[chromium] rename newwtf target back to wtf
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-23  Tony Chang  <tony@chromium.org>
2
3         [chromium] rename newwtf target back to wtf
4         https://bugs.webkit.org/show_bug.cgi?id=82064
5
6         Reviewed by Adam Barth.
7
8         * JavaScriptCore.gyp/JavaScriptCore.gyp:
9
10 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
11
12         Simplify memory usage tracking in CopiedSpace
13         https://bugs.webkit.org/show_bug.cgi?id=80705
14
15         Reviewed by Filip Pizlo.
16
17         * heap/CopiedAllocator.h:
18         (CopiedAllocator): Rename currentUtilization to currentSize.
19         (JSC::CopiedAllocator::currentCapacity):
20         * heap/CopiedBlock.h:
21         (CopiedBlock):
22         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
23         declaration.
24         (JSC):
25         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
26         (JSC::CopiedBlock::capacity): Ditto for capacity.
27         * heap/CopiedSpace.cpp:
28         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
29         field for the water mark.
30         (JSC::CopiedSpace::init):
31         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
32         block, we need to update our current water mark with the size of the block.
33         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
34         need to update our current water mark with the size of the used portion of the block.
35         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
36         reallocating because it will either get accounted for when we fill up the block later 
37         in the case of being able to reallocate in the current block or it will get picked up 
38         immediately because we'll have to get a new block.
39         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
40         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
41         new one.
42         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
43         the CopiedSpace by the SlotVisitors.
44         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
45         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
46         not we should collect now instead of doing the calculation ourself.
47         (JSC::CopiedSpace::destroy):
48         (JSC):
49         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
50         MarkedSpace does.
51         (JSC::CopiedSpace::capacity): Ditto for capacity.
52         * heap/CopiedSpace.h:
53         (JSC::CopiedSpace::waterMark):
54         (CopiedSpace):
55         * heap/CopiedSpaceInlineMethods.h:
56         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
57         collection.
58         (JSC::CopiedSpace::allocateNewBlock):
59         (JSC::CopiedSpace::fitsInBlock):
60         (JSC::CopiedSpace::allocateFromBlock):
61         * heap/Heap.cpp:
62         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
63         (JSC::Heap::capacity): Ditto for capacity.
64         (JSC::Heap::collect):
65         * heap/Heap.h:
66         (Heap):
67         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
68         determine whether they should initiate a collection or continue to allocate new blocks.
69         (JSC):
70         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
71         Heap (MarkedSpace and CopiedSpace).
72         * heap/MarkedAllocator.cpp:
73         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
74
75 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
76
77         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
78         https://bugs.webkit.org/show_bug.cgi?id=82012
79
80         Reviewed by Filip Pizlo.
81
82         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
83
84         * wtf/BitVector.cpp:
85         (WTF::BitVector::resizeOutOfLine):
86         * wtf/BitVector.h:
87         (BitVector):
88         (OutOfLineBits):
89
90 2012-03-22  Michael Saboff  <msaboff@apple.com>
91
92         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
93         https://bugs.webkit.org/show_bug.cgi?id=82002
94
95         Reviewed by Filip Pizlo.
96
97         Guard against divide by zero and then make sure the return
98         value is >= 1.0.
99
100         * jit/ExecutableAllocator.cpp:
101         (JSC::ExecutableAllocator::memoryPressureMultiplier):
102         * jit/ExecutableAllocatorFixedVMPool.cpp:
103         (JSC::ExecutableAllocator::memoryPressureMultiplier):
104
105 2012-03-22  Jessie Berlin  <jberlin@apple.com>
106
107         Windows build fix after r111778.
108
109         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
110         Don't include and try to build files owned by WTF.
111         Also, let VS have its way with the vcproj in terms of file ordering.
112
113 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
114
115         [CMake] Unreviewed build fix after r111778.
116
117         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
118         the include paths so that the right config.h is used.
119
120 2012-03-22  Tony Chang  <tony@chromium.org>
121
122         Unreviewed, fix chromium build after wtf move.
123
124         Remove old wtf_config and wtf targets.
125
126         * JavaScriptCore.gyp/JavaScriptCore.gyp:
127
128 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
129
130         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
131
132         * GNUmakefile.list.am: Removed an extra trailing backslash.
133
134 2012-03-22  Mark Rowe  <mrowe@apple.com>
135
136         Fix the build.
137
138         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
139         rather than only those that contain symbols that JavaScriptCore itself uses.
140         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
141
142 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
143
144         DFG NodeFlags has some duplicate code and naming issues
145         https://bugs.webkit.org/show_bug.cgi?id=81975
146
147         Reviewed by Gavin Barraclough.
148         
149         Removed most references to "ArithNodeFlags" since those are now just part
150         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
151         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
152         because the former was never called and the latter did the same things as
153         mergeFlags().
154
155         * dfg/DFGByteCodeParser.cpp:
156         (JSC::DFG::ByteCodeParser::makeSafe):
157         (JSC::DFG::ByteCodeParser::makeDivSafe):
158         (JSC::DFG::ByteCodeParser::handleIntrinsic):
159         * dfg/DFGGraph.cpp:
160         (JSC::DFG::Graph::dump):
161         * dfg/DFGNode.h:
162         (JSC::DFG::Node::arithNodeFlags):
163         (Node):
164         * dfg/DFGNodeFlags.cpp:
165         (JSC::DFG::nodeFlagsAsString):
166         * dfg/DFGNodeFlags.h:
167         (DFG):
168         (JSC::DFG::nodeUsedAsNumber):
169         * dfg/DFGPredictionPropagationPhase.cpp:
170         (JSC::DFG::PredictionPropagationPhase::propagate):
171         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
172
173 2012-03-22  Eric Seidel  <eric@webkit.org>
174
175         Actually move WTF files to their new home
176         https://bugs.webkit.org/show_bug.cgi?id=81844
177
178         Unreviewed.  The details of the port-specific changes
179         have been seen by contributors from those ports, but
180         the whole 5MB change isn't very reviewable as-is.
181
182         * GNUmakefile.am:
183         * GNUmakefile.list.am:
184         * JSCTypedArrayStubs.h:
185         * JavaScriptCore.gypi:
186         * JavaScriptCore.xcodeproj/project.pbxproj:
187         * jsc.cpp:
188
189 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
190
191         [wx] Unreviewed. Adding Source/WTF to the build.
192
193         * wscript:
194
195 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
196
197         Add JSValue::isFunction
198         https://bugs.webkit.org/show_bug.cgi?id=81935
199
200         Reviewed by Geoff Garen.
201
202         This would be useful in the WebCore bindings code.
203         Also, remove asFunction, replace with jsCast<JSFunction*>.
204
205         * API/JSContextRef.cpp:
206         * debugger/Debugger.cpp:
207         * debugger/DebuggerCallFrame.cpp:
208         (JSC::DebuggerCallFrame::functionName):
209         * dfg/DFGGraph.h:
210         (JSC::DFG::Graph::valueOfFunctionConstant):
211         * dfg/DFGOperations.cpp:
212         * interpreter/CallFrame.cpp:
213         (JSC::CallFrame::isInlineCallFrameSlow):
214         * interpreter/Interpreter.cpp:
215         (JSC::Interpreter::privateExecute):
216         * jit/JITStubs.cpp:
217         (JSC::DEFINE_STUB_FUNCTION):
218         (JSC::jitCompileFor):
219         (JSC::lazyLinkFor):
220         * llint/LLIntSlowPaths.cpp:
221         (JSC::LLInt::traceFunctionPrologue):
222         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
223         (JSC::LLInt::setUpCall):
224         * runtime/Arguments.h:
225         (JSC::Arguments::finishCreation):
226         * runtime/ArrayPrototype.cpp:
227         (JSC::arrayProtoFuncFilter):
228         (JSC::arrayProtoFuncMap):
229         (JSC::arrayProtoFuncEvery):
230         (JSC::arrayProtoFuncForEach):
231         (JSC::arrayProtoFuncSome):
232         (JSC::arrayProtoFuncReduce):
233         (JSC::arrayProtoFuncReduceRight):
234         * runtime/CommonSlowPaths.h:
235         (JSC::CommonSlowPaths::arityCheckFor):
236         * runtime/Executable.h:
237         (JSC::FunctionExecutable::compileFor):
238         (JSC::FunctionExecutable::compileOptimizedFor):
239         * runtime/FunctionPrototype.cpp:
240         (JSC::functionProtoFuncToString):
241         * runtime/JSArray.cpp:
242         (JSC::JSArray::sort):
243         * runtime/JSFunction.cpp:
244         (JSC::JSFunction::argumentsGetter):
245         (JSC::JSFunction::callerGetter):
246         (JSC::JSFunction::lengthGetter):
247         * runtime/JSFunction.h:
248         (JSC):
249         (JSC::asJSFunction):
250         (JSC::JSValue::isFunction):
251         * runtime/JSGlobalData.cpp:
252         (WTF::Recompiler::operator()):
253         (JSC::JSGlobalData::releaseExecutableMemory):
254         * runtime/JSValue.h:
255         * runtime/StringPrototype.cpp:
256         (JSC::replaceUsingRegExpSearch):
257
258 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
259
260         DFG speculation on booleans should be rationalized
261         https://bugs.webkit.org/show_bug.cgi?id=81840
262
263         Reviewed by Gavin Barraclough.
264         
265         This removes isKnownBoolean() and replaces it with AbstractState-based
266         optimization, and cleans up the control flow in code gen methods for
267         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
268         and removes isKnownNotBoolean() since that method appeared to be a
269         helper used solely by 32_64's speculateBooleanOperation().
270         
271         This is performance-neutral.
272
273         * dfg/DFGAbstractState.cpp:
274         (JSC::DFG::AbstractState::execute):
275         * dfg/DFGNode.h:
276         (JSC::DFG::Node::shouldSpeculateNumber):
277         * dfg/DFGSpeculativeJIT.cpp:
278         (DFG):
279         * dfg/DFGSpeculativeJIT.h:
280         (SpeculativeJIT):
281         * dfg/DFGSpeculativeJIT32_64.cpp:
282         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
283         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
284         (JSC::DFG::SpeculativeJIT::emitBranch):
285         (JSC::DFG::SpeculativeJIT::compile):
286         * dfg/DFGSpeculativeJIT64.cpp:
287         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
288         (JSC::DFG::SpeculativeJIT::emitBranch):
289         (JSC::DFG::SpeculativeJIT::compile):
290
291 2012-03-21  Mark Rowe  <mrowe@apple.com>
292
293         Fix the build.
294
295         * wtf/MetaAllocator.h:
296         (MetaAllocator): Export the destructor.
297
298 2012-03-21  Eric Seidel  <eric@webkit.org>
299
300         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
301         https://bugs.webkit.org/show_bug.cgi?id=81834
302
303         Reviewed by Adam Barth.
304
305         * jsc.cpp:
306         * os-win32/WinMain.cpp:
307         * runtime/JSDateMath.cpp:
308         * runtime/TimeoutChecker.cpp:
309         * testRegExp.cpp:
310         * tools/CodeProfiling.cpp:
311
312 2012-03-21  Eric Seidel  <eric@webkit.org>
313
314         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
315         https://bugs.webkit.org/show_bug.cgi?id=81838
316
317         Reviewed by Geoffrey Garen.
318
319         My understanding is that weak vtables happen when the compiler/linker cannot
320         determine which compilation unit should constain the vtable.  In this case
321         because there were only pure virtual functions as well as an "inline"
322         virtual destructor (thus the virtual destructor was defined in many compilation
323         units).  Since you can't actually "inline" a virtual function (it still has to
324         bounce through the vtable), the "inline" on this virutal destructor doesn't
325         actually help performance, and is only serving to confuse the compiler here.
326         I've moved the destructor implementation to the .cpp file, thus making
327         it clear to the compiler where the vtable should be stored, and solving the error.
328
329         * wtf/MetaAllocator.cpp:
330         (WTF::MetaAllocator::~MetaAllocator):
331         (WTF):
332         * wtf/MetaAllocator.h:
333
334 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
335
336         RegExpMatchesArray should not copy the ovector
337         https://bugs.webkit.org/show_bug.cgi?id=81742
338
339         Reviewed by Michael Saboff.
340
341         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
342         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
343         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
344         and the results never accessed).
345         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
346
347         * dfg/DFGOperations.cpp:
348             - RegExpObject match renamed back to test (test returns a bool).
349         * runtime/RegExpConstructor.cpp:
350         (JSC):
351             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
352         (JSC::RegExpMatchesArray::finishCreation):
353             - Removed RegExpConstructorPrivate parameter.
354         (JSC::RegExpMatchesArray::reifyAllProperties):
355             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
356             If there are sub-pattern properties, the RegExp is re-run to generate their values.
357         (JSC::RegExpMatchesArray::reifyMatchProperty):
358             - Reify just the match (index 0) property of the RegExpMatchesArray.
359         * runtime/RegExpConstructor.h:
360         (RegExpConstructor):
361         (JSC::RegExpConstructor::performMatch):
362             - performMatch now returns a MatchResult, rather than using out-parameters.
363         * runtime/RegExpMatchesArray.h:
364         (JSC::RegExpMatchesArray::RegExpMatchesArray):
365             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
366         (RegExpMatchesArray):
367         (JSC::RegExpMatchesArray::create):
368             - Now passed the input string matched against, the RegExp, and the MatchResult.
369         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
370         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
371             - Helpers to conditionally reify properties.
372         (JSC::RegExpMatchesArray::getOwnPropertySlot):
373         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
374         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
375         (JSC::RegExpMatchesArray::put):
376         (JSC::RegExpMatchesArray::putByIndex):
377         (JSC::RegExpMatchesArray::deleteProperty):
378         (JSC::RegExpMatchesArray::deletePropertyByIndex):
379         (JSC::RegExpMatchesArray::getOwnPropertyNames):
380         (JSC::RegExpMatchesArray::defineOwnProperty):
381             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
382             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
383         * runtime/RegExpObject.cpp:
384         (JSC::RegExpObject::exec):
385         (JSC::RegExpObject::match):
386             - match now returns a MatchResult.
387         * runtime/RegExpObject.h:
388         (JSC::MatchResult::MatchResult):
389             - Added the result of a match is a start & end tuple.
390         (JSC::MatchResult::failed):
391             - A failure is indicated by (notFound, 0).
392         (JSC::MatchResult::operator bool):
393             - Evaluates to false if the match failed.
394         (JSC::MatchResult::empty):
395             - Evaluates to true if the match succeeded with length 0.
396         (JSC::RegExpObject::test):
397             - Now returns a bool.
398         * runtime/RegExpPrototype.cpp:
399         (JSC::regExpProtoFuncTest):
400             - RegExpObject match renamed back to test (test returns a bool).
401         * runtime/StringPrototype.cpp:
402         (JSC::removeUsingRegExpSearch):
403         (JSC::replaceUsingRegExpSearch):
404         (JSC::stringProtoFuncMatch):
405         (JSC::stringProtoFuncSearch):
406             - performMatch now returns a MatchResult, rather than using out-parameters.
407
408 2012-03-21  Hojong Han  <hojong.han@samsung.com>
409
410         Fix out of memory by allowing overcommit
411         https://bugs.webkit.org/show_bug.cgi?id=81743
412
413         Reviewed by Geoffrey Garen.
414
415         Garbage collection is not triggered and new blocks are added
416         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
417
418         * wtf/OSAllocatorPosix.cpp:
419         (WTF::OSAllocator::reserveAndCommit):
420
421 2012-03-21  Jessie Berlin  <jberlin@apple.com>
422
423         More Windows build fixing.
424
425         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
426         Fix the order of the include directories to look in include/private first before looking
427         in include/private/JavaScriptCore.
428         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
429         Look in the Production output directory (where the wtf headers will be). This is the same
430         thing that is done for jsc and testRegExp in ReleasePGO.
431
432 2012-03-21  Jessie Berlin  <jberlin@apple.com>
433
434         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
435         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
436         https://bugs.webkit.org/show_bug.cgi?id=81739
437
438         Reviewed by Dan Bernstein.
439
440         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
441         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
442         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
443         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
444         Ditto.
445
446         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
447         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
448         JavaScriptCore/wtf subdirectory.
449         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
450         Ditto.
451
452 2012-03-20  Eric Seidel  <eric@webkit.org>
453
454         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
455         https://bugs.webkit.org/show_bug.cgi?id=80911
456
457         Reviewed by Adam Barth.
458
459         Update the various build systems to depend on Source/WTF headers
460         as well as remove references to Platform.h (since it's now moved).
461
462         * CMakeLists.txt:
463         * JavaScriptCore.pri:
464         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
465         * JavaScriptCore.xcodeproj/project.pbxproj:
466         * wtf/CMakeLists.txt:
467
468 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
469
470         op_mod fails on many interesting corner cases
471         https://bugs.webkit.org/show_bug.cgi?id=81648
472
473         Reviewed by Oliver Hunt.
474         
475         Removed most strength reduction for op_mod, and fixed the integer handling
476         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
477         which this patch also fixes.
478         
479         This patch is performance neutral on all of the major benchmarks we track.
480
481         * dfg/DFGOperations.cpp:
482         * dfg/DFGOperations.h:
483         * dfg/DFGSpeculativeJIT.cpp:
484         (DFG):
485         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
486         (JSC::DFG::SpeculativeJIT::compileArithMod):
487         * jit/JIT.h:
488         (JIT):
489         * jit/JITArithmetic.cpp:
490         (JSC):
491         (JSC::JIT::emit_op_mod):
492         (JSC::JIT::emitSlow_op_mod):
493         * jit/JITArithmetic32_64.cpp:
494         (JSC::JIT::emit_op_mod):
495         (JSC::JIT::emitSlow_op_mod):
496         * jit/JITOpcodes32_64.cpp:
497         (JSC::JIT::privateCompileCTIMachineTrampolines):
498         (JSC):
499         * jit/JITStubs.h:
500         (TrampolineStructure):
501         (JSC::JITThunks::ctiNativeConstruct):
502         * llint/LowLevelInterpreter64.asm:
503         * wtf/Platform.h:
504         * wtf/SimpleStats.h:
505         (WTF::SimpleStats::variance):
506
507 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
508
509         Windows (make based) build fix.
510         <rdar://problem/11069015>
511
512         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
513
514 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
515
516         Move WTF-related Windows project files out of JavaScriptCore
517         https://bugs.webkit.org/show_bug.cgi?id=80680
518
519         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
520         It does not move any source code. This is in preparation for the WTF source move out of
521         JavaScriptCore.
522
523         Reviewed by Jessie Berlin.
524
525         * JavaScriptCore.vcproj/JavaScriptCore.sln:
526         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
527         * JavaScriptCore.vcproj/WTF: Removed.
528         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
529         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
530         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
531         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
532         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
533         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
534         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
535         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
536         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
537         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
538         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
539         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
540         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
541         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
542         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
543         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
544         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
545         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
546         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
547         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
548         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
549         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
550
551 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
552
553         Cache the type string of JavaScript object
554         https://bugs.webkit.org/show_bug.cgi?id=81446
555
556         Reviewed by Geoffrey Garen.
557
558         Instead of creating the JSString every time, we create
559         lazily the strings in JSGlobalData.
560
561         This avoid the construction of the StringImpl and of the JSString,
562         which gives some performance improvements.
563
564         * runtime/CommonIdentifiers.h:
565         * runtime/JSValue.cpp:
566         (JSC::JSValue::toStringSlowCase):
567         * runtime/Operations.cpp:
568         (JSC::jsTypeStringForValue):
569         * runtime/SmallStrings.cpp:
570         (JSC::SmallStrings::SmallStrings):
571         (JSC::SmallStrings::finalizeSmallStrings):
572         (JSC::SmallStrings::initialize):
573         (JSC):
574         * runtime/SmallStrings.h:
575         (SmallStrings):
576
577 2012-03-20  Oliver Hunt  <oliver@apple.com>
578
579         Allow LLINT to work even when executable allocation fails.
580         https://bugs.webkit.org/show_bug.cgi?id=81693
581
582         Reviewed by Gavin Barraclough.
583
584         Don't crash if executable allocation fails if we can fall back on LLINT
585
586         * jit/ExecutableAllocatorFixedVMPool.cpp:
587         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
588         * wtf/OSAllocatorPosix.cpp:
589         (WTF::OSAllocator::reserveAndCommit):
590
591 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
592
593         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
594         https://bugs.webkit.org/show_bug.cgi?id=81428
595
596         32 bit buildfix after r111355.
597
598         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
599         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
600
601         Reviewed by Zoltan Herczeg.
602
603         * dfg/DFGSpeculativeJIT.cpp:
604         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
605
606 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
607
608         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
609         https://bugs.webkit.org/show_bug.cgi?id=80983
610
611         Reviewed by Darin Adler.
612
613         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
614         call which is useful for local debugging.
615
616         * wtf/Assertions.cpp:
617         * wtf/Assertions.h:
618
619 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
620
621         Do not copy the script source in the SourceProvider, just reference the existing string
622         https://bugs.webkit.org/show_bug.cgi?id=81466
623
624         Reviewed by Geoffrey Garen.
625
626         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
627         * parser/SourceProvider.h: Add OVERRIDE for clarity.
628
629 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
630
631         Division optimizations fail to infer cases of truncated division and
632         mishandle -2147483648/-1
633         https://bugs.webkit.org/show_bug.cgi?id=81428
634         <rdar://problem/11067382>
635
636         Reviewed by Oliver Hunt.
637
638         If you're a division over integers and you're only used as an integer, then you're
639         an integer division and remainder checks become unnecessary. If you're dividing
640         -2147483648 by -1, don't crash.
641
642         * assembler/MacroAssemblerX86Common.h:
643         (MacroAssemblerX86Common):
644         (JSC::MacroAssemblerX86Common::add32):
645         * dfg/DFGSpeculativeJIT.cpp:
646         (DFG):
647         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
648         * dfg/DFGSpeculativeJIT.h:
649         (SpeculativeJIT):
650         * dfg/DFGSpeculativeJIT32_64.cpp:
651         (JSC::DFG::SpeculativeJIT::compile):
652         * dfg/DFGSpeculativeJIT64.cpp:
653         (JSC::DFG::SpeculativeJIT::compile):
654         * llint/LowLevelInterpreter64.asm:
655
656 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
657
658         Simplify SmallStrings
659         https://bugs.webkit.org/show_bug.cgi?id=81445
660
661         Reviewed by Gavin Barraclough.
662
663         SmallStrings had two methods that should not be public: count() and clear().
664
665         The method clear() is effectively replaced by finalizeSmallStrings(). The body
666         of the method was moved to the constructor since the code is obvious.
667
668         The method count() is unused.
669
670         * runtime/SmallStrings.cpp:
671         (JSC::SmallStrings::SmallStrings):
672         * runtime/SmallStrings.h:
673         (SmallStrings):
674
675 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
676
677         DFG can no longer compile V8-v4/regexp in debug mode
678         https://bugs.webkit.org/show_bug.cgi?id=81592
679
680         Reviewed by Gavin Barraclough.
681
682         * dfg/DFGSpeculativeJIT32_64.cpp:
683         (JSC::DFG::SpeculativeJIT::compile):
684         * dfg/DFGSpeculativeJIT64.cpp:
685         (JSC::DFG::SpeculativeJIT::compile):
686
687 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
688
689         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
690         change throughout the fixpoint
691         https://bugs.webkit.org/show_bug.cgi?id=81583
692
693         Reviewed by Michael Saboff.
694
695         * dfg/DFGPredictionPropagationPhase.cpp:
696         (JSC::DFG::PredictionPropagationPhase::propagate):
697
698 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
699
700         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
701         the process of being generated
702         https://bugs.webkit.org/show_bug.cgi?id=81565
703
704         Reviewed by Oliver Hunt.
705
706         * bytecode/CodeBlock.cpp:
707         (JSC::CodeBlock::finalizeUnconditionally):
708
709 2012-03-19  Eric Seidel  <eric@webkit.org>
710
711         Fix WTF header include discipline in Chromium WebKit
712         https://bugs.webkit.org/show_bug.cgi?id=81281
713
714         Reviewed by James Robinson.
715
716         * JavaScriptCore.gyp/JavaScriptCore.gyp:
717         * wtf/unicode/icu/CollatorICU.cpp:
718
719 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
720
721         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
722         https://bugs.webkit.org/show_bug.cgi?id=81556
723
724         Rubber stamped by Gavin Barraclough.
725
726         * GNUmakefile.list.am:
727         * JavaScriptCore.xcodeproj/project.pbxproj:
728         * dfg/DFGAbstractState.h:
729         (JSC::DFG::AbstractState::forNode):
730         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
731         (JSC::DFG::AdjacencyList::AdjacencyList):
732         (JSC::DFG::AdjacencyList::child):
733         (JSC::DFG::AdjacencyList::setChild):
734         (JSC::DFG::AdjacencyList::child1):
735         (JSC::DFG::AdjacencyList::child2):
736         (JSC::DFG::AdjacencyList::child3):
737         (JSC::DFG::AdjacencyList::setChild1):
738         (JSC::DFG::AdjacencyList::setChild2):
739         (JSC::DFG::AdjacencyList::setChild3):
740         (JSC::DFG::AdjacencyList::child1Unchecked):
741         (JSC::DFG::AdjacencyList::initialize):
742         (AdjacencyList):
743         * dfg/DFGByteCodeParser.cpp:
744         (JSC::DFG::ByteCodeParser::addVarArgChild):
745         (JSC::DFG::ByteCodeParser::processPhiStack):
746         * dfg/DFGCSEPhase.cpp:
747         (JSC::DFG::CSEPhase::canonicalize):
748         (JSC::DFG::CSEPhase::performSubstitution):
749         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
750         (DFG):
751         (JSC::DFG::Edge::Edge):
752         (JSC::DFG::Edge::operator==):
753         (JSC::DFG::Edge::operator!=):
754         (Edge):
755         (JSC::DFG::operator==):
756         (JSC::DFG::operator!=):
757         * dfg/DFGGraph.h:
758         (JSC::DFG::Graph::operator[]):
759         (JSC::DFG::Graph::at):
760         (JSC::DFG::Graph::ref):
761         (JSC::DFG::Graph::deref):
762         (JSC::DFG::Graph::clearAndDerefChild1):
763         (JSC::DFG::Graph::clearAndDerefChild2):
764         (JSC::DFG::Graph::clearAndDerefChild3):
765         (Graph):
766         * dfg/DFGJITCompiler.h:
767         (JSC::DFG::JITCompiler::getPrediction):
768         * dfg/DFGNode.h:
769         (JSC::DFG::Node::Node):
770         (JSC::DFG::Node::child1):
771         (JSC::DFG::Node::child1Unchecked):
772         (JSC::DFG::Node::child2):
773         (JSC::DFG::Node::child3):
774         (Node):
775         * dfg/DFGNodeFlags.cpp:
776         (JSC::DFG::arithNodeFlagsAsString):
777         * dfg/DFGNodeFlags.h:
778         (DFG):
779         (JSC::DFG::nodeUsedAsNumber):
780         * dfg/DFGNodeReferenceBlob.h: Removed.
781         * dfg/DFGNodeUse.h: Removed.
782         * dfg/DFGPredictionPropagationPhase.cpp:
783         (JSC::DFG::PredictionPropagationPhase::propagate):
784         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
785         (JSC::DFG::PredictionPropagationPhase::vote):
786         (JSC::DFG::PredictionPropagationPhase::fixupNode):
787         * dfg/DFGScoreBoard.h:
788         (JSC::DFG::ScoreBoard::use):
789         * dfg/DFGSpeculativeJIT.cpp:
790         (JSC::DFG::SpeculativeJIT::useChildren):
791         (JSC::DFG::SpeculativeJIT::writeBarrier):
792         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
793         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
794         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
795         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
796         * dfg/DFGSpeculativeJIT.h:
797         (JSC::DFG::SpeculativeJIT::at):
798         (JSC::DFG::SpeculativeJIT::canReuse):
799         (JSC::DFG::SpeculativeJIT::use):
800         (SpeculativeJIT):
801         (JSC::DFG::SpeculativeJIT::speculationCheck):
802         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
803         (JSC::DFG::IntegerOperand::IntegerOperand):
804         (JSC::DFG::DoubleOperand::DoubleOperand):
805         (JSC::DFG::JSValueOperand::JSValueOperand):
806         (JSC::DFG::StorageOperand::StorageOperand):
807         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
808         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
809         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
810         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
811         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
812         * dfg/DFGSpeculativeJIT32_64.cpp:
813         (JSC::DFG::SpeculativeJIT::cachedPutById):
814         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
815         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
816         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
817         (JSC::DFG::SpeculativeJIT::emitCall):
818         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
819         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
820         * dfg/DFGSpeculativeJIT64.cpp:
821         (JSC::DFG::SpeculativeJIT::cachedPutById):
822         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
823         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
824         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
825         (JSC::DFG::SpeculativeJIT::emitCall):
826         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
827         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
828
829 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
830
831         Object.freeze broken on latest Nightly
832         https://bugs.webkit.org/show_bug.cgi?id=80577
833
834         Reviewed by Oliver Hunt.
835
836         * runtime/Arguments.cpp:
837         (JSC::Arguments::defineOwnProperty):
838             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
839             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
840         * runtime/JSFunction.cpp:
841         (JSC::JSFunction::defineOwnProperty):
842             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
843             the object must be extensible; this is incorrect since these properties should already exist
844             on the object. In addition, it was asserting that the arguments/caller values must match the
845             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
846             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
847
848 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
849
850         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
851         https://bugs.webkit.org/show_bug.cgi?id=81559
852
853         Reviewed by Michael Saboff.
854
855         * llint/LLIntSlowPaths.cpp:
856         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
857
858 2012-03-19  Yong Li  <yoli@rim.com>
859
860         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
861         https://bugs.webkit.org/show_bug.cgi?id=77013
862
863         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
864         implement memory decommitting for QNX.
865
866         Reviewed by Rob Buis.
867
868         * wtf/OSAllocatorPosix.cpp:
869         (WTF::OSAllocator::reserveUncommitted):
870         (WTF::OSAllocator::commit):
871         (WTF::OSAllocator::decommit):
872
873 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
874
875         Unreviewed - revent a couple of files accidentally committed.
876
877         * runtime/Arguments.cpp:
878         (JSC::Arguments::defineOwnProperty):
879         * runtime/JSFunction.cpp:
880         (JSC::JSFunction::defineOwnProperty):
881
882 2012-03-19  Jessie Berlin  <jberlin@apple.com>
883
884         Another Windows build fix after r111129.
885
886         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
887
888 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
889
890         Cross-platform processor core counter: fix build on FreeBSD.
891         https://bugs.webkit.org/show_bug.cgi?id=81482
892
893         Reviewed by Zoltan Herczeg.
894
895         The documentation of sysctl(3) shows that <sys/types.h> should be
896         included before <sys/sysctl.h> (sys/types.h tends to be the first
897         included header in general).
898
899         This should fix the build on FreeBSD and other systems where
900         sysctl.h really depends on types defined in types.h.
901
902         * wtf/NumberOfCores.cpp:
903
904 2012-03-19  Jessie Berlin  <jberlin@apple.com>
905
906         Windows build fix after r111129.
907
908         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
909
910 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
911
912         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
913         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
914
915         Reviewed by Oliver Hunt.
916
917         The API specifies that convertToType may opt not to handle a conversion:
918             "@result The objects's converted value, or NULL if the object was not converted."
919         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
920         conversion functions, and failing that call the JSObject::defaultValue function.
921
922         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
923         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
924         bug#73368, these will return the result from the first convertToType they find, regardless
925         of whether this result is null, and if no convertToType method is found in the api class
926         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
927         chain), they will also return a null pointer. This is unsafe.
928
929         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
930         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
931         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
932         Making the fallback work with toString/valueOf methods attached to api objects is probably
933         not the right thing to do – instead, we should just implement the defaultValue trap for api
934         objects.
935
936         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
937         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
938
939         * API/JSCallbackFunction.cpp:
940         (JSC::JSCallbackFunction::call):
941             - Should be null checking the return value.
942         (JSC):
943             - Remove toStringCallback/valueOfCallback.
944         * API/JSCallbackFunction.h:
945         (JSCallbackFunction):
946             - Remove toStringCallback/valueOfCallback.
947         * API/JSCallbackObject.h:
948         (JSCallbackObject):
949             - Add defaultValue mthods to JSCallbackObject.
950         * API/JSCallbackObjectFunctions.h:
951         (JSC::::defaultValue):
952             - Add defaultValue mthods to JSCallbackObject.
953         * API/JSClassRef.cpp:
954         (OpaqueJSClass::prototype):
955             - Remove toStringCallback/valueOfCallback.
956         * API/tests/testapi.js:
957             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
958
959 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
960
961         [EFL] Include ICU_INCLUDE_DIRS when building.
962         https://bugs.webkit.org/show_bug.cgi?id=81483
963
964         Reviewed by Daniel Bates.
965
966         So far, only the ICU libraries were being included when building
967         JavaScriptCore, however the include path is also needed, otherwise the
968         build will fail when ICU is installed into a non-standard location.
969
970         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
971
972 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
973
974         Strength reduction, RegExp.exec -> RegExp.test
975         https://bugs.webkit.org/show_bug.cgi?id=81459
976
977         Reviewed by Sam Weinig.
978
979         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
980         expression for a match against a string - however exec is more expensive, since
981         it allocates a matches array object. In cases where the result is consumed in a
982         boolean context the allocation of the matches array can be trivially elided.
983
984         For example:
985             function f()
986             {
987                 for (i =0; i < 10000000; ++i)
988                     if(!/a/.exec("a"))
989                         err = true;
990             }
991
992         This is a 2.5x speedup on this example microbenchmark loop.
993
994         In a more advanced form of this optimization, we may be able to avoid allocating
995         the array where access to the array can be observed.
996
997         * create_hash_table:
998         * dfg/DFGAbstractState.cpp:
999         (JSC::DFG::AbstractState::execute):
1000         * dfg/DFGByteCodeParser.cpp:
1001         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1002         * dfg/DFGNode.h:
1003         (JSC::DFG::Node::hasHeapPrediction):
1004         * dfg/DFGNodeType.h:
1005         (DFG):
1006         * dfg/DFGOperations.cpp:
1007         * dfg/DFGOperations.h:
1008         * dfg/DFGPredictionPropagationPhase.cpp:
1009         (JSC::DFG::PredictionPropagationPhase::propagate):
1010         * dfg/DFGSpeculativeJIT.cpp:
1011         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1012         (DFG):
1013         * dfg/DFGSpeculativeJIT.h:
1014         (JSC::DFG::SpeculativeJIT::callOperation):
1015         * dfg/DFGSpeculativeJIT32_64.cpp:
1016         (JSC::DFG::SpeculativeJIT::compile):
1017         * dfg/DFGSpeculativeJIT64.cpp:
1018         (JSC::DFG::SpeculativeJIT::compile):
1019         * jsc.cpp:
1020         (GlobalObject::addConstructableFunction):
1021         * runtime/Intrinsic.h:
1022         * runtime/JSFunction.cpp:
1023         (JSC::JSFunction::create):
1024         (JSC):
1025         * runtime/JSFunction.h:
1026         (JSFunction):
1027         * runtime/Lookup.cpp:
1028         (JSC::setUpStaticFunctionSlot):
1029         * runtime/RegExpObject.cpp:
1030         (JSC::RegExpObject::exec):
1031         (JSC::RegExpObject::match):
1032         * runtime/RegExpObject.h:
1033         (RegExpObject):
1034         * runtime/RegExpPrototype.cpp:
1035         (JSC::regExpProtoFuncTest):
1036         (JSC::regExpProtoFuncExec):
1037
1038 2012-03-16  Michael Saboff  <msaboff@apple.com>
1039
1040         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1041         https://bugs.webkit.org/show_bug.cgi?id=81244
1042
1043         Rubber stamped by Filip Pizlo.
1044
1045         Changed type and name of JSGlobalData::m_isInitializingObject to
1046         ClassInfo* and m_initializingObjectClass.
1047         Changed JSGlobalData::setInitializingObject to
1048         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1049         the debugger to determine what type of object is being initialized.
1050         
1051         * runtime/JSCell.h:
1052         (JSC::JSCell::finishCreation):
1053         (JSC::allocateCell):
1054         * runtime/JSGlobalData.cpp:
1055         (JSC::JSGlobalData::JSGlobalData):
1056         * runtime/JSGlobalData.h:
1057         (JSGlobalData):
1058         (JSC::JSGlobalData::isInitializingObject):
1059         (JSC::JSGlobalData::setInitializingObjectClass):
1060         * runtime/Structure.h:
1061         (JSC::JSCell::finishCreation):
1062
1063 2012-03-16  Mark Rowe  <mrowe@apple.com>
1064
1065         Build fix. Do not preserve owner and group information when installing the WTF headers.
1066
1067         * JavaScriptCore.xcodeproj/project.pbxproj:
1068
1069 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1070
1071         Make the array pointer parameters in the Typed Array create() methods const.
1072         https://bugs.webkit.org/show_bug.cgi?id=81147
1073
1074         Reviewed by Kenneth Russell.
1075
1076         This allows const arrays to be passed to these methods.
1077         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1078
1079         * wtf/Int16Array.h:
1080         (Int16Array):
1081         (WTF::Int16Array::create):
1082         * wtf/Int32Array.h:
1083         (Int32Array):
1084         (WTF::Int32Array::create):
1085         * wtf/Int8Array.h:
1086         (Int8Array):
1087         (WTF::Int8Array::create):
1088         * wtf/Uint16Array.h:
1089         (Uint16Array):
1090         (WTF::Uint16Array::create):
1091         * wtf/Uint32Array.h:
1092         (Uint32Array):
1093         (WTF::Uint32Array::create):
1094         * wtf/Uint8Array.h:
1095         (Uint8Array):
1096         (WTF::Uint8Array::create):
1097         * wtf/Uint8ClampedArray.h:
1098         (Uint8ClampedArray):
1099         (WTF::Uint8ClampedArray::create):
1100
1101 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1102
1103         CopiedSpace::tryAllocateOversize assumes system page size
1104         https://bugs.webkit.org/show_bug.cgi?id=80615
1105
1106         Reviewed by Geoffrey Garen.
1107
1108         * heap/CopiedSpace.cpp:
1109         (JSC::CopiedSpace::tryAllocateOversize):
1110         * heap/CopiedSpace.h:
1111         (CopiedSpace):
1112         * heap/CopiedSpaceInlineMethods.h:
1113         (JSC::CopiedSpace::oversizeBlockFor):
1114         * wtf/BumpPointerAllocator.h:
1115         (WTF::BumpPointerPool::create):
1116         * wtf/StdLibExtras.h:
1117         (WTF::roundUpToMultipleOf):
1118
1119 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1120
1121         Fixing Windows build breakage
1122
1123         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1124
1125 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1126
1127         [EFL] Make zlib a general build requirement
1128         https://bugs.webkit.org/show_bug.cgi?id=80153
1129
1130         Reviewed by Hajime Morita.
1131
1132         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1133
1134         * wtf/Platform.h:
1135
1136 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1137
1138         NumericStrings should be inlined
1139         https://bugs.webkit.org/show_bug.cgi?id=81183
1140
1141         Reviewed by Gavin Barraclough.
1142
1143         NumericStrings is not always inlined. When it is not, the class is not faster
1144         than using UString::number() directly.
1145
1146         * runtime/NumericStrings.h:
1147         (JSC::NumericStrings::add):
1148         (JSC::NumericStrings::lookupSmallString):
1149
1150 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1151
1152         Fix ARM build after r110792.
1153
1154         Unreviewed build fix.
1155
1156         * jit/ExecutableAllocator.h:
1157         (JSC::ExecutableAllocator::cacheFlush):
1158         Remove superfluous curly brackets.
1159
1160 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1161
1162         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1163         https://bugs.webkit.org/show_bug.cgi?id=81256
1164
1165         Reviewed by Oliver Hunt.
1166
1167         This is a 0.5% sunspider progression.
1168
1169         * assembler/MacroAssemblerARMv7.h:
1170         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1171             - switch which form of vmov we use.
1172
1173 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1174
1175         [EFL] Add OwnPtr specialization for Ecore_Timer.
1176         https://bugs.webkit.org/show_bug.cgi?id=80119
1177
1178         Reviewed by Hajime Morita.
1179
1180         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1181
1182         * wtf/OwnPtrCommon.h:
1183         (WTF):
1184         * wtf/efl/OwnPtrEfl.cpp:
1185         (WTF::deleteOwnedPtr):
1186         (WTF):
1187
1188 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1189
1190         Linux has madvise enough to support OSAllocator::commit/decommit
1191         https://bugs.webkit.org/show_bug.cgi?id=80505
1192
1193         Reviewed by Geoffrey Garen.
1194
1195         * wtf/OSAllocatorPosix.cpp:
1196         (WTF::OSAllocator::reserveUncommitted):
1197         (WTF::OSAllocator::commit):
1198         (WTF::OSAllocator::decommit):
1199
1200 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1201
1202         Windows build fix.
1203
1204         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1205         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1206         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1207         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1208
1209 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1210
1211         Windows build fix.
1212
1213         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1214
1215 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1216
1217         Move wx port to using export macros
1218         https://bugs.webkit.org/show_bug.cgi?id=77279
1219
1220         Reviewed by Hajime Morita.
1221
1222         * wscript:
1223         * wtf/Platform.h:
1224
1225 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1226
1227         Avoid StringImpl::getData16SlowCase() when sorting array
1228         https://bugs.webkit.org/show_bug.cgi?id=81070
1229
1230         Reviewed by Geoffrey Garen.
1231
1232         The function codePointCompare() is used intensively when sorting strings.
1233         This patch improves its performance by:
1234         -Avoiding character conversion.
1235         -Inlining the function.
1236
1237         This makes Peacekeeper's arrayCombined test 30% faster.
1238
1239         * wtf/text/StringImpl.cpp:
1240         * wtf/text/StringImpl.h:
1241         (WTF):
1242         (WTF::codePointCompare):
1243         (WTF::codePointCompare8):
1244         (WTF::codePointCompare16):
1245         (WTF::codePointCompare8To16):
1246
1247 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1248
1249         Fix memory allocation failed by fastmalloc
1250         https://bugs.webkit.org/show_bug.cgi?id=79614
1251
1252         Reviewed by Geoffrey Garen.
1253
1254         Memory allocation failed even if the heap grows successfully.
1255         It is wrong to get the span only from the large list after the heap grows,
1256         because new span could be added in the normal list.
1257
1258         * wtf/FastMalloc.cpp:
1259         (WTF::TCMalloc_PageHeap::New):
1260
1261 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1262
1263         Run cacheFlush page by page to assure of flushing all the requested ranges
1264         https://bugs.webkit.org/show_bug.cgi?id=77712
1265
1266         Reviewed by Geoffrey Garen.
1267
1268         Current MetaAllocator concept, always coalesces adjacent free spaces,
1269         doesn't meet memory management of Linux kernel.
1270         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1271         Therefore cacheFlush page by page guarantees a flush-requested range.
1272
1273         * jit/ExecutableAllocator.h:
1274         (JSC::ExecutableAllocator::cacheFlush):
1275
1276 2012-03-14  Oliver Hunt  <oliver@apple.com>
1277
1278         Make ARMv7 work again
1279         https://bugs.webkit.org/show_bug.cgi?id=81157
1280
1281         Reviewed by Geoffrey Garen.
1282
1283         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1284         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1285         nefarious purposes.
1286
1287         * assembler/MacroAssembler.h:
1288         (JSC::MacroAssembler::store32):
1289         * assembler/MacroAssemblerARMv7.h:
1290         (MacroAssemblerARMv7):
1291
1292 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1293
1294         Heap::destroy leaks CopiedSpace
1295         https://bugs.webkit.org/show_bug.cgi?id=81055
1296
1297         Reviewed by Geoffrey Garen.
1298
1299         Added a destroy() function to CopiedSpace that moves all normal size 
1300         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1301         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1302         This function is now called in Heap::destroy().
1303
1304         * heap/CopiedSpace.cpp:
1305         (JSC::CopiedSpace::destroy):
1306         (JSC):
1307         * heap/CopiedSpace.h:
1308         (CopiedSpace):
1309         * heap/Heap.cpp:
1310         (JSC::Heap::destroy):
1311
1312 2012-03-14  Andrew Lo  <anlo@rim.com>
1313
1314         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1315         https://bugs.webkit.org/show_bug.cgi?id=81000
1316
1317         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1318
1319         Reviewed by Antonio Gomes.
1320
1321         * wtf/Platform.h:
1322
1323 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1324
1325         ValueToInt32 speculation will cause OSR exits even when it does not have to
1326         https://bugs.webkit.org/show_bug.cgi?id=81068
1327         <rdar://problem/11043926>
1328
1329         Reviewed by Anders Carlsson.
1330         
1331         Two related changes:
1332         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1333            of exiting, if it doesn't know what speculations to perform.
1334         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1335
1336         * dfg/DFGAbstractState.cpp:
1337         (JSC::DFG::AbstractState::execute):
1338         * dfg/DFGNode.h:
1339         (JSC::DFG::Node::shouldSpeculateBoolean):
1340         (Node):
1341         * dfg/DFGSpeculativeJIT.cpp:
1342         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1343
1344 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1345
1346         More Windows build fixing
1347
1348         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1349
1350 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1351
1352         Windows build fix
1353
1354         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1355
1356 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1357
1358         Type conversion of exponential part failed
1359         https://bugs.webkit.org/show_bug.cgi?id=80673
1360
1361         Reviewed by Geoffrey Garen.
1362
1363         * parser/Lexer.cpp:
1364         (JSC::::lex):
1365         * runtime/JSGlobalObjectFunctions.cpp:
1366         (JSC::parseInt):
1367         (JSC):
1368         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1369         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1370         parameter for strtod to allow trailing spaces.
1371         (JSC::toDouble):
1372         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1373         * runtime/LiteralParser.cpp:
1374         (JSC::::Lexer::lexNumber):
1375         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1376         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1377         * wtf/dtoa.cpp:
1378         (WTF):
1379         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1380         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1381         * wtf/dtoa.h:
1382         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1383         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1384         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1385         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1386         * wtf/text/WTFString.cpp:
1387         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1388
1389 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1390
1391         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1392         Removing the assert for now.
1393
1394         * dfg/DFGOperations.h:
1395         * llint/LLIntSlowPaths.h:
1396
1397 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1398
1399         Functions with C linkage should return POD types
1400         https://bugs.webkit.org/show_bug.cgi?id=81061
1401
1402         Reviewed by Mark Rowe.
1403
1404         * dfg/DFGOperations.h:
1405         * llint/LLIntSlowPaths.h:
1406         (LLInt):
1407         (SlowPathReturnType):
1408         (JSC::LLInt::encodeResult):
1409
1410 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1411
1412         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1413         https://bugs.webkit.org/show_bug.cgi?id=80979
1414         <rdar://problem/11036848>
1415
1416         Reviewed by Oliver Hunt.
1417         
1418         Also improved DFG IR dumping to include type information in a somewhat more
1419         intuitive way.
1420
1421         * bytecode/PredictedType.cpp:
1422         (JSC::predictionToAbbreviatedString):
1423         (JSC):
1424         * bytecode/PredictedType.h:
1425         (JSC):
1426         * dfg/DFGAbstractState.cpp:
1427         (JSC::DFG::AbstractState::execute):
1428         * dfg/DFGGraph.cpp:
1429         (JSC::DFG::Graph::dump):
1430         * dfg/DFGPredictionPropagationPhase.cpp:
1431         (JSC::DFG::PredictionPropagationPhase::propagate):
1432         * dfg/DFGSpeculativeJIT.cpp:
1433         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1434         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1435         * dfg/DFGSpeculativeJIT.h:
1436         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1437
1438 2012-03-13  George Staikos  <staikos@webkit.org>
1439
1440         The callback is only used if SA_RESTART is defined.  Compile it out
1441         otherwise to avoid a warning.
1442         https://bugs.webkit.org/show_bug.cgi?id=80926
1443
1444         Reviewed by Alexey Proskuryakov.
1445
1446         * heap/MachineStackMarker.cpp:
1447         (JSC):
1448
1449 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1450
1451         Dump the generated code for ARM_TRADITIONAL
1452         https://bugs.webkit.org/show_bug.cgi?id=80975
1453
1454         Reviewed by Gavin Barraclough.
1455
1456         * assembler/LinkBuffer.h:
1457         (JSC::LinkBuffer::dumpCode):
1458
1459 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1460
1461         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1462         https://bugs.webkit.org/show_bug.cgi?id=78853
1463
1464         Reviewed by Adam Barth.
1465
1466         * Configurations/FeatureDefines.xcconfig:
1467         * wtf/Platform.h:
1468
1469 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1470
1471         Remove SlotVisitor::copy() method.
1472         https://bugs.webkit.org/show_bug.cgi?id=80973
1473
1474         Reviewed by Geoffrey Garen.
1475
1476         SlotVisitor::copy() method isn't called anywhere.
1477
1478         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1479         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1480
1481 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1482
1483         Fix test cases for RegExp multiline
1484         https://bugs.webkit.org/show_bug.cgi?id=80822
1485
1486         Reviewed by Gavin Barraclough.
1487
1488         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1489         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1490         * tests/mozilla/js1_2/regexp/beginLine.js:
1491         * tests/mozilla/js1_2/regexp/endLine.js:
1492
1493 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1494
1495         Arithmetic use inference should be procedure-global and should run in tandem
1496         with type propagation
1497         https://bugs.webkit.org/show_bug.cgi?id=80819
1498         <rdar://problem/11034006>
1499
1500         Reviewed by Gavin Barraclough.
1501         
1502         * CMakeLists.txt:
1503         * GNUmakefile.list.am:
1504         * JavaScriptCore.xcodeproj/project.pbxproj:
1505         * Target.pri:
1506         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
1507         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
1508         * dfg/DFGDriver.cpp:
1509         (JSC::DFG::compile):
1510         * dfg/DFGPredictionPropagationPhase.cpp:
1511         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1512         (PredictionPropagationPhase):
1513         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1514         (JSC::DFG::PredictionPropagationPhase::propagate):
1515         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1516         * dfg/DFGVariableAccessData.h:
1517         (JSC::DFG::VariableAccessData::VariableAccessData):
1518         (JSC::DFG::VariableAccessData::flags):
1519         (VariableAccessData):
1520         (JSC::DFG::VariableAccessData::mergeFlags):
1521
1522 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1523
1524         Node::op and Node::flags should be private
1525         https://bugs.webkit.org/show_bug.cgi?id=80824
1526         <rdar://problem/11033435>
1527
1528         Reviewed by Gavin Barraclough.
1529
1530         * CMakeLists.txt:
1531         * GNUmakefile.list.am:
1532         * JavaScriptCore.xcodeproj/project.pbxproj:
1533         * Target.pri:
1534         * dfg/DFGAbstractState.cpp:
1535         (JSC::DFG::AbstractState::initialize):
1536         (JSC::DFG::AbstractState::execute):
1537         (JSC::DFG::AbstractState::mergeStateAtTail):
1538         (JSC::DFG::AbstractState::mergeToSuccessors):
1539         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1540         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1541         * dfg/DFGByteCodeParser.cpp:
1542         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
1543         (JSC::DFG::ByteCodeParser::getLocal):
1544         (JSC::DFG::ByteCodeParser::getArgument):
1545         (JSC::DFG::ByteCodeParser::flushArgument):
1546         (JSC::DFG::ByteCodeParser::toInt32):
1547         (JSC::DFG::ByteCodeParser::isJSConstant):
1548         (JSC::DFG::ByteCodeParser::makeSafe):
1549         (JSC::DFG::ByteCodeParser::makeDivSafe):
1550         (JSC::DFG::ByteCodeParser::handleInlining):
1551         (JSC::DFG::ByteCodeParser::parseBlock):
1552         (JSC::DFG::ByteCodeParser::processPhiStack):
1553         (JSC::DFG::ByteCodeParser::linkBlock):
1554         * dfg/DFGCFAPhase.cpp:
1555         (JSC::DFG::CFAPhase::performBlockCFA):
1556         * dfg/DFGCSEPhase.cpp:
1557         (JSC::DFG::CSEPhase::canonicalize):
1558         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1559         (JSC::DFG::CSEPhase::pureCSE):
1560         (JSC::DFG::CSEPhase::byValIsPure):
1561         (JSC::DFG::CSEPhase::clobbersWorld):
1562         (JSC::DFG::CSEPhase::impureCSE):
1563         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1564         (JSC::DFG::CSEPhase::getByValLoadElimination):
1565         (JSC::DFG::CSEPhase::checkFunctionElimination):
1566         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1567         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1568         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1569         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1570         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1571         (JSC::DFG::CSEPhase::performNodeCSE):
1572         * dfg/DFGGraph.cpp:
1573         (JSC::DFG::Graph::dump):
1574         (DFG):
1575         * dfg/DFGGraph.h:
1576         (JSC::DFG::Graph::addShouldSpeculateInteger):
1577         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1578         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1579         * dfg/DFGNode.cpp: Removed.
1580         * dfg/DFGNode.h:
1581         (DFG):
1582         (JSC::DFG::Node::Node):
1583         (Node):
1584         (JSC::DFG::Node::op):
1585         (JSC::DFG::Node::flags):
1586         (JSC::DFG::Node::setOp):
1587         (JSC::DFG::Node::setFlags):
1588         (JSC::DFG::Node::mergeFlags):
1589         (JSC::DFG::Node::filterFlags):
1590         (JSC::DFG::Node::clearFlags):
1591         (JSC::DFG::Node::setOpAndDefaultFlags):
1592         (JSC::DFG::Node::mustGenerate):
1593         (JSC::DFG::Node::isConstant):
1594         (JSC::DFG::Node::isWeakConstant):
1595         (JSC::DFG::Node::valueOfJSConstant):
1596         (JSC::DFG::Node::hasVariableAccessData):
1597         (JSC::DFG::Node::hasIdentifier):
1598         (JSC::DFG::Node::resolveGlobalDataIndex):
1599         (JSC::DFG::Node::hasArithNodeFlags):
1600         (JSC::DFG::Node::arithNodeFlags):
1601         (JSC::DFG::Node::setArithNodeFlag):
1602         (JSC::DFG::Node::mergeArithNodeFlags):
1603         (JSC::DFG::Node::hasConstantBuffer):
1604         (JSC::DFG::Node::hasRegexpIndex):
1605         (JSC::DFG::Node::hasVarNumber):
1606         (JSC::DFG::Node::hasScopeChainDepth):
1607         (JSC::DFG::Node::hasResult):
1608         (JSC::DFG::Node::hasInt32Result):
1609         (JSC::DFG::Node::hasNumberResult):
1610         (JSC::DFG::Node::hasJSResult):
1611         (JSC::DFG::Node::hasBooleanResult):
1612         (JSC::DFG::Node::isJump):
1613         (JSC::DFG::Node::isBranch):
1614         (JSC::DFG::Node::isTerminal):
1615         (JSC::DFG::Node::hasHeapPrediction):
1616         (JSC::DFG::Node::hasFunctionCheckData):
1617         (JSC::DFG::Node::hasStructureTransitionData):
1618         (JSC::DFG::Node::hasStructureSet):
1619         (JSC::DFG::Node::hasStorageAccessData):
1620         (JSC::DFG::Node::hasFunctionDeclIndex):
1621         (JSC::DFG::Node::hasFunctionExprIndex):
1622         (JSC::DFG::Node::child1):
1623         (JSC::DFG::Node::child2):
1624         (JSC::DFG::Node::child3):
1625         (JSC::DFG::Node::firstChild):
1626         (JSC::DFG::Node::numChildren):
1627         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
1628         * dfg/DFGNodeFlags.h: Added.
1629         (DFG):
1630         (JSC::DFG::nodeUsedAsNumber):
1631         (JSC::DFG::nodeCanTruncateInteger):
1632         (JSC::DFG::nodeCanIgnoreNegativeZero):
1633         (JSC::DFG::nodeMayOverflow):
1634         (JSC::DFG::nodeCanSpeculateInteger):
1635         * dfg/DFGNodeType.h: Added.
1636         (DFG):
1637         (JSC::DFG::defaultFlags):
1638         * dfg/DFGPredictionPropagationPhase.cpp:
1639         (JSC::DFG::PredictionPropagationPhase::propagate):
1640         (JSC::DFG::PredictionPropagationPhase::vote):
1641         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1642         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1643         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1644         (JSC::DFG::RedundantPhiEliminationPhase::run):
1645         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1646         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1647         * dfg/DFGSpeculativeJIT.cpp:
1648         (JSC::DFG::SpeculativeJIT::useChildren):
1649         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1650         (JSC::DFG::SpeculativeJIT::compileMovHint):
1651         (JSC::DFG::SpeculativeJIT::compile):
1652         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1653         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1654         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1655         (JSC::DFG::SpeculativeJIT::compileAdd):
1656         (JSC::DFG::SpeculativeJIT::compare):
1657         * dfg/DFGSpeculativeJIT.h:
1658         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1659         * dfg/DFGSpeculativeJIT32_64.cpp:
1660         (JSC::DFG::SpeculativeJIT::emitCall):
1661         (JSC::DFG::SpeculativeJIT::compile):
1662         * dfg/DFGSpeculativeJIT64.cpp:
1663         (JSC::DFG::SpeculativeJIT::emitCall):
1664         (JSC::DFG::SpeculativeJIT::compile):
1665         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1666         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1667
1668 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1669
1670         Minor DataLog fixes
1671         https://bugs.webkit.org/show_bug.cgi?id=80826
1672
1673         Reviewed by Andreas Kling.
1674
1675         * bytecode/ExecutionCounter.cpp:
1676         Do not include DataLog.h, it is not used.
1677         
1678         * jit/ExecutableAllocator.cpp:
1679         Ditto.
1680
1681         * wtf/DataLog.cpp:
1682         (WTF::initializeLogFileOnce):
1683         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
1684
1685         * wtf/HashTable.cpp:
1686         Include DataLog as it is used.
1687
1688 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
1689
1690         Integer overflow check code in arithmetic operation in classic interpreter
1691         https://bugs.webkit.org/show_bug.cgi?id=80465
1692
1693         Reviewed by Gavin Barraclough.
1694
1695         * interpreter/Interpreter.cpp:
1696         (JSC::Interpreter::privateExecute):
1697
1698 2012-03-12  Zeno Albisser  <zeno@webkit.org>
1699
1700         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
1701         https://bugs.webkit.org/show_bug.cgi?id=80827
1702
1703         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
1704
1705         Reviewed by Simon Hausmann.
1706
1707         * wtf/Platform.h:
1708
1709 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
1710
1711         Unreviewed prospective Qt/Mac build fix
1712
1713         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
1714         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
1715         constructor.
1716
1717 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1718
1719         All DFG nodes should have a mutable set of flags
1720         https://bugs.webkit.org/show_bug.cgi?id=80779
1721         <rdar://problem/11026218>
1722
1723         Reviewed by Gavin Barraclough.
1724         
1725         Got rid of NodeId, and placed all of the flags that distinguished NodeId
1726         from NodeType into a separate Node::flags field. Combined what was previously
1727         ArithNodeFlags into Node::flags.
1728         
1729         In the process of debugging, I found that the debug support in the virtual
1730         register allocator was lacking, so I improved it. I also realized that the
1731         virtual register allocator was assuming that the nodes in a basic block were
1732         contiguous, which is no longer the case. So I fixed that. The fix also made
1733         it natural to have more extreme assertions, so I added them. I suspect this
1734         will make it easier to catch virtual register allocation bugs in the future.
1735         
1736         This is mostly performance neutral; if anything it looks like a slight
1737         speed-up.
1738         
1739         This patch does leave some work for future refactorings; for example, Node::op
1740         is unencapsulated. This was already the case, though now it feels even more
1741         like it should be. I avoided doing that because this patch has already grown
1742         way bigger than I wanted.
1743         
1744         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
1745         move some unnecessarily inline stuff out of DFGNode.h.
1746
1747         * CMakeLists.txt:
1748         * GNUmakefile.list.am:
1749         * JavaScriptCore.xcodeproj/project.pbxproj:
1750         * Target.pri:
1751         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1752         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1753         * dfg/DFGByteCodeParser.cpp:
1754         (JSC::DFG::ByteCodeParser::addToGraph):
1755         (JSC::DFG::ByteCodeParser::makeSafe):
1756         (JSC::DFG::ByteCodeParser::makeDivSafe):
1757         (JSC::DFG::ByteCodeParser::handleMinMax):
1758         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1759         (JSC::DFG::ByteCodeParser::parseBlock):
1760         * dfg/DFGCFAPhase.cpp:
1761         (JSC::DFG::CFAPhase::performBlockCFA):
1762         * dfg/DFGCSEPhase.cpp:
1763         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1764         (JSC::DFG::CSEPhase::pureCSE):
1765         (JSC::DFG::CSEPhase::clobbersWorld):
1766         (JSC::DFG::CSEPhase::impureCSE):
1767         (JSC::DFG::CSEPhase::setReplacement):
1768         (JSC::DFG::CSEPhase::eliminate):
1769         (JSC::DFG::CSEPhase::performNodeCSE):
1770         (JSC::DFG::CSEPhase::performBlockCSE):
1771         (CSEPhase):
1772         * dfg/DFGGraph.cpp:
1773         (JSC::DFG::Graph::opName):
1774         (JSC::DFG::Graph::dump):
1775         (DFG):
1776         * dfg/DFGNode.cpp: Added.
1777         (DFG):
1778         (JSC::DFG::arithNodeFlagsAsString):
1779         * dfg/DFGNode.h:
1780         (DFG):
1781         (JSC::DFG::nodeUsedAsNumber):
1782         (JSC::DFG::nodeCanTruncateInteger):
1783         (JSC::DFG::nodeCanIgnoreNegativeZero):
1784         (JSC::DFG::nodeMayOverflow):
1785         (JSC::DFG::nodeCanSpeculateInteger):
1786         (JSC::DFG::defaultFlags):
1787         (JSC::DFG::Node::Node):
1788         (Node):
1789         (JSC::DFG::Node::setOpAndDefaultFlags):
1790         (JSC::DFG::Node::mustGenerate):
1791         (JSC::DFG::Node::arithNodeFlags):
1792         (JSC::DFG::Node::setArithNodeFlag):
1793         (JSC::DFG::Node::mergeArithNodeFlags):
1794         (JSC::DFG::Node::hasResult):
1795         (JSC::DFG::Node::hasInt32Result):
1796         (JSC::DFG::Node::hasNumberResult):
1797         (JSC::DFG::Node::hasJSResult):
1798         (JSC::DFG::Node::hasBooleanResult):
1799         (JSC::DFG::Node::isJump):
1800         (JSC::DFG::Node::isBranch):
1801         (JSC::DFG::Node::isTerminal):
1802         (JSC::DFG::Node::child1):
1803         (JSC::DFG::Node::child2):
1804         (JSC::DFG::Node::child3):
1805         (JSC::DFG::Node::firstChild):
1806         (JSC::DFG::Node::numChildren):
1807         * dfg/DFGPredictionPropagationPhase.cpp:
1808         (JSC::DFG::PredictionPropagationPhase::propagate):
1809         (JSC::DFG::PredictionPropagationPhase::vote):
1810         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1811         * dfg/DFGScoreBoard.h:
1812         (ScoreBoard):
1813         (JSC::DFG::ScoreBoard::~ScoreBoard):
1814         (JSC::DFG::ScoreBoard::assertClear):
1815         (JSC::DFG::ScoreBoard::use):
1816         * dfg/DFGSpeculativeJIT.cpp:
1817         (JSC::DFG::SpeculativeJIT::useChildren):
1818         * dfg/DFGSpeculativeJIT32_64.cpp:
1819         (JSC::DFG::SpeculativeJIT::compile):
1820         * dfg/DFGSpeculativeJIT64.cpp:
1821         (JSC::DFG::SpeculativeJIT::compile):
1822         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1823         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1824
1825 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
1826
1827         LLInt should support JSVALUE64
1828         https://bugs.webkit.org/show_bug.cgi?id=79609
1829         <rdar://problem/10063437>
1830
1831         Reviewed by Gavin Barraclough and Oliver Hunt.
1832         
1833         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
1834         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
1835         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
1836         specialized for value representation.
1837         
1838         Also made some minor changes to offlineasm and the slow-paths.
1839
1840         * llint/LLIntData.cpp:
1841         (JSC::LLInt::Data::performAssertions):
1842         * llint/LLIntEntrypoints.cpp:
1843         * llint/LLIntSlowPaths.cpp:
1844         (LLInt):
1845         (JSC::LLInt::llint_trace_value):
1846         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1847         (JSC::LLInt::jitCompileAndSetHeuristics):
1848         * llint/LLIntSlowPaths.h:
1849         (LLInt):
1850         (SlowPathReturnType):
1851         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
1852         (JSC::LLInt::encodeResult):
1853         * llint/LLIntThunks.cpp:
1854         * llint/LowLevelInterpreter.asm:
1855         * llint/LowLevelInterpreter32_64.asm:
1856         * llint/LowLevelInterpreter64.asm:
1857         * offlineasm/armv7.rb:
1858         * offlineasm/asm.rb:
1859         * offlineasm/ast.rb:
1860         * offlineasm/backends.rb:
1861         * offlineasm/instructions.rb:
1862         * offlineasm/parser.rb:
1863         * offlineasm/registers.rb:
1864         * offlineasm/transform.rb:
1865         * offlineasm/x86.rb:
1866         * wtf/Platform.h:
1867
1868 2012-03-10  Yong Li  <yoli@rim.com>
1869
1870         Web Worker crashes with WX_EXCLUSIVE
1871         https://bugs.webkit.org/show_bug.cgi?id=80532
1872
1873         Let each JS global object own a meta allocator
1874         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
1875         Also fix a mutex leak in MetaAllocator's dtor.
1876
1877         Reviewed by Filip Pizlo.
1878
1879         * jit/ExecutableAllocator.cpp:
1880         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
1881         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
1882         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
1883         (DemandExecutableAllocator):
1884         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
1885         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
1886         (JSC::DemandExecutableAllocator::allocateNewSpace):
1887         (JSC::DemandExecutableAllocator::allocators):
1888         (JSC::DemandExecutableAllocator::allocatorsMutex):
1889         (JSC):
1890         (JSC::ExecutableAllocator::initializeAllocator):
1891         (JSC::ExecutableAllocator::ExecutableAllocator):
1892         (JSC::ExecutableAllocator::underMemoryPressure):
1893         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1894         (JSC::ExecutableAllocator::allocate):
1895         (JSC::ExecutableAllocator::committedByteCount):
1896         (JSC::ExecutableAllocator::dumpProfile):
1897         * jit/ExecutableAllocator.h:
1898         (JSC):
1899         (ExecutableAllocator):
1900         (JSC::ExecutableAllocator::allocator):
1901         * wtf/MetaAllocator.h:
1902         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
1903         * wtf/TCSpinLock.h:
1904         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
1905
1906 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1907
1908         Object.freeze broken on latest Nightly
1909         https://bugs.webkit.org/show_bug.cgi?id=80577
1910
1911         Reviewed by Oliver Hunt.
1912
1913         The problem here is that deleteProperty rejects deletion of prototype.
1914         This is correct in most cases, however defineOwnPropery is presently
1915         implemented internally to ensure the attributes change by deleting the
1916         old property, and creating a new one.
1917
1918         * runtime/JSFunction.cpp:
1919         (JSC::JSFunction::deleteProperty):
1920             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
1921
1922 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1923
1924         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
1925         https://bugs.webkit.org/show_bug.cgi?id=80663
1926
1927         Reviewed by Michael Saboff.
1928
1929         The bug here is actually that we're continuing to process the array after an exception
1930         has been thrown, and that the second value throw is overriding the first.
1931
1932         * runtime/ArrayPrototype.cpp:
1933         (JSC::arrayProtoFuncToLocaleString):
1934
1935 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
1936
1937         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
1938         https://bugs.webkit.org/show_bug.cgi?id=80080
1939
1940         Reviewed by Filip Pizlo.
1941
1942         * bytecode/SamplingTool.cpp:
1943         (JSC::SamplingRegion::Locker::Locker):
1944         (JSC::SamplingRegion::Locker::~Locker):
1945         * bytecode/SamplingTool.h:
1946         (JSC::SamplingRegion::exchangeCurrent):
1947         * wtf/Atomics.h:
1948         (WTF):
1949         (WTF::weakCompareAndSwap):
1950         (WTF::weakCompareAndSwapUIntPtr):
1951
1952 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
1953
1954         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
1955         https://bugs.webkit.org/show_bug.cgi?id=49989
1956
1957         Reviewed by Oliver Hunt.
1958
1959         Patch originally by chris reiss <christopher.reiss@nokia.com>,
1960         allow the year to appear before the timezone in date strings.
1961
1962         * wtf/DateMath.cpp:
1963         (WTF::parseDateFromNullTerminatedCharacters):
1964
1965 2012-03-09  Mark Rowe  <mrowe@apple.com>
1966
1967         Ensure that the WTF headers are copied at installhdrs time.
1968
1969         Reviewed by Dan Bernstein and Jessie Berlin.
1970
1971         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
1972         so that our script phases are invoked at installhdrs time. The only one that
1973         does any useful work at that time is the one that installs WTF headers.
1974
1975 2012-03-09  Jon Lee  <jonlee@apple.com>
1976
1977         Add support for ENABLE(LEGACY_NOTIFICATIONS)
1978         https://bugs.webkit.org/show_bug.cgi?id=80497
1979
1980         Reviewed by Adam Barth.
1981
1982         Prep for b80472: Update API for Web Notifications
1983         * Configurations/FeatureDefines.xcconfig:
1984
1985 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
1986
1987         Bash scripts should support LF endings only
1988         https://bugs.webkit.org/show_bug.cgi?id=79509
1989
1990         Reviewed by David Kilzer.
1991
1992         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
1993         * gyp/run-if-exists.sh: Added property svn:eol-style.
1994         * gyp/update-info-plist.sh: Added property svn:eol-style.
1995
1996 2012-03-09  Jessie Berlin  <jberlin@apple.com>
1997
1998         Windows debug build fix.
1999
2000         * assembler/MacroAssembler.h:
2001         (JSC::MacroAssembler::shouldBlind):
2002         Fix unreachable code warnings (which we treat as errors).
2003
2004 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2005
2006         Reviewed by Zoltan Herczeg.
2007
2008         [Qt] Fix the SH4 build after r109834
2009         https://bugs.webkit.org/show_bug.cgi?id=80492
2010
2011         * assembler/MacroAssemblerSH4.h:
2012         (JSC::MacroAssemblerSH4::branchAdd32):
2013         (JSC::MacroAssemblerSH4::branchSub32):
2014
2015 2012-03-09  Andy Wingo  <wingo@igalia.com>
2016
2017         Refactor code feature analysis in the parser
2018         https://bugs.webkit.org/show_bug.cgi?id=79112
2019
2020         Reviewed by Geoffrey Garen.
2021
2022         This commit refactors the parser to more uniformly propagate flag
2023         bits down and up the parse process, as the parser descends and
2024         returns into nested blocks.  Some flags get passed town to
2025         subscopes, some apply to specific scopes only, and some get
2026         unioned up after parsing subscopes.
2027
2028         The goal is to eventually be very precise with scoping
2029         information, once we have block scopes: one block scope might use
2030         `eval', which would require the emission of a symbol table within
2031         that block and containing blocks, whereas another block in the
2032         same function might not, allowing us to not emit a symbol table.
2033
2034         * parser/Nodes.h:
2035         (JSC::ScopeFlags): Rename from CodeFeatures.
2036         (JSC::ScopeNode::addScopeFlags):
2037         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2038         (JSC::ScopeNode::isStrictMode):
2039         (JSC::ScopeNode::usesEval):
2040         (JSC::ScopeNode::usesArguments):
2041         (JSC::ScopeNode::setUsesArguments):
2042         (JSC::ScopeNode::usesThis):
2043         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2044         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2045         operate on the m_scopeFlags member.
2046         (JSC::ScopeNode::source):
2047         (JSC::ScopeNode::sourceURL):
2048         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2049         semantic change.
2050         (JSC::ScopeNode::ScopeNode)
2051         (JSC::ProgramNode::ProgramNode)
2052         (JSC::EvalNode::EvalNode)
2053         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2054         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2055
2056         * parser/Nodes.cpp:
2057         (JSC::ScopeNode::ScopeNode):
2058         (JSC::ProgramNode::ProgramNode):
2059         (JSC::ProgramNode::create):
2060         (JSC::EvalNode::EvalNode):
2061         (JSC::EvalNode::create):
2062         (JSC::FunctionBodyNode::FunctionBodyNode):
2063         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2064
2065         * parser/ASTBuilder.h:
2066         (JSC::ASTBuilder::ASTBuilder):
2067         (JSC::ASTBuilder::thisExpr):
2068         (JSC::ASTBuilder::createResolve):
2069         (JSC::ASTBuilder::createFunctionBody):
2070         (JSC::ASTBuilder::createFuncDeclStatement):
2071         (JSC::ASTBuilder::createTryStatement):
2072         (JSC::ASTBuilder::createWithStatement):
2073         (JSC::ASTBuilder::addVar):
2074         (JSC::ASTBuilder::Scope::Scope):
2075         (Scope):
2076         (ASTBuilder):
2077         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2078         features here.  Instead rely on the base Parser mechanism to track
2079         features.
2080
2081         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2082
2083         * parser/Parser.h:
2084         (JSC::Scope::Scope): Manage scope through flags, not
2085         bit-booleans.  This lets us uniformly propagate them up and down.
2086         (JSC::Scope::declareWrite):
2087         (JSC::Scope::declareParameter):
2088         (JSC::Scope::useVariable):
2089         (JSC::Scope::collectFreeVariables):
2090         (JSC::Scope::getCapturedVariables):
2091         (JSC::Scope::saveFunctionInfo):
2092         (JSC::Scope::restoreFunctionInfo):
2093         (JSC::Parser::pushScope): Adapt to use scope flags and their
2094         accessors instead of bit-booleans.
2095         * parser/Parser.cpp:
2096         (JSC::::Parser):
2097         (JSC::::parseInner):
2098         (JSC::::didFinishParsing):
2099         (JSC::::parseSourceElements):
2100         (JSC::::parseVarDeclarationList):
2101         (JSC::::parseConstDeclarationList):
2102         (JSC::::parseWithStatement):
2103         (JSC::::parseTryStatement):
2104         (JSC::::parseFunctionBody):
2105         (JSC::::parseFunctionInfo):
2106         (JSC::::parseFunctionDeclaration):
2107         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2108         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2109         Does not seem to have a performance impact.
2110
2111         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2112         Cache the scopeflags.
2113         * parser/SyntaxChecker.h: Remove evalCount() decl.
2114
2115         * runtime/Executable.cpp:
2116         (JSC::EvalExecutable::compileInternal):
2117         (JSC::ProgramExecutable::compileInternal):
2118         (JSC::FunctionExecutable::produceCodeBlockFor):
2119         * runtime/Executable.h:
2120         (JSC::ScriptExecutable::ScriptExecutable):
2121         (JSC::ScriptExecutable::usesEval):
2122         (JSC::ScriptExecutable::usesArguments):
2123         (JSC::ScriptExecutable::needsActivation):
2124         (JSC::ScriptExecutable::isStrictMode):
2125         (JSC::ScriptExecutable::recordParse):
2126         (ScriptExecutable): ScopeFlags, not features.
2127
2128 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2129
2130         Build fix for MSVC after r110266
2131
2132         Unreviewed. A #ifdef for MSVC was left over in r110266.
2133
2134         * runtime/RegExpObject.h:
2135         (RegExpObject):
2136
2137 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2138
2139         Allocate the RegExpObject's data with the Cell
2140         https://bugs.webkit.org/show_bug.cgi?id=80654
2141
2142         Reviewed by Gavin Barraclough.
2143
2144         This patch removes the creation of RegExpObject's data to avoid the overhead
2145         create by the allocation and destruction.
2146
2147         We RegExp are created repeatedly, this provides some performance improvment.
2148         The PeaceKeeper test stringDetectBrowser improves by 10%.
2149
2150         * runtime/RegExpObject.cpp:
2151         (JSC::RegExpObject::RegExpObject):
2152         (JSC::RegExpObject::visitChildren):
2153         (JSC::RegExpObject::getOwnPropertyDescriptor):
2154         (JSC::RegExpObject::defineOwnProperty):
2155         (JSC::RegExpObject::match):
2156         * runtime/RegExpObject.h:
2157         (JSC::RegExpObject::setRegExp):
2158         (JSC::RegExpObject::regExp):
2159         (JSC::RegExpObject::setLastIndex):
2160         (JSC::RegExpObject::getLastIndex):
2161         (RegExpObject):
2162
2163 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2164
2165         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2166         https://bugs.webkit.org/show_bug.cgi?id=80657
2167         
2168         Preparation for WTF separation from JavaScriptCore.
2169         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2170         dependencies for generated files.
2171         
2172         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2173         versions of the WTF code independent of the JavaScriptCore code.
2174
2175         Reviewed by Jessie Berlin.
2176
2177         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2178         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2179         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2180         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2181         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2182         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2183         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2184         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2185         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2186         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2187         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2188         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2189         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2190         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2191         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2192         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2193         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2194         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2195         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2196         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2197         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2198
2199 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2200
2201         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2202         https://bugs.webkit.org/show_bug.cgi?id=80652
2203
2204         Reviewed by Eric Seidel.
2205
2206         Fix the header, URLSegments.h is not part of the API.
2207
2208         * wtf/url/api/ParsedURL.h:
2209
2210 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2211
2212         Mac build fix for micro data API.
2213
2214         * Configurations/FeatureDefines.xcconfig:
2215
2216 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2217
2218         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2219         https://bugs.webkit.org/show_bug.cgi?id=26890
2220
2221         Reviewed by Oliver Hunt.
2222
2223         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2224
2225         * runtime/StringPrototype.cpp:
2226         (JSC::replaceUsingRegExpSearch):
2227         (JSC::stringProtoFuncMatch):
2228             - added calls to setLastIndex.
2229
2230 2012-03-08  Matt Lilek  <mrl@apple.com>
2231
2232         Don't enable VIDEO_TRACK on all OS X platforms
2233         https://bugs.webkit.org/show_bug.cgi?id=80635
2234
2235         Reviewed by Eric Carlson.
2236
2237         * Configurations/FeatureDefines.xcconfig:
2238
2239 2012-03-08  Oliver Hunt  <oliver@apple.com>
2240
2241         Build fix.  That day is not today.
2242
2243         * assembler/MacroAssembler.h:
2244         (JSC::MacroAssembler::shouldBlind):
2245         * assembler/MacroAssemblerX86Common.h:
2246         (MacroAssemblerX86Common):
2247         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2248
2249 2012-03-08  Oliver Hunt  <oliver@apple.com>
2250
2251         Build fix. One of these days I'll manage to commit something that works everywhere.
2252
2253         * assembler/AbstractMacroAssembler.h:
2254         (AbstractMacroAssembler):
2255         * assembler/MacroAssemblerARMv7.h:
2256         (MacroAssemblerARMv7):
2257         * assembler/MacroAssemblerX86Common.h:
2258         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2259         (MacroAssemblerX86Common):
2260
2261 2012-03-08  Chao-ying Fu  <fu@mips.com>
2262
2263         Update MIPS patchOffsetGetByIdSlowCaseCall
2264         https://bugs.webkit.org/show_bug.cgi?id=80302
2265
2266         Reviewed by Oliver Hunt.
2267
2268         * jit/JIT.h:
2269         (JIT):
2270
2271 2012-03-08  Oliver Hunt  <oliver@apple.com>
2272
2273         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2274         https://bugs.webkit.org/show_bug.cgi?id=80633
2275
2276         Reviewed by Gavin Barraclough.
2277
2278         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2279         if there isn't a machine specific implementation (otherwise the 64bit value
2280         got truncated and 32bit checks were used -- leaving 32bits untested).
2281         Also add a bit of logic to ensure that we don't try to blind a few common
2282         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2283         unencoded doubles with common "safe" values.
2284
2285         * assembler/AbstractMacroAssembler.h:
2286         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2287         * assembler/MacroAssembler.h:
2288         (JSC::MacroAssembler::shouldBlindDouble):
2289         (MacroAssembler):
2290         (JSC::MacroAssembler::shouldBlind):
2291         * assembler/MacroAssemblerX86Common.h:
2292         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2293
2294 2012-03-08  Mark Rowe  <mrowe@apple.com>
2295
2296         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2297
2298         Reviewed by Dan Bernstein.
2299
2300         * Configurations/Base.xcconfig:
2301
2302 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2303
2304         Fix line endings for copy-files.cmd.
2305         
2306         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2307         In this case, the label :clean wasn't found, breaking the clean build.
2308         
2309         Reviewed by Jessie Berlin.
2310
2311         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2312
2313 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2314
2315         DFG CFA incorrectly handles ValueToInt32
2316         https://bugs.webkit.org/show_bug.cgi?id=80568
2317
2318         Reviewed by Gavin Barraclough.
2319         
2320         Changed it match exactly the decision pattern used in
2321         DFG::SpeculativeJIT::compileValueToInt32
2322
2323         * dfg/DFGAbstractState.cpp:
2324         (JSC::DFG::AbstractState::execute):
2325
2326 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2327
2328         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2329         https://bugs.webkit.org/show_bug.cgi?id=80524
2330
2331         Reviewed by Simon Hausmann.
2332
2333         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2334         of WTF library.
2335
2336         * runtime/Identifier.cpp:
2337         * wtf/WTFThreadData.cpp:
2338         (JSC):
2339         (JSC::IdentifierTable::~IdentifierTable):
2340         (JSC::IdentifierTable::add):
2341
2342 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2343
2344         DFG instruction count threshold should be lifted to 10000
2345         https://bugs.webkit.org/show_bug.cgi?id=80579
2346
2347         Reviewed by Gavin Barraclough.
2348
2349         * runtime/Options.cpp:
2350         (JSC::Options::initializeOptions):
2351
2352 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2353
2354         Incorrect tracking of abstract values of variables forced double
2355         https://bugs.webkit.org/show_bug.cgi?id=80566
2356         <rdar://problem/11001442>
2357
2358         Reviewed by Gavin Barraclough.
2359
2360         * dfg/DFGAbstractState.cpp:
2361         (JSC::DFG::AbstractState::mergeStateAtTail):
2362
2363 2012-03-07  Chao-yng Fu  <fu@mips.com>
2364
2365         [Qt] Fix the MIPS/SH4 build after r109834
2366         https://bugs.webkit.org/show_bug.cgi?id=80492
2367
2368         Reviewed by Oliver Hunt.
2369
2370         Implement three-argument branch(Add,Sub)32.
2371
2372         * assembler/MacroAssemblerMIPS.h:
2373         (JSC::MacroAssemblerMIPS::add32):
2374         (MacroAssemblerMIPS):
2375         (JSC::MacroAssemblerMIPS::sub32):
2376         (JSC::MacroAssemblerMIPS::branchAdd32):
2377         (JSC::MacroAssemblerMIPS::branchSub32):
2378
2379 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2380
2381         Unreviewed, rolling out r110127.
2382         http://trac.webkit.org/changeset/110127
2383         https://bugs.webkit.org/show_bug.cgi?id=80562
2384
2385         compile failed on AppleWin (Requested by ukai on #webkit).
2386
2387         * heap/Heap.cpp:
2388         (JSC::Heap::collectAllGarbage):
2389         * heap/Heap.h:
2390         (JSC):
2391         (Heap):
2392         * runtime/Executable.cpp:
2393         (JSC::FunctionExecutable::FunctionExecutable):
2394         (JSC::FunctionExecutable::finalize):
2395         * runtime/Executable.h:
2396         (FunctionExecutable):
2397         (JSC::FunctionExecutable::create):
2398         * runtime/JSGlobalData.cpp:
2399         (WTF):
2400         (Recompiler):
2401         (WTF::Recompiler::operator()):
2402         (JSC::JSGlobalData::recompileAllJSFunctions):
2403         (JSC):
2404         * runtime/JSGlobalData.h:
2405         (JSGlobalData):
2406         * runtime/JSGlobalObject.cpp:
2407         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2408
2409 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2410
2411         The end atom of the marked block considered to filter invalid cells
2412         https://bugs.webkit.org/show_bug.cgi?id=79191
2413
2414         Reviewed by Geoffrey Garen.
2415
2416         Register file could have stale pointers beyond the end atom of marked block.
2417         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2418
2419         * heap/MarkedBlock.h:
2420         (JSC::MarkedBlock::isLiveCell):
2421
2422 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2423
2424         Clean Windows build fails after r110033
2425         https://bugs.webkit.org/show_bug.cgi?id=80553
2426
2427         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2428
2429         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2430         Place the implementation files next to their header files in the wtf/text subdirectory.
2431         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2432         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2433         Update the path to those implementation files.
2434         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2435         Ditto.
2436
2437 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2438
2439         Eliminate redundant Phis in DFG
2440         https://bugs.webkit.org/show_bug.cgi?id=80415
2441
2442         Reviewed by Filip Pizlo.
2443
2444         Although this may not have any advantage at current stage, this is towards
2445         minimal SSA to make more high level optimizations (like bug 76770) easier.
2446         We have the choices either to build minimal SSA from scratch or to
2447         keep current simple Phi insertion mechanism and remove the redundancy
2448         in another phase. Currently we choose the latter because the change
2449         could be smaller.
2450
2451         * CMakeLists.txt:
2452         * GNUmakefile.list.am:
2453         * JavaScriptCore.xcodeproj/project.pbxproj:
2454         * Target.pri:
2455         * dfg/DFGDriver.cpp:
2456         (JSC::DFG::compile):
2457         * dfg/DFGGraph.cpp:
2458         (JSC::DFG::Graph::dump):
2459         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2460         (DFG):
2461         (RedundantPhiEliminationPhase):
2462         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2463         (JSC::DFG::RedundantPhiEliminationPhase::run):
2464         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2465         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2466         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2467         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2468         (JSC::DFG::performRedundantPhiElimination):
2469         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2470         (DFG):
2471
2472 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2473
2474         Refactor recompileAllJSFunctions() to be less expensive
2475         https://bugs.webkit.org/show_bug.cgi?id=80330
2476
2477         Reviewed by Geoffrey Garen.
2478
2479         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2480         load performance, which currently does at least a couple full GCs per navigation.
2481
2482         * heap/Heap.cpp:
2483         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2484         because the function doesn't actually recompile anything (and never did); it simply throws code
2485         away for it to be recompiled later if we determine we should do so.
2486         (JSC):
2487         (JSC::Heap::collectAllGarbage):
2488         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2489         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2490         * heap/Heap.h:
2491         (JSC):
2492         (Heap):
2493         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2494         be used in DoublyLinkedLists.
2495         (JSC::FunctionExecutable::FunctionExecutable):
2496         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
2497         * runtime/Executable.h:
2498         (FunctionExecutable):
2499         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
2500         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
2501         the list of FunctionExecutables.
2502         * runtime/JSGlobalData.h:
2503         (JSGlobalData):
2504         * runtime/JSGlobalObject.cpp:
2505         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
2506
2507 2012-03-06  Oliver Hunt  <oliver@apple.com>
2508
2509         Further harden 64-bit JIT
2510         https://bugs.webkit.org/show_bug.cgi?id=80457
2511
2512         Reviewed by Filip Pizlo.
2513
2514         This patch implements blinding for ImmPtr.  Rather than xor based blinding
2515         we perform randomised pointer rotations in order to avoid the significant
2516         cost in executable memory that would otherwise be necessary (and to avoid
2517         the need for an additional scratch register in some cases).
2518
2519         As with the prior blinding patch there's a moderate amount of noise as we
2520         correct the use of ImmPtr vs. TrustedImmPtr.
2521
2522         * assembler/AbstractMacroAssembler.h:
2523         (ImmPtr):
2524         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
2525         * assembler/MacroAssembler.h:
2526         (MacroAssembler):
2527         (JSC::MacroAssembler::storePtr):
2528         (JSC::MacroAssembler::branchPtr):
2529         (JSC::MacroAssembler::shouldBlind):
2530         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
2531         (RotatedImmPtr):
2532         (JSC::MacroAssembler::rotationBlindConstant):
2533         (JSC::MacroAssembler::loadRotationBlindedConstant):
2534         (JSC::MacroAssembler::convertInt32ToDouble):
2535         (JSC::MacroAssembler::move):
2536         (JSC::MacroAssembler::poke):
2537         * assembler/MacroAssemblerARMv7.h:
2538         (JSC::MacroAssemblerARMv7::storeDouble):
2539         (JSC::MacroAssemblerARMv7::branchAdd32):
2540         * assembler/MacroAssemblerX86_64.h:
2541         (MacroAssemblerX86_64):
2542         (JSC::MacroAssemblerX86_64::rotateRightPtr):
2543         (JSC::MacroAssemblerX86_64::xorPtr):
2544         * assembler/X86Assembler.h:
2545         (X86Assembler):
2546         (JSC::X86Assembler::xorq_rm):
2547         (JSC::X86Assembler::rorq_i8r):
2548         * dfg/DFGCCallHelpers.h:
2549         (CCallHelpers):
2550         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2551         * dfg/DFGOSRExitCompiler32_64.cpp:
2552         (JSC::DFG::OSRExitCompiler::compileExit):
2553         * dfg/DFGOSRExitCompiler64.cpp:
2554         (JSC::DFG::OSRExitCompiler::compileExit):
2555         * dfg/DFGSpeculativeJIT.cpp:
2556         (JSC::DFG::SpeculativeJIT::createOSREntries):
2557         * dfg/DFGSpeculativeJIT.h:
2558         (JSC::DFG::SpeculativeJIT::silentFillGPR):
2559         (JSC::DFG::SpeculativeJIT::callOperation):
2560         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
2561         * dfg/DFGSpeculativeJIT32_64.cpp:
2562         (JSC::DFG::SpeculativeJIT::compile):
2563         * dfg/DFGSpeculativeJIT64.cpp:
2564         (JSC::DFG::SpeculativeJIT::fillInteger):
2565         (JSC::DFG::SpeculativeJIT::fillDouble):
2566         (JSC::DFG::SpeculativeJIT::fillJSValue):
2567         (JSC::DFG::SpeculativeJIT::emitCall):
2568         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2569         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2570         (JSC::DFG::SpeculativeJIT::emitBranch):
2571         * jit/JIT.cpp:
2572         (JSC::JIT::emitOptimizationCheck):
2573         * jit/JITArithmetic32_64.cpp:
2574         (JSC::JIT::emitSlow_op_post_inc):
2575         * jit/JITInlineMethods.h:
2576         (JSC::JIT::emitValueProfilingSite):
2577         (JSC::JIT::emitGetVirtualRegister):
2578         * jit/JITOpcodes.cpp:
2579         (JSC::JIT::emit_op_mov):
2580         (JSC::JIT::emit_op_new_object):
2581         (JSC::JIT::emit_op_strcat):
2582         (JSC::JIT::emit_op_ensure_property_exists):
2583         (JSC::JIT::emit_op_resolve_skip):
2584         (JSC::JIT::emitSlow_op_resolve_global):
2585         (JSC::JIT::emit_op_resolve_with_base):
2586         (JSC::JIT::emit_op_resolve_with_this):
2587         (JSC::JIT::emit_op_jmp_scopes):
2588         (JSC::JIT::emit_op_switch_imm):
2589         (JSC::JIT::emit_op_switch_char):
2590         (JSC::JIT::emit_op_switch_string):
2591         (JSC::JIT::emit_op_throw_reference_error):
2592         (JSC::JIT::emit_op_debug):
2593         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
2594         (JSC::JIT::emit_op_new_array):
2595         (JSC::JIT::emitSlow_op_new_array):
2596         (JSC::JIT::emit_op_new_array_buffer):
2597         * jit/JITOpcodes32_64.cpp:
2598         (JSC::JIT::emit_op_new_object):
2599         (JSC::JIT::emit_op_strcat):
2600         (JSC::JIT::emit_op_ensure_property_exists):
2601         (JSC::JIT::emit_op_resolve_skip):
2602         (JSC::JIT::emitSlow_op_resolve_global):
2603         (JSC::JIT::emit_op_resolve_with_base):
2604         (JSC::JIT::emit_op_resolve_with_this):
2605         (JSC::JIT::emit_op_jmp_scopes):
2606         (JSC::JIT::emit_op_switch_imm):
2607         (JSC::JIT::emit_op_switch_char):
2608         (JSC::JIT::emit_op_switch_string):
2609         * jit/JITPropertyAccess32_64.cpp:
2610         (JSC::JIT::emit_op_put_by_index):
2611         * jit/JITStubCall.h:
2612         (JITStubCall):
2613         (JSC::JITStubCall::addArgument):
2614
2615 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
2616
2617         ARM build fix.
2618
2619         Reviewed by Zoltan Herczeg.
2620
2621         Implement three-argument branch(Add,Sub)32.
2622
2623         * assembler/MacroAssemblerARM.h:
2624         (JSC::MacroAssemblerARM::add32):
2625         (MacroAssemblerARM):
2626         (JSC::MacroAssemblerARM::sub32):
2627         (JSC::MacroAssemblerARM::branchAdd32):
2628         (JSC::MacroAssemblerARM::branchSub32):
2629
2630 2012-03-07  Andy Wingo  <wingo@igalia.com>
2631
2632         Parser: Inline ScopeNodeData into ScopeNode
2633         https://bugs.webkit.org/show_bug.cgi?id=79776
2634
2635         Reviewed by Geoffrey Garen.
2636
2637         It used to be that some ScopeNode members were kept in a separate
2638         structure because sometimes they wouldn't be needed, and
2639         allocating a ParserArena was expensive.  This patch makes
2640         ParserArena lazily allocate its IdentifierArena, allowing the
2641         members to be included directly, which is simpler and easier to
2642         reason about.
2643
2644         * parser/ParserArena.cpp:
2645         (JSC::ParserArena::ParserArena):
2646         (JSC::ParserArena::reset):
2647         (JSC::ParserArena::isEmpty):
2648         * parser/ParserArena.h:
2649         (JSC::ParserArena::identifierArena): Lazily allocate the
2650         IdentifierArena.
2651
2652         * parser/Nodes.cpp:
2653         (JSC::ScopeNode::ScopeNode):
2654         (JSC::ScopeNode::singleStatement):
2655         (JSC::ProgramNode::create):
2656         (JSC::EvalNode::create):
2657         (JSC::FunctionBodyNode::create):
2658         * parser/Nodes.h:
2659         (JSC::ScopeNode::destroyData):
2660         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2661         (JSC::ScopeNode::needsActivation):
2662         (JSC::ScopeNode::hasCapturedVariables):
2663         (JSC::ScopeNode::capturedVariableCount):
2664         (JSC::ScopeNode::captures):
2665         (JSC::ScopeNode::varStack):
2666         (JSC::ScopeNode::functionStack):
2667         (JSC::ScopeNode::neededConstants):
2668         (ScopeNode):
2669         * bytecompiler/NodesCodegen.cpp:
2670         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
2671         into ScopeNode.  Adapt accessors.
2672
2673 2012-03-06  Eric Seidel  <eric@webkit.org>
2674
2675         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
2676         https://bugs.webkit.org/show_bug.cgi?id=80363
2677
2678         Reviewed by Mark Rowe.
2679
2680         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
2681         its headers have appeared as part of the "private" headers exported by
2682         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
2683         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
2684         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
2685
2686         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
2687         own directory and project.  As part of such, the WTF headers will no longer be part of
2688         the JavaScriptCore private interfaces.
2689         In preparation for that, this change makes both the Mac and Win builds export
2690         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
2691         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
2692
2693         There are 5 parts to this change.
2694         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
2695             (and header directories) into the appropriate places in the build directory.
2696         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
2697             (WebCore, WebKit, etc. had already been taught to look in previous patches).
2698         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
2699             using fully qualified paths.
2700         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
2701         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
2702
2703         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
2704         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
2705         headers, those will have to be updated to use <wtf/Foo.h> after this change.
2706         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
2707         are ready for (and interested in) this change happening.
2708
2709         * API/tests/JSNode.c:
2710         * API/tests/JSNodeList.c:
2711         * Configurations/Base.xcconfig:
2712         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2713         * JavaScriptCore.xcodeproj/project.pbxproj:
2714         * assembler/MacroAssemblerCodeRef.h:
2715         * bytecompiler/BytecodeGenerator.h:
2716         * dfg/DFGOperations.cpp:
2717         * heap/GCAssertions.h:
2718         * heap/HandleHeap.h:
2719         * heap/HandleStack.h:
2720         * heap/MarkedSpace.h:
2721         * heap/PassWeak.h:
2722         * heap/Strong.h:
2723         * heap/Weak.h:
2724         * jit/HostCallReturnValue.cpp:
2725         * jit/JIT.cpp:
2726         * jit/JITStubs.cpp:
2727         * jit/ThunkGenerators.cpp:
2728         * parser/Lexer.cpp:
2729         * runtime/Completion.cpp:
2730         * runtime/Executable.cpp:
2731         * runtime/Identifier.h:
2732         * runtime/InitializeThreading.cpp:
2733         * runtime/JSDateMath.cpp:
2734         * runtime/JSGlobalObjectFunctions.cpp:
2735         * runtime/JSStringBuilder.h:
2736         * runtime/JSVariableObject.h:
2737         * runtime/NumberPrototype.cpp:
2738         * runtime/WriteBarrier.h:
2739         * tools/CodeProfile.cpp:
2740         * tools/TieredMMapArray.h:
2741         * wtf/AVLTree.h:
2742         * wtf/Alignment.h:
2743         * wtf/AlwaysInline.h:
2744         * wtf/ArrayBufferView.h:
2745         * wtf/Assertions.h:
2746         * wtf/Atomics.h:
2747         * wtf/Bitmap.h:
2748         * wtf/BoundsCheckedPointer.h:
2749         * wtf/CheckedArithmetic.h:
2750         * wtf/Deque.h:
2751         * wtf/ExportMacros.h:
2752         * wtf/FastAllocBase.h:
2753         * wtf/FastMalloc.h:
2754         * wtf/Float32Array.h:
2755         * wtf/Float64Array.h:
2756         * wtf/Functional.h:
2757         * wtf/HashCountedSet.h:
2758         * wtf/HashFunctions.h:
2759         * wtf/HashMap.h:
2760         * wtf/HashSet.h:
2761         * wtf/HashTable.h:
2762         * wtf/HashTraits.h:
2763         * wtf/Int16Array.h:
2764         * wtf/Int32Array.h:
2765         * wtf/Int8Array.h:
2766         * wtf/IntegralTypedArrayBase.h:
2767         * wtf/ListHashSet.h:
2768         * wtf/MainThread.h:
2769         * wtf/MetaAllocator.h:
2770         * wtf/Noncopyable.h:
2771         * wtf/OwnArrayPtr.h:
2772         * wtf/OwnPtr.h:
2773         * wtf/PackedIntVector.h:
2774         * wtf/ParallelJobs.h:
2775         * wtf/PassOwnArrayPtr.h:
2776         * wtf/PassOwnPtr.h:
2777         * wtf/PassRefPtr.h:
2778         * wtf/PassTraits.h:
2779         * wtf/Platform.h:
2780         * wtf/PossiblyNull.h:
2781         * wtf/RefCounted.h:
2782         * wtf/RefCountedLeakCounter.h:
2783         * wtf/RefPtr.h:
2784         * wtf/RetainPtr.h:
2785         * wtf/SimpleStats.h:
2786         * wtf/Spectrum.h:
2787         * wtf/StdLibExtras.h:
2788         * wtf/TCPageMap.h:
2789         * wtf/TemporaryChange.h:
2790         * wtf/ThreadSafeRefCounted.h:
2791         * wtf/Threading.h:
2792         * wtf/ThreadingPrimitives.h:
2793         * wtf/TypeTraits.h:
2794         * wtf/TypedArrayBase.h:
2795         * wtf/Uint16Array.h:
2796         * wtf/Uint32Array.h:
2797         * wtf/Uint8Array.h:
2798         * wtf/Uint8ClampedArray.h:
2799         * wtf/UnusedParam.h:
2800         * wtf/Vector.h:
2801         * wtf/VectorTraits.h:
2802         * wtf/dtoa/double-conversion.h:
2803         * wtf/dtoa/utils.h:
2804         * wtf/gobject/GRefPtr.h:
2805         * wtf/gobject/GlibUtilities.h:
2806         * wtf/text/AtomicString.h:
2807         * wtf/text/AtomicStringImpl.h:
2808         * wtf/text/CString.h:
2809         * wtf/text/StringConcatenate.h:
2810         * wtf/text/StringHash.h:
2811         * wtf/text/WTFString.h:
2812         * wtf/unicode/CharacterNames.h:
2813         * wtf/unicode/UTF8.h:
2814         * wtf/unicode/glib/UnicodeGLib.h:
2815         * wtf/unicode/qt4/UnicodeQt4.h:
2816         * wtf/unicode/wince/UnicodeWinCE.h:
2817         * wtf/url/api/ParsedURL.h:
2818         * wtf/url/api/URLString.h:
2819         * wtf/wince/FastMallocWinCE.h:
2820         * yarr/YarrJIT.cpp:
2821
2822 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2823
2824         Array.prototype functions should throw if delete fails
2825         https://bugs.webkit.org/show_bug.cgi?id=80467
2826
2827         Reviewed by Oliver Hunt.
2828
2829         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
2830         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
2831         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
2832         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
2833         routines, for handling arrays with holes. These three copies should be unified.
2834
2835         * runtime/ArrayPrototype.cpp:
2836         (JSC::shift):
2837         (JSC::unshift):
2838             - Added - shared copies of the shift/unshift functionality.
2839         (JSC::arrayProtoFuncPop):
2840             - should throw if the delete fails.
2841         (JSC::arrayProtoFuncReverse):
2842             - should throw if the delete fails.
2843         (JSC::arrayProtoFuncShift):
2844         (JSC::arrayProtoFuncSplice):
2845         (JSC::arrayProtoFuncUnShift):
2846             - use shift/unshift.
2847         * runtime/JSArray.cpp:
2848         (JSC::JSArray::shiftCount):
2849         (JSC::JSArray::unshiftCount):
2850             - Don't try to handle arrays with holes; return a value indicating
2851               the generic routine should be used instead.
2852         * runtime/JSArray.h:
2853             - declaration for shiftCount/unshiftCount changed.
2854         * tests/mozilla/js1_6/Array/regress-304828.js:
2855             - this was asserting incorrect behaviour.
2856
2857 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2858
2859         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
2860         https://bugs.webkit.org/show_bug.cgi?id=80469
2861
2862         Reviewed by Antonio Gomes.
2863
2864         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
2865         property on the library being created.
2866
2867 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
2868
2869         DFG BasicBlock should group the Phi nodes together and separate them
2870         from the other nodes
2871         https://bugs.webkit.org/show_bug.cgi?id=80361
2872
2873         Reviewed by Filip Pizlo.
2874
2875         This would make it more efficient to remove the redundant Phi nodes or
2876         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
2877         This is performance neutral on SunSpider, V8 and Kraken.
2878
2879         * dfg/DFGAbstractState.cpp:
2880         (JSC::DFG::AbstractState::clobberStructures):
2881         (JSC::DFG::AbstractState::dump):
2882         * dfg/DFGBasicBlock.h:
2883         (JSC::DFG::BasicBlock::BasicBlock):
2884         (BasicBlock):
2885         * dfg/DFGByteCodeParser.cpp:
2886         (JSC::DFG::ByteCodeParser::addToGraph):
2887         (JSC::DFG::ByteCodeParser::insertPhiNode):
2888         * dfg/DFGCFAPhase.cpp:
2889         (JSC::DFG::CFAPhase::performBlockCFA):
2890         * dfg/DFGCSEPhase.cpp:
2891         (JSC::DFG::CSEPhase::pureCSE):
2892         (JSC::DFG::CSEPhase::impureCSE):
2893         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2894         (JSC::DFG::CSEPhase::getByValLoadElimination):
2895         (JSC::DFG::CSEPhase::checkFunctionElimination):
2896         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2897         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2898         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2899         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2900         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2901         (JSC::DFG::CSEPhase::performBlockCSE):
2902         * dfg/DFGGraph.cpp:
2903         (JSC::DFG::Graph::dump):
2904         * dfg/DFGSpeculativeJIT.cpp:
2905         (JSC::DFG::SpeculativeJIT::compile):
2906
2907 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2908
2909         GCActivityCallback timer should vary with the length of the previous GC
2910         https://bugs.webkit.org/show_bug.cgi?id=80344
2911
2912         Reviewed by Geoffrey Garen.
2913
2914         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
2915         GC length so that the GC Activity Callback can use it.
2916         (JSC::Heap::Heap):
2917         (JSC::Heap::collect):
2918         * heap/Heap.h:
2919         (JSC::Heap::lastGCLength):
2920         (Heap):
2921         * runtime/GCActivityCallbackCF.cpp:
2922         (JSC):
2923         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
2924         GC to determine the length of our timer trigger (currently set at 100x the duration 
2925         of the last GC).
2926
2927 2012-03-06  Rob Buis  <rbuis@rim.com>
2928
2929         BlackBerry] Fix cast-align gcc warnings when compiling JSC
2930         https://bugs.webkit.org/show_bug.cgi?id=80420
2931
2932         Reviewed by Gavin Barraclough.
2933
2934         Fix warnings given in Blackberry build.
2935
2936         * heap/CopiedBlock.h:
2937         (JSC::CopiedBlock::CopiedBlock):
2938         * wtf/RefCountedArray.h:
2939         (WTF::RefCountedArray::Header::fromPayload):
2940
2941 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2942
2943         writable/configurable not respected for some properties of Function/String/Arguments
2944         https://bugs.webkit.org/show_bug.cgi?id=80436
2945
2946         Reviewed by Oliver Hunt.
2947
2948         Special properties should behave like regular properties.
2949
2950         * runtime/Arguments.cpp:
2951         (JSC::Arguments::defineOwnProperty):
2952             - Mis-nested logic for making read-only properties non-live.
2953         * runtime/JSFunction.cpp:
2954         (JSC::JSFunction::put):
2955             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
2956         (JSC::JSFunction::deleteProperty):
2957             - Attempting to delete prototype/caller should fail.
2958         (JSC::JSFunction::defineOwnProperty):
2959             - Ensure prototype is reified on attempt to reify it.
2960             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
2961         * runtime/JSFunction.h:
2962             - added declaration for defineOwnProperty.
2963         (JSFunction):
2964         * runtime/StringObject.cpp:
2965         (JSC::StringObject::put):
2966             - length is non-writable, non-configurable - reject appropriately.
2967
2968 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
2969
2970         TypedArray subarray call for subarray does not clamp the end index parameter properly
2971         https://bugs.webkit.org/show_bug.cgi?id=80285
2972
2973         Reviewed by Kenneth Russell.
2974
2975         * wtf/ArrayBufferView.h:
2976         (WTF::ArrayBufferView::calculateOffsetAndLength):
2977
2978 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
2979
2980         Unreviewed, rolling out r109837.
2981         http://trac.webkit.org/changeset/109837
2982         https://bugs.webkit.org/show_bug.cgi?id=80399
2983
2984         breaks Mac Productions builds, too late to try and fix it
2985         tonight (Requested by eseidel on #webkit).
2986
2987         * API/tests/JSNode.c:
2988         * API/tests/JSNodeList.c:
2989         * Configurations/Base.xcconfig:
2990         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2991         * JavaScriptCore.xcodeproj/project.pbxproj:
2992         * assembler/MacroAssemblerCodeRef.h:
2993         * bytecompiler/BytecodeGenerator.h:
2994         * dfg/DFGOperations.cpp:
2995         * heap/GCAssertions.h:
2996         * heap/HandleHeap.h:
2997         * heap/HandleStack.h:
2998         * heap/MarkedSpace.h:
2999         * heap/PassWeak.h:
3000         * heap/Strong.h:
3001         * heap/Weak.h:
3002         * jit/HostCallReturnValue.cpp:
3003         * jit/JIT.cpp:
3004         * jit/JITStubs.cpp:
3005         * jit/ThunkGenerators.cpp:
3006         * parser/Lexer.cpp:
3007         * runtime/Completion.cpp:
3008         * runtime/Executable.cpp:
3009         * runtime/Identifier.h:
3010         * runtime/InitializeThreading.cpp:
3011         * runtime/JSDateMath.cpp:
3012         * runtime/JSGlobalObjectFunctions.cpp:
3013         * runtime/JSStringBuilder.h:
3014         * runtime/JSVariableObject.h:
3015         * runtime/NumberPrototype.cpp:
3016         * runtime/WriteBarrier.h:
3017         * tools/CodeProfile.cpp:
3018         * tools/TieredMMapArray.h:
3019         * yarr/YarrJIT.cpp:
3020
3021 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3022
3023         [Qt][ARM] Speculative buildfix after r109834.
3024
3025         Reviewed by Csaba Osztrogonác.
3026
3027         * assembler/MacroAssemblerARM.h:
3028         (JSC::MacroAssemblerARM::and32):
3029         (MacroAssemblerARM):
3030
3031 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3032
3033         Unreviewed windows build fix pt 2.
3034
3035         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3036
3037 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3038
3039         Unreviewed windows build fix pt 1.
3040
3041         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3042
3043 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3044
3045         putByIndex should throw in strict mode
3046         https://bugs.webkit.org/show_bug.cgi?id=80335
3047
3048         Reviewed by Filip Pizlo.
3049
3050         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3051
3052         This is a largely mechanical change, simply adding an extra parameter to a number
3053         of functions. Some call sites need perform additional exception checks, and
3054         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3055
3056         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3057         an existing bug), I'll follow up with a third patch to handle that.
3058
3059         * API/JSObjectRef.cpp:
3060         (JSObjectSetPropertyAtIndex):
3061         * JSCTypedArrayStubs.h:
3062         (JSC):
3063         * dfg/DFGOperations.cpp:
3064         (JSC::DFG::putByVal):
3065         * dfg/DFGOperations.h:
3066         * dfg/DFGSpeculativeJIT32_64.cpp:
3067         (JSC::DFG::SpeculativeJIT::compile):
3068         * dfg/DFGSpeculativeJIT64.cpp:
3069         (JSC::DFG::SpeculativeJIT::compile):
3070         * interpreter/Interpreter.cpp:
3071         (JSC::Interpreter::privateExecute):
3072         * jit/JITStubs.cpp:
3073         (JSC::DEFINE_STUB_FUNCTION):
3074         * jsc.cpp:
3075         (GlobalObject::finishCreation):
3076         * llint/LLIntSlowPaths.cpp:
3077         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3078         * runtime/Arguments.cpp:
3079         (JSC::Arguments::putByIndex):
3080         * runtime/Arguments.h:
3081         (Arguments):
3082         * runtime/ArrayPrototype.cpp:
3083         (JSC::arrayProtoFuncPush):
3084         (JSC::arrayProtoFuncReverse):
3085         (JSC::arrayProtoFuncShift):
3086         (JSC::arrayProtoFuncSort):
3087         (JSC::arrayProtoFuncSplice):
3088         (JSC::arrayProtoFuncUnShift):
3089         * runtime/ClassInfo.h:
3090         (MethodTable):
3091         * runtime/JSArray.cpp:
3092         (JSC::SparseArrayValueMap::put):
3093         (JSC::JSArray::put):
3094         (JSC::JSArray::putByIndex):
3095         (JSC::JSArray::putByIndexBeyondVectorLength):
3096         (JSC::JSArray::push):
3097         (JSC::JSArray::shiftCount):
3098         (JSC::JSArray::unshiftCount):
3099         * runtime/JSArray.h:
3100         (SparseArrayValueMap):
3101         (JSArray):
3102         * runtime/JSByteArray.cpp:
3103         (JSC::JSByteArray::putByIndex):
3104         * runtime/JSByteArray.h:
3105         (JSByteArray):
3106         * runtime/JSCell.cpp:
3107         (JSC::JSCell::putByIndex):
3108         * runtime/JSCell.h:
3109         (JSCell):
3110         * runtime/JSNotAnObject.cpp:
3111         (JSC::JSNotAnObject::putByIndex):
3112         * runtime/JSNotAnObject.h:
3113         (JSNotAnObject):
3114         * runtime/JSONObject.cpp:
3115         (JSC::Walker::walk):
3116         * runtime/JSObject.cpp:
3117         (JSC::JSObject::putByIndex):
3118         * runtime/JSObject.h:
3119         (JSC::JSValue::putByIndex):
3120         * runtime/RegExpConstructor.cpp:
3121         (JSC::RegExpMatchesArray::fillArrayInstance):
3122         * runtime/RegExpMatchesArray.h:
3123         (JSC::RegExpMatchesArray::putByIndex):
3124         * runtime/StringPrototype.cpp:
3125         (JSC::stringProtoFuncSplit):
3126
3127 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3128
3129         PredictNone is incorrectly treated as isDoublePrediction
3130         https://bugs.webkit.org/show_bug.cgi?id=80365
3131
3132         Reviewed by Filip Pizlo.
3133
3134         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3135
3136         * bytecode/PredictedType.h:
3137         (JSC::isFixedIndexedStorageObjectPrediction):
3138         (JSC::isDoublePrediction):
3139
3140 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3141
3142         The LLInt should work even when the JIT is disabled
3143         https://bugs.webkit.org/show_bug.cgi?id=80340
3144         <rdar://problem/10922235>
3145
3146         Reviewed by Gavin Barraclough.
3147
3148         * assembler/MacroAssemblerCodeRef.h:
3149         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3150         (MacroAssemblerCodeRef):
3151         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3152         * interpreter/Interpreter.cpp:
3153         (JSC::Interpreter::initialize):
3154         (JSC::Interpreter::execute):
3155         (JSC::Interpreter::executeCall):
3156         (JSC::Interpreter::executeConstruct):
3157         * jit/JIT.h:
3158         (JSC::JIT::compileCTINativeCall):
3159         * jit/JITStubs.h:
3160         (JSC::JITThunks::ctiNativeCall):
3161         (JSC::JITThunks::ctiNativeConstruct):
3162         * llint/LLIntEntrypoints.cpp:
3163         (JSC::LLInt::getFunctionEntrypoint):
3164         (JSC::LLInt::getEvalEntrypoint):
3165         (JSC::LLInt::getProgramEntrypoint):
3166         * llint/LLIntSlowPaths.cpp:
3167         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3168         (LLInt):
3169         * llint/LLIntSlowPaths.h:
3170         (LLInt):
3171         * llint/LowLevelInterpreter.h:
3172         * llint/LowLevelInterpreter32_64.asm:
3173         * runtime/Executable.h:
3174         (NativeExecutable):
3175         (JSC::NativeExecutable::create):
3176         (JSC::NativeExecutable::finishCreation):
3177         * runtime/JSGlobalData.cpp:
3178         (JSC::JSGlobalData::JSGlobalData):
3179         * runtime/JSGlobalData.h:
3180         (JSGlobalData):
3181         * runtime/Options.cpp:
3182         (Options):
3183         (JSC::Options::parse):
3184         (JSC::Options::initializeOptions):
3185         * runtime/Options.h:
3186         (Options):
3187         * wtf/Platform.h:
3188
3189 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3190
3191         Checks for dead variables are not sufficient when fixing the expected
3192         values in DFG OSR entry
3193         https://bugs.webkit.org/show_bug.cgi?id=80371
3194
3195         Reviewed by Filip Pizlo.
3196
3197         A dead variable should be identified when there's no node referencing it.
3198         But we currently failed to catch the case where there are some nodes
3199         referencing a variable but those nodes are actually not referenced by
3200         others so will be ignored in code generation. In such case we should
3201         also consider that variable to be a dead variable in the block and fix
3202         the expected values.
3203         This is performance neutral on SunSpider, V8 and Kraken.
3204
3205         * dfg/DFGJITCompiler.h:
3206         (JSC::DFG::JITCompiler::noticeOSREntry):
3207
3208 2012-03-05  Oliver Hunt  <oliver@apple.com>
3209
3210         Fix Qt build.
3211
3212         * assembler/AbstractMacroAssembler.h:
3213         * assembler/MacroAssembler.h:
3214         (MacroAssembler):
3215         * dfg/DFGSpeculativeJIT.cpp:
3216         (JSC::DFG::SpeculativeJIT::compileArithSub):
3217         * jit/JITArithmetic32_64.cpp:
3218         (JSC::JIT::emitSub32Constant):
3219
3220 2012-03-05  Eric Seidel  <eric@webkit.org>
3221
3222         Update JavaScriptCore files to use fully-qualified WTF include paths
3223         https://bugs.webkit.org/show_bug.cgi?id=79960
3224
3225         Reviewed by Adam Barth.
3226
3227         This change does 5 small/related things:
3228          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
3229             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
3230             was not installing headers there.)
3231          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
3232             header search path, as that's where the WTF headers will be installed.
3233          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
3234             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
3235          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
3236             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
3237          5. Makes build-webkit build the WTF XCode project by default.
3238
3239         * API/tests/JSNode.c:
3240         * API/tests/JSNodeList.c:
3241         * Configurations/Base.xcconfig:
3242         * assembler/MacroAssemblerCodeRef.h:
3243         * bytecompiler/BytecodeGenerator.h:
3244         * dfg/DFGOperations.cpp:
3245         * heap/GCAssertions.h:
3246         * heap/HandleHeap.h:
3247         * heap/HandleStack.h:
3248         * heap/MarkedSpace.h:
3249         * heap/PassWeak.h:
3250         * heap/Strong.h:
3251         * heap/Weak.h:
3252         * jit/HostCallReturnValue.cpp:
3253         * jit/JIT.cpp:
3254         * jit/JITStubs.cpp:
3255         * jit/ThunkGenerators.cpp:
3256         * parser/Lexer.cpp:
3257         * runtime/Completion.cpp:
3258         * runtime/Executable.cpp:
3259         * runtime/Identifier.h:
3260         * runtime/InitializeThreading.cpp:
3261         * runtime/JSDateMath.cpp:
3262         * runtime/JSGlobalObjectFunctions.cpp:
3263         * runtime/JSStringBuilder.h:
3264         * runtime/JSVariableObject.h:
3265         * runtime/NumberPrototype.cpp:
3266         * runtime/WriteBarrier.h:
3267         * tools/CodeProfile.cpp:
3268         * tools/TieredMMapArray.h:
3269         * yarr/YarrJIT.cpp:
3270
3271 2012-03-05  Oliver Hunt  <oliver@apple.com>
3272
3273         Add basic support for constant blinding to the JIT
3274         https://bugs.webkit.org/show_bug.cgi?id=80354
3275
3276         Reviewed by Filip Pizlo.
3277
3278         This patch adds basic constant blinding support to the JIT, at the
3279         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
3280         get constant blinding.  Woo!
3281
3282         This patch only introduces blinding for Imm32, a later patch will do similar
3283         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
3284         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
3285         accessor that's needed to access the actual value.  This also means you cannot
3286         accidentally pass an untrusted value to a function that does not perform
3287         blinding.
3288
3289         To make everything work sensibly, this patch also corrects some code that was using
3290         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
3291         untrusted immediates, so that they call slightly different varaints of the functions
3292         that they used previously.  This is largely necessary to deal with x86-32 not having
3293         sufficient registers to handle the additional work required when we choose to blind
3294         a constant.
3295
3296         * assembler/AbstractMacroAssembler.h:
3297         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
3298         (Imm32):
3299         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
3300         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
3301         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
3302         (AbstractMacroAssembler):
3303         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
3304         (JSC::AbstractMacroAssembler::random):
3305         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
3306         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
3307         * assembler/MacroAssembler.h:
3308         (JSC::MacroAssembler::addressForPoke):
3309         (MacroAssembler):
3310         (JSC::MacroAssembler::poke):
3311         (JSC::MacroAssembler::branchPtr):
3312         (JSC::MacroAssembler::branch32):
3313         (JSC::MacroAssembler::convertInt32ToDouble):
3314         (JSC::MacroAssembler::shouldBlind):
3315         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
3316         (BlindedImm32):
3317         (JSC::MacroAssembler::keyForConstant):
3318         (JSC::MacroAssembler::xorBlindConstant):
3319         (JSC::MacroAssembler::additionBlindedConstant):
3320         (JSC::MacroAssembler::andBlindedConstant):
3321         (JSC::MacroAssembler::orBlindedConstant):
3322         (JSC::MacroAssembler::loadXorBlindedConstant):
3323         (JSC::MacroAssembler::add32):
3324         (JSC::MacroAssembler::addPtr):
3325         (JSC::MacroAssembler::and32):
3326         (JSC::MacroAssembler::andPtr):
3327         (JSC::MacroAssembler::move):
3328         (JSC::MacroAssembler::or32):
3329         (JSC::MacroAssembler::store32):
3330         (JSC::MacroAssembler::sub32):
3331         (JSC::MacroAssembler::subPtr):
3332         (JSC::MacroAssembler::xor32):
3333         (JSC::MacroAssembler::branchAdd32):
3334         (JSC::MacroAssembler::branchMul32):
3335         (JSC::MacroAssembler::branchSub32):
3336         (JSC::MacroAssembler::trustedImm32ForShift):
3337         (JSC::MacroAssembler::lshift32):
3338         (JSC::MacroAssembler::rshift32):
3339         (JSC::MacroAssembler::urshift32):
3340         * assembler/MacroAssemblerARMv7.h:
3341         (MacroAssemblerARMv7):
3342         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
3343         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
3344         * assembler/MacroAssemblerX86_64.h:
3345         (JSC::MacroAssemblerX86_64::branchSubPtr):
3346         (MacroAssemblerX86_64):
3347         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
3348         * dfg/DFGJITCompiler.cpp:
3349         (JSC::DFG::JITCompiler::linkOSRExits):
3350         (JSC::DFG::JITCompiler::compileBody):
3351         (JSC::DFG::JITCompiler::compileFunction):
3352         * dfg/DFGOSRExitCompiler32_64.cpp:
3353         (JSC::DFG::OSRExitCompiler::compileExit):
3354         * dfg/DFGOSRExitCompiler64.cpp:
3355         (JSC::DFG::OSRExitCompiler::compileExit):
3356         * dfg/DFGSpeculativeJIT.cpp:
3357         (JSC::DFG::SpeculativeJIT::compile):
3358         (JSC::DFG::SpeculativeJIT::compileArithSub):
3359         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
3360         * dfg/DFGSpeculativeJIT.h:
3361         (JSC::DFG::SpeculativeJIT::callOperation):
3362         * dfg/DFGSpeculativeJIT32_64.cpp:
3363         (JSC::DFG::SpeculativeJIT::emitCall):
3364         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3365         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3366         (JSC::DFG::SpeculativeJIT::compile):
3367         * dfg/DFGSpeculativeJIT64.cpp:
3368         (JSC::DFG::SpeculativeJIT::emitCall):
3369         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3370         (JSC::DFG::SpeculativeJIT::compile):
3371         * jit/JIT.cpp:
3372         (JSC::JIT::privateCompileSlowCases):
3373         (JSC::JIT::privateCompile):
3374         * jit/JITArithmetic.cpp:
3375         (JSC::JIT::compileBinaryArithOp):
3376         (JSC::JIT::emit_op_add):
3377         (JSC::JIT::emit_op_mul):
3378         (JSC::JIT::emit_op_div):
3379         * jit/JITArithmetic32_64.cpp:
3380         (JSC::JIT::emitAdd32Constant):
3381         (JSC::JIT::emitSub32Constant):
3382         (JSC::JIT::emitBinaryDoubleOp):
3383         (JSC::JIT::emitSlow_op_mul):
3384         (JSC::JIT::emit_op_div):
3385         * jit/JITCall.cpp:
3386         (JSC::JIT::compileLoadVarargs):
3387         * jit/JITCall32_64.cpp:
3388         (JSC::JIT::compileLoadVarargs):
3389         * jit/JITInlineMethods.h:
3390         (JSC::JIT::updateTopCallFrame):
3391         (JSC::JIT::emitValueProfilingSite):
3392         * jit/JITOpcodes32_64.cpp:
3393         (JSC::JIT::emitSlow_op_jfalse):
3394         (JSC::JIT::emitSlow_op_jtrue):
3395         * jit/JITStubCall.h:
3396         (JITStubCall):
3397         (JSC::JITStubCall::addArgument):
3398         * yarr/YarrJIT.cpp:
3399         (JSC::Yarr::YarrGenerator::backtrack):
3400
3401 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3402
3403         putByIndex should throw in strict mode
3404         https://bugs.webkit.org/show_bug.cgi?id=80335
3405
3406         Reviewed by Filip Pizlo.
3407
3408         We'll need to pass an additional parameter.
3409
3410         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
3411         to match the method in the MethodTable, make this take a parameter indicating
3412         whether the put should throw. This fixes the cases where the base of the put
3413         is a primitive.
3414
3415         * dfg/DFGOperations.cpp:
3416         (DFG):
3417         (JSC::DFG::putByVal):
3418         (JSC::DFG::operationPutByValInternal):
3419         * interpreter/Interpreter.cpp:
3420         (JSC::Interpreter::execute):
3421         (JSC::Interpreter::privateExecute):
3422         * jit/JITStubs.cpp:
3423         (JSC::DEFINE_STUB_FUNCTION):
3424         * llint/LLIntSlowPaths.cpp:
3425         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3426         * runtime/JSObject.h:
3427         (JSC::JSValue::putByIndex):
3428         * runtime/JSValue.cpp:
3429         (JSC):
3430         * runtime/JSValue.h: