[Mac] No need for platform-specific ENABLE_BLOB values
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
2
3         [Mac] No need for platform-specific ENABLE_BLOB values
4         https://bugs.webkit.org/show_bug.cgi?id=82102
5
6         Reviewed by David Kilzer.
7
8         * Configurations/FeatureDefines.xcconfig:
9
10 2012-03-23  Michael Saboff  <msaboff@apple.com>
11
12         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
13         https://bugs.webkit.org/show_bug.cgi?id=81805
14
15         Reviewed by Filip Pizlo.
16
17         Added SpeculativeJIT::checkGeneratedType() to determine the current format
18         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
19         to generate code that will use integer and JSValue types in integer
20         format directly without a conversion to double.
21
22         * JavaScriptCore.xcodeproj/project.pbxproj:
23         * dfg/DFGSpeculativeJIT.cpp:
24         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
25         (DFG):
26         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
27         * dfg/DFGSpeculativeJIT.h:
28         (DFG):
29         (SpeculativeJIT):
30
31 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
32
33         Update Apple Windows build files for WTF move
34         https://bugs.webkit.org/show_bug.cgi?id=82069
35
36         Reviewed by Jessie Berlin.
37
38         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
39
40 2012-03-23  Dean Jackson  <dino@apple.com>
41
42         Disable CSS_SHADERS in Apple builds
43         https://bugs.webkit.org/show_bug.cgi?id=81996
44
45         Reviewed by Simon Fraser.
46
47         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
48
49         * Configurations/FeatureDefines.xcconfig:
50
51 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
52
53         RexExp constructor last match properties should not rely on previous ovector
54         https://bugs.webkit.org/show_bug.cgi?id=82077
55
56         Reviewed by Oliver Hunt.
57
58         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
59
60         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
61         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
62         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
63         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
64         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
65         reified state. This means that next time a match is performed, the store of the result will
66         automatically blow away the reified value.
67
68         * JavaScriptCore.xcodeproj/project.pbxproj:
69             - Added new files.
70         * runtime/RegExp.cpp:
71         (JSC::RegExpFunctionalTestCollector::outputOneTest):
72             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
73         * runtime/RegExpCachedResult.cpp: Added.
74         (JSC::RegExpCachedResult::visitChildren):
75         (JSC::RegExpCachedResult::lastResult):
76         (JSC::RegExpCachedResult::setInput):
77             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
78         * runtime/RegExpCachedResult.h: Added.
79         (RegExpCachedResult):
80             - Added new class.
81         (JSC::RegExpCachedResult::RegExpCachedResult):
82         (JSC::RegExpCachedResult::record):
83         (JSC::RegExpCachedResult::input):
84             - Initialize the object, record the result of a RegExp match, access the stored input property.
85         * runtime/RegExpConstructor.cpp:
86         (JSC::RegExpConstructor::RegExpConstructor):
87             - Initialize m_result/m_multiline properties.
88         (JSC::RegExpConstructor::visitChildren):
89             - Make sure the cached results (or lazy source for them) are marked.
90         (JSC::RegExpConstructor::getBackref):
91         (JSC::RegExpConstructor::getLastParen):
92         (JSC::RegExpConstructor::getLeftContext):
93         (JSC::RegExpConstructor::getRightContext):
94             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
95         (JSC::regExpConstructorInput):
96         (JSC::setRegExpConstructorInput):
97             - Changed to use RegExpCachedResult.
98         * runtime/RegExpConstructor.h:
99         (JSC::RegExpConstructor::create):
100         (RegExpConstructor):
101         (JSC::RegExpConstructor::setMultiline):
102         (JSC::RegExpConstructor::multiline):
103             - Move multiline property onto the constructor object; it is not affected by the last match.
104         (JSC::RegExpConstructor::setInput):
105         (JSC::RegExpConstructor::input):
106             - These defer to RegExpCachedResult.
107         (JSC::RegExpConstructor::performMatch):
108         * runtime/RegExpMatchesArray.cpp: Added.
109         (JSC::RegExpMatchesArray::visitChildren):
110             - Eeeep! added missing visitChildren!
111         (JSC::RegExpMatchesArray::finishCreation):
112         (JSC::RegExpMatchesArray::reifyAllProperties):
113         (JSC::RegExpMatchesArray::reifyMatchProperty):
114             - Moved from RegExpConstructor.cpp.
115         (JSC::RegExpMatchesArray::leftContext):
116         (JSC::RegExpMatchesArray::rightContext):
117             - Since the match start/
118         * runtime/RegExpMatchesArray.h:
119         (RegExpMatchesArray):
120             - Declare new methods & structure flags.
121         * runtime/RegExpObject.cpp:
122         (JSC::RegExpObject::match):
123             - performMatch now requires the JSString input, to cache.
124         * runtime/StringPrototype.cpp:
125         (JSC::removeUsingRegExpSearch):
126         (JSC::replaceUsingRegExpSearch):
127         (JSC::stringProtoFuncMatch):
128         (JSC::stringProtoFuncSearch):
129             - performMatch now requires the JSString input, to cache.
130
131 2012-03-23  Tony Chang  <tony@chromium.org>
132
133         [chromium] rename newwtf target back to wtf
134         https://bugs.webkit.org/show_bug.cgi?id=82064
135
136         Reviewed by Adam Barth.
137
138         * JavaScriptCore.gyp/JavaScriptCore.gyp:
139
140 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
141
142         Simplify memory usage tracking in CopiedSpace
143         https://bugs.webkit.org/show_bug.cgi?id=80705
144
145         Reviewed by Filip Pizlo.
146
147         * heap/CopiedAllocator.h:
148         (CopiedAllocator): Rename currentUtilization to currentSize.
149         (JSC::CopiedAllocator::currentCapacity):
150         * heap/CopiedBlock.h:
151         (CopiedBlock):
152         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
153         declaration.
154         (JSC):
155         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
156         (JSC::CopiedBlock::capacity): Ditto for capacity.
157         * heap/CopiedSpace.cpp:
158         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
159         field for the water mark.
160         (JSC::CopiedSpace::init):
161         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
162         block, we need to update our current water mark with the size of the block.
163         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
164         need to update our current water mark with the size of the used portion of the block.
165         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
166         reallocating because it will either get accounted for when we fill up the block later 
167         in the case of being able to reallocate in the current block or it will get picked up 
168         immediately because we'll have to get a new block.
169         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
170         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
171         new one.
172         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
173         the CopiedSpace by the SlotVisitors.
174         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
175         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
176         not we should collect now instead of doing the calculation ourself.
177         (JSC::CopiedSpace::destroy):
178         (JSC):
179         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
180         MarkedSpace does.
181         (JSC::CopiedSpace::capacity): Ditto for capacity.
182         * heap/CopiedSpace.h:
183         (JSC::CopiedSpace::waterMark):
184         (CopiedSpace):
185         * heap/CopiedSpaceInlineMethods.h:
186         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
187         collection.
188         (JSC::CopiedSpace::allocateNewBlock):
189         (JSC::CopiedSpace::fitsInBlock):
190         (JSC::CopiedSpace::allocateFromBlock):
191         * heap/Heap.cpp:
192         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
193         (JSC::Heap::capacity): Ditto for capacity.
194         (JSC::Heap::collect):
195         * heap/Heap.h:
196         (Heap):
197         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
198         determine whether they should initiate a collection or continue to allocate new blocks.
199         (JSC):
200         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
201         Heap (MarkedSpace and CopiedSpace).
202         * heap/MarkedAllocator.cpp:
203         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
204
205 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
206
207         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
208         https://bugs.webkit.org/show_bug.cgi?id=82012
209
210         Reviewed by Filip Pizlo.
211
212         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
213
214         * wtf/BitVector.cpp:
215         (WTF::BitVector::resizeOutOfLine):
216         * wtf/BitVector.h:
217         (BitVector):
218         (OutOfLineBits):
219
220 2012-03-22  Michael Saboff  <msaboff@apple.com>
221
222         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
223         https://bugs.webkit.org/show_bug.cgi?id=82002
224
225         Reviewed by Filip Pizlo.
226
227         Guard against divide by zero and then make sure the return
228         value is >= 1.0.
229
230         * jit/ExecutableAllocator.cpp:
231         (JSC::ExecutableAllocator::memoryPressureMultiplier):
232         * jit/ExecutableAllocatorFixedVMPool.cpp:
233         (JSC::ExecutableAllocator::memoryPressureMultiplier):
234
235 2012-03-22  Jessie Berlin  <jberlin@apple.com>
236
237         Windows build fix after r111778.
238
239         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
240         Don't include and try to build files owned by WTF.
241         Also, let VS have its way with the vcproj in terms of file ordering.
242
243 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
244
245         [CMake] Unreviewed build fix after r111778.
246
247         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
248         the include paths so that the right config.h is used.
249
250 2012-03-22  Tony Chang  <tony@chromium.org>
251
252         Unreviewed, fix chromium build after wtf move.
253
254         Remove old wtf_config and wtf targets.
255
256         * JavaScriptCore.gyp/JavaScriptCore.gyp:
257
258 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
259
260         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
261
262         * GNUmakefile.list.am: Removed an extra trailing backslash.
263
264 2012-03-22  Mark Rowe  <mrowe@apple.com>
265
266         Fix the build.
267
268         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
269         rather than only those that contain symbols that JavaScriptCore itself uses.
270         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
271
272 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
273
274         DFG NodeFlags has some duplicate code and naming issues
275         https://bugs.webkit.org/show_bug.cgi?id=81975
276
277         Reviewed by Gavin Barraclough.
278         
279         Removed most references to "ArithNodeFlags" since those are now just part
280         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
281         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
282         because the former was never called and the latter did the same things as
283         mergeFlags().
284
285         * dfg/DFGByteCodeParser.cpp:
286         (JSC::DFG::ByteCodeParser::makeSafe):
287         (JSC::DFG::ByteCodeParser::makeDivSafe):
288         (JSC::DFG::ByteCodeParser::handleIntrinsic):
289         * dfg/DFGGraph.cpp:
290         (JSC::DFG::Graph::dump):
291         * dfg/DFGNode.h:
292         (JSC::DFG::Node::arithNodeFlags):
293         (Node):
294         * dfg/DFGNodeFlags.cpp:
295         (JSC::DFG::nodeFlagsAsString):
296         * dfg/DFGNodeFlags.h:
297         (DFG):
298         (JSC::DFG::nodeUsedAsNumber):
299         * dfg/DFGPredictionPropagationPhase.cpp:
300         (JSC::DFG::PredictionPropagationPhase::propagate):
301         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
302
303 2012-03-22  Eric Seidel  <eric@webkit.org>
304
305         Actually move WTF files to their new home
306         https://bugs.webkit.org/show_bug.cgi?id=81844
307
308         Unreviewed.  The details of the port-specific changes
309         have been seen by contributors from those ports, but
310         the whole 5MB change isn't very reviewable as-is.
311
312         * GNUmakefile.am:
313         * GNUmakefile.list.am:
314         * JSCTypedArrayStubs.h:
315         * JavaScriptCore.gypi:
316         * JavaScriptCore.xcodeproj/project.pbxproj:
317         * jsc.cpp:
318
319 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
320
321         [wx] Unreviewed. Adding Source/WTF to the build.
322
323         * wscript:
324
325 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
326
327         Add JSValue::isFunction
328         https://bugs.webkit.org/show_bug.cgi?id=81935
329
330         Reviewed by Geoff Garen.
331
332         This would be useful in the WebCore bindings code.
333         Also, remove asFunction, replace with jsCast<JSFunction*>.
334
335         * API/JSContextRef.cpp:
336         * debugger/Debugger.cpp:
337         * debugger/DebuggerCallFrame.cpp:
338         (JSC::DebuggerCallFrame::functionName):
339         * dfg/DFGGraph.h:
340         (JSC::DFG::Graph::valueOfFunctionConstant):
341         * dfg/DFGOperations.cpp:
342         * interpreter/CallFrame.cpp:
343         (JSC::CallFrame::isInlineCallFrameSlow):
344         * interpreter/Interpreter.cpp:
345         (JSC::Interpreter::privateExecute):
346         * jit/JITStubs.cpp:
347         (JSC::DEFINE_STUB_FUNCTION):
348         (JSC::jitCompileFor):
349         (JSC::lazyLinkFor):
350         * llint/LLIntSlowPaths.cpp:
351         (JSC::LLInt::traceFunctionPrologue):
352         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
353         (JSC::LLInt::setUpCall):
354         * runtime/Arguments.h:
355         (JSC::Arguments::finishCreation):
356         * runtime/ArrayPrototype.cpp:
357         (JSC::arrayProtoFuncFilter):
358         (JSC::arrayProtoFuncMap):
359         (JSC::arrayProtoFuncEvery):
360         (JSC::arrayProtoFuncForEach):
361         (JSC::arrayProtoFuncSome):
362         (JSC::arrayProtoFuncReduce):
363         (JSC::arrayProtoFuncReduceRight):
364         * runtime/CommonSlowPaths.h:
365         (JSC::CommonSlowPaths::arityCheckFor):
366         * runtime/Executable.h:
367         (JSC::FunctionExecutable::compileFor):
368         (JSC::FunctionExecutable::compileOptimizedFor):
369         * runtime/FunctionPrototype.cpp:
370         (JSC::functionProtoFuncToString):
371         * runtime/JSArray.cpp:
372         (JSC::JSArray::sort):
373         * runtime/JSFunction.cpp:
374         (JSC::JSFunction::argumentsGetter):
375         (JSC::JSFunction::callerGetter):
376         (JSC::JSFunction::lengthGetter):
377         * runtime/JSFunction.h:
378         (JSC):
379         (JSC::asJSFunction):
380         (JSC::JSValue::isFunction):
381         * runtime/JSGlobalData.cpp:
382         (WTF::Recompiler::operator()):
383         (JSC::JSGlobalData::releaseExecutableMemory):
384         * runtime/JSValue.h:
385         * runtime/StringPrototype.cpp:
386         (JSC::replaceUsingRegExpSearch):
387
388 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
389
390         DFG speculation on booleans should be rationalized
391         https://bugs.webkit.org/show_bug.cgi?id=81840
392
393         Reviewed by Gavin Barraclough.
394         
395         This removes isKnownBoolean() and replaces it with AbstractState-based
396         optimization, and cleans up the control flow in code gen methods for
397         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
398         and removes isKnownNotBoolean() since that method appeared to be a
399         helper used solely by 32_64's speculateBooleanOperation().
400         
401         This is performance-neutral.
402
403         * dfg/DFGAbstractState.cpp:
404         (JSC::DFG::AbstractState::execute):
405         * dfg/DFGNode.h:
406         (JSC::DFG::Node::shouldSpeculateNumber):
407         * dfg/DFGSpeculativeJIT.cpp:
408         (DFG):
409         * dfg/DFGSpeculativeJIT.h:
410         (SpeculativeJIT):
411         * dfg/DFGSpeculativeJIT32_64.cpp:
412         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
413         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
414         (JSC::DFG::SpeculativeJIT::emitBranch):
415         (JSC::DFG::SpeculativeJIT::compile):
416         * dfg/DFGSpeculativeJIT64.cpp:
417         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
418         (JSC::DFG::SpeculativeJIT::emitBranch):
419         (JSC::DFG::SpeculativeJIT::compile):
420
421 2012-03-21  Mark Rowe  <mrowe@apple.com>
422
423         Fix the build.
424
425         * wtf/MetaAllocator.h:
426         (MetaAllocator): Export the destructor.
427
428 2012-03-21  Eric Seidel  <eric@webkit.org>
429
430         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
431         https://bugs.webkit.org/show_bug.cgi?id=81834
432
433         Reviewed by Adam Barth.
434
435         * jsc.cpp:
436         * os-win32/WinMain.cpp:
437         * runtime/JSDateMath.cpp:
438         * runtime/TimeoutChecker.cpp:
439         * testRegExp.cpp:
440         * tools/CodeProfiling.cpp:
441
442 2012-03-21  Eric Seidel  <eric@webkit.org>
443
444         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
445         https://bugs.webkit.org/show_bug.cgi?id=81838
446
447         Reviewed by Geoffrey Garen.
448
449         My understanding is that weak vtables happen when the compiler/linker cannot
450         determine which compilation unit should constain the vtable.  In this case
451         because there were only pure virtual functions as well as an "inline"
452         virtual destructor (thus the virtual destructor was defined in many compilation
453         units).  Since you can't actually "inline" a virtual function (it still has to
454         bounce through the vtable), the "inline" on this virutal destructor doesn't
455         actually help performance, and is only serving to confuse the compiler here.
456         I've moved the destructor implementation to the .cpp file, thus making
457         it clear to the compiler where the vtable should be stored, and solving the error.
458
459         * wtf/MetaAllocator.cpp:
460         (WTF::MetaAllocator::~MetaAllocator):
461         (WTF):
462         * wtf/MetaAllocator.h:
463
464 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
465
466         RegExpMatchesArray should not copy the ovector
467         https://bugs.webkit.org/show_bug.cgi?id=81742
468
469         Reviewed by Michael Saboff.
470
471         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
472         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
473         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
474         and the results never accessed).
475         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
476
477         * dfg/DFGOperations.cpp:
478             - RegExpObject match renamed back to test (test returns a bool).
479         * runtime/RegExpConstructor.cpp:
480         (JSC):
481             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
482         (JSC::RegExpMatchesArray::finishCreation):
483             - Removed RegExpConstructorPrivate parameter.
484         (JSC::RegExpMatchesArray::reifyAllProperties):
485             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
486             If there are sub-pattern properties, the RegExp is re-run to generate their values.
487         (JSC::RegExpMatchesArray::reifyMatchProperty):
488             - Reify just the match (index 0) property of the RegExpMatchesArray.
489         * runtime/RegExpConstructor.h:
490         (RegExpConstructor):
491         (JSC::RegExpConstructor::performMatch):
492             - performMatch now returns a MatchResult, rather than using out-parameters.
493         * runtime/RegExpMatchesArray.h:
494         (JSC::RegExpMatchesArray::RegExpMatchesArray):
495             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
496         (RegExpMatchesArray):
497         (JSC::RegExpMatchesArray::create):
498             - Now passed the input string matched against, the RegExp, and the MatchResult.
499         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
500         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
501             - Helpers to conditionally reify properties.
502         (JSC::RegExpMatchesArray::getOwnPropertySlot):
503         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
504         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
505         (JSC::RegExpMatchesArray::put):
506         (JSC::RegExpMatchesArray::putByIndex):
507         (JSC::RegExpMatchesArray::deleteProperty):
508         (JSC::RegExpMatchesArray::deletePropertyByIndex):
509         (JSC::RegExpMatchesArray::getOwnPropertyNames):
510         (JSC::RegExpMatchesArray::defineOwnProperty):
511             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
512             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
513         * runtime/RegExpObject.cpp:
514         (JSC::RegExpObject::exec):
515         (JSC::RegExpObject::match):
516             - match now returns a MatchResult.
517         * runtime/RegExpObject.h:
518         (JSC::MatchResult::MatchResult):
519             - Added the result of a match is a start & end tuple.
520         (JSC::MatchResult::failed):
521             - A failure is indicated by (notFound, 0).
522         (JSC::MatchResult::operator bool):
523             - Evaluates to false if the match failed.
524         (JSC::MatchResult::empty):
525             - Evaluates to true if the match succeeded with length 0.
526         (JSC::RegExpObject::test):
527             - Now returns a bool.
528         * runtime/RegExpPrototype.cpp:
529         (JSC::regExpProtoFuncTest):
530             - RegExpObject match renamed back to test (test returns a bool).
531         * runtime/StringPrototype.cpp:
532         (JSC::removeUsingRegExpSearch):
533         (JSC::replaceUsingRegExpSearch):
534         (JSC::stringProtoFuncMatch):
535         (JSC::stringProtoFuncSearch):
536             - performMatch now returns a MatchResult, rather than using out-parameters.
537
538 2012-03-21  Hojong Han  <hojong.han@samsung.com>
539
540         Fix out of memory by allowing overcommit
541         https://bugs.webkit.org/show_bug.cgi?id=81743
542
543         Reviewed by Geoffrey Garen.
544
545         Garbage collection is not triggered and new blocks are added
546         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
547
548         * wtf/OSAllocatorPosix.cpp:
549         (WTF::OSAllocator::reserveAndCommit):
550
551 2012-03-21  Jessie Berlin  <jberlin@apple.com>
552
553         More Windows build fixing.
554
555         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
556         Fix the order of the include directories to look in include/private first before looking
557         in include/private/JavaScriptCore.
558         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
559         Look in the Production output directory (where the wtf headers will be). This is the same
560         thing that is done for jsc and testRegExp in ReleasePGO.
561
562 2012-03-21  Jessie Berlin  <jberlin@apple.com>
563
564         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
565         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
566         https://bugs.webkit.org/show_bug.cgi?id=81739
567
568         Reviewed by Dan Bernstein.
569
570         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
571         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
572         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
573         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
574         Ditto.
575
576         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
577         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
578         JavaScriptCore/wtf subdirectory.
579         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
580         Ditto.
581
582 2012-03-20  Eric Seidel  <eric@webkit.org>
583
584         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
585         https://bugs.webkit.org/show_bug.cgi?id=80911
586
587         Reviewed by Adam Barth.
588
589         Update the various build systems to depend on Source/WTF headers
590         as well as remove references to Platform.h (since it's now moved).
591
592         * CMakeLists.txt:
593         * JavaScriptCore.pri:
594         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
595         * JavaScriptCore.xcodeproj/project.pbxproj:
596         * wtf/CMakeLists.txt:
597
598 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
599
600         op_mod fails on many interesting corner cases
601         https://bugs.webkit.org/show_bug.cgi?id=81648
602
603         Reviewed by Oliver Hunt.
604         
605         Removed most strength reduction for op_mod, and fixed the integer handling
606         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
607         which this patch also fixes.
608         
609         This patch is performance neutral on all of the major benchmarks we track.
610
611         * dfg/DFGOperations.cpp:
612         * dfg/DFGOperations.h:
613         * dfg/DFGSpeculativeJIT.cpp:
614         (DFG):
615         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
616         (JSC::DFG::SpeculativeJIT::compileArithMod):
617         * jit/JIT.h:
618         (JIT):
619         * jit/JITArithmetic.cpp:
620         (JSC):
621         (JSC::JIT::emit_op_mod):
622         (JSC::JIT::emitSlow_op_mod):
623         * jit/JITArithmetic32_64.cpp:
624         (JSC::JIT::emit_op_mod):
625         (JSC::JIT::emitSlow_op_mod):
626         * jit/JITOpcodes32_64.cpp:
627         (JSC::JIT::privateCompileCTIMachineTrampolines):
628         (JSC):
629         * jit/JITStubs.h:
630         (TrampolineStructure):
631         (JSC::JITThunks::ctiNativeConstruct):
632         * llint/LowLevelInterpreter64.asm:
633         * wtf/Platform.h:
634         * wtf/SimpleStats.h:
635         (WTF::SimpleStats::variance):
636
637 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
638
639         Windows (make based) build fix.
640         <rdar://problem/11069015>
641
642         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
643
644 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
645
646         Move WTF-related Windows project files out of JavaScriptCore
647         https://bugs.webkit.org/show_bug.cgi?id=80680
648
649         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
650         It does not move any source code. This is in preparation for the WTF source move out of
651         JavaScriptCore.
652
653         Reviewed by Jessie Berlin.
654
655         * JavaScriptCore.vcproj/JavaScriptCore.sln:
656         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
657         * JavaScriptCore.vcproj/WTF: Removed.
658         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
659         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
660         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
661         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
662         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
663         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
664         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
665         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
666         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
667         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
668         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
669         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
670         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
671         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
672         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
673         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
674         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
675         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
676         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
677         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
678         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
679         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
680
681 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
682
683         Cache the type string of JavaScript object
684         https://bugs.webkit.org/show_bug.cgi?id=81446
685
686         Reviewed by Geoffrey Garen.
687
688         Instead of creating the JSString every time, we create
689         lazily the strings in JSGlobalData.
690
691         This avoid the construction of the StringImpl and of the JSString,
692         which gives some performance improvements.
693
694         * runtime/CommonIdentifiers.h:
695         * runtime/JSValue.cpp:
696         (JSC::JSValue::toStringSlowCase):
697         * runtime/Operations.cpp:
698         (JSC::jsTypeStringForValue):
699         * runtime/SmallStrings.cpp:
700         (JSC::SmallStrings::SmallStrings):
701         (JSC::SmallStrings::finalizeSmallStrings):
702         (JSC::SmallStrings::initialize):
703         (JSC):
704         * runtime/SmallStrings.h:
705         (SmallStrings):
706
707 2012-03-20  Oliver Hunt  <oliver@apple.com>
708
709         Allow LLINT to work even when executable allocation fails.
710         https://bugs.webkit.org/show_bug.cgi?id=81693
711
712         Reviewed by Gavin Barraclough.
713
714         Don't crash if executable allocation fails if we can fall back on LLINT
715
716         * jit/ExecutableAllocatorFixedVMPool.cpp:
717         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
718         * wtf/OSAllocatorPosix.cpp:
719         (WTF::OSAllocator::reserveAndCommit):
720
721 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
722
723         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
724         https://bugs.webkit.org/show_bug.cgi?id=81428
725
726         32 bit buildfix after r111355.
727
728         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
729         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
730
731         Reviewed by Zoltan Herczeg.
732
733         * dfg/DFGSpeculativeJIT.cpp:
734         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
735
736 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
737
738         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
739         https://bugs.webkit.org/show_bug.cgi?id=80983
740
741         Reviewed by Darin Adler.
742
743         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
744         call which is useful for local debugging.
745
746         * wtf/Assertions.cpp:
747         * wtf/Assertions.h:
748
749 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
750
751         Do not copy the script source in the SourceProvider, just reference the existing string
752         https://bugs.webkit.org/show_bug.cgi?id=81466
753
754         Reviewed by Geoffrey Garen.
755
756         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
757         * parser/SourceProvider.h: Add OVERRIDE for clarity.
758
759 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
760
761         Division optimizations fail to infer cases of truncated division and
762         mishandle -2147483648/-1
763         https://bugs.webkit.org/show_bug.cgi?id=81428
764         <rdar://problem/11067382>
765
766         Reviewed by Oliver Hunt.
767
768         If you're a division over integers and you're only used as an integer, then you're
769         an integer division and remainder checks become unnecessary. If you're dividing
770         -2147483648 by -1, don't crash.
771
772         * assembler/MacroAssemblerX86Common.h:
773         (MacroAssemblerX86Common):
774         (JSC::MacroAssemblerX86Common::add32):
775         * dfg/DFGSpeculativeJIT.cpp:
776         (DFG):
777         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
778         * dfg/DFGSpeculativeJIT.h:
779         (SpeculativeJIT):
780         * dfg/DFGSpeculativeJIT32_64.cpp:
781         (JSC::DFG::SpeculativeJIT::compile):
782         * dfg/DFGSpeculativeJIT64.cpp:
783         (JSC::DFG::SpeculativeJIT::compile):
784         * llint/LowLevelInterpreter64.asm:
785
786 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
787
788         Simplify SmallStrings
789         https://bugs.webkit.org/show_bug.cgi?id=81445
790
791         Reviewed by Gavin Barraclough.
792
793         SmallStrings had two methods that should not be public: count() and clear().
794
795         The method clear() is effectively replaced by finalizeSmallStrings(). The body
796         of the method was moved to the constructor since the code is obvious.
797
798         The method count() is unused.
799
800         * runtime/SmallStrings.cpp:
801         (JSC::SmallStrings::SmallStrings):
802         * runtime/SmallStrings.h:
803         (SmallStrings):
804
805 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
806
807         DFG can no longer compile V8-v4/regexp in debug mode
808         https://bugs.webkit.org/show_bug.cgi?id=81592
809
810         Reviewed by Gavin Barraclough.
811
812         * dfg/DFGSpeculativeJIT32_64.cpp:
813         (JSC::DFG::SpeculativeJIT::compile):
814         * dfg/DFGSpeculativeJIT64.cpp:
815         (JSC::DFG::SpeculativeJIT::compile):
816
817 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
818
819         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
820         change throughout the fixpoint
821         https://bugs.webkit.org/show_bug.cgi?id=81583
822
823         Reviewed by Michael Saboff.
824
825         * dfg/DFGPredictionPropagationPhase.cpp:
826         (JSC::DFG::PredictionPropagationPhase::propagate):
827
828 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
829
830         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
831         the process of being generated
832         https://bugs.webkit.org/show_bug.cgi?id=81565
833
834         Reviewed by Oliver Hunt.
835
836         * bytecode/CodeBlock.cpp:
837         (JSC::CodeBlock::finalizeUnconditionally):
838
839 2012-03-19  Eric Seidel  <eric@webkit.org>
840
841         Fix WTF header include discipline in Chromium WebKit
842         https://bugs.webkit.org/show_bug.cgi?id=81281
843
844         Reviewed by James Robinson.
845
846         * JavaScriptCore.gyp/JavaScriptCore.gyp:
847         * wtf/unicode/icu/CollatorICU.cpp:
848
849 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
850
851         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
852         https://bugs.webkit.org/show_bug.cgi?id=81556
853
854         Rubber stamped by Gavin Barraclough.
855
856         * GNUmakefile.list.am:
857         * JavaScriptCore.xcodeproj/project.pbxproj:
858         * dfg/DFGAbstractState.h:
859         (JSC::DFG::AbstractState::forNode):
860         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
861         (JSC::DFG::AdjacencyList::AdjacencyList):
862         (JSC::DFG::AdjacencyList::child):
863         (JSC::DFG::AdjacencyList::setChild):
864         (JSC::DFG::AdjacencyList::child1):
865         (JSC::DFG::AdjacencyList::child2):
866         (JSC::DFG::AdjacencyList::child3):
867         (JSC::DFG::AdjacencyList::setChild1):
868         (JSC::DFG::AdjacencyList::setChild2):
869         (JSC::DFG::AdjacencyList::setChild3):
870         (JSC::DFG::AdjacencyList::child1Unchecked):
871         (JSC::DFG::AdjacencyList::initialize):
872         (AdjacencyList):
873         * dfg/DFGByteCodeParser.cpp:
874         (JSC::DFG::ByteCodeParser::addVarArgChild):
875         (JSC::DFG::ByteCodeParser::processPhiStack):
876         * dfg/DFGCSEPhase.cpp:
877         (JSC::DFG::CSEPhase::canonicalize):
878         (JSC::DFG::CSEPhase::performSubstitution):
879         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
880         (DFG):
881         (JSC::DFG::Edge::Edge):
882         (JSC::DFG::Edge::operator==):
883         (JSC::DFG::Edge::operator!=):
884         (Edge):
885         (JSC::DFG::operator==):
886         (JSC::DFG::operator!=):
887         * dfg/DFGGraph.h:
888         (JSC::DFG::Graph::operator[]):
889         (JSC::DFG::Graph::at):
890         (JSC::DFG::Graph::ref):
891         (JSC::DFG::Graph::deref):
892         (JSC::DFG::Graph::clearAndDerefChild1):
893         (JSC::DFG::Graph::clearAndDerefChild2):
894         (JSC::DFG::Graph::clearAndDerefChild3):
895         (Graph):
896         * dfg/DFGJITCompiler.h:
897         (JSC::DFG::JITCompiler::getPrediction):
898         * dfg/DFGNode.h:
899         (JSC::DFG::Node::Node):
900         (JSC::DFG::Node::child1):
901         (JSC::DFG::Node::child1Unchecked):
902         (JSC::DFG::Node::child2):
903         (JSC::DFG::Node::child3):
904         (Node):
905         * dfg/DFGNodeFlags.cpp:
906         (JSC::DFG::arithNodeFlagsAsString):
907         * dfg/DFGNodeFlags.h:
908         (DFG):
909         (JSC::DFG::nodeUsedAsNumber):
910         * dfg/DFGNodeReferenceBlob.h: Removed.
911         * dfg/DFGNodeUse.h: Removed.
912         * dfg/DFGPredictionPropagationPhase.cpp:
913         (JSC::DFG::PredictionPropagationPhase::propagate):
914         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
915         (JSC::DFG::PredictionPropagationPhase::vote):
916         (JSC::DFG::PredictionPropagationPhase::fixupNode):
917         * dfg/DFGScoreBoard.h:
918         (JSC::DFG::ScoreBoard::use):
919         * dfg/DFGSpeculativeJIT.cpp:
920         (JSC::DFG::SpeculativeJIT::useChildren):
921         (JSC::DFG::SpeculativeJIT::writeBarrier):
922         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
923         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
924         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
925         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
926         * dfg/DFGSpeculativeJIT.h:
927         (JSC::DFG::SpeculativeJIT::at):
928         (JSC::DFG::SpeculativeJIT::canReuse):
929         (JSC::DFG::SpeculativeJIT::use):
930         (SpeculativeJIT):
931         (JSC::DFG::SpeculativeJIT::speculationCheck):
932         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
933         (JSC::DFG::IntegerOperand::IntegerOperand):
934         (JSC::DFG::DoubleOperand::DoubleOperand):
935         (JSC::DFG::JSValueOperand::JSValueOperand):
936         (JSC::DFG::StorageOperand::StorageOperand):
937         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
938         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
939         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
940         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
941         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
942         * dfg/DFGSpeculativeJIT32_64.cpp:
943         (JSC::DFG::SpeculativeJIT::cachedPutById):
944         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
945         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
946         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
947         (JSC::DFG::SpeculativeJIT::emitCall):
948         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
949         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
950         * dfg/DFGSpeculativeJIT64.cpp:
951         (JSC::DFG::SpeculativeJIT::cachedPutById):
952         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
953         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
954         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
955         (JSC::DFG::SpeculativeJIT::emitCall):
956         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
957         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
958
959 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
960
961         Object.freeze broken on latest Nightly
962         https://bugs.webkit.org/show_bug.cgi?id=80577
963
964         Reviewed by Oliver Hunt.
965
966         * runtime/Arguments.cpp:
967         (JSC::Arguments::defineOwnProperty):
968             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
969             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
970         * runtime/JSFunction.cpp:
971         (JSC::JSFunction::defineOwnProperty):
972             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
973             the object must be extensible; this is incorrect since these properties should already exist
974             on the object. In addition, it was asserting that the arguments/caller values must match the
975             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
976             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
977
978 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
979
980         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
981         https://bugs.webkit.org/show_bug.cgi?id=81559
982
983         Reviewed by Michael Saboff.
984
985         * llint/LLIntSlowPaths.cpp:
986         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
987
988 2012-03-19  Yong Li  <yoli@rim.com>
989
990         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
991         https://bugs.webkit.org/show_bug.cgi?id=77013
992
993         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
994         implement memory decommitting for QNX.
995
996         Reviewed by Rob Buis.
997
998         * wtf/OSAllocatorPosix.cpp:
999         (WTF::OSAllocator::reserveUncommitted):
1000         (WTF::OSAllocator::commit):
1001         (WTF::OSAllocator::decommit):
1002
1003 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1004
1005         Unreviewed - revent a couple of files accidentally committed.
1006
1007         * runtime/Arguments.cpp:
1008         (JSC::Arguments::defineOwnProperty):
1009         * runtime/JSFunction.cpp:
1010         (JSC::JSFunction::defineOwnProperty):
1011
1012 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1013
1014         Another Windows build fix after r111129.
1015
1016         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1017
1018 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1019
1020         Cross-platform processor core counter: fix build on FreeBSD.
1021         https://bugs.webkit.org/show_bug.cgi?id=81482
1022
1023         Reviewed by Zoltan Herczeg.
1024
1025         The documentation of sysctl(3) shows that <sys/types.h> should be
1026         included before <sys/sysctl.h> (sys/types.h tends to be the first
1027         included header in general).
1028
1029         This should fix the build on FreeBSD and other systems where
1030         sysctl.h really depends on types defined in types.h.
1031
1032         * wtf/NumberOfCores.cpp:
1033
1034 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1035
1036         Windows build fix after r111129.
1037
1038         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1039
1040 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1041
1042         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1043         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1044
1045         Reviewed by Oliver Hunt.
1046
1047         The API specifies that convertToType may opt not to handle a conversion:
1048             "@result The objects's converted value, or NULL if the object was not converted."
1049         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1050         conversion functions, and failing that call the JSObject::defaultValue function.
1051
1052         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1053         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1054         bug#73368, these will return the result from the first convertToType they find, regardless
1055         of whether this result is null, and if no convertToType method is found in the api class
1056         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1057         chain), they will also return a null pointer. This is unsafe.
1058
1059         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1060         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1061         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1062         Making the fallback work with toString/valueOf methods attached to api objects is probably
1063         not the right thing to do – instead, we should just implement the defaultValue trap for api
1064         objects.
1065
1066         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1067         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1068
1069         * API/JSCallbackFunction.cpp:
1070         (JSC::JSCallbackFunction::call):
1071             - Should be null checking the return value.
1072         (JSC):
1073             - Remove toStringCallback/valueOfCallback.
1074         * API/JSCallbackFunction.h:
1075         (JSCallbackFunction):
1076             - Remove toStringCallback/valueOfCallback.
1077         * API/JSCallbackObject.h:
1078         (JSCallbackObject):
1079             - Add defaultValue mthods to JSCallbackObject.
1080         * API/JSCallbackObjectFunctions.h:
1081         (JSC::::defaultValue):
1082             - Add defaultValue mthods to JSCallbackObject.
1083         * API/JSClassRef.cpp:
1084         (OpaqueJSClass::prototype):
1085             - Remove toStringCallback/valueOfCallback.
1086         * API/tests/testapi.js:
1087             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1088
1089 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1090
1091         [EFL] Include ICU_INCLUDE_DIRS when building.
1092         https://bugs.webkit.org/show_bug.cgi?id=81483
1093
1094         Reviewed by Daniel Bates.
1095
1096         So far, only the ICU libraries were being included when building
1097         JavaScriptCore, however the include path is also needed, otherwise the
1098         build will fail when ICU is installed into a non-standard location.
1099
1100         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1101
1102 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1103
1104         Strength reduction, RegExp.exec -> RegExp.test
1105         https://bugs.webkit.org/show_bug.cgi?id=81459
1106
1107         Reviewed by Sam Weinig.
1108
1109         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1110         expression for a match against a string - however exec is more expensive, since
1111         it allocates a matches array object. In cases where the result is consumed in a
1112         boolean context the allocation of the matches array can be trivially elided.
1113
1114         For example:
1115             function f()
1116             {
1117                 for (i =0; i < 10000000; ++i)
1118                     if(!/a/.exec("a"))
1119                         err = true;
1120             }
1121
1122         This is a 2.5x speedup on this example microbenchmark loop.
1123
1124         In a more advanced form of this optimization, we may be able to avoid allocating
1125         the array where access to the array can be observed.
1126
1127         * create_hash_table:
1128         * dfg/DFGAbstractState.cpp:
1129         (JSC::DFG::AbstractState::execute):
1130         * dfg/DFGByteCodeParser.cpp:
1131         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1132         * dfg/DFGNode.h:
1133         (JSC::DFG::Node::hasHeapPrediction):
1134         * dfg/DFGNodeType.h:
1135         (DFG):
1136         * dfg/DFGOperations.cpp:
1137         * dfg/DFGOperations.h:
1138         * dfg/DFGPredictionPropagationPhase.cpp:
1139         (JSC::DFG::PredictionPropagationPhase::propagate):
1140         * dfg/DFGSpeculativeJIT.cpp:
1141         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1142         (DFG):
1143         * dfg/DFGSpeculativeJIT.h:
1144         (JSC::DFG::SpeculativeJIT::callOperation):
1145         * dfg/DFGSpeculativeJIT32_64.cpp:
1146         (JSC::DFG::SpeculativeJIT::compile):
1147         * dfg/DFGSpeculativeJIT64.cpp:
1148         (JSC::DFG::SpeculativeJIT::compile):
1149         * jsc.cpp:
1150         (GlobalObject::addConstructableFunction):
1151         * runtime/Intrinsic.h:
1152         * runtime/JSFunction.cpp:
1153         (JSC::JSFunction::create):
1154         (JSC):
1155         * runtime/JSFunction.h:
1156         (JSFunction):
1157         * runtime/Lookup.cpp:
1158         (JSC::setUpStaticFunctionSlot):
1159         * runtime/RegExpObject.cpp:
1160         (JSC::RegExpObject::exec):
1161         (JSC::RegExpObject::match):
1162         * runtime/RegExpObject.h:
1163         (RegExpObject):
1164         * runtime/RegExpPrototype.cpp:
1165         (JSC::regExpProtoFuncTest):
1166         (JSC::regExpProtoFuncExec):
1167
1168 2012-03-16  Michael Saboff  <msaboff@apple.com>
1169
1170         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1171         https://bugs.webkit.org/show_bug.cgi?id=81244
1172
1173         Rubber stamped by Filip Pizlo.
1174
1175         Changed type and name of JSGlobalData::m_isInitializingObject to
1176         ClassInfo* and m_initializingObjectClass.
1177         Changed JSGlobalData::setInitializingObject to
1178         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1179         the debugger to determine what type of object is being initialized.
1180         
1181         * runtime/JSCell.h:
1182         (JSC::JSCell::finishCreation):
1183         (JSC::allocateCell):
1184         * runtime/JSGlobalData.cpp:
1185         (JSC::JSGlobalData::JSGlobalData):
1186         * runtime/JSGlobalData.h:
1187         (JSGlobalData):
1188         (JSC::JSGlobalData::isInitializingObject):
1189         (JSC::JSGlobalData::setInitializingObjectClass):
1190         * runtime/Structure.h:
1191         (JSC::JSCell::finishCreation):
1192
1193 2012-03-16  Mark Rowe  <mrowe@apple.com>
1194
1195         Build fix. Do not preserve owner and group information when installing the WTF headers.
1196
1197         * JavaScriptCore.xcodeproj/project.pbxproj:
1198
1199 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1200
1201         Make the array pointer parameters in the Typed Array create() methods const.
1202         https://bugs.webkit.org/show_bug.cgi?id=81147
1203
1204         Reviewed by Kenneth Russell.
1205
1206         This allows const arrays to be passed to these methods.
1207         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1208
1209         * wtf/Int16Array.h:
1210         (Int16Array):
1211         (WTF::Int16Array::create):
1212         * wtf/Int32Array.h:
1213         (Int32Array):
1214         (WTF::Int32Array::create):
1215         * wtf/Int8Array.h:
1216         (Int8Array):
1217         (WTF::Int8Array::create):
1218         * wtf/Uint16Array.h:
1219         (Uint16Array):
1220         (WTF::Uint16Array::create):
1221         * wtf/Uint32Array.h:
1222         (Uint32Array):
1223         (WTF::Uint32Array::create):
1224         * wtf/Uint8Array.h:
1225         (Uint8Array):
1226         (WTF::Uint8Array::create):
1227         * wtf/Uint8ClampedArray.h:
1228         (Uint8ClampedArray):
1229         (WTF::Uint8ClampedArray::create):
1230
1231 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1232
1233         CopiedSpace::tryAllocateOversize assumes system page size
1234         https://bugs.webkit.org/show_bug.cgi?id=80615
1235
1236         Reviewed by Geoffrey Garen.
1237
1238         * heap/CopiedSpace.cpp:
1239         (JSC::CopiedSpace::tryAllocateOversize):
1240         * heap/CopiedSpace.h:
1241         (CopiedSpace):
1242         * heap/CopiedSpaceInlineMethods.h:
1243         (JSC::CopiedSpace::oversizeBlockFor):
1244         * wtf/BumpPointerAllocator.h:
1245         (WTF::BumpPointerPool::create):
1246         * wtf/StdLibExtras.h:
1247         (WTF::roundUpToMultipleOf):
1248
1249 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1250
1251         Fixing Windows build breakage
1252
1253         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1254
1255 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1256
1257         [EFL] Make zlib a general build requirement
1258         https://bugs.webkit.org/show_bug.cgi?id=80153
1259
1260         Reviewed by Hajime Morita.
1261
1262         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1263
1264         * wtf/Platform.h:
1265
1266 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1267
1268         NumericStrings should be inlined
1269         https://bugs.webkit.org/show_bug.cgi?id=81183
1270
1271         Reviewed by Gavin Barraclough.
1272
1273         NumericStrings is not always inlined. When it is not, the class is not faster
1274         than using UString::number() directly.
1275
1276         * runtime/NumericStrings.h:
1277         (JSC::NumericStrings::add):
1278         (JSC::NumericStrings::lookupSmallString):
1279
1280 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1281
1282         Fix ARM build after r110792.
1283
1284         Unreviewed build fix.
1285
1286         * jit/ExecutableAllocator.h:
1287         (JSC::ExecutableAllocator::cacheFlush):
1288         Remove superfluous curly brackets.
1289
1290 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1291
1292         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1293         https://bugs.webkit.org/show_bug.cgi?id=81256
1294
1295         Reviewed by Oliver Hunt.
1296
1297         This is a 0.5% sunspider progression.
1298
1299         * assembler/MacroAssemblerARMv7.h:
1300         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1301             - switch which form of vmov we use.
1302
1303 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1304
1305         [EFL] Add OwnPtr specialization for Ecore_Timer.
1306         https://bugs.webkit.org/show_bug.cgi?id=80119
1307
1308         Reviewed by Hajime Morita.
1309
1310         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1311
1312         * wtf/OwnPtrCommon.h:
1313         (WTF):
1314         * wtf/efl/OwnPtrEfl.cpp:
1315         (WTF::deleteOwnedPtr):
1316         (WTF):
1317
1318 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1319
1320         Linux has madvise enough to support OSAllocator::commit/decommit
1321         https://bugs.webkit.org/show_bug.cgi?id=80505
1322
1323         Reviewed by Geoffrey Garen.
1324
1325         * wtf/OSAllocatorPosix.cpp:
1326         (WTF::OSAllocator::reserveUncommitted):
1327         (WTF::OSAllocator::commit):
1328         (WTF::OSAllocator::decommit):
1329
1330 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1331
1332         Windows build fix.
1333
1334         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1335         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1336         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1337         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1338
1339 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1340
1341         Windows build fix.
1342
1343         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1344
1345 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1346
1347         Move wx port to using export macros
1348         https://bugs.webkit.org/show_bug.cgi?id=77279
1349
1350         Reviewed by Hajime Morita.
1351
1352         * wscript:
1353         * wtf/Platform.h:
1354
1355 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1356
1357         Avoid StringImpl::getData16SlowCase() when sorting array
1358         https://bugs.webkit.org/show_bug.cgi?id=81070
1359
1360         Reviewed by Geoffrey Garen.
1361
1362         The function codePointCompare() is used intensively when sorting strings.
1363         This patch improves its performance by:
1364         -Avoiding character conversion.
1365         -Inlining the function.
1366
1367         This makes Peacekeeper's arrayCombined test 30% faster.
1368
1369         * wtf/text/StringImpl.cpp:
1370         * wtf/text/StringImpl.h:
1371         (WTF):
1372         (WTF::codePointCompare):
1373         (WTF::codePointCompare8):
1374         (WTF::codePointCompare16):
1375         (WTF::codePointCompare8To16):
1376
1377 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1378
1379         Fix memory allocation failed by fastmalloc
1380         https://bugs.webkit.org/show_bug.cgi?id=79614
1381
1382         Reviewed by Geoffrey Garen.
1383
1384         Memory allocation failed even if the heap grows successfully.
1385         It is wrong to get the span only from the large list after the heap grows,
1386         because new span could be added in the normal list.
1387
1388         * wtf/FastMalloc.cpp:
1389         (WTF::TCMalloc_PageHeap::New):
1390
1391 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1392
1393         Run cacheFlush page by page to assure of flushing all the requested ranges
1394         https://bugs.webkit.org/show_bug.cgi?id=77712
1395
1396         Reviewed by Geoffrey Garen.
1397
1398         Current MetaAllocator concept, always coalesces adjacent free spaces,
1399         doesn't meet memory management of Linux kernel.
1400         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1401         Therefore cacheFlush page by page guarantees a flush-requested range.
1402
1403         * jit/ExecutableAllocator.h:
1404         (JSC::ExecutableAllocator::cacheFlush):
1405
1406 2012-03-14  Oliver Hunt  <oliver@apple.com>
1407
1408         Make ARMv7 work again
1409         https://bugs.webkit.org/show_bug.cgi?id=81157
1410
1411         Reviewed by Geoffrey Garen.
1412
1413         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1414         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1415         nefarious purposes.
1416
1417         * assembler/MacroAssembler.h:
1418         (JSC::MacroAssembler::store32):
1419         * assembler/MacroAssemblerARMv7.h:
1420         (MacroAssemblerARMv7):
1421
1422 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1423
1424         Heap::destroy leaks CopiedSpace
1425         https://bugs.webkit.org/show_bug.cgi?id=81055
1426
1427         Reviewed by Geoffrey Garen.
1428
1429         Added a destroy() function to CopiedSpace that moves all normal size 
1430         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1431         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1432         This function is now called in Heap::destroy().
1433
1434         * heap/CopiedSpace.cpp:
1435         (JSC::CopiedSpace::destroy):
1436         (JSC):
1437         * heap/CopiedSpace.h:
1438         (CopiedSpace):
1439         * heap/Heap.cpp:
1440         (JSC::Heap::destroy):
1441
1442 2012-03-14  Andrew Lo  <anlo@rim.com>
1443
1444         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1445         https://bugs.webkit.org/show_bug.cgi?id=81000
1446
1447         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1448
1449         Reviewed by Antonio Gomes.
1450
1451         * wtf/Platform.h:
1452
1453 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1454
1455         ValueToInt32 speculation will cause OSR exits even when it does not have to
1456         https://bugs.webkit.org/show_bug.cgi?id=81068
1457         <rdar://problem/11043926>
1458
1459         Reviewed by Anders Carlsson.
1460         
1461         Two related changes:
1462         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1463            of exiting, if it doesn't know what speculations to perform.
1464         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1465
1466         * dfg/DFGAbstractState.cpp:
1467         (JSC::DFG::AbstractState::execute):
1468         * dfg/DFGNode.h:
1469         (JSC::DFG::Node::shouldSpeculateBoolean):
1470         (Node):
1471         * dfg/DFGSpeculativeJIT.cpp:
1472         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1473
1474 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1475
1476         More Windows build fixing
1477
1478         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1479
1480 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1481
1482         Windows build fix
1483
1484         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1485
1486 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1487
1488         Type conversion of exponential part failed
1489         https://bugs.webkit.org/show_bug.cgi?id=80673
1490
1491         Reviewed by Geoffrey Garen.
1492
1493         * parser/Lexer.cpp:
1494         (JSC::::lex):
1495         * runtime/JSGlobalObjectFunctions.cpp:
1496         (JSC::parseInt):
1497         (JSC):
1498         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1499         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1500         parameter for strtod to allow trailing spaces.
1501         (JSC::toDouble):
1502         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1503         * runtime/LiteralParser.cpp:
1504         (JSC::::Lexer::lexNumber):
1505         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1506         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1507         * wtf/dtoa.cpp:
1508         (WTF):
1509         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1510         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1511         * wtf/dtoa.h:
1512         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1513         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1514         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1515         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1516         * wtf/text/WTFString.cpp:
1517         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1518
1519 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1520
1521         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1522         Removing the assert for now.
1523
1524         * dfg/DFGOperations.h:
1525         * llint/LLIntSlowPaths.h:
1526
1527 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1528
1529         Functions with C linkage should return POD types
1530         https://bugs.webkit.org/show_bug.cgi?id=81061
1531
1532         Reviewed by Mark Rowe.
1533
1534         * dfg/DFGOperations.h:
1535         * llint/LLIntSlowPaths.h:
1536         (LLInt):
1537         (SlowPathReturnType):
1538         (JSC::LLInt::encodeResult):
1539
1540 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1541
1542         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1543         https://bugs.webkit.org/show_bug.cgi?id=80979
1544         <rdar://problem/11036848>
1545
1546         Reviewed by Oliver Hunt.
1547         
1548         Also improved DFG IR dumping to include type information in a somewhat more
1549         intuitive way.
1550
1551         * bytecode/PredictedType.cpp:
1552         (JSC::predictionToAbbreviatedString):
1553         (JSC):
1554         * bytecode/PredictedType.h:
1555         (JSC):
1556         * dfg/DFGAbstractState.cpp:
1557         (JSC::DFG::AbstractState::execute):
1558         * dfg/DFGGraph.cpp:
1559         (JSC::DFG::Graph::dump):
1560         * dfg/DFGPredictionPropagationPhase.cpp:
1561         (JSC::DFG::PredictionPropagationPhase::propagate):
1562         * dfg/DFGSpeculativeJIT.cpp:
1563         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1564         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1565         * dfg/DFGSpeculativeJIT.h:
1566         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1567
1568 2012-03-13  George Staikos  <staikos@webkit.org>
1569
1570         The callback is only used if SA_RESTART is defined.  Compile it out
1571         otherwise to avoid a warning.
1572         https://bugs.webkit.org/show_bug.cgi?id=80926
1573
1574         Reviewed by Alexey Proskuryakov.
1575
1576         * heap/MachineStackMarker.cpp:
1577         (JSC):
1578
1579 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1580
1581         Dump the generated code for ARM_TRADITIONAL
1582         https://bugs.webkit.org/show_bug.cgi?id=80975
1583
1584         Reviewed by Gavin Barraclough.
1585
1586         * assembler/LinkBuffer.h:
1587         (JSC::LinkBuffer::dumpCode):
1588
1589 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1590
1591         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1592         https://bugs.webkit.org/show_bug.cgi?id=78853
1593
1594         Reviewed by Adam Barth.
1595
1596         * Configurations/FeatureDefines.xcconfig:
1597         * wtf/Platform.h:
1598
1599 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1600
1601         Remove SlotVisitor::copy() method.
1602         https://bugs.webkit.org/show_bug.cgi?id=80973
1603
1604         Reviewed by Geoffrey Garen.
1605
1606         SlotVisitor::copy() method isn't called anywhere.
1607
1608         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1609         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1610
1611 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1612
1613         Fix test cases for RegExp multiline
1614         https://bugs.webkit.org/show_bug.cgi?id=80822
1615
1616         Reviewed by Gavin Barraclough.
1617
1618         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1619         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1620         * tests/mozilla/js1_2/regexp/beginLine.js:
1621         * tests/mozilla/js1_2/regexp/endLine.js:
1622
1623 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1624
1625         Arithmetic use inference should be procedure-global and should run in tandem
1626         with type propagation
1627         https://bugs.webkit.org/show_bug.cgi?id=80819
1628         <rdar://problem/11034006>
1629
1630         Reviewed by Gavin Barraclough.
1631         
1632         * CMakeLists.txt:
1633         * GNUmakefile.list.am:
1634         * JavaScriptCore.xcodeproj/project.pbxproj:
1635         * Target.pri:
1636         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
1637         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
1638         * dfg/DFGDriver.cpp:
1639         (JSC::DFG::compile):
1640         * dfg/DFGPredictionPropagationPhase.cpp:
1641         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1642         (PredictionPropagationPhase):
1643         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1644         (JSC::DFG::PredictionPropagationPhase::propagate):
1645         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1646         * dfg/DFGVariableAccessData.h:
1647         (JSC::DFG::VariableAccessData::VariableAccessData):
1648         (JSC::DFG::VariableAccessData::flags):
1649         (VariableAccessData):
1650         (JSC::DFG::VariableAccessData::mergeFlags):
1651
1652 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1653
1654         Node::op and Node::flags should be private
1655         https://bugs.webkit.org/show_bug.cgi?id=80824
1656         <rdar://problem/11033435>
1657
1658         Reviewed by Gavin Barraclough.
1659
1660         * CMakeLists.txt:
1661         * GNUmakefile.list.am:
1662         * JavaScriptCore.xcodeproj/project.pbxproj:
1663         * Target.pri:
1664         * dfg/DFGAbstractState.cpp:
1665         (JSC::DFG::AbstractState::initialize):
1666         (JSC::DFG::AbstractState::execute):
1667         (JSC::DFG::AbstractState::mergeStateAtTail):
1668         (JSC::DFG::AbstractState::mergeToSuccessors):
1669         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1670         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1671         * dfg/DFGByteCodeParser.cpp:
1672         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
1673         (JSC::DFG::ByteCodeParser::getLocal):
1674         (JSC::DFG::ByteCodeParser::getArgument):
1675         (JSC::DFG::ByteCodeParser::flushArgument):
1676         (JSC::DFG::ByteCodeParser::toInt32):
1677         (JSC::DFG::ByteCodeParser::isJSConstant):
1678         (JSC::DFG::ByteCodeParser::makeSafe):
1679         (JSC::DFG::ByteCodeParser::makeDivSafe):
1680         (JSC::DFG::ByteCodeParser::handleInlining):
1681         (JSC::DFG::ByteCodeParser::parseBlock):
1682         (JSC::DFG::ByteCodeParser::processPhiStack):
1683         (JSC::DFG::ByteCodeParser::linkBlock):
1684         * dfg/DFGCFAPhase.cpp:
1685         (JSC::DFG::CFAPhase::performBlockCFA):
1686         * dfg/DFGCSEPhase.cpp:
1687         (JSC::DFG::CSEPhase::canonicalize):
1688         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1689         (JSC::DFG::CSEPhase::pureCSE):
1690         (JSC::DFG::CSEPhase::byValIsPure):
1691         (JSC::DFG::CSEPhase::clobbersWorld):
1692         (JSC::DFG::CSEPhase::impureCSE):
1693         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1694         (JSC::DFG::CSEPhase::getByValLoadElimination):
1695         (JSC::DFG::CSEPhase::checkFunctionElimination):
1696         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1697         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1698         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1699         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1700         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1701         (JSC::DFG::CSEPhase::performNodeCSE):
1702         * dfg/DFGGraph.cpp:
1703         (JSC::DFG::Graph::dump):
1704         (DFG):
1705         * dfg/DFGGraph.h:
1706         (JSC::DFG::Graph::addShouldSpeculateInteger):
1707         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1708         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1709         * dfg/DFGNode.cpp: Removed.
1710         * dfg/DFGNode.h:
1711         (DFG):
1712         (JSC::DFG::Node::Node):
1713         (Node):
1714         (JSC::DFG::Node::op):
1715         (JSC::DFG::Node::flags):
1716         (JSC::DFG::Node::setOp):
1717         (JSC::DFG::Node::setFlags):
1718         (JSC::DFG::Node::mergeFlags):
1719         (JSC::DFG::Node::filterFlags):
1720         (JSC::DFG::Node::clearFlags):
1721         (JSC::DFG::Node::setOpAndDefaultFlags):
1722         (JSC::DFG::Node::mustGenerate):
1723         (JSC::DFG::Node::isConstant):
1724         (JSC::DFG::Node::isWeakConstant):
1725         (JSC::DFG::Node::valueOfJSConstant):
1726         (JSC::DFG::Node::hasVariableAccessData):
1727         (JSC::DFG::Node::hasIdentifier):
1728         (JSC::DFG::Node::resolveGlobalDataIndex):
1729         (JSC::DFG::Node::hasArithNodeFlags):
1730         (JSC::DFG::Node::arithNodeFlags):
1731         (JSC::DFG::Node::setArithNodeFlag):
1732         (JSC::DFG::Node::mergeArithNodeFlags):
1733         (JSC::DFG::Node::hasConstantBuffer):
1734         (JSC::DFG::Node::hasRegexpIndex):
1735         (JSC::DFG::Node::hasVarNumber):
1736         (JSC::DFG::Node::hasScopeChainDepth):
1737         (JSC::DFG::Node::hasResult):
1738         (JSC::DFG::Node::hasInt32Result):
1739         (JSC::DFG::Node::hasNumberResult):
1740         (JSC::DFG::Node::hasJSResult):
1741         (JSC::DFG::Node::hasBooleanResult):
1742         (JSC::DFG::Node::isJump):
1743         (JSC::DFG::Node::isBranch):
1744         (JSC::DFG::Node::isTerminal):
1745         (JSC::DFG::Node::hasHeapPrediction):
1746         (JSC::DFG::Node::hasFunctionCheckData):
1747         (JSC::DFG::Node::hasStructureTransitionData):
1748         (JSC::DFG::Node::hasStructureSet):
1749         (JSC::DFG::Node::hasStorageAccessData):
1750         (JSC::DFG::Node::hasFunctionDeclIndex):
1751         (JSC::DFG::Node::hasFunctionExprIndex):
1752         (JSC::DFG::Node::child1):
1753         (JSC::DFG::Node::child2):
1754         (JSC::DFG::Node::child3):
1755         (JSC::DFG::Node::firstChild):
1756         (JSC::DFG::Node::numChildren):
1757         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
1758         * dfg/DFGNodeFlags.h: Added.
1759         (DFG):
1760         (JSC::DFG::nodeUsedAsNumber):
1761         (JSC::DFG::nodeCanTruncateInteger):
1762         (JSC::DFG::nodeCanIgnoreNegativeZero):
1763         (JSC::DFG::nodeMayOverflow):
1764         (JSC::DFG::nodeCanSpeculateInteger):
1765         * dfg/DFGNodeType.h: Added.
1766         (DFG):
1767         (JSC::DFG::defaultFlags):
1768         * dfg/DFGPredictionPropagationPhase.cpp:
1769         (JSC::DFG::PredictionPropagationPhase::propagate):
1770         (JSC::DFG::PredictionPropagationPhase::vote):
1771         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1772         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1773         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1774         (JSC::DFG::RedundantPhiEliminationPhase::run):
1775         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1776         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1777         * dfg/DFGSpeculativeJIT.cpp:
1778         (JSC::DFG::SpeculativeJIT::useChildren):
1779         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1780         (JSC::DFG::SpeculativeJIT::compileMovHint):
1781         (JSC::DFG::SpeculativeJIT::compile):
1782         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1783         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1784         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1785         (JSC::DFG::SpeculativeJIT::compileAdd):
1786         (JSC::DFG::SpeculativeJIT::compare):
1787         * dfg/DFGSpeculativeJIT.h:
1788         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1789         * dfg/DFGSpeculativeJIT32_64.cpp:
1790         (JSC::DFG::SpeculativeJIT::emitCall):
1791         (JSC::DFG::SpeculativeJIT::compile):
1792         * dfg/DFGSpeculativeJIT64.cpp:
1793         (JSC::DFG::SpeculativeJIT::emitCall):
1794         (JSC::DFG::SpeculativeJIT::compile):
1795         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1796         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1797
1798 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1799
1800         Minor DataLog fixes
1801         https://bugs.webkit.org/show_bug.cgi?id=80826
1802
1803         Reviewed by Andreas Kling.
1804
1805         * bytecode/ExecutionCounter.cpp:
1806         Do not include DataLog.h, it is not used.
1807         
1808         * jit/ExecutableAllocator.cpp:
1809         Ditto.
1810
1811         * wtf/DataLog.cpp:
1812         (WTF::initializeLogFileOnce):
1813         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
1814
1815         * wtf/HashTable.cpp:
1816         Include DataLog as it is used.
1817
1818 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
1819
1820         Integer overflow check code in arithmetic operation in classic interpreter
1821         https://bugs.webkit.org/show_bug.cgi?id=80465
1822
1823         Reviewed by Gavin Barraclough.
1824
1825         * interpreter/Interpreter.cpp:
1826         (JSC::Interpreter::privateExecute):
1827
1828 2012-03-12  Zeno Albisser  <zeno@webkit.org>
1829
1830         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
1831         https://bugs.webkit.org/show_bug.cgi?id=80827
1832
1833         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
1834
1835         Reviewed by Simon Hausmann.
1836
1837         * wtf/Platform.h:
1838
1839 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
1840
1841         Unreviewed prospective Qt/Mac build fix
1842
1843         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
1844         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
1845         constructor.
1846
1847 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1848
1849         All DFG nodes should have a mutable set of flags
1850         https://bugs.webkit.org/show_bug.cgi?id=80779
1851         <rdar://problem/11026218>
1852
1853         Reviewed by Gavin Barraclough.
1854         
1855         Got rid of NodeId, and placed all of the flags that distinguished NodeId
1856         from NodeType into a separate Node::flags field. Combined what was previously
1857         ArithNodeFlags into Node::flags.
1858         
1859         In the process of debugging, I found that the debug support in the virtual
1860         register allocator was lacking, so I improved it. I also realized that the
1861         virtual register allocator was assuming that the nodes in a basic block were
1862         contiguous, which is no longer the case. So I fixed that. The fix also made
1863         it natural to have more extreme assertions, so I added them. I suspect this
1864         will make it easier to catch virtual register allocation bugs in the future.
1865         
1866         This is mostly performance neutral; if anything it looks like a slight
1867         speed-up.
1868         
1869         This patch does leave some work for future refactorings; for example, Node::op
1870         is unencapsulated. This was already the case, though now it feels even more
1871         like it should be. I avoided doing that because this patch has already grown
1872         way bigger than I wanted.
1873         
1874         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
1875         move some unnecessarily inline stuff out of DFGNode.h.
1876
1877         * CMakeLists.txt:
1878         * GNUmakefile.list.am:
1879         * JavaScriptCore.xcodeproj/project.pbxproj:
1880         * Target.pri:
1881         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1882         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1883         * dfg/DFGByteCodeParser.cpp:
1884         (JSC::DFG::ByteCodeParser::addToGraph):
1885         (JSC::DFG::ByteCodeParser::makeSafe):
1886         (JSC::DFG::ByteCodeParser::makeDivSafe):
1887         (JSC::DFG::ByteCodeParser::handleMinMax):
1888         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1889         (JSC::DFG::ByteCodeParser::parseBlock):
1890         * dfg/DFGCFAPhase.cpp:
1891         (JSC::DFG::CFAPhase::performBlockCFA):
1892         * dfg/DFGCSEPhase.cpp:
1893         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1894         (JSC::DFG::CSEPhase::pureCSE):
1895         (JSC::DFG::CSEPhase::clobbersWorld):
1896         (JSC::DFG::CSEPhase::impureCSE):
1897         (JSC::DFG::CSEPhase::setReplacement):
1898         (JSC::DFG::CSEPhase::eliminate):
1899         (JSC::DFG::CSEPhase::performNodeCSE):
1900         (JSC::DFG::CSEPhase::performBlockCSE):
1901         (CSEPhase):
1902         * dfg/DFGGraph.cpp:
1903         (JSC::DFG::Graph::opName):
1904         (JSC::DFG::Graph::dump):
1905         (DFG):
1906         * dfg/DFGNode.cpp: Added.
1907         (DFG):
1908         (JSC::DFG::arithNodeFlagsAsString):
1909         * dfg/DFGNode.h:
1910         (DFG):
1911         (JSC::DFG::nodeUsedAsNumber):
1912         (JSC::DFG::nodeCanTruncateInteger):
1913         (JSC::DFG::nodeCanIgnoreNegativeZero):
1914         (JSC::DFG::nodeMayOverflow):
1915         (JSC::DFG::nodeCanSpeculateInteger):
1916         (JSC::DFG::defaultFlags):
1917         (JSC::DFG::Node::Node):
1918         (Node):
1919         (JSC::DFG::Node::setOpAndDefaultFlags):
1920         (JSC::DFG::Node::mustGenerate):
1921         (JSC::DFG::Node::arithNodeFlags):
1922         (JSC::DFG::Node::setArithNodeFlag):
1923         (JSC::DFG::Node::mergeArithNodeFlags):
1924         (JSC::DFG::Node::hasResult):
1925         (JSC::DFG::Node::hasInt32Result):
1926         (JSC::DFG::Node::hasNumberResult):
1927         (JSC::DFG::Node::hasJSResult):
1928         (JSC::DFG::Node::hasBooleanResult):
1929         (JSC::DFG::Node::isJump):
1930         (JSC::DFG::Node::isBranch):
1931         (JSC::DFG::Node::isTerminal):
1932         (JSC::DFG::Node::child1):
1933         (JSC::DFG::Node::child2):
1934         (JSC::DFG::Node::child3):
1935         (JSC::DFG::Node::firstChild):
1936         (JSC::DFG::Node::numChildren):
1937         * dfg/DFGPredictionPropagationPhase.cpp:
1938         (JSC::DFG::PredictionPropagationPhase::propagate):
1939         (JSC::DFG::PredictionPropagationPhase::vote):
1940         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1941         * dfg/DFGScoreBoard.h:
1942         (ScoreBoard):
1943         (JSC::DFG::ScoreBoard::~ScoreBoard):
1944         (JSC::DFG::ScoreBoard::assertClear):
1945         (JSC::DFG::ScoreBoard::use):
1946         * dfg/DFGSpeculativeJIT.cpp:
1947         (JSC::DFG::SpeculativeJIT::useChildren):
1948         * dfg/DFGSpeculativeJIT32_64.cpp:
1949         (JSC::DFG::SpeculativeJIT::compile):
1950         * dfg/DFGSpeculativeJIT64.cpp:
1951         (JSC::DFG::SpeculativeJIT::compile):
1952         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1953         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1954
1955 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
1956
1957         LLInt should support JSVALUE64
1958         https://bugs.webkit.org/show_bug.cgi?id=79609
1959         <rdar://problem/10063437>
1960
1961         Reviewed by Gavin Barraclough and Oliver Hunt.
1962         
1963         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
1964         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
1965         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
1966         specialized for value representation.
1967         
1968         Also made some minor changes to offlineasm and the slow-paths.
1969
1970         * llint/LLIntData.cpp:
1971         (JSC::LLInt::Data::performAssertions):
1972         * llint/LLIntEntrypoints.cpp:
1973         * llint/LLIntSlowPaths.cpp:
1974         (LLInt):
1975         (JSC::LLInt::llint_trace_value):
1976         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1977         (JSC::LLInt::jitCompileAndSetHeuristics):
1978         * llint/LLIntSlowPaths.h:
1979         (LLInt):
1980         (SlowPathReturnType):
1981         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
1982         (JSC::LLInt::encodeResult):
1983         * llint/LLIntThunks.cpp:
1984         * llint/LowLevelInterpreter.asm:
1985         * llint/LowLevelInterpreter32_64.asm:
1986         * llint/LowLevelInterpreter64.asm:
1987         * offlineasm/armv7.rb:
1988         * offlineasm/asm.rb:
1989         * offlineasm/ast.rb:
1990         * offlineasm/backends.rb:
1991         * offlineasm/instructions.rb:
1992         * offlineasm/parser.rb:
1993         * offlineasm/registers.rb:
1994         * offlineasm/transform.rb:
1995         * offlineasm/x86.rb:
1996         * wtf/Platform.h:
1997
1998 2012-03-10  Yong Li  <yoli@rim.com>
1999
2000         Web Worker crashes with WX_EXCLUSIVE
2001         https://bugs.webkit.org/show_bug.cgi?id=80532
2002
2003         Let each JS global object own a meta allocator
2004         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2005         Also fix a mutex leak in MetaAllocator's dtor.
2006
2007         Reviewed by Filip Pizlo.
2008
2009         * jit/ExecutableAllocator.cpp:
2010         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2011         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2012         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2013         (DemandExecutableAllocator):
2014         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2015         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2016         (JSC::DemandExecutableAllocator::allocateNewSpace):
2017         (JSC::DemandExecutableAllocator::allocators):
2018         (JSC::DemandExecutableAllocator::allocatorsMutex):
2019         (JSC):
2020         (JSC::ExecutableAllocator::initializeAllocator):
2021         (JSC::ExecutableAllocator::ExecutableAllocator):
2022         (JSC::ExecutableAllocator::underMemoryPressure):
2023         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2024         (JSC::ExecutableAllocator::allocate):
2025         (JSC::ExecutableAllocator::committedByteCount):
2026         (JSC::ExecutableAllocator::dumpProfile):
2027         * jit/ExecutableAllocator.h:
2028         (JSC):
2029         (ExecutableAllocator):
2030         (JSC::ExecutableAllocator::allocator):
2031         * wtf/MetaAllocator.h:
2032         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2033         * wtf/TCSpinLock.h:
2034         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2035
2036 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2037
2038         Object.freeze broken on latest Nightly
2039         https://bugs.webkit.org/show_bug.cgi?id=80577
2040
2041         Reviewed by Oliver Hunt.
2042
2043         The problem here is that deleteProperty rejects deletion of prototype.
2044         This is correct in most cases, however defineOwnPropery is presently
2045         implemented internally to ensure the attributes change by deleting the
2046         old property, and creating a new one.
2047
2048         * runtime/JSFunction.cpp:
2049         (JSC::JSFunction::deleteProperty):
2050             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2051
2052 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2053
2054         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2055         https://bugs.webkit.org/show_bug.cgi?id=80663
2056
2057         Reviewed by Michael Saboff.
2058
2059         The bug here is actually that we're continuing to process the array after an exception
2060         has been thrown, and that the second value throw is overriding the first.
2061
2062         * runtime/ArrayPrototype.cpp:
2063         (JSC::arrayProtoFuncToLocaleString):
2064
2065 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2066
2067         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2068         https://bugs.webkit.org/show_bug.cgi?id=80080
2069
2070         Reviewed by Filip Pizlo.
2071
2072         * bytecode/SamplingTool.cpp:
2073         (JSC::SamplingRegion::Locker::Locker):
2074         (JSC::SamplingRegion::Locker::~Locker):
2075         * bytecode/SamplingTool.h:
2076         (JSC::SamplingRegion::exchangeCurrent):
2077         * wtf/Atomics.h:
2078         (WTF):
2079         (WTF::weakCompareAndSwap):
2080         (WTF::weakCompareAndSwapUIntPtr):
2081
2082 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2083
2084         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2085         https://bugs.webkit.org/show_bug.cgi?id=49989
2086
2087         Reviewed by Oliver Hunt.
2088
2089         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2090         allow the year to appear before the timezone in date strings.
2091
2092         * wtf/DateMath.cpp:
2093         (WTF::parseDateFromNullTerminatedCharacters):
2094
2095 2012-03-09  Mark Rowe  <mrowe@apple.com>
2096
2097         Ensure that the WTF headers are copied at installhdrs time.
2098
2099         Reviewed by Dan Bernstein and Jessie Berlin.
2100
2101         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2102         so that our script phases are invoked at installhdrs time. The only one that
2103         does any useful work at that time is the one that installs WTF headers.
2104
2105 2012-03-09  Jon Lee  <jonlee@apple.com>
2106
2107         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2108         https://bugs.webkit.org/show_bug.cgi?id=80497
2109
2110         Reviewed by Adam Barth.
2111
2112         Prep for b80472: Update API for Web Notifications
2113         * Configurations/FeatureDefines.xcconfig:
2114
2115 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2116
2117         Bash scripts should support LF endings only
2118         https://bugs.webkit.org/show_bug.cgi?id=79509
2119
2120         Reviewed by David Kilzer.
2121
2122         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2123         * gyp/run-if-exists.sh: Added property svn:eol-style.
2124         * gyp/update-info-plist.sh: Added property svn:eol-style.
2125
2126 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2127
2128         Windows debug build fix.
2129
2130         * assembler/MacroAssembler.h:
2131         (JSC::MacroAssembler::shouldBlind):
2132         Fix unreachable code warnings (which we treat as errors).
2133
2134 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2135
2136         Reviewed by Zoltan Herczeg.
2137
2138         [Qt] Fix the SH4 build after r109834
2139         https://bugs.webkit.org/show_bug.cgi?id=80492
2140
2141         * assembler/MacroAssemblerSH4.h:
2142         (JSC::MacroAssemblerSH4::branchAdd32):
2143         (JSC::MacroAssemblerSH4::branchSub32):
2144
2145 2012-03-09  Andy Wingo  <wingo@igalia.com>
2146
2147         Refactor code feature analysis in the parser
2148         https://bugs.webkit.org/show_bug.cgi?id=79112
2149
2150         Reviewed by Geoffrey Garen.
2151
2152         This commit refactors the parser to more uniformly propagate flag
2153         bits down and up the parse process, as the parser descends and
2154         returns into nested blocks.  Some flags get passed town to
2155         subscopes, some apply to specific scopes only, and some get
2156         unioned up after parsing subscopes.
2157
2158         The goal is to eventually be very precise with scoping
2159         information, once we have block scopes: one block scope might use
2160         `eval', which would require the emission of a symbol table within
2161         that block and containing blocks, whereas another block in the
2162         same function might not, allowing us to not emit a symbol table.
2163
2164         * parser/Nodes.h:
2165         (JSC::ScopeFlags): Rename from CodeFeatures.
2166         (JSC::ScopeNode::addScopeFlags):
2167         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2168         (JSC::ScopeNode::isStrictMode):
2169         (JSC::ScopeNode::usesEval):
2170         (JSC::ScopeNode::usesArguments):
2171         (JSC::ScopeNode::setUsesArguments):
2172         (JSC::ScopeNode::usesThis):
2173         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2174         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2175         operate on the m_scopeFlags member.
2176         (JSC::ScopeNode::source):
2177         (JSC::ScopeNode::sourceURL):
2178         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2179         semantic change.
2180         (JSC::ScopeNode::ScopeNode)
2181         (JSC::ProgramNode::ProgramNode)
2182         (JSC::EvalNode::EvalNode)
2183         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2184         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2185
2186         * parser/Nodes.cpp:
2187         (JSC::ScopeNode::ScopeNode):
2188         (JSC::ProgramNode::ProgramNode):
2189         (JSC::ProgramNode::create):
2190         (JSC::EvalNode::EvalNode):
2191         (JSC::EvalNode::create):
2192         (JSC::FunctionBodyNode::FunctionBodyNode):
2193         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2194
2195         * parser/ASTBuilder.h:
2196         (JSC::ASTBuilder::ASTBuilder):
2197         (JSC::ASTBuilder::thisExpr):
2198         (JSC::ASTBuilder::createResolve):
2199         (JSC::ASTBuilder::createFunctionBody):
2200         (JSC::ASTBuilder::createFuncDeclStatement):
2201         (JSC::ASTBuilder::createTryStatement):
2202         (JSC::ASTBuilder::createWithStatement):
2203         (JSC::ASTBuilder::addVar):
2204         (JSC::ASTBuilder::Scope::Scope):
2205         (Scope):
2206         (ASTBuilder):
2207         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2208         features here.  Instead rely on the base Parser mechanism to track
2209         features.
2210
2211         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2212
2213         * parser/Parser.h:
2214         (JSC::Scope::Scope): Manage scope through flags, not
2215         bit-booleans.  This lets us uniformly propagate them up and down.
2216         (JSC::Scope::declareWrite):
2217         (JSC::Scope::declareParameter):
2218         (JSC::Scope::useVariable):
2219         (JSC::Scope::collectFreeVariables):
2220         (JSC::Scope::getCapturedVariables):
2221         (JSC::Scope::saveFunctionInfo):
2222         (JSC::Scope::restoreFunctionInfo):
2223         (JSC::Parser::pushScope): Adapt to use scope flags and their
2224         accessors instead of bit-booleans.
2225         * parser/Parser.cpp:
2226         (JSC::::Parser):
2227         (JSC::::parseInner):
2228         (JSC::::didFinishParsing):
2229         (JSC::::parseSourceElements):
2230         (JSC::::parseVarDeclarationList):
2231         (JSC::::parseConstDeclarationList):
2232         (JSC::::parseWithStatement):
2233         (JSC::::parseTryStatement):
2234         (JSC::::parseFunctionBody):
2235         (JSC::::parseFunctionInfo):
2236         (JSC::::parseFunctionDeclaration):
2237         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2238         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2239         Does not seem to have a performance impact.
2240
2241         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2242         Cache the scopeflags.
2243         * parser/SyntaxChecker.h: Remove evalCount() decl.
2244
2245         * runtime/Executable.cpp:
2246         (JSC::EvalExecutable::compileInternal):
2247         (JSC::ProgramExecutable::compileInternal):
2248         (JSC::FunctionExecutable::produceCodeBlockFor):
2249         * runtime/Executable.h:
2250         (JSC::ScriptExecutable::ScriptExecutable):
2251         (JSC::ScriptExecutable::usesEval):
2252         (JSC::ScriptExecutable::usesArguments):
2253         (JSC::ScriptExecutable::needsActivation):
2254         (JSC::ScriptExecutable::isStrictMode):
2255         (JSC::ScriptExecutable::recordParse):
2256         (ScriptExecutable): ScopeFlags, not features.
2257
2258 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2259
2260         Build fix for MSVC after r110266
2261
2262         Unreviewed. A #ifdef for MSVC was left over in r110266.
2263
2264         * runtime/RegExpObject.h:
2265         (RegExpObject):
2266
2267 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2268
2269         Allocate the RegExpObject's data with the Cell
2270         https://bugs.webkit.org/show_bug.cgi?id=80654
2271
2272         Reviewed by Gavin Barraclough.
2273
2274         This patch removes the creation of RegExpObject's data to avoid the overhead
2275         create by the allocation and destruction.
2276
2277         We RegExp are created repeatedly, this provides some performance improvment.
2278         The PeaceKeeper test stringDetectBrowser improves by 10%.
2279
2280         * runtime/RegExpObject.cpp:
2281         (JSC::RegExpObject::RegExpObject):
2282         (JSC::RegExpObject::visitChildren):
2283         (JSC::RegExpObject::getOwnPropertyDescriptor):
2284         (JSC::RegExpObject::defineOwnProperty):
2285         (JSC::RegExpObject::match):
2286         * runtime/RegExpObject.h:
2287         (JSC::RegExpObject::setRegExp):
2288         (JSC::RegExpObject::regExp):
2289         (JSC::RegExpObject::setLastIndex):
2290         (JSC::RegExpObject::getLastIndex):
2291         (RegExpObject):
2292
2293 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2294
2295         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2296         https://bugs.webkit.org/show_bug.cgi?id=80657
2297         
2298         Preparation for WTF separation from JavaScriptCore.
2299         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2300         dependencies for generated files.
2301         
2302         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2303         versions of the WTF code independent of the JavaScriptCore code.
2304
2305         Reviewed by Jessie Berlin.
2306
2307         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2308         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2309         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2310         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2311         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2312         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2313         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2314         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2315         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2316         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2317         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2318         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2319         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2320         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2321         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2322         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2323         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2324         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2325         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2326         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2327         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2328
2329 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2330
2331         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2332         https://bugs.webkit.org/show_bug.cgi?id=80652
2333
2334         Reviewed by Eric Seidel.
2335
2336         Fix the header, URLSegments.h is not part of the API.
2337
2338         * wtf/url/api/ParsedURL.h:
2339
2340 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2341
2342         Mac build fix for micro data API.
2343
2344         * Configurations/FeatureDefines.xcconfig:
2345
2346 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2347
2348         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2349         https://bugs.webkit.org/show_bug.cgi?id=26890
2350
2351         Reviewed by Oliver Hunt.
2352
2353         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2354
2355         * runtime/StringPrototype.cpp:
2356         (JSC::replaceUsingRegExpSearch):
2357         (JSC::stringProtoFuncMatch):
2358             - added calls to setLastIndex.
2359
2360 2012-03-08  Matt Lilek  <mrl@apple.com>
2361
2362         Don't enable VIDEO_TRACK on all OS X platforms
2363         https://bugs.webkit.org/show_bug.cgi?id=80635
2364
2365         Reviewed by Eric Carlson.
2366
2367         * Configurations/FeatureDefines.xcconfig:
2368
2369 2012-03-08  Oliver Hunt  <oliver@apple.com>
2370
2371         Build fix.  That day is not today.
2372
2373         * assembler/MacroAssembler.h:
2374         (JSC::MacroAssembler::shouldBlind):
2375         * assembler/MacroAssemblerX86Common.h:
2376         (MacroAssemblerX86Common):
2377         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2378
2379 2012-03-08  Oliver Hunt  <oliver@apple.com>
2380
2381         Build fix. One of these days I'll manage to commit something that works everywhere.
2382
2383         * assembler/AbstractMacroAssembler.h:
2384         (AbstractMacroAssembler):
2385         * assembler/MacroAssemblerARMv7.h:
2386         (MacroAssemblerARMv7):
2387         * assembler/MacroAssemblerX86Common.h:
2388         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2389         (MacroAssemblerX86Common):
2390
2391 2012-03-08  Chao-ying Fu  <fu@mips.com>
2392
2393         Update MIPS patchOffsetGetByIdSlowCaseCall
2394         https://bugs.webkit.org/show_bug.cgi?id=80302
2395
2396         Reviewed by Oliver Hunt.
2397
2398         * jit/JIT.h:
2399         (JIT):
2400
2401 2012-03-08  Oliver Hunt  <oliver@apple.com>
2402
2403         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2404         https://bugs.webkit.org/show_bug.cgi?id=80633
2405
2406         Reviewed by Gavin Barraclough.
2407
2408         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2409         if there isn't a machine specific implementation (otherwise the 64bit value
2410         got truncated and 32bit checks were used -- leaving 32bits untested).
2411         Also add a bit of logic to ensure that we don't try to blind a few common
2412         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2413         unencoded doubles with common "safe" values.
2414
2415         * assembler/AbstractMacroAssembler.h:
2416         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2417         * assembler/MacroAssembler.h:
2418         (JSC::MacroAssembler::shouldBlindDouble):
2419         (MacroAssembler):
2420         (JSC::MacroAssembler::shouldBlind):
2421         * assembler/MacroAssemblerX86Common.h:
2422         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2423
2424 2012-03-08  Mark Rowe  <mrowe@apple.com>
2425
2426         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2427
2428         Reviewed by Dan Bernstein.
2429
2430         * Configurations/Base.xcconfig:
2431
2432 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2433
2434         Fix line endings for copy-files.cmd.
2435         
2436         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2437         In this case, the label :clean wasn't found, breaking the clean build.
2438         
2439         Reviewed by Jessie Berlin.
2440
2441         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2442
2443 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2444
2445         DFG CFA incorrectly handles ValueToInt32
2446         https://bugs.webkit.org/show_bug.cgi?id=80568
2447
2448         Reviewed by Gavin Barraclough.
2449         
2450         Changed it match exactly the decision pattern used in
2451         DFG::SpeculativeJIT::compileValueToInt32
2452
2453         * dfg/DFGAbstractState.cpp:
2454         (JSC::DFG::AbstractState::execute):
2455
2456 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2457
2458         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2459         https://bugs.webkit.org/show_bug.cgi?id=80524
2460
2461         Reviewed by Simon Hausmann.
2462
2463         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2464         of WTF library.
2465
2466         * runtime/Identifier.cpp:
2467         * wtf/WTFThreadData.cpp:
2468         (JSC):
2469         (JSC::IdentifierTable::~IdentifierTable):
2470         (JSC::IdentifierTable::add):
2471
2472 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2473
2474         DFG instruction count threshold should be lifted to 10000
2475         https://bugs.webkit.org/show_bug.cgi?id=80579
2476
2477         Reviewed by Gavin Barraclough.
2478
2479         * runtime/Options.cpp:
2480         (JSC::Options::initializeOptions):
2481
2482 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2483
2484         Incorrect tracking of abstract values of variables forced double
2485         https://bugs.webkit.org/show_bug.cgi?id=80566
2486         <rdar://problem/11001442>
2487
2488         Reviewed by Gavin Barraclough.
2489
2490         * dfg/DFGAbstractState.cpp:
2491         (JSC::DFG::AbstractState::mergeStateAtTail):
2492
2493 2012-03-07  Chao-yng Fu  <fu@mips.com>
2494
2495         [Qt] Fix the MIPS/SH4 build after r109834
2496         https://bugs.webkit.org/show_bug.cgi?id=80492
2497
2498         Reviewed by Oliver Hunt.
2499
2500         Implement three-argument branch(Add,Sub)32.
2501
2502         * assembler/MacroAssemblerMIPS.h:
2503         (JSC::MacroAssemblerMIPS::add32):
2504         (MacroAssemblerMIPS):
2505         (JSC::MacroAssemblerMIPS::sub32):
2506         (JSC::MacroAssemblerMIPS::branchAdd32):
2507         (JSC::MacroAssemblerMIPS::branchSub32):
2508
2509 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2510
2511         Unreviewed, rolling out r110127.
2512         http://trac.webkit.org/changeset/110127
2513         https://bugs.webkit.org/show_bug.cgi?id=80562
2514
2515         compile failed on AppleWin (Requested by ukai on #webkit).
2516
2517         * heap/Heap.cpp:
2518         (JSC::Heap::collectAllGarbage):
2519         * heap/Heap.h:
2520         (JSC):
2521         (Heap):
2522         * runtime/Executable.cpp:
2523         (JSC::FunctionExecutable::FunctionExecutable):
2524         (JSC::FunctionExecutable::finalize):
2525         * runtime/Executable.h:
2526         (FunctionExecutable):
2527         (JSC::FunctionExecutable::create):
2528         * runtime/JSGlobalData.cpp:
2529         (WTF):
2530         (Recompiler):
2531         (WTF::Recompiler::operator()):
2532         (JSC::JSGlobalData::recompileAllJSFunctions):
2533         (JSC):
2534         * runtime/JSGlobalData.h:
2535         (JSGlobalData):
2536         * runtime/JSGlobalObject.cpp:
2537         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2538
2539 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2540
2541         The end atom of the marked block considered to filter invalid cells
2542         https://bugs.webkit.org/show_bug.cgi?id=79191
2543
2544         Reviewed by Geoffrey Garen.
2545
2546         Register file could have stale pointers beyond the end atom of marked block.
2547         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2548
2549         * heap/MarkedBlock.h:
2550         (JSC::MarkedBlock::isLiveCell):
2551
2552 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2553
2554         Clean Windows build fails after r110033
2555         https://bugs.webkit.org/show_bug.cgi?id=80553
2556
2557         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2558
2559         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2560         Place the implementation files next to their header files in the wtf/text subdirectory.
2561         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2562         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2563         Update the path to those implementation files.
2564         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2565         Ditto.
2566
2567 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2568
2569         Eliminate redundant Phis in DFG
2570         https://bugs.webkit.org/show_bug.cgi?id=80415
2571
2572         Reviewed by Filip Pizlo.
2573
2574         Although this may not have any advantage at current stage, this is towards
2575         minimal SSA to make more high level optimizations (like bug 76770) easier.
2576         We have the choices either to build minimal SSA from scratch or to
2577         keep current simple Phi insertion mechanism and remove the redundancy
2578         in another phase. Currently we choose the latter because the change
2579         could be smaller.
2580
2581         * CMakeLists.txt:
2582         * GNUmakefile.list.am:
2583         * JavaScriptCore.xcodeproj/project.pbxproj:
2584         * Target.pri:
2585         * dfg/DFGDriver.cpp:
2586         (JSC::DFG::compile):
2587         * dfg/DFGGraph.cpp:
2588         (JSC::DFG::Graph::dump):
2589         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2590         (DFG):
2591         (RedundantPhiEliminationPhase):
2592         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2593         (JSC::DFG::RedundantPhiEliminationPhase::run):
2594         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2595         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2596         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2597         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2598         (JSC::DFG::performRedundantPhiElimination):
2599         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2600         (DFG):
2601
2602 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2603
2604         Refactor recompileAllJSFunctions() to be less expensive
2605         https://bugs.webkit.org/show_bug.cgi?id=80330
2606
2607         Reviewed by Geoffrey Garen.
2608
2609         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2610         load performance, which currently does at least a couple full GCs per navigation.
2611
2612         * heap/Heap.cpp:
2613         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2614         because the function doesn't actually recompile anything (and never did); it simply throws code
2615         away for it to be recompiled later if we determine we should do so.
2616         (JSC):
2617         (JSC::Heap::collectAllGarbage):
2618         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2619         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2620         * heap/Heap.h:
2621         (JSC):
2622         (Heap):
2623         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2624         be used in DoublyLinkedLists.
2625         (JSC::FunctionExecutable::FunctionExecutable):
2626         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
2627         * runtime/Executable.h:
2628         (FunctionExecutable):
2629         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
2630         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
2631         the list of FunctionExecutables.
2632         * runtime/JSGlobalData.h:
2633         (JSGlobalData):
2634         * runtime/JSGlobalObject.cpp:
2635         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
2636
2637 2012-03-06  Oliver Hunt  <oliver@apple.com>
2638
2639         Further harden 64-bit JIT
2640         https://bugs.webkit.org/show_bug.cgi?id=80457
2641
2642         Reviewed by Filip Pizlo.
2643
2644         This patch implements blinding for ImmPtr.  Rather than xor based blinding
2645         we perform randomised pointer rotations in order to avoid the significant
2646         cost in executable memory that would otherwise be necessary (and to avoid
2647         the need for an additional scratch register in some cases).
2648
2649         As with the prior blinding patch there's a moderate amount of noise as we
2650         correct the use of ImmPtr vs. TrustedImmPtr.
2651
2652         * assembler/AbstractMacroAssembler.h:
2653         (ImmPtr):
2654         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
2655         * assembler/MacroAssembler.h:
2656         (MacroAssembler):
2657         (JSC::MacroAssembler::storePtr):
2658         (JSC::MacroAssembler::branchPtr):
2659         (JSC::MacroAssembler::shouldBlind):
2660         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
2661         (RotatedImmPtr):
2662         (JSC::MacroAssembler::rotationBlindConstant):
2663         (JSC::MacroAssembler::loadRotationBlindedConstant):
2664         (JSC::MacroAssembler::convertInt32ToDouble):
2665         (JSC::MacroAssembler::move):
2666         (JSC::MacroAssembler::poke):
2667         * assembler/MacroAssemblerARMv7.h:
2668         (JSC::MacroAssemblerARMv7::storeDouble):
2669         (JSC::MacroAssemblerARMv7::branchAdd32):
2670         * assembler/MacroAssemblerX86_64.h:
2671         (MacroAssemblerX86_64):
2672         (JSC::MacroAssemblerX86_64::rotateRightPtr):
2673         (JSC::MacroAssemblerX86_64::xorPtr):
2674         * assembler/X86Assembler.h:
2675         (X86Assembler):
2676         (JSC::X86Assembler::xorq_rm):
2677         (JSC::X86Assembler::rorq_i8r):
2678         * dfg/DFGCCallHelpers.h:
2679         (CCallHelpers):
2680         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2681         * dfg/DFGOSRExitCompiler32_64.cpp:
2682         (JSC::DFG::OSRExitCompiler::compileExit):
2683         * dfg/DFGOSRExitCompiler64.cpp:
2684         (JSC::DFG::OSRExitCompiler::compileExit):
2685         * dfg/DFGSpeculativeJIT.cpp:
2686         (JSC::DFG::SpeculativeJIT::createOSREntries):
2687         * dfg/DFGSpeculativeJIT.h:
2688         (JSC::DFG::SpeculativeJIT::silentFillGPR):
2689         (JSC::DFG::SpeculativeJIT::callOperation):
2690         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
2691         * dfg/DFGSpeculativeJIT32_64.cpp:
2692         (JSC::DFG::SpeculativeJIT::compile):
2693         * dfg/DFGSpeculativeJIT64.cpp:
2694         (JSC::DFG::SpeculativeJIT::fillInteger):
2695         (JSC::DFG::SpeculativeJIT::fillDouble):
2696         (JSC::DFG::SpeculativeJIT::fillJSValue):
2697         (JSC::DFG::SpeculativeJIT::emitCall):
2698         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2699         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2700         (JSC::DFG::SpeculativeJIT::emitBranch):
2701         * jit/JIT.cpp:
2702         (JSC::JIT::emitOptimizationCheck):
2703         * jit/JITArithmetic32_64.cpp:
2704         (JSC::JIT::emitSlow_op_post_inc):
2705         * jit/JITInlineMethods.h:
2706         (JSC::JIT::emitValueProfilingSite):
2707         (JSC::JIT::emitGetVirtualRegister):
2708         * jit/JITOpcodes.cpp:
2709         (JSC::JIT::emit_op_mov):
2710         (JSC::JIT::emit_op_new_object):
2711         (JSC::JIT::emit_op_strcat):
2712         (JSC::JIT::emit_op_ensure_property_exists):
2713         (JSC::JIT::emit_op_resolve_skip):
2714         (JSC::JIT::emitSlow_op_resolve_global):
2715         (JSC::JIT::emit_op_resolve_with_base):
2716         (JSC::JIT::emit_op_resolve_with_this):
2717         (JSC::JIT::emit_op_jmp_scopes):
2718         (JSC::JIT::emit_op_switch_imm):
2719         (JSC::JIT::emit_op_switch_char):
2720         (JSC::JIT::emit_op_switch_string):
2721         (JSC::JIT::emit_op_throw_reference_error):
2722         (JSC::JIT::emit_op_debug):
2723         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
2724         (JSC::JIT::emit_op_new_array):
2725         (JSC::JIT::emitSlow_op_new_array):
2726         (JSC::JIT::emit_op_new_array_buffer):
2727         * jit/JITOpcodes32_64.cpp:
2728         (JSC::JIT::emit_op_new_object):
2729         (JSC::JIT::emit_op_strcat):
2730         (JSC::JIT::emit_op_ensure_property_exists):
2731         (JSC::JIT::emit_op_resolve_skip):
2732         (JSC::JIT::emitSlow_op_resolve_global):
2733         (JSC::JIT::emit_op_resolve_with_base):
2734         (JSC::JIT::emit_op_resolve_with_this):
2735         (JSC::JIT::emit_op_jmp_scopes):
2736         (JSC::JIT::emit_op_switch_imm):
2737         (JSC::JIT::emit_op_switch_char):
2738         (JSC::JIT::emit_op_switch_string):
2739         * jit/JITPropertyAccess32_64.cpp:
2740         (JSC::JIT::emit_op_put_by_index):
2741         * jit/JITStubCall.h:
2742         (JITStubCall):
2743         (JSC::JITStubCall::addArgument):
2744
2745 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
2746
2747         ARM build fix.
2748
2749         Reviewed by Zoltan Herczeg.
2750
2751         Implement three-argument branch(Add,Sub)32.
2752
2753         * assembler/MacroAssemblerARM.h:
2754         (JSC::MacroAssemblerARM::add32):
2755         (MacroAssemblerARM):
2756         (JSC::MacroAssemblerARM::sub32):
2757         (JSC::MacroAssemblerARM::branchAdd32):
2758         (JSC::MacroAssemblerARM::branchSub32):
2759
2760 2012-03-07  Andy Wingo  <wingo@igalia.com>
2761
2762         Parser: Inline ScopeNodeData into ScopeNode
2763         https://bugs.webkit.org/show_bug.cgi?id=79776
2764
2765         Reviewed by Geoffrey Garen.
2766
2767         It used to be that some ScopeNode members were kept in a separate
2768         structure because sometimes they wouldn't be needed, and
2769         allocating a ParserArena was expensive.  This patch makes
2770         ParserArena lazily allocate its IdentifierArena, allowing the
2771         members to be included directly, which is simpler and easier to
2772         reason about.
2773
2774         * parser/ParserArena.cpp:
2775         (JSC::ParserArena::ParserArena):
2776         (JSC::ParserArena::reset):
2777         (JSC::ParserArena::isEmpty):
2778         * parser/ParserArena.h:
2779         (JSC::ParserArena::identifierArena): Lazily allocate the
2780         IdentifierArena.
2781
2782         * parser/Nodes.cpp:
2783         (JSC::ScopeNode::ScopeNode):
2784         (JSC::ScopeNode::singleStatement):
2785         (JSC::ProgramNode::create):
2786         (JSC::EvalNode::create):
2787         (JSC::FunctionBodyNode::create):
2788         * parser/Nodes.h:
2789         (JSC::ScopeNode::destroyData):
2790         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2791         (JSC::ScopeNode::needsActivation):
2792         (JSC::ScopeNode::hasCapturedVariables):
2793         (JSC::ScopeNode::capturedVariableCount):
2794         (JSC::ScopeNode::captures):
2795         (JSC::ScopeNode::varStack):
2796         (JSC::ScopeNode::functionStack):
2797         (JSC::ScopeNode::neededConstants):
2798         (ScopeNode):
2799         * bytecompiler/NodesCodegen.cpp:
2800         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
2801         into ScopeNode.  Adapt accessors.
2802
2803 2012-03-06  Eric Seidel  <eric@webkit.org>
2804
2805         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
2806         https://bugs.webkit.org/show_bug.cgi?id=80363
2807
2808         Reviewed by Mark Rowe.
2809
2810         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
2811         its headers have appeared as part of the "private" headers exported by
2812         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
2813         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
2814         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
2815
2816         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
2817         own directory and project.  As part of such, the WTF headers will no longer be part of
2818         the JavaScriptCore private interfaces.
2819         In preparation for that, this change makes both the Mac and Win builds export
2820         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
2821         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
2822
2823         There are 5 parts to this change.
2824         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
2825             (and header directories) into the appropriate places in the build directory.
2826         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
2827             (WebCore, WebKit, etc. had already been taught to look in previous patches).
2828         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
2829             using fully qualified paths.
2830         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
2831         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
2832
2833         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
2834         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
2835         headers, those will have to be updated to use <wtf/Foo.h> after this change.
2836         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
2837         are ready for (and interested in) this change happening.
2838
2839         * API/tests/JSNode.c:
2840         * API/tests/JSNodeList.c:
2841         * Configurations/Base.xcconfig:
2842         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2843         * JavaScriptCore.xcodeproj/project.pbxproj:
2844         * assembler/MacroAssemblerCodeRef.h:
2845         * bytecompiler/BytecodeGenerator.h:
2846         * dfg/DFGOperations.cpp:
2847         * heap/GCAssertions.h:
2848         * heap/HandleHeap.h:
2849         * heap/HandleStack.h:
2850         * heap/MarkedSpace.h:
2851         * heap/PassWeak.h:
2852         * heap/Strong.h:
2853         * heap/Weak.h:
2854         * jit/HostCallReturnValue.cpp:
2855         * jit/JIT.cpp:
2856         * jit/JITStubs.cpp:
2857         * jit/ThunkGenerators.cpp:
2858         * parser/Lexer.cpp:
2859         * runtime/Completion.cpp:
2860         * runtime/Executable.cpp:
2861         * runtime/Identifier.h:
2862         * runtime/InitializeThreading.cpp:
2863         * runtime/JSDateMath.cpp:
2864         * runtime/JSGlobalObjectFunctions.cpp:
2865         * runtime/JSStringBuilder.h:
2866         * runtime/JSVariableObject.h:
2867         * runtime/NumberPrototype.cpp:
2868         * runtime/WriteBarrier.h:
2869         * tools/CodeProfile.cpp:
2870         * tools/TieredMMapArray.h:
2871         * wtf/AVLTree.h:
2872         * wtf/Alignment.h:
2873         * wtf/AlwaysInline.h:
2874         * wtf/ArrayBufferView.h:
2875         * wtf/Assertions.h:
2876         * wtf/Atomics.h:
2877         * wtf/Bitmap.h:
2878         * wtf/BoundsCheckedPointer.h:
2879         * wtf/CheckedArithmetic.h:
2880         * wtf/Deque.h:
2881         * wtf/ExportMacros.h:
2882         * wtf/FastAllocBase.h:
2883         * wtf/FastMalloc.h:
2884         * wtf/Float32Array.h:
2885         * wtf/Float64Array.h:
2886         * wtf/Functional.h:
2887         * wtf/HashCountedSet.h:
2888         * wtf/HashFunctions.h:
2889         * wtf/HashMap.h:
2890         * wtf/HashSet.h:
2891         * wtf/HashTable.h:
2892         * wtf/HashTraits.h:
2893         * wtf/Int16Array.h:
2894         * wtf/Int32Array.h:
2895         * wtf/Int8Array.h:
2896         * wtf/IntegralTypedArrayBase.h:
2897         * wtf/ListHashSet.h:
2898         * wtf/MainThread.h:
2899         * wtf/MetaAllocator.h:
2900         * wtf/Noncopyable.h:
2901         * wtf/OwnArrayPtr.h:
2902         * wtf/OwnPtr.h:
2903         * wtf/PackedIntVector.h:
2904         * wtf/ParallelJobs.h:
2905         * wtf/PassOwnArrayPtr.h:
2906         * wtf/PassOwnPtr.h:
2907         * wtf/PassRefPtr.h:
2908         * wtf/PassTraits.h:
2909         * wtf/Platform.h:
2910         * wtf/PossiblyNull.h:
2911         * wtf/RefCounted.h:
2912         * wtf/RefCountedLeakCounter.h:
2913         * wtf/RefPtr.h:
2914         * wtf/RetainPtr.h:
2915         * wtf/SimpleStats.h:
2916         * wtf/Spectrum.h:
2917         * wtf/StdLibExtras.h:
2918         * wtf/TCPageMap.h:
2919         * wtf/TemporaryChange.h:
2920         * wtf/ThreadSafeRefCounted.h:
2921         * wtf/Threading.h:
2922         * wtf/ThreadingPrimitives.h:
2923         * wtf/TypeTraits.h:
2924         * wtf/TypedArrayBase.h:
2925         * wtf/Uint16Array.h:
2926         * wtf/Uint32Array.h:
2927         * wtf/Uint8Array.h:
2928         * wtf/Uint8ClampedArray.h:
2929         * wtf/UnusedParam.h:
2930         * wtf/Vector.h:
2931         * wtf/VectorTraits.h:
2932         * wtf/dtoa/double-conversion.h:
2933         * wtf/dtoa/utils.h:
2934         * wtf/gobject/GRefPtr.h:
2935         * wtf/gobject/GlibUtilities.h:
2936         * wtf/text/AtomicString.h:
2937         * wtf/text/AtomicStringImpl.h:
2938         * wtf/text/CString.h:
2939         * wtf/text/StringConcatenate.h:
2940         * wtf/text/StringHash.h:
2941         * wtf/text/WTFString.h:
2942         * wtf/unicode/CharacterNames.h:
2943         * wtf/unicode/UTF8.h:
2944         * wtf/unicode/glib/UnicodeGLib.h:
2945         * wtf/unicode/qt4/UnicodeQt4.h:
2946         * wtf/unicode/wince/UnicodeWinCE.h:
2947         * wtf/url/api/ParsedURL.h:
2948         * wtf/url/api/URLString.h:
2949         * wtf/wince/FastMallocWinCE.h:
2950         * yarr/YarrJIT.cpp:
2951
2952 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
2953
2954         Array.prototype functions should throw if delete fails
2955         https://bugs.webkit.org/show_bug.cgi?id=80467
2956
2957         Reviewed by Oliver Hunt.
2958
2959         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
2960         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
2961         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
2962         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
2963         routines, for handling arrays with holes. These three copies should be unified.
2964
2965         * runtime/ArrayPrototype.cpp:
2966         (JSC::shift):
2967         (JSC::unshift):
2968             - Added - shared copies of the shift/unshift functionality.
2969         (JSC::arrayProtoFuncPop):
2970             - should throw if the delete fails.
2971         (JSC::arrayProtoFuncReverse):
2972             - should throw if the delete fails.
2973         (JSC::arrayProtoFuncShift):
2974         (JSC::arrayProtoFuncSplice):
2975         (JSC::arrayProtoFuncUnShift):
2976             - use shift/unshift.
2977         * runtime/JSArray.cpp:
2978         (JSC::JSArray::shiftCount):
2979         (JSC::JSArray::unshiftCount):
2980             - Don't try to handle arrays with holes; return a value indicating
2981               the generic routine should be used instead.
2982         * runtime/JSArray.h:
2983             - declaration for shiftCount/unshiftCount changed.
2984         * tests/mozilla/js1_6/Array/regress-304828.js:
2985             - this was asserting incorrect behaviour.
2986
2987 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2988
2989         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
2990         https://bugs.webkit.org/show_bug.cgi?id=80469
2991
2992         Reviewed by Antonio Gomes.
2993
2994         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
2995         property on the library being created.
2996
2997 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
2998
2999         DFG BasicBlock should group the Phi nodes together and separate them
3000         from the other nodes
3001         https://bugs.webkit.org/show_bug.cgi?id=80361
3002
3003         Reviewed by Filip Pizlo.
3004
3005         This would make it more efficient to remove the redundant Phi nodes or
3006         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
3007         This is performance neutral on SunSpider, V8 and Kraken.
3008
3009         * dfg/DFGAbstractState.cpp:
3010         (JSC::DFG::AbstractState::clobberStructures):
3011         (JSC::DFG::AbstractState::dump):
3012         * dfg/DFGBasicBlock.h:
3013         (JSC::DFG::BasicBlock::BasicBlock):
3014         (BasicBlock):
3015         * dfg/DFGByteCodeParser.cpp:
3016         (JSC::DFG::ByteCodeParser::addToGraph):
3017         (JSC::DFG::ByteCodeParser::insertPhiNode):
3018         * dfg/DFGCFAPhase.cpp:
3019         (JSC::DFG::CFAPhase::performBlockCFA):
3020         * dfg/DFGCSEPhase.cpp:
3021         (JSC::DFG::CSEPhase::pureCSE):
3022         (JSC::DFG::CSEPhase::impureCSE):
3023         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3024         (JSC::DFG::CSEPhase::getByValLoadElimination):
3025         (JSC::DFG::CSEPhase::checkFunctionElimination):
3026         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3027         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3028         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3029         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3030         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3031         (JSC::DFG::CSEPhase::performBlockCSE):
3032         * dfg/DFGGraph.cpp:
3033         (JSC::DFG::Graph::dump):
3034         * dfg/DFGSpeculativeJIT.cpp:
3035         (JSC::DFG::SpeculativeJIT::compile):
3036
3037 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3038
3039         GCActivityCallback timer should vary with the length of the previous GC
3040         https://bugs.webkit.org/show_bug.cgi?id=80344
3041
3042         Reviewed by Geoffrey Garen.
3043
3044         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3045         GC length so that the GC Activity Callback can use it.
3046         (JSC::Heap::Heap):
3047         (JSC::Heap::collect):
3048         * heap/Heap.h:
3049         (JSC::Heap::lastGCLength):
3050         (Heap):
3051         * runtime/GCActivityCallbackCF.cpp:
3052         (JSC):
3053         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
3054         GC to determine the length of our timer trigger (currently set at 100x the duration 
3055         of the last GC).
3056
3057 2012-03-06  Rob Buis  <rbuis@rim.com>
3058
3059         BlackBerry] Fix cast-align gcc warnings when compiling JSC
3060         https://bugs.webkit.org/show_bug.cgi?id=80420
3061
3062         Reviewed by Gavin Barraclough.
3063
3064         Fix warnings given in Blackberry build.
3065
3066         * heap/CopiedBlock.h:
3067         (JSC::CopiedBlock::CopiedBlock):
3068         * wtf/RefCountedArray.h:
3069         (WTF::RefCountedArray::Header::fromPayload):
3070
3071 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3072
3073         writable/configurable not respected for some properties of Function/String/Arguments
3074         https://bugs.webkit.org/show_bug.cgi?id=80436
3075
3076         Reviewed by Oliver Hunt.
3077
3078         Special properties should behave like regular properties.
3079
3080         * runtime/Arguments.cpp:
3081         (JSC::Arguments::defineOwnProperty):
3082             - Mis-nested logic for making read-only properties non-live.
3083         * runtime/JSFunction.cpp:
3084         (JSC::JSFunction::put):
3085             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3086         (JSC::JSFunction::deleteProperty):
3087             - Attempting to delete prototype/caller should fail.
3088         (JSC::JSFunction::defineOwnProperty):
3089             - Ensure prototype is reified on attempt to reify it.
3090             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3091         * runtime/JSFunction.h:
3092             - added declaration for defineOwnProperty.
3093         (JSFunction):
3094         * runtime/StringObject.cpp:
3095         (JSC::StringObject::put):
3096             - length is non-writable, non-configurable - reject appropriately.
3097
3098 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
3099
3100         TypedArray subarray call for subarray does not clamp the end index parameter properly
3101         https://bugs.webkit.org/show_bug.cgi?id=80285
3102
3103         Reviewed by Kenneth Russell.
3104
3105         * wtf/ArrayBufferView.h:
3106         (WTF::ArrayBufferView::calculateOffsetAndLength):
3107
3108 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3109
3110         Unreviewed, rolling out r109837.
3111         http://trac.webkit.org/changeset/109837
3112         https://bugs.webkit.org/show_bug.cgi?id=80399
3113
3114         breaks Mac Productions builds, too late to try and fix it
3115         tonight (Requested by eseidel on #webkit).
3116
3117         * API/tests/JSNode.c:
3118         * API/tests/JSNodeList.c:
3119         * Configurations/Base.xcconfig:
3120         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3121         * JavaScriptCore.xcodeproj/project.pbxproj:
3122         * assembler/MacroAssemblerCodeRef.h:
3123         * bytecompiler/BytecodeGenerator.h:
3124         * dfg/DFGOperations.cpp:
3125         * heap/GCAssertions.h:
3126         * heap/HandleHeap.h:
3127         * heap/HandleStack.h:
3128         * heap/MarkedSpace.h:
3129         * heap/PassWeak.h:
3130         * heap/Strong.h:
3131         * heap/Weak.h:
3132         * jit/HostCallReturnValue.cpp:
3133         * jit/JIT.cpp:
3134         * jit/JITStubs.cpp:
3135         * jit/ThunkGenerators.cpp:
3136         * parser/Lexer.cpp:
3137         * runtime/Completion.cpp:
3138         * runtime/Executable.cpp:
3139         * runtime/Identifier.h:
3140         * runtime/InitializeThreading.cpp:
3141         * runtime/JSDateMath.cpp:
3142         * runtime/JSGlobalObjectFunctions.cpp:
3143         * runtime/JSStringBuilder.h:
3144         * runtime/JSVariableObject.h:
3145         * runtime/NumberPrototype.cpp:
3146         * runtime/WriteBarrier.h:
3147         * tools/CodeProfile.cpp:
3148         * tools/TieredMMapArray.h:
3149         * yarr/YarrJIT.cpp:
3150
3151 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3152
3153         [Qt][ARM] Speculative buildfix after r109834.
3154
3155         Reviewed by Csaba Osztrogonác.
3156
3157         * assembler/MacroAssemblerARM.h:
3158         (JSC::MacroAssemblerARM::and32):
3159         (MacroAssemblerARM):
3160
3161 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3162
3163         Unreviewed windows build fix pt 2.
3164
3165         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3166
3167 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3168
3169         Unreviewed windows build fix pt 1.
3170
3171         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3172
3173 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3174
3175         putByIndex should throw in strict mode
3176         https://bugs.webkit.org/show_bug.cgi?id=80335
3177
3178         Reviewed by Filip Pizlo.
3179
3180         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3181
3182         This is a largely mechanical change, simply adding an extra parameter to a number
3183         of functions. Some call sites need perform additional exception checks, and
3184         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3185
3186         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3187         an existing bug), I'll follow up with a third patch to handle that.
3188
3189         * API/JSObjectRef.cpp:
3190         (JSObjectSetPropertyAtIndex):
3191         * JSCTypedArrayStubs.h:
3192         (JSC):
3193         * dfg/DFGOperations.cpp:
3194         (JSC::DFG::putByVal):
3195         * dfg/DFGOperations.h:
3196         * dfg/DFGSpeculativeJIT32_64.cpp:
3197         (JSC::DFG::SpeculativeJIT::compile):
3198         * dfg/DFGSpeculativeJIT64.cpp:
3199         (JSC::DFG::SpeculativeJIT::compile):
3200         * interpreter/Interpreter.cpp:
3201         (JSC::Interpreter::privateExecute):
3202         * jit/JITStubs.cpp:
3203         (JSC::DEFINE_STUB_FUNCTION):
3204         * jsc.cpp:
3205         (GlobalObject::finishCreation):
3206         * llint/LLIntSlowPaths.cpp:
3207         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3208         * runtime/Arguments.cpp:
3209         (JSC::Arguments::putByIndex):
3210         * runtime/Arguments.h:
3211         (Arguments):
3212         * runtime/ArrayPrototype.cpp:
3213         (JSC::arrayProtoFuncPush):
3214         (JSC::arrayProtoFuncReverse):
3215         (JSC::arrayProtoFuncShift):
3216         (JSC::arrayProtoFuncSort):
3217         (JSC::arrayProtoFuncSplice):
3218         (JSC::arrayProtoFuncUnShift):
3219         * runtime/ClassInfo.h:
3220         (MethodTable):
3221         * runtime/JSArray.cpp:
3222         (JSC::SparseArrayValueMap::put):
3223         (JSC::JSArray::put):
3224         (JSC::JSArray::putByIndex):
3225         (JSC::JSArray::putByIndexBeyondVectorLength):
3226         (JSC::JSArray::push):
3227         (JSC::JSArray::shiftCount):
3228         (JSC::JSArray::unshiftCount):
3229         * runtime/JSArray.h:
3230         (SparseArrayValueMap):
3231         (JSArray):
3232         * runtime/JSByteArray.cpp:
3233         (JSC::JSByteArray::putByIndex):
3234         * runtime/JSByteArray.h:
3235         (JSByteArray):
3236         * runtime/JSCell.cpp:
3237         (JSC::JSCell::putByIndex):
3238         * runtime/JSCell.h:
3239         (JSCell):
3240         * runtime/JSNotAnObject.cpp:
3241         (JSC::JSNotAnObject::putByIndex):
3242         * runtime/JSNotAnObject.h:
3243         (JSNotAnObject):
3244         * runtime/JSONObject.cpp:
3245         (JSC::Walker::walk):
3246         * runtime/JSObject.cpp:
3247         (JSC::JSObject::putByIndex):
3248         * runtime/JSObject.h:
3249         (JSC::JSValue::putByIndex):
3250         * runtime/RegExpConstructor.cpp:
3251         (JSC::RegExpMatchesArray::fillArrayInstance):
3252         * runtime/RegExpMatchesArray.h:
3253         (JSC::RegExpMatchesArray::putByIndex):
3254         * runtime/StringPrototype.cpp:
3255         (JSC::stringProtoFuncSplit):
3256
3257 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3258
3259         PredictNone is incorrectly treated as isDoublePrediction
3260         https://bugs.webkit.org/show_bug.cgi?id=80365
3261
3262         Reviewed by Filip Pizlo.
3263
3264         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3265
3266         * bytecode/PredictedType.h:
3267         (JSC::isFixedIndexedStorageObjectPrediction):
3268         (JSC::isDoublePrediction):
3269
3270 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3271
3272         The LLInt should work even when the JIT is disabled
3273         https://bugs.webkit.org/show_bug.cgi?id=80340
3274         <rdar://problem/10922235>
3275
3276         Reviewed by Gavin Barraclough.
3277
3278         * assembler/MacroAssemblerCodeRef.h:
3279         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3280         (MacroAssemblerCodeRef):
3281         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3282         * interpreter/Interpreter.cpp:
3283         (JSC::Interpreter::initialize):
3284         (JSC::Interpreter::execute):
3285         (JSC::Interpreter::executeCall):
3286         (JSC::Interpreter::executeConstruct):
3287         * jit/JIT.h:
3288         (JSC::JIT::compileCTINativeCall):
3289         * jit/JITStubs.h:
3290         (JSC::JITThunks::ctiNativeCall):
3291         (JSC::JITThunks::ctiNativeConstruct):
3292         * llint/LLIntEntrypoints.cpp:
3293         (JSC::LLInt::getFunctionEntrypoint):
3294         (JSC::LLInt::getEvalEntrypoint):
3295         (JSC::LLInt::getProgramEntrypoint):
3296         * llint/LLIntSlowPaths.cpp:
3297         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3298         (LLInt):
3299         * llint/LLIntSlowPaths.h:
3300         (LLInt):
3301         * llint/LowLevelInterpreter.h:
3302         * llint/LowLevelInterpreter32_64.asm:
3303         * runtime/Executable.h:
3304         (NativeExecutable):
3305         (JSC::NativeExecutable::create):
3306         (JSC::NativeExecutable::finishCreation):
3307         * runtime/JSGlobalData.cpp:
3308         (JSC::JSGlobalData::JSGlobalData):
3309         * runtime/JSGlobalData.h:
3310         (JSGlobalData):
3311         * runtime/Options.cpp:
3312         (Options):
3313         (JSC::Options::parse):
3314         (JSC::Options::initializeOptions):
3315         * runtime/Options.h:
3316         (Options):
3317         * wtf/Platform.h:
3318
3319 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3320
3321         Checks for dead variables are not sufficient when fixing the expected
3322         values in DFG OSR entry
3323         https://bugs.webkit.org/show_bug.cgi?id=80371
3324
3325         Reviewed by Filip Pizlo.
3326
3327         A dead variable should be identified when there's no node referencing it.
3328         But we currently failed to catch the case where there are some nodes
3329         referencing a variable but those nodes are actually not referenced by
3330         others so will be ignored in code generation. In such case we should
3331         also consider that variable to be a dead variable in the block and fix
3332         the expected values.
3333         This is performance neutral on SunSpider, V8 and Kraken.
3334
3335         * dfg/DFGJITCompiler.h:
3336         (JSC::DFG::JITCompiler::noticeOSREntry):
3337
3338 2012-03-05  Oliver Hunt  <oliver@apple.com>
3339
3340         Fix Qt build.
3341
3342         * assembler/AbstractMacroAssembler.h:
3343         * assembler/MacroAssembler.h:
3344         (MacroAssembler):
3345         * dfg/DFGSpeculativeJIT.cpp:
3346         (JSC::DFG::SpeculativeJIT::compileArithSub):
3347         * jit/JITArithmetic32_64.cpp:
3348         (JSC::JIT::emitSub32Constant):
3349
3350 2012-03-05  Eric Seidel  <eric@webkit.org>
3351
3352         Update JavaScriptCore files to use fully-qualified WTF include paths
3353         https://bugs.webkit.org/show_bug.cgi?id=79960
3354
3355         Reviewed by Adam Barth.
3356
3357         This change does 5 small/related things:
3358          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
3359             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
3360             was not installing headers there.)
3361          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
3362             header search path, as that's where the WTF headers will be installed.
3363          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
3364             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
3365          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
3366             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
3367          5. Makes build-webkit build the WTF XCode project by default.
3368
3369         * API/tests/JSNode.c:
3370         * API/tests/JSNodeList.c:
3371         * Configurations/Base.xcconfig:
3372         * assembler/MacroAssemblerCodeRef.h:
3373         * bytecompiler/BytecodeGenerator.h:
3374         * dfg/DFGOperations.cpp:
3375         * heap/GCAssertions.h:
3376         * heap/HandleHeap.h:
3377         * heap/HandleStack.h:
3378         * heap/MarkedSpace.h:
3379         * heap/PassWeak.h:
3380         * heap/Strong.h:
3381         * heap/Weak.h:
3382         * jit/HostCallReturnValue.cpp:
3383         * jit/JIT.cpp:
3384         * jit/JITStubs.cpp:
3385         * jit/ThunkGenerators.cpp:
3386         * parser/Lexer.cpp:
3387         * runtime/Completion.cpp:
3388         * runtime/Executable.cpp:
3389         * runtime/Identifier.h:
3390         * runtime/InitializeThreading.cpp:
3391         * runtime/JSDateMath.cpp:
3392         * runtime/JSGlobalObjectFunctions.cpp:
3393         * runtime/JSStringBuilder.h:
3394         * runtime/JSVariableObject.h:
3395         * runtime/NumberPrototype.cpp:
3396         * runtime/WriteBarrier.h:
3397         * tools/CodeProfile.cpp:
3398         * tools/TieredMMapArray.h:
3399         * yarr/YarrJIT.cpp:
3400
3401 2012-03-05  Oliver Hunt  <oliver@apple.com>
3402
3403         Add basic support for constant blinding to the JIT
3404         https://bugs.webkit.org/show_bug.cgi?id=80354
3405
3406         Reviewed by Filip Pizlo.
3407
3408         This patch adds basic constant blinding support to the JIT, at the
3409         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
3410         get constant blinding.  Woo!
3411
3412         This patch only introduces blinding for Imm32, a later patch will do similar
3413         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
3414         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
3415         accessor that's needed to access the actual value.  This also means you cannot
3416         accidentally pass an untrusted value to a function that does not perform
3417         blinding.
3418
3419         To make everything work sensibly, this patch also corrects some code that was using
3420         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
3421         untrusted immediates, so that they call slightly different varaints of the functions
3422         that they used previously.  This is largely necessary to deal with x86-32 not having
3423         sufficient registers to handle the additional work required when we choose to blind
3424         a constant.
3425