Build fixed for http://trac.webkit.org/changeset/128243
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-09-11  Michael Saboff  <msaboff@apple.com>
2
3         Build fixed for http://trac.webkit.org/changeset/128243
4
5         Rubber stamped by Stephanie Lewis.
6
7         Added missing include file needed by 96422.
8
9         * icu/unicode/ptypes.h: Added.
10
11 2012-09-11  Michael Saboff  <msaboff@apple.com>
12
13         Update ICU header files to more recent version
14         https://bugs.webkit.org/show_bug.cgi?id=96422
15
16         Reviewed by Geoff Garen.
17
18         Updated ICU header files to 4.6.1.  Modifications made as part of the merge are:
19         platform.h - Changed ifndef / define / endif for U_HAVE_UINT8_T, U_HAVE_UINT16_T, U_HAVE_UINT32_T,
20             U_HAVE_UINT64_T, U_IS_BIG_ENDIAN and U_ENABLE_TRACING to match the existing platform.h
21         putil.h (line 132) - Changes defined(U_WINDOWS) to defined(WIN32) || defined(OS2) to match existing putil.h
22         ustring.h (line 945) - Wrapped macro argument cs with { (const UChar *)cs } to match existing ustring.h
23         utypes.h (line 545) - Changed defined(U_WINDOWS) to defined(WIN32) to match existing utypes.h
24
25         * icu/unicode/localpointer.h: Added.
26         * icu/unicode/parseerr.h:
27         * icu/unicode/platform.h:
28         * icu/unicode/putil.h:
29         * icu/unicode/uchar.h:
30         * icu/unicode/ucnv.h:
31         * icu/unicode/ucnv_err.h:
32         * icu/unicode/ucol.h:
33         * icu/unicode/uconfig.h:
34         * icu/unicode/uenum.h:
35         * icu/unicode/uiter.h:
36         * icu/unicode/uloc.h:
37         * icu/unicode/umachine.h:
38         * icu/unicode/unorm.h:
39         * icu/unicode/urename.h:
40         * icu/unicode/uscript.h:
41         * icu/unicode/uset.h:
42         * icu/unicode/ustring.h:
43         * icu/unicode/utf.h:
44         * icu/unicode/utf16.h:
45         * icu/unicode/utf8.h:
46         * icu/unicode/utypes.h:
47         * icu/unicode/uvernum.h: Added.
48         * icu/unicode/uversion.h:
49
50 2012-09-11  Matt Lilek  <mrl@apple.com>
51
52         OS X port should compile with newer versions of clang
53         https://bugs.webkit.org/show_bug.cgi?id=96434
54
55         m_identIsVarDecl is unused - remove it.
56
57         Reviewed by Anders Carlsson.
58
59         * parser/NodeConstructors.h:
60         (JSC::ForInNode::ForInNode):
61         * parser/Nodes.h:
62         (ForInNode):
63
64 2012-09-11  Filip Pizlo  <fpizlo@apple.com>
65
66         LLInt should optimize and profile array length accesses
67         https://bugs.webkit.org/show_bug.cgi?id=96417
68
69         Reviewed by Oliver Hunt.
70
71         This fixes the following hole in our array profiling strategy, where the array
72         is large (more than 1000 elements):
73         
74         for (var i = 0; i < array.length; ++i) ...
75         
76         The peeled use of array.length (in the array prologue) will execute only once
77         before DFG optimization kicks in from the loop's OSR point. Since it executed
78         only once, it executed in the LLInt. And prior to this patch, the LLInt did
79         not profile array.length accesses - so the DFG will assume, based on the lack
80         of profiling, that the access is in fact not an access to the JSArray length
81         property. That could then impede our ability to hoist the array structure
82         check, and may make us pessimistic in other ways as well, since the generic
83         GetById used for the array length access will be viewed as a side-effecting
84         operation.
85
86         * bytecode/CodeBlock.cpp:
87         (JSC::CodeBlock::printGetByIdCacheStatus):
88         (JSC::CodeBlock::finalizeUnconditionally):
89         * bytecode/GetByIdStatus.cpp:
90         (JSC::GetByIdStatus::computeFromLLInt):
91         * dfg/DFGByteCodeParser.cpp:
92         (JSC::DFG::ByteCodeParser::parseBlock):
93         * dfg/DFGCapabilities.h:
94         (JSC::DFG::canCompileOpcode):
95         * dfg/DFGFixupPhase.cpp:
96         (JSC::DFG::FixupPhase::fixupNode):
97         * jit/JIT.cpp:
98         (JSC::JIT::privateCompileMainPass):
99         (JSC::JIT::privateCompileSlowCases):
100         * llint/LLIntSlowPaths.cpp:
101         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
102         * llint/LowLevelInterpreter.asm:
103         * llint/LowLevelInterpreter32_64.asm:
104         * llint/LowLevelInterpreter64.asm:
105
106 2012-09-11  Raphael Kubo da Costa  <rakuco@webkit.org>
107
108         [EFL] Rewrite the EFL-related Find modules
109         https://bugs.webkit.org/show_bug.cgi?id=95237
110
111         Reviewed by Kenneth Rohde Christiansen.
112
113         * CMakeLists.txt: Stop setting the LINK_FLAGS property.
114         * PlatformEfl.cmake: Ditto.
115         * shell/PlatformEfl.cmake: Ditto.
116
117 2012-09-11  Raphael Kubo da Costa  <rakuco@webkit.org>
118
119         [EFL] Unreviewed build fix after r128065.
120
121         * CMakeLists.txt: Link against WTF for FastMalloc symbols, which
122         are needed when building with SYSTEM_MALLOC off.
123
124 2012-09-10  Mark Hahnenberg  <mhahnenberg@apple.com>
125
126         Remove m_classInfo from JSCell
127         https://bugs.webkit.org/show_bug.cgi?id=96311
128
129         Reviewed by Oliver Hunt.
130
131         Now that no one is using the ClassInfo in JSCell, we can remove it for the greater good. This is a 1.5% win on v8v7 and 
132         a 1.7% win on kraken, and is an overall performance progression.
133
134         * dfg/DFGSpeculativeJIT.h:
135         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Had to rearrange the order of when we take things off the free list 
136         and when we store the Structure in the object because we would clobber the free list otherwise. This made it not okay for 
137         the structure argument and the scratch register to alias one another. Also removed the store of the ClassInfo pointer in the
138         object. Yay!
139         (SpeculativeJIT):
140         * dfg/DFGSpeculativeJIT32_64.cpp: Since it's no longer okay for for the scratch register and structure register to alias 
141         one another as stated above, had to add an extra temporary for passing the Structure.
142         (JSC::DFG::SpeculativeJIT::compile):
143         * dfg/DFGSpeculativeJIT64.cpp: Ditto.
144         (JSC::DFG::SpeculativeJIT::compile):
145         * jit/JITInlineMethods.h:
146         (JSC::JIT::emitAllocateBasicJSObject): Similar changes to DFG's inline allocation except that it removed the object from 
147         the free list first, so no changes were necessary there.
148         * llint/LowLevelInterpreter.asm: Change the constants for amount of inline storage to match PropertyOffset.h and remove 
149         the store of the ClassInfo pointer during inline allocation.
150         * llint/LowLevelInterpreter32_64.asm:
151         * llint/LowLevelInterpreter64.asm:
152         * runtime/JSCell.h: Remove the m_classInfo field and associated methods.
153         (JSCell):
154         * runtime/JSObject.h:
155         (JSObject):
156         * runtime/PropertyOffset.h: Expand the number of inline storage properties to take up the extra space that we're freeing 
157         with the removal of the ClassInfo pointer.
158         (JSC):
159         * runtime/Structure.h:
160         (JSC):
161         (JSC::JSCell::JSCell):
162         (JSC::JSCell::finishCreation):
163
164 2012-09-10  Geoffrey Garen  <ggaren@apple.com>
165
166         Added large allocation support to MarkedSpace
167         https://bugs.webkit.org/show_bug.cgi?id=96214
168
169         Originally reviewed by Oliver Hunt, then I added a design revision by
170         suggested by Phil Pizlo.
171
172         I expanded the imprecise size classes to cover up to 32KB, then added
173         an mmap-based allocator for everything bigger. There's a lot of tuning
174         we could do in these size classes, but currently they're almost
175         completely unused, so I haven't done any tuning.
176
177         Subtle point: the large allocator is a degenerate case of our free list
178         logic. Its list only ever contains zero or one items.
179
180         * heap/Heap.h:
181         (JSC::Heap::allocateStructure): Pipe in size information.
182
183         * heap/MarkedAllocator.cpp:
184         (JSC::MarkedAllocator::tryAllocateHelper): Handle the case where we
185         find a free item in the sweep list but the item isn't big enough. This
186         can happen in the large allocator because it mixes sizes.
187
188         (JSC::MarkedAllocator::tryAllocate):
189         (JSC::MarkedAllocator::allocateSlowCase): More piping.
190
191         (JSC::MarkedAllocator::allocateBlock): Handle the oversize case.
192
193         (JSC::MarkedAllocator::addBlock): I moved the call to didAddBlock here
194         because it made more sense.
195
196         * heap/MarkedAllocator.h:
197         (MarkedAllocator):
198         (JSC::MarkedAllocator::allocate):
199         * heap/MarkedSpace.cpp:
200         (JSC::MarkedSpace::MarkedSpace):
201         (JSC::MarkedSpace::resetAllocators):
202         (JSC::MarkedSpace::canonicalizeCellLivenessData):
203         (JSC::MarkedSpace::isPagedOut):
204         (JSC::MarkedSpace::freeBlock):
205         * heap/MarkedSpace.h:
206         (MarkedSpace):
207         (JSC::MarkedSpace::allocatorFor):
208         (JSC::MarkedSpace::destructorAllocatorFor):
209         (JSC::MarkedSpace::allocateWithoutDestructor):
210         (JSC::MarkedSpace::allocateWithDestructor):
211         (JSC::MarkedSpace::allocateStructure):
212         (JSC::MarkedSpace::forEachBlock):
213         * runtime/Structure.h:
214         (JSC::Structure): More piping.
215
216 2012-09-10  Geoffrey Garen  <ggaren@apple.com>
217
218         Try to fix the Windows (32-bit) build.
219
220         * jit/JITOpcodes.cpp:
221         (JSC::JIT::emit_op_tear_off_arguments):
222         * jit/JITOpcodes32_64.cpp:
223         (JSC::JIT::emit_op_tear_off_arguments): Get operands 1 and 2, not 1 and 1. :(
224
225         Also took this opportunity to rename to indicate that these values are
226         not destinations anymore.
227
228 2012-09-10  Geoffrey Garen  <ggaren@apple.com>
229
230         DFG misses arguments tear-off for function.arguments if 'arguments' is used
231         https://bugs.webkit.org/show_bug.cgi?id=96227
232
233         Reviewed by Gavin Barraclough.
234
235         We've decided not to allow function.arguments to alias the local
236         'arguments' object, or a local var or function named 'arguments'.
237         Aliasing complicates the implementation (cf, this bug) and can produce
238         surprising behavior for web programmers.
239
240         Eliminating the aliasing has the side-effect of fixing this bug.
241
242         The compatibilty story: function.arguments is deprecated, was never
243         specified, and throws an exception in strict mode, so we expect it to
244         disappear over time. Firefox does not alias to 'arguments'; Chrome
245         does, but not if you use eval or with; IE does; Safari did.
246
247         * dfg/DFGByteCodeParser.cpp: Noticed a little cleanup while verifying
248         this code. Use the CodeBlock method for better encapsulation.
249
250         * interpreter/Interpreter.cpp:
251         (JSC::Interpreter::retrieveArgumentsFromVMCode): Behavior change: don't
252         alias.
253
254         * tests/mozilla/js1_4/Functions/function-001.js:
255         (TestFunction_4): Updated test expectations for changed behavior.
256
257 2012-09-10  Filip Pizlo  <fpizlo@apple.com>
258
259         offlineasm has some impossible to implement, and unused, instructions
260         https://bugs.webkit.org/show_bug.cgi?id=96310
261
262         Reviewed by Mark Hahnenberg.
263
264         * offlineasm/armv7.rb:
265         * offlineasm/instructions.rb:
266         * offlineasm/x86.rb:
267
268 2012-09-09  Geoffrey Garen  <ggaren@apple.com>
269
270         Refactored op_tear_off* to support activations that don't allocate space for 'arguments'
271         https://bugs.webkit.org/show_bug.cgi?id=96231
272
273         Reviewed by Gavin Barraclough.
274
275         This is a step toward smaller activations.
276
277         As a side-effect, this patch eliminates a load and branch from the hot path
278         of activation tear-off by moving it to the cold path of arguments tear-off. Our
279         optimizing assumptions are that activations are common and that reifying the
280         arguments object is less common.
281
282         * bytecode/CodeBlock.cpp:
283         (JSC::CodeBlock::dump):
284         * bytecode/Opcode.h:
285         (JSC::padOpcodeName): Updated for new opcode lengths.
286
287         * bytecompiler/BytecodeGenerator.cpp:
288         (JSC::BytecodeGenerator::BytecodeGenerator):
289         (JSC::BytecodeGenerator::addConstantValue): Added support for JSValue()
290         in the bytecode, which we use when we have 'arguments' but no activation.
291
292         (JSC::BytecodeGenerator::emitReturn): Always emit tear_off_arguments
293         if we've allocated the arguments registers. This allows tear_off_activation
294         not to worry about the arguments object anymore.
295
296         Also, pass the activation and arguments values directly to these opcodes
297         instead of requiring the opcodes to infer the values through special
298         registers. This gives us more flexibility to move or eliminate registers.
299
300         * dfg/DFGArgumentsSimplificationPhase.cpp:
301         (JSC::DFG::ArgumentsSimplificationPhase::run):
302         * dfg/DFGByteCodeParser.cpp:
303         (JSC::DFG::ByteCodeParser::parseBlock):
304         * dfg/DFGNode.h:
305         (Node): Updated for new opcode lengths.
306
307         * dfg/DFGOperations.cpp: Activation tear-off doesn't worry about the
308         arguments object anymore. If 'arguments' is in use and reified, it's
309         responsible for aliasing back to the activation object in tear_off_arguments.
310
311         * dfg/DFGOperations.h:
312         * dfg/DFGSpeculativeJIT.h:
313         (JSC::DFG::SpeculativeJIT::callOperation):
314         (SpeculativeJIT):
315         * dfg/DFGSpeculativeJIT32_64.cpp:
316         (JSC::DFG::SpeculativeJIT::compile):
317         * dfg/DFGSpeculativeJIT64.cpp:
318         (JSC::DFG::SpeculativeJIT::compile): Don't pass the arguments object to
319         activation tear-off; do pass the activation object to arguments tear-off.
320
321         * interpreter/Interpreter.cpp:
322         (JSC::Interpreter::privateExecute): Ditto.
323
324         * jit/JITOpcodes.cpp:
325         (JSC::JIT::emit_op_tear_off_activation):
326         (JSC::JIT::emit_op_tear_off_arguments):
327         * jit/JITOpcodes32_64.cpp:
328         (JSC::JIT::emit_op_tear_off_activation):
329         (JSC::JIT::emit_op_tear_off_arguments):
330         * jit/JITStubs.cpp:
331         (JSC::DEFINE_STUB_FUNCTION):
332         * llint/LLIntSlowPaths.cpp:
333         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
334         * llint/LowLevelInterpreter32_64.asm:
335         * llint/LowLevelInterpreter64.asm: Same change in a few more execution engines.
336
337 2012-09-10  Patrick Gansterer  <paroga@webkit.org>
338
339         [JSC] Use StringBuilder::appendNumber() instead of String::number()
340         https://bugs.webkit.org/show_bug.cgi?id=96236
341
342         Reviewed by Benjamin Poulain.
343
344         * API/JSContextRef.cpp:
345         (JSContextCreateBacktrace):
346
347 2012-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
348
349         Combine MarkStack and SlotVisitor into single class
350         https://bugs.webkit.org/show_bug.cgi?id=96043
351
352         Reviewed by Geoff Garen.
353
354         Move all of MarkStack into SlotVisitor. The remaining stuff in MarkStack.cpp actually has to do 
355         with MarkStack management/allocation. Cleaned up a few of the header files while I was at it.
356
357         * CMakeLists.txt:
358         * GNUmakefile.list.am:
359         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
360         * JavaScriptCore.xcodeproj/project.pbxproj:
361         * Target.pri:
362         * bytecode/CodeBlock.cpp:
363         * dfg/DFGCommon.h:
364         * heap/GCThreadSharedData.cpp:
365         * heap/GCThreadSharedData.h:
366         (GCThreadSharedData):
367         * heap/HeapRootVisitor.h:
368         * heap/MarkStack.cpp:
369         (JSC):
370         * heap/MarkStack.h:
371         (JSC):
372         (MarkStackSegment):
373         (JSC::MarkStackSegment::data):
374         (JSC::MarkStackSegment::capacityFromSize):
375         (JSC::MarkStackSegment::sizeFromCapacity):
376         (MarkStackSegmentAllocator):
377         (MarkStackArray):
378         * heap/MarkStackInlineMethods.h:
379         (JSC::MarkStackArray::postIncTop):
380         (JSC):
381         (JSC::MarkStackArray::preDecTop):
382         (JSC::MarkStackArray::setTopForFullSegment):
383         (JSC::MarkStackArray::setTopForEmptySegment):
384         (JSC::MarkStackArray::top):
385         (JSC::MarkStackArray::validatePrevious):
386         (JSC::MarkStackArray::append):
387         (JSC::MarkStackArray::canRemoveLast):
388         (JSC::MarkStackArray::removeLast):
389         (JSC::MarkStackArray::isEmpty):
390         (JSC::MarkStackArray::size):
391         * heap/SlotVisitor.cpp: Added.
392         (JSC):
393         (JSC::SlotVisitor::SlotVisitor):
394         (JSC::SlotVisitor::~SlotVisitor):
395         (JSC::SlotVisitor::setup):
396         (JSC::SlotVisitor::reset):
397         (JSC::SlotVisitor::append):
398         (JSC::visitChildren):
399         (JSC::SlotVisitor::donateKnownParallel):
400         (JSC::SlotVisitor::drain):
401         (JSC::SlotVisitor::drainFromShared):
402         (JSC::SlotVisitor::mergeOpaqueRoots):
403         (JSC::SlotVisitor::startCopying):
404         (JSC::SlotVisitor::allocateNewSpaceSlow):
405         (JSC::SlotVisitor::allocateNewSpaceOrPin):
406         (JSC::JSString::tryHashConstLock):
407         (JSC::JSString::releaseHashConstLock):
408         (JSC::JSString::shouldTryHashConst):
409         (JSC::SlotVisitor::internalAppend):
410         (JSC::SlotVisitor::copyAndAppend):
411         (JSC::SlotVisitor::doneCopying):
412         (JSC::SlotVisitor::harvestWeakReferences):
413         (JSC::SlotVisitor::finalizeUnconditionalFinalizers):
414         (JSC::SlotVisitor::validate):
415         * heap/SlotVisitor.h:
416         (JSC):
417         (SlotVisitor):
418         (JSC::SlotVisitor::sharedData):
419         (JSC::SlotVisitor::isEmpty):
420         (JSC::SlotVisitor::visitCount):
421         (JSC::SlotVisitor::resetChildCount):
422         (JSC::SlotVisitor::childCount):
423         (JSC::SlotVisitor::incrementChildCount):
424         (ParallelModeEnabler):
425         (JSC::ParallelModeEnabler::ParallelModeEnabler):
426         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
427         * heap/SlotVisitorInlineMethods.h:
428         (JSC::SlotVisitor::append):
429         (JSC):
430         (JSC::SlotVisitor::appendUnbarrieredPointer):
431         (JSC::SlotVisitor::appendUnbarrieredValue):
432         (JSC::SlotVisitor::internalAppend):
433         (JSC::SlotVisitor::addWeakReferenceHarvester):
434         (JSC::SlotVisitor::addUnconditionalFinalizer):
435         (JSC::SlotVisitor::addOpaqueRoot):
436         (JSC::SlotVisitor::containsOpaqueRoot):
437         (JSC::SlotVisitor::opaqueRootCount):
438         (JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):
439         (JSC::SlotVisitor::mergeOpaqueRootsIfProfitable):
440         (JSC::SlotVisitor::donate):
441         (JSC::SlotVisitor::donateAndDrain):
442         * jit/JITWriteBarrier.h:
443         (JSC::SlotVisitor::append):
444         * jit/JumpReplacementWatchpoint.cpp:
445         * runtime/JSCell.h:
446         * runtime/Structure.h:
447         (JSC::SlotVisitor::internalAppend):
448         * runtime/WriteBarrier.h:
449         (JSC):
450         (JSC::SlotVisitor::append):
451         (JSC::SlotVisitor::appendValues):
452         * yarr/YarrJIT.cpp:
453
454 2012-09-10  Hojong Han  <hojong.han@samsung.com>
455
456         [EFL] JIT memory usage is not retrieved
457         https://bugs.webkit.org/show_bug.cgi?id=96095
458
459         Reviewed by Geoffrey Garen.
460
461         Fill JITBytes for EFL port.
462
463         * runtime/MemoryStatistics.cpp:
464         (JSC::globalMemoryStatistics):
465
466 2012-09-10  Thiago Marcos P. Santos  <thiago.santos@intel.com>
467
468         [CMake][EFL] Enable the LLInt
469         https://bugs.webkit.org/show_bug.cgi?id=92682
470
471         Reviewed by Csaba Osztrogonác.
472
473         Generate the headers needed by LLint when LLint is enabled.
474
475         * CMakeLists.txt:
476
477 2012-09-10  Carlos Garcia Campos  <cgarcia@igalia.com>
478
479         Unreviewed. Fix make distcheck.
480
481         * GNUmakefile.list.am: Add missing files.
482
483 2012-09-09  Mark Lam  <mark.lam@apple.com>
484
485         Fixed a few llint C++ interpreter bugs.
486         https://bugs.webkit.org/show_bug.cgi?id=96127.
487
488         Reviewed by Geoffrey Garen.
489
490         * llint/LLIntCLoop.h:
491             CLoop::execute()'s bootstrapOpcodeId does not need a default
492             value. There is no case when this function is called without
493             that parameter being specified.
494         * llint/LowLevelInterpreter.asm:
495             Moved the dispatchAfterCall() call to where it is needed.
496             For the C_LOOP back-end, it generates unreachable code. 
497         * llint/LowLevelInterpreter.cpp:
498             #include <wtf/Assertions.h> because LLIntAssembly.h needs it.
499         (JSC):
500             Fixed bug in SIGN_BIT32() macro.
501             Placate a MSVC warning for t0, and t1 being uninitialized.
502         (JSC::CLoop::execute):
503             The bootstrapOpcodeId arg should always be specified.
504             MSVC doesn't like UNUSED_PARAM() for labels. Switch to using
505                 the new UNUSED_LABEL() macro.
506         * offlineasm/cloop.rb:
507         * offlineasm/generate_offset_extractor.rb:
508             Resolved a compiler warning found via MSVC.
509
510 2012-09-09  Patrick Gansterer  <paroga@webkit.org>
511
512         Add StringBuilder::appendNumber() and use it
513         https://bugs.webkit.org/show_bug.cgi?id=96030
514
515         Reviewed by Eric Seidel.
516
517         Also fix a bunch of append() vs. appendLiteral() issues in the surrounding code.
518
519         * API/JSContextRef.cpp:
520         (JSContextCreateBacktrace):
521         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
522         * interpreter/Interpreter.h:
523         (JSC::StackFrame::toString):
524
525 2012-09-09  Patrick Gansterer  <paroga@webkit.org>
526
527         Make the String initialization on the function side of String::number()
528         https://bugs.webkit.org/show_bug.cgi?id=95940
529
530         Reviewed by Benjamin Poulain.
531
532         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
533
534 2012-09-09  Geoffrey Garen  <ggaren@apple.com>
535
536         Rolled out <http://trac.webkit.org/changeset/127939> because it broke
537         fast/js/named-function-expression.html.
538
539             Refactored bytecode generator initialization to support moving captured vars around
540             https://bugs.webkit.org/show_bug.cgi?id=96159
541
542             Reviewed by Gavin Barraclough.
543
544 2012-09-08  Csaba Osztrogonác  <ossy@webkit.org>
545
546         LLInt buildfix for case sensitive filesystems
547         https://bugs.webkit.org/show_bug.cgi?id=96099
548
549         Reviewed by Michael Saboff.
550
551         * llint/LowLevelInterpreter.cpp: Fix filenames.
552
553 2012-09-07  Benjamin Poulain  <bpoulain@apple.com>
554
555         Rename the ustring() accessor to string()
556         https://bugs.webkit.org/show_bug.cgi?id=95919
557
558         Reviewed by Geoffrey Garen.
559
560         Rename ustring() to string() to make the accessor name more logical after
561         r127191.
562
563         * API/JSBase.cpp:
564         (JSEvaluateScript):
565         (JSCheckScriptSyntax):
566         * API/JSObjectRef.cpp:
567         (JSObjectMakeFunctionWithCallback):
568         (JSObjectMakeFunction):
569         (JSObjectCopyPropertyNames):
570         * API/JSProfilerPrivate.cpp:
571         (JSStartProfiling):
572         (JSEndProfiling):
573         * API/JSValueRef.cpp:
574         (JSValueMakeString):
575         (JSValueMakeFromJSONString):
576         * API/OpaqueJSString.cpp:
577         (OpaqueJSString::string):
578         * API/OpaqueJSString.h:
579         (OpaqueJSString):
580         * bytecode/CodeBlock.cpp:
581         (JSC::idName):
582         (JSC::CodeBlock::dump):
583         * bytecompiler/BytecodeGenerator.cpp:
584         (JSC::BytecodeGenerator::emitLoad):
585         (JSC::BytecodeGenerator::addStringConstant):
586         * bytecompiler/NodesCodegen.cpp:
587         (JSC::RegExpNode::emitBytecode):
588         (JSC::processClauseList):
589         * dfg/DFGGraph.cpp:
590         (JSC::DFG::Graph::dump):
591         * interpreter/Interpreter.cpp:
592         (JSC::Interpreter::privateExecute):
593         * jit/JITStubs.cpp:
594         (JSC::DEFINE_STUB_FUNCTION):
595         * jsc.cpp:
596         (GlobalObject::addFunction):
597         (GlobalObject::addConstructableFunction):
598         * llint/LLIntSlowPaths.cpp:
599         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
600         * parser/ASTBuilder.h:
601         (JSC::ASTBuilder::createRegExp):
602         * parser/Parser.cpp:
603         (JSC::::parsePrimaryExpression):
604         * parser/Parser.h:
605         (JSC::Scope::declareVariable):
606         (JSC::Scope::declareParameter):
607         (JSC::Scope::useVariable):
608         * parser/SyntaxChecker.h:
609         (JSC::SyntaxChecker::createRegExp):
610         * runtime/ExceptionHelpers.cpp:
611         (JSC::createUndefinedVariableError):
612         * runtime/Executable.cpp:
613         (JSC::FunctionExecutable::paramString):
614         * runtime/Executable.h:
615         (JSC::FunctionExecutable::finishCreation):
616         * runtime/FunctionPrototype.cpp:
617         (JSC::FunctionPrototype::addFunctionProperties):
618         * runtime/Identifier.h:
619         (JSC::Identifier::string):
620         * runtime/JSFunction.cpp:
621         (JSC::JSFunction::calculatedDisplayName):
622         * runtime/JSGlobalObject.cpp:
623         (JSC::JSGlobalObject::reset):
624         * runtime/JSONObject.cpp:
625         (JSC::PropertyNameForFunctionCall::value):
626         (JSC::Stringifier::Holder::appendNextProperty):
627         (JSC::Walker::walk):
628         * runtime/JSPropertyNameIterator.h:
629         (JSC::JSPropertyNameIterator::finishCreation):
630         * runtime/JSScope.cpp:
631         (JSC::JSScope::resolveBase):
632         * runtime/JSString.h:
633         (JSC::inlineJSValueNotStringtoString):
634         * runtime/LiteralParser.cpp:
635         (JSC::::parse):
636         * runtime/ObjectConstructor.cpp:
637         (JSC::ObjectConstructor::finishCreation):
638         (JSC::objectConstructorGetOwnPropertyNames):
639         (JSC::objectConstructorKeys):
640         * runtime/RegExpConstructor.cpp:
641         (JSC::RegExpConstructor::finishCreation):
642
643 2012-09-07  Gavin Barraclough  <barraclough@apple.com>
644
645         CALLFRAME_OFFSET and EXCEPTION_OFFSET are same in ctiTrampoline on ARM Thumb2
646         https://bugs.webkit.org/show_bug.cgi?id=82013
647
648         Reviewed by Geoff Garen.
649
650         Neither of these values need to be stored. At all.
651
652         * jit/JITStubs.cpp:
653         (JSC):
654         (JSC::ctiTrampoline):
655         (JSC::JITThunks::JITThunks):
656             - Nothing to see here. Move along.
657
658 2012-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
659
660         Unreviewed, rolling out r127938.
661         http://trac.webkit.org/changeset/127938
662         https://bugs.webkit.org/show_bug.cgi?id=96166
663
664         It broke the build (Requested by smfr on #webkit).
665
666         * llint/LowLevelInterpreter.cpp:
667         (JSC):
668         (JSC::CLoop::execute):
669         * offlineasm/cloop.rb:
670
671 2012-09-07  Geoffrey Garen  <ggaren@apple.com>
672
673         Refactored bytecode generator initialization to support moving captured vars around
674         https://bugs.webkit.org/show_bug.cgi?id=96159
675
676         Reviewed by Gavin Barraclough.
677
678         This patch separates the stages of allocating registers, declaring identifiers
679         in the symbol table, and initializing registers, so you can change
680         allocation decisions without breaking the world.
681
682         * bytecompiler/BytecodeGenerator.cpp:
683         (JSC::BytecodeGenerator::BytecodeGenerator): Call a set of helper functions
684         instead of inlining all the code, to help clarity.
685
686         (JSC::BytecodeGenerator::allocateCapturedVars):
687         (JSC::BytecodeGenerator::allocateUncapturedVars):
688         (JSC::BytecodeGenerator::allocateActivationVar):
689         (JSC::BytecodeGenerator::allocateArgumentsVars):
690         (JSC::BytecodeGenerator::allocateCalleeVarUndeclared):
691         (JSC::BytecodeGenerator::declareParameters):
692         (JSC::BytecodeGenerator::declareCallee):
693         (JSC::BytecodeGenerator::initCalleeVar):
694         (JSC::BytecodeGenerator::initArgumentsVars):
695         (JSC::BytecodeGenerator::initActivationVar):
696         (JSC::BytecodeGenerator::initThisParameter):
697         (JSC::BytecodeGenerator::initFunctionDeclarations):
698         (JSC::BytecodeGenerator::declareParameter):
699         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
700         (JSC::BytecodeGenerator::createActivationIfNecessary): Factored these
701         helper functions out from pre-existing code.
702
703         * bytecompiler/BytecodeGenerator.h:
704         (BytecodeGenerator):
705         * parser/ASTBuilder.h:
706         (JSC::ASTBuilder::createFuncDeclStatement):
707         (JSC::ASTBuilder::addVar):
708         * parser/Nodes.h:
709         (JSC::DeclarationStacks::VarDeclaration::VarDeclaration):
710         (VarDeclaration):
711         (JSC::DeclarationStacks::FunctionDeclaration::FunctionDeclaration):
712         (FunctionDeclaration): Declaration stacks get a little more data now,
713         to support allocating registers before putting things in the symbol
714         table. I'm convinced that we should eventually just expand the symbol
715         table to understand these things.
716
717 2012-09-07  Mark Lam  <mark.lam@apple.com>
718
719         Fix a llint C++ interpreter bugs.
720         https://bugs.webkit.org/show_bug.cgi?id=96127.
721
722         Reviewed by Filip Pizlo.
723
724         * llint/LowLevelInterpreter.cpp:
725         (JSC):
726         (JSC::CLoop::execute):
727         * offlineasm/cloop.rb:
728
729 2012-09-07  Gavin Barraclough  <barraclough@apple.com>
730
731         Object.prototype.__define{G,S}etter__ with non-callable second parameter should throw TypeError instead of SyntaxError
732         https://bugs.webkit.org/show_bug.cgi?id=93873
733
734         Reviewed by Sam Weinig.
735
736         * runtime/ObjectPrototype.cpp:
737         (JSC::objectProtoFuncDefineGetter):
738             - throw TypeError instead of SyntaxError
739         (JSC::objectProtoFuncDefineSetter):
740             - throw TypeError instead of SyntaxError
741
742 2012-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
743
744         JSC should have a zombie mode
745         https://bugs.webkit.org/show_bug.cgi?id=96047
746
747         Reviewed by Geoffrey Garen.
748
749         To aid clients of JSC while they are debugging memory issues, we should add a zombie 
750         mode that scribbles into objects in the MarkedSpace after they are found to be dead 
751         to prevent a sort of "use after free" situation. As a first cut we should support a 
752         mode that just scribbles on objects prior to their being reused (i.e. while they are 
753         "zombies") and a mode in which, in addition to scribbling on zombies, once an object 
754         has been marked its mark bit will never be cleared, thus giving us "immortal" zombies.
755
756         These two modes will be enabled through the use of environment variables. For now these 
757         will be "JSZombieEnabled" and "JSImmortalZombieEnabled". Setting them to any value will 
758         result in the use of the appropriate mode.
759
760         * heap/Heap.cpp:
761         (JSC::Heap::collect): Zombifies dead objects at the end of collection if zombie mode is enabled.
762         (ZombifyCellFunctor):
763         (JSC::ZombifyCellFunctor::ZombifyCellFunctor): Sets marked bits for dead objects if in immortal mode and writes 0xbbadbeef into them.
764         (JSC::ZombifyCellFunctor::operator()):
765         (JSC):
766         (ZombifyBlockFunctor):
767         (JSC::ZombifyBlockFunctor::operator()):
768         (JSC::Heap::zombifyDeadObjects): Eagerly sweeps so that we don't write garbage into an object before it 
769         is finalized/destroyed.
770         * heap/Heap.h:
771         (Heap):
772         * heap/MarkedBlock.h:
773         (MarkedBlock):
774         (JSC::MarkedBlock::forEachDeadCell): Used to iterate over dead cells at the end of collection if zombie mode is enabled.
775         (JSC):
776         * runtime/Options.cpp:
777         (JSC::Options::initialize):
778         * runtime/Options.h:
779         (JSC):
780
781 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
782
783         Rolled back in <http://trac.webkit.org/changeset/127698> with a fix for
784         fast/dom/HTMLScriptElement/script-reexecution-pretty-diff.html, which
785         is to make sure that function declarations don't put their names in scope.
786
787         Reviewed by Gavin Barraclough.
788
789             Named functions should not allocate scope objects for their names
790             https://bugs.webkit.org/show_bug.cgi?id=95659
791
792             Reviewed by Oliver Hunt.
793
794 2012-09-06  Michael Saboff  <msaboff@apple.com>
795
796         16 bit JSRopeString up converts an 8 bit fibers to 16 bits during resolution
797         https://bugs.webkit.org/show_bug.cgi?id=95810
798
799         Reviewed by Benjamin Poulain.
800
801         Added 8 bit path that copies the contents of an 8 bit fiber to the 16 bit buffer
802         when resolving a 16 bit rope.
803
804         * runtime/JSString.cpp:
805         (JSC::JSRopeString::resolveRopeSlowCase):
806
807 2012-09-06  Gavin Barraclough  <barraclough@apple.com>
808
809         JS test suite puts incorrect limitations on Function.toString()
810         https://bugs.webkit.org/show_bug.cgi?id=3975
811
812         Reviewed by Geoff Garen.
813
814         The result of function toString is implementation defined;
815         these test cases were looking for specific whitespace formatting
816         that matches mozilla's, and for redundant braces to be inserted
817         around if/else blocks. Stop that.
818
819         * tests/mozilla/expected.html:
820         * tests/mozilla/js1_2/function/tostring-1.js:
821         (simplify):
822             - reduce whitespace differences
823         * tests/mozilla/js1_2/function/tostring-2.js:
824         (simplify):
825             - reduce whitespace differences
826         (TestOr):
827         (TestAnd):
828             - added braces to match expected output
829
830 2012-09-06  Yuqiang Xian  <yuqiang.xian@intel.com>
831
832         Performance regressions on 32-bit platforms with revisions 125637 and 126387
833         https://bugs.webkit.org/show_bug.cgi?id=95953
834
835         Reviewed by Filip Pizlo.
836
837         * jit/JITPropertyAccess32_64.cpp:
838         (JSC::JIT::emit_op_get_by_val): Fix the typo.
839
840 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
841
842         Rolled out <http://trac.webkit.org/changeset/127698> because it broke
843         fast/dom/HTMLScriptElement/script-reexecution-pretty-diff.html
844
845             Named functions should not allocate scope objects for their names
846             https://bugs.webkit.org/show_bug.cgi?id=95659
847
848             Reviewed by Oliver Hunt.
849
850 2012-09-06  Mark Lam  <mark.lam@apple.com>
851
852         Renamed useYarrJIT() option to useRegExpJIT(). Also fixed regression in
853         which inadvertantly allows the ASM llint to use the baseline JIT when
854         useRegExpJIT() is true.
855         https://bugs.webkit.org/show_bug.cgi?id=95918.
856
857         Reviewed by Geoffrey Garen.
858
859         * runtime/JSGlobalData.cpp:
860         (JSC::enableAssembler):
861         (JSC::JSGlobalData::JSGlobalData):
862         * runtime/JSGlobalData.h:
863         (JSC::JSGlobalData::canUseJIT):
864         (JSC::JSGlobalData::canUseRegExpJIT):
865         (JSGlobalData):
866         * runtime/Options.cpp:
867         (JSC::Options::initialize):
868         * runtime/Options.h:
869         (JSC):
870
871 2012-09-06  Patrick Gansterer  <paroga@webkit.org>
872
873         Build fix for Interpreter after r127698.
874
875         * interpreter/Interpreter.cpp:
876         (JSC::Interpreter::privateExecute):
877
878 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
879
880         Named functions should not allocate scope objects for their names
881         https://bugs.webkit.org/show_bug.cgi?id=95659
882
883         Reviewed by Oliver Hunt.
884
885         In most cases, we can merge a function expression's name into its symbol
886         table. This reduces memory footprint per closure from three objects
887         (function + activation + name scope) to two (function + activation),
888         speeds up closure allocation, and speeds up recursive calls.
889
890         In the case of a named function expression that contains a non-strict
891         eval, the rules are so bat-poop crazy that I don't know how to model
892         them without an extra object. Since functions now default to not having
893         such an object, this case needs to allocate the object on function
894         entry.
895
896         Therefore, this patch makes the slow case a bit slower so the fast case
897         can be faster and more memory-efficient. (Note that the slow case already
898         allocates an activation on entry, and until recently also allocated a
899         scope chain node on entry, so adding one allocation on entry shouldn't
900         break the bank.)
901
902         * bytecode/CodeBlock.cpp:
903         (JSC::CodeBlock::CodeBlock): Caught a missed initializer. No behavior change.
904
905         * bytecompiler/BytecodeGenerator.cpp:
906         (JSC::BytecodeGenerator::BytecodeGenerator): Put the callee in static scope
907         during compilation so it doesn't need to be in dynamic scope at runtime.
908
909         (JSC::BytecodeGenerator::resolveCallee):
910         (JSC::BytecodeGenerator::addCallee): Helper functions for either statically
911         resolving the callee or adding a dynamic scope that will resolve to it,
912         depending on whether you're in the fast path.
913
914         We move the callee into a var location if it's captured because activations
915         prefer to have contiguous ranges of captured variables.
916
917         * bytecompiler/BytecodeGenerator.h:
918         (JSC::BytecodeGenerator::registerFor):
919         (BytecodeGenerator):
920
921         * dfg/DFGOperations.cpp:
922         * interpreter/Interpreter.cpp:
923         (JSC::Interpreter::privateExecute):
924         * jit/JITStubs.cpp:
925         (JSC::DEFINE_STUB_FUNCTION):
926         * llint/LLIntSlowPaths.cpp:
927         (JSC::LLInt::LLINT_SLOW_PATH_DECL): This is the point of the patch: remove
928         one allocation in the case of a named function expression.
929
930         * parser/Parser.cpp:
931         (JSC::::Parser):
932         * parser/Parser.h:
933         (JSC::Scope::declareCallee):
934         (Scope):
935         (Parser):
936         (JSC::parse):
937         * runtime/Executable.cpp:
938         (JSC::EvalExecutable::compileInternal):
939         (JSC::ProgramExecutable::checkSyntax):
940         (JSC::ProgramExecutable::compileInternal):
941         (JSC::FunctionExecutable::produceCodeBlockFor):
942         (JSC::FunctionExecutable::fromGlobalCode): Pipe the callee's name through
943         the parser so we get accurate information on whether the callee was captured.
944
945         (JSC::FunctionExecutable::FunctionExecutable):
946         (JSC::EvalExecutable::compileInternal):
947         (JSC::ProgramExecutable::checkSyntax):
948         (JSC::ProgramExecutable::compileInternal):
949         (JSC::FunctionExecutable::produceCodeBlockFor):
950         (JSC::FunctionExecutable::fromGlobalCode):
951         * runtime/Executable.h:
952         (JSC::FunctionExecutable::create):
953         (FunctionExecutable):
954         (JSC::FunctionExecutable::finishCreation): I had to refactor function
955         creation to support the following function constructor quirk: the function
956         gets a name, but its name is not in lexical scope.
957
958         To simplify this, FunctionExecutable now automatically extracts all the
959         data it needs from the parsed node. The special "fromGlobalCode" path
960         used by the function constructor creates an anonymous function, and then
961         quirkily sets the value used by the .name property to be non-null, even
962         though the parsed name is null.
963
964         * runtime/JSNameScope.h:
965         (JSC::JSNameScope::create):
966         (JSC::JSNameScope::JSNameScope): Added support for explicitly specifying
967         your container scope. The compiler uses this for named function expressions.
968
969 2012-09-05  Gavin Barraclough  <barraclough@apple.com>
970
971         a = data[a]++; sets the wrong key in data
972         https://bugs.webkit.org/show_bug.cgi?id=91270
973
974         Reviewed by Oliver Hunt.
975
976         Postfix inc/dec is unsafely using finalDestination, can trample base/subscript prior to the result being put.
977
978         * bytecompiler/NodesCodegen.cpp:
979         (JSC::PostfixNode::emitResolve):
980             - Remove redundant parens.
981         (JSC::PostfixNode::emitBracket):
982         (JSC::PostfixNode::emitDot):
983             - Refactored to use tempDestination instead of finalDestination.
984         (JSC::PrefixNode::emitBracket):
985         (JSC::PrefixNode::emitDot):
986             - Should be using emitPreIncOrDec.
987
988 2012-09-05  Gavin Barraclough  <barraclough@apple.com>
989
990         Bug, assignment within subscript of prefix/postfix increment of bracket access
991         https://bugs.webkit.org/show_bug.cgi?id=95913
992
993         Reviewed by Oliver Hunt.
994
995         javascript:alert((function(){ var a = { x:1 }; var b = { x:1 }; a[a=b,"x"]++; return a.x; })())
996
997         * bytecompiler/NodesCodegen.cpp:
998         (JSC::PostfixNode::emitBracket):
999         (JSC::PrefixNode::emitBracket):
1000             - Should check for assigments in the subscript when loading the base.
1001         * parser/Nodes.h:
1002         (JSC::BracketAccessorNode::subscriptHasAssignments):
1003         (BracketAccessorNode):
1004             - Used by emitBracket methods.
1005
1006 2012-09-05  Gavin Barraclough  <barraclough@apple.com>
1007
1008         Merge prefix/postfix nodes
1009         https://bugs.webkit.org/show_bug.cgi?id=95898
1010
1011         Reviewed by Geoff Garen.
1012
1013         Simplify the AST.
1014         This will also mean we have access to m_subscriptHasAssignments when generating a prefix/postfix op applied to a bracket access.
1015
1016         * bytecompiler/NodesCodegen.cpp:
1017         (JSC::PostfixNode::emitResolve):
1018             - was PostfixResolveNode::emitBytecode
1019         (JSC::PostfixNode::emitBracket):
1020             - was PostfixBracketNode::emitBytecode
1021         (JSC::PostfixNode::emitDot):
1022             - was PostfixDotNode::emitBytecode
1023         (JSC::PostfixNode::emitBytecode):
1024             - was PostfixErrorNode::emitBytecode, call resolve/bracket/dot version as appropriate.
1025         (JSC::PrefixNode::emitResolve):
1026             - was PrefixResolveNode::emitBytecode
1027         (JSC::PrefixNode::emitBracket):
1028             - was PrefixBracketNode::emitBytecode
1029         (JSC::PrefixNode::emitDot):
1030             - was PrefixDotNode::emitBytecode
1031         (JSC::PrefixNode::emitBytecode):
1032             - was PrefixErrorNode::emitBytecode, call resolve/bracket/dot version as appropriate.
1033         * parser/ASTBuilder.h:
1034         (JSC::ASTBuilder::makePrefixNode):
1035             - Just makes a PrefixNode!
1036         (JSC::ASTBuilder::makePostfixNode):
1037             - Just makes a PostfixNode!
1038         * parser/NodeConstructors.h:
1039         (JSC::PostfixNode::PostfixNode):
1040             - Added, merge of PostfixResolveNode/PostfixBracketNode/PostfixDotNode/PostfixErrorNode.
1041         (JSC::PrefixNode::PrefixNode):
1042             - Added, merge of PrefixResolveNode/PrefixBracketNode/PrefixDotNode/PrefixErrorNode.
1043         * parser/Nodes.h:
1044         (PostfixNode):
1045             - Added, merge of PostfixResolveNode/PostfixBracketNode/PostfixDotNode/PostfixErrorNode.
1046         (PrefixNode):
1047             - Added, merge of PrefixResolveNode/PrefixBracketNode/PrefixDotNode/PrefixErrorNode.
1048
1049 2012-09-05  Mark Hahnenberg  <mhahnenberg@apple.com>
1050
1051         Remove use of JSCell::classInfoOffset() from tryCacheGetByID
1052         https://bugs.webkit.org/show_bug.cgi?id=95860
1053
1054         Reviewed by Oliver Hunt.
1055
1056         We should just do the indirection through the Structure instead.
1057
1058         * dfg/DFGRepatch.cpp:
1059         (JSC::DFG::tryCacheGetByID):
1060
1061 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
1062
1063         Throw exceptions when assigning to const in strict mode
1064         https://bugs.webkit.org/show_bug.cgi?id=95894
1065
1066         Reviewed by Oliver Hunt.
1067
1068         Currently, this never happens; but it will start happening once the
1069         callee is a local const register. In this patch, there's no change in
1070         behavior.
1071
1072         * bytecompiler/BytecodeGenerator.cpp:
1073         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded): Helper function
1074         for doing the throwing.
1075         * bytecompiler/BytecodeGenerator.h:
1076
1077         * bytecompiler/NodesCodegen.cpp:
1078         (JSC::PostfixResolveNode::emitBytecode):
1079         (JSC::PrefixResolveNode::emitBytecode):
1080         (JSC::ReadModifyResolveNode::emitBytecode):
1081         (JSC::AssignResolveNode::emitBytecode): Call the helper function.
1082
1083 2012-09-05  Geoffrey Garen  <ggaren@apple.com>
1084
1085         Refactored callee access in the DFG to support it in the general case
1086         https://bugs.webkit.org/show_bug.cgi?id=95887
1087
1088         Reviewed by Phil Pizlo and Gavin Barraclough.
1089
1090         To support named function expressions, the DFG needs to understand the
1091         callee register being used in arbitrary expressions, and not just
1092         create_this.
1093
1094         * dfg/DFGByteCodeParser.cpp:
1095         (JSC::DFG::ByteCodeParser::getDirect): 
1096         (JSC::DFG::ByteCodeParser::getCallee): Remap access to the callee register
1097         into a GetCallee node. Otherwise, we get confused and think we have a
1098         negatively indexed argument.
1099
1100         (ByteCodeParser):
1101         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand): Inlining also
1102         needs to remap, but to the callee in the inline frame, and not the caller's
1103         callee.
1104
1105         (JSC::DFG::ByteCodeParser::parseBlock): Since we support the callee in
1106         the general case now, there's no need to handle it in a special way for
1107         create_this.
1108
1109 2012-09-05  Mark Hahnenberg  <mhahnenberg@apple.com>
1110
1111         Remove use of JSCell::classInfoOffset() from virtualForThunkGenerator
1112         https://bugs.webkit.org/show_bug.cgi?id=95821
1113
1114         Reviewed by Oliver Hunt.
1115
1116         We can replace the load of the ClassInfo from the object with a load from the Structure.
1117
1118         * dfg/DFGThunks.cpp:
1119         (JSC::DFG::virtualForThunkGenerator):
1120
1121 2012-09-05  Benjamin Poulain  <bpoulain@apple.com>
1122
1123         Fix the uses of String::operator+=() for Mac
1124         https://bugs.webkit.org/show_bug.cgi?id=95818
1125
1126         Reviewed by Dan Bernstein.
1127
1128         * jsc.cpp:
1129         (functionJSCStack): Use StringBuilder to create the stack dump, it is faster
1130         and avoid String::operator+=().
1131
1132         * parser/Parser.h:
1133         (JSC::Parser::updateErrorMessageSpecialCase):
1134         (JSC::Parser::updateErrorMessage):
1135         (JSC::Parser::updateErrorWithNameAndMessage):
1136         Use the String operators (and makeString) to concatenate the strings.
1137
1138 2012-09-05  Gabor Rapcsanyi  <rgabor@webkit.org>
1139
1140         DFG JIT doesn't work properly on ARM hardfp
1141         https://bugs.webkit.org/show_bug.cgi?id=95684
1142
1143         Reviewed by Filip Pizlo.
1144
1145         Add hardfp support to DFG JIT. The patch is created with the
1146         help of Zoltan Herczeg.
1147
1148         * dfg/DFGCCallHelpers.h:
1149         (CCallHelpers):
1150         (JSC::DFG::CCallHelpers::setupArguments):
1151         * dfg/DFGFPRInfo.h:
1152         (FPRInfo):
1153         * dfg/DFGSpeculativeJIT.h:
1154         (SpeculativeJIT):
1155         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
1156         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1157
1158 2012-09-04  Mark Lam  <mark.lam@apple.com>
1159
1160         Allow the YarrJIT to use the assembler even when useJIT() is false.
1161         Introduce the useYarrJIT() option.
1162         https://bugs.webkit.org/show_bug.cgi?id=95809.
1163
1164         Reviewed by Geoffrey Garen.
1165
1166         * runtime/JSGlobalData.cpp:
1167         (JSC::enableAssembler):
1168         * runtime/Options.cpp:
1169         (JSC::Options::initialize):
1170         * runtime/Options.h:
1171         (JSC):
1172
1173 2012-09-04  Gavin Barraclough  <barraclough@apple.com>
1174
1175         inc/dec behave incorrectly operating on a resolved const
1176         https://bugs.webkit.org/show_bug.cgi?id=95815
1177
1178         Reviewed by Geoff Garen.
1179
1180         There are two bugs here.
1181
1182         (1) When the value being incremented is const, and the result is ignored, we assume this cannot be observed, and emit no code.
1183             However if the value being incremented is not a primitive & has a valueOf conversion, then this should be being called.
1184
1185         (2) In the case of a pre-increment of a const value where the result is not ignored, we'll move +/-1 to the destination, then
1186             add the resolved const value being incremented to this. This is problematic if the destination is a local, and the const
1187             value being incremented has a valueOf conversion that throws - the destination will be modified erroneously. Instead, we
1188             need to use a temporary location.
1189
1190         * bytecompiler/NodesCodegen.cpp:
1191         (JSC::PostfixResolveNode::emitBytecode):
1192         (JSC::PrefixResolveNode::emitBytecode):
1193             - always at least perform a toNumber conversion, use tempDestination when reducing inc/dec to an add +/-1.
1194
1195 2012-09-04  Filip Pizlo  <fpizlo@apple.com>
1196
1197         DFG GetByVal for JSArrays shouldn't OSR exit every time that the index is out of bound
1198         https://bugs.webkit.org/show_bug.cgi?id=95717
1199
1200         Reviewed by Oliver Hunt.
1201         
1202         Rolling back in after fixing the negative index case.
1203
1204         Make GetByVal for JSArrayOutOfBounds do meaningful things. The profiling was already
1205         there so we should just use it!
1206
1207         * bytecode/DFGExitProfile.h:
1208         (JSC::DFG::exitKindToString):
1209         * dfg/DFGAbstractState.cpp:
1210         (JSC::DFG::AbstractState::execute):
1211         * dfg/DFGOperations.cpp:
1212         * dfg/DFGOperations.h:
1213         * dfg/DFGSpeculativeJIT.h:
1214         (JSC::DFG::SpeculativeJIT::callOperation):
1215         * dfg/DFGSpeculativeJIT32_64.cpp:
1216         (JSC::DFG::SpeculativeJIT::compile):
1217         * dfg/DFGSpeculativeJIT64.cpp:
1218         (JSC::DFG::SpeculativeJIT::compile):
1219
1220 2012-09-04  Sheriff Bot  <webkit.review.bot@gmail.com>
1221
1222         Unreviewed, rolling out r127503.
1223         http://trac.webkit.org/changeset/127503
1224         https://bugs.webkit.org/show_bug.cgi?id=95788
1225
1226         broke some tests (fast/js/dfg-negative-array-index, fast/js
1227         /dfg-put-by-val-setter-then-get-by-val) (Requested by thorton
1228         on #webkit).
1229
1230         * bytecode/DFGExitProfile.h:
1231         (JSC::DFG::exitKindToString):
1232         * dfg/DFGAbstractState.cpp:
1233         (JSC::DFG::AbstractState::execute):
1234         * dfg/DFGOperations.cpp:
1235         * dfg/DFGOperations.h:
1236         * dfg/DFGSpeculativeJIT.h:
1237         (JSC::DFG::SpeculativeJIT::callOperation):
1238         * dfg/DFGSpeculativeJIT32_64.cpp:
1239         (JSC::DFG::SpeculativeJIT::compile):
1240         * dfg/DFGSpeculativeJIT64.cpp:
1241         (JSC::DFG::SpeculativeJIT::compile):
1242
1243 2012-09-04  Benjamin Poulain  <bpoulain@apple.com>
1244
1245         Improve JSC use of Strings after the UString->String change
1246         https://bugs.webkit.org/show_bug.cgi?id=95633
1247
1248         Reviewed by Geoffrey Garen.
1249
1250         This patch improve the use of strings in the JSC runtime.
1251
1252         The initialization of Identifier is left for future patches.
1253
1254         The improvements are the following:
1255         -5% faster to raise one of the modified exception.
1256         -3 times faster to execute Boolean::toString()
1257
1258         Most of the changes are just about using the new methods
1259         for string literals.
1260
1261         With the changes, the binary on x86_64 gets 176 bytes smaller.
1262
1263         * API/JSCallbackObjectFunctions.h:
1264         (JSC::::staticFunctionGetter):
1265         (JSC::::callbackGetter):
1266         * API/JSContextRef.cpp:
1267         (JSContextCreateBacktrace):
1268         * API/JSObjectRef.cpp:
1269         (JSObjectMakeFunctionWithCallback):
1270         * bytecode/CodeBlock.cpp:
1271         (JSC::valueToSourceString):
1272         (JSC::CodeBlock::nameForRegister):
1273         * interpreter/Interpreter.cpp:
1274         (JSC::Interpreter::addStackTraceIfNecessary):
1275         * runtime/ArrayConstructor.cpp:
1276         (JSC::constructArrayWithSizeQuirk):
1277         * runtime/ArrayPrototype.cpp:
1278         (JSC::shift):
1279         (JSC::unshift):
1280         (JSC::arrayProtoFuncPop):
1281         (JSC::arrayProtoFuncReverse):
1282         * runtime/BooleanPrototype.cpp:
1283         (JSC::booleanProtoFuncToString): Instead of instanciating new strings, reuse the
1284         keywords available in SmallStrings. Avoiding the creation of the JSString and StringImpl
1285         makes the method significantly faster.
1286
1287         * runtime/DateConversion.cpp:
1288         (JSC::formatDateTime):
1289         * runtime/DatePrototype.cpp:
1290         (JSC::formatLocaleDate):
1291         (JSC::formateDateInstance):
1292         (JSC::dateProtoFuncToISOString):
1293         Change the way we use snprintf() for clarity and performance.
1294
1295         Instead of allocating one extra byte to put a zero "just in case", we use the size returned
1296         by snprintf().
1297         To prevent any overflow from a programming mistake, we explicitely test for overflow and
1298         return an empty string.
1299
1300         (JSC::dateProtoFuncToJSON):
1301         * runtime/Error.cpp:
1302         (JSC::createNotEnoughArgumentsError):
1303         (JSC::throwTypeError):
1304         (JSC::throwSyntaxError):
1305         * runtime/Error.h:
1306         (JSC::StrictModeTypeErrorFunction::create):
1307         * runtime/ErrorPrototype.cpp:
1308         (JSC::ErrorPrototype::finishCreation):
1309         (JSC::errorProtoFuncToString):
1310         Using a null String is correct because (8) uses jsString(), (9) tests for a length of 0.
1311
1312         * runtime/ExceptionHelpers.cpp:
1313         (JSC::InterruptedExecutionError::defaultValue):
1314         (JSC::TerminatedExecutionError::defaultValue):
1315         (JSC::createStackOverflowError):
1316         (JSC::createOutOfMemoryError):
1317         * runtime/Executable.cpp:
1318         (JSC::EvalExecutable::compileInternal):
1319         (JSC::FunctionExecutable::paramString):
1320         * runtime/FunctionConstructor.cpp:
1321         (JSC::constructFunction):
1322         (JSC::constructFunctionSkippingEvalEnabledCheck):
1323         * runtime/FunctionPrototype.h:
1324         (JSC::FunctionPrototype::create):
1325         Using a null String for the name is correct because InternalFunction uses jsString()
1326         to create the name value.
1327
1328         * runtime/InternalFunction.cpp:
1329         (JSC::InternalFunction::finishCreation):
1330         There is no need to create an empty string for a null string, jsString() handle both
1331         cases as empty JSString.
1332
1333         * runtime/JSArray.cpp:
1334         (JSC::reject):
1335         (JSC::SparseArrayValueMap::put):
1336         (JSC::JSArray::put):
1337         (JSC::JSArray::putByIndexBeyondVectorLength):
1338         (JSC::JSArray::putDirectIndexBeyondVectorLength):
1339         (JSC::JSArray::setLength):
1340         (JSC::JSArray::pop):
1341         (JSC::JSArray::push):
1342         * runtime/JSFunction.cpp:
1343         (JSC::JSFunction::finishCreation): Same issue as InternalFunction::finishCreation.
1344
1345         (JSC::JSFunction::callerGetter):
1346         (JSC::JSFunction::defineOwnProperty):
1347         * runtime/JSGlobalData.cpp:
1348         (JSC::enableAssembler): Use CFSTR() instead of CFStringCreateWithCString().
1349         CFStringCreateWithCString() copy the content and may choose to decode the data.
1350         CFSTR() is much more efficient.
1351
1352         * runtime/JSGlobalObject.cpp:
1353         (JSC::JSGlobalObject::reset):
1354         JSFunction uses jsString() to create the name, we can use null strings instead
1355         of creating empty strings.
1356
1357         (JSC::JSGlobalObject::createThrowTypeError): ditto.
1358         * runtime/JSGlobalObjectFunctions.cpp:
1359         (JSC::encode):
1360         (JSC::decode):
1361         (JSC::globalFuncEval):
1362         * runtime/JSONObject.cpp:
1363         (JSC::Stringifier::appendStringifiedValue):
1364         (JSC::Stringifier::Holder::appendNextProperty):
1365         (JSC::JSONProtoFuncParse):
1366         (JSC::JSONProtoFuncStringify):
1367         * runtime/JSObject.cpp:
1368         (JSC::JSObject::put):
1369         (JSC::JSObject::defaultValue):
1370         (JSC::JSObject::hasInstance):
1371         (JSC::JSObject::defineOwnProperty):
1372         * runtime/JSString.cpp:
1373         Return an empty JSString to avoid the creation of a temporary empty String.
1374
1375         (JSC::JSRopeString::getIndexSlowCase):
1376         * runtime/JSString.h:
1377         (JSC): Remove the versions of jsNontrivialString() taking a char*. All the callers
1378         have been replaced by calls using ASCIILiteral.
1379
1380         * runtime/JSValue.cpp:
1381         (JSC::JSValue::putToPrimitive):
1382         * runtime/LiteralParser.cpp:
1383         (JSC::::Lexer::lex):
1384         (JSC::::Lexer::lexString):
1385         (JSC::::Lexer::lexNumber):
1386         (JSC::::parse):
1387         * runtime/LiteralParser.h:
1388         (JSC::LiteralParser::getErrorMessage):
1389         * runtime/NumberPrototype.cpp:
1390         (JSC::numberProtoFuncToExponential):
1391         (JSC::numberProtoFuncToFixed):
1392         (JSC::numberProtoFuncToPrecision):
1393         (JSC::numberProtoFuncToString):
1394         * runtime/ObjectConstructor.cpp:
1395         (JSC::objectConstructorGetPrototypeOf):
1396         (JSC::objectConstructorGetOwnPropertyDescriptor):
1397         (JSC::objectConstructorGetOwnPropertyNames):
1398         (JSC::objectConstructorKeys):
1399         (JSC::toPropertyDescriptor):
1400         (JSC::objectConstructorDefineProperty):
1401         (JSC::objectConstructorDefineProperties):
1402         (JSC::objectConstructorCreate):
1403         (JSC::objectConstructorSeal):
1404         (JSC::objectConstructorFreeze):
1405         (JSC::objectConstructorPreventExtensions):
1406         (JSC::objectConstructorIsSealed):
1407         (JSC::objectConstructorIsFrozen):
1408         (JSC::objectConstructorIsExtensible):
1409         * runtime/ObjectPrototype.cpp:
1410         (JSC::objectProtoFuncDefineGetter):
1411         (JSC::objectProtoFuncDefineSetter):
1412         (JSC::objectProtoFuncToString):
1413         * runtime/RegExpConstructor.cpp:
1414         (JSC::constructRegExp):
1415         * runtime/RegExpObject.cpp:
1416         (JSC::reject):
1417         (JSC::regExpObjectSource):
1418         * runtime/RegExpPrototype.cpp:
1419         (JSC::regExpProtoFuncCompile):
1420         * runtime/StringObject.cpp:
1421         (JSC::StringObject::defineOwnProperty):
1422         * runtime/StringPrototype.cpp:
1423         (JSC::jsSpliceSubstrings):
1424         (JSC::jsSpliceSubstringsWithSeparators):
1425
1426 2012-09-04  Filip Pizlo  <fpizlo@apple.com>
1427
1428         DFG GetByVal for JSArrays shouldn't OSR exit every time that the index is out of bound
1429         https://bugs.webkit.org/show_bug.cgi?id=95717
1430
1431         Reviewed by Oliver Hunt.
1432
1433         Make GetByVal for JSArrayOutOfBounds do meaningful things. The profiling was already
1434         there so we should just use it!
1435
1436         * bytecode/DFGExitProfile.h:
1437         (JSC::DFG::exitKindToString):
1438         * dfg/DFGAbstractState.cpp:
1439         (JSC::DFG::AbstractState::execute):
1440         * dfg/DFGOperations.cpp:
1441         * dfg/DFGOperations.h:
1442         * dfg/DFGSpeculativeJIT.h:
1443         (JSC::DFG::SpeculativeJIT::callOperation):
1444         * dfg/DFGSpeculativeJIT32_64.cpp:
1445         (JSC::DFG::SpeculativeJIT::compile):
1446         * dfg/DFGSpeculativeJIT64.cpp:
1447         (JSC::DFG::SpeculativeJIT::compile):
1448
1449 2012-09-04  Zoltan Horvath  <zoltan@webkit.org>
1450
1451         Extend the coverage of the Custom Allocation Framework in WTF and in JavaScriptCore
1452         https://bugs.webkit.org/show_bug.cgi?id=95737
1453
1454         Reviewed by Eric Seidel.
1455
1456         Add WTF_MAKE_FAST_ALLOCATED macro to the following class declarations because these are instantiated by operator new.
1457
1458         * wtf/CryptographicallyRandomNumber.cpp: CryptographicallyRandomNumber is instantiated at wtf/CryptographicallyRandomNumber.cpp:162.
1459
1460         * heap/MachineStackMarker.cpp:
1461         (MachineThreads::Thread): Thread is instantiated at heap/MachineStackMarker.cpp:196.
1462         * jit/ExecutableAllocatorFixedVMPool.cpp:
1463         (FixedVMPoolExecutableAllocator): FixedVMPoolExecutableAllocator is instantiated at jit/ExecutableAllocatorFixedVMPool.cpp:111
1464         * parser/SourceProviderCache.h:
1465         (SourceProviderCache): SourceProviderCache is instantiated at parser/SourceProvider.h:49.
1466         * parser/SourceProviderCacheItem.h:
1467         (SourceProviderCacheItem): SourceProviderCacheItem is instantiated at parser/Parser.cpp:843.
1468         * runtime/GCActivityCallback.h:
1469         (GCActivityCallback): GCActivityCallback is instantiated at runtime/GCActivityCallback.h:96.
1470         * tools/CodeProfile.h:
1471         (CodeProfile): CodeProfile is instantiated at JavaScriptCore/tools/CodeProfiling.cpp:140.
1472
1473 2012-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1474
1475         Remove uses of ClassInfo from SpeculativeJIT::compileObjectOrOtherLogicalNot
1476         https://bugs.webkit.org/show_bug.cgi?id=95510
1477
1478         Reviewed by Oliver Hunt.
1479
1480         More refactoring to get rid of ClassInfo checks in the DFG.
1481
1482         * dfg/DFGAbstractState.cpp:
1483         (JSC::DFG::AbstractState::execute):
1484         * dfg/DFGSpeculativeJIT.h:
1485         (SpeculativeJIT):
1486         * dfg/DFGSpeculativeJIT32_64.cpp:
1487         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
1488         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1489         * dfg/DFGSpeculativeJIT64.cpp:
1490         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
1491         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1492
1493 2012-09-03  Patrick Gansterer  <paroga@webkit.org>
1494
1495         Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r127393.
1496
1497         * interpreter/Interpreter.h:
1498
1499 2012-09-02  Geoffrey Garen  <ggaren@apple.com>
1500
1501         Fixed failures seen on Linux bots.
1502
1503         * jit/JITOpcodes.cpp:
1504         (JSC::JIT::emit_op_push_with_scope):
1505         * jit/JITOpcodes32_64.cpp:
1506         (JSC::JIT::emit_op_push_with_scope):
1507         * jit/JITStubs.cpp:
1508         (JSC::DEFINE_STUB_FUNCTION):
1509         * jit/JITStubs.h: push_*_scope doesn't have a destination operand anymore.
1510         Accordingly, update these places in the baseline JIT, which I missed in my last patch.
1511
1512 2012-09-02  Geoffrey Garen  <ggaren@apple.com>
1513
1514         Refactored scope chain opcodes to support optimization for named function expressions
1515         https://bugs.webkit.org/show_bug.cgi?id=95658
1516
1517         Reviewed by Sam Weinig.
1518
1519         Renamed
1520             push_scope => push_with_scope
1521             push_new_scope => push_name_scope
1522         to clarify the difference between them.
1523
1524         Changed push_with_scope and push_name_scope not to save the new scope in
1525         a temporary register, since doing so made optimization harder.
1526
1527         (The old behavior was a hold-over from when the scope chain wasn't
1528         a GC object, and wouldn't be marked otherwise. Now, the scope chain is
1529         marked because it is a GC object pointed to by the call frame.)
1530
1531         Changed push_name_scope to accept an operand specifying the attributes
1532         for the named property, instead of assuming DontDelete, because a named
1533         function expression needs ReadOnly|DontDelete.
1534
1535         * bytecompiler/BytecodeGenerator.cpp:
1536         (JSC::BytecodeGenerator::highestUsedRegister): Removed this function,
1537         which used to be related to preserving saved scope object temporaries,
1538         because it had no callers.
1539
1540 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
1541
1542         Rolled back out a piece of <http://trac.webkit.org/changeset/127293>
1543         because it broke inspector tests on Windows.
1544
1545             Shrink activation objects by half
1546             https://bugs.webkit.org/show_bug.cgi?id=95591
1547
1548             Reviewed by Sam Weinig.
1549
1550 2012-09-01  Mark Lam  <mark.lam@apple.com>
1551
1552         LLInt C loop backend.
1553         https://bugs.webkit.org/show_bug.cgi?id=91052.
1554
1555         Reviewed by Filip Pizlo.
1556
1557         * JavaScriptCore.xcodeproj/project.pbxproj:
1558         * bytecode/CodeBlock.cpp:
1559         (JSC::CodeBlock::dump):
1560         (JSC::CodeBlock::bytecodeOffset):
1561         * interpreter/Interpreter.cpp:
1562         (JSC::Interpreter::execute):
1563         (JSC::Interpreter::executeCall):
1564         (JSC::Interpreter::executeConstruct):
1565         (JSC):
1566         * interpreter/Interpreter.h:
1567         * jit/JITStubs.h:
1568         (JITStackFrame):
1569         (JSC):
1570         * llint/LLIntCLoop.cpp: Added.
1571         (JSC):
1572         (LLInt):
1573         (JSC::LLInt::CLoop::initialize):
1574         (JSC::LLInt::CLoop::catchRoutineFor):
1575         (JSC::LLInt::CLoop::hostCodeEntryFor):
1576         (JSC::LLInt::CLoop::jsCodeEntryWithArityCheckFor):
1577         (JSC::LLInt::CLoop::jsCodeEntryFor):
1578         * llint/LLIntCLoop.h: Added.
1579         (JSC):
1580         (LLInt):
1581         (CLoop):
1582         * llint/LLIntData.cpp:
1583         (JSC::LLInt::initialize):
1584         * llint/LLIntData.h:
1585         (JSC):
1586         * llint/LLIntOfflineAsmConfig.h:
1587         * llint/LLIntOpcode.h:
1588         * llint/LLIntThunks.cpp:
1589         (LLInt):
1590         * llint/LowLevelInterpreter.asm:
1591         * llint/LowLevelInterpreter.cpp:
1592         (LLInt):
1593         (JSC::LLInt::Ints2Double):
1594         (JSC):
1595         (JSC::CLoop::execute):
1596         * llint/LowLevelInterpreter.h:
1597         (JSC):
1598         * llint/LowLevelInterpreter32_64.asm:
1599         * llint/LowLevelInterpreter64.asm:
1600         * offlineasm/asm.rb:
1601         * offlineasm/backends.rb:
1602         * offlineasm/cloop.rb: Added.
1603         * offlineasm/instructions.rb:
1604         * runtime/Executable.h:
1605         (ExecutableBase):
1606         (JSC::ExecutableBase::hostCodeEntryFor):
1607         (JSC::ExecutableBase::jsCodeEntryFor):
1608         (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
1609         (JSC::ExecutableBase::catchRoutineFor):
1610         (NativeExecutable):
1611         * runtime/JSValue.h:
1612         (JSC):
1613         (LLInt):
1614         (JSValue):
1615         * runtime/JSValueInlineMethods.h:
1616         (JSC):
1617         (JSC::JSValue::JSValue):
1618         * runtime/Options.cpp:
1619         (JSC::Options::initialize):
1620
1621 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
1622
1623         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
1624
1625             Shrink activation objects by half
1626             https://bugs.webkit.org/show_bug.cgi?id=95591
1627
1628             Reviewed by Sam Weinig.
1629
1630         * runtime/JSActivation.h:
1631         (JSActivation):
1632
1633 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
1634
1635         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
1636
1637             Shrink activation objects by half
1638             https://bugs.webkit.org/show_bug.cgi?id=95591
1639
1640             Reviewed by Sam Weinig.
1641
1642         * runtime/JSActivation.cpp:
1643         (JSC::JSActivation::JSActivation):
1644         * runtime/JSGlobalObject.cpp:
1645         (JSC::JSGlobalObject::JSGlobalObject):
1646         (JSC::JSGlobalObject::setGlobalThis):
1647         (JSC):
1648         (JSC::JSGlobalObject::visitChildren):
1649         * runtime/JSGlobalObject.h:
1650         (JSGlobalObject):
1651         (JSC::JSScope::globalThis):
1652         (JSC):
1653         (JSC::JSGlobalObject::globalThis):
1654         * runtime/JSNameScope.h:
1655         (JSC::JSNameScope::JSNameScope):
1656         * runtime/JSScope.cpp:
1657         (JSC::JSScope::visitChildren):
1658         * runtime/JSScope.h:
1659         (JSScope):
1660         (JSC::JSScope::JSScope):
1661         (JSC::JSScope::globalObject):
1662         (JSC::JSScope::globalData):
1663         * runtime/JSSegmentedVariableObject.h:
1664         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
1665         * runtime/JSSymbolTableObject.h:
1666         (JSC::JSSymbolTableObject::JSSymbolTableObject):
1667         * runtime/JSVariableObject.h:
1668         (JSC::JSVariableObject::JSVariableObject):
1669         * runtime/JSWithScope.h:
1670         (JSC::JSWithScope::JSWithScope):
1671         * runtime/StrictEvalActivation.cpp:
1672         (JSC::StrictEvalActivation::StrictEvalActivation):
1673
1674 2012-09-01  Geoffrey Garen  <ggaren@apple.com>
1675
1676         Rolled back out a piece of <http://trac.webkit.org/changeset/127293>
1677         because it broke Window inspector tests.
1678
1679             Shrink activation objects by half
1680             https://bugs.webkit.org/show_bug.cgi?id=95591
1681
1682             Reviewed by Sam Weinig.
1683
1684         * runtime/JSActivation.h:
1685         (JSActivation):
1686
1687 2012-08-31  Filip Pizlo  <fpizlo@apple.com>
1688
1689         Unreviewed, attempt to fix Windows, take two.
1690
1691         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1692
1693 2012-08-31  Filip Pizlo  <fpizlo@apple.com>
1694
1695         Unreviewed, attempt to fix Windows.
1696
1697         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1698
1699 2012-08-31  Filip Pizlo  <fpizlo@apple.com>
1700
1701         JSArray::putDirectIndex should by default behave like JSObject::putDirect
1702         https://bugs.webkit.org/show_bug.cgi?id=95630
1703
1704         Reviewed by Gavin Barraclough.
1705
1706         * interpreter/Interpreter.cpp:
1707         (JSC::Interpreter::privateExecute):
1708         * jit/JITStubs.cpp:
1709         (JSC::DEFINE_STUB_FUNCTION):
1710         * jsc.cpp:
1711         (GlobalObject::finishCreation):
1712         * llint/LLIntSlowPaths.cpp:
1713         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1714         * runtime/JSArray.cpp:
1715         (JSC::SparseArrayValueMap::putDirect):
1716         (JSC::JSArray::defineOwnNumericProperty):
1717         (JSC::JSArray::putDirectIndexBeyondVectorLength):
1718         * runtime/JSArray.h:
1719         (SparseArrayValueMap):
1720         (JSArray):
1721         (JSC::JSArray::putDirectIndex):
1722         * runtime/JSONObject.cpp:
1723         (JSC::Walker::walk):
1724         * runtime/RegExpMatchesArray.cpp:
1725         (JSC::RegExpMatchesArray::reifyAllProperties):
1726         (JSC::RegExpMatchesArray::reifyMatchProperty):
1727         * runtime/StringPrototype.cpp:
1728         (JSC::splitStringByOneCharacterImpl):
1729         (JSC::stringProtoFuncSplit):
1730
1731 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1732
1733         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
1734
1735             Shrink activation objects by half
1736             https://bugs.webkit.org/show_bug.cgi?id=95591
1737
1738             Reviewed by Sam Weinig.
1739
1740         * runtime/JSGlobalData.cpp:
1741         (JSC::JSGlobalData::JSGlobalData):
1742         * runtime/JSGlobalData.h:
1743         (JSGlobalData):
1744         * runtime/JSNameScope.h:
1745         (JSC::JSNameScope::JSNameScope):
1746         * runtime/JSWithScope.h:
1747         (JSC::JSWithScope::JSWithScope):
1748         * runtime/StrictEvalActivation.cpp:
1749         (JSC::StrictEvalActivation::StrictEvalActivation):
1750
1751 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1752
1753         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
1754
1755             Shrink activation objects by half
1756             https://bugs.webkit.org/show_bug.cgi?id=95591
1757
1758             Reviewed by Sam Weinig.
1759
1760         * dfg/DFGAbstractState.cpp:
1761         (JSC::DFG::AbstractState::execute):
1762         * jit/JITOpcodes.cpp:
1763         (JSC::JIT::emit_op_resolve_global_dynamic):
1764         * llint/LowLevelInterpreter32_64.asm:
1765         * llint/LowLevelInterpreter64.asm:
1766         * runtime/JSActivation.cpp:
1767         (JSC::JSActivation::JSActivation):
1768         * runtime/JSGlobalData.cpp:
1769         (JSC::JSGlobalData::JSGlobalData):
1770         * runtime/JSGlobalData.h:
1771         (JSGlobalData):
1772         * runtime/JSGlobalObject.cpp:
1773         (JSC::JSGlobalObject::reset):
1774         (JSC::JSGlobalObject::visitChildren):
1775         * runtime/JSGlobalObject.h:
1776         (JSGlobalObject):
1777         (JSC::JSGlobalObject::withScopeStructure):
1778         (JSC::JSGlobalObject::strictEvalActivationStructure):
1779         (JSC::JSGlobalObject::activationStructure):
1780         (JSC::JSGlobalObject::nameScopeStructure):
1781
1782 2012-08-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1783
1784         Remove use of ClassInfo in SpeculativeJIT::emitBranch
1785         https://bugs.webkit.org/show_bug.cgi?id=95623
1786
1787         Reviewed by Filip Pizlo.
1788
1789         * dfg/DFGAbstractState.cpp:
1790         (JSC::DFG::AbstractState::execute):
1791         * dfg/DFGSpeculativeJIT.h:
1792         (SpeculativeJIT):
1793         * dfg/DFGSpeculativeJIT32_64.cpp:
1794         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
1795         (JSC::DFG::SpeculativeJIT::emitBranch):
1796         * dfg/DFGSpeculativeJIT64.cpp:
1797         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
1798         (JSC::DFG::SpeculativeJIT::emitBranch):
1799
1800 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1801
1802         Rolled back in a piece of <http://trac.webkit.org/changeset/127293>.
1803
1804             Shrink activation objects by half
1805             https://bugs.webkit.org/show_bug.cgi?id=95591
1806
1807             Reviewed by Sam Weinig.
1808
1809         * heap/MarkedBlock.cpp:
1810         (JSC::MarkedBlock::MarkedBlock):
1811         * heap/MarkedBlock.h:
1812         (MarkedBlock):
1813         (JSC::MarkedBlock::globalData):
1814         (JSC):
1815         * heap/WeakSet.cpp:
1816         (JSC::WeakSet::addAllocator):
1817         * heap/WeakSet.h:
1818         (WeakSet):
1819         (JSC::WeakSet::WeakSet):
1820         (JSC::WeakSet::globalData):
1821         * runtime/JSGlobalData.h:
1822         (JSC::WeakSet::heap):
1823         (JSC):
1824
1825 2012-08-31  Mark Lam  <mark.lam@apple.com>
1826
1827         Refactor LLInt and supporting code in preparation for the C Loop backend.
1828         https://bugs.webkit.org/show_bug.cgi?id=95531.
1829
1830         Reviewed by Filip Pizlo.
1831
1832         * bytecode/GetByIdStatus.cpp:
1833         (JSC::GetByIdStatus::computeFromLLInt):
1834         * bytecode/PutByIdStatus.cpp:
1835         (JSC::PutByIdStatus::computeFromLLInt):
1836         * jit/JITExceptions.cpp:
1837         (JSC::genericThrow): Use ExecutableBase::catchRoutineFor() to fetch
1838             fetch the catch routine for a thrown exception.  This will allow
1839             us to redefine that for the C loop later, and still keep this
1840             code readable.
1841         * llint/LLIntOfflineAsmConfig.h: Moved ASM macros to
1842             LowLevelInterpreter.cpp which is the only place they are used. This
1843             will make it more convenient to redefine them for the C loop later.
1844         * llint/LLIntSlowPaths.cpp:
1845         (JSC::LLInt::setUpCall): Use ExecutableBase's hostCodeEntry()
1846             jsCodeEntryFor(), and jsCodeWithArityCheckEntryFor() for computing
1847             the entry points to functions being called.
1848         * llint/LLIntSlowPaths.h:
1849         (SlowPathReturnType):
1850         (JSC::LLInt::encodeResult):
1851         (LLInt):
1852         (JSC::LLInt::decodeResult): Added.  Needed by LLInt C Loop later.
1853         * llint/LowLevelInterpreter.asm:
1854         * llint/LowLevelInterpreter.cpp:
1855         * llint/LowLevelInterpreter32_64.asm:
1856         * llint/LowLevelInterpreter64.asm:
1857         * offlineasm/asm.rb: Disambiguate between opcodes and other labels.
1858         * offlineasm/config.rb:
1859         * runtime/Executable.h:
1860         (JSC::ExecutableBase::hostCodeEntryFor): Added.
1861         (ExecutableBase):
1862         (JSC::ExecutableBase::jsCodeEntryFor): Added.
1863         (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor): Added.
1864         (JSC::ExecutableBase::catchRoutineFor): Added.
1865         * runtime/JSValueInlineMethods.h:
1866         (JSC):
1867
1868 2012-08-31  Tony Chang  <tony@chromium.org>
1869
1870         Remove ENABLE_CSS3_FLEXBOX compile time flag
1871         https://bugs.webkit.org/show_bug.cgi?id=95382
1872
1873         Reviewed by Ojan Vafai.
1874
1875         Everyone is already enabling this by default and the spec has stablized.
1876
1877         * Configurations/FeatureDefines.xcconfig:
1878
1879 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1880
1881         Not reviewed.
1882
1883         Rolled out http://trac.webkit.org/changeset/127293 because it broke
1884         inspector tests on Windows.
1885
1886             Shrink activation objects by half
1887             https://bugs.webkit.org/show_bug.cgi?id=95591
1888
1889             Reviewed by Sam Weinig.
1890
1891 2012-08-31  Geoffrey Garen  <ggaren@apple.com>
1892
1893         Shrink activation objects by half
1894         https://bugs.webkit.org/show_bug.cgi?id=95591
1895
1896         Reviewed by Sam Weinig.
1897
1898         Removed the global object, global data, and global this pointers from
1899         JSScope, and changed an int to a bitfield. This gets the JSActivation
1900         class down to 64 bytes, which in practice cuts it in half by getting it
1901         out of the 128 byte size class.
1902
1903         Now, it's one extra indirection to get these pointers. These pointers
1904         aren't accessed by JIT code, so I thought there would be no cost to the
1905         extra indirection. However, some C++-heavy SunSpider tests regressed a
1906         bit in an early version of the patch, which added even more indirection.
1907         This suggests that calls to exec->globalData() and/or exec->lexicalGlobalObject()
1908         are common and probably duplicated in lots of places, and could stand
1909         further optimization in C++.
1910
1911         * dfg/DFGAbstractState.cpp:
1912         (JSC::DFG::AbstractState::execute): Test against the specific activation
1913         for our global object, since there's no VM-shared activation structure
1914         anymore. This is guaranteed to have the same success rate as the old test
1915         because activation scope is fixed at compile time.
1916
1917         * heap/MarkedBlock.cpp:
1918         (JSC::MarkedBlock::MarkedBlock):
1919         * heap/MarkedBlock.h:
1920         (JSC::MarkedBlock::globalData):
1921         * heap/WeakSet.cpp:
1922         (JSC::WeakSet::addAllocator):
1923         * heap/WeakSet.h:
1924         (WeakSet):
1925         (JSC::WeakSet::WeakSet):
1926         (JSC::WeakSet::globalData): Store a JSGlobalData* instead of a Heap*
1927         because JSGlobalData->Heap is just a constant fold in the addressing
1928         mode, while Heap->JSGlobalData is an extra pointer dereference. (These
1929         objects should eventually just merge.)
1930
1931         * jit/JITOpcodes.cpp:
1932         (JSC::JIT::emit_op_resolve_global_dynamic): See DFGAbstractState.cpp.
1933
1934         * llint/LowLevelInterpreter32_64.asm:
1935         * llint/LowLevelInterpreter64.asm: Load the activation structure from
1936         the code block instead of the global data because the structure is not
1937         VM-shared anymore. (See DFGAbstractState.cpp.)
1938
1939         * runtime/JSActivation.cpp:
1940         (JSC::JSActivation::JSActivation):
1941         * runtime/JSActivation.h:
1942         (JSActivation): This is the point of the patch: Remove the data.
1943
1944         * runtime/JSGlobalData.cpp:
1945         (JSC::JSGlobalData::JSGlobalData):
1946         * runtime/JSGlobalData.h:
1947         (JSGlobalData): No longer VM-shared. (See DFGAbstractState.cpp.)
1948
1949         (JSC::WeakSet::heap): (See WeakSet.h.)
1950
1951         * runtime/JSGlobalObject.cpp:
1952         (JSC::JSGlobalObject::JSGlobalObject):
1953         (JSC::JSGlobalObject::setGlobalThis):
1954         (JSC::JSGlobalObject::reset):
1955         (JSC::JSGlobalObject::visitChildren):
1956         * runtime/JSGlobalObject.h:
1957         (JSGlobalObject):
1958         (JSC::JSGlobalObject::withScopeStructure):
1959         (JSC::JSGlobalObject::strictEvalActivationStructure):
1960         (JSC::JSGlobalObject::activationStructure):
1961         (JSC::JSGlobalObject::nameScopeStructure):
1962         (JSC::JSScope::globalThis):
1963         (JSC::JSGlobalObject::globalThis): Data that used to be in the JSScope
1964         class goes here now, so it's not duplicated across all activations.
1965
1966         * runtime/JSNameScope.h:
1967         (JSC::JSNameScope::JSNameScope):
1968         * runtime/JSScope.cpp:
1969         (JSC::JSScope::visitChildren): This is the point of the patch: Remove the data.
1970
1971         * runtime/JSScope.h:
1972         (JSScope):
1973         (JSC::JSScope::JSScope):
1974         (JSC::JSScope::globalObject):
1975         (JSC::JSScope::globalData):
1976         * runtime/JSSegmentedVariableObject.h:
1977         (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
1978         * runtime/JSSymbolTableObject.h:
1979         (JSC::JSSymbolTableObject::JSSymbolTableObject):
1980         * runtime/JSVariableObject.h:
1981         (JSC::JSVariableObject::JSVariableObject):
1982         * runtime/JSWithScope.h:
1983         (JSC::JSWithScope::JSWithScope):
1984         * runtime/StrictEvalActivation.cpp:
1985         (JSC::StrictEvalActivation::StrictEvalActivation): Simplified now that
1986         we don't need to pass so much data to JSScope.
1987
1988 2012-08-31  Patrick Gansterer  <paroga@webkit.org>
1989
1990         Build fix for WinCE after r127191.
1991
1992         * bytecode/JumpTable.h:
1993
1994 2012-08-30  Filip Pizlo  <fpizlo@apple.com>
1995
1996         ASSERTION FAILURE in JSC::JSGlobalData::float32ArrayDescriptor when running fast/js/dfg-float64array.html
1997         https://bugs.webkit.org/show_bug.cgi?id=95398
1998
1999         Reviewed by Mark Hahnenberg.
2000
2001         Trying to get the build failure to be a bit more informative.
2002
2003         * runtime/JSGlobalData.h:
2004         (JSGlobalData):
2005
2006 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2007
2008         Try to fix the Qt build: add some #includes that, for some reason, only the Qt linker requires.
2009
2010         * runtime/BooleanObject.cpp:
2011         * runtime/ErrorInstance.cpp:
2012         * runtime/NameInstance.cpp:
2013
2014 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2015
2016         Fix the Qt build: Removed a now-dead variable.
2017
2018         * interpreter/Interpreter.cpp:
2019         (JSC::Interpreter::execute):
2020
2021 2012-08-30  Benjamin Poulain  <bpoulain@apple.com>
2022
2023         Ambiguous operator[]  after r127191 on some compiler
2024         https://bugs.webkit.org/show_bug.cgi?id=95509
2025
2026         Reviewed by Simon Fraser.
2027
2028         On some compilers, the operator[] conflicts with the Obj-C++ operators. This attempts to solve
2029         the issue.
2030
2031         * runtime/JSString.h:
2032         (JSC::jsSingleCharacterSubstring):
2033         (JSC::jsString):
2034         (JSC::jsSubstring8):
2035         (JSC::jsSubstring):
2036         (JSC::jsOwnedString):
2037
2038 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2039
2040         Try to fix the Qt build: Remove the inline keyword at the declaration
2041         site. 
2042
2043         The Qt compiler seems to be confused, complaining about these functions
2044         not being defined in a translation unit, even though no generated code
2045         in the unit calls these functions. Maybe removing the keyword at the
2046         declaration site will change its mind.
2047
2048         This shouldn't change the inlining decision at all: the definition is
2049         still inline.
2050
2051         * interpreter/CallFrame.h:
2052         (ExecState):
2053
2054 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2055
2056         Undo Qt build fix guess, since it breaks other builds.
2057
2058         * runtime/JSArray.h:
2059
2060 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2061
2062         Try to fix the Qt build: add an #include to JSArray.h, since
2063         it's included by some of the files Qt complains about, and
2064         some of is functions call the functions Qt complains about.
2065
2066         * runtime/JSArray.h:
2067
2068 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2069
2070         Second step toward fixing the Windows build: Add new symbols.
2071
2072         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2073
2074 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2075
2076         Try to fix the Qt build: add an #include.
2077
2078         * bytecode/GetByIdStatus.cpp:
2079
2080 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2081
2082         First step toward fixing the Windows build: Remove old symbols.
2083
2084         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2085
2086 2012-08-30  Geoffrey Garen  <ggaren@apple.com>
2087
2088         Use one object instead of two for closures, eliminating ScopeChainNode
2089         https://bugs.webkit.org/show_bug.cgi?id=95501
2090
2091         Reviewed by Filip Pizlo.
2092
2093         This patch removes ScopeChainNode, and moves all the data and related
2094         functions that used to be in ScopeChainNode into JSScope.
2095
2096         Most of this patch is mechanical changes to use a JSScope* where we used
2097         to use a ScopeChainNode*. I've only specifically commented about items
2098         that were non-mechanical.
2099
2100         * runtime/Completion.cpp:
2101         (JSC::evaluate):
2102         * runtime/Completion.h: Don't require an explicit scope chain argument
2103         when evaluating code. Clients never wanted anything other than the
2104         global scope, and other arbitrary scopes probably wouldn't work
2105         correctly, anyway.
2106
2107         * runtime/JSScope.cpp:
2108         * runtime/JSScope.h:
2109         (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
2110         ScopeChainNode, so it can link itself into the scope chain correctly.
2111
2112         * runtime/JSWithScope.h:
2113         (JSC::JSWithScope::create):
2114         (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
2115         for specifically supplying your own scope chain. The DOM needs this
2116         interface for setting up the scope chain for certain event handlers.
2117         Other clients always just push the JSWithScope to the head of the current
2118         scope chain.
2119
2120 2012-08-30  Mark Lam  <mark.lam@apple.com>
2121
2122         Render unto #ifdef's that which belong to them.
2123         https://bugs.webkit.org/show_bug.cgi?id=95482.
2124
2125         Reviewed by Filip Pizlo.
2126
2127         Refining / disambiguating between #ifdefs and adding some. For
2128         example, ENABLE(JIT) is conflated with ENABLE(LLINT) in some places.
2129         Also, we need to add ENABLE(COMPUTED_GOTO_OPCODES) to indicate that we
2130         want interpreted opcodes to use COMPUTED GOTOs apart from ENABLE(LLINT)
2131         and ENABLE(COMPUTED_GOTO_CLASSIC_INTERPRETER). Also cleaned up #ifdefs
2132         in certain places which were previously incorrect.
2133
2134         * bytecode/CodeBlock.cpp:
2135         (JSC):
2136         (JSC::CodeBlock::bytecodeOffset):
2137         * bytecode/CodeBlock.h:
2138         (CodeBlock):
2139         * bytecode/Opcode.h:
2140         (JSC::padOpcodeName):
2141         * config.h:
2142         * dfg/DFGOperations.cpp:
2143         * interpreter/AbstractPC.cpp:
2144         (JSC::AbstractPC::AbstractPC):
2145         * interpreter/CallFrame.h:
2146         (ExecState):
2147         * interpreter/Interpreter.cpp:
2148         (JSC::Interpreter::~Interpreter):
2149         (JSC::Interpreter::initialize):
2150         (JSC::Interpreter::isOpcode):
2151         (JSC::Interpreter::unwindCallFrame):
2152         (JSC::getLineNumberForCallFrame):
2153         (JSC::getCallerInfo):
2154         (JSC::Interpreter::execute):
2155         (JSC::Interpreter::executeCall):
2156         (JSC::Interpreter::executeConstruct):
2157         (JSC::Interpreter::privateExecute):
2158         * interpreter/Interpreter.h:
2159         (JSC::Interpreter::getOpcode):
2160         (JSC::Interpreter::getOpcodeID):
2161         (Interpreter):
2162         * jit/HostCallReturnValue.h:
2163         * jit/JITCode.h:
2164         (JITCode):
2165         * jit/JITExceptions.cpp:
2166         * jit/JITExceptions.h:
2167         * jit/JSInterfaceJIT.h:
2168         * llint/LLIntData.h:
2169         (JSC::LLInt::getOpcode):
2170         * llint/LLIntEntrypoints.cpp:
2171         (JSC::LLInt::getFunctionEntrypoint):
2172         (JSC::LLInt::getEvalEntrypoint):
2173         (JSC::LLInt::getProgramEntrypoint):
2174         * llint/LLIntOffsetsExtractor.cpp:
2175         (JSC::LLIntOffsetsExtractor::dummy):
2176         * llint/LLIntSlowPaths.cpp:
2177         (LLInt):
2178         * runtime/JSGlobalData.cpp:
2179         (JSC):
2180
2181 2012-08-30  JungJik Lee  <jungjik.lee@samsung.com>
2182
2183         [EFL][WK2] Add WebMemorySampler feature.
2184         https://bugs.webkit.org/show_bug.cgi?id=91214
2185
2186         Reviewed by Kenneth Rohde Christiansen.
2187
2188         WebMemorySampler collects Javascript stack and JIT memory usage in globalMemoryStatistics.
2189
2190         * PlatformEfl.cmake:
2191
2192 2012-08-30  Benjamin Poulain  <bpoulain@apple.com>
2193
2194         Replace JSC::UString by WTF::String
2195         https://bugs.webkit.org/show_bug.cgi?id=95271
2196
2197         Reviewed by Geoffrey Garen.
2198
2199         Having JSC::UString and WTF::String increase the complexity of working on WebKit, and
2200         add useless conversions in the bindings. It also cause some code bloat.
2201
2202         The performance advantages of UString have been ported over in previous patches. This patch
2203         is the last step: getting rid of UString.
2204
2205         In addition to the simplified code, this also reduce the binary size by 15kb on x86_64.
2206
2207         * API/OpaqueJSString.cpp:
2208         (OpaqueJSString::ustring):
2209         * runtime/Identifier.h:
2210         (JSC::Identifier::ustring):
2211         To avoid changing everything at once, the function named ustring() were kept as is. They
2212         will be renamed in a follow up patch.
2213
2214         * runtime/JSString.h:
2215         (JSC::JSString::string):
2216         (JSC::JSValue::toWTFString):
2217         (JSC::inlineJSValueNotStringtoString):
2218         (JSC::JSValue::toWTFStringInline):
2219         Since JSValue::toString() already exist (and return the JSString), the direct accessor is renamed
2220         to ::toWTFString(). We may change ::string() to ::jsString() and ::toWTFString() to ::toString()
2221         in the future.
2222
2223         * runtime/StringPrototype.cpp:
2224         (JSC::substituteBackreferencesSlow): Replace the use of UString::getCharacters<>() by String::getCharactersWithUpconvert<>().
2225
2226 2012-08-24  Mark Hahnenberg  <mhahnenberg@apple.com>
2227
2228         Remove uses of ClassInfo in StrictEq and CompareEq in the DFG
2229         https://bugs.webkit.org/show_bug.cgi?id=93401
2230
2231         Reviewed by Filip Pizlo.
2232
2233         Another incremental step in removing the dependence on ClassInfo pointers in object headers.
2234
2235         * bytecode/SpeculatedType.h:
2236         (JSC::isCellOrOtherSpeculation):
2237         (JSC):
2238         * dfg/DFGAbstractState.cpp: Updated the CFA to reflect the changes to the backend.
2239         (JSC::DFG::AbstractState::execute):
2240         * dfg/DFGNode.h:
2241         (Node):
2242         (JSC::DFG::Node::shouldSpeculateString): Added this new function since it was conspicuously absent.
2243         (JSC::DFG::Node::shouldSpeculateNonStringCellOrOther): Also add this function for use in the CFA.
2244         * dfg/DFGSpeculativeJIT.cpp: Refactored how we handle CompareEq and CompareStrictEq in the DFG. We now just 
2245         check for Strings by comparing the object's Structure to the global Structure for strings. We only 
2246         check for MasqueradesAsUndefined if the watchpoint has fired. These changes allow us to remove our 
2247         uses of the ClassInfo pointer for compiling these nodes.
2248         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
2249         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2250         (JSC::DFG::SpeculativeJIT::compare):
2251         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2252         * dfg/DFGSpeculativeJIT.h:
2253         (SpeculativeJIT):
2254         * dfg/DFGSpeculativeJIT32_64.cpp: Same changes for 32 bit as for 64 bit.
2255         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2256         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2257         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2258         * dfg/DFGSpeculativeJIT64.cpp:
2259         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2260         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2261         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2262
2263 2012-08-30  Yong Li  <yoli@rim.com>
2264
2265         [BlackBerry] Implement IncrementalSweeper for PLATFORM(BLACKBERRY)
2266         https://bugs.webkit.org/show_bug.cgi?id=95469
2267
2268         Reviewed by Rob Buis.
2269
2270         RIM PR# 200595.
2271         Share most code with USE(CF) and implement timer-related methods
2272         for PLATFORM(BLACKBERRY).
2273
2274         * heap/IncrementalSweeper.cpp:
2275         (JSC):
2276         (JSC::IncrementalSweeper::IncrementalSweeper):
2277         (JSC::IncrementalSweeper::create):
2278         (JSC::IncrementalSweeper::scheduleTimer):
2279         (JSC::IncrementalSweeper::cancelTimer):
2280         (JSC::IncrementalSweeper::doSweep):
2281         * heap/IncrementalSweeper.h:
2282         (IncrementalSweeper):
2283
2284 2012-08-30  Mark Lam  <mark.lam@apple.com>
2285
2286         Fix broken classic intrpreter build.
2287         https://bugs.webkit.org/show_bug.cgi?id=95484.
2288
2289         Reviewed by Filip Pizlo.
2290
2291         * interpreter/Interpreter.cpp:
2292         (JSC::Interpreter::privateExecute):
2293
2294 2012-08-30  Byungwoo Lee  <bw80.lee@samsung.com>
2295
2296         Build warning : -Wsign-compare on DFGByteCodeParser.cpp.
2297         https://bugs.webkit.org/show_bug.cgi?id=95418
2298
2299         Reviewed by Filip Pizlo.
2300
2301         There is a build warning '-Wsign-compare' on
2302         findArgumentPositionForLocal() in DFGByteCodeParser.cpp.
2303
2304         For removing this warning, casting statement is added explicitly.
2305
2306         * dfg/DFGByteCodeParser.cpp:
2307         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
2308         (JSC::DFG::ByteCodeParser::findArgumentPosition):
2309
2310 2012-08-30  Yong Li  <yoli@rim.com>
2311
2312         [BlackBerry] Set timer client on platform timer used in HeapTimer
2313         https://bugs.webkit.org/show_bug.cgi?id=95464
2314
2315         Reviewed by Rob Buis.
2316
2317         Otherwise the timer won't work.
2318
2319         * heap/HeapTimer.cpp:
2320         (JSC::HeapTimer::HeapTimer):
2321
2322 2012-08-30  Julien BRIANCEAU   <jbrianceau@nds.com>
2323
2324         [sh4] Add missing implementation for JavaScriptCore JIT
2325         https://bugs.webkit.org/show_bug.cgi?id=95452
2326
2327         Reviewed by Oliver Hunt.
2328
2329         * assembler/MacroAssemblerSH4.h:
2330         (JSC::MacroAssemblerSH4::isCompactPtrAlignedAddressOffset):
2331         (MacroAssemblerSH4):
2332         (JSC::MacroAssemblerSH4::add32):
2333         (JSC::MacroAssemblerSH4::convertibleLoadPtr):
2334         * assembler/SH4Assembler.h:
2335         (JSC::SH4Assembler::labelIgnoringWatchpoints):
2336         (SH4Assembler):
2337         (JSC::SH4Assembler::replaceWithLoad):
2338         (JSC::SH4Assembler::replaceWithAddressComputation):
2339
2340 2012-08-30  Charles Wei  <charles.wei@torchmobile.com.cn>
2341
2342         [BlackBerry] Eliminate build warnings
2343         https://bugs.webkit.org/show_bug.cgi?id=95338
2344
2345         Reviewed by Filip Pizlo.
2346
2347         static_cast to the same type to eliminate the build time warnings.
2348
2349         * assembler/AssemblerBufferWithConstantPool.h:
2350         (JSC::AssemblerBufferWithConstantPool::flushWithoutBarrier):
2351         * assembler/MacroAssemblerARM.h:
2352         (JSC::MacroAssemblerARM::branch32):
2353
2354 2012-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
2355
2356         Remove use of ClassInfo from compileGetByValOnArguments and compileGetArgumentsLength
2357         https://bugs.webkit.org/show_bug.cgi?id=95131
2358
2359         Reviewed by Filip Pizlo.
2360
2361         * dfg/DFGSpeculativeJIT.cpp:
2362         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): We don't need this speculation check. We can replace it 
2363         with an assert to guarantee this.
2364
2365 2012-08-29  Mark Lam  <mark.lam@apple.com>
2366
2367         Refactoring LLInt::Data.
2368         https://bugs.webkit.org/show_bug.cgi?id=95316.
2369
2370         Reviewed by Geoff Garen.
2371
2372         This change allows its opcodeMap to be easily queried from any function
2373         without needing to go through a GlobalData object.  It also introduces
2374         the LLInt::getCodePtr() methods that will be used by the LLInt C loop
2375         later to redefine how llint symbols (opcodes and trampoline glue
2376         labels) get resolved.
2377
2378         * assembler/MacroAssemblerCodeRef.h:
2379         (MacroAssemblerCodePtr):
2380         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
2381         (MacroAssemblerCodeRef):
2382         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
2383         * bytecode/CodeBlock.cpp:
2384         (JSC::CodeBlock::adjustPCIfAtCallSite):
2385         (JSC::CodeBlock::bytecodeOffset):
2386         * bytecode/Opcode.h:
2387             Remove the 'const' to simplify things and avoid having to do
2388             additional casts and #ifdefs in many places.
2389         * bytecode/ResolveGlobalStatus.cpp:
2390         (JSC::computeForLLInt):
2391         * bytecompiler/BytecodeGenerator.cpp:
2392         (JSC::BytecodeGenerator::generate):
2393         * interpreter/Interpreter.cpp:
2394         (JSC::Interpreter::initialize):
2395         * interpreter/Interpreter.h:
2396         (Interpreter):
2397         * jit/JITExceptions.cpp:
2398         (JSC::genericThrow):
2399         * llint/LLIntData.cpp:
2400         (LLInt):
2401         (JSC::LLInt::initialize):
2402         * llint/LLIntData.h:
2403         (JSC):
2404         (LLInt):
2405         (Data):
2406         (JSC::LLInt::exceptionInstructions):
2407         (JSC::LLInt::opcodeMap):
2408         (JSC::LLInt::getOpcode):
2409         (JSC::LLInt::getCodePtr):
2410         (JSC::LLInt::Data::performAssertions):
2411         * llint/LLIntExceptions.cpp:
2412         (JSC::LLInt::returnToThrowForThrownException):
2413         (JSC::LLInt::returnToThrow):
2414         (JSC::LLInt::callToThrow):
2415         * llint/LLIntSlowPaths.cpp:
2416         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2417         (JSC::LLInt::handleHostCall):
2418         * runtime/InitializeThreading.cpp:
2419         (JSC::initializeThreadingOnce): Initialize the singleton LLInt data.
2420         * runtime/JSGlobalData.cpp:
2421         (JSC::JSGlobalData::JSGlobalData):
2422         * runtime/JSGlobalData.h:
2423         (JSGlobalData): Removed the now unneeded LLInt::Data instance in
2424             JSGlobalData.
2425         * runtime/JSValue.h:
2426         (JSValue):
2427
2428 2012-08-29  Gavin Barraclough  <barraclough@apple.com>
2429
2430         PutById uses DataLabel32, not DataLabelCompact
2431         https://bugs.webkit.org/show_bug.cgi?id=95245
2432
2433         Reviewed by Geoff Garen.
2434
2435         JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
2436         since they currently both do the same thing, but if we were to ever make compact mean
2437         8-bit this could be a real problem. Also, relying on the object still being in eax
2438         on entry to the transition stub isn't very robust - added nonArgGPR1 to at least make
2439         this explicit.
2440
2441         * jit/JITPropertyAccess.cpp:
2442         (JSC::JIT::emitSlow_op_put_by_id):
2443             - copy regT0 to nonArgGPR1
2444         (JSC::JIT::privateCompilePutByIdTransition):
2445             - DataLabelCompact -> DataLabel32
2446         (JSC::JIT::resetPatchPutById):
2447             - reload regT0 from nonArgGPR1
2448         * jit/JSInterfaceJIT.h:
2449         (JSInterfaceJIT):
2450             - added nonArgGPR1
2451
2452 2012-08-28  Yong Li  <yoli@rim.com>
2453
2454         ExecutableAllocator should be destructed after Heap
2455         https://bugs.webkit.org/show_bug.cgi?id=95244
2456
2457         Reviewed by Rob Buis.
2458
2459         RIM PR# 199364.
2460         Make ExecutableAllocator the first member in JSGlobalData.
2461         Existing Web Worker tests can show the issue.
2462
2463         * runtime/JSGlobalData.cpp:
2464         (JSC::JSGlobalData::JSGlobalData):
2465         * runtime/JSGlobalData.h:
2466         (JSGlobalData):
2467
2468 2012-08-29  Geoffrey Garen  <ggaren@apple.com>
2469
2470         Try to fix the Windows build.
2471
2472         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
2473
2474 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
2475
2476         Introduced JSWithScope, making all scope objects subclasses of JSScope
2477         https://bugs.webkit.org/show_bug.cgi?id=95295
2478
2479         Reviewed by Filip Pizlo.
2480
2481         This is a step toward removing ScopeChainNode. With a uniform representation
2482         for objects in the scope chain, we can move data from ScopeChainNode
2483         into JSScope.
2484
2485         * CMakeLists.txt:
2486         * GNUmakefile.list.am:
2487         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2488         * JavaScriptCore.xcodeproj/project.pbxproj:
2489         * Target.pri: Build!
2490
2491         * interpreter/Interpreter.cpp:
2492         (JSC::Interpreter::privateExecute):
2493         * jit/JITStubs.cpp:
2494         (JSC::DEFINE_STUB_FUNCTION):
2495         * llint/LLIntSlowPaths.cpp:
2496         (JSC::LLInt::LLINT_SLOW_PATH_DECL): Use an explicit JSWithScope object
2497         for 'with' statements. Since 'with' can put any object in the scope
2498         chain, we'll need an adapter object to hold the data ScopeChainNode
2499         currently holds.
2500
2501         (JSGlobalData): Support for JSWithScope.
2502
2503         * runtime/JSScope.cpp:
2504         (JSC::JSScope::objectAtScope):
2505         * runtime/JSScope.h: Check for and unwrap JSWithScope.
2506
2507         * runtime/JSType.h: Support for JSWithScope.
2508
2509         * runtime/StrictEvalActivation.cpp:
2510         (JSC::StrictEvalActivation::StrictEvalActivation):
2511         * runtime/StrictEvalActivation.h:
2512         (StrictEvalActivation): Inherit from JSScope, to make the scope chain uniform.
2513
2514         * runtime/JSWithScope.cpp: Added.
2515         (JSC::JSWithScope::visitChildren):
2516         * runtime/JSWithScope.h: Added.
2517         (JSWithScope):
2518         (JSC::JSWithScope::create):
2519         (JSC::JSWithScope::object):
2520         (JSC::JSWithScope::createStructure):
2521         (JSC::JSWithScope::JSWithScope): New adapter object. Since this object
2522         is never exposed to scripts, it doesn't need any meaningful implementation
2523         of property access or other callbacks.
2524
2525 2012-08-29  Patrick Gansterer  <paroga@webkit.org>
2526
2527         Unreviewed. Build fix for !ENABLE(JIT) after r126962.
2528
2529         * interpreter/Interpreter.cpp:
2530         (JSC::Interpreter::privateExecute):
2531
2532 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
2533
2534         Added JSScope::objectInScope(), and refactored callers to use it
2535         https://bugs.webkit.org/show_bug.cgi?id=95281
2536
2537         Reviewed by Gavin Barraclough.
2538
2539         This is a step toward removing ScopeChainNode. We need a layer of
2540         indirection so that 'with' scopes can proxy for an object.
2541         JSScope::objectInScope() will be that layer.
2542
2543         * bytecode/EvalCodeCache.h:
2544         (JSC::EvalCodeCache::tryGet):
2545         (JSC::EvalCodeCache::getSlow):
2546         * bytecompiler/BytecodeGenerator.cpp:
2547         (JSC::BytecodeGenerator::resolve):
2548         (JSC::BytecodeGenerator::resolveConstDecl): . vs ->
2549
2550         * interpreter/Interpreter.cpp:
2551         (JSC::Interpreter::unwindCallFrame):
2552         (JSC::Interpreter::execute):
2553         * runtime/JSScope.cpp:
2554         (JSC::JSScope::resolve):
2555         (JSC::JSScope::resolveSkip):
2556         (JSC::JSScope::resolveGlobalDynamic):
2557         (JSC::JSScope::resolveBase):
2558         (JSC::JSScope::resolveWithBase):
2559         (JSC::JSScope::resolveWithThis): Added JSScope::objectAtScope() calls.
2560
2561         * runtime/JSScope.h:
2562         (JSScope):
2563         (JSC::JSScope::objectAtScope):
2564         (JSC):
2565         (ScopeChainIterator):
2566         (JSC::ScopeChainIterator::ScopeChainIterator):
2567         (JSC::ScopeChainIterator::get):
2568         (JSC::ScopeChainIterator::operator->):
2569         (JSC::ScopeChainIterator::operator++):
2570         (JSC::ScopeChainIterator::operator==):
2571         (JSC::ScopeChainIterator::operator!=):
2572         (JSC::ScopeChainNode::begin):
2573         (JSC::ScopeChainNode::end): I moved ScopeChainIterator to this file
2574         to resolve a circular #include problem. Eventually, I'll probably rename
2575         it to JSScope::iterator, so I think it belongs here.
2576
2577         * runtime/ScopeChain.cpp:
2578         (JSC::ScopeChainNode::print):
2579         (JSC::ScopeChainNode::localDepth): . vs ->
2580
2581         * runtime/ScopeChain.h:
2582         (ScopeChainNode): I made the 'object' data member private because it's
2583         no longer safe to access -- you need to call JSScope::objectAtScope()
2584         instead.
2585
2586         The JITs need to be friends because of the private declaration.
2587
2588         Subtly, JIT/LLInt code is correct without any changes because JIT/LLInt
2589         code never compiles direct access to a with scope.
2590
2591 2012-08-28  Mark Lam  <mark.lam@apple.com>
2592
2593         Adding support for adding LLInt opcode extensions.  This will be needed
2594         by the LLInt C loop interpreter later.
2595         https://bugs.webkit.org/show_bug.cgi?id=95277.
2596
2597         Reviewed by Geoffrey Garen.
2598
2599         * JavaScriptCore.xcodeproj/project.pbxproj:
2600         * bytecode/Opcode.h:
2601         * llint/LLIntOpcode.h: Added.
2602         * llint/LowLevelInterpreter.h:
2603
2604 2012-08-28  Gavin Barraclough  <barraclough@apple.com>
2605
2606         Rolled out r126928, this broke stuff :'-(
2607
2608         * jit/JITPropertyAccess.cpp:
2609         (JSC::JIT::privateCompilePutByIdTransition):
2610         (JSC::JIT::resetPatchPutById):
2611
2612 2012-08-28  Gavin Barraclough  <barraclough@apple.com>
2613
2614         PutById uses DataLabel32, not DataLabelCompact
2615         https://bugs.webkit.org/show_bug.cgi?id=95245
2616
2617         Reviewed by Geoff Garen.
2618
2619         JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
2620         since they currently both do the same thing, but if we were to ever make compact mean
2621         8-bit this could be a real problem. Also, don't rely on the object still being in eax
2622         on entry to the transition stub – this isn't very robust.
2623
2624         * jit/JITPropertyAccess.cpp:
2625         (JSC::JIT::privateCompilePutByIdTransition):
2626             - DataLabelCompact -> DataLabel32
2627         (JSC::JIT::resetPatchPutById):
2628             - reload regT0 from the stack
2629
2630 2012-08-28  Sheriff Bot  <webkit.review.bot@gmail.com>
2631
2632         Unreviewed, rolling out r126914.
2633         http://trac.webkit.org/changeset/126914
2634         https://bugs.webkit.org/show_bug.cgi?id=95239
2635
2636         it breaks everything and fixes nothing (Requested by pizlo on
2637         #webkit).
2638
2639         * API/JSCallbackObject.h:
2640         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2641         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2642         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
2643         * API/JSCallbackObjectFunctions.h:
2644         (JSC::::getOwnPropertyNames):
2645         * API/JSClassRef.cpp:
2646         (OpaqueJSClass::~OpaqueJSClass):
2647         (OpaqueJSClassContextData::OpaqueJSClassContextData):
2648         (OpaqueJSClass::contextData):
2649         * bytecode/CodeBlock.cpp:
2650         (JSC::CodeBlock::dump):
2651         (JSC::EvalCodeCache::visitAggregate):
2652         (JSC::CodeBlock::nameForRegister):
2653         * bytecode/JumpTable.h:
2654         (JSC::StringJumpTable::offsetForValue):
2655         (JSC::StringJumpTable::ctiForValue):
2656         * bytecode/LazyOperandValueProfile.cpp:
2657         (JSC::LazyOperandValueProfileParser::getIfPresent):
2658         * bytecode/SamplingTool.cpp:
2659         (JSC::SamplingTool::dump):
2660         * bytecompiler/BytecodeGenerator.cpp:
2661         (JSC::BytecodeGenerator::addVar):
2662         (JSC::BytecodeGenerator::addGlobalVar):
2663         (JSC::BytecodeGenerator::addConstant):
2664         (JSC::BytecodeGenerator::addConstantValue):
2665         (JSC::BytecodeGenerator::emitLoad):
2666         (JSC::BytecodeGenerator::addStringConstant):
2667         (JSC::BytecodeGenerator::emitLazyNewFunction):
2668         * bytecompiler/NodesCodegen.cpp:
2669         (JSC::PropertyListNode::emitBytecode):
2670         * debugger/Debugger.cpp:
2671         * dfg/DFGArgumentsSimplificationPhase.cpp:
2672         (JSC::DFG::ArgumentsSimplificationPhase::run):
2673         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2674         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2675         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2676         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2677         * dfg/DFGAssemblyHelpers.cpp:
2678         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2679         * dfg/DFGByteCodeCache.h:
2680         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
2681         (JSC::DFG::ByteCodeCache::get):
2682         * dfg/DFGByteCodeParser.cpp:
2683         (JSC::DFG::ByteCodeParser::cellConstant):
2684         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2685         * dfg/DFGStructureCheckHoistingPhase.cpp:
2686         (JSC::DFG::StructureCheckHoistingPhase::run):
2687         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
2688         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
2689         * heap/Heap.cpp:
2690         (JSC::Heap::markProtectedObjects):
2691         * heap/Heap.h:
2692         (JSC::Heap::forEachProtectedCell):
2693         * heap/JITStubRoutineSet.cpp:
2694         (JSC::JITStubRoutineSet::markSlow):
2695         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
2696         * heap/MarkStack.cpp:
2697         (JSC::MarkStack::internalAppend):
2698         * heap/Weak.h:
2699         (JSC::weakRemove):
2700         * jit/JIT.cpp:
2701         (JSC::JIT::privateCompile):
2702         * jit/JITStubs.cpp:
2703         (JSC::JITThunks::ctiStub):
2704         * parser/Parser.cpp:
2705         (JSC::::parseStrictObjectLiteral):
2706         * profiler/Profile.cpp:
2707         (JSC::functionNameCountPairComparator):
2708         (JSC::Profile::debugPrintDataSampleStyle):
2709         * runtime/Identifier.cpp:
2710         (JSC::Identifier::add):
2711         * runtime/JSActivation.cpp:
2712         (JSC::JSActivation::getOwnPropertyNames):
2713         (JSC::JSActivation::symbolTablePutWithAttributes):
2714         * runtime/JSArray.cpp:
2715         (JSC::SparseArrayValueMap::put):
2716         (JSC::SparseArrayValueMap::putDirect):
2717         (JSC::SparseArrayValueMap::visitChildren):
2718         (JSC::JSArray::enterDictionaryMode):
2719         (JSC::JSArray::defineOwnNumericProperty):
2720         (JSC::JSArray::getOwnPropertySlotByIndex):
2721         (JSC::JSArray::getOwnPropertyDescriptor):
2722         (JSC::JSArray::putByIndexBeyondVectorLength):
2723         (JSC::JSArray::putDirectIndexBeyondVectorLength):
2724         (JSC::JSArray::deletePropertyByIndex):
2725         (JSC::JSArray::getOwnPropertyNames):
2726         (JSC::JSArray::setLength):
2727         (JSC::JSArray::sort):
2728         (JSC::JSArray::compactForSorting):
2729         (JSC::JSArray::checkConsistency):
2730         * runtime/JSSymbolTableObject.cpp:
2731         (JSC::JSSymbolTableObject::getOwnPropertyNames):
2732         * runtime/JSSymbolTableObject.h:
2733         (JSC::symbolTableGet):
2734         (JSC::symbolTablePut):
2735         (JSC::symbolTablePutWithAttributes):
2736         * runtime/RegExpCache.cpp:
2737         (JSC::RegExpCache::invalidateCode):
2738         * runtime/WeakGCMap.h:
2739         (JSC::WeakGCMap::clear):
2740         (JSC::WeakGCMap::set):
2741         * tools/ProfileTreeNode.h:
2742         (JSC::ProfileTreeNode::sampleChild):
2743         (JSC::ProfileTreeNode::childCount):
2744         (JSC::ProfileTreeNode::dumpInternal):
2745         (JSC::ProfileTreeNode::compareEntries):
2746
2747 2012-08-28  Filip Pizlo  <fpizlo@apple.com>
2748
2749         LLInt should not rely on ordering of global labels
2750         https://bugs.webkit.org/show_bug.cgi?id=95221
2751
2752         Reviewed by Oliver Hunt.
2753
2754         * llint/LowLevelInterpreter.asm:
2755         * llint/LowLevelInterpreter32_64.asm:
2756         * llint/LowLevelInterpreter64.asm:
2757
2758 2012-08-28  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
2759
2760         Rename first/second to key/value in HashMap iterators
2761         https://bugs.webkit.org/show_bug.cgi?id=82784
2762
2763         Reviewed by Eric Seidel.
2764
2765         * API/JSCallbackObject.h:
2766         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2767         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2768         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
2769         * API/JSCallbackObjectFunctions.h:
2770         (JSC::::getOwnPropertyNames):
2771         * API/JSClassRef.cpp:
2772         (OpaqueJSClass::~OpaqueJSClass):
2773         (OpaqueJSClassContextData::OpaqueJSClassContextData):
2774         (OpaqueJSClass::contextData):
2775         * bytecode/CodeBlock.cpp:
2776         (JSC::CodeBlock::dump):
2777         (JSC::EvalCodeCache::visitAggregate):
2778         (JSC::CodeBlock::nameForRegister):
2779         * bytecode/JumpTable.h:
2780         (JSC::StringJumpTable::offsetForValue):
2781         (JSC::StringJumpTable::ctiForValue):
2782         * bytecode/LazyOperandValueProfile.cpp:
2783         (JSC::LazyOperandValueProfileParser::getIfPresent):
2784         * bytecode/SamplingTool.cpp:
2785         (JSC::SamplingTool::dump):
2786         * bytecompiler/BytecodeGenerator.cpp:
2787         (JSC::BytecodeGenerator::addVar):
2788         (JSC::BytecodeGenerator::addGlobalVar):
2789         (JSC::BytecodeGenerator::addConstant):
2790         (JSC::BytecodeGenerator::addConstantValue):
2791         (JSC::BytecodeGenerator::emitLoad):
2792         (JSC::BytecodeGenerator::addStringConstant):
2793         (JSC::BytecodeGenerator::emitLazyNewFunction):
2794         * bytecompiler/NodesCodegen.cpp:
2795         (JSC::PropertyListNode::emitBytecode):
2796         * debugger/Debugger.cpp:
2797         * dfg/DFGArgumentsSimplificationPhase.cpp:
2798         (JSC::DFG::ArgumentsSimplificationPhase::run):
2799         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2800         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2801         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2802         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2803         * dfg/DFGAssemblyHelpers.cpp:
2804         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2805         * dfg/DFGByteCodeCache.h:
2806         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
2807         (JSC::DFG::ByteCodeCache::get):
2808         * dfg/DFGByteCodeParser.cpp:
2809         (JSC::DFG::ByteCodeParser::cellConstant):
2810         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2811         * dfg/DFGStructureCheckHoistingPhase.cpp:
2812         (JSC::DFG::StructureCheckHoistingPhase::run):
2813         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
2814         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
2815         * heap/Heap.cpp:
2816         (JSC::Heap::markProtectedObjects):
2817         * heap/Heap.h:
2818         (JSC::Heap::forEachProtectedCell):
2819         * heap/JITStubRoutineSet.cpp:
2820         (JSC::JITStubRoutineSet::markSlow):
2821         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
2822         * heap/MarkStack.cpp:
2823         (JSC::MarkStack::internalAppend):
2824         * heap/Weak.h:
2825         (JSC::weakRemove):
2826         * jit/JIT.cpp:
2827         (JSC::JIT::privateCompile):
2828         * jit/JITStubs.cpp:
2829         (JSC::JITThunks::ctiStub):
2830         * parser/Parser.cpp:
2831         (JSC::::parseStrictObjectLiteral):
2832         * profiler/Profile.cpp:
2833         (JSC::functionNameCountPairComparator):
2834         (JSC::Profile::debugPrintDataSampleStyle):
2835         * runtime/Identifier.cpp:
2836         (JSC::Identifier::add):
2837         * runtime/JSActivation.cpp:
2838         (JSC::JSActivation::getOwnPropertyNames):
2839         (JSC::JSActivation::symbolTablePutWithAttributes):
2840         * runtime/JSArray.cpp:
2841         (JSC::SparseArrayValueMap::put):
2842         (JSC::SparseArrayValueMap::putDirect):
2843         (JSC::SparseArrayValueMap::visitChildren):
2844         (JSC::JSArray::enterDictionaryMode):
2845         (JSC::JSArray::defineOwnNumericProperty):
2846         (JSC::JSArray::getOwnPropertySlotByIndex):
2847         (JSC::JSArray::getOwnPropertyDescriptor):
2848         (JSC::JSArray::putByIndexBeyondVectorLength):
2849         (JSC::JSArray::putDirectIndexBeyondVectorLength):
2850         (JSC::JSArray::deletePropertyByIndex):
2851         (JSC::JSArray::getOwnPropertyNames):
2852         (JSC::JSArray::setLength):
2853         (JSC::JSArray::sort):
2854         (JSC::JSArray::compactForSorting):
2855         (JSC::JSArray::checkConsistency):
2856         * runtime/JSSymbolTableObject.cpp:
2857         (JSC::JSSymbolTableObject::getOwnPropertyNames):
2858         * runtime/JSSymbolTableObject.h:
2859         (JSC::symbolTableGet):
2860         (JSC::symbolTablePut):
2861         (JSC::symbolTablePutWithAttributes):
2862         * runtime/RegExpCache.cpp:
2863         (JSC::RegExpCache::invalidateCode):
2864         * runtime/WeakGCMap.h:
2865         (JSC::WeakGCMap::clear):
2866         (JSC::WeakGCMap::set):
2867         * tools/ProfileTreeNode.h:
2868         (JSC::ProfileTreeNode::sampleChild):
2869         (JSC::ProfileTreeNode::childCount):
2870         (JSC::ProfileTreeNode::dumpInternal):
2871         (JSC::ProfileTreeNode::compareEntries):
2872
2873 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
2874
2875         GCC warning in JSActivation is causing Mac EWS errors
2876         https://bugs.webkit.org/show_bug.cgi?id=95103
2877
2878         Reviewed by Sam Weinig.
2879
2880         Try to fix a strict aliasing violation by using bitwise_cast. The
2881         union in the cast should signal to the compiler that aliasing between
2882         types is happening.
2883
2884         * runtime/JSActivation.cpp:
2885         (JSC::JSActivation::visitChildren):
2886
2887 2012-08-28  Geoffrey Garen  <ggaren@apple.com>
2888
2889         Build fix: svn add two files I forgot in my last patch.
2890
2891 2012-08-27  Geoffrey Garen  <ggaren@apple.com>
2892
2893         Refactored and consolidated variable resolution functions
2894         https://bugs.webkit.org/show_bug.cgi?id=95166
2895
2896         Reviewed by Filip Pizlo.
2897
2898         This patch does a few things:
2899
2900         (1) Introduces a new class, JSScope, which is the base class for all
2901         objects that represent a scope in the scope chain.
2902
2903         (2) Refactors and consolidates duplicate implementations of variable
2904         resolution into the JSScope class.
2905
2906         (3) Renames JSStaticScopeObject to JSNameScope because, as distinct from
2907         something like a 'let' scope, JSStaticScopeObject only has storage for a
2908         single name.
2909
2910         These changes makes logical sense to me as-is. I will also use them in an
2911         upcoming optimization.
2912
2913         * CMakeLists.txt:
2914         * GNUmakefile.list.am:
2915         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2916         * JavaScriptCore.xcodeproj/project.pbxproj:
2917         * Target.pri: Build!
2918
2919         * bytecode/CodeBlock.cpp:
2920         (JSC): Build fix for LLInt-only builds.
2921
2922         * bytecode/GlobalResolveInfo.h:
2923         (GlobalResolveInfo): Use PropertyOffset to be consistent with other parts
2924         of the engine.
2925
2926         * bytecompiler/NodesCodegen.cpp:
2927         * dfg/DFGOperations.cpp: Use the shared code in JSScope instead of rolling
2928         our own.
2929
2930         * interpreter/Interpreter.cpp:
2931         (JSC::Interpreter::execute):
2932         (JSC::Interpreter::createExceptionScope):
2933         (JSC::Interpreter::privateExecute):
2934         * interpreter/Interpreter.h: Use the shared code in JSScope instead of rolling
2935         our own.
2936
2937         * jit/JITStubs.cpp:
2938         (JSC::DEFINE_STUB_FUNCTION): Use the shared code in JSScope instead of rolling
2939         our own.
2940
2941         * llint/LLIntSlowPaths.cpp:
2942         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2943         (LLInt): Use the shared code in JSScope instead of rolling our own. Note
2944         that one of these slow paths calls the wrong helper function. I left it
2945         that way to avoid a behavior change in a refactoring patch.
2946
2947         * parser/Nodes.cpp: Updated for rename.
2948
2949         * runtime/CommonSlowPaths.h:
2950         (CommonSlowPaths): Removed resolve slow paths because were duplicative.
2951
2952         * runtime/JSGlobalData.cpp:
2953         (JSC::JSGlobalData::JSGlobalData):
2954         * runtime/JSGlobalData.h:
2955         (JSGlobalData): Updated for renames.
2956
2957         * runtime/JSNameScope.cpp: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.cpp.
2958         (JSC):
2959         (JSC::JSNameScope::visitChildren):
2960         (JSC::JSNameScope::toThisObject):
2961         (JSC::JSNameScope::put):
2962         (JSC::JSNameScope::getOwnPropertySlot):
2963         * runtime/JSNameScope.h: Copied from Source/JavaScriptCore/runtime/JSStaticScopeObject.h.
2964         (JSC):
2965         (JSC::JSNameScope::create):
2966         (JSC::JSNameScope::createStructure):
2967         (JSNameScope):
2968         (JSC::JSNameScope::JSNameScope):
2969         (JSC::JSNameScope::isDynamicScope): Used do-webcore-rename script here.
2970         It is fabulous!
2971
2972         * runtime/JSObject.h:
2973         (JSObject):
2974         (JSC::JSObject::isNameScopeObject): More rename.
2975
2976         * runtime/JSScope.cpp: Added.
2977         (JSC):
2978         (JSC::JSScope::isDynamicScope):
2979         (JSC::JSScope::resolve):
2980         (JSC::JSScope::resolveSkip):
2981         (JSC::JSScope::resolveGlobal):
2982         (JSC::JSScope::resolveGlobalDynamic):
2983         (JSC::JSScope::resolveBase):
2984         (JSC::JSScope::resolveWithBase):
2985         (JSC::JSScope::resolveWithThis):
2986         * runtime/JSScope.h: Added.
2987         (JSC):
2988         (JSScope):
2989         (JSC::JSScope::JSScope): All the code here is a port from the
2990         Interpreter.cpp implementations of this functionality.
2991
2992         * runtime/JSStaticScopeObject.cpp: Removed.
2993         * runtime/JSStaticScopeObject.h: Removed.
2994
2995         * runtime/JSSymbolTableObject.cpp:
2996         (JSC):
2997         * runtime/JSSymbolTableObject.h:
2998         (JSSymbolTableObject):
2999         * runtime/JSType.h: Updated for rename.
3000
3001         * runtime/Operations.h:
3002         (JSC::resolveBase): Removed because it was duplicative.
3003
3004 2012-08-28  Alban Browaeys <prahal@yahoo.com>
3005
3006         [GTK] LLint build fails with -g -02
3007         https://bugs.webkit.org/show_bug.cgi?id=90098
3008
3009         Reviewed by Filip Pizlo.
3010
3011         Avoid duplicate offsets for llint, discarding them.
3012
3013         * offlineasm/offsets.rb:
3014
3015 2012-08-27  Sheriff Bot  <webkit.review.bot@gmail.com>
3016
3017         Unreviewed, rolling out r126836.
3018         http://trac.webkit.org/changeset/126836
3019         https://bugs.webkit.org/show_bug.cgi?id=95163
3020
3021         Broke all Apple ports, EFL, and Qt. (Requested by tkent on
3022         #webkit).
3023
3024         * API/JSCallbackObject.h:
3025         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
3026         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
3027         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
3028         * API/JSCallbackObjectFunctions.h:
3029         (JSC::::getOwnPropertyNames):
3030         * API/JSClassRef.cpp:
3031         (OpaqueJSClass::~OpaqueJSClass):
3032         (OpaqueJSClassContextData::OpaqueJSClassContextData):
3033         (OpaqueJSClass::contextData):
3034         * bytecode/CodeBlock.cpp:
3035         (JSC::CodeBlock::dump):
3036         (JSC::EvalCodeCache::visitAggregate):
3037         (JSC::CodeBlock::nameForRegister):
3038         * bytecode/JumpTable.h:
3039         (JSC::StringJumpTable::offsetForValue):
3040         (JSC::StringJumpTable::ctiForValue):
3041         * bytecode/LazyOperandValueProfile.cpp:
3042         (JSC::LazyOperandValueProfileParser::getIfPresent):
3043         * bytecode/SamplingTool.cpp:
3044         (JSC::SamplingTool::dump):
3045         * bytecompiler/BytecodeGenerator.cpp:
3046         (JSC::BytecodeGenerator::addVar):
3047         (JSC::BytecodeGenerator::addGlobalVar):
3048         (JSC::BytecodeGenerator::addConstant):
3049         (JSC::BytecodeGenerator::addConstantValue):
3050         (JSC::BytecodeGenerator::emitLoad):
3051         (JSC::BytecodeGenerator::addStringConstant):
3052         (JSC::BytecodeGenerator::emitLazyNewFunction):
3053         * bytecompiler/NodesCodegen.cpp:
3054         (JSC::PropertyListNode::emitBytecode):
3055         * debugger/Debugger.cpp:
3056         * dfg/DFGArgumentsSimplificationPhase.cpp:
3057         (JSC::DFG::ArgumentsSimplificationPhase::run):
3058         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
3059         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
3060         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
3061         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
3062         * dfg/DFGAssemblyHelpers.cpp:
3063         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
3064         * dfg/DFGByteCodeCache.h:
3065         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
3066         (JSC::DFG::ByteCodeCache::get):
3067         * dfg/DFGByteCodeParser.cpp:
3068         (JSC::DFG::ByteCodeParser::cellConstant):
3069         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3070         * dfg/DFGStructureCheckHoistingPhase.cpp:
3071         (JSC::DFG::StructureCheckHoistingPhase::run):
3072         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
3073         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
3074         * heap/Heap.cpp:
3075         (JSC::Heap::markProtectedObjects):
3076         * heap/Heap.h:
3077         (JSC::Heap::forEachProtectedCell):
3078         * heap/JITStubRoutineSet.cpp:
3079         (JSC::JITStubRoutineSet::markSlow):
3080         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
3081         * heap/MarkStack.cpp:
3082         (JSC::MarkStack::internalAppend):
3083         * heap/Weak.h:
3084         (JSC::weakRemove):
3085         * jit/JIT.cpp:
3086         (JSC::JIT::privateCompile):
3087         * jit/JITStubs.cpp:
3088         (JSC::JITThunks::ctiStub):
3089         * parser/Parser.cpp:
3090         (JSC::::parseStrictObjectLiteral):
3091         * profiler/Profile.cpp:
3092         (JSC::functionNameCountPairComparator):
3093         (JSC::Profile::debugPrintDataSampleStyle):
3094         * runtime/Identifier.cpp:
3095         (JSC::Identifier::add):
3096         * runtime/JSActivation.cpp:
3097         (JSC::JSActivation::getOwnPropertyNames):
3098         (JSC::JSActivation::symbolTablePutWithAttributes):
3099         * runtime/JSArray.cpp:
3100         (JSC::SparseArrayValueMap::put):
3101         (JSC::SparseArrayValueMap::putDirect):
3102         (JSC::SparseArrayValueMap::visitChildren):
3103         (JSC::JSArray::enterDictionaryMode):
3104         (JSC::JSArray::defineOwnNumericProperty):
3105         (JSC::JSArray::getOwnPropertySlotByIndex):
3106         (JSC::JSArray::getOwnPropertyDescriptor):
3107         (JSC::JSArray::putByIndexBeyondVectorLength):
3108         (JSC::JSArray::putDirectIndexBeyondVectorLength):
3109         (JSC::JSArray::deletePropertyByIndex):
3110         (JSC::JSArray::getOwnPropertyNames):
3111         (JSC::JSArray::setLength):
3112         (JSC::JSArray::sort):
3113         (JSC::JSArray::compactForSorting):
3114         (JSC::JSArray::checkConsistency):
3115         * runtime/JSSymbolTableObject.cpp:
3116         (JSC::JSSymbolTableObject::getOwnPropertyNames):
3117         * runtime/JSSymbolTableObject.h:
3118         (JSC::symbolTableGet):
3119         (JSC::symbolTablePut):
3120         (JSC::symbolTablePutWithAttributes):
3121         * runtime/RegExpCache.cpp:
3122         (JSC::RegExpCache::invalidateCode):
3123         * runtime/WeakGCMap.h:
3124         (JSC::WeakGCMap::clear):
3125         (JSC::WeakGCMap::set):
3126         * tools/ProfileTreeNode.h:
3127         (JSC::ProfileTreeNode::sampleChild):
3128         (JSC::ProfileTreeNode::childCount):
3129         (JSC::ProfileTreeNode::dumpInternal):
3130         (JSC::ProfileTreeNode::compareEntries):
3131
3132 2012-08-27  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
3133
3134         Rename first/second to key/value in HashMap iterators
3135         https://bugs.webkit.org/show_bug.cgi?id=82784
3136
3137         Reviewed by Eric Seidel.
3138
3139         * API/JSCallbackObject.h:
3140         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
3141         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
3142         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::visitChildren):
3143         * API/JSCallbackObjectFunctions.h:
3144         (JSC::::getOwnPropertyNames):
3145         * API/JSClassRef.cpp:
3146         (OpaqueJSClass::~OpaqueJSClass):
3147         (OpaqueJSClassContextData::OpaqueJSClassContextData):
3148         (OpaqueJSClass::contextData):
3149         * bytecode/CodeBlock.cpp:
3150         (JSC::CodeBlock::dump):
3151         (JSC::EvalCodeCache::visitAggregate):
3152         (JSC::CodeBlock::nameForRegister):
3153         * bytecode/JumpTable.h:
3154         (JSC::StringJumpTable::offsetForValue):
3155         (JSC::StringJumpTable::ctiForValue):
3156         * bytecode/LazyOperandValueProfile.cpp:
3157         (JSC::LazyOperandValueProfileParser::getIfPresent):
3158         * bytecode/SamplingTool.cpp:
3159         (JSC::SamplingTool::dump):
3160         * bytecompiler/BytecodeGenerator.cpp:
3161         (JSC::BytecodeGenerator::addVar):
3162         (JSC::BytecodeGenerator::addGlobalVar):
3163         (JSC::BytecodeGenerator::addConstant):
3164         (JSC::BytecodeGenerator::addConstantValue):
3165         (JSC::BytecodeGenerator::emitLoad):
3166         (JSC::BytecodeGenerator::addStringConstant):
3167         (JSC::BytecodeGenerator::emitLazyNewFunction):
3168         * bytecompiler/NodesCodegen.cpp:
3169         (JSC::PropertyListNode::emitBytecode):
3170         * debugger/Debugger.cpp:
3171         * dfg/DFGArgumentsSimplificationPhase.cpp:
3172         (JSC::DFG::ArgumentsSimplificationPhase::run):
3173         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
3174         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
3175         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
3176         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
3177         * dfg/DFGAssemblyHelpers.cpp:
3178         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
3179         * dfg/DFGByteCodeCache.h:
3180         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
3181         (JSC::DFG::ByteCodeCache::get):
3182         * dfg/DFGByteCodeParser.cpp:
3183         (JSC::DFG::ByteCodeParser::cellConstant):
3184         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3185         * dfg/DFGStructureCheckHoistingPhase.cpp:
3186         (JSC::DFG::StructureCheckHoistingPhase::run):
3187         (JSC::DFG::StructureCheckHoistingPhase::noticeStructureCheck):
3188         (JSC::DFG::StructureCheckHoistingPhase::noticeClobber):
3189         * heap/Heap.cpp:
3190         (JSC::Heap::markProtectedObjects):
3191         * heap/Heap.h:
3192         (JSC::Heap::forEachProtectedCell):
3193         * heap/JITStubRoutineSet.cpp:
3194         (JSC::JITStubRoutineSet::markSlow):
3195         (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
3196         * heap/MarkStack.cpp:
3197         (JSC::MarkStack::internalAppend):
3198         * heap/Weak.h:
3199         (JSC::weakRemove):
3200         * jit/JIT.cpp:
3201         (JSC::JIT::privateCompile):
3202         * jit/JITStubs.cpp:
3203         (JSC::JITThunks::ctiStub):
3204         * parser/Parser.cpp:
3205         (JSC::::parseStrictObjectLiteral):
3206         * profiler/Profile.cpp:
3207         (JSC::functionNameCountPairComparator):
3208         (JSC::Profile::debugPrintDataSampleStyle):
3209         * runtime/Identifier.cpp:
3210         (JSC::Identifier::add):
3211         * runtime/JSActivation.cpp:
3212         (JSC::JSActivation::getOwnPropertyNames):
3213         (JSC::JSActivation::symbolTablePutWithAttributes):
3214         * runtime/JSArray.cpp:
3215         (JSC::SparseArrayValueMap::put):
3216         (JSC::SparseArrayValueMap::putDirect):
3217         (JSC::SparseArrayValueMap::visitChildren):
3218         (JSC::JSArray::enterDictionaryMode):
3219         (JSC::JSArray::defineOwnNumericProperty):
3220         (JSC::JSArray::getOwnPropertySlotByIndex):
3221         (JSC::JSArray::getOwnPropertyDescriptor):
3222         (JSC::JSArray::putByIndexBeyondVectorLength):
3223         (JSC::JSArray::putDirectIndexBeyondVectorLength):
3224         (JSC::JSArray::deletePropertyByIndex):
3225         (JSC::JSArray::getOwnPropertyNames):
3226         (JSC::JSArray::setLength):
3227         (JSC::JSArray::sort):
3228         (JSC::JSArray::compactForSorting):
3229         (JSC::JSArray::checkConsistency):
3230         * runtime/JSSymbolTableObject.cpp:
3231         (JSC::JSSymbolTableObject::getOwnPropertyNames):
3232         * runtime/JSSymbolTableObject.h:
3233         (JSC::symbolTableGet):
3234         (JSC::symbolTablePut):
3235         (JSC::symbolTablePutWithAttributes):
3236         * runtime/RegExpCache.cpp:
3237         (JSC::RegExpCache::invalidateCode):
3238         * runtime/WeakGCMap.h:
3239         (JSC::WeakGCMap::clear):
3240         (JSC::WeakGCMap::set):
3241         * tools/ProfileTreeNode.h:
3242         (JSC::ProfileTreeNode::sampleChild):
3243         (JSC::ProfileTreeNode::childCount):
3244         (JSC::ProfileTreeNode::dumpInternal):
3245         (JSC::ProfileTreeNode::compareEntries):
3246
3247 2012-08-27  Filip Pizlo  <fpizlo@apple.com>
3248
3249         Structure check hoisting should abstain if the OSR entry's must-handle value for the respective variable has a different structure
3250         https://bugs.webkit.org/show_bug.cgi?id=95141
3251         <rdar://problem/12170401>
3252
3253         Reviewed by Mark Hahnenberg.
3254
3255         * dfg/DFGStructureCheckHoistingPhase.cpp:
3256         (JSC::DFG::StructureCheckHoistingPhase::run):
3257
3258 2012-08-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3259
3260         Remove use of ClassInfo from SpeculativeJIT::compileGetByValOnArguments
3261         https://bugs.webkit.org/show_bug.cgi?id=95131
3262
3263         Reviewed by Filip Pizlo.
3264
3265         * dfg/DFGSpeculativeJIT.cpp:
3266         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): We don't need this speculation check. We can replace it 
3267         with an assert to guarantee this.
3268
3269 2012-08-27  Oliver Hunt  <oliver@apple.com>
3270
3271         Remove opcode definition autogen for now
3272         https://bugs.webkit.org/show_bug.cgi?id=95148
3273
3274         Reviewed by Mark Hahnenberg.
3275
3276         This isn't worth doing at the moment.
3277
3278         * DerivedSources.make:
3279         * JavaScriptCore.xcodeproj/project.pbxproj:
3280         * bytecode/Opcode.h:
3281         (JSC):
3282         (JSC::padOpcodeName):
3283         * bytecode/OpcodeDefinitions.h: Removed.
3284         * bytecode/opcodes: Removed.
3285         * opcode_definition_generator.py: Removed.
3286         * opcode_generator.py: Removed.
3287         * opcode_parser.py: Removed.
3288
3289 2012-08-27  Mark Hahnenberg  <mhahnenberg@apple.com>
3290
3291         Remove uses of TypedArray ClassInfo from SpeculativeJIT::checkArgumentTypes
3292         https://bugs.webkit.org/show_bug.cgi?id=95112
3293
3294         Reviewed by Filip Pizlo.
3295
3296         Removing these checks since we no longer need them.
3297
3298         * dfg/DFGAbstractState.cpp:
3299         (JSC::DFG::AbstractState::initialize):
3300         * dfg/DFGSpeculativeJIT.cpp:
3301         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3302
3303 2012-08-27  Benjamin Poulain  <benjamin@webkit.org>
3304
3305         Add ECMAScript Number to String conversion to WTF::String
3306         https://bugs.webkit.org/show_bug.cgi?id=95016
3307
3308         Reviewed by Geoffrey Garen.
3309
3310         Rename UString::number(double) to UString::numberToStringECMAScript(double) to
3311         differenciate it from the fixed-width conversion performed by String::number().
3312
3313         * parser/ParserArena.h:
3314         (JSC::IdentifierArena::makeNumericIdentifier):
3315         * runtime/JSONObject.cpp:
3316         (JSC::Stringifier::appendStringifiedValue):
3317         * runtime/NumberPrototype.cpp:
3318         (JSC::numberProtoFuncToExponential):
3319         (JSC::numberProtoFuncToFixed):
3320         (JSC::numberProtoFuncToPrecision):
3321         (JSC::numberProtoFuncToString):
3322         * runtime/NumericStrings.h:
3323         (JSC::NumericStrings::add):
3324         * runtime/UString.cpp:
3325         (JSC::UString::numberToStringECMAScript):
3326         * runtime/UString.h:
3327         (UString):
3328
3329 2012-08-27  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
3330
3331         Rename RegisterProtocolHandler API to NavigatorContentUtils
3332         https://bugs.webkit.org/show_bug.cgi?id=94920
3333
3334         Reviewed by Adam Barth.
3335
3336         ENABLE_REGISTER_PROTOCOL_HANDLER is renamed to ENABLE_NAVIGATOR_CONTENT_UTILS.
3337
3338         * Configurations/FeatureDefines.xcconfig:
3339
3340 2012-08-26  Filip Pizlo  <fpizlo@apple.com>
3341
3342         Unreviewed, fix for builds without VALUE_PROFILING. I had forgotten that shouldEmitProfiling()
3343         is designed to return true if DFG_JIT is disabled. I should be using canBeOptimized() instead.
3344
3345         * jit/JITCall.cpp:
3346         (JSC::JIT::compileOpCall):
3347         * jit/JITCall32_64.cpp:
3348         (JSC::JIT::compileOpCall):
3349
3350 2012-08-26  Geoffrey Garen  <ggaren@apple.com>
3351
3352         Don't allocate space for arguments and call frame if arguments aren't captured
3353         https://bugs.webkit.org/show_bug.cgi?id=95024
3354
3355         Reviewed by Phil Pizlo.
3356
3357         27% on v8-real-earley.
3358
3359         * runtime/JSActivation.h:
3360         (JSC::JSActivation::registerOffset): The offset is zero if we're skipping
3361         the arguments and call frame because "offset" means space reserved for
3362         those things.
3363
3364         (JSC::JSActivation::tearOff): Don't copy the scope chain and callee. We
3365         don't need them for anything, and we're no longer guaranteed to have
3366         space for them.
3367
3368 2012-08-26  Geoffrey Garen  <ggaren@apple.com>
3369
3370         Removed the NULL checks from visitChildren functions
3371         https://bugs.webkit.org/show_bug.cgi?id=95021
3372
3373         Reviewed by Oliver Hunt.
3374
3375         As of http://trac.webkit.org/changeset/126624, all values are NULL-checked
3376         during GC, so explicit NULL checks aren't needed anymore.
3377
3378 2011-08-26  Geoffrey Garen  <ggaren@apple.com>
3379
3380         Removed a JSC-specific hack from the web inspector
3381         https://bugs.webkit.org/show_bug.cgi?id=95033
3382
3383         Reviewed by Filip Pizlo.
3384
3385         Added support for what the web inspector really wanted instead.
3386
3387         * runtime/JSActivation.cpp:
3388         (JSC::JSActivation::symbolTableGet):
3389         (JSC::JSActivation::symbolTablePut): Added some explanation for these
3390         checks, which were non-obvious to me.
3391
3392         (JSC::JSActivation::getOwnPropertySlot): It's impossible to access the
3393         arguments property of an activation after it's been torn off, since the
3394         only way to tear off an activation is to instantiate a new function,
3395         which has its own arguments property in scope. However, the inspector
3396         get special access to activations, and may try to perform this access,
3397         so we need a special guard to maintain coherence and avoid crashing in
3398         case the activation optimized out the arguments property.
3399
3400         * runtime/JSActivation.cpp:
3401         (JSC::JSActivation::symbolTableGet):
3402         (JSC::JSActivation::symbolTablePut):
3403         (JSC::JSActivation::getOwnPropertyNames):
3404         (JSC::JSActivation::getOwnPropertyDescriptor): Provide getOwnPropertyNames
3405         and getOwnPropertyDescriptor implementations, to meet the web inspector's
3406         needs. (User code can never call these.)
3407
3408 2012-08-24  Filip Pizlo  <fpizlo@apple.com>
3409
3410         Finally inlining should correctly track the catch context
3411         https://bugs.webkit.org/show_bug.cgi?id=94986
3412         <rdar://problem/11753784>
3413
3414         Reviewed by Sam Weinig.
3415
3416         This fixes two behaviors:
3417         
3418         1) Throwing from a finally block. Previously, we would seem to reenter the finally
3419            block - though only once.
3420         
3421         2) Executing a finally block from some nested context, for example due to a
3422            'continue', 'break', or 'return' in the try. This would execute the finally
3423            block in the context of of the try block, which could lead to either scope depth
3424            mismatches or reexecutions of the finally block on throw, similarly to (1) but
3425            for different reasons.
3426
3427         * bytecompiler/BytecodeGenerator.cpp:
3428         (JSC):
3429         (JSC::BytecodeGenerator::pushFinallyContext):
3430         (JSC::BytecodeGenerator::emitComplexJumpScopes):
3431         (JSC::BytecodeGenerator::pushTry):
3432         (JSC::BytecodeGenerator::popTryAndEmitCatch):
3433         * bytecompiler/BytecodeGenerator.h:
3434         (FinallyContext):
3435         (TryData):
3436         (JSC):
3437         (TryContext):
3438         (TryRange):
3439         (BytecodeGenerator):
3440         * bytecompiler/NodesCodegen.cpp:
3441         (JSC::TryNode::emitBytecode):
3442