[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2012-01-26  Csaba Osztrogonác  <ossy@webkit.org>

        [Qt][Win] Speculative buildfix after r105970.

        * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().

2012-01-26  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r105982.
        http://trac.webkit.org/changeset/105982
        https://bugs.webkit.org/show_bug.cgi?id=77090

        breaks the world (Requested by WildFox on #webkit).

        * wtf/MainThread.cpp:
        (WTF):
        * wtf/Platform.h:
        * wtf/mac/MainThreadMac.mm:
        (WTF):
        (WTF::registerGCThread):
        (WTF::isMainThreadOrGCThread):

2012-01-26  Roland Takacs  <takacs.roland@stud.u-szeged.hu>

        [Qt] GC should be parallel on Qt platform
        https://bugs.webkit.org/show_bug.cgi?id=73309

        Reviewed by Zoltan Herczeg.

        These changes made the parallel gc feature available for Qt port.
        The implementation of "registerGCThread" and "isMainThreadOrGCThread"
        is moved from MainThreadMac.mm to the common MainThread.cpp to make
        them available for other platforms.

        Measurement results:
        V8           speed-up:  1.071x as fast  [From: 746.1ms  To: 696.4ms ]
        WindScorpion speed-up:  1.082x as fast  [From: 3490.4ms To: 3226.7ms]
        V8 Splay     speed-up:  1.158x as fast  [From: 145.8ms  To: 125.9ms ]

        Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.

        * wtf/MainThread.cpp:
        (WTF):
        (WTF::registerGCThread):
        (WTF::isMainThreadOrGCThread):
        * wtf/Platform.h:
        * wtf/mac/MainThreadMac.mm:

2012-01-26  Andy Estes  <aestes@apple.com>

        REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
        https://bugs.webkit.org/show_bug.cgi?id=77073

        Reviewed by Ryosuke Niwa.
        
        r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
        This should have been changed to OS(WINDOWS). This causes the
        preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
        causing allocations made by Win32 to be deleted by fastmalloc.

        * wtf/OwnPtrCommon.h:
        (WTF): Use OS(WINDOWS) instead of OS(WIN).

2012-01-25  Mark Rowe  <mrowe@apple.com>

        Attempted Mac build fix after r105939.

        * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
        It isn't used on these platforms and isn't available in the ICU headers
        for Mac.

2012-01-25  Mark Rowe  <mrowe@apple.com>

        Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.

        <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH

        Reviewed by David Kilzer.

        * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
        the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
        to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
        * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
        the normal framework location. This prevents an incorrect install name from being used when
        installing in to the staged frameworks directory.

2012-01-25  Eli Fidler  <efidler@rim.com>

        Implement Date.toLocaleString() using ICU
        https://bugs.webkit.org/show_bug.cgi?id=76714

        Reviewed by Darin Adler.

        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate):

2012-01-25  Hajime Morita  <morrita@google.com>

        ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
        https://bugs.webkit.org/show_bug.cgi?id=76863

        Reviewed by Dimitri Glazkov.

        Added a feature flag.

        * Configurations/FeatureDefines.xcconfig:

2012-01-25  Yong Li  <yoli@rim.com>

        [BlackBerry] Implement OSAllocator::commit/decommit.
        BlackBerry port should support virtual memory decommiting.
        https://bugs.webkit.org/show_bug.cgi?id=77013

        Reviewed by Rob Buis.

        * wtf/OSAllocatorPosix.cpp:
        (WTF::OSAllocator::reserveUncommitted):
        (WTF::OSAllocator::commit):
        (WTF::OSAllocator::decommit):
        * wtf/Platform.h:

2012-01-24  Oliver Hunt  <oliver@apple.com>

        Make DFG update topCallFrame
        https://bugs.webkit.org/show_bug.cgi?id=76969

        Reviewed by Filip Pizlo.

        Add NativeCallFrameTracer to manage topCallFrame assignment
        in the DFG operations, and make use of it.

        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationPutByValInternal):
        ():
        * interpreter/Interpreter.h:
        (JSC):
        (NativeCallFrameTracer):
        (JSC::NativeCallFrameTracer::NativeCallFrameTracer):

2012-01-24  Filip Pizlo  <fpizlo@apple.com>

        Inlining breaks call frame walking when the walking is done from outside the inlinee,
        but inside a code block that had inlining
        https://bugs.webkit.org/show_bug.cgi?id=76978
        <rdar://problem/10720904>

        Reviewed by Oliver Hunt.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::codeOriginForReturn):
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::trueCallerFrame):

2012-01-24  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=76855
        Implement a JIT-code aware sampling profiler for JSC

        Reviewed by Oliver Hunt.

        Add support to MetaAllocator.cpp to track all live handles in a map,
        allowing lookup based on any address within the allocation.

        * wtf/MetaAllocator.cpp:
        (WTF::MetaAllocatorTracker::notify):
        (WTF::MetaAllocatorTracker::release):
            - Track live handle objects in a map.
        (WTF::MetaAllocator::release):
            - Removed support for handles with null m_allocator (no longer used).
            - Notify the tracker of handles being released.
        (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
            - Moved functionality out into MetaAllocator::release.
        (WTF::MetaAllocatorHandle::shrink):
            - Removed support for handles with null m_allocator (no longer used).
        (WTF::MetaAllocator::MetaAllocator):
            - Initialize m_tracker.
        (WTF::MetaAllocator::allocate):
            - Notify the tracker of new allocations.
        * wtf/MetaAllocator.h:
        (WTF::MetaAllocatorTracker::find):
            - Lookup a MetaAllocatorHandle based on an address inside the allocation.
        (WTF::MetaAllocator::trackAllocations):
            - Register a callback object to track allocation state.
        * wtf/MetaAllocatorHandle.h:
            - Remove unused createSelfManagedHandle/constructor.
        (WTF::MetaAllocatorHandle::key):
            - Added, for use in RedBlackTree.

2012-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>

        Use copying collector for out-of-line JSObject property storage
        https://bugs.webkit.org/show_bug.cgi?id=76665

        Reviewed by Geoffrey Garen.

        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
        Also added a temporary variable to avoid warnings from GCC.
        (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
        operator new. Also added a temporary variable to avoid warnings from GCC.
        * runtime/JSObject.h:

2012-01-24  Geoffrey Garen  <ggaren@apple.com>

        JSValue::toString() should return a JSString* instead of a UString
        https://bugs.webkit.org/show_bug.cgi?id=76861

        Fixed two failing layout tests after my last patch.

        Reviewed by Gavin Barraclough.

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
        in all other cases.
        
        I missed this case because the JSString* type has a valid operator<,
        so the compiler didn't complain.

2012-01-24  Kenichi Ishibashi  <bashi@chromium.org>

        [V8] Add Uint8ClampedArray support
        https://bugs.webkit.org/show_bug.cgi?id=76803

        Reviewed by Kenneth Russell.

        * wtf/ArrayBufferView.h:
        (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
        * wtf/Uint8ClampedArray.h:
        (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.

2012-01-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add WebKitDownload to WebKit2 GTK+ API
        https://bugs.webkit.org/show_bug.cgi?id=72949

        Reviewed by Martin Robinson.

        * wtf/gobject/GOwnPtr.cpp:
        (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
        * wtf/gobject/GOwnPtr.h: Add GTimer template.
        * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.

2012-01-24  Ilya Tikhonovsky  <loislo@chromium.org>

        Unreviewed build fix for Qt LinuxSH4 build after r105698.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):

2012-01-23  Geoffrey Garen  <ggaren@apple.com>

        JSValue::toString() should return a JSString* instead of a UString
        https://bugs.webkit.org/show_bug.cgi?id=76861

        Reviewed by Gavin Barraclough.
        
        This makes the common case -- toString() on a string -- faster and
        inline-able. (Not a measureable speedup, but we can now remove a bunch
        of duplicate hand-rolled code for this optimization.)
        
        This also clarifies the boundary between "C++ strings" and "JS strings".
        
        In all cases other than true, false, null, undefined, and multi-digit
        numbers, the JS runtime was just retrieving a UString from a JSString,
        so returning a JSString* is strictly better. In the other cases, we can
        optimize to avoid creating a new JSString if we care to, but it doesn't
        seem to be a big deal.

        * JavaScriptCore.exp: Export!
        
        * jsc.cpp:
        (functionPrint):
        (functionDebug):
        (functionRun):
        (functionLoad):
        (functionCheckSyntax):
        (runWithScripts):
        (runInteractive):
        * API/JSValueRef.cpp:
        (JSValueToStringCopy):
        * bytecode/CodeBlock.cpp:
        (JSC::valueToSourceString): Call value() after calling toString(), to
        convert from "JS string" (JSString*) to "C++ string" (UString), since
        toString() no longer returns a "C++ string".

        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationValueAddNotNumber):
        * jit/JITStubs.cpp:
        (op_add): Updated for removal of toPrimitiveString():
        all '+' operands can use toString(), except for object operands, which
        need to take a slow path to call toPrimitive().

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncToString):
        (JSC::arrayProtoFuncToLocaleString):
        (JSC::arrayProtoFuncJoin):
        (JSC::arrayProtoFuncPush):
        * runtime/CommonSlowPaths.h:
        (JSC::CommonSlowPaths::opIn):
        * runtime/DateConstructor.cpp:
        (JSC::dateParse):
        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate): Call value() after calling toString(), as above.

        * runtime/ErrorInstance.h:
        (JSC::ErrorInstance::create): Simplified down to one canonical create()
        function, to make string handling easier.

        * runtime/ErrorPrototype.cpp:
        (JSC::errorProtoFuncToString):
        * runtime/ExceptionHelpers.cpp:
        (JSC::createInvalidParamError):
        (JSC::createNotAConstructorError):
        (JSC::createNotAFunctionError):
        (JSC::createNotAnObjectError):
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunctionSkippingEvalEnabledCheck):
        * runtime/FunctionPrototype.cpp:
        (JSC::functionProtoFuncBind):
        * runtime/JSArray.cpp:
        (JSC::JSArray::sort): Call value() after calling toString(), as above.

        * runtime/JSCell.cpp:
        * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
        job now. Doing it in JSCell is slower (requires extra type checking), and
        creates the misimpression that language-defined toString() behavior is
        an implementation detail of JSCell.
        
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::encode):
        (JSC::decode):
        (JSC::globalFuncEval):
        (JSC::globalFuncParseInt):
        (JSC::globalFuncParseFloat):
        (JSC::globalFuncEscape):
        (JSC::globalFuncUnescape): Call value() after calling toString(), as above.

        * runtime/JSONObject.cpp:
        (JSC::unwrapBoxedPrimitive):
        (JSC::Stringifier::Stringifier):
        (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
        takes care of.

        * runtime/JSObject.cpp:
        (JSC::JSObject::toString):
        * runtime/JSObject.h: Updated to return JSString*.

        * runtime/JSString.cpp:
        * runtime/JSString.h:
        (JSC::JSValue::toString): Removed, since I removed JSCell::toString().

        * runtime/JSValue.cpp:
        (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
        spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
        basically did what we want all the time. (Note that the toPrimitive()
        preference changes from NoPreference to PreferString, because that's
        how ToString is defined in the language. op_add does not want this behavior.)

        * runtime/NumberPrototype.cpp:
        (JSC::numberProtoFuncToString):
        (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
        returns a JSString*.

        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorGetOwnPropertyDescriptor):
        (JSC::objectConstructorDefineProperty):
        * runtime/ObjectPrototype.cpp:
        (JSC::objectProtoFuncHasOwnProperty):
        (JSC::objectProtoFuncDefineGetter):
        (JSC::objectProtoFuncDefineSetter):
        (JSC::objectProtoFuncLookupGetter):
        (JSC::objectProtoFuncLookupSetter):
        (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.

        * runtime/Operations.cpp:
        (JSC::jsAddSlowCase): Need to check for object before taking the toString()
        fast path becuase adding an object to a string requires calling toPrimitive()
        on the object, not toString(). (They differ in their preferred conversion
        type.)

        * runtime/Operations.h:
        (JSC::jsString):
        (JSC::jsStringFromArguments): This code gets simpler, now that toString()
        does the right thing.

        (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().

        * runtime/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorInput):
        (JSC::constructRegExp):
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::match):
        * runtime/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncCompile):
        (JSC::regExpProtoFuncToString): More calls to value(), as above.

        * runtime/StringConstructor.cpp:
        (JSC::constructWithStringConstructor):
        (JSC::callStringConstructor): This code gets simpler, now that toString()
        does the right thing.

        * runtime/StringPrototype.cpp:
        (JSC::replaceUsingRegExpSearch):
        (JSC::replaceUsingStringSearch):
        (JSC::stringProtoFuncReplace):
        (JSC::stringProtoFuncCharAt):
        (JSC::stringProtoFuncCharCodeAt):
        (JSC::stringProtoFuncConcat):
        (JSC::stringProtoFuncIndexOf):
        (JSC::stringProtoFuncLastIndexOf):
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
        (JSC::stringProtoFuncSlice):
        (JSC::stringProtoFuncSplit):
        (JSC::stringProtoFuncSubstr):
        (JSC::stringProtoFuncSubstring):
        (JSC::stringProtoFuncToLowerCase):
        (JSC::stringProtoFuncToUpperCase):
        (JSC::stringProtoFuncLocaleCompare):
        (JSC::stringProtoFuncBig):
        (JSC::stringProtoFuncSmall):
        (JSC::stringProtoFuncBlink):
        (JSC::stringProtoFuncBold):
        (JSC::stringProtoFuncFixed):
        (JSC::stringProtoFuncItalics):
        (JSC::stringProtoFuncStrike):
        (JSC::stringProtoFuncSub):
        (JSC::stringProtoFuncSup):
        (JSC::stringProtoFuncFontcolor):
        (JSC::stringProtoFuncFontsize):
        (JSC::stringProtoFuncAnchor):
        (JSC::stringProtoFuncLink):
        (JSC::trimString): Some of this code gets simpler, now that toString()
        does the right thing. More calls to value(), as above.

2012-01-23  Luke Macpherson   <macpherson@chromium.org>

        Unreviewed, rolling out r105676.
        http://trac.webkit.org/changeset/105676
        https://bugs.webkit.org/show_bug.cgi?id=76665

        Breaks build on max due to compile warnings.

        * runtime/JSObject.cpp:
        (JSC::JSObject::finalize):
        (JSC::JSObject::visitChildren):
        (JSC::JSObject::allocatePropertyStorage):
        * runtime/JSObject.h:

2012-01-23  Mark Hahnenberg  <mhahnenberg@apple.com>

        Use copying collector for out-of-line JSObject property storage
        https://bugs.webkit.org/show_bug.cgi?id=76665

        Reviewed by Geoffrey Garen.

        * runtime/JSObject.cpp:
        (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
        (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
        operator new.
        * runtime/JSObject.h:

2012-01-23  Brian Weinstein  <bweinstein@apple.com>

        More build fixing after r105646.

        * JavaScriptCore.exp:

2012-01-23  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=76855
        Implement a JIT-code aware sampling profiler for JSC

        Reviewed by Geoff Garen.

        Step 2: generalize RedBlackTree. The profiler is going to want tio use
        a RedBlackTree, allow this class to work with subclasses of
        RedBlackTree::Node, Node should not need to know the names of the m_key
        and m_value fields (the subclass can provide a key() accessor), and
        RedBlackTree does not need to know anything about ValueType.

        * JavaScriptCore.exp:
        * wtf/MetaAllocator.cpp:
        (WTF::MetaAllocator::findAndRemoveFreeSpace):
        (WTF::MetaAllocator::debugFreeSpaceSize):
        (WTF::MetaAllocator::addFreeSpace):
        * wtf/MetaAllocator.h:
        (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
        (WTF::MetaAllocator::FreeSpaceNode::key):
        * wtf/MetaAllocatorHandle.h:
        (WTF::MetaAllocatorHandle::key):
        * wtf/RedBlackTree.h:
        (WTF::RedBlackTree::Node::successor):
        (WTF::RedBlackTree::Node::predecessor):
        (WTF::RedBlackTree::Node::parent):
        (WTF::RedBlackTree::Node::setParent):
        (WTF::RedBlackTree::Node::left):
        (WTF::RedBlackTree::Node::setLeft):
        (WTF::RedBlackTree::Node::right):
        (WTF::RedBlackTree::Node::setRight):
        (WTF::RedBlackTree::insert):
        (WTF::RedBlackTree::remove):
        (WTF::RedBlackTree::findExact):
        (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
        (WTF::RedBlackTree::findGreatestLessThanOrEqual):
        (WTF::RedBlackTree::first):
        (WTF::RedBlackTree::last):
        (WTF::RedBlackTree::size):
        (WTF::RedBlackTree::treeMinimum):
        (WTF::RedBlackTree::treeMaximum):
        (WTF::RedBlackTree::treeInsert):
        (WTF::RedBlackTree::leftRotate):
        (WTF::RedBlackTree::rightRotate):
        (WTF::RedBlackTree::removeFixup):

2012-01-23  Andy Estes  <aestes@apple.com>

        Fix the build after r105635.

        * JavaScriptCore.exp:

2012-01-23  Mark Hahnenberg  <mhahnenberg@apple.com>

        Remove StackBounds from JSGlobalData
        https://bugs.webkit.org/show_bug.cgi?id=76310

        Reviewed by Sam Weinig.

        Removed StackBounds and the stack() function from JSGlobalData since it no 
        longer accessed any members of JSGlobalData.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * heap/MachineStackMarker.cpp:
        (JSC::MachineThreads::addCurrentThread):
        (JSC::MachineThreads::gatherFromCurrentThread):
        * parser/Parser.cpp:
        (JSC::::Parser):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:

2012-01-23  Gavin Barraclough  <barraclough@apple.com>

        Implement a JIT-code aware sampling profiler for JSC
        https://bugs.webkit.org/show_bug.cgi?id=76855

        Rubber stanmped by Geoff Garen.

        Mechanical change - pass CodeBlock through to the executable allocator,
        such that we will be able to map ranges of JIT code back to their owner.

        * assembler/ARMAssembler.cpp:
        (JSC::ARMAssembler::executableCopy):
        * assembler/ARMAssembler.h:
        * assembler/AssemblerBuffer.h:
        (JSC::AssemblerBuffer::executableCopy):
        * assembler/AssemblerBufferWithConstantPool.h:
        (JSC::AssemblerBufferWithConstantPool::executableCopy):
        * assembler/LinkBuffer.h:
        (JSC::LinkBuffer::LinkBuffer):
        (JSC::LinkBuffer::linkCode):
        * assembler/MIPSAssembler.h:
        (JSC::MIPSAssembler::executableCopy):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::executableCopy):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::executableCopy):
        (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::generateProtoChainAccessStub):
        (JSC::DFG::tryCacheGetByID):
        (JSC::DFG::tryBuildGetByIDList):
        (JSC::DFG::tryCachePutByID):
        * dfg/DFGThunks.cpp:
        (JSC::DFG::osrExitGenerationThunkGenerator):
        * jit/ExecutableAllocator.cpp:
        (JSC::ExecutableAllocator::allocate):
        * jit/ExecutableAllocator.h:
        * jit/ExecutableAllocatorFixedVMPool.cpp:
        (JSC::ExecutableAllocator::allocate):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::privateCompileCTIMachineTrampolines):
        (JSC::JIT::privateCompileCTINativeCall):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::privateCompilePatchGetArrayLength):
        (JSC::JIT::privateCompileGetByIdProto):
        (JSC::JIT::privateCompileGetByIdSelfList):
        (JSC::JIT::privateCompileGetByIdProtoList):
        (JSC::JIT::privateCompileGetByIdChainList):
        (JSC::JIT::privateCompileGetByIdChain):
        * jit/JITStubs.cpp:
        * jit/SpecializedThunkJIT.h:
        (JSC::SpecializedThunkJIT::finalize):
        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::compile):

2012-01-23  Xianzhu Wang  <wangxianzhu@chromium.org>

        Basic enhancements to StringBuilder
        https://bugs.webkit.org/show_bug.cgi?id=67081

        This change contains the following enhancements to StringBuilder,
        for convenience, performance, testability, etc.:
        - Change toStringPreserveCapacity() to const
        - new public methods: capacity(), swap(), toAtomicString(), canShrink()
          and append(const StringBuilder&)
        - == and != opearators to compare StringBuilders and a StringBuilder/String

        Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp

        Reviewed by Darin Adler.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * wtf/text/AtomicString.cpp:
        (WTF::SubstringTranslator::hash):
        (WTF::SubstringTranslator::equal):
        (WTF::SubstringTranslator::translate):
        (WTF::AtomicString::add):
        (WTF::AtomicString::addSlowCase):
        * wtf/text/AtomicString.h:
        (WTF::AtomicString::AtomicString):
        (WTF::AtomicString::add):
        * wtf/text/StringBuilder.cpp:
        (WTF::StringBuilder::reifyString):
        (WTF::StringBuilder::resize):
        (WTF::StringBuilder::canShrink):
        (WTF::StringBuilder::shrinkToFit):
        * wtf/text/StringBuilder.h:
        (WTF::StringBuilder::append):
        (WTF::StringBuilder::toString):
        (WTF::StringBuilder::toStringPreserveCapacity):
        (WTF::StringBuilder::toAtomicString):
        (WTF::StringBuilder::isEmpty):
        (WTF::StringBuilder::capacity):
        (WTF::StringBuilder::is8Bit):
        (WTF::StringBuilder::swap):
        (WTF::equal):
        (WTF::operator==):
        (WTF::operator!=):
        * wtf/text/StringImpl.h:

2012-01-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Add missing files, remove deleted files and
        fix indentation.

2012-01-22  Filip Pizlo  <fpizlo@apple.com>

        Build fix for non-DFG platforms that error out on warn-unused-parameter.

        * bytecode/CallLinkStatus.cpp:
        (JSC::CallLinkStatus::computeFor):
        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeFor):
        * bytecode/MethodCallLinkStatus.cpp:
        (JSC::MethodCallLinkStatus::computeFor):
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFor):

2012-01-22  Filip Pizlo  <fpizlo@apple.com>

        Build fix for non-DFG platforms.

        * bytecode/CallLinkStatus.cpp:
        (JSC::CallLinkStatus::computeFor):
        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeFor):
        * bytecode/MethodCallLinkStatus.cpp:
        (JSC::MethodCallLinkStatus::computeFor):
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFor):

2012-01-20  Filip Pizlo  <fpizlo@apple.com>

        DFG should not have code that directly decodes the states of old JIT inline
        cache data structures
        https://bugs.webkit.org/show_bug.cgi?id=76768

        Reviewed by Sam Weinig.
        
        Introduced new classes (like GetByIdStatus) that encapsulate the set of things
        that the DFG would like to know about property accesses and calls. Whereas it
        previously got this information by directly decoding the data structures used
        by the old JIT for inline caching, it now uses these classes, which do the work
        for it. This should make it somewhat more straight forward to introduce new
        ways of profiling the same information.
        
        Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by
        code in bytecode/.
        
        Making this work right involved carefully ensuring that the heuristics for
        choosing how to handle property accesses was at least as good as what we had
        before, since I completely restructured that code. Currently the performance
        looks neutral. Since I rewrote the code I did change some things that I never
        liked before, like previously if a put_bu_id had executed exactly once then
        we'd compile it as if it had taken slow-path. Executing once is special because
        then the inline cache is not baked in, so there is no information about how the
        DFG should optimize the code. Now this is rationalized: if the put_by_id does
        not offer enough information to be optimized (i.e. had executed 0 or 1 times)
        then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id
        still has the old behavior; I left it that way because I didn't want to make
        too many changes at once.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * bytecode/CallLinkStatus.cpp: Added.
        (JSC::CallLinkStatus::computeFor):
        * bytecode/CallLinkStatus.h: Added.
        (JSC::CallLinkStatus::CallLinkStatus):
        (JSC::CallLinkStatus::isSet):
        (JSC::CallLinkStatus::operator!):
        (JSC::CallLinkStatus::couldTakeSlowPath):
        (JSC::CallLinkStatus::callTarget):
        * bytecode/GetByIdStatus.cpp: Added.
        (JSC::GetByIdStatus::computeFor):
        * bytecode/GetByIdStatus.h: Added.
        (JSC::GetByIdStatus::GetByIdStatus):
        (JSC::GetByIdStatus::state):
        (JSC::GetByIdStatus::isSet):
        (JSC::GetByIdStatus::operator!):
        (JSC::GetByIdStatus::isSimpleDirect):
        (JSC::GetByIdStatus::takesSlowPath):
        (JSC::GetByIdStatus::makesCalls):
        (JSC::GetByIdStatus::structureSet):
        (JSC::GetByIdStatus::offset):
        * bytecode/MethodCallLinkStatus.cpp: Added.
        (JSC::MethodCallLinkStatus::computeFor):
        * bytecode/MethodCallLinkStatus.h: Added.
        (JSC::MethodCallLinkStatus::MethodCallLinkStatus):
        (JSC::MethodCallLinkStatus::isSet):
        (JSC::MethodCallLinkStatus::operator!):
        (JSC::MethodCallLinkStatus::needsPrototypeCheck):
        (JSC::MethodCallLinkStatus::structure):
        (JSC::MethodCallLinkStatus::prototypeStructure):
        (JSC::MethodCallLinkStatus::function):
        (JSC::MethodCallLinkStatus::prototype):
        * bytecode/PutByIdStatus.cpp: Added.
        (JSC::PutByIdStatus::computeFor):
        * bytecode/PutByIdStatus.h: Added.
        (JSC::PutByIdStatus::PutByIdStatus):
        (JSC::PutByIdStatus::state):
        (JSC::PutByIdStatus::isSet):
        (JSC::PutByIdStatus::operator!):
        (JSC::PutByIdStatus::isSimpleReplace):
        (JSC::PutByIdStatus::isSimpleTransition):
        (JSC::PutByIdStatus::takesSlowPath):
        (JSC::PutByIdStatus::oldStructure):
        (JSC::PutByIdStatus::newStructure):
        (JSC::PutByIdStatus::structureChain):
        (JSC::PutByIdStatus::offset):
        * bytecode/StructureSet.h: Added.
        (JSC::StructureSet::StructureSet):
        (JSC::StructureSet::clear):
        (JSC::StructureSet::add):
        (JSC::StructureSet::addAll):
        (JSC::StructureSet::remove):
        (JSC::StructureSet::contains):
        (JSC::StructureSet::isSubsetOf):
        (JSC::StructureSet::isSupersetOf):
        (JSC::StructureSet::size):
        (JSC::StructureSet::at):
        (JSC::StructureSet::operator[]):
        (JSC::StructureSet::last):
        (JSC::StructureSet::predictionFromStructures):
        (JSC::StructureSet::operator==):
        (JSC::StructureSet::dump):
        * dfg/DFGAbstractValue.h:
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGStructureSet.h: Removed.

2012-01-20  Filip Pizlo  <fpizlo@apple.com>

        JIT compilation should not require ExecState
        https://bugs.webkit.org/show_bug.cgi?id=76729
        <rdar://problem/10731545>

        Reviewed by Gavin Barraclough.
        
        Changed the relevant JIT driver functions to take JSGlobalData& instead of
        ExecState*, since really they just needed the global data.

        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        (JSC::DFG::tryCompile):
        (JSC::DFG::tryCompileFunction):
        * dfg/DFGDriver.h:
        (JSC::DFG::tryCompile):
        (JSC::DFG::tryCompileFunction):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):

2012-01-20  David Levin  <levin@chromium.org>

        Make OwnPtr<HDC> work for the Chromium Windows port.
        https://bugs.webkit.org/show_bug.cgi?id=76738

        Reviewed by Jian Li.

        * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the
        Chromium Windows build.
        * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for
        OwnPtr<HDC> and similar constructs.

2012-01-19  Geoffrey Garen  <ggaren@apple.com>

        Removed some regexp entry boilerplate code
        https://bugs.webkit.org/show_bug.cgi?id=76687

        Reviewed by Darin Adler.
        
        1% - 2% speedup on regexp tests, no change overall.

        * runtime/RegExp.cpp:
        (JSC::RegExp::match):
            - ASSERT that our startIndex is non-negative, because anything less
            would be uncivilized.
            
            - ASSERT that our input is not the null string for the same reason.

            - No need to test for startOffset being past the end of the string,
            since the regular expression engine will do this test for us.

            - No need to initialize the output vector, since the regular expression
            engine will fill it in for us.

        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::Interpreter::interpret):
        * yarr/YarrJIT.cpp:
        (JSC::Yarr::YarrGenerator::compile):
        
            RegExp used to do these jobs for us, but now we do them for ourselves
            because it's a better separation of concerns, and the JIT can do them
            more efficiently than C++ code:

            - Test for "past the end" before doing any matching -- otherwise
            a* will match with zero length past the end of the string, which is wrong.

            - Initialize the output vector before doing any matching.

2012-01-20  Filip Pizlo  <fpizlo@apple.com>

        Build fix for no-DFG configuration.
        Needed for <rdar://problem/10727689>.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitProfiledOpcode):
        * jit/JIT.h:
        (JSC::JIT::emitValueProfilingSite):

2012-01-19  Filip Pizlo  <fpizlo@apple.com>

        Bytecode instructions that may have value profiling should have a direct inline
        link to the ValueProfile instance
        https://bugs.webkit.org/show_bug.cgi?id=76682
        <rdar://problem/10727689>

        Reviewed by Sam Weinig.
        
        Each opcode that gets value profiled now has a link to its ValueProfile. This
        required rationalizing the emission of value profiles for opcode combos, like
        op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
        sense for one of them to have a value profile link, and it makes most sense
        for it to be the one that actually sets the result. The previous behavior was
        to have op_method_check profile for op_get_by_id when they were used together,
        but otherwise for op_get_by_id to have its own profiles. op_call already did
        the right thing; all profiling was done by op_call_put_result.
        
        But rationalizing this code required breaking some of the natural boundaries
        that the code had; for instance the code in DFG that emits a GetById in place
        of both op_method_check and op_get_by_id must now know that it's the latter of
        those that has the value profile, while the first of those constitutes the OSR
        target. Hence each CodeOrigin must now have two bytecode indices - one for
        OSR exit and one for profiling.
        
        Finally this change required some refiddling of our optimization heuristics,
        because now all code blocks have "more instructions" due to the value profile
        slots.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::printGetByIdOp):
        (JSC::CodeBlock::dump):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::valueProfileForBytecodeOffset):
        * bytecode/CodeOrigin.h:
        (JSC::CodeOrigin::CodeOrigin):
        (JSC::CodeOrigin::bytecodeIndexForValueProfile):
        * bytecode/Instruction.h:
        (JSC::Instruction::Instruction):
        * bytecode/Opcode.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitProfiledOpcode):
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitGetScopedVar):
        (JSC::BytecodeGenerator::emitResolveBase):
        (JSC::BytecodeGenerator::emitResolveBaseForPut):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitResolveWithThis):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitGetByVal):
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitCallVarargs):
        (JSC::BytecodeGenerator::emitConstruct):
        * bytecompiler/BytecodeGenerator.h:
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::ByteCodeParser):
        (JSC::DFG::ByteCodeParser::currentCodeOrigin):
        (JSC::DFG::ByteCodeParser::addCall):
        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
        (JSC::DFG::ByteCodeParser::getPrediction):
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        (JSC::DFG::ByteCodeParser::parse):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::valueProfileFor):
        * jit/JIT.h:
        (JSC::JIT::emitValueProfilingSite):
        * jit/JITCall.cpp:
        (JSC::JIT::emit_op_call_put_result):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::emit_op_call_put_result):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitValueProfilingSite):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_resolve):
        (JSC::JIT::emit_op_resolve_base):
        (JSC::JIT::emit_op_resolve_skip):
        (JSC::JIT::emit_op_resolve_global):
        (JSC::JIT::emitSlow_op_resolve_global):
        (JSC::JIT::emit_op_resolve_with_base):
        (JSC::JIT::emit_op_resolve_with_this):
        (JSC::JIT::emitSlow_op_resolve_global_dynamic):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_resolve):
        (JSC::JIT::emit_op_resolve_base):
        (JSC::JIT::emit_op_resolve_skip):
        (JSC::JIT::emit_op_resolve_global):
        (JSC::JIT::emitSlow_op_resolve_global):
        (JSC::JIT::emit_op_resolve_with_base):
        (JSC::JIT::emit_op_resolve_with_this):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_get_by_val):
        (JSC::JIT::emitSlow_op_get_by_val):
        (JSC::JIT::emit_op_method_check):
        (JSC::JIT::emitSlow_op_method_check):
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emitSlow_op_get_by_id):
        (JSC::JIT::emit_op_get_scoped_var):
        (JSC::JIT::emit_op_get_global_var):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emit_op_method_check):
        (JSC::JIT::emitSlow_op_method_check):
        (JSC::JIT::emit_op_get_by_val):
        (JSC::JIT::emitSlow_op_get_by_val):
        (JSC::JIT::emit_op_get_by_id):
        (JSC::JIT::emitSlow_op_get_by_id):
        (JSC::JIT::emit_op_get_scoped_var):
        (JSC::JIT::emit_op_get_global_var):
        * jit/JITStubCall.h:
        (JSC::JITStubCall::callWithValueProfiling):
        * runtime/Options.cpp:
        (JSC::Options::initializeOptions):

2012-01-20  ChangSeok Oh  <shivamidow@gmail.com>

        undefined reference to symbol eina_module_free
        https://bugs.webkit.org/show_bug.cgi?id=76681

        Reviewed by Martin Robinson.

        eina_module_free has been used without including eina libraries after r104936.

        * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES.

2012-01-19  Tony Chang  <tony@chromium.org>

        [chromium] Remove an obsolete comment about features.gypi
        https://bugs.webkit.org/show_bug.cgi?id=76643

        There can be only one features.gypi.

        Reviewed by James Robinson.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2012-01-19  Geoffrey Garen  <ggaren@apple.com>

        Implicit creation of a regular expression should eagerly check for syntax errors
        https://bugs.webkit.org/show_bug.cgi?id=76642

        Reviewed by Oliver Hunt.
        
        This is a correctness fix and a slight optimization.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
        correct behavior.

        * runtime/RegExp.cpp:
        (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
        of code change, many lines of indentation change.)

        Since we have no clients that try to match a RegExp that is a syntax error,
        let's optimize out the check.

2012-01-19  Mark Hahnenberg  <mhahnenberg@apple.com>

        Implement a new allocator for backing stores
        https://bugs.webkit.org/show_bug.cgi?id=75181

        Reviewed by Filip Pizlo.

        We want to move away from using fastMalloc for the backing stores for 
        some of our objects (e.g. JSArray, JSObject, JSString, etc).  These backing 
        stores have a nice property in that they only have a single owner (i.e. a 
        single pointer to them at any one time).  One way that we can take advantage 
        of this property is to implement a simple bump allocator/copying collector, 
        which will run alongside our normal mark/sweep collector, that only needs to 
        update the single owner pointer rather than having to redirect an arbitrary 
        number of pointers in from-space to to-space.

        This plan can give us a number of benefits. We can beat fastMalloc in terms 
        of both performance and memory usage, we can track how much memory we're using 
        far more accurately than our rough estimation now through the use of 
        reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed 
        to being limited to size classes like we have been historically). This is also 
        another step toward moving away from lazy destruction, which will improve our memory footprint.

        We start by creating said allocator and moving the ArrayStorage for JSArray 
        to use it rather than fastMalloc.

        The design of the collector is as follows:
        Allocation:
        -The collector allocates 64KB chunks from the OS to use for object allocation.
        -Each chunk contains an offset, a flag indicating if the block has been pinned, 
         and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
        -Any allocation greater than 64KB gets its own separate oversize block, which 
         is managed separately from the rest.
        -If the allocator receives a request for more than the remaining amount in the 
         current block, it grabs a fresh block.
        -Grabbing a fresh block means grabbing one off of the global free list (which is now 
         shared between the mark/sweep allocator and the bump allocator) if there is one. 
         If there isn't a new one we do one of two things: allocate a new block from the OS 
         if we're not ready for a GC yet, or run a GC and then try again. If we still don't 
         have enough space after the GC, we allocate a new block from the OS.

        Garbage collection:
        -At the start of garbage collection during conservative stack scanning, if we encounter 
         what appears to be a pointer to a bump-allocated block of memory, we pin that block so 
         that it will not be copied for this round of collection.
        -We also pin any oversize blocks that we encounter, which effectively doubles as a 
         "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying 
         are given back to the OS.
        -Marking threads are now also responsible for copying bump-allocated objects to newSpace
        -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
        -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
        -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
        -At the conclusion of copying (which is done by the end of the marking phase), we un-pin 
         any pinned blocks and give any blocks left in from-space to the global free list.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * heap/AllocationSpace.cpp:
        (JSC::AllocationSpace::allocateSlowCase):
        (JSC::AllocationSpace::allocateBlock):
        (JSC::AllocationSpace::freeBlocks):
        * heap/AllocationSpace.h:
        (JSC::AllocationSpace::waterMark):
        * heap/BumpBlock.h: Added.
        (JSC::BumpBlock::BumpBlock):
        * heap/BumpSpace.cpp: Added.
        (JSC::BumpSpace::tryAllocateSlowCase):
        * heap/BumpSpace.h: Added.
        (JSC::BumpSpace::isInCopyPhase):
        (JSC::BumpSpace::totalMemoryAllocated):
        (JSC::BumpSpace::totalMemoryUtilized):
        * heap/BumpSpaceInlineMethods.h: Added.
        (JSC::BumpSpace::BumpSpace):
        (JSC::BumpSpace::init):
        (JSC::BumpSpace::contains):
        (JSC::BumpSpace::pin):
        (JSC::BumpSpace::startedCopying):
        (JSC::BumpSpace::doneCopying):
        (JSC::BumpSpace::doneFillingBlock):
        (JSC::BumpSpace::recycleBlock):
        (JSC::BumpSpace::getFreshBlock):
        (JSC::BumpSpace::borrowBlock):
        (JSC::BumpSpace::addNewBlock):
        (JSC::BumpSpace::allocateNewBlock):
        (JSC::BumpSpace::fitsInBlock):
        (JSC::BumpSpace::fitsInCurrentBlock):
        (JSC::BumpSpace::tryAllocate):
        (JSC::BumpSpace::tryAllocateOversize):
        (JSC::BumpSpace::allocateFromBlock):
        (JSC::BumpSpace::tryReallocate):
        (JSC::BumpSpace::tryReallocateOversize):
        (JSC::BumpSpace::isOversize):
        (JSC::BumpSpace::isPinned):
        (JSC::BumpSpace::oversizeBlockFor):
        (JSC::BumpSpace::blockFor):
        * heap/ConservativeRoots.cpp:
        (JSC::ConservativeRoots::ConservativeRoots):
        (JSC::ConservativeRoots::genericAddPointer):
        (JSC::ConservativeRoots::add):
        * heap/ConservativeRoots.h:
        * heap/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::blockFreeingThreadMain):
        (JSC::Heap::reportExtraMemoryCostSlowCase):
        (JSC::Heap::getConservativeRegisterRoots):
        (JSC::Heap::markRoots):
        (JSC::Heap::collect):
        (JSC::Heap::releaseFreeBlocks):
        * heap/Heap.h:
        (JSC::Heap::waterMark):
        (JSC::Heap::highWaterMark):
        (JSC::Heap::setHighWaterMark):
        (JSC::Heap::tryAllocateStorage):
        (JSC::Heap::tryReallocateStorage):
        * heap/HeapBlock.h: Added.
        (JSC::HeapBlock::HeapBlock):
        * heap/MarkStack.cpp:
        (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
        (JSC::SlotVisitor::drain):
        (JSC::SlotVisitor::drainFromShared):
        (JSC::SlotVisitor::startCopying):
        (JSC::SlotVisitor::allocateNewSpace):
        (JSC::SlotVisitor::copy):
        (JSC::SlotVisitor::copyAndAppend):
        (JSC::SlotVisitor::doneCopying):
        * heap/MarkStack.h:
        * heap/MarkedBlock.cpp:
        (JSC::MarkedBlock::recycle):
        (JSC::MarkedBlock::MarkedBlock):
        * heap/MarkedBlock.h:
        * heap/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        * heap/MarkedSpace.h:
        (JSC::MarkedSpace::allocate):
        (JSC::MarkedSpace::forEachBlock):
        (JSC::MarkedSpace::SizeClass::resetAllocator):
        * heap/SlotVisitor.h:
        (JSC::SlotVisitor::SlotVisitor):
        * heap/TinyBloomFilter.h:
        (JSC::TinyBloomFilter::reset):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        (JSC::JSArray::finishCreation):
        (JSC::JSArray::tryFinishCreationUninitialized):
        (JSC::JSArray::~JSArray):
        (JSC::JSArray::enterSparseMode):
        (JSC::JSArray::defineOwnNumericProperty):
        (JSC::JSArray::setLengthWritable):
        (JSC::JSArray::getOwnPropertySlotByIndex):
        (JSC::JSArray::getOwnPropertyDescriptor):
        (JSC::JSArray::putByIndexBeyondVectorLength):
        (JSC::JSArray::deletePropertyByIndex):
        (JSC::JSArray::getOwnPropertyNames):
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::unshiftCountSlowCase):
        (JSC::JSArray::setLength):
        (JSC::JSArray::pop):
        (JSC::JSArray::unshiftCount):
        (JSC::JSArray::visitChildren):
        (JSC::JSArray::sortNumeric):
        (JSC::JSArray::sort):
        (JSC::JSArray::compactForSorting):
        (JSC::JSArray::subclassData):
        (JSC::JSArray::setSubclassData):
        (JSC::JSArray::checkConsistency):
        * runtime/JSArray.h:
        (JSC::JSArray::inSparseMode):
        (JSC::JSArray::isLengthWritable):
        * wtf/CheckedBoolean.h: Added.
        (CheckedBoolean::CheckedBoolean):
        (CheckedBoolean::~CheckedBoolean):
        (CheckedBoolean::operator bool):
        * wtf/DoublyLinkedList.h:
        (WTF::::push):
        * wtf/StdLibExtras.h:
        (WTF::isPointerAligned):

2012-01-19  Joi Sigurdsson  <joi@chromium.org>

        Enable use of precompiled headers in Chromium port on Windows.

        Bug 76381 - Use precompiled headers in Chromium port on Windows
        https://bugs.webkit.org/show_bug.cgi?id=76381

        Reviewed by Tony Chang.

        * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi.

2012-01-18  Roland Takacs  <takacs.roland@stud.u-szeged.hu>

        Cross-platform processor core counter fix
        https://bugs.webkit.org/show_bug.cgi?id=76540

        Reviewed by Zoltan Herczeg.

        I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)"
        and I removed the OS checking macros from ParallelJobsGeneric.cpp because
        the NumberOfCores.cpp contains them for counting CPU cores.
        The processor core counter patch located at
        https://bugs.webkit.org/show_bug.cgi?id=76530

        * wtf/NumberOfCores.cpp:
        * wtf/ParallelJobsGeneric.cpp:

2012-01-18  Csaba Osztrogonác  <ossy@webkit.org>

        Cross-platform processor core counter
        https://bugs.webkit.org/show_bug.cgi?id=76530

        Unreviewed cross-MinGW buildfix after r105270.

        * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h.

2012-01-18  Roland Takacs  <takacs.roland@stud.u-szeged.hu>

        Cross-platform processor core counter
        https://bugs.webkit.org/show_bug.cgi?id=76530

        Reviewed by Zoltan Herczeg.

        Two files have been created that include the processor core counter function.
        It used to be in ParallelJobsGeneric.h/cpp before.

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * runtime/Options.cpp:
        (JSC::Options::initializeOptions):
        * wtf/CMakeLists.txt:
        * wtf/NumberOfCores.cpp: Added.
        (WTF::numberOfProcessorCores):
        * wtf/NumberOfCores.h: Added.
        * wtf/ParallelJobsGeneric.cpp:
        (WTF::ParallelEnvironment::ParallelEnvironment):
        * wtf/ParallelJobsGeneric.h:

2012-01-18  Balazs Kelemen  <kbalazs@webkit.org>

        [Qt] Consolidate layout test crash logging
        https://bugs.webkit.org/show_bug.cgi?id=75088

        Reviewed by Simon Hausmann.

        Move backtrace generating logic into WTFReportBacktrace
        and add a way to deinstall signal handlers if we know
        that we have already printed the backtrace.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * wtf/Assertions.cpp:
        (WTFLogLocker::WTFReportBacktrace):
        (WTFLogLocker::WTFSetCrashHook):
        (WTFLogLocker::WTFInvokeCrashHook):
        * wtf/Assertions.h:

2012-01-17  Geoffrey Garen  <ggaren@apple.com>

        Factored out some code into a helper function.
        
        I think this might help getting rid of omit-frame-pointer.

        Reviewed by Sam Weinig.
        
        No benchmark change.

        * runtime/StringPrototype.cpp:
        (JSC::removeUsingRegExpSearch): Moved to here...
        (JSC::replaceUsingRegExpSearch): ...from here.

2012-01-17  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>

        Uint8ClampedArray support
        https://bugs.webkit.org/show_bug.cgi?id=74455

        Reviewed by Filip Pizlo.

        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/PredictedType.cpp:
        (JSC::predictionToString):
        (JSC::predictionFromClassInfo):
        * bytecode/PredictedType.h:
        (JSC::isUint8ClampedArrayPrediction):
        (JSC::isActionableMutableArrayPrediction):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::initialize):
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateNodePredictions):
        (JSC::DFG::Propagator::fixupNode):
        (JSC::DFG::Propagator::performNodeCSE):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
        (JSC::DFG::clampDoubleToByte):
        (JSC::DFG::compileClampIntegerToByte):
        (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
        (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
        * dfg/DFGSpeculativeJIT.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * runtime/JSCell.h:
        * runtime/JSGlobalData.h:
        * wtf/Forward.h:
        * wtf/Uint8Array.h:
        * wtf/Uint8ClampedArray.h: Added.
        (WTF::Uint8ClampedArray::set):
        (WTF::Uint8ClampedArray::create):
        (WTF::Uint8ClampedArray::Uint8ClampedArray):
        (WTF::Uint8ClampedArray::subarray):

2012-01-17  Sam Weinig  <sam@webkit.org>

        Add helper macro for forward declaring objective-c classes
        https://bugs.webkit.org/show_bug.cgi?id=76485

        Reviewed by Anders Carlsson.

        * wtf/Compiler.h:
        Add OBJC_CLASS macro which helps reduce code when forward declaring an
        objective-c class in a header which can be included from both Objective-C
        and non-Objective-C files.

2012-01-17  Filip Pizlo  <fpizlo@apple.com>

        DFG should be able to do JS and custom getter caching
        https://bugs.webkit.org/show_bug.cgi?id=76361

        Reviewed by Csaba Osztrogonác.
        
        Fix for 32-bit.

        * dfg/DFGRepatch.cpp:
        (JSC::DFG::tryBuildGetByIDList):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2012-01-15  Filip Pizlo  <fpizlo@apple.com>

        DFG should be able to do JS and custom getter caching
        https://bugs.webkit.org/show_bug.cgi?id=76361
        <rdar://problem/10698060>

        Reviewed by Geoff Garen.
        
        Added the ability to cache JS getter calls and custom getter calls in the DFG.
        Most of this is pretty mundane, since the old JIT supported this functionality
        as well. But a couple interesting things had to happen:
        
        - There are now two variants of GetById: GetById, which works as before, and
          GetByIdFlush, which flushes registers prior to doing the GetById. Only
          GetByIdFlush can be used for caching getters. We detect which GetById style
          to use by looking at the inline caches of the old JIT.
        
        - Exception handling for getter calls planted in stubs uses a separate lookup
          handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
          
        This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
        the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
        Kraken.

        * bytecode/StructureStubInfo.h:
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::execute):
        * dfg/DFGAssemblyHelpers.h:
        (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::willNeedFlush):
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCCallHelpers.h:
        (JSC::DFG::CCallHelpers::setupResults):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
        (JSC::DFG::JITCompiler::addExceptionCheck):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::hasIdentifier):
        (JSC::DFG::Node::hasHeapPrediction):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagateNodePredictions):
        * dfg/DFGRepatch.cpp:
        (JSC::DFG::tryCacheGetByID):
        (JSC::DFG::tryBuildGetByIDList):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::cachedGetById):
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::cachedGetById):
        (JSC::DFG::SpeculativeJIT::compile):

2012-01-16  Jon Lee  <jonlee@apple.com>

        Build fix for r105086.

        * Configurations/FeatureDefines.xcconfig:
        * wtf/Platform.h:

2012-01-16  Jon Lee  <jonlee@apple.com>

        Remove HTML notifications support on Mac
        https://bugs.webkit.org/show_bug.cgi?id=76401
        <rdar://problem/10589881>

        Reviewed by Sam Weinig.

        * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro.

2012-01-16  Zeno Albisser  <zeno@webkit.org>

        [Qt] Fix QT_VERSION related warnings when building on Mac OS X
        https://bugs.webkit.org/show_bug.cgi?id=76340

        This bug was caused by r104826.
        As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239
        we should not use "using namespace WebCore" in header files,
        because it might cause ambiguous references.
        This patch reverts the changes from r104826 and r104981
        and removes the "using namespace WebCore" statement from
        two header files.

        Reviewed by Tor Arne Vestbø.

        * wtf/Platform.h:

2012-01-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Fix typo.

2012-01-16  Pavel Heimlich  <tropikhajma@gmail.com>

        Solaris Studio supports alignment macros too
        https://bugs.webkit.org/show_bug.cgi?id=75453

        Reviewed by Hajime Morita.

        * wtf/Alignment.h:

2012-01-16  Yuqiang Xian  <yuqiang.xian@intel.com>

        Build fix on 32bit if verbose debug is enabled in DFG
        https://bugs.webkit.org/show_bug.cgi?id=76351

        Reviewed by Hajime Morita.

        Mostly change "%lu" to "%zu" to print a "size_t" variable.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::endBasicBlock):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::handleInlining):
        (JSC::DFG::ByteCodeParser::parseBlock):
        (JSC::DFG::ByteCodeParser::parseCodeBlock):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::predictArgumentTypes):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::prepareOSREntry):

2012-01-15  Filip Pizlo  <fpizlo@apple.com>

        The C calling convention logic in DFG::SpeculativeJIT should be available even
        when not generating code for the DFG speculative path
        https://bugs.webkit.org/show_bug.cgi?id=76355

        Reviewed by Dan Bernstein.
        
        Moved all of the logic for placing C call arguments into the right place (stack
        or registers) into a new class, DFG::CCallHelpers.  This class inherits from
        AssemblyHelpers, another DFG grab-bag of helper functions.  I could have moved
        this code into AssemblyHelpers, but decided against it, because I wanted to
        limit the number of methods each class in the JIT has.  Hence now we have a
        slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction
        emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers
        (understands calls to C functions) <= JITCompiler (can compile a graph to machine
        code).  Each of these except for JITCompiler can be reused for stub compilation.
        
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * dfg/DFGCCallHelpers.h: Added.
        (JSC::DFG::CCallHelpers::CCallHelpers):
        (JSC::DFG::CCallHelpers::resetCallArguments):
        (JSC::DFG::CCallHelpers::addCallArgument):
        (JSC::DFG::CCallHelpers::setupArguments):
        (JSC::DFG::CCallHelpers::setupArgumentsExecState):
        (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
        (JSC::DFG::CCallHelpers::setupTwoStubArgs):
        (JSC::DFG::CCallHelpers::setupStubArguments):
        * dfg/DFGJITCompiler.h:
        (JSC::DFG::JITCompiler::JITCompiler):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):

2012-01-15  Pablo Flouret  <pablof@motorola.com>

        Fix compilation errors on build-webkit --debug --no-video on mac.
        https://bugs.webkit.org/show_bug.cgi?id=75867

        Reviewed by Philippe Normand.

        Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature
        doesn't build without video.

        * wtf/Platform.h:

2012-01-14  David Levin  <levin@chromium.org>

        HWndDC should be in platform/win instead of wtf.
        https://bugs.webkit.org/show_bug.cgi?id=76314

        Reviewed by Sam Weinig.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:
        * JavaScriptCore.gypi:

2012-01-13  David Levin  <levin@chromium.org>

        check-webkit-style: should encourage the use of Own* classes for Windows DC.
        https://bugs.webkit.org/show_bug.cgi?id=76227

        Reviewed by Dirk Pranke.

        * wtf/win/HWndDCWin.h:
        (WTF::HwndDC::HwndDC): Add a way to do GetDCEx.
        There are no users, but I want to catch this in check-webkit-style
        and tell any users to use HwndDC to avoid leaks.

2012-01-13  David Levin  <levin@chromium.org>

        Header file is missing header guard.

        Reviewed by Dirk Pranke.

        * wtf/win/HWndDCWin.h: Added the guards.

2012-01-13  Andy Wingo  <wingo@igalia.com>

        Eval in strict mode does not need dynamic checks
        https://bugs.webkit.org/show_bug.cgi?id=76286

        Reviewed by Oliver Hunt.

        * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation):
        Eval in strict mode cannot introduce variables, so it not impose
        the need for dynamic checks.

2012-01-13  David Levin  <levin@chromium.org>

        HWndDC is a better name than HwndDC.
        https://bugs.webkit.org/show_bug.cgi?id=76281

        Reviewed by Darin Adler.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:
        * JavaScriptCore.gypi:
        * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h.
        (WTF::HWndDC::HWndDC):
        (WTF::HWndDC::~HWndDC):
        (WTF::HWndDC::operator HDC):

2012-01-13  YoungTaeck Song  <youngtaeck.song@samsung.com>

        [EFL] Add OwnPtr specialization for Eina_Module.
        https://bugs.webkit.org/show_bug.cgi?id=76255

        Reviewed by Andreas Kling.

        Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port.

        * wtf/OwnPtrCommon.h:
        * wtf/efl/OwnPtrEfl.cpp:
        (WTF::deleteOwnedPtr):

2012-01-13  Yuqiang Xian  <yuqiang.xian@intel.com>

        Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined

        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):

2012-01-12  Hajime Morrita  <morrita@chromium.org>

        JavaScriptCore: Mark all exported symbols in the header file automatically.
        https://bugs.webkit.org/show_bug.cgi?id=72855

        Reviewed by Darin Adler.

        Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
        The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)

        * API/OpaqueJSString.h:
        * bytecode/CodeBlock.h:
        * bytecode/SamplingTool.h:
        * debugger/Debugger.h:
        * debugger/DebuggerActivation.h:
        * debugger/DebuggerCallFrame.h:
        * heap/AllocationSpace.h:
        * heap/HandleHeap.h:
        * heap/Heap.h:
        * heap/MachineStackMarker.h:
        * heap/MarkStack.h:
        * heap/VTableSpectrum.h:
        * heap/WriteBarrierSupport.h:
        * parser/Nodes.h:
        * parser/ParserArena.h:
        * profiler/Profile.h:
        * runtime/ArgList.h:
        * runtime/CallData.h:
        * runtime/Completion.h:
        * runtime/ConstructData.h:
        * runtime/DateInstance.h:
        * runtime/Error.h:
        * runtime/ExceptionHelpers.h:
        * runtime/FunctionConstructor.h:
        * runtime/Identifier.h:
        * runtime/InitializeThreading.h:
        * runtime/InternalFunction.h:
        * runtime/JSArray.h:
        * runtime/JSByteArray.h:
        * runtime/JSCell.h:
        * runtime/JSFunction.h:
        * runtime/JSGlobalData.cpp:
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.h:
        * runtime/JSGlobalThis.h:
        * runtime/JSLock.h:
        * runtime/JSObject.h:
        * runtime/JSString.h:
        * runtime/JSValue.h:
        * runtime/JSVariableObject.h:
        * runtime/Lookup.h:
        * runtime/MemoryStatistics.h:
        * runtime/ObjectPrototype.h:
        * runtime/Options.h:
        * runtime/PropertyDescriptor.h:
        * runtime/PropertyNameArray.h:
        * runtime/PropertySlot.h:
        * runtime/RegExp.h:
        * runtime/RegExpObject.h:
        * runtime/SamplingCounter.h:
        * runtime/SmallStrings.h:
        * runtime/StringObject.h:
        * runtime/Structure.h:
        * runtime/TimeoutChecker.h:
        * runtime/UString.h:
        * runtime/WriteBarrier.h:
        * wtf/ArrayBufferView.h:
        * wtf/ByteArray.h:
        * wtf/CryptographicallyRandomNumber.h:
        * wtf/CurrentTime.h:
        * wtf/DateMath.h:
        * wtf/DecimalNumber.h:
        * wtf/FastMalloc.cpp:
        * wtf/FastMalloc.h:
        * wtf/MD5.h:
        * wtf/MainThread.h:
        * wtf/MetaAllocator.h:
        * wtf/MetaAllocatorHandle.h:
        * wtf/OSAllocator.h:
        * wtf/PageBlock.h:
        * wtf/RandomNumber.h:
        * wtf/RefCountedLeakCounter.h:
        * wtf/SHA1.h:
        * wtf/Threading.cpp:
        * wtf/Threading.h:
        * wtf/ThreadingPrimitives.h:
        * wtf/WTFThreadData.h:
        * wtf/dtoa.h:
        * wtf/text/AtomicString.h:
        * wtf/text/CString.h:
        * wtf/text/StringBuilder.h:
        * wtf/text/StringImpl.h:
        * wtf/text/WTFString.h:
        * wtf/unicode/Collator.h:
        * wtf/unicode/UTF8.h:
        * yarr/Yarr.h:
        * yarr/YarrPattern.h:

2012-01-12  MORITA Hajime  <morrita@google.com>

        [Chromium] JSExportMacros.h should be visible.
        https://bugs.webkit.org/show_bug.cgi?id=76147

        Reviewed by Tony Chang.

        * config.h:

2012-01-12  David Levin  <levin@chromium.org>

        HwndDC is a better name than OwnGetDC.
        https://bugs.webkit.org/show_bug.cgi?id=76235

        Reviewed by Dmitry Titov.

        This is a better name for two reasons:
        1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC).
        2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr)
           classes always take something to hold on to. In this case, the object (the DC)
           is created by the class once it is given a Window to ensure that the HDC
           was actually created using GetDC.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:
        * JavaScriptCore.gypi:
        * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h.
        (WTF::HwndDC::HwndDC):
        (WTF::HwndDC::~HwndDC):
        (WTF::HwndDC::operator HDC):

2012-01-12  Gavin Barraclough  <barraclough@apple.com>

        Clean up putDirect (part 2)
        https://bugs.webkit.org/show_bug.cgi?id=76232

        Reviewed by Sam Weinig.

        Rename putWithAttributes to putDirectVirtual, to identify that this
        has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
        to be templated on an enum indicating which behaviour it is supposed to be
        implementing, and change clients that are defining properties to call
        putDirectInternal correctly.

        * API/JSObjectRef.cpp:
        (JSObjectSetProperty):
        * JavaScriptCore.exp:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::putDirectVirtual):
        * debugger/DebuggerActivation.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * runtime/ClassInfo.h:
        * runtime/Error.cpp:
        (JSC::addErrorInfo):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::putDirectVirtual):
        * runtime/JSActivation.h:
        * runtime/JSCell.cpp:
        (JSC::JSCell::putDirectVirtual):
        * runtime/JSCell.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::putDirectVirtual):
        * runtime/JSGlobalObject.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::putDirectVirtual):
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::initializeGetterSetterProperty):
        (JSC::JSObject::defineSetter):
        (JSC::putDescriptor):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirectInternal):
        (JSC::JSObject::putOwnDataProperty):
        (JSC::JSObject::putDirect):
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::putDirectVirtual):
        * runtime/JSStaticScopeObject.h:
        * runtime/JSVariableObject.cpp:
        (JSC::JSVariableObject::putDirectVirtual):
        * runtime/JSVariableObject.h:

2012-01-12  Gavin Barraclough  <barraclough@apple.com>

        Clean up putDirect (part 1)
        https://bugs.webkit.org/show_bug.cgi?id=76232

        Reviewed by Sam Weinig.

        putDirect has ambiguous semantics, clean these up a bit.

        putDirect generally behaves a bit like a fast defineOwnProperty, but one that
        always creates the property, with no checking to validate the put it permitted.

        It also encompasses two slightly different behaviors.
        (1) a fast form of put for JSActivation, which doesn't have to handle searching
            the prototype chain, getter/setter properties, or the magic __proto__ value.
            Break this out as a new method, 'putOwnDataProperty'.
        (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
            values, in strict mode. This is, however, not so smart on a few level, since
            it is only called from op_put_by_id with direct set, which is only used with
            an object as the base, and is only used to put new properties onto objects.

        * dfg/DFGOperations.cpp:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::put):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::getOwnPropertySlot):
        * runtime/JSObject.h:
        (JSC::JSObject::putOwnDataProperty):
        * runtime/JSValue.h:

2012-01-12  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=76141
        defineSetter/defineGetter may fail to update Accessor attribute

        Reviewed by Oliver Hunt.

        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::initializeGetterSetterProperty):
        (JSC::JSObject::defineSetter):
        * runtime/Structure.cpp:
        (JSC::Structure::attributeChangeTransition):
        * runtime/Structure.h:

2012-01-12  David Levin  <levin@chromium.org>

        [chromium] Fix DC leak in WebScreenInfoFactory.
        https://bugs.webkit.org/show_bug.cgi?id=76203

        Reviewed by Dmitry Titov.

        * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h
        * JavaScriptCore.gypi: Added OwnGetDCWin.h
        * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC.

2012-01-11  Gavin Barraclough  <barraclough@apple.com>

        Allow accessor get/set property to be set to undefined
        https://bugs.webkit.org/show_bug.cgi?id=76148

        Reviewed by Oliver Hunt.

        AccessorDescriptor properties may have their get & set properties defined to reference a function
        (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
        (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
        three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).

        On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
        any JSObject* (with a constraint that this must be callable).

        Logically the get/set property of an accessor descriptor on an object might be in any of the three
        states above, but in practice there is no way to distinguish between the first two states. As such
        we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
        undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.

        * runtime/GetterSetter.h:
        (JSC::GetterSetter::setGetter):
        (JSC::GetterSetter::setSetter):
            - Allow the getter/setter to be cleared.
        * runtime/JSArray.cpp:
        (JSC::JSArray::putDescriptor):
            - Changed to call getterObject/setterObject.
        (JSC::JSArray::defineOwnNumericProperty):
            - Added ASSERT.
        * runtime/JSObject.cpp:
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
            - Changed to call getterObject/setterObject.
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorGetOwnPropertyDescriptor):
            - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
        (JSC::toPropertyDescriptor):
            - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::getterObject):
        (JSC::PropertyDescriptor::setterObject):
            - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
        (JSC::PropertyDescriptor::setDescriptor):
        (JSC::PropertyDescriptor::setAccessorDescriptor):
            - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
        * runtime/PropertyDescriptor.h:
            - Declare getterObject/setterObject.

2012-01-12  Zeno Albisser  <zeno@webkit.org>

        [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560.
        https://bugs.webkit.org/show_bug.cgi?id=76175

        Defining ENABLE_CSS_FILTERS leads to ambiguous references
        due to MacTypes.h being included.
        Defining CF_OPEN_SOURCE works around this problem.

        Reviewed by Simon Hausmann.

        * wtf/Platform.h:

2012-01-12  Simon Hausmann  <simon.hausmann@nokia.com>

        Make the new WTF module build on Qt
        https://bugs.webkit.org/show_bug.cgi?id=76163

        Reviewed by Tor Arne Vestbø.

        * JavaScriptCore.pro: Removed wtf from the subdirs to build.

2012-01-11  Filip Pizlo  <fpizlo@apple.com>

        CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter
        https://bugs.webkit.org/show_bug.cgi?id=76144
        <rdar://problem/10681711>

        Rubber stamped by Gavin Barraclough.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addressOfJITExecuteCounter):
        (JSC::CodeBlock::offsetOfJITExecuteCounter):
        (JSC::CodeBlock::jitExecuteCounter):
        (JSC::CodeBlock::optimizeNextInvocation):
        (JSC::CodeBlock::dontOptimizeAnytimeSoon):
        (JSC::CodeBlock::optimizeAfterWarmUp):
        (JSC::CodeBlock::optimizeAfterLongWarmUp):
        (JSC::CodeBlock::optimizeSoon):
        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * jit/JIT.cpp:
        (JSC::JIT::emitOptimizationCheck):

2012-01-11  Gavin Barraclough  <barraclough@apple.com>

        Merge 'Getter'/'Setter' attributes into 'Accessor'
        https://bugs.webkit.org/show_bug.cgi?id=76141

        Reviewed by Filip Pizlo.

        These are currently ambiguous (and used inconsistently). It would logically appear
        that either being bit set implies that the corresponding type of accessor is present
        but (a) we don't correctly enforce this, and (b) this means the attributes would not
        be able to distinguish between a data descriptor and an accessor descriptor with
        neither a getter nor setter defined (which is a descriptor permissible under the spec).
        This ambiguity would lead to unsafe property caching behavior (though this does not
        represent an actual current bug, since we are currently unable to create descriptors
        that have neither a getter nor setter, it just prevents us from doing so).

        * runtime/Arguments.cpp:
        (JSC::Arguments::createStrictModeCallerIfNecessary):
        (JSC::Arguments::createStrictModeCalleeIfNecessary):
        * runtime/JSArray.cpp:
        (JSC::SparseArrayValueMap::put):
        (JSC::JSArray::putDescriptor):
        * runtime/JSBoundFunction.cpp:
        (JSC::JSBoundFunction::finishCreation):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::getOwnPropertySlot):
        (JSC::JSFunction::getOwnPropertyDescriptor):
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::initializeGetterSetterProperty):
        (JSC::JSObject::defineSetter):
        (JSC::putDescriptor):
        (JSC::JSObject::defineOwnProperty):
        * runtime/JSObject.h:
        * runtime/ObjectConstructor.cpp:
        (JSC::objectConstructorDefineProperty):
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::setDescriptor):
        (JSC::PropertyDescriptor::setAccessorDescriptor):
        (JSC::PropertyDescriptor::setSetter):
        (JSC::PropertyDescriptor::setGetter):
        (JSC::PropertyDescriptor::attributesOverridingCurrent):

2012-01-11  Gavin Barraclough  <barraclough@apple.com>

        Object.defineProperty([], 'length', {}) should not make length read-only
        https://bugs.webkit.org/show_bug.cgi?id=76097

        Reviewed by Oliver Hunt.

        * runtime/JSArray.cpp:
        (JSC::JSArray::defineOwnProperty):
            - We should be checking writablePresent().

2012-01-11  Filip Pizlo  <fpizlo@apple.com>

        Code duplication for invoking the JIT and DFG should be reduced
        https://bugs.webkit.org/show_bug.cgi?id=76117
        <rdar://problem/10680189>

        Rubber stamped by Geoff Garen.

        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * jit/JITDriver.h: Added.
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):

2012-01-11  Geoffrey Garen  <ggaren@apple.com>

        Bytecode dumping is broken for call opcodes (due to two new operands)
        https://bugs.webkit.org/show_bug.cgi?id=75886

        Reviewed by Oliver Hunt.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
        to fix this more than once. The helper function skips the extra two operands
        at the end of the opcode, used for optimization.
        
        (JSC::CodeBlock::dump): Used the helper function.

        * bytecode/CodeBlock.h: Declared the helper function.

2012-01-09  Geoffrey Garen  <ggaren@apple.com>

        REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
        https://bugs.webkit.org/show_bug.cgi?id=75911

        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
        explicitly cast to our return type in C++.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::FunctionCallResolveNode::emitBytecode):
        (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
        into a temporary register before evaluating our arguments, since argument
        evaluation might include function calls or assignments that overwrite our callee by name.

2012-01-11  Michael Saboff  <msaboff@apple.com>

        v8-regexp spends 35% of its time allocating and copying internal regexp results data
        https://bugs.webkit.org/show_bug.cgi?id=76079

        Reviewed by Geoffrey Garen.

        Added a new RegExpResults struct that has the input string, the number of
        subexpressions and the output vector.  Changed RegExpConstructor to
        include a RegExpConstructorPrivate instead of having a reference to one.
        Changed RegExpMatchesArray to include a RegExpResults instead of a 
        reference to a RegExpConstructorPrivate.  Created an overloaded assignment
        operator to assign a RegExpConstructorPrivate to a RegExpResults.
        Collectively this change is worth 24% performance improvement to v8-regexp.
        
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpResult::operator=):
        (JSC::RegExpConstructor::RegExpConstructor):
        (JSC::RegExpMatchesArray::RegExpMatchesArray):
        (JSC::RegExpMatchesArray::finishCreation):
        (JSC::RegExpMatchesArray::~RegExpMatchesArray):
        (JSC::RegExpMatchesArray::fillArrayInstance):
        (JSC::RegExpConstructor::arrayOfMatches):
        (JSC::RegExpConstructor::getBackref):
        (JSC::RegExpConstructor::getLastParen):
        (JSC::RegExpConstructor::getLeftContext):
        (JSC::RegExpConstructor::getRightContext):
        (JSC::RegExpConstructor::setInput):
        (JSC::RegExpConstructor::input):
        (JSC::RegExpConstructor::setMultiline):
        (JSC::RegExpConstructor::multiline):
        * runtime/RegExpConstructor.h:
        (JSC::RegExpResult::RegExpResult):
        (JSC::RegExpConstructor::performMatch):
        * runtime/RegExpMatchesArray.h:
        (JSC::RegExpMatchesArray::create):
        (JSC::RegExpMatchesArray::getOwnPropertySlot):
        (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
        (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
        (JSC::RegExpMatchesArray::put):
        (JSC::RegExpMatchesArray::putByIndex):
        (JSC::RegExpMatchesArray::deleteProperty):
        (JSC::RegExpMatchesArray::deletePropertyByIndex):
        (JSC::RegExpMatchesArray::getOwnPropertyNames):

2012-01-11  Eugene Girard  <girard@google.com>

        Typo in error message: Unexpected token 'defualt'
        https://bugs.webkit.org/show_bug.cgi?id=75105

        Reviewed by Simon Fraser.

        * parser/Parser.h:
        (JSC::Parser::getTokenName):

2012-01-11  Anders Carlsson  <andersca@apple.com>

        Assertion failure in JSC::allocateCell trying to allocate a JSString
        https://bugs.webkit.org/show_bug.cgi?id=76101

        Reviewed by Adam Roben.

        Remove the ExecutableBase::s_info and JSString::s_info static member variables  from the .def file and
        export them explicitly using the JS_EXPORTDATA macro.

        member variables explicitly using 
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/Executable.h:
        * runtime/JSString.h:

2012-01-10  Mark Rowe  <mrowe@apple.com>

        <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder

        This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT
        as JavaScriptCore.framework or in to a different one.

        Rubber-stamped by Dan Bernstein.

        * Configurations/JSC.xcconfig: Update INSTALL_PATH.

2012-01-10  Filip Pizlo  <fpizlo@apple.com>

        DFG inlining block linking compares BlockIndex against bytecode index
        https://bugs.webkit.org/show_bug.cgi?id=76018
        <rdar://problem/10671979>

        Reviewed by Gavin Barraclough.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseCodeBlock):

2012-01-10  Filip Pizlo  <fpizlo@apple.com>

        CodeBlock.h declares too many things
        https://bugs.webkit.org/show_bug.cgi?id=76001

        Rubber stamped by Gavin Barraclough.
        
        Removed all non-CodeBlock type declarations from CodeBlock.h, and put them
        into separate header files. Also removed all non-CodeBlock method implementations
        from CodeBlock.cpp and put them into corresponding cpp files.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/RepatchBuffer.h:
        * bytecode/CallLinkInfo.cpp: Added.
        (JSC::CallLinkInfo::unlink):
        * bytecode/CallLinkInfo.h: Added.
        (JSC::CallLinkInfo::callTypeFor):
        (JSC::CallLinkInfo::CallLinkInfo):
        (JSC::CallLinkInfo::~CallLinkInfo):
        (JSC::CallLinkInfo::isLinked):
        (JSC::CallLinkInfo::seenOnce):
        (JSC::CallLinkInfo::setSeen):
        (JSC::getCallLinkInfoReturnLocation):
        (JSC::getCallLinkInfoBytecodeIndex):
        * bytecode/CallReturnOffsetToBytecodeOffset.h: Added.
        (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
        (JSC::getCallReturnOffset):
        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        * bytecode/CodeType.h: Added.
        * bytecode/ExpressionRangeInfo.h: Added.
        * bytecode/GlobalResolveInfo.h: Added.
        (JSC::GlobalResolveInfo::GlobalResolveInfo):
        * bytecode/HandlerInfo.h: Added.
        * bytecode/LineInfo.h: Added.
        * bytecode/MethodCallLinkInfo.cpp: Added.
        (JSC::MethodCallLinkInfo::reset):
        * bytecode/MethodCallLinkInfo.h: Added.
        (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
        (JSC::MethodCallLinkInfo::seenOnce):
        (JSC::MethodCallLinkInfo::setSeen):
        (JSC::getMethodCallLinkInfoReturnLocation):
        (JSC::getMethodCallLinkInfoBytecodeIndex):
        * bytecode/StructureStubInfo.h:
        (JSC::getStructureStubInfoReturnLocation):
        (JSC::getStructureStubInfoBytecodeIndex):

2012-01-10  Anders Carlsson  <andersca@apple.com>

        Hang opening movie that requires authentication
        https://bugs.webkit.org/show_bug.cgi?id=75989
        <rdar://problem/9601915>

        Reviewed by Sam Weinig.

        * wtf/Functional.h:
        Add function wrapper for a function that takes three parameters.

2012-01-10  Filip Pizlo  <fpizlo@apple.com>

        CodeBlock::m_numParameters should be encapsulated
        https://bugs.webkit.org/show_bug.cgi?id=75985
        <rdar://problem/10671020>

        Reviewed by Oliver Hunt.
        
        Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
        into it.  This appears to be performance neutral.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::setNumParameters):
        (JSC::CodeBlock::addParameter):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::numParameters):
        (JSC::CodeBlock::addressOfNumParameters):
        (JSC::CodeBlock::offsetOfNumParameters):
        (JSC::CodeBlock::numberOfArgumentValueProfiles):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::addParameter):
        (JSC::BytecodeGenerator::emitReturn):
        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::AbstractState):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::ByteCodeParser):
        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::predictArgumentTypes):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGOperations.cpp:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::slideRegisterWindowForCall):
        (JSC::Interpreter::dumpRegisters):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::prepareForRepeatCall):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * jit/JITStubs.cpp:
        (JSC::arityCheckFor):
        (JSC::lazyLinkFor):
        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):

2012-01-10  Gavin Barraclough  <barraclough@apple.com>

        Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935

        Fix 32-bit builds.

        * runtime/JSArray.cpp:
        (JSC::JSArray::getOwnPropertyNames):
        (JSC::JSArray::setLength):

2012-01-10  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-01-10  Gavin Barraclough  <barraclough@apple.com>

        Do not allow Array length to be set if it is non-configurable
        https://bugs.webkit.org/show_bug.cgi?id=75935

        Reviewed by Sam Weinig.

        Do not allow Array length to be set if it is non-configurable, and if the new
        length is less than the old length then intervening properties should removed
        in reverse order. Removal of properties should cease if an intervening indexed
        property being removed is non-configurable.

        * JavaScriptCore.exp:
            - Removed export for setLength.
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncConcat):
            - JSArray::setLength now takes an ExecState*
        (JSC::arrayProtoFuncSlice):
            - JSArray::setLength now takes an ExecState*
        * runtime/JSArray.cpp:
        (JSC::JSArray::defineOwnProperty):
            - JSArray::setLength now takes an ExecState*
        (JSC::JSArray::put):
            - JSArray::setLength now takes an ExecState*
        (JSC::compareKeysForQSort):
            - Keys extracted from the map can be stored as unsigneds.
        (JSC::JSArray::getOwnPropertyNames):
            - Keys extracted from the map can be stored as unsigneds.
        (JSC::JSArray::setLength):
            - Check lengthIsReadOnly(), rather than copying the entire map to iterate
              over to determine which keys to remove, instead just copy the keys from
              the map to a Vector. When inSparseMode sort the keys in the Vector so
              that we can remove properties in reverse order.
        * runtime/JSArray.h:
            - JSArray::setLength now takes an ExecState*

2012-01-10  Gavin Barraclough  <barraclough@apple.com>

        Use SameValue to compare property descriptor values
        https://bugs.webkit.org/show_bug.cgi?id=75975

        Reviewed by Sam Weinig.

        Rather than strictEqual.

        * runtime/JSArray.cpp:
        (JSC::JSArray::defineOwnNumericProperty):
            - Missing configurablePresent() check.
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineOwnProperty):
            - call sameValue.
        * runtime/PropertyDescriptor.cpp:
        (JSC::sameValue):
            - Moved from JSArray.cpp, fix NaN comparison.
        (JSC::PropertyDescriptor::equalTo):
            - call sameValue.
        * runtime/PropertyDescriptor.h:
            - Added declaration for sameValue.
2012-01-09  Gavin Barraclough  <barraclough@apple.com>

        Error handling : in ISO8601 timezone
        https://bugs.webkit.org/show_bug.cgi?id=75919

        Reviewed by Sam Weinig.

        * wtf/DateMath.cpp:
        (WTF::parseDateFromNullTerminatedCharacters):
            - need to increment the string position.

2012-01-09  Mark Rowe  <mrowe@apple.com>

        JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target
        <http://webkit.org/b/75907> / <rdar://problem/10659862>

        We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit
        dependencies prevent this.

        Reviewed by Dan Bernstein.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2012-01-09  Adam Treat  <atreat@rim.com>

        Log is a little to verbose for blackberry port
        https://bugs.webkit.org/show_bug.cgi?id=75728

        The BlackBerry::Platform::Log* functions take care of the call to vfprintf
        which is resulting in unintentional noise in our logs.  Add a conditional
        directive to fix.

        Change to using BlackBerry::Platform::logStreamV which does not insert
        threading info and newlines unlike BlackBerry::Platform::log.

        Finally, add log locking and unlocking which the BlackBerry platform
        uses to ensure that N threads do not trample on each other's logs.

        Reviewed by Rob Buis.

        * wtf/Assertions.cpp:
        (WTFLogLocker::WTFReportAssertionFailure):
        (WTFLogLocker::WTFReportAssertionFailureWithMessage):
        (WTFLogLocker::WTFReportArgumentAssertionFailure):
        (WTFLogLocker::WTFReportFatalError):
        (WTFLogLocker::WTFReportError):
        (WTFLogLocker::WTFLog):
        (WTFLogLocker::WTFLogVerbose):

2012-01-09  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=75789
        defineOwnProperty not implemented for Array objects

        Reviewed by Sam Weinig.

        Implements support for getter/setter & non-default attribute properties on arrays,
        by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
        test failures.

        * JavaScriptCore.exp:
            - Updated exports.
        * dfg/DFGOperations.cpp:
            - JSArray::pop now requires an exec state.
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncPop):
            - JSArray::pop now requires an exec state.
        * runtime/JSArray.cpp:
        (JSC::SparseArrayValueMap::add):
            - Add a potentially empty entry into the map.
        (JSC::SparseArrayValueMap::put):
            - Changed to call setter.
        (JSC::SparseArrayEntry::get):
            - calls getters.
        (JSC::SparseArrayEntry::getNonSparseMode):
            - does not call getters.
        (JSC::JSArray::enterSparseMode):
            - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
        (JSC::JSArray::putDescriptor):
            - Create a numeric property based on a descriptor.
        (JSC::sameValue):
            - See ES5.1 9.12.
        (JSC::reject):
            - Helper for the [[DefineOwnProperty]] algorithm.
        (JSC::JSArray::defineOwnNumericProperty):
            - Define an indexed property on an array object.
        (JSC::JSArray::setLengthWritable):
            - Marks the length read-only, enters SparseMode as necessary.
        (JSC::JSArray::defineOwnProperty):
            - Defines either an indexed property or 'length' on an array object.
        (JSC::JSArray::getOwnPropertySlotByIndex):
            - Updated to correctly handle accessor descriptors & attributes.
        (JSC::JSArray::getOwnPropertyDescriptor):
            - Updated to correctly handle accessor descriptors & attributes.
        (JSC::JSArray::put):
            - Pass strict mode flag to setLength.
        (JSC::JSArray::putByIndex):
            - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
        (JSC::JSArray::putByIndexBeyondVectorLength):
            - Pass exec to SparseArrayValueMap::put.
        (JSC::JSArray::deletePropertyByIndex):
            - Do not allow deletion of non-configurable properties.
        (JSC::compareKeysForQSort):
            - used in implementation of getOwnPropertyNames.
        (JSC::JSArray::getOwnPropertyNames):
            - Properties in the sparse map should be iterated in order.
        (JSC::JSArray::setLength):
            - Updated to take a 'shouldThrow' flag, return a result indicating error.
        (JSC::JSArray::pop):
            - pop should throw an error if length is not writable, even if the array is empty.
        (JSC::JSArray::push):
            - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
        (JSC::JSArray::sort):
            - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
        (JSC::JSArray::compactForSorting):
            - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
        * runtime/JSArray.h:
        (JSC::SparseArrayValueMap::lengthIsReadOnly):
            - Check if the length is read only.
        (JSC::SparseArrayValueMap::setLengthIsReadOnly):
            - Mark the length as read only.
        (JSC::SparseArrayValueMap::find):
            - Moved into header.
        (JSC::JSArray::isLengthWritable):
            - Wraps SparseArrayValueMap::lengthIsReadOnly.
        * runtime/JSObject.cpp:
        (JSC::JSObject::defineOwnProperty):
            - Should be returning the result of putDescriptor.
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::attributesOverridingCurrent):
            - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
        * runtime/PropertyDescriptor.h:
            - Added attributesOverridingCurrent.

2012-01-09  Pavel Heimlich  <tropikhajma@gmail.com>

        There is no support for fastcall in Solaris Studio.
        Fixes build on Solaris.
        https://bugs.webkit.org/show_bug.cgi?id=75736

        Reviewed by Gavin Barraclough.

        * jit/JITStubs.h:

2012-01-09  Pavel Heimlich  <tropikhajma@gmail.com>

        Fix build failure on Solaris
        https://bugs.webkit.org/show_bug.cgi?id=75733

        Reviewed by Gavin Barraclough.

        * wtf/ByteArray.h:

2012-01-01  Raphael Kubo da Costa  <kubo@profusion.mobi>

        [CMake] Clean up some cruft from WTF's CMakeLists.txt
        https://bugs.webkit.org/show_bug.cgi?id=75420

        Reviewed by Daniel Bates.

        * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add
        all needed paths to WTF_INCLUDE_DIRECTORIES in a single place.

2012-01-08  Xianzhu Wang  <wangxianzhu@chromium.org>

        Fix compilation error about ListHashSetReverseIterator
        https://bugs.webkit.org/show_bug.cgi?id=75372

        Reviewed by Darin Adler.

        There is a typo in class ListHashSetReverseIterator:
        typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
        Should be
        typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;

        * wtf/ListHashSet.h:

2012-01-08  Ryosuke Niwa  <rniwa@webkit.org>

        WinCE build fix after r104415.

        * jit/JITExceptions.cpp:
        * jit/JITExceptions.h:

2012-01-08  Filip Pizlo  <fpizlo@apple.com>

        The JIT's protocol for exception handling should be available to other parts of the system
        https://bugs.webkit.org/show_bug.cgi?id=75808
        <rdar://problem/10661025>

        Reviewed by Oliver Hunt.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * jit/JITExceptions.cpp: Added.
        (JSC::genericThrow):
        (JSC::jitThrow):
        * jit/JITExceptions.h: Added.
        * jit/JITStubs.cpp:
        * runtime/JSGlobalData.h:

2012-01-06  Hajime Morrita  <morrita@chromium.org>

        https://bugs.webkit.org/show_bug.cgi?id=75296
        JSString should not have JS_EXPORTCLASS annotation

        Reviewed by Kevin Ollivier.

        * runtime/JSString.h: Removed JS_EXPORTCLASS annotation.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        Added missing symbols which were hidden by JS_EXPORTCLASS.

2012-01-06  Michael Saboff  <msaboff@apple.com>

        JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound()
        https://bugs.webkit.org/show_bug.cgi?id=75757

        Reviewed by Gavin Barraclough.

        * runtime/JSArray.cpp:
        (JSC::JSArray::pop): Changed map->end() to map->notFound().

2012-01-06  Filip Pizlo  <fpizlo@apple.com>

        JIT stub slow paths that would be identical to that of an interpreter should be factored out
        https://bugs.webkit.org/show_bug.cgi?id=75743
        <rdar://problem/10657024>

        Reviewed by Geoff Garen.

        * GNUmakefile.list.am:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/CommonSlowPaths.h: Added.
        (JSC::CommonSlowPaths::opInstanceOfSlow):
        (JSC::CommonSlowPaths::opIn):
        (JSC::CommonSlowPaths::opResolve):
        (JSC::CommonSlowPaths::opResolveSkip):
        (JSC::CommonSlowPaths::opResolveWithBase):
        (JSC::CommonSlowPaths::opResolveWithThis):

2012-01-06  Sam Weinig  <sam@webkit.org>

        Fix windows build.

        * wtf/TypeTraits.cpp:

2012-01-05  Michael Saboff  <msaboff@apple.com>

        Default HashTraits for Opcode don't work for Opcode = 0
        https://bugs.webkit.org/show_bug.cgi?id=75595

        Reviewed by Oliver Hunt.

        Removed the populating of the m_opcodeIDTable table in the
        case where the OpcodeID and Opcode are the same (m_enabled is false).
        Instead we just cast the one type to the other.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::initialize):
        (JSC::Interpreter::isOpcode):
        * interpreter/Interpreter.h:
        (JSC::Interpreter::getOpcodeID):

2012-01-06  Sam Weinig  <sam@webkit.org>

        Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr
        https://bugs.webkit.org/show_bug.cgi?id=75737

        Reviewed by Anders Carlsson.

        * wtf/TypeTraits.cpp:
        * wtf/TypeTraits.h:
        Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray
        is composed of some helpers which are also exposed, Conditional<>, which
        can provide one type or another based on a boolean predicate, IsArray<>
        which can deduce array types, and RemoveExtent<>, which removes the extent
        from an array type. 

2012-01-06  Oliver Hunt  <oliver@apple.com>

        GetByteArrayLength is incorrect
        https://bugs.webkit.org/show_bug.cgi?id=75735

        Reviewed by Filip Pizlo.

        Load the byte array length from the correct location.
        This stops an existing test from hanging.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2012-01-06  Filip Pizlo  <fpizlo@apple.com>

        Fix build.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2012-01-06  Oliver Hunt  <oliver@apple.com>

        DFG no longer optimises CanvasPixelArray
        https://bugs.webkit.org/show_bug.cgi?id=75729

        Reviewed by Gavin Barraclough.

        Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match
        the future name when we switch over to the new typed-array based
        ImageData specification.

        * runtime/JSByteArray.cpp:

2012-01-06  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>

        Use HashMap<OwnPtr> for SourceProviderCache items
        https://bugs.webkit.org/show_bug.cgi?id=75346

        Reviewed by Daniel Bates.

        * parser/Parser.cpp:
        * parser/SourceProviderCache.cpp:
        (JSC::SourceProviderCache::clear):
        (JSC::SourceProviderCache::add):
        * parser/SourceProviderCache.h:

2012-01-06  Sam Weinig  <sam@webkit.org>

        Remove unused OwnFastMallocPtr class.
        https://bugs.webkit.org/show_bug.cgi?id=75722

        Reviewed by Geoffrey Garen.

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/CMakeLists.txt:
        * wtf/OwnFastMallocPtr.h: Removed.
        * wtf/text/StringImpl.h:
        * wtf/wtf.pro:

2012-01-06  Benjamin Poulain  <bpoulain@webkit.org>

        [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates
        https://bugs.webkit.org/show_bug.cgi?id=75631

        Reviewed by Andreas Kling.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2012-01-06  Eric Seidel  <eric@webkit.org> and Gustavo Noronha Silva  <gustavo.noronha@collabora.com>

        Make the new WTF module build on Gtk
        https://bugs.webkit.org/show_bug.cgi?id=75669

        * GNUmakefile.am:

2012-01-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        [Qt] Remove un-needed VPATHs from project includes

        Reviewed by Simon Hausmann.

        * JavaScriptCore.pri:
        * wtf/wtf.pri:

2012-01-06  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        [Qt] Move listing of include paths and libs to pri files in sources

        Includepaths are sometimes modified by non-Qt contributors so keeping
        them in files inside Sources makes it more likely that they are updated
        along with project files for the other ports.

        Using pri files instead of prf files for this also has the benefit that
        the include() from the main target file can be parsed and followed by
        Qt Creator -- something that does not work with load().

        Dependency from a target to a library through the WEBKIT variable are
        handled through forwarding-files in Tools/qmake/mkspecs/modules, which
        set the source root of the module and include the right pri file.

        Ideally we'd use the variant of include() that takes an optional
        namespace to read the variables into, or the fromfile() function,
        but both of these add an overhead of about 40% on the total qmake
        runtime, due to making a deep copy of all the variables in the
        project or re-reading all the prf files from scratch.

        Reviewed by Simon Hausmann.
        Reviewed by Ossy.

        * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
        * Target.pri:
        * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
        * wtf/wtf.pro:

2012-01-06  Hajime Morrita  <morrita@chromium.org>

        WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
        https://bugs.webkit.org/show_bug.cgi?id=75612

        Reviewed by Kevin Ollivier.

        * wtf/text/WTFString.h:
        (WTF::String::findIgnoringCase):
        (WTF::String::append):
        (WTF::String::fromUTF8):
        (WTF::String::fromUTF8WithLatin1Fallback):
        (WTF::String::isHashTableDeletedValue):

2012-01-05  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/10633760> Update copyright strings

        Reviewed by Mark Rowe.

        * Info.plist:

2012-01-05  Gavin Barraclough  <barraclough@apple.com>

        Date constructor handles infinite values incorrectly.
        https://bugs.webkit.org/show_bug.cgi?id=70998

        Reviewed by Filip Pizlo.

        * runtime/DateConstructor.cpp:
        (JSC::constructDate):
            - should be checking !finite rather then isnan.

2012-01-05  Gavin Barraclough  <barraclough@apple.com>

        date.toISOString produces incorrect results for dates with ms prior to 1970
        https://bugs.webkit.org/show_bug.cgi?id=75684

        Reviewed by Sam Weinig.

        * runtime/DatePrototype.cpp:
        (JSC::dateProtoFuncToISOString):

2012-01-05  Gavin Barraclough  <barraclough@apple.com>

        Array.prototype.lastIndexOf ignores undefined fromIndex.
        https://bugs.webkit.org/show_bug.cgi?id=75678

        Reviewed by Sam Weinig.

        array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncLastIndexOf):
            - should check argumnet count, rather than checking agument value for undefined.

2012-01-05  Gavin Barraclough  <barraclough@apple.com>

        Date parsing is too restrictive.
        https://bugs.webkit.org/show_bug.cgi?id=75671

        Reviewed by Oliver Hunt.

        ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
        The spec allow a date to be date only, or date + time.

        The date portion on the should match: (pseudocode!:)
            [(+|-)YY]YYYY[-MM[-DD]]
        though we are slightly more liberal (permitted by the spec), allowing:
            [+|-]Y+[-MM[-DD]]
        The time portion should match:
            THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
        again we're slightly more liberal, allowing:
            THH:mm[:ss[.s+]][Z|(+|-)HH:mm]

        * wtf/DateMath.cpp:
        (WTF::parseES5DatePortion):
            - Month/day fields are optional, default to 01.
        (WTF::parseES5TimePortion):
            - Hours/Minutes are requires, seconds/timezone are optional.
        (WTF::parseES5DateFromNullTerminatedCharacters):
            - Dates may be date only, or date + time.

2012-01-05  Bruno Dilly  <bdilly@profusion.mobi>

        [EFL] Undefined references to ICU_I18N symbols on WTF
        https://bugs.webkit.org/show_bug.cgi?id=75642

        Unreviewed build fix.

        Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
        Some undefined references were ucol_setAttribute_44, ucol_close_44,
        ucol_getAttribute_44...

        * wtf/PlatformEfl.cmake:

2012-01-05  Geoffrey Garen  <ggaren@apple.com>

        Refined the fast path for StringImpl::hash()
        https://bugs.webkit.org/show_bug.cgi?id=75178

        Reviewed by Darin Adler.

        Moved the hash calculation code into an out-of-line function to clean up
        the hot path.

        No measurable benchmark change, but this knocks some samples off in
        Instruments, and I think this is a step toward removing -fomit-frame-pointer.
        
        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::hashSlowCase):
        * wtf/text/StringImpl.h:
        (WTF::StringImpl::hash): The patch.

        * wtf/text/StringStatics.cpp:
        (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
        scheme, which requires all out-of-line StringImpl functions used by
        WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)

2012-01-05  Gavin Barraclough  <barraclough@apple.com>

        Literal tab in JSONString fails
        https://bugs.webkit.org/show_bug.cgi?id=71772

        Reviewed by Oliver Hunt.

        rfc4627 does not allow literal tab characters in JSON source.

        * runtime/LiteralParser.cpp:
        (JSC::isSafeStringCharacter):
            - do not allow literal tab in StrictJSON mode.

2012-01-05  Gavin Barraclough  <barraclough@apple.com>

        push/shift fifo may consume excessive memory
        https://bugs.webkit.org/show_bug.cgi?id=75610

        Reviewed by Sam Weinig.

        Array object commonly store data in a vector, consisting of a portion that is
        in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
        m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
        the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
        never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
        amount of memory, whilst having a relatively small active length.

        * runtime/JSArray.cpp:
        (JSC::JSArray::increaseVectorLength):
            - If m_indexBias is non-zero, decay it over time.

2012-01-05  Csaba Osztrogonác  <ossy@webkit.org>

        unshift/pop fifo may consume excessive memory
        https://bugs.webkit.org/show_bug.cgi?id=75588

        Reviewed by Zoltan Herczeg.

        Buildfix after r104120.

        * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
        (JSC::JSArray::unshiftCount):

2012-01-05  Zoltan Herczeg  <zherczeg@webkit.org>

        Unreviewed gardening after r104134.

        * wtf/Assertions.cpp:

2012-01-05  Zoltan Herczeg  <zherczeg@webkit.org>

        Unreviewed gardening after r75605.

        Rubber stamped by NOBODY Csaba Osztrogonác.

        * wtf/Assertions.cpp:

2012-01-05  Benjamin Poulain  <benjamin@webkit.org>

        Improve charactersAreAllASCII() to compare multiple characters at a time
        https://bugs.webkit.org/show_bug.cgi?id=74063

        Reviewed by Darin Adler.

        A new header ASCIIFastPath.h contains the functions related to
        the detection of ASCII by using machine words. Part of it comes from
        WebCore's TextCodecASCIIFastPath.h.

        The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
        and is implemented with computer word comparison.
        The gain over the previous implementation of charactersAreAllASCII() is of
        the order of how many comparison are avoided (4x, 8x, 16x depending on the
        format and the CPU type).

        * GNUmakefile.list.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/text/ASCIIFastPath.h: Added.
        (WTF::isAlignedToMachineWord):
        (WTF::alignToMachineWord):
        (WTF::isAllASCII):
        (WTF::charactersAreAllASCII):
        * wtf/text/WTFString.h:
        * wtf/wtf.pro:

2012-01-05  Mark Rowe  <mrowe@apple.com>

        <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL

        We should always log to both ASL and stderr on platforms where this won't result in launchd
        duplicating the messages.

        Reviewed by Dan Bernstein.

        * wtf/Assertions.cpp:
        (vprintf_stderr_common):

2012-01-05  Mark Rowe  <mrowe@apple.com>

        <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line

        Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
        single line of text. This results in strangely formatted output if vprintf_stderr_common is
        retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
        like stderr.

        Reviewed by Dan Bernstein.

        * wtf/Assertions.cpp:
        (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
        string before handing it off to vprintf_stderr_common. This requires disabling warnings about
        calling a printf-like function with a non-literal format string for this piece of code. It's
        safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
        (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
        given format string if one does not already exist. It requires the same treatment with regards
        to the non-literal format string warning.
        (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
        (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
        (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
        (WTFReportError): Ditto.
        (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
        (WTFLogVerbose): Ditto.

2012-01-04  Gavin Barraclough  <barraclough@apple.com>

        unshift/pop fifo may consume excessive memory
        https://bugs.webkit.org/show_bug.cgi?id=75588

        Reviewed by Sam Weinig.

        The Array object commonly store data in a vector, consisting of a portion that
        is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
        m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
        current algorithm for increasePrefixVectorLength (used by unshift) will never
        stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
        of memory, whilst having a relatively small active length.

        * runtime/JSArray.cpp:
        (JSC::storageSize):
            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
        (JSC::SparseArrayValueMap::put):
            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
        (JSC::JSArray::increaseVectorLength):
            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
        (JSC::JSArray::unshiftCountSlowCase):
            - renamed from increaseVectorPrefixLength (this was a bad name, since it
              also moved the ArrayStorage header), rewritten.
        (JSC::JSArray::shiftCount):
            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
        (JSC::JSArray::unshiftCount):
            - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
              increaseVectorPrefixLength renamed to unshiftCountSlowCase
        (JSC::JSArray::sortNumeric):
        * runtime/JSArray.h:
            - Updated function declarations, m_indexBias should be unsigned.

2012-01-04  Mark Rowe  <mrowe@apple.com>

        <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments

        Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
        to ensure that the correct destructor is invoked. This is necessary because
        JSCell subclasses all intentionally have non-virtual destructors.

        Reviewed by Filip Pizlo.

        * runtime/Arguments.cpp:
        (JSC::Arguments::destroy):
        * runtime/Arguments.h:

2012-01-04  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, accidentally turned off the JIT in previous commit. Turning
        it back on.

        * wtf/Platform.h:

2012-01-04  Filip Pizlo  <fpizlo@apple.com>

        Changed "return" to "break" in some macrology I introduced in
        http://trac.webkit.org/changeset/104086. This is a benign change, as
        "return" was technically correct for all uses of the macro.

        Reviewed by Oliver Hunt.

        * dfg/DFGGraph.cpp:
        * wtf/Platform.h:

2012-01-04  Michael Saboff  <msaboff@apple.com>

        StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
        https://bugs.webkit.org/show_bug.cgi?id=75583

        Reviewed by Filip Pizlo.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
        StructureStubInfo and reset the appropriate JIT and
        the StructureStubInfo itself when reseting a MethodCallLinkInfo.

2012-01-04  Michael Saboff  <msaboff@apple.com>

        Invalid ASSERT() in DFGRepatch.cpp near line 385
        https://bugs.webkit.org/show_bug.cgi?id=75584

        Reviewed by Filip Pizlo.

        * dfg/DFGRepatch.cpp:
        (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.

2012-01-04  Filip Pizlo  <fpizlo@apple.com>

        Incorrect use of DFG node reference counts when mutating the graph
        https://bugs.webkit.org/show_bug.cgi?id=75580
        <rdar://problem/10644607>

        Reviewed by Oliver Hunt.
        
        Made deref(node) follow the pattern of ref(node), which it should have
        to begin with.

        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::refChildren):
        (JSC::DFG::Graph::derefChildren):
        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::deref):
        (JSC::DFG::Graph::clearAndDerefChild1):
        (JSC::DFG::Graph::clearAndDerefChild2):
        (JSC::DFG::Graph::clearAndDerefChild3):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::deref):
        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::fixupNode):

2012-01-04  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies

        The custom qmake variable 'WEBKIT' is used for signaling that a
        target depends in some way on other subproject of the WebKit
        project. For now this is limited to the set of intermediate
        libraries: wtf, javascriptcore, webcore, and webkit2.

        This replaces the previous convension of using load(foo) for
        just include paths, and CONFIG += foo to also link against foo.

        Adding a dependency results in additional include paths being
        available, and potentially linking to the library. This is
        decided by the build system based on conditions such as what
        kind of target is being built and the general build config.

        An advantage to his approach is that it simplifies the individual
        foo.prf files, for example by allowing us to use INCLUDEPATH +=
        and LIBS += as normal instead of prepending.

        Reviewed by Simon Hausmann.

        * Target.pri:
        * jsc.pro:
        * wtf/wtf.pro:

2012-01-03  Filip Pizlo  <fpizlo@apple.com>

        DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
        https://bugs.webkit.org/show_bug.cgi?id=75516
        <rdar://problem/10640266>

        Reviewed by Gavin Barraclough.
        
        Removed the offending assertion, since it was wrong.  Also hardened the code to make
        this case less likely by first having the propagator fixpoint converge, and then doing
        double voting combined with a second fixpoint.  This is neutral on benchmarks and
        fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
        until we've converged to the conclusion that it really is double).

        * dfg/DFGPropagator.cpp:
        (JSC::DFG::Propagator::propagatePredictions):
        * dfg/DFGVariableAccessData.h:
        (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):

2012-01-03  Filip Pizlo  <fpizlo@apple.com>

        REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
        https://bugs.webkit.org/show_bug.cgi?id=75303
        <rdar://problem/10633533>

        Reviewed by Gavin Barraclough.
        
        The this argument was not being kept alive in some cases during inlining and intrinsic
        optimizations.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::handleCall):
        (JSC::DFG::ByteCodeParser::emitFunctionCheck):
        (JSC::DFG::ByteCodeParser::handleInlining):

2012-01-03  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-01-03  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-01-03  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=75140

        Reviewed by Sam Weinig.

        Rewrite JSArray::putSlowCase to be much cleaner & simpler.

        This rewrite only significantly changes behaviour for sparse array, specifically
        in how sparse arrays are reified back to vector form. This does not affect arrays
        with less than 10000 entries (since these always use a vector). The more common
        cases of sparse array behavior (though large sparse arrays are rare) - arrays that
        always remain sparse, and arrays that are filled in reverse sequential order -
        should be just as fast or faster (since reification is simpler & no longer
        requires map lookups) after these changes.

        Simplifying this code allows all cases of putByIndex that need to grow the vector
        to do so via increaseVectorLength, which means that this method can encapsulate
        the policy of determining how the vector should be grown.

        No performance impact.

        * runtime/JSArray.cpp:
        (JSC::isDenseEnoughForVector):
            - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
        (JSC::JSArray::putByIndex):
            - simplify & comment.
        (JSC::JSArray::putByIndexBeyondVectorLength):
            - Re-written to be much clearer & simpler.
        (JSC::JSArray::increaseVectorLength):
        (JSC::JSArray::increaseVectorPrefixLength):
            - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
        (JSC::JSArray::push):
            - simplify & comment.
        * runtime/JSArray.h:
            - removed SparseArrayValueMap::take.

2012-01-03  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2012-01-03  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=75140

        Reviewed by Sam Weinig.

        Simplify JSArray creation - remove ArgsList/JSValue* create methods
        (this functionality can be implemented in terms of tryCreateUninitialized).

        * JavaScriptCore.exp:
        * runtime/ArrayConstructor.cpp:
            - use constructArray/constructEmptyArray instead of calling JSArray::create directly
        (JSC::constructArrayWithSizeQuirk):
        * runtime/JSArray.cpp:
        * runtime/JSArray.h:
            - removed ArgsList/JSValue* create methods
        * runtime/JSGlobalObject.h:
        (JSC::constructEmptyArray):
        (JSC::constructArray):
            - changed to be implemented in terms of JSArray::tryCreateUninitialized

2012-01-03  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=75429
        ThrowTypeError should be a singleton object

        Reviewed by Sam Weinig.

        Per section 13.2.3 of the spec.
        We could change setAccessorDescriptor to be able to share the global
        GetterSetter object, rather than storing the accessor functions and
        creating a new GetterSetter in defineProperty - but this won't be a
        small change to PropertyDescriptors (and would probably mean making
        GetterSetter objects immutable?) - so I'll leave that for another
        patch.

        * JavaScriptCore.exp:
            - don't export setAccessorDescriptor
        * runtime/Arguments.cpp:
        (JSC::Arguments::createStrictModeCallerIfNecessary):
        (JSC::Arguments::createStrictModeCalleeIfNecessary):
            - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
        * runtime/Error.cpp:
        * runtime/Error.h:
            - remove createTypeErrorFunction
        * runtime/JSFunction.cpp:
        * runtime/JSFunction.h:
            - remove unused createDescriptorForThrowingProperty
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::visitChildren):
            - removed m_strictModeTypeErrorFunctionStructure.
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::internalFunctionStructure):
            - removed m_strictModeTypeErrorFunctionStructure.
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::setAccessorDescriptor):
            - changed to take a GetterSetter
        * runtime/PropertyDescriptor.h:
            - changed to take a GetterSetter

2012-01-02  Gavin Barraclough  <barraclough@apple.com>

        Check in fixes for jsc tests following bug #75455.

        * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
        * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:

2012-01-02  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=75452
        If argument to Error is undefined, message is not set

        Reviewed by Sam Weinig.

        Per section 15.11.1.1 of the spec.

        * runtime/ErrorInstance.h:
        (JSC::ErrorInstance::create):
        (JSC::ErrorInstance::finishCreation):

2012-01-02  Gavin Barraclough  <barraclough@apple.com>

        ES5 prohibits parseInt from supporting octal
        https://bugs.webkit.org/show_bug.cgi?id=75455

        Reviewed by Sam Weinig.

        See sections 15.1.2.2 and annex E.

        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::parseInt):

2012-01-02  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=55343
        Global JSON should be configurable but isn't

        Reviewed by Sam Weinig.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
            - make JSON configurable

2012-01-01  Filip Pizlo  <fpizlo@apple.com>

        Call instructions should leave room for linking information
        https://bugs.webkit.org/show_bug.cgi?id=75422
        <rdar://problem/10633985>

        Reviewed by Oliver Hunt.

        * bytecode/Opcode.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitConstruct):

2011-12-31  Dan Bernstein  <mitz@apple.com>

        Continue trying to fix the Windows build after r103823.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-12-31  Dan Bernstein  <mitz@apple.com>

        Start trying to fix the Windows build after r103823.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-12-30  Anders Carlsson  <andersca@apple.com>

        Add a ParamStorageTraits specialization for RetainPtr
        https://bugs.webkit.org/show_bug.cgi?id=75392

        Reviewed by Daniel Bates.

        * wtf/Functional.h:
        Add a partial specialization of ParamStorageTraits for RetainPtr<T>.

        * wtf/RetainPtr.h:
        Bring in the retainPtr function template from WTF.

2011-12-29  Sam Weinig  <sam@webkit.org>

        It should be easier to iterate a Vector backwards
        https://bugs.webkit.org/show_bug.cgi?id=75359

        Reviewed by Anders Carlsson.

        Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
        a new proxy driven way to access a vector backwards. One can use
        reversed() in a range-based for loop like so:

            for (auto val: myVector.reversed())
                doSomething(val)

        * wtf/Vector.h:
        (WTF::Vector::~Vector):
        Fix style.

        (WTF::Vector::rbegin):
        (WTF::Vector::rend):
        Added using standard adaptor std::reverse_iterator.

        (WTF::Vector::reversed):
        (WTF::Vector::VectorReverseProxy::begin):
        (WTF::Vector::VectorReverseProxy::end):
        Add proxy similar to one used in HashMap for keys() and values()
        which allows access to a Vector backwards for use in range-based
        for loops.

2011-12-29  Gavin Barraclough  <barraclough@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=75140

        Reviewed by Oliver Hunt.

        Start cleaning up JSArray construction. JSArray has a set of create methods,
        one of which (currently) takes a 'creation mode' enum parameter. Based on that
        parameter, the constructor does one of two completely different things. If the
        parameter is 'CreateInitialized' it creates an array, setting the length, but
        does not eagerly allocate a storage vector of the specified length. A small
        (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
        access to the vector will read the hole value (return undefined). The alternate
        usage of this method ('CreateCompact') does something very different. It tries
        to create an array of the requested length, and also allocates a storage vector
        large enough to hold all properties. It does not clear the storage vector,
        leaving the memory uninitialized and requiring the user to call a method
        'uncheckedSetIndex' to initialize values in the vector.

        This patch factors out these two behaviours, moving the 'CreateCompact' mode
        into its own method, 'tryCreateUninitialized' (matching the naming for this
        functionality in the string classes). 'tryCreateUninitialized' may return 0 if
        memory allocation fails during construction of the object. The construction
        pattern changes such that values added during initialization will be marked if
        a GC is&n