg/DFGOSRExitCompiler64.cpp:
217         (JSC::DFG::OSRExitCompiler::compileExit):
218
219 2013-09-27  Alex Christensen  <alex.christensen@flexsim.com>
220
221         Fixed Win64 build after r156184.
222         https://bugs.webkit.org/show_bug.cgi?id=121994
223
224         Reviewed by Oliver Hunt.
225
226         * jit/CCallHelpers.h:
227         (JSC::CCallHelpers::setupTwoStubArgsGPR):
228         (JSC::CCallHelpers::setupTwoStubArgsFPR):
229         Renamed from setupTwoStubArgs.
230         Visual Studio x64 compiler fails to see that this is an overloaded template function.
231         (JSC::CCallHelpers::setupStubArguments):
232         (JSC::CCallHelpers::setupArguments):
233         (JSC::CCallHelpers::setupArgumentsWithExecState):
234         Use setupTwoStubArgsGPR or setupTwoStubArgsFPR instead of setupTwoStubArgs.
235
236 2013-09-27  Gabor Rapcsanyi  <rgabor@webkit.org>
237
238         LLInt alignment problem on ARM in debug mode
239         https://bugs.webkit.org/show_bug.cgi?id=122012
240
241         Reviewed by Michael Saboff.
242
243         Force GCC to put the LLInt code to .text section.
244
245         * llint/LowLevelInterpreter.cpp:
246
247 2013-09-06  Jer Noble  <jer.noble@apple.com>
248
249         [Mac] Implement the media controls in JavaScript.
250         https://bugs.webkit.org/show_bug.cgi?id=120895
251
252         Reviewed by Dean Jackson.
253
254         Define and turn on ENABLE_MEDIA_CONTROLS_SCRIPT.
255
256         * Configurations/FeatureDefines.xcconfig:
257
258 2013-09-27  Andreas Kling  <akling@apple.com>
259
260         Pass VM instead of ExecState to JSDateMath functions.
261         <https://webkit.org/b/121997>
262
263         Reviewed by Geoffrey Garen.
264
265         The JSC date math functions only need the VM, so pass that from
266         callers instead of the whole ExecState.
267
268 2013-09-26  Andreas Kling  <akling@apple.com>
269
270         GetterSetter construction should take a VM instead of ExecState.
271         <https://webkit.org/b/121993>
272
273         Reviewed by Sam Weinig.
274
275         Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
276         code at touched sites to cache VM in a local for fewer loads.
277
278         JSC release binary size -= 4120 bytes.
279
280 2013-09-26  Oliver Hunt  <oliver@apple.com>
281
282         Make GCC happy
283
284         * parser/Parser.h:
285
286 2013-09-25  Oliver Hunt  <oliver@apple.com>
287
288         Implement prefixed-destructuring assignment
289         https://bugs.webkit.org/show_bug.cgi?id=121930
290
291         Reviewed by Mark Hahnenberg.
292
293         Relanding with fix after rollout
294
295 2013-09-26  Michael Saboff  <msaboff@apple.com>
296
297         VirtualRegister should be a class
298         https://bugs.webkit.org/show_bug.cgi?id=121732
299
300         Reviewed by Geoffrey Garen.
301
302         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
303         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
304         and the similar functions for locals to VirtualRegister class.
305
306         This is in preparation for changing the offset for the first local register from
307         0 to -1.  This is needed since most native calling conventions have the architected
308         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
309         pointer.  Local values start below that address.
310
311         * bytecode/CodeBlock.cpp:
312         * bytecode/CodeBlock.h:
313         * bytecode/Instruction.h:
314         * bytecode/LazyOperandValueProfile.h:
315         * bytecode/MethodOfGettingAValueProfile.cpp:
316         * bytecode/Operands.h:
317         * bytecode/UnlinkedCodeBlock.cpp:
318         * bytecode/UnlinkedCodeBlock.h:
319         * bytecode/ValueRecovery.h:
320         * bytecode/VirtualRegister.h:
321         * bytecompiler/BytecodeGenerator.cpp:
322         * bytecompiler/BytecodeGenerator.h:
323         * bytecompiler/RegisterID.h:
324         * debugger/DebuggerCallFrame.cpp:
325         * dfg/DFGAbstractHeap.h:
326         * dfg/DFGAbstractInterpreterInlines.h:
327         * dfg/DFGArgumentPosition.h:
328         * dfg/DFGArgumentsSimplificationPhase.cpp:
329         * dfg/DFGByteCodeParser.cpp:
330         * dfg/DFGCFGSimplificationPhase.cpp:
331         * dfg/DFGCPSRethreadingPhase.cpp:
332         * dfg/DFGCapabilities.cpp:
333         * dfg/DFGConstantFoldingPhase.cpp:
334         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
335         * dfg/DFGGraph.cpp:
336         * dfg/DFGGraph.h:
337         * dfg/DFGJITCode.cpp:
338         * dfg/DFGNode.h:
339         * dfg/DFGOSREntry.cpp:
340         * dfg/DFGOSREntrypointCreationPhase.cpp:
341         * dfg/DFGOSRExit.h:
342         * dfg/DFGOSRExitCompiler32_64.cpp:
343         * dfg/DFGOSRExitCompiler64.cpp:
344         * dfg/DFGRegisterBank.h:
345         * dfg/DFGScoreBoard.h:
346         * dfg/DFGSpeculativeJIT.cpp:
347         * dfg/DFGSpeculativeJIT.h:
348         * dfg/DFGSpeculativeJIT32_64.cpp:
349         * dfg/DFGSpeculativeJIT64.cpp:
350         * dfg/DFGValidate.cpp:
351         * dfg/DFGValueRecoveryOverride.h:
352         * dfg/DFGVariableAccessData.h:
353         * dfg/DFGVariableEvent.h:
354         * dfg/DFGVariableEventStream.cpp:
355         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
356         * ftl/FTLExitArgumentForOperand.h:
357         * ftl/FTLLink.cpp:
358         * ftl/FTLLowerDFGToLLVM.cpp:
359         * ftl/FTLOSREntry.cpp:
360         * ftl/FTLOSRExit.cpp:
361         * ftl/FTLOSRExit.h:
362         * ftl/FTLOSRExitCompiler.cpp:
363         * interpreter/CallFrame.h:
364         * interpreter/Interpreter.cpp:
365         * jit/AssemblyHelpers.h:
366         * jit/JIT.h:
367         * jit/JITCall.cpp:
368         * jit/JITCall32_64.cpp:
369         * jit/JITInlines.h:
370         * jit/JITOpcodes.cpp:
371         * jit/JITOpcodes32_64.cpp:
372         * jit/JITPropertyAccess32_64.cpp:
373         * jit/JITStubs.cpp:
374         * llint/LLIntSlowPaths.cpp:
375         * profiler/ProfilerBytecodeSequence.cpp:
376         * runtime/CommonSlowPaths.cpp:
377         * runtime/JSActivation.cpp:
378
379 2013-09-26  Anders Carlsson  <andersca@apple.com>
380
381         Work around another MSVC bug.
382
383         * runtime/PrototypeMap.cpp:
384         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
385
386 2013-09-26  Anders Carlsson  <andersca@apple.com>
387
388         Attempt to fix the FTL build.
389
390         * ftl/FTLAbstractHeap.cpp:
391         (JSC::FTL::IndexedAbstractHeap::atSlow):
392
393 2013-09-26  Andreas Kling  <akling@apple.com>
394
395         Pass VM instead of ExecState to many finishCreation() functions.
396         <https://webkit.org/b/121975>
397
398         Reviewed by Sam Weinig.
399
400         Reduce unnecessary loads by passing the VM to object creation
401         functions that don't need the ExecState.
402
403         There are tons of opportunities in this area, I'm just scratching
404         the surface.
405
406 2013-09-26  Commit Queue  <commit-queue@webkit.org>
407
408         Unreviewed, rolling out r156464 and r156480.
409         http://trac.webkit.org/changeset/156464
410         http://trac.webkit.org/changeset/156480
411         https://bugs.webkit.org/show_bug.cgi?id=121981
412
413         Leaking too much and killi\1cng buildbot. (Requested by xenon on
414         #webkit).
415
416         * bytecode/UnlinkedCodeBlock.cpp:
417         (JSC::UnlinkedFunctionExecutable::paramString):
418         * bytecompiler/BytecodeGenerator.cpp:
419         (JSC::BytecodeGenerator::BytecodeGenerator):
420         * bytecompiler/BytecodeGenerator.h:
421         (JSC::BytecodeGenerator::emitExpressionInfo):
422         * bytecompiler/NodesCodegen.cpp:
423         (JSC::ForInNode::emitBytecode):
424         (JSC::FuncExprNode::emitBytecode):
425         * parser/ASTBuilder.h:
426         (JSC::ASTBuilder::createFormalParameterList):
427         (JSC::ASTBuilder::createForInLoop):
428         (JSC::ASTBuilder::addVar):
429         * parser/NodeConstructors.h:
430         (JSC::CommaNode::CommaNode):
431         (JSC::ParameterNode::ParameterNode):
432         (JSC::ForInNode::ForInNode):
433         * parser/Nodes.cpp:
434         (JSC::FunctionParameters::create):
435         (JSC::FunctionParameters::FunctionParameters):
436         (JSC::FunctionParameters::~FunctionParameters):
437         * parser/Nodes.h:
438         (JSC::CommaNode::append):
439         (JSC::ParameterNode::ident):
440         (JSC::FunctionParameters::at):
441         (JSC::FunctionParameters::identifiers):
442         * parser/Parser.cpp:
443         (JSC::::Parser):
444         (JSC::::parseVarDeclaration):
445         (JSC::::parseVarDeclarationList):
446         (JSC::::parseForStatement):
447         (JSC::::parseFormalParameters):
448         (JSC::::parseAssignmentExpression):
449         * parser/Parser.h:
450         (JSC::Scope::declareParameter):
451         * parser/SyntaxChecker.h:
452         (JSC::SyntaxChecker::createFormalParameterList):
453         (JSC::SyntaxChecker::createForInLoop):
454         (JSC::SyntaxChecker::operatorStackPop):
455         * runtime/JSONObject.cpp:
456         * runtime/JSONObject.h:
457
458 2013-09-26  Anders Carlsson  <andersca@apple.com>
459
460         Try to fix the Windows build.
461
462         * jit/JITThunks.cpp:
463         (JSC::JITThunks::hostFunctionStub):
464         * jit/JITThunks.h:
465
466 2013-09-26  Anders Carlsson  <andersca@apple.com>
467
468         Change a couple of HashMap value types from OwnPtr to std::unique_ptr
469         https://bugs.webkit.org/show_bug.cgi?id=121973
470
471         Reviewed by Andreas Kling.
472
473         * API/JSClassRef.cpp:
474         (OpaqueJSClassContextData::OpaqueJSClassContextData):
475         (OpaqueJSClass::contextData):
476         * API/JSClassRef.h:
477         * bytecode/SamplingTool.h:
478         * ftl/FTLAbstractHeap.h:
479         * parser/Parser.cpp:
480         (JSC::::parseFunctionInfo):
481         * parser/SourceProviderCache.cpp:
482         (JSC::SourceProviderCache::add):
483         * parser/SourceProviderCache.h:
484         * parser/SourceProviderCacheItem.h:
485         (JSC::SourceProviderCacheItem::create):
486         * profiler/ProfilerCompilation.cpp:
487         (JSC::Profiler::Compilation::executionCounterFor):
488         (JSC::Profiler::Compilation::toJS):
489         * profiler/ProfilerCompilation.h:
490         * runtime/JSGlobalObject.h:
491
492 2013-09-26  Mark Lam  <mark.lam@apple.com>
493
494         Move DFG inline caching logic into jit/.
495         https://bugs.webkit.org/show_bug.cgi?id=121749.
496
497         Reviewed by Geoffrey Garen.
498
499         Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
500         revision and fixing build breakages on Windows.
501
502         * CMakeLists.txt:
503         * GNUmakefile.list.am:
504         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
505         * JavaScriptCore.xcodeproj/project.pbxproj:
506         * Target.pri:
507         * bytecode/CallLinkInfo.cpp:
508         (JSC::CallLinkInfo::unlink):
509         * bytecode/CodeBlock.cpp:
510         (JSC::CodeBlock::resetStubInternal):
511         * bytecode/StructureStubInfo.h:
512         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
513         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
514         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
515         * dfg/DFGJITCompiler.h:
516         * dfg/DFGOSRExitCompiler.h:
517         * dfg/DFGOperations.cpp:
518         (JSC::DFG::operationPutByValInternal):
519         * dfg/DFGOperations.h:
520         (JSC::DFG::operationNewTypedArrayWithSizeForType):
521         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
522         * dfg/DFGRegisterSet.h: Removed.
523         * dfg/DFGRepatch.cpp: Removed.
524         * dfg/DFGRepatch.h: Removed.
525         * dfg/DFGScratchRegisterAllocator.h: Removed.
526         * dfg/DFGSpeculativeJIT.cpp:
527         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
528         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
529         (JSC::DFG::SpeculativeJIT::compare):
530         * dfg/DFGSpeculativeJIT.h:
531         (JSC::DFG::SpeculativeJIT::callOperation):
532         * dfg/DFGSpeculativeJIT32_64.cpp:
533         (JSC::DFG::SpeculativeJIT::cachedPutById):
534         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
535         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
536         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
537         (JSC::DFG::SpeculativeJIT::compile):
538         * dfg/DFGSpeculativeJIT64.cpp:
539         (JSC::DFG::SpeculativeJIT::cachedPutById):
540         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
541         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
542         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
543         (JSC::DFG::SpeculativeJIT::compile):
544         * dfg/DFGThunks.cpp:
545         * dfg/DFGThunks.h:
546         * ftl/FTLIntrinsicRepository.h:
547         * ftl/FTLLowerDFGToLLVM.cpp:
548         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
549         * ftl/FTLOSRExitCompiler.h:
550         * jit/AssemblyHelpers.h:
551         (JSC::AssemblyHelpers::writeBarrier):
552         * jit/JIT.cpp:
553         (JSC::JIT::linkFor):
554         (JSC::JIT::linkSlowCall):
555         * jit/JITCall.cpp:
556         (JSC::JIT::compileCallEvalSlowCase):
557         (JSC::JIT::compileOpCallSlowCase):
558         (JSC::JIT::privateCompileClosureCall):
559         * jit/JITCall32_64.cpp:
560         (JSC::JIT::compileCallEvalSlowCase):
561         (JSC::JIT::compileOpCallSlowCase):
562         (JSC::JIT::privateCompileClosureCall):
563         * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
564         * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
565         (JSC::getHostCallReturnValueWithExecState):
566         * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
567         * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
568         * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
569         (JSC::tryBuildGetByIDList):
570         * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
571         * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
572         * jit/ThunkGenerators.cpp:
573         (JSC::oldStyleGenerateSlowCaseFor):
574         (JSC::oldStyleLinkForGenerator):
575         (JSC::oldStyleLinkCallGenerator):
576         (JSC::oldStyleLinkConstructGenerator):
577         (JSC::oldStyleLinkClosureCallGenerator):
578         (JSC::oldStyleVirtualForGenerator):
579         (JSC::oldStyleVirtualCallGenerator):
580         (JSC::oldStyleVirtualConstructGenerator):
581         (JSC::emitPointerValidation):
582         (JSC::throwExceptionFromCallSlowPathGenerator):
583         (JSC::slowPathFor):
584         (JSC::linkForThunkGenerator):
585         (JSC::linkCallThunkGenerator):
586         (JSC::linkConstructThunkGenerator):
587         (JSC::linkClosureCallThunkGenerator):
588         (JSC::virtualForThunkGenerator):
589         (JSC::virtualCallThunkGenerator):
590         (JSC::virtualConstructThunkGenerator):
591         * jit/ThunkGenerators.h:
592
593 2013-09-26  Anders Carlsson  <andersca@apple.com>
594
595         Remove PassWeak.h
596         https://bugs.webkit.org/show_bug.cgi?id=121971
597
598         Reviewed by Geoffrey Garen.
599
600         * GNUmakefile.list.am:
601         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
602         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
603         * JavaScriptCore.xcodeproj/project.pbxproj:
604         * heap/PassWeak.h: Removed.
605         * heap/WeakInlines.h:
606
607 2013-09-26  Anders Carlsson  <andersca@apple.com>
608
609         Stop using PassWeak
610         https://bugs.webkit.org/show_bug.cgi?id=121968
611
612         Reviewed by Sam Weinig.
613
614         * heap/Weak.h:
615         Remove all knowledge of PassWeak.
616
617         (JSC::Weak::Weak):
618         These constructors don't need to be explicit.
619
620         * heap/WeakInlines.h:
621         (JSC::weakAdd):
622         Change Value to be an rvalue reference and use std::forward.
623
624         * jit/JITThunks.cpp:
625         (JSC::JITThunks::hostFunctionStub):
626         Remove PassWeak.
627
628         * runtime/RegExpCache.cpp:
629         (JSC::RegExpCache::lookupOrCreate):
630         Use Weak instead of PassWeak.
631
632         * runtime/SimpleTypedArrayController.cpp:
633         Change add and set to take Weak by value and std::move into place.
634
635         * runtime/WeakGCMap.h:
636         (JSC::WeakGCMap::get):
637         (JSC::WeakGCMap::set):
638         (JSC::WeakGCMap::add):
639
640 2013-09-26  Commit Queue  <commit-queue@webkit.org>
641
642         Unreviewed, rolling out r156474.
643         http://trac.webkit.org/changeset/156474
644         https://bugs.webkit.org/show_bug.cgi?id=121966
645
646         Broke the builds. (Requested by xenon on #webkit).
647
648         * bytecode/CodeBlock.cpp:
649         (JSC::CodeBlock::registerName):
650         (JSC::CodeBlock::dumpBytecode):
651         (JSC::CodeBlock::CodeBlock):
652         (JSC::CodeBlock::createActivation):
653         (JSC::CodeBlock::nameForRegister):
654         * bytecode/CodeBlock.h:
655         (JSC::unmodifiedArgumentsRegister):
656         (JSC::CodeBlock::isKnownNotImmediate):
657         (JSC::CodeBlock::setThisRegister):
658         (JSC::CodeBlock::thisRegister):
659         (JSC::CodeBlock::setArgumentsRegister):
660         (JSC::CodeBlock::argumentsRegister):
661         (JSC::CodeBlock::uncheckedArgumentsRegister):
662         (JSC::CodeBlock::setActivationRegister):
663         (JSC::CodeBlock::activationRegister):
664         (JSC::CodeBlock::uncheckedActivationRegister):
665         (JSC::CodeBlock::usesArguments):
666         (JSC::CodeBlock::isCaptured):
667         * bytecode/Instruction.h:
668         * bytecode/LazyOperandValueProfile.h:
669         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
670         (JSC::LazyOperandValueProfileKey::operator!):
671         (JSC::LazyOperandValueProfileKey::hash):
672         (JSC::LazyOperandValueProfileKey::operand):
673         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
674         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
675         * bytecode/MethodOfGettingAValueProfile.cpp:
676         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
677         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
678         * bytecode/Operands.h:
679         (JSC::localToOperand):
680         (JSC::operandIsLocal):
681         (JSC::operandToLocal):
682         (JSC::operandIsArgument):
683         (JSC::operandToArgument):
684         (JSC::argumentToOperand):
685         (JSC::Operands::operand):
686         (JSC::Operands::hasOperand):
687         (JSC::Operands::setOperand):
688         (JSC::Operands::operandForIndex):
689         (JSC::Operands::setOperandFirstTime):
690         * bytecode/UnlinkedCodeBlock.cpp:
691         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
692         * bytecode/UnlinkedCodeBlock.h:
693         (JSC::UnlinkedCodeBlock::setThisRegister):
694         (JSC::UnlinkedCodeBlock::setActivationRegister):
695         (JSC::UnlinkedCodeBlock::setArgumentsRegister):
696         (JSC::UnlinkedCodeBlock::usesArguments):
697         (JSC::UnlinkedCodeBlock::argumentsRegister):
698         (JSC::UnlinkedCodeBlock::usesGlobalObject):
699         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
700         (JSC::UnlinkedCodeBlock::globalObjectRegister):
701         (JSC::UnlinkedCodeBlock::thisRegister):
702         (JSC::UnlinkedCodeBlock::activationRegister):
703         * bytecode/ValueRecovery.h:
704         (JSC::ValueRecovery::displacedInJSStack):
705         (JSC::ValueRecovery::virtualRegister):
706         (JSC::ValueRecovery::dumpInContext):
707         * bytecode/VirtualRegister.h:
708         (WTF::printInternal):
709         * bytecompiler/BytecodeGenerator.cpp:
710         (JSC::BytecodeGenerator::generate):
711         (JSC::BytecodeGenerator::addVar):
712         (JSC::BytecodeGenerator::BytecodeGenerator):
713         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
714         (JSC::BytecodeGenerator::newRegister):
715         (JSC::BytecodeGenerator::emitLoadGlobalObject):
716         (JSC::BytecodeGenerator::emitGetArgumentsLength):
717         (JSC::BytecodeGenerator::emitGetArgumentByVal):
718         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
719         (JSC::BytecodeGenerator::emitReturn):
720         * bytecompiler/BytecodeGenerator.h:
721         (JSC::BytecodeGenerator::registerFor):
722         * bytecompiler/RegisterID.h:
723         (JSC::RegisterID::RegisterID):
724         (JSC::RegisterID::setIndex):
725         (JSC::RegisterID::index):
726         * debugger/DebuggerCallFrame.cpp:
727         (JSC::DebuggerCallFrame::thisObject):
728         * dfg/DFGAbstractHeap.h:
729         (JSC::DFG::AbstractHeap::Payload::Payload):
730         * dfg/DFGAbstractInterpreterInlines.h:
731         (JSC::DFG::::executeEffects):
732         (JSC::DFG::::clobberCapturedVars):
733         * dfg/DFGArgumentPosition.h:
734         (JSC::DFG::ArgumentPosition::dump):
735         * dfg/DFGArgumentsSimplificationPhase.cpp:
736         (JSC::DFG::ArgumentsSimplificationPhase::run):
737         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
738         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
739         * dfg/DFGByteCodeParser.cpp:
740         (JSC::DFG::ByteCodeParser::newVariableAccessData):
741         (JSC::DFG::ByteCodeParser::getDirect):
742         (JSC::DFG::ByteCodeParser::get):
743         (JSC::DFG::ByteCodeParser::setDirect):
744         (JSC::DFG::ByteCodeParser::set):
745         (JSC::DFG::ByteCodeParser::getLocal):
746         (JSC::DFG::ByteCodeParser::setLocal):
747         (JSC::DFG::ByteCodeParser::getArgument):
748         (JSC::DFG::ByteCodeParser::setArgument):
749         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
750         (JSC::DFG::ByteCodeParser::findArgumentPosition):
751         (JSC::DFG::ByteCodeParser::flush):
752         (JSC::DFG::ByteCodeParser::flushDirect):
753         (JSC::DFG::ByteCodeParser::getToInt32):
754         (JSC::DFG::ByteCodeParser::getThis):
755         (JSC::DFG::ByteCodeParser::addCall):
756         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
757         (JSC::DFG::ByteCodeParser::handleCall):
758         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
759         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
760         (JSC::DFG::ByteCodeParser::handleInlining):
761         (JSC::DFG::ByteCodeParser::handleMinMax):
762         (JSC::DFG::ByteCodeParser::handleIntrinsic):
763         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
764         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
765         (JSC::DFG::ByteCodeParser::handleGetByOffset):
766         (JSC::DFG::ByteCodeParser::handleGetById):
767         (JSC::DFG::ByteCodeParser::parseBlock):
768         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
769         (JSC::DFG::ByteCodeParser::parse):
770         * dfg/DFGCFGSimplificationPhase.cpp:
771         * dfg/DFGCPSRethreadingPhase.cpp:
772         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
773         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
774         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
775         * dfg/DFGCapabilities.cpp:
776         (JSC::DFG::capabilityLevel):
777         * dfg/DFGConstantFoldingPhase.cpp:
778         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
779         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
780         (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
781         * dfg/DFGGraph.cpp:
782         (JSC::DFG::Graph::dump):
783         * dfg/DFGGraph.h:
784         (JSC::DFG::Graph::argumentsRegisterFor):
785         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
786         (JSC::DFG::Graph::uncheckedActivationRegisterFor):
787         (JSC::DFG::Graph::valueProfileFor):
788         * dfg/DFGJITCode.cpp:
789         (JSC::DFG::JITCode::reconstruct):
790         * dfg/DFGNode.h:
791         (JSC::DFG::Node::Node):
792         (JSC::DFG::Node::convertToGetLocalUnlinked):
793         (JSC::DFG::Node::hasVirtualRegister):
794         (JSC::DFG::Node::virtualRegister):
795         (JSC::DFG::Node::setVirtualRegister):
796         * dfg/DFGOSREntry.cpp:
797         (JSC::DFG::prepareOSREntry):
798         * dfg/DFGOSREntrypointCreationPhase.cpp:
799         (JSC::DFG::OSREntrypointCreationPhase::run):
800         * dfg/DFGOSRExit.h:
801         * dfg/DFGOSRExitCompiler32_64.cpp:
802         (JSC::DFG::OSRExitCompiler::compileExit):
803         * dfg/DFGOSRExitCompiler64.cpp:
804         (JSC::DFG::OSRExitCompiler::compileExit):
805         * dfg/DFGRegisterBank.h:
806         (JSC::DFG::RegisterBank::tryAllocate):
807         (JSC::DFG::RegisterBank::allocateSpecific):
808         (JSC::DFG::RegisterBank::retain):
809         (JSC::DFG::RegisterBank::isInUse):
810         (JSC::DFG::RegisterBank::dump):
811         (JSC::DFG::RegisterBank::releaseAtIndex):
812         (JSC::DFG::RegisterBank::allocateInternal):
813         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
814         * dfg/DFGScoreBoard.h:
815         (JSC::DFG::ScoreBoard::allocate):
816         (JSC::DFG::ScoreBoard::use):
817         * dfg/DFGSpeculativeJIT.cpp:
818         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
819         (JSC::DFG::SpeculativeJIT::checkConsistency):
820         (JSC::DFG::SpeculativeJIT::compileMovHint):
821         (JSC::DFG::SpeculativeJIT::compileInlineStart):
822         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
823         * dfg/DFGSpeculativeJIT.h:
824         (JSC::DFG::SpeculativeJIT::allocate):
825         (JSC::DFG::SpeculativeJIT::fprAllocate):
826         (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
827         (JSC::DFG::SpeculativeJIT::flushRegisters):
828         (JSC::DFG::SpeculativeJIT::isFlushed):
829         (JSC::DFG::SpeculativeJIT::argumentSlot):
830         (JSC::DFG::SpeculativeJIT::argumentTagSlot):
831         (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
832         (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
833         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
834         (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
835         (JSC::DFG::SpeculativeJIT::recordSetLocal):
836         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
837         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
838         * dfg/DFGSpeculativeJIT64.cpp:
839         (JSC::DFG::SpeculativeJIT::compile):
840         * dfg/DFGValidate.cpp:
841         (JSC::DFG::Validate::validate):
842         (JSC::DFG::Validate::validateCPS):
843         (JSC::DFG::Validate::checkOperand):
844         (JSC::DFG::Validate::reportValidationContext):
845         * dfg/DFGValueRecoveryOverride.h:
846         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
847         * dfg/DFGVariableAccessData.h:
848         (JSC::DFG::VariableAccessData::operand):
849         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
850         (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
851         (JSC::DFG::VariableAccessData::flushFormat):
852         * dfg/DFGVariableEvent.h:
853         (JSC::DFG::VariableEvent::spill):
854         (JSC::DFG::VariableEvent::setLocal):
855         * dfg/DFGVariableEventStream.cpp:
856         (JSC::DFG::VariableEventStream::reconstruct):
857         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
858         (JSC::DFG::VirtualRegisterAllocationPhase::run):
859         * ftl/FTLExitArgumentForOperand.h:
860         (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
861         (JSC::FTL::ExitArgumentForOperand::operand):
862         * ftl/FTLLink.cpp:
863         (JSC::FTL::link):
864         * ftl/FTLLowerDFGToLLVM.cpp:
865         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
866         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
867         (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
868         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
869         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
870         (JSC::FTL::LowerDFGToLLVM::observeMovHint):
871         (JSC::FTL::LowerDFGToLLVM::addressFor):
872         (JSC::FTL::LowerDFGToLLVM::payloadFor):
873         (JSC::FTL::LowerDFGToLLVM::tagFor):
874         * ftl/FTLOSREntry.cpp:
875         (JSC::FTL::prepareOSREntry):
876         * ftl/FTLOSRExit.cpp:
877         (JSC::FTL::OSRExit::convertToForward):
878         * ftl/FTLOSRExit.h:
879         * ftl/FTLOSRExitCompiler.cpp:
880         (JSC::FTL::compileStub):
881         * interpreter/CallFrame.h:
882         * interpreter/Interpreter.cpp:
883         (JSC::Interpreter::dumpRegisters):
884         (JSC::unwindCallFrame):
885         (JSC::Interpreter::unwind):
886         * jit/AssemblyHelpers.h:
887         (JSC::AssemblyHelpers::addressFor):
888         (JSC::AssemblyHelpers::tagFor):
889         (JSC::AssemblyHelpers::payloadFor):
890         (JSC::AssemblyHelpers::argumentsRegisterFor):
891         * jit/JIT.h:
892         * jit/JITCall.cpp:
893         (JSC::JIT::compileLoadVarargs):
894         * jit/JITInlines.h:
895         (JSC::JIT::emitGetVirtualRegister):
896         * jit/JITOpcodes.cpp:
897         (JSC::JIT::emit_op_tear_off_arguments):
898         (JSC::JIT::emit_op_get_pnames):
899         (JSC::JIT::emit_op_enter):
900         (JSC::JIT::emit_op_create_arguments):
901         (JSC::JIT::emitSlow_op_get_argument_by_val):
902         * jit/JITOpcodes32_64.cpp:
903         (JSC::JIT::emit_op_enter):
904         * jit/JITStubs.cpp:
905         (JSC::DEFINE_STUB_FUNCTION):
906         * llint/LLIntSlowPaths.cpp:
907         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
908         * profiler/ProfilerBytecodeSequence.cpp:
909         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
910         * runtime/CommonSlowPaths.cpp:
911         (JSC::SLOW_PATH_DECL):
912         * runtime/JSActivation.cpp:
913         (JSC::JSActivation::argumentsGetter):
914
915 2013-09-26  Oliver Hunt  <oliver@apple.com>
916
917         Attempt to fix MSVC build
918
919         * parser/Parser.cpp:
920         (JSC::::createBindingPattern):
921         (JSC::::parseDeconstructionPattern):
922         * parser/Parser.h:
923
924 2013-09-26  Julien Brianceau  <jbriance@cisco.com>
925
926         [sh4] JSValue* exception is unused since r70703 in JITStackFrame.
927         https://bugs.webkit.org/show_bug.cgi?id=121962
928
929         This is a cosmetic change, but it could avoid people reading sh4 part to
930         waste time to understand why there is a JSValue* here.
931
932         Reviewed by Darin Adler.
933
934         * jit/JITStubs.h:
935
936 2013-09-26  Anders Carlsson  <andersca@apple.com>
937
938         WeakGCMap should not inherit from HashMap
939         https://bugs.webkit.org/show_bug.cgi?id=121964
940
941         Reviewed by Geoffrey Garen.
942
943         Add the HashMap as a member variable instead and implement the missing member functions.
944
945         * runtime/WeakGCMap.h:
946
947 2013-09-25  Michael Saboff  <msaboff@apple.com>
948
949         VirtualRegister should be a class
950         https://bugs.webkit.org/show_bug.cgi?id=121732
951
952         Reviewed by Geoffrey Garen.
953
954         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
955         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
956         and the similar functions for locals to VirtualRegister class.
957
958         This is in preparation for changing the offset for the first local register from
959         0 to -1.  This is needed since most native calling conventions have the architected
960         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
961         pointer.  Local values start below that address.
962
963         * bytecode/CodeBlock.cpp:
964         * bytecode/CodeBlock.h:
965         * bytecode/Instruction.h:
966         * bytecode/LazyOperandValueProfile.h:
967         * bytecode/MethodOfGettingAValueProfile.cpp:
968         * bytecode/Operands.h:
969         * bytecode/UnlinkedCodeBlock.cpp:
970         * bytecode/UnlinkedCodeBlock.h:
971         * bytecode/ValueRecovery.h:
972         * bytecode/VirtualRegister.h:
973         * bytecompiler/BytecodeGenerator.cpp:
974         * bytecompiler/BytecodeGenerator.h:
975         * bytecompiler/RegisterID.h:
976         * debugger/DebuggerCallFrame.cpp:
977         * dfg/DFGAbstractHeap.h:
978         * dfg/DFGAbstractInterpreterInlines.h:
979         * dfg/DFGArgumentPosition.h:
980         * dfg/DFGArgumentsSimplificationPhase.cpp:
981         * dfg/DFGByteCodeParser.cpp:
982         * dfg/DFGCFGSimplificationPhase.cpp:
983         * dfg/DFGCPSRethreadingPhase.cpp:
984         * dfg/DFGCapabilities.cpp:
985         * dfg/DFGConstantFoldingPhase.cpp:
986         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
987         * dfg/DFGGraph.cpp:
988         * dfg/DFGGraph.h:
989         * dfg/DFGJITCode.cpp:
990         * dfg/DFGNode.h:
991         * dfg/DFGOSREntry.cpp:
992         * dfg/DFGOSREntrypointCreationPhase.cpp:
993         * dfg/DFGOSRExit.h:
994         * dfg/DFGOSRExitCompiler32_64.cpp:
995         * dfg/DFGOSRExitCompiler64.cpp:
996         * dfg/DFGRegisterBank.h:
997         * dfg/DFGScoreBoard.h:
998         * dfg/DFGSpeculativeJIT.cpp:
999         * dfg/DFGSpeculativeJIT.h:
1000         * dfg/DFGSpeculativeJIT64.cpp:
1001         * dfg/DFGValidate.cpp:
1002         * dfg/DFGValueRecoveryOverride.h:
1003         * dfg/DFGVariableAccessData.h:
1004         * dfg/DFGVariableEvent.h:
1005         * dfg/DFGVariableEventStream.cpp:
1006         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1007         * ftl/FTLExitArgumentForOperand.h:
1008         * ftl/FTLLink.cpp:
1009         * ftl/FTLLowerDFGToLLVM.cpp:
1010         * ftl/FTLOSREntry.cpp:
1011         * ftl/FTLOSRExit.cpp:
1012         * ftl/FTLOSRExit.h:
1013         * ftl/FTLOSRExitCompiler.cpp:
1014         * interpreter/CallFrame.h:
1015         * interpreter/Interpreter.cpp:
1016         * jit/AssemblyHelpers.h:
1017         * jit/JIT.h:
1018         * jit/JITCall.cpp:
1019         * jit/JITInlines.h:
1020         * jit/JITOpcodes.cpp:
1021         * jit/JITOpcodes32_64.cpp:
1022         * jit/JITStubs.cpp:
1023         * llint/LLIntSlowPaths.cpp:
1024         * profiler/ProfilerBytecodeSequence.cpp:
1025         * runtime/CommonSlowPaths.cpp:
1026         * runtime/JSActivation.cpp:
1027
1028 2013-09-26  Anders Carlsson  <andersca@apple.com>
1029
1030         Weak should have a move constructor and move assignment operator
1031         https://bugs.webkit.org/show_bug.cgi?id=121963
1032
1033         Reviewed by Oliver Hunt.
1034
1035         This is the first step towards getting rid of PassWeak.
1036
1037         * API/JSClassRef.cpp:
1038         (OpaqueJSClass::prototype):
1039         * heap/Weak.h:
1040         * heap/WeakInlines.h:
1041         (JSC::::Weak):
1042         (JSC::::leakImpl):
1043         * runtime/SimpleTypedArrayController.cpp:
1044         (JSC::SimpleTypedArrayController::toJS):
1045
1046 2013-09-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1047
1048         op_to_this shouldn't use value profiling
1049         https://bugs.webkit.org/show_bug.cgi?id=121920
1050
1051         Reviewed by Geoffrey Garen.
1052
1053         Currently it's the only opcode that uses m_singletonValue, which is unnecessary. Our current plan is 
1054         to remove m_singletonValue so that GenGC can have a simpler story for handling CodeBlocks/FunctionExecutables 
1055         during nursery collections.
1056
1057         This patch adds an inline cache for the Structure of to_this so it no longer depends on the ValueProfile's
1058         m_singletonValue. Since nobody uses m_singletonValue now, this patch also removes m_singletonValue from
1059         ValueProfile.
1060
1061         * bytecode/CodeBlock.cpp:
1062         (JSC::CodeBlock::CodeBlock):
1063         (JSC::CodeBlock::finalizeUnconditionally):
1064         (JSC::CodeBlock::stronglyVisitStrongReferences):
1065         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1066         (JSC::CodeBlock::updateAllValueProfilePredictions):
1067         (JSC::CodeBlock::updateAllPredictions):
1068         (JSC::CodeBlock::shouldOptimizeNow):
1069         * bytecode/CodeBlock.h:
1070         (JSC::CodeBlock::updateAllValueProfilePredictions):
1071         (JSC::CodeBlock::updateAllPredictions):
1072         * bytecode/LazyOperandValueProfile.cpp:
1073         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
1074         * bytecode/LazyOperandValueProfile.h:
1075         * bytecode/ValueProfile.h:
1076         (JSC::ValueProfileBase::ValueProfileBase):
1077         (JSC::ValueProfileBase::briefDescription):
1078         (JSC::ValueProfileBase::dump):
1079         (JSC::ValueProfileBase::computeUpdatedPrediction):
1080         * bytecompiler/BytecodeGenerator.cpp:
1081         (JSC::BytecodeGenerator::BytecodeGenerator):
1082         * dfg/DFGByteCodeParser.cpp:
1083         (JSC::DFG::ByteCodeParser::parseBlock):
1084         * jit/JITOpcodes.cpp:
1085         (JSC::JIT::emit_op_to_this):
1086         (JSC::JIT::emitSlow_op_to_this):
1087         * jit/JITOpcodes32_64.cpp:
1088         (JSC::JIT::emit_op_to_this):
1089         (JSC::JIT::emitSlow_op_to_this):
1090         * llint/LowLevelInterpreter32_64.asm:
1091         * llint/LowLevelInterpreter64.asm:
1092         * runtime/CommonSlowPaths.cpp:
1093         (JSC::SLOW_PATH_DECL):
1094
1095 2013-09-25  Oliver Hunt  <oliver@apple.com>
1096
1097         Implement prefixed-destructuring assignment
1098         https://bugs.webkit.org/show_bug.cgi?id=121930
1099
1100         Reviewed by Mark Hahnenberg.
1101
1102         This is mostly simple - the semantics of deconstruction are already
1103         present in the language, so most of the complexity (if you call it
1104         that) is addition of new AST nodes, and parsing the syntax.
1105
1106         In order to get correct semantics for the parameter lists, FunctionParameters
1107         now needs to store refcounted references to the parameter patterns.
1108         There's also a little work to ensure that variable creation and assignment
1109         occurs in the correct order while the BytecodeGenerator is being constructed. 
1110
1111         * bytecode/UnlinkedCodeBlock.cpp:
1112         (JSC::UnlinkedFunctionExecutable::paramString):
1113         * bytecompiler/BytecodeGenerator.cpp:
1114         (JSC::BytecodeGenerator::BytecodeGenerator):
1115         * bytecompiler/BytecodeGenerator.h:
1116         (JSC::BytecodeGenerator::emitExpressionInfo):
1117         * bytecompiler/NodesCodegen.cpp:
1118         (JSC::ForInNode::emitBytecode):
1119         (JSC::DeconstructingAssignmentNode::emitBytecode):
1120         (JSC::DeconstructionPatternNode::~DeconstructionPatternNode):
1121         (JSC::ArrayPatternNode::emitBytecode):
1122         (JSC::ArrayPatternNode::emitDirectBinding):
1123         (JSC::ArrayPatternNode::toString):
1124         (JSC::ArrayPatternNode::collectBoundIdentifiers):
1125         (JSC::ObjectPatternNode::toString):
1126         (JSC::ObjectPatternNode::emitBytecode):
1127         (JSC::ObjectPatternNode::collectBoundIdentifiers):
1128         (JSC::BindingNode::emitBytecode):
1129         (JSC::BindingNode::toString):
1130         (JSC::BindingNode::collectBoundIdentifiers):
1131         * parser/ASTBuilder.h:
1132         (JSC::ASTBuilder::createFormalParameterList):
1133         (JSC::ASTBuilder::createForInLoop):
1134         (JSC::ASTBuilder::addVar):
1135         (JSC::ASTBuilder::createDeconstructingAssignment):
1136         (JSC::ASTBuilder::createArrayPattern):
1137         (JSC::ASTBuilder::appendArrayPatternSkipEntry):
1138         (JSC::ASTBuilder::appendArrayPatternEntry):
1139         (JSC::ASTBuilder::createObjectPattern):
1140         (JSC::ASTBuilder::appendObjectPatternEntry):
1141         (JSC::ASTBuilder::createBindingLocation):
1142         * parser/NodeConstructors.h:
1143         (JSC::CommaNode::CommaNode):
1144         (JSC::ParameterNode::ParameterNode):
1145         (JSC::ForInNode::ForInNode):
1146         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
1147         (JSC::ArrayPatternNode::ArrayPatternNode):
1148         (JSC::ArrayPatternNode::create):
1149         (JSC::ObjectPatternNode::ObjectPatternNode):
1150         (JSC::ObjectPatternNode::create):
1151         (JSC::BindingNode::create):
1152         (JSC::BindingNode::BindingNode):
1153         (JSC::DeconstructingAssignmentNode::DeconstructingAssignmentNode):
1154         * parser/Nodes.cpp:
1155         (JSC::FunctionParameters::create):
1156         (JSC::FunctionParameters::FunctionParameters):
1157         (JSC::FunctionParameters::~FunctionParameters):
1158         * parser/Nodes.h:
1159         (JSC::ExpressionNode::isDeconstructionNode):
1160         (JSC::ArrayNode::elements):
1161         (JSC::CommaNode::append):
1162         (JSC::ParameterNode::pattern):
1163         (JSC::FunctionParameters::at):
1164         (JSC::FunctionParameters::patterns):
1165         (JSC::DeconstructionPatternNode::isBindingNode):
1166         (JSC::DeconstructionPatternNode::emitDirectBinding):
1167         (JSC::ArrayPatternNode::appendIndex):
1168         (JSC::ObjectPatternNode::appendEntry):
1169         (JSC::ObjectPatternNode::Entry::Entry):
1170         (JSC::BindingNode::boundProperty):
1171         (JSC::BindingNode::isBindingNode):
1172         (JSC::DeconstructingAssignmentNode::bindings):
1173         (JSC::DeconstructingAssignmentNode::isLocation):
1174         (JSC::DeconstructingAssignmentNode::isDeconstructionNode):
1175         * parser/Parser.cpp:
1176         (JSC::::Parser):
1177         (JSC::::parseVarDeclaration):
1178         (JSC::::parseVarDeclarationList):
1179         (JSC::::createBindingPattern):
1180         (JSC::::parseDeconstructionPattern):
1181         (JSC::::parseForStatement):
1182         (JSC::::parseFormalParameters):
1183         (JSC::::parseAssignmentExpression):
1184         * parser/Parser.h:
1185         (JSC::Scope::declareBoundParameter):
1186         (JSC::Parser::declareBoundParameter):
1187         * parser/SyntaxChecker.h:
1188         (JSC::SyntaxChecker::createFormalParameterList):
1189         (JSC::SyntaxChecker::addVar):
1190         (JSC::SyntaxChecker::operatorStackPop):
1191         * runtime/JSONObject.cpp:
1192         (JSC::escapeStringToBuilder):
1193         * runtime/JSONObject.h:
1194
1195 2013-09-25  Brady Eidson  <beidson@apple.com>
1196
1197         Enable the IndexedDB build on Mac, but leave the feature non-functional
1198         https://bugs.webkit.org/show_bug.cgi?id=121918
1199
1200         Reviewed by Alexey Proskuryakov.
1201
1202         * Configurations/FeatureDefines.xcconfig:
1203
1204 2013-09-25  Commit Queue  <commit-queue@webkit.org>
1205
1206         Unreviewed, rolling out r156432.
1207         http://trac.webkit.org/changeset/156432
1208         https://bugs.webkit.org/show_bug.cgi?id=121932
1209
1210         some integer conversion things that need brady to fix
1211         (Requested by thorton on #webkit).
1212
1213         * Configurations/FeatureDefines.xcconfig:
1214
1215 2013-09-25  Anders Carlsson  <andersca@apple.com>
1216
1217         Move KeyValuePairTraits inside HashMap
1218         https://bugs.webkit.org/show_bug.cgi?id=121931
1219
1220         Reviewed by Sam Weinig.
1221
1222         * tools/ProfileTreeNode.h:
1223
1224 2013-09-25  Brady Eidson  <beidson@apple.com>
1225
1226         Enable the IndexedDB build on Mac, but leave the feature non-functional
1227         https://bugs.webkit.org/show_bug.cgi?id=121918
1228
1229         Reviewed by Alexey Proskuryakov.
1230
1231         * Configurations/FeatureDefines.xcconfig:
1232
1233 2013-09-25  Brady Eidson  <beidson@apple.com>
1234
1235         FeatureDefine.xcconfig cleanup (They should all be identical).
1236         https://bugs.webkit.org/show_bug.cgi?id=121921
1237
1238         Reviewed by Mark Rowe.
1239
1240         * Configurations/FeatureDefines.xcconfig:
1241
1242 2013-09-25  Patrick Gansterer  <paroga@webkit.org>
1243
1244         Build fix for WinCE after r155098.
1245
1246         Windows CE does not support getenv().
1247
1248         * jsc.cpp:
1249         (main):
1250
1251 2013-09-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1252
1253         op_get_callee shouldn't use value profiling
1254         https://bugs.webkit.org/show_bug.cgi?id=121821
1255
1256         Reviewed by Filip Pizlo.
1257
1258         Currently it's one of the two opcodes that uses m_singletonValue, which is unnecessary. 
1259         Our current plan is to remove m_singletonValue so that GenGC can have a simpler story 
1260         for handling CodeBlocks/FunctionExecutables during nursery collections.
1261
1262         Instead of using a ValueProfile op_get_callee now has a simple inline cache of the most 
1263         recent JSFunction that we saw.
1264
1265         * bytecode/CodeBlock.cpp:
1266         (JSC::CodeBlock::CodeBlock):
1267         (JSC::CodeBlock::finalizeUnconditionally):
1268         * bytecompiler/BytecodeGenerator.cpp:
1269         (JSC::BytecodeGenerator::emitCreateThis):
1270         * dfg/DFGByteCodeParser.cpp:
1271         (JSC::DFG::ByteCodeParser::parseBlock):
1272         * jit/JIT.cpp:
1273         (JSC::JIT::privateCompileSlowCases):
1274         * jit/JIT.h:
1275         * jit/JITOpcodes.cpp:
1276         (JSC::JIT::emit_op_get_callee):
1277         (JSC::JIT::emitSlow_op_get_callee):
1278         * jit/JITOpcodes32_64.cpp:
1279         (JSC::JIT::emit_op_get_callee):
1280         (JSC::JIT::emitSlow_op_get_callee):
1281         * llint/LowLevelInterpreter32_64.asm:
1282         * llint/LowLevelInterpreter64.asm:
1283         * runtime/CommonSlowPaths.cpp:
1284         (JSC::SLOW_PATH_DECL):
1285         * runtime/CommonSlowPaths.h:
1286
1287 2013-09-24  Mark Lam  <mark.lam@apple.com>
1288
1289         Change JSC debug hooks to pass a CallFrame* instead of a DebuggerCallFrame.
1290         https://bugs.webkit.org/show_bug.cgi?id=121867.
1291
1292         Reviewed by Geoffrey Garen.
1293
1294         1. Removed the need for passing the line and column info to the debug hook
1295            callbacks. We now get the line and column info from the CallFrame.
1296
1297         2. Simplify BytecodeGenerator::emitDebugHook() to only take 1 line number
1298            argument. The caller can determine whether to pass in the first or last
1299            line number of the block of source code as appropriate.
1300            Note: we still need to pass in the line and column info to emitDebugHook()
1301            because it uses this info to emit expression info which is later used by
1302            the StackVisitor to determine the line and column info for its "pc".
1303
1304         3. Pass the exceptionValue explicitly to the exception() debug hook
1305            callback. It should not be embedded in the CallFrame / DebuggerCallFrame.
1306
1307         4. Change the op_debug opcode size to 2 (from 5) since we've removing 3 arg
1308            values. Update the LLINT and JIT code to handle this.
1309
1310         * bytecode/CodeBlock.cpp:
1311         (JSC::CodeBlock::dumpBytecode):
1312         (JSC::CodeBlock::CodeBlock):
1313         * bytecode/Opcode.h:
1314         (JSC::padOpcodeName):
1315         * bytecompiler/BytecodeGenerator.cpp:
1316         (JSC::BytecodeGenerator::emitDebugHook):
1317         * bytecompiler/BytecodeGenerator.h:
1318         * bytecompiler/NodesCodegen.cpp:
1319         (JSC::ConstStatementNode::emitBytecode):
1320         (JSC::EmptyStatementNode::emitBytecode):
1321         (JSC::DebuggerStatementNode::emitBytecode):
1322         (JSC::ExprStatementNode::emitBytecode):
1323         (JSC::VarStatementNode::emitBytecode):
1324         (JSC::IfElseNode::emitBytecode):
1325         (JSC::DoWhileNode::emitBytecode):
1326         (JSC::WhileNode::emitBytecode):
1327         (JSC::ForNode::emitBytecode):
1328         (JSC::ForInNode::emitBytecode):
1329         (JSC::ContinueNode::emitBytecode):
1330         (JSC::BreakNode::emitBytecode):
1331         (JSC::ReturnNode::emitBytecode):
1332         (JSC::WithNode::emitBytecode):
1333         (JSC::SwitchNode::emitBytecode):
1334         (JSC::LabelNode::emitBytecode):
1335         (JSC::ThrowNode::emitBytecode):
1336         (JSC::TryNode::emitBytecode):
1337         (JSC::ProgramNode::emitBytecode):
1338         (JSC::EvalNode::emitBytecode):
1339         (JSC::FunctionBodyNode::emitBytecode):
1340         * debugger/Debugger.h:
1341         * debugger/DebuggerCallFrame.cpp:
1342         (JSC::LineAndColumnFunctor::operator()):
1343         (JSC::LineAndColumnFunctor::line):
1344         (JSC::LineAndColumnFunctor::column):
1345         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1346         (JSC::DebuggerCallFrame::clear):
1347         * debugger/DebuggerCallFrame.h:
1348         (JSC::DebuggerCallFrame::line):
1349         (JSC::DebuggerCallFrame::column):
1350         * interpreter/Interpreter.cpp:
1351         (JSC::unwindCallFrame):
1352         (JSC::UnwindFunctor::UnwindFunctor):
1353         (JSC::UnwindFunctor::operator()):
1354         (JSC::Interpreter::unwind):
1355         (JSC::Interpreter::debug):
1356         * interpreter/Interpreter.h:
1357         * jit/JITOpcodes.cpp:
1358         (JSC::JIT::emit_op_debug):
1359         * jit/JITOpcodes32_64.cpp:
1360         (JSC::JIT::emit_op_debug):
1361         * jit/JITStubs.cpp:
1362         (JSC::DEFINE_STUB_FUNCTION):
1363         * llint/LLIntSlowPaths.cpp:
1364         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1365         * llint/LowLevelInterpreter.asm:
1366
1367 2013-09-24  Filip Pizlo  <fpizlo@apple.com>
1368
1369         Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com
1370         https://bugs.webkit.org/show_bug.cgi?id=121844
1371
1372         Reviewed by Mark Hahnenberg.
1373         
1374         Fix some int52 bugs that caused this.
1375
1376         * bytecode/ValueRecovery.h:
1377         (JSC::ValueRecovery::dumpInContext): There's no such thing as int53.
1378         * dfg/DFGSpeculativeJIT.h:
1379         (JSC::DFG::SpeculativeJIT::spill): Actually spill int52's, instead of hitting an assert and crashing.
1380         * dfg/DFGSpeculativeJIT64.cpp:
1381         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): Use the right format (from before when we clobber it).
1382
1383 2013-09-24  Mark Rowe  <mrowe@apple.com>
1384
1385         <rdar://problem/14971518> WebKit should build against the Xcode default toolchain when targeting OS X 10.8
1386
1387         Reviewed by Dan Bernstein.
1388
1389         * Configurations/Base.xcconfig:
1390
1391 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1392
1393         use NOMINMAX instead of #define min min
1394         https://bugs.webkit.org/show_bug.cgi?id=73563
1395
1396         Reviewed by Brent Fulgham.
1397
1398         Use NOMINMAX instead of #define min/max as a cleaner
1399         way of ensuring that Windows system header files don't
1400         define min/max as macro in the first place.
1401
1402         * config.h:
1403
1404 2013-09-23  Filip Pizlo  <fpizlo@apple.com>
1405
1406         Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
1407         https://bugs.webkit.org/show_bug.cgi?id=121734
1408
1409         Reviewed by Mark Hahnenberg.
1410         
1411         Exception handling can deduce where the exception was thrown from by looking at the
1412         code origin that was stored into the call frame header. There is no need to pass any
1413         additional meta-data into the exception throwing logic. But the DFG was still doing it
1414         anyway.
1415         
1416         This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
1417         and friends. It simplifies a lot of code.
1418
1419         * CMakeLists.txt:
1420         * GNUmakefile.list.am:
1421         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1422         * JavaScriptCore.xcodeproj/project.pbxproj:
1423         * Target.pri:
1424         * bytecode/CodeBlock.cpp:
1425         (JSC::CodeBlock::shrinkToFit):
1426         * bytecode/CodeBlock.h:
1427         (JSC::CodeBlock::codeOrigins):
1428         (JSC::CodeBlock::hasCodeOrigins):
1429         (JSC::CodeBlock::canGetCodeOrigin):
1430         (JSC::CodeBlock::codeOrigin):
1431         * bytecode/CodeOrigin.h:
1432         (JSC::InlineCallFrame::InlineCallFrame):
1433         * bytecode/InlineCallFrameSet.cpp: Added.
1434         (JSC::InlineCallFrameSet::InlineCallFrameSet):
1435         (JSC::InlineCallFrameSet::~InlineCallFrameSet):
1436         (JSC::InlineCallFrameSet::add):
1437         (JSC::InlineCallFrameSet::shrinkToFit):
1438         * bytecode/InlineCallFrameSet.h: Added.
1439         (JSC::InlineCallFrameSet::isEmpty):
1440         (JSC::InlineCallFrameSet::size):
1441         (JSC::InlineCallFrameSet::at):
1442         * dfg/DFGArgumentsSimplificationPhase.cpp:
1443         (JSC::DFG::ArgumentsSimplificationPhase::run):
1444         * dfg/DFGByteCodeParser.cpp:
1445         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1446         * dfg/DFGCommonData.cpp:
1447         (JSC::DFG::CommonData::addCodeOrigin):
1448         (JSC::DFG::CommonData::shrinkToFit):
1449         * dfg/DFGCommonData.h:
1450         * dfg/DFGDesiredWriteBarriers.cpp:
1451         (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
1452         (JSC::DFG::DesiredWriteBarrier::trigger):
1453         * dfg/DFGDesiredWriteBarriers.h:
1454         (JSC::DFG::DesiredWriteBarriers::add):
1455         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
1456         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
1457         * dfg/DFGGraph.cpp:
1458         (JSC::DFG::Graph::Graph):
1459         * dfg/DFGGraph.h:
1460         * dfg/DFGJITCompiler.cpp:
1461         (JSC::DFG::JITCompiler::JITCompiler):
1462         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1463         (JSC::DFG::JITCompiler::link):
1464         (JSC::DFG::JITCompiler::compileFunction):
1465         * dfg/DFGJITCompiler.h:
1466         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
1467         (JSC::DFG::JITCompiler::exceptionCheck):
1468         (JSC::DFG::JITCompiler::fastExceptionCheck):
1469         * dfg/DFGOperations.cpp:
1470         * dfg/DFGOperations.h:
1471         * dfg/DFGRepatch.cpp:
1472         (JSC::DFG::tryBuildGetByIDList):
1473         * dfg/DFGSpeculativeJIT.h:
1474         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1475         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1476         (JSC::DFG::SpeculativeJIT::appendCall):
1477         * dfg/DFGSpeculativeJIT32_64.cpp:
1478         (JSC::DFG::SpeculativeJIT::emitCall):
1479         * dfg/DFGSpeculativeJIT64.cpp:
1480         (JSC::DFG::SpeculativeJIT::emitCall):
1481         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1482         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1483         * ftl/FTLLowerDFGToLLVM.cpp:
1484         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1485         * jit/AssemblyHelpers.h:
1486         (JSC::AssemblyHelpers::emitExceptionCheck):
1487
1488 2013-09-23  Oliver Hunt  <oliver@apple.com>
1489
1490         CodeLoad performance regression
1491
1492         Reviewed by Filip Pizlo.
1493
1494         Temporarily remove the ExpressionInfo compression until we can
1495         work out how to make it not clobber performance.
1496
1497         * bytecode/UnlinkedCodeBlock.cpp:
1498         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1499         (JSC::UnlinkedCodeBlock::addExpressionInfo):
1500         * bytecode/UnlinkedCodeBlock.h:
1501
1502 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1503
1504         Cleanup CMake files in JavaScriptCore
1505         https://bugs.webkit.org/show_bug.cgi?id=121762
1506
1507         Reviewed by Gyuyoung Kim.
1508
1509         Sort files and unify style.
1510
1511         * CMakeLists.txt:
1512         * shell/CMakeLists.txt:
1513         * shell/PlatformBlackBerry.cmake:
1514         * shell/PlatformEfl.cmake:
1515
1516 2013-09-22  Filip Pizlo  <fpizlo@apple.com>
1517
1518         Get rid of CodeBlock::RareData::callReturnIndexVector and most of the evil that it introduced
1519         https://bugs.webkit.org/show_bug.cgi?id=121766
1520
1521         Reviewed by Andreas Kling.
1522
1523         * bytecode/CodeBlock.cpp:
1524         (JSC::CodeBlock::shrinkToFit):
1525         * bytecode/CodeBlock.h:
1526         * dfg/DFGJITCompiler.cpp:
1527         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1528         (JSC::DFG::JITCompiler::link):
1529         * jit/JIT.cpp:
1530         (JSC::JIT::privateCompile):
1531
1532 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1533
1534         Interpreter::unwind() has no need for the bytecodeOffset
1535         https://bugs.webkit.org/show_bug.cgi?id=121755
1536
1537         Reviewed by Oliver Hunt.
1538         
1539         It was only using the bytecodeOffset for some debugger stuff, but the debugger could
1540         just get the bytecodeOffset the same way the rest of the machinery does: by using the
1541         CallFrame's location.
1542         
1543         It turns out that a lot of really ugly code was in place just to supply this
1544         bytecodeOffset. This patch kills most of that code, and allows us to kill even more
1545         code in a future patch - though most likely that killage will involve further
1546         refactorings as well, see https://bugs.webkit.org/show_bug.cgi?id=121734.
1547
1548         * dfg/DFGOperations.cpp:
1549         * interpreter/CallFrame.cpp:
1550         (JSC::CallFrame::bytecodeOffset):
1551         (JSC::CallFrame::codeOrigin):
1552         * interpreter/CallFrame.h:
1553         * interpreter/Interpreter.cpp:
1554         (JSC::Interpreter::unwind):
1555         * interpreter/Interpreter.h:
1556         * jit/JITExceptions.cpp:
1557         (JSC::genericUnwind):
1558         * jit/JITExceptions.h:
1559         * jit/JITStubs.cpp:
1560         (JSC::DEFINE_STUB_FUNCTION):
1561         (JSC::cti_vm_handle_exception):
1562         * llint/LLIntExceptions.cpp:
1563         (JSC::LLInt::doThrow):
1564         (JSC::LLInt::returnToThrow):
1565         (JSC::LLInt::callToThrow):
1566         * llint/LLIntExceptions.h:
1567         * llint/LLIntSlowPaths.cpp:
1568         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1569         * runtime/CommonSlowPaths.cpp:
1570         (JSC::SLOW_PATH_DECL):
1571         * runtime/CommonSlowPathsExceptions.cpp:
1572         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1573         * runtime/CommonSlowPathsExceptions.h:
1574
1575 2013-09-21  Darin Adler  <darin@apple.com>
1576
1577         Add ExecState::uncheckedArgument and use where possible to shrink a bit
1578         https://bugs.webkit.org/show_bug.cgi?id=121750
1579
1580         Reviewed by Andreas Kling.
1581
1582         * interpreter/CallFrame.h:
1583         (JSC::ExecState::uncheckedArgument): Added. Like argument, but with an
1584         assertion rather than a runtime check.
1585
1586         * API/APICallbackFunction.h:
1587         (JSC::APICallbackFunction::call): Use uncheckedArgument because we are
1588         already in a loop over arguments, so don't need a range check.
1589         * API/JSCallbackConstructor.cpp:
1590         (JSC::constructJSCallback): Ditto.
1591         * API/JSCallbackObjectFunctions.h:
1592         (JSC::JSCallbackObject::construct): Ditto.
1593         (JSC::JSCallbackObject::call): Ditto.
1594         * jsc.cpp:
1595         (functionPrint): Ditto.
1596         (functionRun): Ditto.
1597         (functionSetSamplingFlags): Ditto.
1598         (functionClearSamplingFlags): Ditto.
1599         * runtime/ArrayPrototype.cpp:
1600         (JSC::arrayProtoFuncConcat): Ditto.
1601         (JSC::arrayProtoFuncPush): Use uncheckedArgument because there is already
1602         code that explicitly checks argumentCount.
1603         (JSC::arrayProtoFuncSplice): Ditto.
1604         (JSC::arrayProtoFuncUnShift): Ditto.
1605         (JSC::arrayProtoFuncReduce): Ditto.
1606         (JSC::arrayProtoFuncReduceRight): Ditto.
1607         (JSC::arrayProtoFuncLastIndexOf): Ditto.
1608         * runtime/DatePrototype.cpp:
1609         (JSC::fillStructuresUsingTimeArgs): Ditto.
1610         (JSC::fillStructuresUsingDateArgs): Ditto.
1611         * runtime/JSArrayBufferConstructor.cpp:
1612         (JSC::constructArrayBuffer): Ditto.
1613         * runtime/JSArrayBufferPrototype.cpp:
1614         (JSC::arrayBufferProtoFuncSlice): Ditto.
1615         * runtime/JSBoundFunction.cpp:
1616         (JSC::boundFunctionCall): Ditto.
1617         (JSC::boundFunctionConstruct): Ditto.
1618         * runtime/JSDataViewPrototype.cpp:
1619         (JSC::getData): Ditto.
1620         (JSC::setData): Ditto.
1621         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1622         (JSC::constructGenericTypedArrayView): Ditto.
1623         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1624         (JSC::genericTypedArrayViewProtoFuncSet): Ditto.
1625         (JSC::genericTypedArrayViewProtoFuncSubarray): Ditto.
1626         * runtime/JSONObject.cpp:
1627         (JSC::JSONProtoFuncParse): Ditto.
1628         (JSC::JSONProtoFuncStringify): Ditto.
1629         * runtime/JSPromiseConstructor.cpp:
1630         (JSC::constructPromise): Ditto.
1631         (JSC::JSPromiseConstructorFuncFulfill): Ditto.
1632         (JSC::JSPromiseConstructorFuncResolve): Ditto.
1633         (JSC::JSPromiseConstructorFuncReject): Ditto.
1634         * runtime/MathObject.cpp:
1635         (JSC::mathProtoFuncMax): Ditto.
1636         (JSC::mathProtoFuncMin): Ditto.
1637
1638         * runtime/NameConstructor.cpp:
1639         (JSC::constructPrivateName): Removed unneeded check of argumentCout
1640         that simply repeats what argument already does.
1641         * runtime/NativeErrorConstructor.cpp:
1642         (JSC::Interpreter::constructWithNativeErrorConstructor): Ditto.
1643         (JSC::Interpreter::callNativeErrorConstructor): Ditto.
1644
1645         * runtime/NumberConstructor.cpp:
1646         (JSC::constructWithNumberConstructor): Use uncheckedArgument since
1647         there is already code that explicitly checks argument count.
1648         (JSC::callNumberConstructor): Ditto.
1649
1650         * runtime/ObjectConstructor.cpp:
1651         (JSC::objectConstructorCreate): Small refactoring to not call argument(0)
1652         three times.
1653
1654         * runtime/SetConstructor.cpp:
1655         (JSC::constructSet): Use uncheckedArgument since we are already in a loop
1656         over arguments.
1657
1658         * runtime/StringConstructor.cpp:
1659         (JSC::stringFromCharCodeSlowCase): In a loop.
1660         (JSC::stringFromCharCode): Already checked count.
1661         (JSC::constructWithStringConstructor): Ditto.
1662         (JSC::callStringConstructor): Ditto.
1663         * runtime/StringPrototype.cpp:
1664         (JSC::stringProtoFuncConcat): Already checked count.
1665         * runtime/TestRunnerUtils.cpp:
1666         (JSC::numberOfDFGCompiles): Ditto.
1667         (JSC::setNeverInline): Ditto.
1668
1669 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1670
1671         Remove the notion that a CallFrame can have a pointer to an InlineCallFrame, since that doesn't happen anymore
1672         https://bugs.webkit.org/show_bug.cgi?id=121753
1673
1674         Reviewed by Darin Adler.
1675
1676         * interpreter/CallFrame.cpp:
1677         (JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
1678         * interpreter/CallFrame.h:
1679         * interpreter/Register.h:
1680
1681 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1682
1683         Unreviewed, fix the revert.
1684
1685         * dfg/DFGRepatch.cpp:
1686
1687 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1688
1689         Unreviewed, revert http://trac.webkit.org/changeset/156235. It won't work on Windows.
1690
1691         * CMakeLists.txt:
1692         * GNUmakefile.list.am:
1693         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1694         * JavaScriptCore.xcodeproj/project.pbxproj:
1695         * Target.pri:
1696         * bytecode/CallLinkInfo.cpp:
1697         (JSC::CallLinkInfo::unlink):
1698         * bytecode/CodeBlock.cpp:
1699         (JSC::CodeBlock::resetStubInternal):
1700         * bytecode/StructureStubInfo.h:
1701         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1702         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
1703         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
1704         * dfg/DFGJITCompiler.h:
1705         * dfg/DFGOSRExitCompiler.h:
1706         * dfg/DFGOperations.cpp:
1707         (JSC::DFG::operationPutByValInternal):
1708         * dfg/DFGOperations.h:
1709         (JSC::DFG::operationNewTypedArrayWithSizeForType):
1710         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
1711         * dfg/DFGRegisterSet.h: Added.
1712         (JSC::DFG::RegisterSet::RegisterSet):
1713         (JSC::DFG::RegisterSet::asPOD):
1714         (JSC::DFG::RegisterSet::copyInfo):
1715         (JSC::DFG::RegisterSet::set):
1716         (JSC::DFG::RegisterSet::setGPRByIndex):
1717         (JSC::DFG::RegisterSet::clear):
1718         (JSC::DFG::RegisterSet::get):
1719         (JSC::DFG::RegisterSet::getGPRByIndex):
1720         (JSC::DFG::RegisterSet::getFreeGPR):
1721         (JSC::DFG::RegisterSet::setFPRByIndex):
1722         (JSC::DFG::RegisterSet::getFPRByIndex):
1723         (JSC::DFG::RegisterSet::setByIndex):
1724         (JSC::DFG::RegisterSet::getByIndex):
1725         (JSC::DFG::RegisterSet::numberOfSetGPRs):
1726         (JSC::DFG::RegisterSet::numberOfSetFPRs):
1727         (JSC::DFG::RegisterSet::numberOfSetRegisters):
1728         (JSC::DFG::RegisterSet::setBit):
1729         (JSC::DFG::RegisterSet::clearBit):
1730         (JSC::DFG::RegisterSet::getBit):
1731         * dfg/DFGRepatch.cpp: Added.
1732         (JSC::DFG::repatchCall):
1733         (JSC::DFG::repatchByIdSelfAccess):
1734         (JSC::DFG::addStructureTransitionCheck):
1735         (JSC::DFG::replaceWithJump):
1736         (JSC::DFG::emitRestoreScratch):
1737         (JSC::DFG::linkRestoreScratch):
1738         (JSC::DFG::generateProtoChainAccessStub):
1739         (JSC::DFG::tryCacheGetByID):
1740         (JSC::DFG::repatchGetByID):
1741         (JSC::DFG::getPolymorphicStructureList):
1742         (JSC::DFG::patchJumpToGetByIdStub):
1743         (JSC::DFG::tryBuildGetByIDList):
1744         (JSC::DFG::buildGetByIDList):
1745         (JSC::DFG::appropriateGenericPutByIdFunction):
1746         (JSC::DFG::appropriateListBuildingPutByIdFunction):
1747         (JSC::DFG::emitPutReplaceStub):
1748         (JSC::DFG::emitPutTransitionStub):
1749         (JSC::DFG::tryCachePutByID):
1750         (JSC::DFG::repatchPutByID):
1751         (JSC::DFG::tryBuildPutByIdList):
1752         (JSC::DFG::buildPutByIdList):
1753         (JSC::DFG::tryRepatchIn):
1754         (JSC::DFG::repatchIn):
1755         (JSC::DFG::linkSlowFor):
1756         (JSC::DFG::linkFor):
1757         (JSC::DFG::linkClosureCall):
1758         (JSC::DFG::resetGetByID):
1759         (JSC::DFG::resetPutByID):
1760         (JSC::DFG::resetIn):
1761         * dfg/DFGRepatch.h: Added.
1762         (JSC::DFG::resetGetByID):
1763         (JSC::DFG::resetPutByID):
1764         (JSC::DFG::resetIn):
1765         * dfg/DFGScratchRegisterAllocator.h: Added.
1766         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
1767         (JSC::DFG::ScratchRegisterAllocator::lock):
1768         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
1769         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
1770         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
1771         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
1772         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1773         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1774         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
1775         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1776         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1777         * dfg/DFGSpeculativeJIT.cpp:
1778         (JSC::DFG::SpeculativeJIT::writeBarrier):
1779         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1780         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1781         (JSC::DFG::SpeculativeJIT::compare):
1782         * dfg/DFGSpeculativeJIT.h:
1783         (JSC::DFG::SpeculativeJIT::callOperation):
1784         * dfg/DFGSpeculativeJIT32_64.cpp:
1785         (JSC::DFG::SpeculativeJIT::cachedPutById):
1786         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1787         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1788         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1789         (JSC::DFG::SpeculativeJIT::compile):
1790         * dfg/DFGSpeculativeJIT64.cpp:
1791         (JSC::DFG::SpeculativeJIT::cachedPutById):
1792         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1793         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1794         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1795         (JSC::DFG::SpeculativeJIT::compile):
1796         * dfg/DFGThunks.cpp:
1797         (JSC::DFG::emitPointerValidation):
1798         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
1799         (JSC::DFG::slowPathFor):
1800         (JSC::DFG::linkForThunkGenerator):
1801         (JSC::DFG::linkCallThunkGenerator):
1802         (JSC::DFG::linkConstructThunkGenerator):
1803         (JSC::DFG::linkClosureCallThunkGenerator):
1804         (JSC::DFG::virtualForThunkGenerator):
1805         (JSC::DFG::virtualCallThunkGenerator):
1806         (JSC::DFG::virtualConstructThunkGenerator):
1807         * dfg/DFGThunks.h:
1808         * ftl/FTLIntrinsicRepository.h:
1809         * ftl/FTLLowerDFGToLLVM.cpp:
1810         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1811         * ftl/FTLOSRExitCompiler.h:
1812         * jit/AssemblyHelpers.h:
1813         * jit/JIT.cpp:
1814         (JSC::JIT::linkFor):
1815         (JSC::JIT::linkSlowCall):
1816         * jit/JITCall.cpp:
1817         (JSC::JIT::compileCallEvalSlowCase):
1818         (JSC::JIT::compileOpCallSlowCase):
1819         (JSC::JIT::privateCompileClosureCall):
1820         * jit/JITCall32_64.cpp:
1821         (JSC::JIT::compileCallEvalSlowCase):
1822         (JSC::JIT::compileOpCallSlowCase):
1823         (JSC::JIT::privateCompileClosureCall):
1824         * jit/JITOperationWrappers.h: Removed.
1825         * jit/JITOperations.cpp: Removed.
1826         * jit/JITOperations.h: Removed.
1827         * jit/RegisterSet.h: Removed.
1828         * jit/Repatch.cpp: Removed.
1829         * jit/Repatch.h: Removed.
1830         * jit/ScratchRegisterAllocator.h: Removed.
1831         * jit/ThunkGenerators.cpp:
1832         (JSC::generateSlowCaseFor):
1833         (JSC::linkForGenerator):
1834         (JSC::linkCallGenerator):
1835         (JSC::linkConstructGenerator):
1836         (JSC::linkClosureCallGenerator):
1837         (JSC::virtualForGenerator):
1838         (JSC::virtualCallGenerator):
1839         (JSC::virtualConstructGenerator):
1840         * jit/ThunkGenerators.h:
1841
1842 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1843
1844         Move DFG inline caching logic into jit/
1845         https://bugs.webkit.org/show_bug.cgi?id=121749
1846
1847         Rubber stamped by Sam Weinig.
1848         
1849         We want to get rid of the baseline JIT's inline caching machinery and have it use the
1850         DFG's instead. But before we do that we need to move the DFG's inline caching machine
1851         out from behind its ENABLE(DFG_JIT) guards and make it available to the whole system.
1852         This patch does that:
1853         
1854         - dfg/DFGRepatch becomes jit/Repatch.
1855         
1856         - The thunks used by the DFG IC go into jit/ThunkGenerators, instead of dfg/DFGThunks.
1857         
1858         - The operations used by the DFG IC go into jit/JITOperations, instead of
1859           dfg/DFGOperations.
1860         
1861         - The old JIT's thunk generators for calls are renamed to reduce confusion. Previously
1862           it was easy to know which generators belong to which JIT because the old JIT used
1863           JSC::virtualCallBlah and the DFG used JSC::DFG::virtualCallBlah, but that's not the
1864           case anymore. Note that the old JIT's thunk generators will die in a future patch.
1865         
1866         No functional changes beyond those moves.
1867
1868         * CMakeLists.txt:
1869         * GNUmakefile.list.am:
1870         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1871         * JavaScriptCore.xcodeproj/project.pbxproj:
1872         * Target.pri:
1873         * bytecode/CallLinkInfo.cpp:
1874         (JSC::CallLinkInfo::unlink):
1875         * bytecode/CodeBlock.cpp:
1876         (JSC::CodeBlock::resetStubInternal):
1877         * bytecode/StructureStubInfo.h:
1878         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1879         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
1880         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
1881         * dfg/DFGJITCompiler.h:
1882         * dfg/DFGOSRExitCompiler.h:
1883         * dfg/DFGOperations.cpp:
1884         (JSC::DFG::operationPutByValInternal):
1885         * dfg/DFGOperations.h:
1886         (JSC::DFG::operationNewTypedArrayWithSizeForType):
1887         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
1888         * dfg/DFGRegisterSet.h: Removed.
1889         * dfg/DFGRepatch.cpp: Removed.
1890         * dfg/DFGRepatch.h: Removed.
1891         * dfg/DFGScratchRegisterAllocator.h: Removed.
1892         * dfg/DFGSpeculativeJIT.cpp:
1893         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1894         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1895         (JSC::DFG::SpeculativeJIT::compare):
1896         * dfg/DFGSpeculativeJIT.h:
1897         (JSC::DFG::SpeculativeJIT::callOperation):
1898         * dfg/DFGSpeculativeJIT32_64.cpp:
1899         (JSC::DFG::SpeculativeJIT::cachedPutById):
1900         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1901         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1902         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1903         (JSC::DFG::SpeculativeJIT::compile):
1904         * dfg/DFGSpeculativeJIT64.cpp:
1905         (JSC::DFG::SpeculativeJIT::cachedPutById):
1906         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
1907         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
1908         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
1909         (JSC::DFG::SpeculativeJIT::compile):
1910         * dfg/DFGThunks.cpp:
1911         * dfg/DFGThunks.h:
1912         * ftl/FTLIntrinsicRepository.h:
1913         * ftl/FTLLowerDFGToLLVM.cpp:
1914         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1915         * jit/AssemblyHelpers.h:
1916         (JSC::AssemblyHelpers::writeBarrier):
1917         * jit/JIT.cpp:
1918         (JSC::JIT::linkFor):
1919         (JSC::JIT::linkSlowCall):
1920         * jit/JITCall.cpp:
1921         (JSC::JIT::compileCallEval):
1922         (JSC::JIT::compileCallEvalSlowCase):
1923         (JSC::JIT::compileOpCallSlowCase):
1924         (JSC::JIT::privateCompileClosureCall):
1925         * jit/JITCall32_64.cpp:
1926         (JSC::JIT::compileCallEvalSlowCase):
1927         (JSC::JIT::compileOpCallSlowCase):
1928         (JSC::JIT::privateCompileClosureCall):
1929         * jit/JITOperationWrappers.h: Added.
1930         * jit/JITOperations.cpp: Added.
1931         * jit/JITOperations.h: Added.
1932         * jit/RegisterSet.h: Added.
1933         (JSC::RegisterSet::RegisterSet):
1934         (JSC::RegisterSet::asPOD):
1935         (JSC::RegisterSet::copyInfo):
1936         (JSC::RegisterSet::set):
1937         (JSC::RegisterSet::setGPRByIndex):
1938         (JSC::RegisterSet::clear):
1939         (JSC::RegisterSet::get):
1940         (JSC::RegisterSet::getGPRByIndex):
1941         (JSC::RegisterSet::getFreeGPR):
1942         (JSC::RegisterSet::setFPRByIndex):
1943         (JSC::RegisterSet::getFPRByIndex):
1944         (JSC::RegisterSet::setByIndex):
1945         (JSC::RegisterSet::getByIndex):
1946         (JSC::RegisterSet::numberOfSetGPRs):
1947         (JSC::RegisterSet::numberOfSetFPRs):
1948         (JSC::RegisterSet::numberOfSetRegisters):
1949         (JSC::RegisterSet::setBit):
1950         (JSC::RegisterSet::clearBit):
1951         (JSC::RegisterSet::getBit):
1952         * jit/Repatch.cpp: Added.
1953         (JSC::repatchCall):
1954         (JSC::repatchByIdSelfAccess):
1955         (JSC::addStructureTransitionCheck):
1956         (JSC::replaceWithJump):
1957         (JSC::emitRestoreScratch):
1958         (JSC::linkRestoreScratch):
1959         (JSC::generateProtoChainAccessStub):
1960         (JSC::tryCacheGetByID):
1961         (JSC::repatchGetByID):
1962         (JSC::getPolymorphicStructureList):
1963         (JSC::patchJumpToGetByIdStub):
1964         (JSC::tryBuildGetByIDList):
1965         (JSC::buildGetByIDList):
1966         (JSC::appropriateGenericPutByIdFunction):
1967         (JSC::appropriateListBuildingPutByIdFunction):
1968         (JSC::emitPutReplaceStub):
1969         (JSC::emitPutTransitionStub):
1970         (JSC::tryCachePutByID):
1971         (JSC::repatchPutByID):
1972         (JSC::tryBuildPutByIdList):
1973         (JSC::buildPutByIdList):
1974         (JSC::tryRepatchIn):
1975         (JSC::repatchIn):
1976         (JSC::linkSlowFor):
1977         (JSC::linkFor):
1978         (JSC::linkClosureCall):
1979         (JSC::resetGetByID):
1980         (JSC::resetPutByID):
1981         (JSC::resetIn):
1982         * jit/Repatch.h: Added.
1983         (JSC::resetGetByID):
1984         (JSC::resetPutByID):
1985         (JSC::resetIn):
1986         * jit/ScratchRegisterAllocator.h: Added.
1987         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
1988         (JSC::ScratchRegisterAllocator::lock):
1989         (JSC::ScratchRegisterAllocator::allocateScratch):
1990         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
1991         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
1992         (JSC::ScratchRegisterAllocator::didReuseRegisters):
1993         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1994         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1995         (JSC::ScratchRegisterAllocator::desiredScratchBufferSize):
1996         (JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
1997         (JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
1998         * jit/ThunkGenerators.cpp:
1999         (JSC::oldStyleGenerateSlowCaseFor):
2000         (JSC::oldStyleLinkForGenerator):
2001         (JSC::oldStyleLinkCallGenerator):
2002         (JSC::oldStyleLinkConstructGenerator):
2003         (JSC::oldStyleLinkClosureCallGenerator):
2004         (JSC::oldStyleVirtualForGenerator):
2005         (JSC::oldStyleVirtualCallGenerator):
2006         (JSC::oldStyleVirtualConstructGenerator):
2007         (JSC::emitPointerValidation):
2008         (JSC::throwExceptionFromCallSlowPathGenerator):
2009         (JSC::slowPathFor):
2010         (JSC::linkForThunkGenerator):
2011         (JSC::linkCallThunkGenerator):
2012         (JSC::linkConstructThunkGenerator):
2013         (JSC::linkClosureCallThunkGenerator):
2014         (JSC::virtualForThunkGenerator):
2015         (JSC::virtualCallThunkGenerator):
2016         (JSC::virtualConstructThunkGenerator):
2017         * jit/ThunkGenerators.h:
2018
2019 2013-09-21  Anders Carlsson  <andersca@apple.com>
2020
2021         Fix the non-DFG build.
2022
2023         * interpreter/Interpreter.cpp:
2024         (JSC::unwindCallFrame):
2025         * interpreter/StackVisitor.cpp:
2026         (JSC::StackVisitor::Frame::r):
2027
2028 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2029
2030         Get rid of IsInlinedCodeTag and its associated methods since it's unused
2031         https://bugs.webkit.org/show_bug.cgi?id=121737
2032
2033         Reviewed by Sam Weinig.
2034         
2035         This was meant to be easy, but I kept wondering if it was safe to remove the
2036         inline call frame check in Arguments::tearOff(). The check was clearly dead
2037         since the bit wasn't being set anywhere.
2038         
2039         It turns out that the unwindCallFrame() function was relying on tearOff()
2040         doing the right thing for inlined code, but it wasn't even passing it an
2041         inline call frame. I fixed this by having unwindCallFrame() inlining check,
2042         while also making sure that the code uses the right operand index for the
2043         arguments register.
2044
2045         * interpreter/CallFrame.h:
2046         * interpreter/CallFrameInlines.h:
2047         * interpreter/Interpreter.cpp:
2048         (JSC::unwindCallFrame):
2049         * interpreter/StackVisitor.cpp:
2050         (JSC::StackVisitor::Frame::r):
2051         * interpreter/StackVisitor.h:
2052         * runtime/Arguments.cpp:
2053         (JSC::Arguments::tearOff):
2054
2055 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2056
2057         (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole
2058         https://bugs.webkit.org/show_bug.cgi?id=121717
2059
2060         Reviewed by Oliver Hunt.
2061
2062         This bug caused the array to become corrupted. We now check for holes before we start moving things, 
2063         and start moving things only once we've determined that there are none.
2064
2065         * runtime/JSArray.cpp:
2066         (JSC::JSArray::shiftCountWithAnyIndexingType):
2067         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2068
2069 2013-09-20  Filip Pizlo  <fpizlo@apple.com>
2070
2071         REGRESSION(r156047): WebCore hangs inside JSC::toInt32(double)
2072         https://bugs.webkit.org/show_bug.cgi?id=121648
2073
2074         Reviewed by Mark Hahnenberg.
2075         
2076         The Int52<->StrictInt52 conversion did the opposite fill() than what it was
2077         supposed to. For example when converting a Int52 to a StrictInt52 it would fill
2078         as Int52, and vice-versa.
2079
2080         * dfg/DFGSpeculativeJIT64.cpp:
2081         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2082
2083 2013-09-20  Oliver Hunt  <oliver@apple.com>
2084
2085         REGRESSION(r153215): New iCloud site crashes
2086         https://bugs.webkit.org/show_bug.cgi?id=121710
2087
2088         Reviewed by Filip Pizlo.
2089
2090         Don't claim to be able to rely on the arguments structure, use the Arguments
2091         speculation type
2092
2093         * dfg/DFGAbstractInterpreterInlines.h:
2094         (JSC::DFG::::executeEffects):
2095
2096 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2097
2098         Clobberize phase forgets to indicate that it writes GCState for several node types
2099         https://bugs.webkit.org/show_bug.cgi?id=121702
2100
2101         Reviewed by Oliver Hunt.
2102
2103         Added read and write for GCState to the nodes that could end up allocating (and thereby
2104         cause a garbage collection).
2105
2106         * dfg/DFGClobberize.h:
2107         (JSC::DFG::clobberize):
2108
2109 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2110
2111         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2112         https://bugs.webkit.org/show_bug.cgi?id=121637
2113
2114         Rubber stamped by Michael Saboff.
2115         
2116         Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
2117         and tests.
2118
2119         * CMakeLists.txt:
2120         * GNUmakefile.list.am:
2121         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2122         * JavaScriptCore.xcodeproj/project.pbxproj:
2123         * Target.pri:
2124         * bytecode/ValueRecovery.h:
2125         (JSC::ValueRecovery::dumpInContext):
2126         * dfg/DFGAssemblyHelpers.cpp: Removed.
2127         * dfg/DFGAssemblyHelpers.h: Removed.
2128         * dfg/DFGBinarySwitch.h:
2129         * dfg/DFGByteCodeParser.cpp:
2130         * dfg/DFGCCallHelpers.h: Removed.
2131         * dfg/DFGDisassembler.cpp:
2132         * dfg/DFGFPRInfo.h: Removed.
2133         * dfg/DFGGPRInfo.h: Removed.
2134         * dfg/DFGGraph.cpp:
2135         * dfg/DFGGraph.h:
2136         * dfg/DFGJITCompiler.h:
2137         * dfg/DFGOSRExit.cpp:
2138         * dfg/DFGOSRExit.h:
2139         * dfg/DFGOSRExitCompiler.h:
2140         * dfg/DFGOSRExitCompilerCommon.h:
2141         * dfg/DFGRegisterBank.h:
2142         * dfg/DFGRegisterSet.h:
2143         * dfg/DFGRepatch.cpp:
2144         * dfg/DFGSilentRegisterSavePlan.h:
2145         * dfg/DFGThunks.cpp:
2146         * dfg/DFGVariableEvent.cpp:
2147         * ftl/FTLCArgumentGetter.h:
2148         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2149         (JSC::FTL::CArgumentGetter::loadNext8):
2150         (JSC::FTL::CArgumentGetter::loadNext32):
2151         (JSC::FTL::CArgumentGetter::loadNext64):
2152         (JSC::FTL::CArgumentGetter::loadNextPtr):
2153         (JSC::FTL::CArgumentGetter::loadNextDouble):
2154         * ftl/FTLCompile.cpp:
2155         * ftl/FTLExitThunkGenerator.h:
2156         * ftl/FTLLink.cpp:
2157         * ftl/FTLThunks.cpp:
2158         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2159         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2160         (JSC::AssemblyHelpers::AssemblyHelpers):
2161         (JSC::AssemblyHelpers::debugCall):
2162         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2163         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2164         (WTF::printInternal):
2165         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2166         (WTF::printInternal):
2167         * jit/JIT.cpp:
2168         (JSC::JIT::JIT):
2169         * jit/JIT.h:
2170         * jit/JITPropertyAccess.cpp:
2171         (JSC::JIT::stringGetByValStubGenerator):
2172         * jit/JITPropertyAccess32_64.cpp:
2173         (JSC::JIT::stringGetByValStubGenerator):
2174         * jit/JSInterfaceJIT.h:
2175         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2176         * jit/SpecializedThunkJIT.h:
2177         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2178         (JSC::SpecializedThunkJIT::finalize):
2179         * jit/ThunkGenerators.cpp:
2180         (JSC::linkForGenerator):
2181         (JSC::virtualForGenerator):
2182         (JSC::stringLengthTrampolineGenerator):
2183         (JSC::nativeForGenerator):
2184         (JSC::arityFixup):
2185         (JSC::charCodeAtThunkGenerator):
2186         (JSC::charAtThunkGenerator):
2187         (JSC::fromCharCodeThunkGenerator):
2188         (JSC::sqrtThunkGenerator):
2189         (JSC::floorThunkGenerator):
2190         (JSC::ceilThunkGenerator):
2191         (JSC::roundThunkGenerator):
2192         (JSC::expThunkGenerator):
2193         (JSC::logThunkGenerator):
2194         (JSC::absThunkGenerator):
2195         (JSC::powThunkGenerator):
2196         (JSC::imulThunkGenerator):
2197         * llint/LLIntThunks.cpp:
2198         (JSC::LLInt::generateThunkWithJumpTo):
2199         * runtime/JSCJSValue.h:
2200
2201 2013-09-20  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2202
2203         Inline method exported
2204         https://bugs.webkit.org/show_bug.cgi?id=121664
2205
2206         Reviewed by Darin Adler.
2207
2208         WatchDog::didFire() is marked as an exported symbol eventhough it is
2209         defined inline. This breaks the build on MinGW since it results in dllimport
2210         being declared on a definition.
2211
2212         * runtime/Watchdog.h:
2213         (JSC::Watchdog::didFire):
2214
2215 2013-09-20  Patrick Gansterer  <paroga@webkit.org>
2216
2217         [CMake] Use COMPILE_DEFINITIONS target property for setting BUILDING_* defines
2218         https://bugs.webkit.org/show_bug.cgi?id=121672
2219
2220         Reviewed by Gyuyoung Kim.
2221
2222         Since the scope of add_definitions() is always a whole file, we need to use
2223         target properties instead to set definitions only for specific targets.
2224
2225         * CMakeLists.txt:
2226
2227 2013-09-19  Commit Queue  <commit-queue@webkit.org>
2228
2229         Unreviewed, rolling out r156120.
2230         http://trac.webkit.org/changeset/156120
2231         https://bugs.webkit.org/show_bug.cgi?id=121651
2232
2233         Broke windows runtime and all tests (Requested by bfulgham on
2234         #webkit).
2235
2236         * CMakeLists.txt:
2237         * GNUmakefile.list.am:
2238         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2239         * JavaScriptCore.xcodeproj/project.pbxproj:
2240         * Target.pri:
2241         * bytecode/ValueRecovery.h:
2242         (JSC::ValueRecovery::dumpInContext):
2243         * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
2244         (JSC::DFG::AssemblyHelpers::executableFor):
2245         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2246         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
2247         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
2248         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2249         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2250         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2251         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2252         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2253         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2254         * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
2255         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
2256         (JSC::DFG::AssemblyHelpers::codeBlock):
2257         (JSC::DFG::AssemblyHelpers::vm):
2258         (JSC::DFG::AssemblyHelpers::assembler):
2259         (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
2260         (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
2261         (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
2262         (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
2263         (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
2264         (JSC::DFG::AssemblyHelpers::branchIfNotCell):
2265         (JSC::DFG::AssemblyHelpers::addressFor):
2266         (JSC::DFG::AssemblyHelpers::tagFor):
2267         (JSC::DFG::AssemblyHelpers::payloadFor):
2268         (JSC::DFG::AssemblyHelpers::branchIfNotObject):
2269         (JSC::DFG::AssemblyHelpers::selectScratchGPR):
2270         (JSC::DFG::AssemblyHelpers::debugCall):
2271         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2272         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2273         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2274         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2275         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2276         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2277         (JSC::DFG::AssemblyHelpers::boxDouble):
2278         (JSC::DFG::AssemblyHelpers::unboxDouble):
2279         (JSC::DFG::AssemblyHelpers::boxInt52):
2280         (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
2281         (JSC::DFG::AssemblyHelpers::emitCount):
2282         (JSC::DFG::AssemblyHelpers::globalObjectFor):
2283         (JSC::DFG::AssemblyHelpers::strictModeFor):
2284         (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
2285         (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
2286         (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
2287         (JSC::DFG::AssemblyHelpers::symbolTableFor):
2288         (JSC::DFG::AssemblyHelpers::offsetOfLocals):
2289         (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
2290         * dfg/DFGBinarySwitch.h:
2291         * dfg/DFGByteCodeParser.cpp:
2292         * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
2293         (JSC::DFG::CCallHelpers::CCallHelpers):
2294         (JSC::DFG::CCallHelpers::resetCallArguments):
2295         (JSC::DFG::CCallHelpers::addCallArgument):
2296         (JSC::DFG::CCallHelpers::setupArguments):
2297         (JSC::DFG::CCallHelpers::setupArgumentsExecState):
2298         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2299         (JSC::DFG::CCallHelpers::setupTwoStubArgs):
2300         (JSC::DFG::CCallHelpers::setupStubArguments):
2301         (JSC::DFG::CCallHelpers::setupResults):
2302         * dfg/DFGDisassembler.cpp:
2303         * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
2304         (JSC::DFG::FPRInfo::toRegister):
2305         (JSC::DFG::FPRInfo::toIndex):
2306         (JSC::DFG::FPRInfo::toArgumentRegister):
2307         (JSC::DFG::FPRInfo::debugName):
2308         * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
2309         (JSC::DFG::JSValueRegs::JSValueRegs):
2310         (JSC::DFG::JSValueRegs::payloadOnly):
2311         (JSC::DFG::JSValueRegs::operator!):
2312         (JSC::DFG::JSValueRegs::gpr):
2313         (JSC::DFG::JSValueRegs::payloadGPR):
2314         (JSC::DFG::JSValueSource::JSValueSource):
2315         (JSC::DFG::JSValueSource::unboxedCell):
2316         (JSC::DFG::JSValueSource::operator!):
2317         (JSC::DFG::JSValueSource::isAddress):
2318         (JSC::DFG::JSValueSource::offset):
2319         (JSC::DFG::JSValueSource::base):
2320         (JSC::DFG::JSValueSource::gpr):
2321         (JSC::DFG::JSValueSource::asAddress):
2322         (JSC::DFG::JSValueSource::notAddress):
2323         (JSC::DFG::JSValueRegs::tagGPR):
2324         (JSC::DFG::JSValueSource::tagGPR):
2325         (JSC::DFG::JSValueSource::payloadGPR):
2326         (JSC::DFG::JSValueSource::hasKnownTag):
2327         (JSC::DFG::JSValueSource::tag):
2328         (JSC::DFG::GPRInfo::toRegister):
2329         (JSC::DFG::GPRInfo::toIndex):
2330         (JSC::DFG::GPRInfo::debugName):
2331         (JSC::DFG::GPRInfo::toArgumentRegister):
2332         * dfg/DFGGraph.cpp:
2333         * dfg/DFGGraph.h:
2334         * dfg/DFGJITCompiler.h:
2335         * dfg/DFGOSRExit.cpp:
2336         * dfg/DFGOSRExit.h:
2337         * dfg/DFGOSRExitCompiler.h:
2338         * dfg/DFGOSRExitCompilerCommon.h:
2339         * dfg/DFGRegisterBank.h:
2340         * dfg/DFGRegisterSet.h:
2341         * dfg/DFGRepatch.cpp:
2342         * dfg/DFGSilentRegisterSavePlan.h:
2343         * dfg/DFGThunks.cpp:
2344         * dfg/DFGVariableEvent.cpp:
2345         * ftl/FTLCArgumentGetter.h:
2346         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2347         (JSC::FTL::CArgumentGetter::loadNext8):
2348         (JSC::FTL::CArgumentGetter::loadNext32):
2349         (JSC::FTL::CArgumentGetter::loadNext64):
2350         (JSC::FTL::CArgumentGetter::loadNextPtr):
2351         (JSC::FTL::CArgumentGetter::loadNextDouble):
2352         * ftl/FTLCompile.cpp:
2353         * ftl/FTLExitThunkGenerator.h:
2354         * ftl/FTLLink.cpp:
2355         * ftl/FTLThunks.cpp:
2356         * jit/JIT.cpp:
2357         (JSC::JIT::JIT):
2358         * jit/JIT.h:
2359         * jit/JITPropertyAccess.cpp:
2360         (JSC::JIT::stringGetByValStubGenerator):
2361         * jit/JITPropertyAccess32_64.cpp:
2362         (JSC::JIT::stringGetByValStubGenerator):
2363         * jit/JSInterfaceJIT.h:
2364         (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
2365         (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
2366         * jit/SpecializedThunkJIT.h:
2367         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2368         (JSC::SpecializedThunkJIT::finalize):
2369         * jit/ThunkGenerators.cpp:
2370         (JSC::linkForGenerator):
2371         (JSC::virtualForGenerator):
2372         (JSC::stringLengthTrampolineGenerator):
2373         (JSC::nativeForGenerator):
2374         (JSC::arityFixup):
2375         (JSC::charCodeAtThunkGenerator):
2376         (JSC::charAtThunkGenerator):
2377         (JSC::fromCharCodeThunkGenerator):
2378         (JSC::sqrtThunkGenerator):
2379         (JSC::floorThunkGenerator):
2380         (JSC::ceilThunkGenerator):
2381         (JSC::roundThunkGenerator):
2382         (JSC::expThunkGenerator):
2383         (JSC::logThunkGenerator):
2384         (JSC::absThunkGenerator):
2385         (JSC::powThunkGenerator):
2386         (JSC::imulThunkGenerator):
2387         * llint/LLIntThunks.cpp:
2388         (JSC::LLInt::generateThunkWithJumpTo):
2389         * runtime/JSCJSValue.h:
2390
2391 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2392
2393         Unreviewed, fix Windows build part 2. m_jitCodeMap should always be there.
2394
2395         * bytecode/CodeBlock.h:
2396         (JSC::CodeBlock::jitCodeMap):
2397
2398 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2399
2400         Remove some of the tautologies in DFGRepatch function naming.
2401
2402         Rubber stamped by Mark Hahnenberg.
2403         
2404         For example change DFG::dfgLinkFor() to be DFG::linkFor().
2405
2406         * bytecode/CodeBlock.cpp:
2407         (JSC::CodeBlock::resetStubInternal):
2408         * dfg/DFGOperations.cpp:
2409         * dfg/DFGRepatch.cpp:
2410         (JSC::DFG::repatchCall):
2411         (JSC::DFG::repatchByIdSelfAccess):
2412         (JSC::DFG::tryCacheGetByID):
2413         (JSC::DFG::repatchGetByID):
2414         (JSC::DFG::buildGetByIDList):
2415         (JSC::DFG::tryCachePutByID):
2416         (JSC::DFG::repatchPutByID):
2417         (JSC::DFG::buildPutByIdList):
2418         (JSC::DFG::repatchIn):
2419         (JSC::DFG::linkFor):
2420         (JSC::DFG::linkSlowFor):
2421         (JSC::DFG::linkClosureCall):
2422         (JSC::DFG::resetGetByID):
2423         (JSC::DFG::resetPutByID):
2424         (JSC::DFG::resetIn):
2425         * dfg/DFGRepatch.h:
2426         (JSC::DFG::resetGetByID):
2427         (JSC::DFG::resetPutByID):
2428         (JSC::DFG::resetIn):
2429
2430 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2431
2432         Unreviewed, fix Windows build. ScratchBuffer should always be available regardless of
2433         ENABLE_DFG_JIT.
2434
2435         * runtime/VM.h:
2436
2437 2013-09-19  Daniel Bates  <dabates@apple.com>
2438
2439         [iOS] Add more iOS logic to the JavaScriptCore build configuration files
2440         https://bugs.webkit.org/show_bug.cgi?id=121635
2441
2442         Reviewed by Geoffrey Garen.
2443
2444         Towards building JavaScriptCore for both OS X and iOS using the same
2445         set of configuration files, add more iOS logic.
2446
2447         * Configurations/Base.xcconfig:
2448         * Configurations/JSC.xcconfig:
2449         * Configurations/JavaScriptCore.xcconfig:
2450         * Configurations/ToolExecutable.xcconfig:
2451
2452 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2453
2454         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2455         https://bugs.webkit.org/show_bug.cgi?id=121637
2456
2457         Rubber stamped by Michael Saboff.
2458         
2459         Also moved GPRInfo/FPRInfo into jit/.
2460
2461         * CMakeLists.txt:
2462         * GNUmakefile.list.am:
2463         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2464         * JavaScriptCore.xcodeproj/project.pbxproj:
2465         * Target.pri:
2466         * bytecode/ValueRecovery.h:
2467         (JSC::ValueRecovery::dumpInContext):
2468         * dfg/DFGAssemblyHelpers.cpp: Removed.
2469         * dfg/DFGAssemblyHelpers.h: Removed.
2470         * dfg/DFGBinarySwitch.h:
2471         * dfg/DFGByteCodeParser.cpp:
2472         * dfg/DFGCCallHelpers.h: Removed.
2473         * dfg/DFGDisassembler.cpp:
2474         * dfg/DFGFPRInfo.h: Removed.
2475         * dfg/DFGGPRInfo.h: Removed.
2476         * dfg/DFGGraph.cpp:
2477         * dfg/DFGGraph.h:
2478         * dfg/DFGJITCompiler.h:
2479         * dfg/DFGOSRExit.cpp:
2480         * dfg/DFGOSRExit.h:
2481         * dfg/DFGOSRExitCompiler.h:
2482         * dfg/DFGOSRExitCompilerCommon.h:
2483         * dfg/DFGRegisterBank.h:
2484         * dfg/DFGRegisterSet.h:
2485         * dfg/DFGRepatch.cpp:
2486         * dfg/DFGSilentRegisterSavePlan.h:
2487         * dfg/DFGThunks.cpp:
2488         * dfg/DFGVariableEvent.cpp:
2489         * ftl/FTLCArgumentGetter.h:
2490         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2491         (JSC::FTL::CArgumentGetter::loadNext8):
2492         (JSC::FTL::CArgumentGetter::loadNext32):
2493         (JSC::FTL::CArgumentGetter::loadNext64):
2494         (JSC::FTL::CArgumentGetter::loadNextPtr):
2495         (JSC::FTL::CArgumentGetter::loadNextDouble):
2496         * ftl/FTLCompile.cpp:
2497         * ftl/FTLExitThunkGenerator.h:
2498         * ftl/FTLLink.cpp:
2499         * ftl/FTLThunks.cpp:
2500         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2501         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2502         (JSC::AssemblyHelpers::AssemblyHelpers):
2503         (JSC::AssemblyHelpers::debugCall):
2504         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2505         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2506         (WTF::printInternal):
2507         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2508         (WTF::printInternal):
2509         * jit/JIT.cpp:
2510         (JSC::JIT::JIT):
2511         * jit/JIT.h:
2512         * jit/JITPropertyAccess.cpp:
2513         (JSC::JIT::stringGetByValStubGenerator):
2514         * jit/JITPropertyAccess32_64.cpp:
2515         (JSC::JIT::stringGetByValStubGenerator):
2516         * jit/JSInterfaceJIT.h:
2517         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2518         * jit/SpecializedThunkJIT.h:
2519         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2520         (JSC::SpecializedThunkJIT::finalize):
2521         * jit/ThunkGenerators.cpp:
2522         (JSC::linkForGenerator):
2523         (JSC::virtualForGenerator):
2524         (JSC::stringLengthTrampolineGenerator):
2525         (JSC::nativeForGenerator):
2526         (JSC::arityFixup):
2527         (JSC::charCodeAtThunkGenerator):
2528         (JSC::charAtThunkGenerator):
2529         (JSC::fromCharCodeThunkGenerator):
2530         (JSC::sqrtThunkGenerator):
2531         (JSC::floorThunkGenerator):
2532         (JSC::ceilThunkGenerator):
2533         (JSC::roundThunkGenerator):
2534         (JSC::expThunkGenerator):
2535         (JSC::logThunkGenerator):
2536         (JSC::absThunkGenerator):
2537         (JSC::powThunkGenerator):
2538         (JSC::imulThunkGenerator):
2539         * llint/LLIntThunks.cpp:
2540         (JSC::LLInt::generateThunkWithJumpTo):
2541         * runtime/JSCJSValue.h:
2542
2543 2013-09-19  Daniel Bates  <dabates@apple.com>
2544
2545         [iOS] Substitute UNREACHABLE_FOR_PLATFORM() for RELEASE_ASSERT_NOT_REACHED()
2546
2547         Rubber-stamped by Joseph Pecoraro.
2548
2549         Use UNREACHABLE_FOR_PLATFORM() instead of RELEASE_ASSERT_NOT_REACHED() in
2550         the non-x86/x86-64 variant of JIT::emitSlow_op_mod() so as to avoid a missing
2551         noreturn warning in Clang while simultaneously asserting unreachable code.
2552
2553         * jit/JITArithmetic.cpp:
2554         (JSC::JIT::emitSlow_op_mod):
2555
2556 2013-09-19  Michael Saboff  <msaboff@apple.com>
2557
2558         JSC: X86 disassembler shows 16, 32 and 64 bit displacements as unsigned
2559         https://bugs.webkit.org/show_bug.cgi?id=121625
2560
2561         Rubber-stamped by Filip Pizlo.
2562
2563         Chenged 16, 32 and 64 bit offsets to be signed.  Kept the original tab indented
2564         spacing to match the rest of the file.
2565
2566         * disassembler/udis86/udis86_syn-att.c:
2567         (gen_operand):
2568
2569 2013-09-19  Daniel Bates  <dabates@apple.com>
2570
2571         Remove names of unused arguments from the non-x86/x86-64 function prototype
2572         for JIT::emitSlow_op_mod()
2573
2574         Rubber-stamped by Ryosuke Niwa.
2575
2576         * jit/JITArithmetic.cpp:
2577         (JSC::JIT::emitSlow_op_mod):
2578
2579 2013-09-18  Sam Weinig  <sam@webkit.org>
2580
2581         Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore
2582         https://bugs.webkit.org/show_bug.cgi?id=121583
2583
2584         Reviewed by Anders Carlsson.
2585
2586         * API/JSStringRefCF.cpp:
2587         (JSStringCreateWithCFString):
2588         * API/JSStringRefQt.cpp:
2589         * bytecompiler/BytecodeGenerator.cpp:
2590         (JSC::BytecodeGenerator::BytecodeGenerator):
2591         * dfg/DFGByteCodeParser.cpp:
2592         (JSC::DFG::ByteCodeParser::parseBlock):
2593         * dfg/DFGDisassembler.cpp:
2594         (JSC::DFG::Disassembler::dumpDisassembly):
2595         * runtime/Arguments.cpp:
2596         (JSC::Arguments::tearOff):
2597         * runtime/Arguments.h:
2598         (JSC::Arguments::isTornOff):
2599         (JSC::Arguments::allocateSlowArguments):
2600         * runtime/JSPropertyNameIterator.cpp:
2601         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2602         * runtime/JSPropertyNameIterator.h:
2603         * runtime/JSSegmentedVariableObject.h:
2604         * runtime/JSVariableObject.h:
2605         * runtime/PropertyNameArray.h:
2606         * runtime/RegExp.cpp:
2607         * runtime/StructureChain.h:
2608         (JSC::StructureChain::finishCreation):
2609         * runtime/SymbolTable.h:
2610         (JSC::SharedSymbolTable::setSlowArguments):
2611
2612 2013-09-18  Brent Fulgham  <bfulgham@apple.com>
2613
2614         [Windows] Unreviewed build fix after r156064.
2615
2616         * jsc.cpp:
2617         (jscmain): Need a temporary to perform '&' in VS2010.
2618
2619 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2620
2621         Give 'jsc' commandline an option to disable deleting the VM.
2622
2623         Reviewed by Mark Hahnenberg.
2624
2625         * jsc.cpp:
2626         (jscmain):
2627         * runtime/Options.h:
2628
2629 2013-09-18  Anders Carlsson  <andersca@apple.com>
2630
2631         RefPtrHashMap should work with move only types
2632         https://bugs.webkit.org/show_bug.cgi?id=121564
2633
2634         Reviewed by Andreas Kling.
2635
2636         * runtime/VM.cpp:
2637         (JSC::VM::addSourceProviderCache):
2638
2639 2013-09-17  Mark Hahnenberg  <mhahnenberg@apple.com>
2640
2641         Rename OperationInProgress to HeapOperation and move it out of Heap.h into its own header
2642         https://bugs.webkit.org/show_bug.cgi?id=121534
2643
2644         Reviewed by Geoffrey Garen.
2645
2646         OperationInProgress is a silly name. 
2647
2648         Many parts of the Heap would like to know what HeapOperation is currently underway, but 
2649         since they are included in Heap.h they can't directly reference HeapOperation if it also 
2650         lives in Heap.h. The simplest thing to do is to give HeapOperation its own header. While 
2651         a bit overkill, it simplifies including it wherever its needed.
2652
2653         * JavaScriptCore.xcodeproj/project.pbxproj:
2654         * bytecode/CodeBlock.cpp:
2655         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
2656         (JSC::CodeBlock::updateAllValueProfilePredictions):
2657         (JSC::CodeBlock::updateAllPredictions):
2658         * bytecode/CodeBlock.h:
2659         (JSC::CodeBlock::updateAllValueProfilePredictions):
2660         (JSC::CodeBlock::updateAllPredictions):
2661         * bytecode/LazyOperandValueProfile.cpp:
2662         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
2663         * bytecode/LazyOperandValueProfile.h:
2664         * bytecode/ValueProfile.h:
2665         (JSC::ValueProfileBase::computeUpdatedPrediction):
2666         * heap/Heap.h:
2667         * heap/HeapOperation.h: Added.
2668
2669 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
2670
2671         DFG should support Int52 for local variables
2672         https://bugs.webkit.org/show_bug.cgi?id=121064
2673
2674         Reviewed by Oliver Hunt.
2675         
2676         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
2677         programs that have local int32 overflows but where a larger int representation can
2678         prevent us from having to convert all the way up to double.
2679         
2680         It's a small speed-up for now. But we're just supporting Int52 for a handful of
2681         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
2682         the groundwork for adding Int52 to JSValue, which will probably be a bigger
2683         speed-up.
2684         
2685         The basic approach is:
2686         
2687         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
2688           or HeapTop - i.e. it doesn't arise from JSValues.
2689         
2690         - DFG treats Int52 as being part of its FullTop and will treat it as being a
2691           subtype of double unless instructed otherwise.
2692         
2693         - Prediction propagator creates Int52s whenever we have a node going doubly but due
2694           to large values rather than fractional values, and that node is known to be able
2695           to produce Int52 natively in the DFG backend.
2696         
2697         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
2698           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
2699           input.
2700         
2701         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
2702           are left-shifted by 16 (great for overflow checks) and ones that are
2703           sign-extended. Both backends know how to convert between Int52s and the other
2704           representations.
2705
2706         * assembler/MacroAssemblerX86_64.h:
2707         (JSC::MacroAssemblerX86_64::rshift64):
2708         (JSC::MacroAssemblerX86_64::mul64):
2709         (JSC::MacroAssemblerX86_64::branchMul64):
2710         (JSC::MacroAssemblerX86_64::branchNeg64):
2711         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
2712         * assembler/X86Assembler.h:
2713         (JSC::X86Assembler::imulq_rr):
2714         (JSC::X86Assembler::cvtsi2sdq_rr):
2715         * bytecode/DataFormat.h:
2716         (JSC::dataFormatToString):
2717         * bytecode/ExitKind.cpp:
2718         (JSC::exitKindToString):
2719         * bytecode/ExitKind.h:
2720         * bytecode/OperandsInlines.h:
2721         (JSC::::dumpInContext):
2722         * bytecode/SpeculatedType.cpp:
2723         (JSC::dumpSpeculation):
2724         (JSC::speculationToAbbreviatedString):
2725         (JSC::speculationFromValue):
2726         * bytecode/SpeculatedType.h:
2727         (JSC::isInt32SpeculationForArithmetic):
2728         (JSC::isInt52Speculation):
2729         (JSC::isMachineIntSpeculationForArithmetic):
2730         (JSC::isInt52AsDoubleSpeculation):
2731         (JSC::isBytecodeRealNumberSpeculation):
2732         (JSC::isFullRealNumberSpeculation):
2733         (JSC::isBytecodeNumberSpeculation):
2734         (JSC::isFullNumberSpeculation):
2735         (JSC::isBytecodeNumberSpeculationExpectingDefined):
2736         (JSC::isFullNumberSpeculationExpectingDefined):
2737         * bytecode/ValueRecovery.h:
2738         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
2739         (JSC::ValueRecovery::inGPR):
2740         (JSC::ValueRecovery::displacedInJSStack):
2741         (JSC::ValueRecovery::isAlreadyInJSStack):
2742         (JSC::ValueRecovery::gpr):
2743         (JSC::ValueRecovery::virtualRegister):
2744         (JSC::ValueRecovery::dumpInContext):
2745         * dfg/DFGAbstractInterpreter.h:
2746         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
2747         (JSC::DFG::AbstractInterpreter::filterByType):
2748         * dfg/DFGAbstractInterpreterInlines.h:
2749         (JSC::DFG::::executeEffects):
2750         * dfg/DFGAbstractValue.cpp:
2751         (JSC::DFG::AbstractValue::set):
2752         (JSC::DFG::AbstractValue::checkConsistency):
2753         * dfg/DFGAbstractValue.h:
2754         (JSC::DFG::AbstractValue::couldBeType):
2755         (JSC::DFG::AbstractValue::isType):
2756         (JSC::DFG::AbstractValue::checkConsistency):
2757         (JSC::DFG::AbstractValue::validateType):
2758         * dfg/DFGArrayMode.cpp:
2759         (JSC::DFG::ArrayMode::refine):
2760         * dfg/DFGAssemblyHelpers.h:
2761         (JSC::DFG::AssemblyHelpers::boxInt52):
2762         * dfg/DFGByteCodeParser.cpp:
2763         (JSC::DFG::ByteCodeParser::makeSafe):
2764         * dfg/DFGCSEPhase.cpp:
2765         (JSC::DFG::CSEPhase::pureCSE):
2766         (JSC::DFG::CSEPhase::getByValLoadElimination):
2767         (JSC::DFG::CSEPhase::performNodeCSE):
2768         * dfg/DFGClobberize.h:
2769         (JSC::DFG::clobberize):
2770         * dfg/DFGCommon.h:
2771         (JSC::DFG::enableInt52):
2772         * dfg/DFGDCEPhase.cpp:
2773         (JSC::DFG::DCEPhase::fixupBlock):
2774         * dfg/DFGFixupPhase.cpp:
2775         (JSC::DFG::FixupPhase::run):
2776         (JSC::DFG::FixupPhase::fixupNode):
2777         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
2778         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
2779         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2780         (JSC::DFG::FixupPhase::fixEdge):
2781         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2782         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
2783         * dfg/DFGFlushFormat.cpp:
2784         (WTF::printInternal):
2785         * dfg/DFGFlushFormat.h:
2786         (JSC::DFG::resultFor):
2787         (JSC::DFG::useKindFor):
2788         * dfg/DFGGenerationInfo.h:
2789         (JSC::DFG::GenerationInfo::initInt52):
2790         (JSC::DFG::GenerationInfo::initStrictInt52):
2791         (JSC::DFG::GenerationInfo::isFormat):
2792         (JSC::DFG::GenerationInfo::isInt52):
2793         (JSC::DFG::GenerationInfo::isStrictInt52):
2794         (JSC::DFG::GenerationInfo::fillInt52):
2795         (JSC::DFG::GenerationInfo::fillStrictInt52):
2796         * dfg/DFGGraph.cpp:
2797         (JSC::DFG::Graph::dump):
2798         * dfg/DFGGraph.h:
2799         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
2800         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
2801         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
2802         * dfg/DFGInPlaceAbstractState.cpp:
2803         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
2804         * dfg/DFGJITCode.cpp:
2805         (JSC::DFG::JITCode::reconstruct):
2806         * dfg/DFGJITCompiler.h:
2807         (JSC::DFG::JITCompiler::noticeOSREntry):
2808         * dfg/DFGMinifiedNode.h:
2809         (JSC::DFG::belongsInMinifiedGraph):
2810         (JSC::DFG::MinifiedNode::hasChild):
2811         * dfg/DFGNode.h:
2812         (JSC::DFG::Node::shouldSpeculateNumber):
2813         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
2814         (JSC::DFG::Node::canSpeculateInt52):
2815         * dfg/DFGNodeFlags.h:
2816         (JSC::DFG::nodeCanSpeculateInt52):
2817         * dfg/DFGNodeType.h:
2818         (JSC::DFG::permitsOSRBackwardRewiring):
2819         (JSC::DFG::forwardRewiringSelectionScore):
2820         * dfg/DFGOSREntry.cpp:
2821         (JSC::DFG::prepareOSREntry):
2822         * dfg/DFGOSREntry.h:
2823         * dfg/DFGOSRExitCompiler.cpp:
2824         * dfg/DFGOSRExitCompiler64.cpp:
2825         (JSC::DFG::OSRExitCompiler::compileExit):
2826         * dfg/DFGPredictionPropagationPhase.cpp:
2827         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
2828         (JSC::DFG::PredictionPropagationPhase::propagate):
2829         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2830         * dfg/DFGSafeToExecute.h:
2831         (JSC::DFG::SafeToExecuteEdge::operator()):
2832         (JSC::DFG::safeToExecute):
2833         * dfg/DFGSilentRegisterSavePlan.h:
2834         * dfg/DFGSpeculativeJIT.cpp:
2835         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2836         (JSC::DFG::SpeculativeJIT::silentFill):
2837         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2838         (JSC::DFG::SpeculativeJIT::compileInlineStart):
2839         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2840         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2841         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2842         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2843         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2844         (JSC::DFG::SpeculativeJIT::compileAdd):
2845         (JSC::DFG::SpeculativeJIT::compileArithSub):
2846         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2847         (JSC::DFG::SpeculativeJIT::compileArithMul):
2848         (JSC::DFG::SpeculativeJIT::compare):
2849         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2850         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
2851         (JSC::DFG::SpeculativeJIT::speculateNumber):
2852         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
2853         (JSC::DFG::SpeculativeJIT::speculate):
2854         * dfg/DFGSpeculativeJIT.h:
2855         (JSC::DFG::SpeculativeJIT::canReuse):
2856         (JSC::DFG::SpeculativeJIT::isFilled):
2857         (JSC::DFG::SpeculativeJIT::isFilledDouble):
2858         (JSC::DFG::SpeculativeJIT::use):
2859         (JSC::DFG::SpeculativeJIT::isKnownInteger):
2860         (JSC::DFG::SpeculativeJIT::isKnownCell):
2861         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
2862         (JSC::DFG::SpeculativeJIT::int52Result):
2863         (JSC::DFG::SpeculativeJIT::strictInt52Result):
2864         (JSC::DFG::SpeculativeJIT::initConstantInfo):
2865         (JSC::DFG::SpeculativeJIT::isInteger):
2866         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
2867         (JSC::DFG::SpeculativeJIT::generationInfo):
2868         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
2869         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
2870         (JSC::DFG::SpeculateInt52Operand::edge):
2871         (JSC::DFG::SpeculateInt52Operand::node):
2872         (JSC::DFG::SpeculateInt52Operand::gpr):
2873         (JSC::DFG::SpeculateInt52Operand::use):
2874         (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
2875         (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
2876         (JSC::DFG::SpeculateStrictInt52Operand::edge):
2877         (JSC::DFG::SpeculateStrictInt52Operand::node):
2878         (JSC::DFG::SpeculateStrictInt52Operand::gpr):
2879         (JSC::DFG::SpeculateStrictInt52Operand::use):
2880         (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
2881         (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
2882         (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
2883         (JSC::DFG::SpeculateWhicheverInt52Operand::node):
2884         (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
2885         (JSC::DFG::SpeculateWhicheverInt52Operand::use):
2886         (JSC::DFG::SpeculateWhicheverInt52Operand::format):
2887         * dfg/DFGSpeculativeJIT32_64.cpp:
2888         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2889         (JSC::DFG::SpeculativeJIT::compile):
2890         * dfg/DFGSpeculativeJIT64.cpp:
2891         (JSC::DFG::SpeculativeJIT::boxInt52):
2892         (JSC::DFG::SpeculativeJIT::fillJSValue):
2893         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
2894         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2895         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2896         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2897         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2898         (JSC::DFG::SpeculativeJIT::compileInt52Compare):
2899         (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
2900         (JSC::DFG::SpeculativeJIT::compile):
2901         * dfg/DFGUseKind.cpp:
2902         (WTF::printInternal):
2903         * dfg/DFGUseKind.h:
2904         (JSC::DFG::typeFilterFor):
2905         (JSC::DFG::isNumerical):
2906         * dfg/DFGValueSource.cpp:
2907         (JSC::DFG::ValueSource::dump):
2908         * dfg/DFGValueSource.h:
2909         (JSC::DFG::dataFormatToValueSourceKind):
2910         (JSC::DFG::valueSourceKindToDataFormat):
2911         (JSC::DFG::ValueSource::forFlushFormat):
2912         (JSC::DFG::ValueSource::valueRecovery):
2913         * dfg/DFGVariableAccessData.h:
2914         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
2915         (JSC::DFG::VariableAccessData::flushFormat):
2916         * ftl/FTLCArgumentGetter.cpp:
2917         (JSC::FTL::CArgumentGetter::loadNextAndBox):
2918         * ftl/FTLCArgumentGetter.h:
2919         * ftl/FTLCapabilities.cpp:
2920         (JSC::FTL::canCompile):
2921         * ftl/FTLExitValue.cpp:
2922         (JSC::FTL::ExitValue::dumpInContext):
2923         * ftl/FTLExitValue.h:
2924         (JSC::FTL::ExitValue::inJSStackAsInt52):
2925         * ftl/FTLIntrinsicRepository.h:
2926         * ftl/FTLLowerDFGToLLVM.cpp:
2927         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
2928         (JSC::FTL::LowerDFGToLLVM::compileNode):
2929         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
2930         (JSC::FTL::LowerDFGToLLVM::compilePhi):
2931         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
2932         (JSC::FTL::LowerDFGToLLVM::compileAdd):
2933         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
2934         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
2935         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
2936         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
2937         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
2938         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
2939         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
2940         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
2941         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
2942         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
2943         (JSC::FTL::LowerDFGToLLVM::lowInt32):
2944         (JSC::FTL::LowerDFGToLLVM::lowInt52):
2945         (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
2946         (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
2947         (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
2948         (JSC::FTL::LowerDFGToLLVM::opposite):
2949         (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
2950         (JSC::FTL::LowerDFGToLLVM::lowCell):
2951         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
2952         (JSC::FTL::LowerDFGToLLVM::lowDouble):
2953         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
2954         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
2955         (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
2956         (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
2957         (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
2958         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
2959         (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
2960         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
2961         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
2962         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
2963         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
2964         (JSC::FTL::LowerDFGToLLVM::setInt52):
2965         (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
2966         * ftl/FTLOSRExitCompiler.cpp:
2967         (JSC::FTL::compileStub):
2968         * ftl/FTLOutput.h:
2969         (JSC::FTL::Output::addWithOverflow64):
2970         (JSC::FTL::Output::subWithOverflow64):
2971         (JSC::FTL::Output::mulWithOverflow64):
2972         * ftl/FTLValueFormat.cpp:
2973         (WTF::printInternal):
2974         * ftl/FTLValueFormat.h:
2975         * ftl/FTLValueSource.cpp:
2976         (JSC::FTL::ValueSource::dump):
2977         * ftl/FTLValueSource.h:
2978         * interpreter/Register.h:
2979         (JSC::Register::unboxedInt52):
2980         * runtime/Arguments.cpp:
2981         (JSC::Arguments::tearOffForInlineCallFrame):
2982         * runtime/IndexingType.cpp:
2983         (JSC::leastUpperBoundOfIndexingTypeAndType):
2984         * runtime/JSCJSValue.h:
2985         * runtime/JSCJSValueInlines.h:
2986         (JSC::JSValue::isMachineInt):
2987         (JSC::JSValue::asMachineInt):
2988
2989 2013-09-17  Michael Saboff  <msaboff@apple.com>
2990
2991         REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
2992         https://bugs.webkit.org/show_bug.cgi?id=121376
2993
2994         Reviewed by Oliver Hunt.
2995
2996         Fix stack grow() call for stack growing down.  This should catch running out of stack space before
2997         we try to move the frame down due to arity mismatch.
2998
2999         * runtime/CommonSlowPaths.h:
3000         (JSC::CommonSlowPaths::arityCheckFor):
3001
3002 2013-09-18  Andreas Kling  <akling@apple.com>
3003
3004         YARR: Put UCS2 canonicalization tables in read-only memory.
3005         <https://webkit.org/b/121547>
3006
3007         Reviewed by Sam Weinig.
3008
3009         These tables never mutate so mark them const.
3010
3011 2013-09-18  Commit Queue  <commit-queue@webkit.org>
3012
3013         Unreviewed, rolling out r156019 and r156020.
3014         http://trac.webkit.org/changeset/156019
3015         http://trac.webkit.org/changeset/156020
3016         https://bugs.webkit.org/show_bug.cgi?id=121540
3017
3018         Broke tests (Requested by ap on #webkit).
3019
3020         * assembler/MacroAssemblerX86_64.h:
3021         * assembler/X86Assembler.h:
3022         * bytecode/DataFormat.h:
3023         (JSC::dataFormatToString):
3024         * bytecode/ExitKind.cpp:
3025         (JSC::exitKindToString):
3026         * bytecode/ExitKind.h:
3027         * bytecode/OperandsInlines.h:
3028         (JSC::::dumpInContext):
3029         * bytecode/SpeculatedType.cpp:
3030         (JSC::dumpSpeculation):
3031         (JSC::speculationToAbbreviatedString):
3032         (JSC::speculationFromValue):
3033         * bytecode/SpeculatedType.h:
3034         (JSC::isInt32SpeculationForArithmetic):
3035         (JSC::isInt48Speculation):
3036         (JSC::isMachineIntSpeculationForArithmetic):
3037         (JSC::isInt48AsDoubleSpeculation):
3038         (JSC::isRealNumberSpeculation):
3039         (JSC::isNumberSpeculation):
3040         (JSC::isNumberSpeculationExpectingDefined):
3041         * bytecode/ValueRecovery.h:
3042         (JSC::ValueRecovery::inGPR):
3043         (JSC::ValueRecovery::displacedInJSStack):
3044         (JSC::ValueRecovery::isAlreadyInJSStack):
3045         (JSC::ValueRecovery::gpr):
3046         (JSC::ValueRecovery::virtualRegister):
3047         (JSC::ValueRecovery::dumpInContext):
3048         * dfg/DFGAbstractInterpreter.h:
3049         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3050         (JSC::DFG::AbstractInterpreter::filterByType):
3051         * dfg/DFGAbstractInterpreterInlines.h:
3052         (JSC::DFG::::executeEffects):
3053         * dfg/DFGAbstractValue.cpp:
3054         (JSC::DFG::AbstractValue::set):
3055         (JSC::DFG::AbstractValue::checkConsistency):
3056         * dfg/DFGAbstractValue.h:
3057         (JSC::DFG::AbstractValue::validateType):
3058         * dfg/DFGArrayMode.cpp:
3059         (JSC::DFG::ArrayMode::refine):
3060         * dfg/DFGAssemblyHelpers.h:
3061         (JSC::DFG::AssemblyHelpers::unboxDouble):
3062         * dfg/DFGByteCodeParser.cpp:
3063         (JSC::DFG::ByteCodeParser::makeSafe):
3064         * dfg/DFGCSEPhase.cpp:
3065         (JSC::DFG::CSEPhase::canonicalize):
3066         (JSC::DFG::CSEPhase::pureCSE):
3067         (JSC::DFG::CSEPhase::getByValLoadElimination):
3068         (JSC::DFG::CSEPhase::performNodeCSE):
3069         * dfg/DFGClobberize.h:
3070         (JSC::DFG::clobberize):
3071         * dfg/DFGCommon.h:
3072         * dfg/DFGFixupPhase.cpp:
3073         (JSC::DFG::FixupPhase::run):
3074         (JSC::DFG::FixupPhase::fixupNode):
3075         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3076         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3077         (JSC::DFG::FixupPhase::fixEdge):
3078         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3079         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3080         * dfg/DFGFlushFormat.cpp:
3081         (WTF::printInternal):
3082         * dfg/DFGFlushFormat.h:
3083         (JSC::DFG::resultFor):
3084         (JSC::DFG::useKindFor):
3085         * dfg/DFGGenerationInfo.h:
3086         (JSC::DFG::GenerationInfo::initInt32):
3087         (JSC::DFG::GenerationInfo::fillInt32):
3088         * dfg/DFGGraph.cpp:
3089         (JSC::DFG::Graph::dump):
3090         * dfg/DFGGraph.h:
3091         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3092         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3093         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3094         * dfg/DFGInPlaceAbstractState.cpp:
3095         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3096         * dfg/DFGJITCode.cpp:
3097         (JSC::DFG::JITCode::reconstruct):
3098         * dfg/DFGMinifiedNode.h:
3099         (JSC::DFG::belongsInMinifiedGraph):
3100         (JSC::DFG::MinifiedNode::hasChild):
3101         * dfg/DFGNode.h:
3102         (JSC::DFG::Node::shouldSpeculateNumber):
3103         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3104         (JSC::DFG::Node::canSpeculateInt48):
3105         * dfg/DFGNodeFlags.h:
3106         (JSC::DFG::nodeCanSpeculateInt48):
3107         * dfg/DFGNodeType.h:
3108         (JSC::DFG::forwardRewiringSelectionScore):
3109         * dfg/DFGOSRExitCompiler.cpp:
3110         (JSC::DFG::shortOperandsDump):
3111         * dfg/DFGOSRExitCompiler64.cpp:
3112         (JSC::DFG::OSRExitCompiler::compileExit):
3113         * dfg/DFGPredictionPropagationPhase.cpp:
3114         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3115         (JSC::DFG::PredictionPropagationPhase::propagate):
3116         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3117         * dfg/DFGSafeToExecute.h:
3118         (JSC::DFG::SafeToExecuteEdge::operator()):
3119         (JSC::DFG::safeToExecute):
3120         * dfg/DFGSilentRegisterSavePlan.h:
3121         * dfg/DFGSpeculativeJIT.cpp:
3122         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3123         (JSC::DFG::SpeculativeJIT::silentFill):
3124         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3125         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3126         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3127         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3128         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3129         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3130         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3131         (JSC::DFG::SpeculativeJIT::compileAdd):
3132         (JSC::DFG::SpeculativeJIT::compileArithSub):
3133         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3134         (JSC::DFG::SpeculativeJIT::compileArithMul):
3135         (JSC::DFG::SpeculativeJIT::compare):
3136         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3137         (JSC::DFG::SpeculativeJIT::speculateNumber):
3138         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3139         (JSC::DFG::SpeculativeJIT::speculate):
3140         * dfg/DFGSpeculativeJIT.h:
3141         (JSC::DFG::SpeculativeJIT::canReuse):
3142         (JSC::DFG::SpeculativeJIT::isFilled):
3143         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3144         (JSC::DFG::SpeculativeJIT::use):
3145         (JSC::DFG::SpeculativeJIT::boxDouble):
3146         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3147         (JSC::DFG::SpeculativeJIT::isKnownCell):
3148         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3149         (JSC::DFG::SpeculativeJIT::int32Result):
3150         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3151         (JSC::DFG::SpeculativeJIT::isInteger):
3152         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
3153         * dfg/DFGSpeculativeJIT32_64.cpp:
3154         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3155         (JSC::DFG::SpeculativeJIT::compile):
3156         * dfg/DFGSpeculativeJIT64.cpp:
3157         (JSC::DFG::SpeculativeJIT::fillJSValue):
3158         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3159         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3160         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3161         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3162         (JSC::DFG::SpeculativeJIT::compile):
3163         * dfg/DFGUseKind.cpp:
3164         (WTF::printInternal):
3165         * dfg/DFGUseKind.h:
3166         (JSC::DFG::typeFilterFor):
3167         (JSC::DFG::isNumerical):
3168         * dfg/DFGValueSource.cpp:
3169         (JSC::DFG::ValueSource::dump):
3170         * dfg/DFGValueSource.h:
3171         (JSC::DFG::dataFormatToValueSourceKind):
3172         (JSC::DFG::valueSourceKindToDataFormat):
3173         (JSC::DFG::ValueSource::forFlushFormat):
3174         (JSC::DFG::ValueSource::valueRecovery):
3175         * dfg/DFGVariableAccessData.h:
3176         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3177         (JSC::DFG::VariableAccessData::flushFormat):
3178         * ftl/FTLCArgumentGetter.cpp:
3179         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3180         * ftl/FTLCArgumentGetter.h:
3181         * ftl/FTLCapabilities.cpp:
3182         (JSC::FTL::canCompile):
3183         * ftl/FTLExitValue.cpp:
3184         (JSC::FTL::ExitValue::dumpInContext):
3185         * ftl/FTLExitValue.h:
3186         * ftl/FTLIntrinsicRepository.h:
3187         * ftl/FTLLowerDFGToLLVM.cpp:
3188         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3189         (JSC::FTL::LowerDFGToLLVM::compileNode):
3190         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3191         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3192         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3193         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3194         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3195         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3196         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3197         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3198         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3199         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3200         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3201         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3202         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3203         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3204         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3205         (JSC::FTL::LowerDFGToLLVM::lowCell):
3206         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3207         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3208         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3209         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3210         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3211         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3212         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3213         (JSC::FTL::LowerDFGToLLVM::setInt32):
3214         * ftl/FTLOSRExitCompiler.cpp:
3215         (JSC::FTL::compileStub):
3216         * ftl/FTLOutput.h:
3217         (JSC::FTL::Output::mulWithOverflow32):
3218         * ftl/FTLValueFormat.cpp:
3219         (WTF::printInternal):
3220         * ftl/FTLValueFormat.h:
3221         * ftl/FTLValueSource.cpp:
3222         (JSC::FTL::ValueSource::dump):
3223         * ftl/FTLValueSource.h:
3224         * interpreter/Register.h:
3225         * runtime/Arguments.cpp:
3226         (JSC::Arguments::tearOffForInlineCallFrame):
3227         * runtime/IndexingType.cpp:
3228         (JSC::leastUpperBoundOfIndexingTypeAndType):
3229         * runtime/JSCJSValue.h:
3230         * runtime/JSCJSValueInlines.h:
3231
3232 2013-09-17  Filip Pizlo  <fpizlo@apple.com>
3233
3234         Unreviewed, fix 32-bit build.
3235
3236         * runtime/JSCJSValue.h:
3237
3238 2013-09-16  Filip Pizlo  <fpizlo@apple.com>
3239
3240         DFG should support Int52 for local variables
3241         https://bugs.webkit.org/show_bug.cgi?id=121064
3242
3243         Reviewed by Oliver Hunt.
3244         
3245         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
3246         programs that have local int32 overflows but where a larger int representation can
3247         prevent us from having to convert all the way up to double.
3248         
3249         It's a small speed-up for now. But we're just supporting Int52 for a handful of
3250         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
3251         the groundwork for adding Int52 to JSValue, which will probably be a bigger
3252         speed-up.
3253         
3254         The basic approach is:
3255         
3256         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
3257           or HeapTop - i.e. it doesn't arise from JSValues.
3258         
3259         - DFG treats Int52 as being part of its FullTop and will treat it as being a
3260           subtype of double unless instructed otherwise.
3261         
3262         - Prediction propagator creates Int52s whenever we have a node going doubly but due
3263           to large values rather than fractional values, and that node is known to be able
3264           to produce Int52 natively in the DFG backend.
3265         
3266         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
3267           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
3268           input.
3269         
3270         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
3271           are left-shifted by 16 (great for overflow checks) and ones that are
3272           sign-extended. Both backends know how to convert between Int52s and the other
3273           representations.
3274
3275         * assembler/MacroAssemblerX86_64.h:
3276         (JSC::MacroAssemblerX86_64::rshift64):
3277         (JSC::MacroAssemblerX86_64::mul64):
3278         (JSC::MacroAssemblerX86_64::branchMul64):
3279         (JSC::MacroAssemblerX86_64::branchNeg64):
3280         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
3281         * assembler/X86Assembler.h:
3282         (JSC::X86Assembler::imulq_rr):
3283         (JSC::X86Assembler::cvtsi2sdq_rr):
3284         * bytecode/DataFormat.h:
3285         (JSC::dataFormatToString):
3286         * bytecode/OperandsInlines.h:
3287         (JSC::::dumpInContext):
3288         * bytecode/SpeculatedType.cpp:
3289         (JSC::dumpSpeculation):
3290         (JSC::speculationToAbbreviatedString):
3291         (JSC::speculationFromValue):
3292         * bytecode/SpeculatedType.h:
3293         (JSC::isInt32SpeculationForArithmetic):
3294         (JSC::isMachineIntSpeculationForArithmetic):
3295         (JSC::isBytecodeRealNumberSpeculation):
3296         (JSC::isFullRealNumberSpeculation):
3297         (JSC::isBytecodeNumberSpeculation):
3298         (JSC::isFullNumberSpeculation):
3299         (JSC::isBytecodeNumberSpeculationExpectingDefined):
3300         (JSC::isFullNumberSpeculationExpectingDefined):
3301         * bytecode/ValueRecovery.h:
3302         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
3303         (JSC::ValueRecovery::inGPR):
3304         (JSC::ValueRecovery::displacedInJSStack):
3305         (JSC::ValueRecovery::isAlreadyInJSStack):
3306         (JSC::ValueRecovery::gpr):
3307         (JSC::ValueRecovery::virtualRegister):
3308         (JSC::ValueRecovery::dumpInContext):
3309         * dfg/DFGAbstractInterpreter.h:
3310         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3311         (JSC::DFG::AbstractInterpreter::filterByType):
3312         * dfg/DFGAbstractInterpreterInlines.h:
3313         (JSC::DFG::::executeEffects):
3314         * dfg/DFGAbstractValue.cpp:
3315         (JSC::DFG::AbstractValue::set):
3316         (JSC::DFG::AbstractValue::checkConsistency):
3317         * dfg/DFGAbstractValue.h:
3318         (JSC::DFG::AbstractValue::couldBeType):
3319         (JSC::DFG::AbstractValue::isType):
3320         (JSC::DFG::AbstractValue::checkConsistency):
3321         (JSC::DFG::AbstractValue::validateType):
3322         * dfg/DFGArrayMode.cpp:
3323         (JSC::DFG::ArrayMode::refine):
3324         * dfg/DFGAssemblyHelpers.h:
3325         (JSC::DFG::AssemblyHelpers::boxInt52):
3326         * dfg/DFGCSEPhase.cpp:
3327         (JSC::DFG::CSEPhase::pureCSE):
3328         (JSC::DFG::CSEPhase::getByValLoadElimination):
3329         (JSC::DFG::CSEPhase::performNodeCSE):
3330         * dfg/DFGClobberize.h:
3331         (JSC::DFG::clobberize):
3332         * dfg/DFGCommon.h:
3333         (JSC::DFG::enableInt52):
3334         * dfg/DFGFixupPhase.cpp:
3335         (JSC::DFG::FixupPhase::run):
3336         (JSC::DFG::FixupPhase::fixupNode):
3337         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3338         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
3339         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3340         (JSC::DFG::FixupPhase::fixEdge):
3341         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3342         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3343         * dfg/DFGFlushFormat.cpp:
3344         (WTF::printInternal):
3345         * dfg/DFGFlushFormat.h:
3346         (JSC::DFG::resultFor):
3347         (JSC::DFG::useKindFor):
3348         * dfg/DFGGenerationInfo.h:
3349         (JSC::DFG::GenerationInfo::initInt52):
3350         (JSC::DFG::GenerationInfo::initStrictInt52):
3351         (JSC::DFG::GenerationInfo::isFormat):
3352         (JSC::DFG::GenerationInfo::isInt52):
3353         (JSC::DFG::GenerationInfo::isStrictInt52):
3354         (JSC::DFG::GenerationInfo::fillInt52):
3355         (JSC::DFG::GenerationInfo::fillStrictInt52):
3356         * dfg/DFGGraph.cpp:
3357         (JSC::DFG::Graph::dump):
3358         * dfg/DFGGraph.h:
3359         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3360         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3361         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3362         * dfg/DFGInPlaceAbstractState.cpp:
3363         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3364         * dfg/DFGJITCode.cpp:
3365         (JSC::DFG::JITCode::reconstruct):
3366         * dfg/DFGMinifiedNode.h:
3367         (JSC::DFG::belongsInMinifiedGraph):
3368         (JSC::DFG::MinifiedNode::hasChild):
3369         * dfg/DFGNode.h:
3370         (JSC::DFG::Node::shouldSpeculateNumber):
3371         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3372         * dfg/DFGNodeFlags.h:
3373         * dfg/DFGNodeType.h:
3374         (JSC::DFG::forwardRewiringSelectionScore):
3375         * dfg/DFGOSRExitCompiler.cpp:
3376         * dfg/DFGOSRExitCompiler64.cpp:
3377         (JSC::DFG::OSRExitCompiler::compileExit):
3378         * dfg/DFGPredictionPropagationPhase.cpp:
3379         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3380         (JSC::DFG::PredictionPropagationPhase::propagate):
3381         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3382         * dfg/DFGSafeToExecute.h:
3383         (JSC::DFG::SafeToExecuteEdge::operator()):
3384         (JSC::DFG::safeToExecute):
3385         * dfg/DFGSilentRegisterSavePlan.h:
3386         * dfg/DFGSpeculativeJIT.cpp:
3387         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3388         (JSC::DFG::SpeculativeJIT::silentFill):
3389         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3390         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3391         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3392         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3393         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3394         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3395         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3396         (JSC::DFG::SpeculativeJIT::compileAdd):
3397         (JSC::DFG::SpeculativeJIT::compileArithSub):
3398         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3399         (JSC::DFG::SpeculativeJIT::compileArithMul):
3400         (JSC::DFG::SpeculativeJIT::compare):
3401         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3402         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
3403         (JSC::DFG::SpeculativeJIT::speculateNumber):
3404         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3405         (JSC::DFG::SpeculativeJIT::speculate):
3406         * dfg/DFGSpeculativeJIT.h:
3407         (JSC::DFG::SpeculativeJIT::canReuse):
3408         (JSC::DFG::SpeculativeJIT::isFilled):
3409         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3410         (JSC::DFG::SpeculativeJIT::use):
3411         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3412         (JSC::DFG::SpeculativeJIT::isKnownCell):
3413         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3414         (JSC::DFG::SpeculativeJIT::int52Result):
3415         (JSC::DFG::SpeculativeJIT::strictInt52Result):
3416         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3417         (JSC::DFG::SpeculativeJIT::isInteger):
3418         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
3419         (JSC::DFG::SpeculativeJIT::generationInfo):
3420         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
3421         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
3422         (JSC::DFG::SpeculateInt52Operand::edge):