[wx] Unreviewed. Fix the build after WTF move.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
2
3         [wx] Unreviewed. Fix the build after WTF move.
4
5         * wscript:
6
7 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
8
9         DFG double voting may be overzealous in the case of variables that end up
10         being used as integers
11         https://bugs.webkit.org/show_bug.cgi?id=82008
12
13         Reviewed by Oliver Hunt.
14         
15         Cleaned up propagation, making the intent more explicit in most places.
16         Back-propagate NodeUsedAsInt for cases where a node was used in a context
17         that is known to strongly prefer integers.
18
19         * dfg/DFGByteCodeParser.cpp:
20         (JSC::DFG::ByteCodeParser::handleCall):
21         (JSC::DFG::ByteCodeParser::parseBlock):
22         * dfg/DFGGraph.cpp:
23         (JSC::DFG::Graph::dumpCodeOrigin):
24         (JSC::DFG::Graph::dump):
25         * dfg/DFGGraph.h:
26         (Graph):
27         * dfg/DFGNodeFlags.cpp:
28         (JSC::DFG::nodeFlagsAsString):
29         * dfg/DFGNodeFlags.h:
30         (DFG):
31         * dfg/DFGPredictionPropagationPhase.cpp:
32         (JSC::DFG::PredictionPropagationPhase::run):
33         (JSC::DFG::PredictionPropagationPhase::propagate):
34         (PredictionPropagationPhase):
35         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
36         (JSC::DFG::PredictionPropagationPhase::vote):
37         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
38         (JSC::DFG::PredictionPropagationPhase::fixupNode):
39         * dfg/DFGVariableAccessData.h:
40         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
41
42 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
43
44         DFG::Node::shouldNotSpeculateInteger() should be eliminated
45         https://bugs.webkit.org/show_bug.cgi?id=82123
46
47         Reviewed by Geoff Garen.
48
49         * dfg/DFGAbstractState.cpp:
50         (JSC::DFG::AbstractState::execute):
51         * dfg/DFGNode.h:
52         (Node):
53         * dfg/DFGSpeculativeJIT.cpp:
54         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
55         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
56
57 2012-03-24  Yong Li  <yoli@rim.com>
58
59         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
60         https://bugs.webkit.org/show_bug.cgi?id=81521
61
62         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
63         for CPU(ARM_TRADITIONAL) to fit actual need.
64
65         Reviewed by Oliver Hunt.
66
67         * jit/JIT.h:
68         (JIT):
69
70 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
71
72         DFG Fixup should be able to short-circuit trivial ValueToInt32's
73         https://bugs.webkit.org/show_bug.cgi?id=82030
74
75         Reviewed by Michael Saboff.
76         
77         Takes the fixup() method of the prediction propagation phase and makes it
78         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
79         nodes, and mark pure ValueToInt32's as such.
80
81         * CMakeLists.txt:
82         * GNUmakefile.list.am:
83         * JavaScriptCore.xcodeproj/project.pbxproj:
84         * Target.pri:
85         * dfg/DFGByteCodeParser.cpp:
86         (JSC::DFG::ByteCodeParser::makeSafe):
87         (JSC::DFG::ByteCodeParser::handleCall):
88         (JSC::DFG::ByteCodeParser::parseBlock):
89         * dfg/DFGCommon.h:
90         * dfg/DFGDriver.cpp:
91         (JSC::DFG::compile):
92         * dfg/DFGFixupPhase.cpp: Added.
93         (DFG):
94         (FixupPhase):
95         (JSC::DFG::FixupPhase::FixupPhase):
96         (JSC::DFG::FixupPhase::run):
97         (JSC::DFG::FixupPhase::fixupNode):
98         (JSC::DFG::FixupPhase::fixIntEdge):
99         (JSC::DFG::performFixup):
100         * dfg/DFGFixupPhase.h: Added.
101         (DFG):
102         * dfg/DFGPredictionPropagationPhase.cpp:
103         (JSC::DFG::PredictionPropagationPhase::run):
104         (PredictionPropagationPhase):
105
106 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
107
108         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
109         https://bugs.webkit.org/show_bug.cgi?id=82087
110
111         Reviewed by Filip Pizlo.
112
113         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
114         undid the modification to the current block if we fail.
115
116         * heap/CopiedSpace.cpp:
117         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
118         to reallocate from the current block.
119
120 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
121
122         [Mac] No need for platform-specific ENABLE_BLOB values
123         https://bugs.webkit.org/show_bug.cgi?id=82102
124
125         Reviewed by David Kilzer.
126
127         * Configurations/FeatureDefines.xcconfig:
128
129 2012-03-23  Michael Saboff  <msaboff@apple.com>
130
131         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
132         https://bugs.webkit.org/show_bug.cgi?id=81805
133
134         Reviewed by Filip Pizlo.
135
136         Added SpeculativeJIT::checkGeneratedType() to determine the current format
137         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
138         to generate code that will use integer and JSValue types in integer
139         format directly without a conversion to double.
140
141         * JavaScriptCore.xcodeproj/project.pbxproj:
142         * dfg/DFGSpeculativeJIT.cpp:
143         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
144         (DFG):
145         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
146         * dfg/DFGSpeculativeJIT.h:
147         (DFG):
148         (SpeculativeJIT):
149
150 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
151
152         Update Apple Windows build files for WTF move
153         https://bugs.webkit.org/show_bug.cgi?id=82069
154
155         Reviewed by Jessie Berlin.
156
157         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
158
159 2012-03-23  Dean Jackson  <dino@apple.com>
160
161         Disable CSS_SHADERS in Apple builds
162         https://bugs.webkit.org/show_bug.cgi?id=81996
163
164         Reviewed by Simon Fraser.
165
166         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
167
168         * Configurations/FeatureDefines.xcconfig:
169
170 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
171
172         RexExp constructor last match properties should not rely on previous ovector
173         https://bugs.webkit.org/show_bug.cgi?id=82077
174
175         Reviewed by Oliver Hunt.
176
177         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
178
179         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
180         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
181         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
182         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
183         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
184         reified state. This means that next time a match is performed, the store of the result will
185         automatically blow away the reified value.
186
187         * JavaScriptCore.xcodeproj/project.pbxproj:
188             - Added new files.
189         * runtime/RegExp.cpp:
190         (JSC::RegExpFunctionalTestCollector::outputOneTest):
191             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
192         * runtime/RegExpCachedResult.cpp: Added.
193         (JSC::RegExpCachedResult::visitChildren):
194         (JSC::RegExpCachedResult::lastResult):
195         (JSC::RegExpCachedResult::setInput):
196             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
197         * runtime/RegExpCachedResult.h: Added.
198         (RegExpCachedResult):
199             - Added new class.
200         (JSC::RegExpCachedResult::RegExpCachedResult):
201         (JSC::RegExpCachedResult::record):
202         (JSC::RegExpCachedResult::input):
203             - Initialize the object, record the result of a RegExp match, access the stored input property.
204         * runtime/RegExpConstructor.cpp:
205         (JSC::RegExpConstructor::RegExpConstructor):
206             - Initialize m_result/m_multiline properties.
207         (JSC::RegExpConstructor::visitChildren):
208             - Make sure the cached results (or lazy source for them) are marked.
209         (JSC::RegExpConstructor::getBackref):
210         (JSC::RegExpConstructor::getLastParen):
211         (JSC::RegExpConstructor::getLeftContext):
212         (JSC::RegExpConstructor::getRightContext):
213             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
214         (JSC::regExpConstructorInput):
215         (JSC::setRegExpConstructorInput):
216             - Changed to use RegExpCachedResult.
217         * runtime/RegExpConstructor.h:
218         (JSC::RegExpConstructor::create):
219         (RegExpConstructor):
220         (JSC::RegExpConstructor::setMultiline):
221         (JSC::RegExpConstructor::multiline):
222             - Move multiline property onto the constructor object; it is not affected by the last match.
223         (JSC::RegExpConstructor::setInput):
224         (JSC::RegExpConstructor::input):
225             - These defer to RegExpCachedResult.
226         (JSC::RegExpConstructor::performMatch):
227         * runtime/RegExpMatchesArray.cpp: Added.
228         (JSC::RegExpMatchesArray::visitChildren):
229             - Eeeep! added missing visitChildren!
230         (JSC::RegExpMatchesArray::finishCreation):
231         (JSC::RegExpMatchesArray::reifyAllProperties):
232         (JSC::RegExpMatchesArray::reifyMatchProperty):
233             - Moved from RegExpConstructor.cpp.
234         (JSC::RegExpMatchesArray::leftContext):
235         (JSC::RegExpMatchesArray::rightContext):
236             - Since the match start/
237         * runtime/RegExpMatchesArray.h:
238         (RegExpMatchesArray):
239             - Declare new methods & structure flags.
240         * runtime/RegExpObject.cpp:
241         (JSC::RegExpObject::match):
242             - performMatch now requires the JSString input, to cache.
243         * runtime/StringPrototype.cpp:
244         (JSC::removeUsingRegExpSearch):
245         (JSC::replaceUsingRegExpSearch):
246         (JSC::stringProtoFuncMatch):
247         (JSC::stringProtoFuncSearch):
248             - performMatch now requires the JSString input, to cache.
249
250 2012-03-23  Tony Chang  <tony@chromium.org>
251
252         [chromium] rename newwtf target back to wtf
253         https://bugs.webkit.org/show_bug.cgi?id=82064
254
255         Reviewed by Adam Barth.
256
257         * JavaScriptCore.gyp/JavaScriptCore.gyp:
258
259 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
260
261         Simplify memory usage tracking in CopiedSpace
262         https://bugs.webkit.org/show_bug.cgi?id=80705
263
264         Reviewed by Filip Pizlo.
265
266         * heap/CopiedAllocator.h:
267         (CopiedAllocator): Rename currentUtilization to currentSize.
268         (JSC::CopiedAllocator::currentCapacity):
269         * heap/CopiedBlock.h:
270         (CopiedBlock):
271         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
272         declaration.
273         (JSC):
274         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
275         (JSC::CopiedBlock::capacity): Ditto for capacity.
276         * heap/CopiedSpace.cpp:
277         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
278         field for the water mark.
279         (JSC::CopiedSpace::init):
280         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
281         block, we need to update our current water mark with the size of the block.
282         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
283         need to update our current water mark with the size of the used portion of the block.
284         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
285         reallocating because it will either get accounted for when we fill up the block later 
286         in the case of being able to reallocate in the current block or it will get picked up 
287         immediately because we'll have to get a new block.
288         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
289         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
290         new one.
291         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
292         the CopiedSpace by the SlotVisitors.
293         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
294         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
295         not we should collect now instead of doing the calculation ourself.
296         (JSC::CopiedSpace::destroy):
297         (JSC):
298         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
299         MarkedSpace does.
300         (JSC::CopiedSpace::capacity): Ditto for capacity.
301         * heap/CopiedSpace.h:
302         (JSC::CopiedSpace::waterMark):
303         (CopiedSpace):
304         * heap/CopiedSpaceInlineMethods.h:
305         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
306         collection.
307         (JSC::CopiedSpace::allocateNewBlock):
308         (JSC::CopiedSpace::fitsInBlock):
309         (JSC::CopiedSpace::allocateFromBlock):
310         * heap/Heap.cpp:
311         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
312         (JSC::Heap::capacity): Ditto for capacity.
313         (JSC::Heap::collect):
314         * heap/Heap.h:
315         (Heap):
316         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
317         determine whether they should initiate a collection or continue to allocate new blocks.
318         (JSC):
319         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
320         Heap (MarkedSpace and CopiedSpace).
321         * heap/MarkedAllocator.cpp:
322         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
323
324 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
325
326         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
327         https://bugs.webkit.org/show_bug.cgi?id=82012
328
329         Reviewed by Filip Pizlo.
330
331         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
332
333         * wtf/BitVector.cpp:
334         (WTF::BitVector::resizeOutOfLine):
335         * wtf/BitVector.h:
336         (BitVector):
337         (OutOfLineBits):
338
339 2012-03-22  Michael Saboff  <msaboff@apple.com>
340
341         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
342         https://bugs.webkit.org/show_bug.cgi?id=82002
343
344         Reviewed by Filip Pizlo.
345
346         Guard against divide by zero and then make sure the return
347         value is >= 1.0.
348
349         * jit/ExecutableAllocator.cpp:
350         (JSC::ExecutableAllocator::memoryPressureMultiplier):
351         * jit/ExecutableAllocatorFixedVMPool.cpp:
352         (JSC::ExecutableAllocator::memoryPressureMultiplier):
353
354 2012-03-22  Jessie Berlin  <jberlin@apple.com>
355
356         Windows build fix after r111778.
357
358         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
359         Don't include and try to build files owned by WTF.
360         Also, let VS have its way with the vcproj in terms of file ordering.
361
362 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
363
364         [CMake] Unreviewed build fix after r111778.
365
366         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
367         the include paths so that the right config.h is used.
368
369 2012-03-22  Tony Chang  <tony@chromium.org>
370
371         Unreviewed, fix chromium build after wtf move.
372
373         Remove old wtf_config and wtf targets.
374
375         * JavaScriptCore.gyp/JavaScriptCore.gyp:
376
377 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
378
379         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
380
381         * GNUmakefile.list.am: Removed an extra trailing backslash.
382
383 2012-03-22  Mark Rowe  <mrowe@apple.com>
384
385         Fix the build.
386
387         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
388         rather than only those that contain symbols that JavaScriptCore itself uses.
389         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
390
391 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
392
393         DFG NodeFlags has some duplicate code and naming issues
394         https://bugs.webkit.org/show_bug.cgi?id=81975
395
396         Reviewed by Gavin Barraclough.
397         
398         Removed most references to "ArithNodeFlags" since those are now just part
399         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
400         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
401         because the former was never called and the latter did the same things as
402         mergeFlags().
403
404         * dfg/DFGByteCodeParser.cpp:
405         (JSC::DFG::ByteCodeParser::makeSafe):
406         (JSC::DFG::ByteCodeParser::makeDivSafe):
407         (JSC::DFG::ByteCodeParser::handleIntrinsic):
408         * dfg/DFGGraph.cpp:
409         (JSC::DFG::Graph::dump):
410         * dfg/DFGNode.h:
411         (JSC::DFG::Node::arithNodeFlags):
412         (Node):
413         * dfg/DFGNodeFlags.cpp:
414         (JSC::DFG::nodeFlagsAsString):
415         * dfg/DFGNodeFlags.h:
416         (DFG):
417         (JSC::DFG::nodeUsedAsNumber):
418         * dfg/DFGPredictionPropagationPhase.cpp:
419         (JSC::DFG::PredictionPropagationPhase::propagate):
420         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
421
422 2012-03-22  Eric Seidel  <eric@webkit.org>
423
424         Actually move WTF files to their new home
425         https://bugs.webkit.org/show_bug.cgi?id=81844
426
427         Unreviewed.  The details of the port-specific changes
428         have been seen by contributors from those ports, but
429         the whole 5MB change isn't very reviewable as-is.
430
431         * GNUmakefile.am:
432         * GNUmakefile.list.am:
433         * JSCTypedArrayStubs.h:
434         * JavaScriptCore.gypi:
435         * JavaScriptCore.xcodeproj/project.pbxproj:
436         * jsc.cpp:
437
438 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
439
440         [wx] Unreviewed. Adding Source/WTF to the build.
441
442         * wscript:
443
444 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
445
446         Add JSValue::isFunction
447         https://bugs.webkit.org/show_bug.cgi?id=81935
448
449         Reviewed by Geoff Garen.
450
451         This would be useful in the WebCore bindings code.
452         Also, remove asFunction, replace with jsCast<JSFunction*>.
453
454         * API/JSContextRef.cpp:
455         * debugger/Debugger.cpp:
456         * debugger/DebuggerCallFrame.cpp:
457         (JSC::DebuggerCallFrame::functionName):
458         * dfg/DFGGraph.h:
459         (JSC::DFG::Graph::valueOfFunctionConstant):
460         * dfg/DFGOperations.cpp:
461         * interpreter/CallFrame.cpp:
462         (JSC::CallFrame::isInlineCallFrameSlow):
463         * interpreter/Interpreter.cpp:
464         (JSC::Interpreter::privateExecute):
465         * jit/JITStubs.cpp:
466         (JSC::DEFINE_STUB_FUNCTION):
467         (JSC::jitCompileFor):
468         (JSC::lazyLinkFor):
469         * llint/LLIntSlowPaths.cpp:
470         (JSC::LLInt::traceFunctionPrologue):
471         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
472         (JSC::LLInt::setUpCall):
473         * runtime/Arguments.h:
474         (JSC::Arguments::finishCreation):
475         * runtime/ArrayPrototype.cpp:
476         (JSC::arrayProtoFuncFilter):
477         (JSC::arrayProtoFuncMap):
478         (JSC::arrayProtoFuncEvery):
479         (JSC::arrayProtoFuncForEach):
480         (JSC::arrayProtoFuncSome):
481         (JSC::arrayProtoFuncReduce):
482         (JSC::arrayProtoFuncReduceRight):
483         * runtime/CommonSlowPaths.h:
484         (JSC::CommonSlowPaths::arityCheckFor):
485         * runtime/Executable.h:
486         (JSC::FunctionExecutable::compileFor):
487         (JSC::FunctionExecutable::compileOptimizedFor):
488         * runtime/FunctionPrototype.cpp:
489         (JSC::functionProtoFuncToString):
490         * runtime/JSArray.cpp:
491         (JSC::JSArray::sort):
492         * runtime/JSFunction.cpp:
493         (JSC::JSFunction::argumentsGetter):
494         (JSC::JSFunction::callerGetter):
495         (JSC::JSFunction::lengthGetter):
496         * runtime/JSFunction.h:
497         (JSC):
498         (JSC::asJSFunction):
499         (JSC::JSValue::isFunction):
500         * runtime/JSGlobalData.cpp:
501         (WTF::Recompiler::operator()):
502         (JSC::JSGlobalData::releaseExecutableMemory):
503         * runtime/JSValue.h:
504         * runtime/StringPrototype.cpp:
505         (JSC::replaceUsingRegExpSearch):
506
507 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
508
509         DFG speculation on booleans should be rationalized
510         https://bugs.webkit.org/show_bug.cgi?id=81840
511
512         Reviewed by Gavin Barraclough.
513         
514         This removes isKnownBoolean() and replaces it with AbstractState-based
515         optimization, and cleans up the control flow in code gen methods for
516         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
517         and removes isKnownNotBoolean() since that method appeared to be a
518         helper used solely by 32_64's speculateBooleanOperation().
519         
520         This is performance-neutral.
521
522         * dfg/DFGAbstractState.cpp:
523         (JSC::DFG::AbstractState::execute):
524         * dfg/DFGNode.h:
525         (JSC::DFG::Node::shouldSpeculateNumber):
526         * dfg/DFGSpeculativeJIT.cpp:
527         (DFG):
528         * dfg/DFGSpeculativeJIT.h:
529         (SpeculativeJIT):
530         * dfg/DFGSpeculativeJIT32_64.cpp:
531         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
532         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
533         (JSC::DFG::SpeculativeJIT::emitBranch):
534         (JSC::DFG::SpeculativeJIT::compile):
535         * dfg/DFGSpeculativeJIT64.cpp:
536         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
537         (JSC::DFG::SpeculativeJIT::emitBranch):
538         (JSC::DFG::SpeculativeJIT::compile):
539
540 2012-03-21  Mark Rowe  <mrowe@apple.com>
541
542         Fix the build.
543
544         * wtf/MetaAllocator.h:
545         (MetaAllocator): Export the destructor.
546
547 2012-03-21  Eric Seidel  <eric@webkit.org>
548
549         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
550         https://bugs.webkit.org/show_bug.cgi?id=81834
551
552         Reviewed by Adam Barth.
553
554         * jsc.cpp:
555         * os-win32/WinMain.cpp:
556         * runtime/JSDateMath.cpp:
557         * runtime/TimeoutChecker.cpp:
558         * testRegExp.cpp:
559         * tools/CodeProfiling.cpp:
560
561 2012-03-21  Eric Seidel  <eric@webkit.org>
562
563         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
564         https://bugs.webkit.org/show_bug.cgi?id=81838
565
566         Reviewed by Geoffrey Garen.
567
568         My understanding is that weak vtables happen when the compiler/linker cannot
569         determine which compilation unit should constain the vtable.  In this case
570         because there were only pure virtual functions as well as an "inline"
571         virtual destructor (thus the virtual destructor was defined in many compilation
572         units).  Since you can't actually "inline" a virtual function (it still has to
573         bounce through the vtable), the "inline" on this virutal destructor doesn't
574         actually help performance, and is only serving to confuse the compiler here.
575         I've moved the destructor implementation to the .cpp file, thus making
576         it clear to the compiler where the vtable should be stored, and solving the error.
577
578         * wtf/MetaAllocator.cpp:
579         (WTF::MetaAllocator::~MetaAllocator):
580         (WTF):
581         * wtf/MetaAllocator.h:
582
583 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
584
585         RegExpMatchesArray should not copy the ovector
586         https://bugs.webkit.org/show_bug.cgi?id=81742
587
588         Reviewed by Michael Saboff.
589
590         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
591         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
592         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
593         and the results never accessed).
594         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
595
596         * dfg/DFGOperations.cpp:
597             - RegExpObject match renamed back to test (test returns a bool).
598         * runtime/RegExpConstructor.cpp:
599         (JSC):
600             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
601         (JSC::RegExpMatchesArray::finishCreation):
602             - Removed RegExpConstructorPrivate parameter.
603         (JSC::RegExpMatchesArray::reifyAllProperties):
604             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
605             If there are sub-pattern properties, the RegExp is re-run to generate their values.
606         (JSC::RegExpMatchesArray::reifyMatchProperty):
607             - Reify just the match (index 0) property of the RegExpMatchesArray.
608         * runtime/RegExpConstructor.h:
609         (RegExpConstructor):
610         (JSC::RegExpConstructor::performMatch):
611             - performMatch now returns a MatchResult, rather than using out-parameters.
612         * runtime/RegExpMatchesArray.h:
613         (JSC::RegExpMatchesArray::RegExpMatchesArray):
614             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
615         (RegExpMatchesArray):
616         (JSC::RegExpMatchesArray::create):
617             - Now passed the input string matched against, the RegExp, and the MatchResult.
618         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
619         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
620             - Helpers to conditionally reify properties.
621         (JSC::RegExpMatchesArray::getOwnPropertySlot):
622         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
623         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
624         (JSC::RegExpMatchesArray::put):
625         (JSC::RegExpMatchesArray::putByIndex):
626         (JSC::RegExpMatchesArray::deleteProperty):
627         (JSC::RegExpMatchesArray::deletePropertyByIndex):
628         (JSC::RegExpMatchesArray::getOwnPropertyNames):
629         (JSC::RegExpMatchesArray::defineOwnProperty):
630             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
631             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
632         * runtime/RegExpObject.cpp:
633         (JSC::RegExpObject::exec):
634         (JSC::RegExpObject::match):
635             - match now returns a MatchResult.
636         * runtime/RegExpObject.h:
637         (JSC::MatchResult::MatchResult):
638             - Added the result of a match is a start & end tuple.
639         (JSC::MatchResult::failed):
640             - A failure is indicated by (notFound, 0).
641         (JSC::MatchResult::operator bool):
642             - Evaluates to false if the match failed.
643         (JSC::MatchResult::empty):
644             - Evaluates to true if the match succeeded with length 0.
645         (JSC::RegExpObject::test):
646             - Now returns a bool.
647         * runtime/RegExpPrototype.cpp:
648         (JSC::regExpProtoFuncTest):
649             - RegExpObject match renamed back to test (test returns a bool).
650         * runtime/StringPrototype.cpp:
651         (JSC::removeUsingRegExpSearch):
652         (JSC::replaceUsingRegExpSearch):
653         (JSC::stringProtoFuncMatch):
654         (JSC::stringProtoFuncSearch):
655             - performMatch now returns a MatchResult, rather than using out-parameters.
656
657 2012-03-21  Hojong Han  <hojong.han@samsung.com>
658
659         Fix out of memory by allowing overcommit
660         https://bugs.webkit.org/show_bug.cgi?id=81743
661
662         Reviewed by Geoffrey Garen.
663
664         Garbage collection is not triggered and new blocks are added
665         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
666
667         * wtf/OSAllocatorPosix.cpp:
668         (WTF::OSAllocator::reserveAndCommit):
669
670 2012-03-21  Jessie Berlin  <jberlin@apple.com>
671
672         More Windows build fixing.
673
674         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
675         Fix the order of the include directories to look in include/private first before looking
676         in include/private/JavaScriptCore.
677         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
678         Look in the Production output directory (where the wtf headers will be). This is the same
679         thing that is done for jsc and testRegExp in ReleasePGO.
680
681 2012-03-21  Jessie Berlin  <jberlin@apple.com>
682
683         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
684         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
685         https://bugs.webkit.org/show_bug.cgi?id=81739
686
687         Reviewed by Dan Bernstein.
688
689         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
690         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
691         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
692         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
693         Ditto.
694
695         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
696         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
697         JavaScriptCore/wtf subdirectory.
698         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
699         Ditto.
700
701 2012-03-20  Eric Seidel  <eric@webkit.org>
702
703         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
704         https://bugs.webkit.org/show_bug.cgi?id=80911
705
706         Reviewed by Adam Barth.
707
708         Update the various build systems to depend on Source/WTF headers
709         as well as remove references to Platform.h (since it's now moved).
710
711         * CMakeLists.txt:
712         * JavaScriptCore.pri:
713         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
714         * JavaScriptCore.xcodeproj/project.pbxproj:
715         * wtf/CMakeLists.txt:
716
717 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
718
719         op_mod fails on many interesting corner cases
720         https://bugs.webkit.org/show_bug.cgi?id=81648
721
722         Reviewed by Oliver Hunt.
723         
724         Removed most strength reduction for op_mod, and fixed the integer handling
725         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
726         which this patch also fixes.
727         
728         This patch is performance neutral on all of the major benchmarks we track.
729
730         * dfg/DFGOperations.cpp:
731         * dfg/DFGOperations.h:
732         * dfg/DFGSpeculativeJIT.cpp:
733         (DFG):
734         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
735         (JSC::DFG::SpeculativeJIT::compileArithMod):
736         * jit/JIT.h:
737         (JIT):
738         * jit/JITArithmetic.cpp:
739         (JSC):
740         (JSC::JIT::emit_op_mod):
741         (JSC::JIT::emitSlow_op_mod):
742         * jit/JITArithmetic32_64.cpp:
743         (JSC::JIT::emit_op_mod):
744         (JSC::JIT::emitSlow_op_mod):
745         * jit/JITOpcodes32_64.cpp:
746         (JSC::JIT::privateCompileCTIMachineTrampolines):
747         (JSC):
748         * jit/JITStubs.h:
749         (TrampolineStructure):
750         (JSC::JITThunks::ctiNativeConstruct):
751         * llint/LowLevelInterpreter64.asm:
752         * wtf/Platform.h:
753         * wtf/SimpleStats.h:
754         (WTF::SimpleStats::variance):
755
756 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
757
758         Windows (make based) build fix.
759         <rdar://problem/11069015>
760
761         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
762
763 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
764
765         Move WTF-related Windows project files out of JavaScriptCore
766         https://bugs.webkit.org/show_bug.cgi?id=80680
767
768         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
769         It does not move any source code. This is in preparation for the WTF source move out of
770         JavaScriptCore.
771
772         Reviewed by Jessie Berlin.
773
774         * JavaScriptCore.vcproj/JavaScriptCore.sln:
775         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
776         * JavaScriptCore.vcproj/WTF: Removed.
777         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
778         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
779         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
780         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
781         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
782         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
783         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
784         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
785         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
786         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
787         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
788         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
789         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
790         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
791         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
792         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
793         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
794         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
795         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
796         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
797         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
798         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
799
800 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
801
802         Cache the type string of JavaScript object
803         https://bugs.webkit.org/show_bug.cgi?id=81446
804
805         Reviewed by Geoffrey Garen.
806
807         Instead of creating the JSString every time, we create
808         lazily the strings in JSGlobalData.
809
810         This avoid the construction of the StringImpl and of the JSString,
811         which gives some performance improvements.
812
813         * runtime/CommonIdentifiers.h:
814         * runtime/JSValue.cpp:
815         (JSC::JSValue::toStringSlowCase):
816         * runtime/Operations.cpp:
817         (JSC::jsTypeStringForValue):
818         * runtime/SmallStrings.cpp:
819         (JSC::SmallStrings::SmallStrings):
820         (JSC::SmallStrings::finalizeSmallStrings):
821         (JSC::SmallStrings::initialize):
822         (JSC):
823         * runtime/SmallStrings.h:
824         (SmallStrings):
825
826 2012-03-20  Oliver Hunt  <oliver@apple.com>
827
828         Allow LLINT to work even when executable allocation fails.
829         https://bugs.webkit.org/show_bug.cgi?id=81693
830
831         Reviewed by Gavin Barraclough.
832
833         Don't crash if executable allocation fails if we can fall back on LLINT
834
835         * jit/ExecutableAllocatorFixedVMPool.cpp:
836         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
837         * wtf/OSAllocatorPosix.cpp:
838         (WTF::OSAllocator::reserveAndCommit):
839
840 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
841
842         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
843         https://bugs.webkit.org/show_bug.cgi?id=81428
844
845         32 bit buildfix after r111355.
846
847         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
848         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
849
850         Reviewed by Zoltan Herczeg.
851
852         * dfg/DFGSpeculativeJIT.cpp:
853         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
854
855 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
856
857         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
858         https://bugs.webkit.org/show_bug.cgi?id=80983
859
860         Reviewed by Darin Adler.
861
862         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
863         call which is useful for local debugging.
864
865         * wtf/Assertions.cpp:
866         * wtf/Assertions.h:
867
868 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
869
870         Do not copy the script source in the SourceProvider, just reference the existing string
871         https://bugs.webkit.org/show_bug.cgi?id=81466
872
873         Reviewed by Geoffrey Garen.
874
875         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
876         * parser/SourceProvider.h: Add OVERRIDE for clarity.
877
878 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
879
880         Division optimizations fail to infer cases of truncated division and
881         mishandle -2147483648/-1
882         https://bugs.webkit.org/show_bug.cgi?id=81428
883         <rdar://problem/11067382>
884
885         Reviewed by Oliver Hunt.
886
887         If you're a division over integers and you're only used as an integer, then you're
888         an integer division and remainder checks become unnecessary. If you're dividing
889         -2147483648 by -1, don't crash.
890
891         * assembler/MacroAssemblerX86Common.h:
892         (MacroAssemblerX86Common):
893         (JSC::MacroAssemblerX86Common::add32):
894         * dfg/DFGSpeculativeJIT.cpp:
895         (DFG):
896         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
897         * dfg/DFGSpeculativeJIT.h:
898         (SpeculativeJIT):
899         * dfg/DFGSpeculativeJIT32_64.cpp:
900         (JSC::DFG::SpeculativeJIT::compile):
901         * dfg/DFGSpeculativeJIT64.cpp:
902         (JSC::DFG::SpeculativeJIT::compile):
903         * llint/LowLevelInterpreter64.asm:
904
905 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
906
907         Simplify SmallStrings
908         https://bugs.webkit.org/show_bug.cgi?id=81445
909
910         Reviewed by Gavin Barraclough.
911
912         SmallStrings had two methods that should not be public: count() and clear().
913
914         The method clear() is effectively replaced by finalizeSmallStrings(). The body
915         of the method was moved to the constructor since the code is obvious.
916
917         The method count() is unused.
918
919         * runtime/SmallStrings.cpp:
920         (JSC::SmallStrings::SmallStrings):
921         * runtime/SmallStrings.h:
922         (SmallStrings):
923
924 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
925
926         DFG can no longer compile V8-v4/regexp in debug mode
927         https://bugs.webkit.org/show_bug.cgi?id=81592
928
929         Reviewed by Gavin Barraclough.
930
931         * dfg/DFGSpeculativeJIT32_64.cpp:
932         (JSC::DFG::SpeculativeJIT::compile):
933         * dfg/DFGSpeculativeJIT64.cpp:
934         (JSC::DFG::SpeculativeJIT::compile):
935
936 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
937
938         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
939         change throughout the fixpoint
940         https://bugs.webkit.org/show_bug.cgi?id=81583
941
942         Reviewed by Michael Saboff.
943
944         * dfg/DFGPredictionPropagationPhase.cpp:
945         (JSC::DFG::PredictionPropagationPhase::propagate):
946
947 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
948
949         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
950         the process of being generated
951         https://bugs.webkit.org/show_bug.cgi?id=81565
952
953         Reviewed by Oliver Hunt.
954
955         * bytecode/CodeBlock.cpp:
956         (JSC::CodeBlock::finalizeUnconditionally):
957
958 2012-03-19  Eric Seidel  <eric@webkit.org>
959
960         Fix WTF header include discipline in Chromium WebKit
961         https://bugs.webkit.org/show_bug.cgi?id=81281
962
963         Reviewed by James Robinson.
964
965         * JavaScriptCore.gyp/JavaScriptCore.gyp:
966         * wtf/unicode/icu/CollatorICU.cpp:
967
968 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
969
970         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
971         https://bugs.webkit.org/show_bug.cgi?id=81556
972
973         Rubber stamped by Gavin Barraclough.
974
975         * GNUmakefile.list.am:
976         * JavaScriptCore.xcodeproj/project.pbxproj:
977         * dfg/DFGAbstractState.h:
978         (JSC::DFG::AbstractState::forNode):
979         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
980         (JSC::DFG::AdjacencyList::AdjacencyList):
981         (JSC::DFG::AdjacencyList::child):
982         (JSC::DFG::AdjacencyList::setChild):
983         (JSC::DFG::AdjacencyList::child1):
984         (JSC::DFG::AdjacencyList::child2):
985         (JSC::DFG::AdjacencyList::child3):
986         (JSC::DFG::AdjacencyList::setChild1):
987         (JSC::DFG::AdjacencyList::setChild2):
988         (JSC::DFG::AdjacencyList::setChild3):
989         (JSC::DFG::AdjacencyList::child1Unchecked):
990         (JSC::DFG::AdjacencyList::initialize):
991         (AdjacencyList):
992         * dfg/DFGByteCodeParser.cpp:
993         (JSC::DFG::ByteCodeParser::addVarArgChild):
994         (JSC::DFG::ByteCodeParser::processPhiStack):
995         * dfg/DFGCSEPhase.cpp:
996         (JSC::DFG::CSEPhase::canonicalize):
997         (JSC::DFG::CSEPhase::performSubstitution):
998         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
999         (DFG):
1000         (JSC::DFG::Edge::Edge):
1001         (JSC::DFG::Edge::operator==):
1002         (JSC::DFG::Edge::operator!=):
1003         (Edge):
1004         (JSC::DFG::operator==):
1005         (JSC::DFG::operator!=):
1006         * dfg/DFGGraph.h:
1007         (JSC::DFG::Graph::operator[]):
1008         (JSC::DFG::Graph::at):
1009         (JSC::DFG::Graph::ref):
1010         (JSC::DFG::Graph::deref):
1011         (JSC::DFG::Graph::clearAndDerefChild1):
1012         (JSC::DFG::Graph::clearAndDerefChild2):
1013         (JSC::DFG::Graph::clearAndDerefChild3):
1014         (Graph):
1015         * dfg/DFGJITCompiler.h:
1016         (JSC::DFG::JITCompiler::getPrediction):
1017         * dfg/DFGNode.h:
1018         (JSC::DFG::Node::Node):
1019         (JSC::DFG::Node::child1):
1020         (JSC::DFG::Node::child1Unchecked):
1021         (JSC::DFG::Node::child2):
1022         (JSC::DFG::Node::child3):
1023         (Node):
1024         * dfg/DFGNodeFlags.cpp:
1025         (JSC::DFG::arithNodeFlagsAsString):
1026         * dfg/DFGNodeFlags.h:
1027         (DFG):
1028         (JSC::DFG::nodeUsedAsNumber):
1029         * dfg/DFGNodeReferenceBlob.h: Removed.
1030         * dfg/DFGNodeUse.h: Removed.
1031         * dfg/DFGPredictionPropagationPhase.cpp:
1032         (JSC::DFG::PredictionPropagationPhase::propagate):
1033         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1034         (JSC::DFG::PredictionPropagationPhase::vote):
1035         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1036         * dfg/DFGScoreBoard.h:
1037         (JSC::DFG::ScoreBoard::use):
1038         * dfg/DFGSpeculativeJIT.cpp:
1039         (JSC::DFG::SpeculativeJIT::useChildren):
1040         (JSC::DFG::SpeculativeJIT::writeBarrier):
1041         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1042         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1043         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1044         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1045         * dfg/DFGSpeculativeJIT.h:
1046         (JSC::DFG::SpeculativeJIT::at):
1047         (JSC::DFG::SpeculativeJIT::canReuse):
1048         (JSC::DFG::SpeculativeJIT::use):
1049         (SpeculativeJIT):
1050         (JSC::DFG::SpeculativeJIT::speculationCheck):
1051         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1052         (JSC::DFG::IntegerOperand::IntegerOperand):
1053         (JSC::DFG::DoubleOperand::DoubleOperand):
1054         (JSC::DFG::JSValueOperand::JSValueOperand):
1055         (JSC::DFG::StorageOperand::StorageOperand):
1056         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1057         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1058         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1059         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1060         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1061         * dfg/DFGSpeculativeJIT32_64.cpp:
1062         (JSC::DFG::SpeculativeJIT::cachedPutById):
1063         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1064         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1065         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1066         (JSC::DFG::SpeculativeJIT::emitCall):
1067         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1068         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1069         * dfg/DFGSpeculativeJIT64.cpp:
1070         (JSC::DFG::SpeculativeJIT::cachedPutById):
1071         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1072         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1073         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1074         (JSC::DFG::SpeculativeJIT::emitCall):
1075         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1076         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1077
1078 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1079
1080         Object.freeze broken on latest Nightly
1081         https://bugs.webkit.org/show_bug.cgi?id=80577
1082
1083         Reviewed by Oliver Hunt.
1084
1085         * runtime/Arguments.cpp:
1086         (JSC::Arguments::defineOwnProperty):
1087             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1088             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1089         * runtime/JSFunction.cpp:
1090         (JSC::JSFunction::defineOwnProperty):
1091             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1092             the object must be extensible; this is incorrect since these properties should already exist
1093             on the object. In addition, it was asserting that the arguments/caller values must match the
1094             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1095             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1096
1097 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1098
1099         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1100         https://bugs.webkit.org/show_bug.cgi?id=81559
1101
1102         Reviewed by Michael Saboff.
1103
1104         * llint/LLIntSlowPaths.cpp:
1105         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1106
1107 2012-03-19  Yong Li  <yoli@rim.com>
1108
1109         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1110         https://bugs.webkit.org/show_bug.cgi?id=77013
1111
1112         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1113         implement memory decommitting for QNX.
1114
1115         Reviewed by Rob Buis.
1116
1117         * wtf/OSAllocatorPosix.cpp:
1118         (WTF::OSAllocator::reserveUncommitted):
1119         (WTF::OSAllocator::commit):
1120         (WTF::OSAllocator::decommit):
1121
1122 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1123
1124         Unreviewed - revent a couple of files accidentally committed.
1125
1126         * runtime/Arguments.cpp:
1127         (JSC::Arguments::defineOwnProperty):
1128         * runtime/JSFunction.cpp:
1129         (JSC::JSFunction::defineOwnProperty):
1130
1131 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1132
1133         Another Windows build fix after r111129.
1134
1135         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1136
1137 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1138
1139         Cross-platform processor core counter: fix build on FreeBSD.
1140         https://bugs.webkit.org/show_bug.cgi?id=81482
1141
1142         Reviewed by Zoltan Herczeg.
1143
1144         The documentation of sysctl(3) shows that <sys/types.h> should be
1145         included before <sys/sysctl.h> (sys/types.h tends to be the first
1146         included header in general).
1147
1148         This should fix the build on FreeBSD and other systems where
1149         sysctl.h really depends on types defined in types.h.
1150
1151         * wtf/NumberOfCores.cpp:
1152
1153 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1154
1155         Windows build fix after r111129.
1156
1157         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1158
1159 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1160
1161         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1162         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1163
1164         Reviewed by Oliver Hunt.
1165
1166         The API specifies that convertToType may opt not to handle a conversion:
1167             "@result The objects's converted value, or NULL if the object was not converted."
1168         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1169         conversion functions, and failing that call the JSObject::defaultValue function.
1170
1171         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1172         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1173         bug#73368, these will return the result from the first convertToType they find, regardless
1174         of whether this result is null, and if no convertToType method is found in the api class
1175         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1176         chain), they will also return a null pointer. This is unsafe.
1177
1178         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1179         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1180         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1181         Making the fallback work with toString/valueOf methods attached to api objects is probably
1182         not the right thing to do – instead, we should just implement the defaultValue trap for api
1183         objects.
1184
1185         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1186         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1187
1188         * API/JSCallbackFunction.cpp:
1189         (JSC::JSCallbackFunction::call):
1190             - Should be null checking the return value.
1191         (JSC):
1192             - Remove toStringCallback/valueOfCallback.
1193         * API/JSCallbackFunction.h:
1194         (JSCallbackFunction):
1195             - Remove toStringCallback/valueOfCallback.
1196         * API/JSCallbackObject.h:
1197         (JSCallbackObject):
1198             - Add defaultValue mthods to JSCallbackObject.
1199         * API/JSCallbackObjectFunctions.h:
1200         (JSC::::defaultValue):
1201             - Add defaultValue mthods to JSCallbackObject.
1202         * API/JSClassRef.cpp:
1203         (OpaqueJSClass::prototype):
1204             - Remove toStringCallback/valueOfCallback.
1205         * API/tests/testapi.js:
1206             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1207
1208 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1209
1210         [EFL] Include ICU_INCLUDE_DIRS when building.
1211         https://bugs.webkit.org/show_bug.cgi?id=81483
1212
1213         Reviewed by Daniel Bates.
1214
1215         So far, only the ICU libraries were being included when building
1216         JavaScriptCore, however the include path is also needed, otherwise the
1217         build will fail when ICU is installed into a non-standard location.
1218
1219         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1220
1221 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1222
1223         Strength reduction, RegExp.exec -> RegExp.test
1224         https://bugs.webkit.org/show_bug.cgi?id=81459
1225
1226         Reviewed by Sam Weinig.
1227
1228         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1229         expression for a match against a string - however exec is more expensive, since
1230         it allocates a matches array object. In cases where the result is consumed in a
1231         boolean context the allocation of the matches array can be trivially elided.
1232
1233         For example:
1234             function f()
1235             {
1236                 for (i =0; i < 10000000; ++i)
1237                     if(!/a/.exec("a"))
1238                         err = true;
1239             }
1240
1241         This is a 2.5x speedup on this example microbenchmark loop.
1242
1243         In a more advanced form of this optimization, we may be able to avoid allocating
1244         the array where access to the array can be observed.
1245
1246         * create_hash_table:
1247         * dfg/DFGAbstractState.cpp:
1248         (JSC::DFG::AbstractState::execute):
1249         * dfg/DFGByteCodeParser.cpp:
1250         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1251         * dfg/DFGNode.h:
1252         (JSC::DFG::Node::hasHeapPrediction):
1253         * dfg/DFGNodeType.h:
1254         (DFG):
1255         * dfg/DFGOperations.cpp:
1256         * dfg/DFGOperations.h:
1257         * dfg/DFGPredictionPropagationPhase.cpp:
1258         (JSC::DFG::PredictionPropagationPhase::propagate):
1259         * dfg/DFGSpeculativeJIT.cpp:
1260         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1261         (DFG):
1262         * dfg/DFGSpeculativeJIT.h:
1263         (JSC::DFG::SpeculativeJIT::callOperation):
1264         * dfg/DFGSpeculativeJIT32_64.cpp:
1265         (JSC::DFG::SpeculativeJIT::compile):
1266         * dfg/DFGSpeculativeJIT64.cpp:
1267         (JSC::DFG::SpeculativeJIT::compile):
1268         * jsc.cpp:
1269         (GlobalObject::addConstructableFunction):
1270         * runtime/Intrinsic.h:
1271         * runtime/JSFunction.cpp:
1272         (JSC::JSFunction::create):
1273         (JSC):
1274         * runtime/JSFunction.h:
1275         (JSFunction):
1276         * runtime/Lookup.cpp:
1277         (JSC::setUpStaticFunctionSlot):
1278         * runtime/RegExpObject.cpp:
1279         (JSC::RegExpObject::exec):
1280         (JSC::RegExpObject::match):
1281         * runtime/RegExpObject.h:
1282         (RegExpObject):
1283         * runtime/RegExpPrototype.cpp:
1284         (JSC::regExpProtoFuncTest):
1285         (JSC::regExpProtoFuncExec):
1286
1287 2012-03-16  Michael Saboff  <msaboff@apple.com>
1288
1289         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1290         https://bugs.webkit.org/show_bug.cgi?id=81244
1291
1292         Rubber stamped by Filip Pizlo.
1293
1294         Changed type and name of JSGlobalData::m_isInitializingObject to
1295         ClassInfo* and m_initializingObjectClass.
1296         Changed JSGlobalData::setInitializingObject to
1297         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1298         the debugger to determine what type of object is being initialized.
1299         
1300         * runtime/JSCell.h:
1301         (JSC::JSCell::finishCreation):
1302         (JSC::allocateCell):
1303         * runtime/JSGlobalData.cpp:
1304         (JSC::JSGlobalData::JSGlobalData):
1305         * runtime/JSGlobalData.h:
1306         (JSGlobalData):
1307         (JSC::JSGlobalData::isInitializingObject):
1308         (JSC::JSGlobalData::setInitializingObjectClass):
1309         * runtime/Structure.h:
1310         (JSC::JSCell::finishCreation):
1311
1312 2012-03-16  Mark Rowe  <mrowe@apple.com>
1313
1314         Build fix. Do not preserve owner and group information when installing the WTF headers.
1315
1316         * JavaScriptCore.xcodeproj/project.pbxproj:
1317
1318 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1319
1320         Make the array pointer parameters in the Typed Array create() methods const.
1321         https://bugs.webkit.org/show_bug.cgi?id=81147
1322
1323         Reviewed by Kenneth Russell.
1324
1325         This allows const arrays to be passed to these methods.
1326         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1327
1328         * wtf/Int16Array.h:
1329         (Int16Array):
1330         (WTF::Int16Array::create):
1331         * wtf/Int32Array.h:
1332         (Int32Array):
1333         (WTF::Int32Array::create):
1334         * wtf/Int8Array.h:
1335         (Int8Array):
1336         (WTF::Int8Array::create):
1337         * wtf/Uint16Array.h:
1338         (Uint16Array):
1339         (WTF::Uint16Array::create):
1340         * wtf/Uint32Array.h:
1341         (Uint32Array):
1342         (WTF::Uint32Array::create):
1343         * wtf/Uint8Array.h:
1344         (Uint8Array):
1345         (WTF::Uint8Array::create):
1346         * wtf/Uint8ClampedArray.h:
1347         (Uint8ClampedArray):
1348         (WTF::Uint8ClampedArray::create):
1349
1350 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1351
1352         CopiedSpace::tryAllocateOversize assumes system page size
1353         https://bugs.webkit.org/show_bug.cgi?id=80615
1354
1355         Reviewed by Geoffrey Garen.
1356
1357         * heap/CopiedSpace.cpp:
1358         (JSC::CopiedSpace::tryAllocateOversize):
1359         * heap/CopiedSpace.h:
1360         (CopiedSpace):
1361         * heap/CopiedSpaceInlineMethods.h:
1362         (JSC::CopiedSpace::oversizeBlockFor):
1363         * wtf/BumpPointerAllocator.h:
1364         (WTF::BumpPointerPool::create):
1365         * wtf/StdLibExtras.h:
1366         (WTF::roundUpToMultipleOf):
1367
1368 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1369
1370         Fixing Windows build breakage
1371
1372         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1373
1374 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1375
1376         [EFL] Make zlib a general build requirement
1377         https://bugs.webkit.org/show_bug.cgi?id=80153
1378
1379         Reviewed by Hajime Morita.
1380
1381         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1382
1383         * wtf/Platform.h:
1384
1385 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1386
1387         NumericStrings should be inlined
1388         https://bugs.webkit.org/show_bug.cgi?id=81183
1389
1390         Reviewed by Gavin Barraclough.
1391
1392         NumericStrings is not always inlined. When it is not, the class is not faster
1393         than using UString::number() directly.
1394
1395         * runtime/NumericStrings.h:
1396         (JSC::NumericStrings::add):
1397         (JSC::NumericStrings::lookupSmallString):
1398
1399 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1400
1401         Fix ARM build after r110792.
1402
1403         Unreviewed build fix.
1404
1405         * jit/ExecutableAllocator.h:
1406         (JSC::ExecutableAllocator::cacheFlush):
1407         Remove superfluous curly brackets.
1408
1409 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1410
1411         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1412         https://bugs.webkit.org/show_bug.cgi?id=81256
1413
1414         Reviewed by Oliver Hunt.
1415
1416         This is a 0.5% sunspider progression.
1417
1418         * assembler/MacroAssemblerARMv7.h:
1419         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1420             - switch which form of vmov we use.
1421
1422 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1423
1424         [EFL] Add OwnPtr specialization for Ecore_Timer.
1425         https://bugs.webkit.org/show_bug.cgi?id=80119
1426
1427         Reviewed by Hajime Morita.
1428
1429         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1430
1431         * wtf/OwnPtrCommon.h:
1432         (WTF):
1433         * wtf/efl/OwnPtrEfl.cpp:
1434         (WTF::deleteOwnedPtr):
1435         (WTF):
1436
1437 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1438
1439         Linux has madvise enough to support OSAllocator::commit/decommit
1440         https://bugs.webkit.org/show_bug.cgi?id=80505
1441
1442         Reviewed by Geoffrey Garen.
1443
1444         * wtf/OSAllocatorPosix.cpp:
1445         (WTF::OSAllocator::reserveUncommitted):
1446         (WTF::OSAllocator::commit):
1447         (WTF::OSAllocator::decommit):
1448
1449 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1450
1451         Windows build fix.
1452
1453         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1454         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1455         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1456         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1457
1458 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1459
1460         Windows build fix.
1461
1462         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1463
1464 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1465
1466         Move wx port to using export macros
1467         https://bugs.webkit.org/show_bug.cgi?id=77279
1468
1469         Reviewed by Hajime Morita.
1470
1471         * wscript:
1472         * wtf/Platform.h:
1473
1474 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1475
1476         Avoid StringImpl::getData16SlowCase() when sorting array
1477         https://bugs.webkit.org/show_bug.cgi?id=81070
1478
1479         Reviewed by Geoffrey Garen.
1480
1481         The function codePointCompare() is used intensively when sorting strings.
1482         This patch improves its performance by:
1483         -Avoiding character conversion.
1484         -Inlining the function.
1485
1486         This makes Peacekeeper's arrayCombined test 30% faster.
1487
1488         * wtf/text/StringImpl.cpp:
1489         * wtf/text/StringImpl.h:
1490         (WTF):
1491         (WTF::codePointCompare):
1492         (WTF::codePointCompare8):
1493         (WTF::codePointCompare16):
1494         (WTF::codePointCompare8To16):
1495
1496 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1497
1498         Fix memory allocation failed by fastmalloc
1499         https://bugs.webkit.org/show_bug.cgi?id=79614
1500
1501         Reviewed by Geoffrey Garen.
1502
1503         Memory allocation failed even if the heap grows successfully.
1504         It is wrong to get the span only from the large list after the heap grows,
1505         because new span could be added in the normal list.
1506
1507         * wtf/FastMalloc.cpp:
1508         (WTF::TCMalloc_PageHeap::New):
1509
1510 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1511
1512         Run cacheFlush page by page to assure of flushing all the requested ranges
1513         https://bugs.webkit.org/show_bug.cgi?id=77712
1514
1515         Reviewed by Geoffrey Garen.
1516
1517         Current MetaAllocator concept, always coalesces adjacent free spaces,
1518         doesn't meet memory management of Linux kernel.
1519         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1520         Therefore cacheFlush page by page guarantees a flush-requested range.
1521
1522         * jit/ExecutableAllocator.h:
1523         (JSC::ExecutableAllocator::cacheFlush):
1524
1525 2012-03-14  Oliver Hunt  <oliver@apple.com>
1526
1527         Make ARMv7 work again
1528         https://bugs.webkit.org/show_bug.cgi?id=81157
1529
1530         Reviewed by Geoffrey Garen.
1531
1532         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1533         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1534         nefarious purposes.
1535
1536         * assembler/MacroAssembler.h:
1537         (JSC::MacroAssembler::store32):
1538         * assembler/MacroAssemblerARMv7.h:
1539         (MacroAssemblerARMv7):
1540
1541 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1542
1543         Heap::destroy leaks CopiedSpace
1544         https://bugs.webkit.org/show_bug.cgi?id=81055
1545
1546         Reviewed by Geoffrey Garen.
1547
1548         Added a destroy() function to CopiedSpace that moves all normal size 
1549         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1550         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1551         This function is now called in Heap::destroy().
1552
1553         * heap/CopiedSpace.cpp:
1554         (JSC::CopiedSpace::destroy):
1555         (JSC):
1556         * heap/CopiedSpace.h:
1557         (CopiedSpace):
1558         * heap/Heap.cpp:
1559         (JSC::Heap::destroy):
1560
1561 2012-03-14  Andrew Lo  <anlo@rim.com>
1562
1563         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1564         https://bugs.webkit.org/show_bug.cgi?id=81000
1565
1566         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1567
1568         Reviewed by Antonio Gomes.
1569
1570         * wtf/Platform.h:
1571
1572 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1573
1574         ValueToInt32 speculation will cause OSR exits even when it does not have to
1575         https://bugs.webkit.org/show_bug.cgi?id=81068
1576         <rdar://problem/11043926>
1577
1578         Reviewed by Anders Carlsson.
1579         
1580         Two related changes:
1581         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1582            of exiting, if it doesn't know what speculations to perform.
1583         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1584
1585         * dfg/DFGAbstractState.cpp:
1586         (JSC::DFG::AbstractState::execute):
1587         * dfg/DFGNode.h:
1588         (JSC::DFG::Node::shouldSpeculateBoolean):
1589         (Node):
1590         * dfg/DFGSpeculativeJIT.cpp:
1591         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1592
1593 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1594
1595         More Windows build fixing
1596
1597         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1598
1599 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1600
1601         Windows build fix
1602
1603         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1604
1605 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1606
1607         Type conversion of exponential part failed
1608         https://bugs.webkit.org/show_bug.cgi?id=80673
1609
1610         Reviewed by Geoffrey Garen.
1611
1612         * parser/Lexer.cpp:
1613         (JSC::::lex):
1614         * runtime/JSGlobalObjectFunctions.cpp:
1615         (JSC::parseInt):
1616         (JSC):
1617         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1618         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1619         parameter for strtod to allow trailing spaces.
1620         (JSC::toDouble):
1621         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1622         * runtime/LiteralParser.cpp:
1623         (JSC::::Lexer::lexNumber):
1624         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1625         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1626         * wtf/dtoa.cpp:
1627         (WTF):
1628         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1629         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1630         * wtf/dtoa.h:
1631         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1632         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1633         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1634         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1635         * wtf/text/WTFString.cpp:
1636         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1637
1638 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1639
1640         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1641         Removing the assert for now.
1642
1643         * dfg/DFGOperations.h:
1644         * llint/LLIntSlowPaths.h:
1645
1646 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1647
1648         Functions with C linkage should return POD types
1649         https://bugs.webkit.org/show_bug.cgi?id=81061
1650
1651         Reviewed by Mark Rowe.
1652
1653         * dfg/DFGOperations.h:
1654         * llint/LLIntSlowPaths.h:
1655         (LLInt):
1656         (SlowPathReturnType):
1657         (JSC::LLInt::encodeResult):
1658
1659 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1660
1661         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1662         https://bugs.webkit.org/show_bug.cgi?id=80979
1663         <rdar://problem/11036848>
1664
1665         Reviewed by Oliver Hunt.
1666         
1667         Also improved DFG IR dumping to include type information in a somewhat more
1668         intuitive way.
1669
1670         * bytecode/PredictedType.cpp:
1671         (JSC::predictionToAbbreviatedString):
1672         (JSC):
1673         * bytecode/PredictedType.h:
1674         (JSC):
1675         * dfg/DFGAbstractState.cpp:
1676         (JSC::DFG::AbstractState::execute):
1677         * dfg/DFGGraph.cpp:
1678         (JSC::DFG::Graph::dump):
1679         * dfg/DFGPredictionPropagationPhase.cpp:
1680         (JSC::DFG::PredictionPropagationPhase::propagate):
1681         * dfg/DFGSpeculativeJIT.cpp:
1682         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1683         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1684         * dfg/DFGSpeculativeJIT.h:
1685         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1686
1687 2012-03-13  George Staikos  <staikos@webkit.org>
1688
1689         The callback is only used if SA_RESTART is defined.  Compile it out
1690         otherwise to avoid a warning.
1691         https://bugs.webkit.org/show_bug.cgi?id=80926
1692
1693         Reviewed by Alexey Proskuryakov.
1694
1695         * heap/MachineStackMarker.cpp:
1696         (JSC):
1697
1698 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1699
1700         Dump the generated code for ARM_TRADITIONAL
1701         https://bugs.webkit.org/show_bug.cgi?id=80975
1702
1703         Reviewed by Gavin Barraclough.
1704
1705         * assembler/LinkBuffer.h:
1706         (JSC::LinkBuffer::dumpCode):
1707
1708 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1709
1710         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1711         https://bugs.webkit.org/show_bug.cgi?id=78853
1712
1713         Reviewed by Adam Barth.
1714
1715         * Configurations/FeatureDefines.xcconfig:
1716         * wtf/Platform.h:
1717
1718 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1719
1720         Remove SlotVisitor::copy() method.
1721         https://bugs.webkit.org/show_bug.cgi?id=80973
1722
1723         Reviewed by Geoffrey Garen.
1724
1725         SlotVisitor::copy() method isn't called anywhere.
1726
1727         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1728         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1729
1730 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1731
1732         Fix test cases for RegExp multiline
1733         https://bugs.webkit.org/show_bug.cgi?id=80822
1734
1735         Reviewed by Gavin Barraclough.
1736
1737         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1738         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1739         * tests/mozilla/js1_2/regexp/beginLine.js:
1740         * tests/mozilla/js1_2/regexp/endLine.js:
1741
1742 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1743
1744         Arithmetic use inference should be procedure-global and should run in tandem
1745         with type propagation
1746         https://bugs.webkit.org/show_bug.cgi?id=80819
1747         <rdar://problem/11034006>
1748
1749         Reviewed by Gavin Barraclough.
1750         
1751         * CMakeLists.txt:
1752         * GNUmakefile.list.am:
1753         * JavaScriptCore.xcodeproj/project.pbxproj:
1754         * Target.pri:
1755         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
1756         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
1757         * dfg/DFGDriver.cpp:
1758         (JSC::DFG::compile):
1759         * dfg/DFGPredictionPropagationPhase.cpp:
1760         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1761         (PredictionPropagationPhase):
1762         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1763         (JSC::DFG::PredictionPropagationPhase::propagate):
1764         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1765         * dfg/DFGVariableAccessData.h:
1766         (JSC::DFG::VariableAccessData::VariableAccessData):
1767         (JSC::DFG::VariableAccessData::flags):
1768         (VariableAccessData):
1769         (JSC::DFG::VariableAccessData::mergeFlags):
1770
1771 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1772
1773         Node::op and Node::flags should be private
1774         https://bugs.webkit.org/show_bug.cgi?id=80824
1775         <rdar://problem/11033435>
1776
1777         Reviewed by Gavin Barraclough.
1778
1779         * CMakeLists.txt:
1780         * GNUmakefile.list.am:
1781         * JavaScriptCore.xcodeproj/project.pbxproj:
1782         * Target.pri:
1783         * dfg/DFGAbstractState.cpp:
1784         (JSC::DFG::AbstractState::initialize):
1785         (JSC::DFG::AbstractState::execute):
1786         (JSC::DFG::AbstractState::mergeStateAtTail):
1787         (JSC::DFG::AbstractState::mergeToSuccessors):
1788         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1789         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1790         * dfg/DFGByteCodeParser.cpp:
1791         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
1792         (JSC::DFG::ByteCodeParser::getLocal):
1793         (JSC::DFG::ByteCodeParser::getArgument):
1794         (JSC::DFG::ByteCodeParser::flushArgument):
1795         (JSC::DFG::ByteCodeParser::toInt32):
1796         (JSC::DFG::ByteCodeParser::isJSConstant):
1797         (JSC::DFG::ByteCodeParser::makeSafe):
1798         (JSC::DFG::ByteCodeParser::makeDivSafe):
1799         (JSC::DFG::ByteCodeParser::handleInlining):
1800         (JSC::DFG::ByteCodeParser::parseBlock):
1801         (JSC::DFG::ByteCodeParser::processPhiStack):
1802         (JSC::DFG::ByteCodeParser::linkBlock):
1803         * dfg/DFGCFAPhase.cpp:
1804         (JSC::DFG::CFAPhase::performBlockCFA):
1805         * dfg/DFGCSEPhase.cpp:
1806         (JSC::DFG::CSEPhase::canonicalize):
1807         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1808         (JSC::DFG::CSEPhase::pureCSE):
1809         (JSC::DFG::CSEPhase::byValIsPure):
1810         (JSC::DFG::CSEPhase::clobbersWorld):
1811         (JSC::DFG::CSEPhase::impureCSE):
1812         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1813         (JSC::DFG::CSEPhase::getByValLoadElimination):
1814         (JSC::DFG::CSEPhase::checkFunctionElimination):
1815         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1816         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1817         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1818         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1819         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1820         (JSC::DFG::CSEPhase::performNodeCSE):
1821         * dfg/DFGGraph.cpp:
1822         (JSC::DFG::Graph::dump):
1823         (DFG):
1824         * dfg/DFGGraph.h:
1825         (JSC::DFG::Graph::addShouldSpeculateInteger):
1826         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1827         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1828         * dfg/DFGNode.cpp: Removed.
1829         * dfg/DFGNode.h:
1830         (DFG):
1831         (JSC::DFG::Node::Node):
1832         (Node):
1833         (JSC::DFG::Node::op):
1834         (JSC::DFG::Node::flags):
1835         (JSC::DFG::Node::setOp):
1836         (JSC::DFG::Node::setFlags):
1837         (JSC::DFG::Node::mergeFlags):
1838         (JSC::DFG::Node::filterFlags):
1839         (JSC::DFG::Node::clearFlags):
1840         (JSC::DFG::Node::setOpAndDefaultFlags):
1841         (JSC::DFG::Node::mustGenerate):
1842         (JSC::DFG::Node::isConstant):
1843         (JSC::DFG::Node::isWeakConstant):
1844         (JSC::DFG::Node::valueOfJSConstant):
1845         (JSC::DFG::Node::hasVariableAccessData):
1846         (JSC::DFG::Node::hasIdentifier):
1847         (JSC::DFG::Node::resolveGlobalDataIndex):
1848         (JSC::DFG::Node::hasArithNodeFlags):
1849         (JSC::DFG::Node::arithNodeFlags):
1850         (JSC::DFG::Node::setArithNodeFlag):
1851         (JSC::DFG::Node::mergeArithNodeFlags):
1852         (JSC::DFG::Node::hasConstantBuffer):
1853         (JSC::DFG::Node::hasRegexpIndex):
1854         (JSC::DFG::Node::hasVarNumber):
1855         (JSC::DFG::Node::hasScopeChainDepth):
1856         (JSC::DFG::Node::hasResult):
1857         (JSC::DFG::Node::hasInt32Result):
1858         (JSC::DFG::Node::hasNumberResult):
1859         (JSC::DFG::Node::hasJSResult):
1860         (JSC::DFG::Node::hasBooleanResult):
1861         (JSC::DFG::Node::isJump):
1862         (JSC::DFG::Node::isBranch):
1863         (JSC::DFG::Node::isTerminal):
1864         (JSC::DFG::Node::hasHeapPrediction):
1865         (JSC::DFG::Node::hasFunctionCheckData):
1866         (JSC::DFG::Node::hasStructureTransitionData):
1867         (JSC::DFG::Node::hasStructureSet):
1868         (JSC::DFG::Node::hasStorageAccessData):
1869         (JSC::DFG::Node::hasFunctionDeclIndex):
1870         (JSC::DFG::Node::hasFunctionExprIndex):
1871         (JSC::DFG::Node::child1):
1872         (JSC::DFG::Node::child2):
1873         (JSC::DFG::Node::child3):
1874         (JSC::DFG::Node::firstChild):
1875         (JSC::DFG::Node::numChildren):
1876         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
1877         * dfg/DFGNodeFlags.h: Added.
1878         (DFG):
1879         (JSC::DFG::nodeUsedAsNumber):
1880         (JSC::DFG::nodeCanTruncateInteger):
1881         (JSC::DFG::nodeCanIgnoreNegativeZero):
1882         (JSC::DFG::nodeMayOverflow):
1883         (JSC::DFG::nodeCanSpeculateInteger):
1884         * dfg/DFGNodeType.h: Added.
1885         (DFG):
1886         (JSC::DFG::defaultFlags):
1887         * dfg/DFGPredictionPropagationPhase.cpp:
1888         (JSC::DFG::PredictionPropagationPhase::propagate):
1889         (JSC::DFG::PredictionPropagationPhase::vote):
1890         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1891         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1892         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1893         (JSC::DFG::RedundantPhiEliminationPhase::run):
1894         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1895         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1896         * dfg/DFGSpeculativeJIT.cpp:
1897         (JSC::DFG::SpeculativeJIT::useChildren):
1898         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1899         (JSC::DFG::SpeculativeJIT::compileMovHint):
1900         (JSC::DFG::SpeculativeJIT::compile):
1901         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1902         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1903         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1904         (JSC::DFG::SpeculativeJIT::compileAdd):
1905         (JSC::DFG::SpeculativeJIT::compare):
1906         * dfg/DFGSpeculativeJIT.h:
1907         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1908         * dfg/DFGSpeculativeJIT32_64.cpp:
1909         (JSC::DFG::SpeculativeJIT::emitCall):
1910         (JSC::DFG::SpeculativeJIT::compile):
1911         * dfg/DFGSpeculativeJIT64.cpp:
1912         (JSC::DFG::SpeculativeJIT::emitCall):
1913         (JSC::DFG::SpeculativeJIT::compile):
1914         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1915         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1916
1917 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1918
1919         Minor DataLog fixes
1920         https://bugs.webkit.org/show_bug.cgi?id=80826
1921
1922         Reviewed by Andreas Kling.
1923
1924         * bytecode/ExecutionCounter.cpp:
1925         Do not include DataLog.h, it is not used.
1926         
1927         * jit/ExecutableAllocator.cpp:
1928         Ditto.
1929
1930         * wtf/DataLog.cpp:
1931         (WTF::initializeLogFileOnce):
1932         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
1933
1934         * wtf/HashTable.cpp:
1935         Include DataLog as it is used.
1936
1937 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
1938
1939         Integer overflow check code in arithmetic operation in classic interpreter
1940         https://bugs.webkit.org/show_bug.cgi?id=80465
1941
1942         Reviewed by Gavin Barraclough.
1943
1944         * interpreter/Interpreter.cpp:
1945         (JSC::Interpreter::privateExecute):
1946
1947 2012-03-12  Zeno Albisser  <zeno@webkit.org>
1948
1949         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
1950         https://bugs.webkit.org/show_bug.cgi?id=80827
1951
1952         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
1953
1954         Reviewed by Simon Hausmann.
1955
1956         * wtf/Platform.h:
1957
1958 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
1959
1960         Unreviewed prospective Qt/Mac build fix
1961
1962         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
1963         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
1964         constructor.
1965
1966 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1967
1968         All DFG nodes should have a mutable set of flags
1969         https://bugs.webkit.org/show_bug.cgi?id=80779
1970         <rdar://problem/11026218>
1971
1972         Reviewed by Gavin Barraclough.
1973         
1974         Got rid of NodeId, and placed all of the flags that distinguished NodeId
1975         from NodeType into a separate Node::flags field. Combined what was previously
1976         ArithNodeFlags into Node::flags.
1977         
1978         In the process of debugging, I found that the debug support in the virtual
1979         register allocator was lacking, so I improved it. I also realized that the
1980         virtual register allocator was assuming that the nodes in a basic block were
1981         contiguous, which is no longer the case. So I fixed that. The fix also made
1982         it natural to have more extreme assertions, so I added them. I suspect this
1983         will make it easier to catch virtual register allocation bugs in the future.
1984         
1985         This is mostly performance neutral; if anything it looks like a slight
1986         speed-up.
1987         
1988         This patch does leave some work for future refactorings; for example, Node::op
1989         is unencapsulated. This was already the case, though now it feels even more
1990         like it should be. I avoided doing that because this patch has already grown
1991         way bigger than I wanted.
1992         
1993         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
1994         move some unnecessarily inline stuff out of DFGNode.h.
1995
1996         * CMakeLists.txt:
1997         * GNUmakefile.list.am:
1998         * JavaScriptCore.xcodeproj/project.pbxproj:
1999         * Target.pri:
2000         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2001         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2002         * dfg/DFGByteCodeParser.cpp:
2003         (JSC::DFG::ByteCodeParser::addToGraph):
2004         (JSC::DFG::ByteCodeParser::makeSafe):
2005         (JSC::DFG::ByteCodeParser::makeDivSafe):
2006         (JSC::DFG::ByteCodeParser::handleMinMax):
2007         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2008         (JSC::DFG::ByteCodeParser::parseBlock):
2009         * dfg/DFGCFAPhase.cpp:
2010         (JSC::DFG::CFAPhase::performBlockCFA):
2011         * dfg/DFGCSEPhase.cpp:
2012         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2013         (JSC::DFG::CSEPhase::pureCSE):
2014         (JSC::DFG::CSEPhase::clobbersWorld):
2015         (JSC::DFG::CSEPhase::impureCSE):
2016         (JSC::DFG::CSEPhase::setReplacement):
2017         (JSC::DFG::CSEPhase::eliminate):
2018         (JSC::DFG::CSEPhase::performNodeCSE):
2019         (JSC::DFG::CSEPhase::performBlockCSE):
2020         (CSEPhase):
2021         * dfg/DFGGraph.cpp:
2022         (JSC::DFG::Graph::opName):
2023         (JSC::DFG::Graph::dump):
2024         (DFG):
2025         * dfg/DFGNode.cpp: Added.
2026         (DFG):
2027         (JSC::DFG::arithNodeFlagsAsString):
2028         * dfg/DFGNode.h:
2029         (DFG):
2030         (JSC::DFG::nodeUsedAsNumber):
2031         (JSC::DFG::nodeCanTruncateInteger):
2032         (JSC::DFG::nodeCanIgnoreNegativeZero):
2033         (JSC::DFG::nodeMayOverflow):
2034         (JSC::DFG::nodeCanSpeculateInteger):
2035         (JSC::DFG::defaultFlags):
2036         (JSC::DFG::Node::Node):
2037         (Node):
2038         (JSC::DFG::Node::setOpAndDefaultFlags):
2039         (JSC::DFG::Node::mustGenerate):
2040         (JSC::DFG::Node::arithNodeFlags):
2041         (JSC::DFG::Node::setArithNodeFlag):
2042         (JSC::DFG::Node::mergeArithNodeFlags):
2043         (JSC::DFG::Node::hasResult):
2044         (JSC::DFG::Node::hasInt32Result):
2045         (JSC::DFG::Node::hasNumberResult):
2046         (JSC::DFG::Node::hasJSResult):
2047         (JSC::DFG::Node::hasBooleanResult):
2048         (JSC::DFG::Node::isJump):
2049         (JSC::DFG::Node::isBranch):
2050         (JSC::DFG::Node::isTerminal):
2051         (JSC::DFG::Node::child1):
2052         (JSC::DFG::Node::child2):
2053         (JSC::DFG::Node::child3):
2054         (JSC::DFG::Node::firstChild):
2055         (JSC::DFG::Node::numChildren):
2056         * dfg/DFGPredictionPropagationPhase.cpp:
2057         (JSC::DFG::PredictionPropagationPhase::propagate):
2058         (JSC::DFG::PredictionPropagationPhase::vote):
2059         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2060         * dfg/DFGScoreBoard.h:
2061         (ScoreBoard):
2062         (JSC::DFG::ScoreBoard::~ScoreBoard):
2063         (JSC::DFG::ScoreBoard::assertClear):
2064         (JSC::DFG::ScoreBoard::use):
2065         * dfg/DFGSpeculativeJIT.cpp:
2066         (JSC::DFG::SpeculativeJIT::useChildren):
2067         * dfg/DFGSpeculativeJIT32_64.cpp:
2068         (JSC::DFG::SpeculativeJIT::compile):
2069         * dfg/DFGSpeculativeJIT64.cpp:
2070         (JSC::DFG::SpeculativeJIT::compile):
2071         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2072         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2073
2074 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2075
2076         LLInt should support JSVALUE64
2077         https://bugs.webkit.org/show_bug.cgi?id=79609
2078         <rdar://problem/10063437>
2079
2080         Reviewed by Gavin Barraclough and Oliver Hunt.
2081         
2082         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2083         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2084         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2085         specialized for value representation.
2086         
2087         Also made some minor changes to offlineasm and the slow-paths.
2088
2089         * llint/LLIntData.cpp:
2090         (JSC::LLInt::Data::performAssertions):
2091         * llint/LLIntEntrypoints.cpp:
2092         * llint/LLIntSlowPaths.cpp:
2093         (LLInt):
2094         (JSC::LLInt::llint_trace_value):
2095         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2096         (JSC::LLInt::jitCompileAndSetHeuristics):
2097         * llint/LLIntSlowPaths.h:
2098         (LLInt):
2099         (SlowPathReturnType):
2100         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2101         (JSC::LLInt::encodeResult):
2102         * llint/LLIntThunks.cpp:
2103         * llint/LowLevelInterpreter.asm:
2104         * llint/LowLevelInterpreter32_64.asm:
2105         * llint/LowLevelInterpreter64.asm:
2106         * offlineasm/armv7.rb:
2107         * offlineasm/asm.rb:
2108         * offlineasm/ast.rb:
2109         * offlineasm/backends.rb:
2110         * offlineasm/instructions.rb:
2111         * offlineasm/parser.rb:
2112         * offlineasm/registers.rb:
2113         * offlineasm/transform.rb:
2114         * offlineasm/x86.rb:
2115         * wtf/Platform.h:
2116
2117 2012-03-10  Yong Li  <yoli@rim.com>
2118
2119         Web Worker crashes with WX_EXCLUSIVE
2120         https://bugs.webkit.org/show_bug.cgi?id=80532
2121
2122         Let each JS global object own a meta allocator
2123         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2124         Also fix a mutex leak in MetaAllocator's dtor.
2125
2126         Reviewed by Filip Pizlo.
2127
2128         * jit/ExecutableAllocator.cpp:
2129         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2130         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2131         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2132         (DemandExecutableAllocator):
2133         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2134         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2135         (JSC::DemandExecutableAllocator::allocateNewSpace):
2136         (JSC::DemandExecutableAllocator::allocators):
2137         (JSC::DemandExecutableAllocator::allocatorsMutex):
2138         (JSC):
2139         (JSC::ExecutableAllocator::initializeAllocator):
2140         (JSC::ExecutableAllocator::ExecutableAllocator):
2141         (JSC::ExecutableAllocator::underMemoryPressure):
2142         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2143         (JSC::ExecutableAllocator::allocate):
2144         (JSC::ExecutableAllocator::committedByteCount):
2145         (JSC::ExecutableAllocator::dumpProfile):
2146         * jit/ExecutableAllocator.h:
2147         (JSC):
2148         (ExecutableAllocator):
2149         (JSC::ExecutableAllocator::allocator):
2150         * wtf/MetaAllocator.h:
2151         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2152         * wtf/TCSpinLock.h:
2153         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2154
2155 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2156
2157         Object.freeze broken on latest Nightly
2158         https://bugs.webkit.org/show_bug.cgi?id=80577
2159
2160         Reviewed by Oliver Hunt.
2161
2162         The problem here is that deleteProperty rejects deletion of prototype.
2163         This is correct in most cases, however defineOwnPropery is presently
2164         implemented internally to ensure the attributes change by deleting the
2165         old property, and creating a new one.
2166
2167         * runtime/JSFunction.cpp:
2168         (JSC::JSFunction::deleteProperty):
2169             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2170
2171 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2172
2173         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2174         https://bugs.webkit.org/show_bug.cgi?id=80663
2175
2176         Reviewed by Michael Saboff.
2177
2178         The bug here is actually that we're continuing to process the array after an exception
2179         has been thrown, and that the second value throw is overriding the first.
2180
2181         * runtime/ArrayPrototype.cpp:
2182         (JSC::arrayProtoFuncToLocaleString):
2183
2184 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2185
2186         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2187         https://bugs.webkit.org/show_bug.cgi?id=80080
2188
2189         Reviewed by Filip Pizlo.
2190
2191         * bytecode/SamplingTool.cpp:
2192         (JSC::SamplingRegion::Locker::Locker):
2193         (JSC::SamplingRegion::Locker::~Locker):
2194         * bytecode/SamplingTool.h:
2195         (JSC::SamplingRegion::exchangeCurrent):
2196         * wtf/Atomics.h:
2197         (WTF):
2198         (WTF::weakCompareAndSwap):
2199         (WTF::weakCompareAndSwapUIntPtr):
2200
2201 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2202
2203         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2204         https://bugs.webkit.org/show_bug.cgi?id=49989
2205
2206         Reviewed by Oliver Hunt.
2207
2208         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2209         allow the year to appear before the timezone in date strings.
2210
2211         * wtf/DateMath.cpp:
2212         (WTF::parseDateFromNullTerminatedCharacters):
2213
2214 2012-03-09  Mark Rowe  <mrowe@apple.com>
2215
2216         Ensure that the WTF headers are copied at installhdrs time.
2217
2218         Reviewed by Dan Bernstein and Jessie Berlin.
2219
2220         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2221         so that our script phases are invoked at installhdrs time. The only one that
2222         does any useful work at that time is the one that installs WTF headers.
2223
2224 2012-03-09  Jon Lee  <jonlee@apple.com>
2225
2226         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2227         https://bugs.webkit.org/show_bug.cgi?id=80497
2228
2229         Reviewed by Adam Barth.
2230
2231         Prep for b80472: Update API for Web Notifications
2232         * Configurations/FeatureDefines.xcconfig:
2233
2234 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2235
2236         Bash scripts should support LF endings only
2237         https://bugs.webkit.org/show_bug.cgi?id=79509
2238
2239         Reviewed by David Kilzer.
2240
2241         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2242         * gyp/run-if-exists.sh: Added property svn:eol-style.
2243         * gyp/update-info-plist.sh: Added property svn:eol-style.
2244
2245 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2246
2247         Windows debug build fix.
2248
2249         * assembler/MacroAssembler.h:
2250         (JSC::MacroAssembler::shouldBlind):
2251         Fix unreachable code warnings (which we treat as errors).
2252
2253 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2254
2255         Reviewed by Zoltan Herczeg.
2256
2257         [Qt] Fix the SH4 build after r109834
2258         https://bugs.webkit.org/show_bug.cgi?id=80492
2259
2260         * assembler/MacroAssemblerSH4.h:
2261         (JSC::MacroAssemblerSH4::branchAdd32):
2262         (JSC::MacroAssemblerSH4::branchSub32):
2263
2264 2012-03-09  Andy Wingo  <wingo@igalia.com>
2265
2266         Refactor code feature analysis in the parser
2267         https://bugs.webkit.org/show_bug.cgi?id=79112
2268
2269         Reviewed by Geoffrey Garen.
2270
2271         This commit refactors the parser to more uniformly propagate flag
2272         bits down and up the parse process, as the parser descends and
2273         returns into nested blocks.  Some flags get passed town to
2274         subscopes, some apply to specific scopes only, and some get
2275         unioned up after parsing subscopes.
2276
2277         The goal is to eventually be very precise with scoping
2278         information, once we have block scopes: one block scope might use
2279         `eval', which would require the emission of a symbol table within
2280         that block and containing blocks, whereas another block in the
2281         same function might not, allowing us to not emit a symbol table.
2282
2283         * parser/Nodes.h:
2284         (JSC::ScopeFlags): Rename from CodeFeatures.
2285         (JSC::ScopeNode::addScopeFlags):
2286         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2287         (JSC::ScopeNode::isStrictMode):
2288         (JSC::ScopeNode::usesEval):
2289         (JSC::ScopeNode::usesArguments):
2290         (JSC::ScopeNode::setUsesArguments):
2291         (JSC::ScopeNode::usesThis):
2292         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2293         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2294         operate on the m_scopeFlags member.
2295         (JSC::ScopeNode::source):
2296         (JSC::ScopeNode::sourceURL):
2297         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2298         semantic change.
2299         (JSC::ScopeNode::ScopeNode)
2300         (JSC::ProgramNode::ProgramNode)
2301         (JSC::EvalNode::EvalNode)
2302         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2303         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2304
2305         * parser/Nodes.cpp:
2306         (JSC::ScopeNode::ScopeNode):
2307         (JSC::ProgramNode::ProgramNode):
2308         (JSC::ProgramNode::create):
2309         (JSC::EvalNode::EvalNode):
2310         (JSC::EvalNode::create):
2311         (JSC::FunctionBodyNode::FunctionBodyNode):
2312         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2313
2314         * parser/ASTBuilder.h:
2315         (JSC::ASTBuilder::ASTBuilder):
2316         (JSC::ASTBuilder::thisExpr):
2317         (JSC::ASTBuilder::createResolve):
2318         (JSC::ASTBuilder::createFunctionBody):
2319         (JSC::ASTBuilder::createFuncDeclStatement):
2320         (JSC::ASTBuilder::createTryStatement):
2321         (JSC::ASTBuilder::createWithStatement):
2322         (JSC::ASTBuilder::addVar):
2323         (JSC::ASTBuilder::Scope::Scope):
2324         (Scope):
2325         (ASTBuilder):
2326         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2327         features here.  Instead rely on the base Parser mechanism to track
2328         features.
2329
2330         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2331
2332         * parser/Parser.h:
2333         (JSC::Scope::Scope): Manage scope through flags, not
2334         bit-booleans.  This lets us uniformly propagate them up and down.
2335         (JSC::Scope::declareWrite):
2336         (JSC::Scope::declareParameter):
2337         (JSC::Scope::useVariable):
2338         (JSC::Scope::collectFreeVariables):
2339         (JSC::Scope::getCapturedVariables):
2340         (JSC::Scope::saveFunctionInfo):
2341         (JSC::Scope::restoreFunctionInfo):
2342         (JSC::Parser::pushScope): Adapt to use scope flags and their
2343         accessors instead of bit-booleans.
2344         * parser/Parser.cpp:
2345         (JSC::::Parser):
2346         (JSC::::parseInner):
2347         (JSC::::didFinishParsing):
2348         (JSC::::parseSourceElements):
2349         (JSC::::parseVarDeclarationList):
2350         (JSC::::parseConstDeclarationList):
2351         (JSC::::parseWithStatement):
2352         (JSC::::parseTryStatement):
2353         (JSC::::parseFunctionBody):
2354         (JSC::::parseFunctionInfo):
2355         (JSC::::parseFunctionDeclaration):
2356         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2357         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2358         Does not seem to have a performance impact.
2359
2360         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2361         Cache the scopeflags.
2362         * parser/SyntaxChecker.h: Remove evalCount() decl.
2363
2364         * runtime/Executable.cpp:
2365         (JSC::EvalExecutable::compileInternal):
2366         (JSC::ProgramExecutable::compileInternal):
2367         (JSC::FunctionExecutable::produceCodeBlockFor):
2368         * runtime/Executable.h:
2369         (JSC::ScriptExecutable::ScriptExecutable):
2370         (JSC::ScriptExecutable::usesEval):
2371         (JSC::ScriptExecutable::usesArguments):
2372         (JSC::ScriptExecutable::needsActivation):
2373         (JSC::ScriptExecutable::isStrictMode):
2374         (JSC::ScriptExecutable::recordParse):
2375         (ScriptExecutable): ScopeFlags, not features.
2376
2377 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2378
2379         Build fix for MSVC after r110266
2380
2381         Unreviewed. A #ifdef for MSVC was left over in r110266.
2382
2383         * runtime/RegExpObject.h:
2384         (RegExpObject):
2385
2386 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2387
2388         Allocate the RegExpObject's data with the Cell
2389         https://bugs.webkit.org/show_bug.cgi?id=80654
2390
2391         Reviewed by Gavin Barraclough.
2392
2393         This patch removes the creation of RegExpObject's data to avoid the overhead
2394         create by the allocation and destruction.
2395
2396         We RegExp are created repeatedly, this provides some performance improvment.
2397         The PeaceKeeper test stringDetectBrowser improves by 10%.
2398
2399         * runtime/RegExpObject.cpp:
2400         (JSC::RegExpObject::RegExpObject):
2401         (JSC::RegExpObject::visitChildren):
2402         (JSC::RegExpObject::getOwnPropertyDescriptor):
2403         (JSC::RegExpObject::defineOwnProperty):
2404         (JSC::RegExpObject::match):
2405         * runtime/RegExpObject.h:
2406         (JSC::RegExpObject::setRegExp):
2407         (JSC::RegExpObject::regExp):
2408         (JSC::RegExpObject::setLastIndex):
2409         (JSC::RegExpObject::getLastIndex):
2410         (RegExpObject):
2411
2412 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2413
2414         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2415         https://bugs.webkit.org/show_bug.cgi?id=80657
2416         
2417         Preparation for WTF separation from JavaScriptCore.
2418         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2419         dependencies for generated files.
2420         
2421         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2422         versions of the WTF code independent of the JavaScriptCore code.
2423
2424         Reviewed by Jessie Berlin.
2425
2426         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2427         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2428         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2429         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2430         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2431         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2432         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2433         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2434         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2435         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2436         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2437         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2438         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2439         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2440         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2441         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2442         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2443         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2444         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2445         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2446         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2447
2448 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2449
2450         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2451         https://bugs.webkit.org/show_bug.cgi?id=80652
2452
2453         Reviewed by Eric Seidel.
2454
2455         Fix the header, URLSegments.h is not part of the API.
2456
2457         * wtf/url/api/ParsedURL.h:
2458
2459 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2460
2461         Mac build fix for micro data API.
2462
2463         * Configurations/FeatureDefines.xcconfig:
2464
2465 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2466
2467         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2468         https://bugs.webkit.org/show_bug.cgi?id=26890
2469
2470         Reviewed by Oliver Hunt.
2471
2472         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2473
2474         * runtime/StringPrototype.cpp:
2475         (JSC::replaceUsingRegExpSearch):
2476         (JSC::stringProtoFuncMatch):
2477             - added calls to setLastIndex.
2478
2479 2012-03-08  Matt Lilek  <mrl@apple.com>
2480
2481         Don't enable VIDEO_TRACK on all OS X platforms
2482         https://bugs.webkit.org/show_bug.cgi?id=80635
2483
2484         Reviewed by Eric Carlson.
2485
2486         * Configurations/FeatureDefines.xcconfig:
2487
2488 2012-03-08  Oliver Hunt  <oliver@apple.com>
2489
2490         Build fix.  That day is not today.
2491
2492         * assembler/MacroAssembler.h:
2493         (JSC::MacroAssembler::shouldBlind):
2494         * assembler/MacroAssemblerX86Common.h:
2495         (MacroAssemblerX86Common):
2496         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2497
2498 2012-03-08  Oliver Hunt  <oliver@apple.com>
2499
2500         Build fix. One of these days I'll manage to commit something that works everywhere.
2501
2502         * assembler/AbstractMacroAssembler.h:
2503         (AbstractMacroAssembler):
2504         * assembler/MacroAssemblerARMv7.h:
2505         (MacroAssemblerARMv7):
2506         * assembler/MacroAssemblerX86Common.h:
2507         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2508         (MacroAssemblerX86Common):
2509
2510 2012-03-08  Chao-ying Fu  <fu@mips.com>
2511
2512         Update MIPS patchOffsetGetByIdSlowCaseCall
2513         https://bugs.webkit.org/show_bug.cgi?id=80302
2514
2515         Reviewed by Oliver Hunt.
2516
2517         * jit/JIT.h:
2518         (JIT):
2519
2520 2012-03-08  Oliver Hunt  <oliver@apple.com>
2521
2522         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2523         https://bugs.webkit.org/show_bug.cgi?id=80633
2524
2525         Reviewed by Gavin Barraclough.
2526
2527         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2528         if there isn't a machine specific implementation (otherwise the 64bit value
2529         got truncated and 32bit checks were used -- leaving 32bits untested).
2530         Also add a bit of logic to ensure that we don't try to blind a few common
2531         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2532         unencoded doubles with common "safe" values.
2533
2534         * assembler/AbstractMacroAssembler.h:
2535         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2536         * assembler/MacroAssembler.h:
2537         (JSC::MacroAssembler::shouldBlindDouble):
2538         (MacroAssembler):
2539         (JSC::MacroAssembler::shouldBlind):
2540         * assembler/MacroAssemblerX86Common.h:
2541         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2542
2543 2012-03-08  Mark Rowe  <mrowe@apple.com>
2544
2545         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2546
2547         Reviewed by Dan Bernstein.
2548
2549         * Configurations/Base.xcconfig:
2550
2551 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2552
2553         Fix line endings for copy-files.cmd.
2554         
2555         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2556         In this case, the label :clean wasn't found, breaking the clean build.
2557         
2558         Reviewed by Jessie Berlin.
2559
2560         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2561
2562 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2563
2564         DFG CFA incorrectly handles ValueToInt32
2565         https://bugs.webkit.org/show_bug.cgi?id=80568
2566
2567         Reviewed by Gavin Barraclough.
2568         
2569         Changed it match exactly the decision pattern used in
2570         DFG::SpeculativeJIT::compileValueToInt32
2571
2572         * dfg/DFGAbstractState.cpp:
2573         (JSC::DFG::AbstractState::execute):
2574
2575 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2576
2577         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2578         https://bugs.webkit.org/show_bug.cgi?id=80524
2579
2580         Reviewed by Simon Hausmann.
2581
2582         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2583         of WTF library.
2584
2585         * runtime/Identifier.cpp:
2586         * wtf/WTFThreadData.cpp:
2587         (JSC):
2588         (JSC::IdentifierTable::~IdentifierTable):
2589         (JSC::IdentifierTable::add):
2590
2591 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2592
2593         DFG instruction count threshold should be lifted to 10000
2594         https://bugs.webkit.org/show_bug.cgi?id=80579
2595
2596         Reviewed by Gavin Barraclough.
2597
2598         * runtime/Options.cpp:
2599         (JSC::Options::initializeOptions):
2600
2601 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2602
2603         Incorrect tracking of abstract values of variables forced double
2604         https://bugs.webkit.org/show_bug.cgi?id=80566
2605         <rdar://problem/11001442>
2606
2607         Reviewed by Gavin Barraclough.
2608
2609         * dfg/DFGAbstractState.cpp:
2610         (JSC::DFG::AbstractState::mergeStateAtTail):
2611
2612 2012-03-07  Chao-yng Fu  <fu@mips.com>
2613
2614         [Qt] Fix the MIPS/SH4 build after r109834
2615         https://bugs.webkit.org/show_bug.cgi?id=80492
2616
2617         Reviewed by Oliver Hunt.
2618
2619         Implement three-argument branch(Add,Sub)32.
2620
2621         * assembler/MacroAssemblerMIPS.h:
2622         (JSC::MacroAssemblerMIPS::add32):
2623         (MacroAssemblerMIPS):
2624         (JSC::MacroAssemblerMIPS::sub32):
2625         (JSC::MacroAssemblerMIPS::branchAdd32):
2626         (JSC::MacroAssemblerMIPS::branchSub32):
2627
2628 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2629
2630         Unreviewed, rolling out r110127.
2631         http://trac.webkit.org/changeset/110127
2632         https://bugs.webkit.org/show_bug.cgi?id=80562
2633
2634         compile failed on AppleWin (Requested by ukai on #webkit).
2635
2636         * heap/Heap.cpp:
2637         (JSC::Heap::collectAllGarbage):
2638         * heap/Heap.h:
2639         (JSC):
2640         (Heap):
2641         * runtime/Executable.cpp:
2642         (JSC::FunctionExecutable::FunctionExecutable):
2643         (JSC::FunctionExecutable::finalize):
2644         * runtime/Executable.h:
2645         (FunctionExecutable):
2646         (JSC::FunctionExecutable::create):
2647         * runtime/JSGlobalData.cpp:
2648         (WTF):
2649         (Recompiler):
2650         (WTF::Recompiler::operator()):
2651         (JSC::JSGlobalData::recompileAllJSFunctions):
2652         (JSC):
2653         * runtime/JSGlobalData.h:
2654         (JSGlobalData):
2655         * runtime/JSGlobalObject.cpp:
2656         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2657
2658 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2659
2660         The end atom of the marked block considered to filter invalid cells
2661         https://bugs.webkit.org/show_bug.cgi?id=79191
2662
2663         Reviewed by Geoffrey Garen.
2664
2665         Register file could have stale pointers beyond the end atom of marked block.
2666         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2667
2668         * heap/MarkedBlock.h:
2669         (JSC::MarkedBlock::isLiveCell):
2670
2671 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2672
2673         Clean Windows build fails after r110033
2674         https://bugs.webkit.org/show_bug.cgi?id=80553
2675
2676         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2677
2678         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2679         Place the implementation files next to their header files in the wtf/text subdirectory.
2680         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2681         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2682         Update the path to those implementation files.
2683         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2684         Ditto.
2685
2686 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2687
2688         Eliminate redundant Phis in DFG
2689         https://bugs.webkit.org/show_bug.cgi?id=80415
2690
2691         Reviewed by Filip Pizlo.
2692
2693         Although this may not have any advantage at current stage, this is towards
2694         minimal SSA to make more high level optimizations (like bug 76770) easier.
2695         We have the choices either to build minimal SSA from scratch or to
2696         keep current simple Phi insertion mechanism and remove the redundancy
2697         in another phase. Currently we choose the latter because the change
2698         could be smaller.
2699
2700         * CMakeLists.txt:
2701         * GNUmakefile.list.am:
2702         * JavaScriptCore.xcodeproj/project.pbxproj:
2703         * Target.pri:
2704         * dfg/DFGDriver.cpp:
2705         (JSC::DFG::compile):
2706         * dfg/DFGGraph.cpp:
2707         (JSC::DFG::Graph::dump):
2708         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2709         (DFG):
2710         (RedundantPhiEliminationPhase):
2711         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2712         (JSC::DFG::RedundantPhiEliminationPhase::run):
2713         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2714         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2715         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2716         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2717         (JSC::DFG::performRedundantPhiElimination):
2718         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2719         (DFG):
2720
2721 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2722
2723         Refactor recompileAllJSFunctions() to be less expensive
2724         https://bugs.webkit.org/show_bug.cgi?id=80330
2725
2726         Reviewed by Geoffrey Garen.
2727
2728         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2729         load performance, which currently does at least a couple full GCs per navigation.
2730
2731         * heap/Heap.cpp:
2732         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2733         because the function doesn't actually recompile anything (and never did); it simply throws code
2734         away for it to be recompiled later if we determine we should do so.
2735         (JSC):
2736         (JSC::Heap::collectAllGarbage):
2737         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2738         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2739         * heap/Heap.h:
2740         (JSC):
2741         (Heap):
2742         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2743         be used in DoublyLinkedLists.
2744         (JSC::FunctionExecutable::FunctionExecutable):
2745         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
2746         * runtime/Executable.h:
2747         (FunctionExecutable):
2748         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
2749         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
2750         the list of FunctionExecutables.
2751         * runtime/JSGlobalData.h:
2752         (JSGlobalData):
2753         * runtime/JSGlobalObject.cpp:
2754         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
2755
2756 2012-03-06  Oliver Hunt  <oliver@apple.com>
2757
2758         Further harden 64-bit JIT
2759         https://bugs.webkit.org/show_bug.cgi?id=80457
2760
2761         Reviewed by Filip Pizlo.
2762
2763         This patch implements blinding for ImmPtr.  Rather than xor based blinding
2764         we perform randomised pointer rotations in order to avoid the significant
2765         cost in executable memory that would otherwise be necessary (and to avoid
2766         the need for an additional scratch register in some cases).
2767
2768         As with the prior blinding patch there's a moderate amount of noise as we
2769         correct the use of ImmPtr vs. TrustedImmPtr.
2770
2771         * assembler/AbstractMacroAssembler.h:
2772         (ImmPtr):
2773         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
2774         * assembler/MacroAssembler.h:
2775         (MacroAssembler):
2776         (JSC::MacroAssembler::storePtr):
2777         (JSC::MacroAssembler::branchPtr):
2778         (JSC::MacroAssembler::shouldBlind):
2779         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
2780         (RotatedImmPtr):
2781         (JSC::MacroAssembler::rotationBlindConstant):
2782         (JSC::MacroAssembler::loadRotationBlindedConstant):
2783         (JSC::MacroAssembler::convertInt32ToDouble):
2784         (JSC::MacroAssembler::move):
2785         (JSC::MacroAssembler::poke):
2786         * assembler/MacroAssemblerARMv7.h:
2787         (JSC::MacroAssemblerARMv7::storeDouble):
2788         (JSC::MacroAssemblerARMv7::branchAdd32):
2789         * assembler/MacroAssemblerX86_64.h:
2790         (MacroAssemblerX86_64):
2791         (JSC::MacroAssemblerX86_64::rotateRightPtr):
2792         (JSC::MacroAssemblerX86_64::xorPtr):
2793         * assembler/X86Assembler.h:
2794         (X86Assembler):
2795         (JSC::X86Assembler::xorq_rm):
2796         (JSC::X86Assembler::rorq_i8r):
2797         * dfg/DFGCCallHelpers.h:
2798         (CCallHelpers):
2799         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2800         * dfg/DFGOSRExitCompiler32_64.cpp:
2801         (JSC::DFG::OSRExitCompiler::compileExit):
2802         * dfg/DFGOSRExitCompiler64.cpp:
2803         (JSC::DFG::OSRExitCompiler::compileExit):
2804         * dfg/DFGSpeculativeJIT.cpp:
2805         (JSC::DFG::SpeculativeJIT::createOSREntries):
2806         * dfg/DFGSpeculativeJIT.h:
2807         (JSC::DFG::SpeculativeJIT::silentFillGPR):
2808         (JSC::DFG::SpeculativeJIT::callOperation):
2809         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
2810         * dfg/DFGSpeculativeJIT32_64.cpp:
2811         (JSC::DFG::SpeculativeJIT::compile):
2812         * dfg/DFGSpeculativeJIT64.cpp:
2813         (JSC::DFG::SpeculativeJIT::fillInteger):
2814         (JSC::DFG::SpeculativeJIT::fillDouble):
2815         (JSC::DFG::SpeculativeJIT::fillJSValue):
2816         (JSC::DFG::SpeculativeJIT::emitCall):
2817         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2818         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2819         (JSC::DFG::SpeculativeJIT::emitBranch):
2820         * jit/JIT.cpp:
2821         (JSC::JIT::emitOptimizationCheck):
2822         * jit/JITArithmetic32_64.cpp:
2823         (JSC::JIT::emitSlow_op_post_inc):
2824         * jit/JITInlineMethods.h:
2825         (JSC::JIT::emitValueProfilingSite):
2826         (JSC::JIT::emitGetVirtualRegister):
2827         * jit/JITOpcodes.cpp:
2828         (JSC::JIT::emit_op_mov):
2829         (JSC::JIT::emit_op_new_object):
2830         (JSC::JIT::emit_op_strcat):
2831         (JSC::JIT::emit_op_ensure_property_exists):
2832         (JSC::JIT::emit_op_resolve_skip):
2833         (JSC::JIT::emitSlow_op_resolve_global):
2834         (JSC::JIT::emit_op_resolve_with_base):
2835         (JSC::JIT::emit_op_resolve_with_this):
2836         (JSC::JIT::emit_op_jmp_scopes):
2837         (JSC::JIT::emit_op_switch_imm):
2838         (JSC::JIT::emit_op_switch_char):
2839         (JSC::JIT::emit_op_switch_string):
2840         (JSC::JIT::emit_op_throw_reference_error):
2841         (JSC::JIT::emit_op_debug):
2842         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
2843         (JSC::JIT::emit_op_new_array):
2844         (JSC::JIT::emitSlow_op_new_array):
2845         (JSC::JIT::emit_op_new_array_buffer):
2846         * jit/JITOpcodes32_64.cpp:
2847         (JSC::JIT::emit_op_new_object):
2848         (JSC::JIT::emit_op_strcat):
2849         (JSC::JIT::emit_op_ensure_property_exists):
2850         (JSC::JIT::emit_op_resolve_skip):
2851         (JSC::JIT::emitSlow_op_resolve_global):
2852         (JSC::JIT::emit_op_resolve_with_base):
2853         (JSC::JIT::emit_op_resolve_with_this):
2854         (JSC::JIT::emit_op_jmp_scopes):
2855         (JSC::JIT::emit_op_switch_imm):
2856         (JSC::JIT::emit_op_switch_char):
2857         (JSC::JIT::emit_op_switch_string):
2858         * jit/JITPropertyAccess32_64.cpp:
2859         (JSC::JIT::emit_op_put_by_index):
2860         * jit/JITStubCall.h:
2861         (JITStubCall):
2862         (JSC::JITStubCall::addArgument):
2863
2864 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
2865
2866         ARM build fix.
2867
2868         Reviewed by Zoltan Herczeg.
2869
2870         Implement three-argument branch(Add,Sub)32.
2871
2872         * assembler/MacroAssemblerARM.h:
2873         (JSC::MacroAssemblerARM::add32):
2874         (MacroAssemblerARM):
2875         (JSC::MacroAssemblerARM::sub32):
2876         (JSC::MacroAssemblerARM::branchAdd32):
2877         (JSC::MacroAssemblerARM::branchSub32):
2878
2879 2012-03-07  Andy Wingo  <wingo@igalia.com>
2880
2881         Parser: Inline ScopeNodeData into ScopeNode
2882         https://bugs.webkit.org/show_bug.cgi?id=79776
2883
2884         Reviewed by Geoffrey Garen.
2885
2886         It used to be that some ScopeNode members were kept in a separate
2887         structure because sometimes they wouldn't be needed, and
2888         allocating a ParserArena was expensive.  This patch makes
2889         ParserArena lazily allocate its IdentifierArena, allowing the
2890         members to be included directly, which is simpler and easier to
2891         reason about.
2892
2893         * parser/ParserArena.cpp:
2894         (JSC::ParserArena::ParserArena):
2895         (JSC::ParserArena::reset):
2896         (JSC::ParserArena::isEmpty):
2897         * parser/ParserArena.h:
2898         (JSC::ParserArena::identifierArena): Lazily allocate the
2899         IdentifierArena.
2900
2901         * parser/Nodes.cpp:
2902         (JSC::ScopeNode::ScopeNode):
2903         (JSC::ScopeNode::singleStatement):
2904         (JSC::ProgramNode::create):
2905         (JSC::EvalNode::create):
2906         (JSC::FunctionBodyNode::create):
2907         * parser/Nodes.h:
2908         (JSC::ScopeNode::destroyData):
2909         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2910         (JSC::ScopeNode::needsActivation):
2911         (JSC::ScopeNode::hasCapturedVariables):
2912         (JSC::ScopeNode::capturedVariableCount):
2913         (JSC::ScopeNode::captures):
2914         (JSC::ScopeNode::varStack):
2915         (JSC::ScopeNode::functionStack):
2916         (JSC::ScopeNode::neededConstants):
2917         (ScopeNode):
2918         * bytecompiler/NodesCodegen.cpp:
2919         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
2920         into ScopeNode.  Adapt accessors.
2921
2922 2012-03-06  Eric Seidel  <eric@webkit.org>
2923
2924         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
2925         https://bugs.webkit.org/show_bug.cgi?id=80363
2926
2927         Reviewed by Mark Rowe.
2928
2929         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
2930         its headers have appeared as part of the "private" headers exported by
2931         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
2932         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
2933         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
2934
2935         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
2936         own directory and project.  As part of such, the WTF headers will no longer be part of
2937         the JavaScriptCore private interfaces.
2938         In preparation for that, this change makes both the Mac and Win builds export
2939         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
2940         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
2941
2942         There are 5 parts to this change.
2943         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
2944             (and header directories) into the appropriate places in the build directory.
2945         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
2946             (WebCore, WebKit, etc. had already been taught to look in previous patches).
2947         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
2948             using fully qualified paths.
2949         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
2950         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
2951
2952         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
2953         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
2954         headers, those will have to be updated to use <wtf/Foo.h> after this change.
2955         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
2956         are ready for (and interested in) this change happening.
2957
2958         * API/tests/JSNode.c:
2959         * API/tests/JSNodeList.c:
2960         * Configurations/Base.xcconfig:
2961         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2962         * JavaScriptCore.xcodeproj/project.pbxproj:
2963         * assembler/MacroAssemblerCodeRef.h:
2964         * bytecompiler/BytecodeGenerator.h:
2965         * dfg/DFGOperations.cpp:
2966         * heap/GCAssertions.h:
2967         * heap/HandleHeap.h:
2968         * heap/HandleStack.h:
2969         * heap/MarkedSpace.h:
2970         * heap/PassWeak.h:
2971         * heap/Strong.h:
2972         * heap/Weak.h:
2973         * jit/HostCallReturnValue.cpp:
2974         * jit/JIT.cpp:
2975         * jit/JITStubs.cpp:
2976         * jit/ThunkGenerators.cpp:
2977         * parser/Lexer.cpp:
2978         * runtime/Completion.cpp:
2979         * runtime/Executable.cpp:
2980         * runtime/Identifier.h:
2981         * runtime/InitializeThreading.cpp:
2982         * runtime/JSDateMath.cpp:
2983         * runtime/JSGlobalObjectFunctions.cpp:
2984         * runtime/JSStringBuilder.h:
2985         * runtime/JSVariableObject.h:
2986         * runtime/NumberPrototype.cpp:
2987         * runtime/WriteBarrier.h:
2988         * tools/CodeProfile.cpp:
2989         * tools/TieredMMapArray.h:
2990         * wtf/AVLTree.h:
2991         * wtf/Alignment.h:
2992         * wtf/AlwaysInline.h:
2993         * wtf/ArrayBufferView.h:
2994         * wtf/Assertions.h:
2995         * wtf/Atomics.h:
2996         * wtf/Bitmap.h:
2997         * wtf/BoundsCheckedPointer.h:
2998         * wtf/CheckedArithmetic.h:
2999         * wtf/Deque.h:
3000         * wtf/ExportMacros.h:
3001         * wtf/FastAllocBase.h:
3002         * wtf/FastMalloc.h:
3003         * wtf/Float32Array.h:
3004         * wtf/Float64Array.h:
3005         * wtf/Functional.h:
3006         * wtf/HashCountedSet.h:
3007         * wtf/HashFunctions.h:
3008         * wtf/HashMap.h:
3009         * wtf/HashSet.h:
3010         * wtf/HashTable.h:
3011         * wtf/HashTraits.h:
3012         * wtf/Int16Array.h:
3013         * wtf/Int32Array.h:
3014         * wtf/Int8Array.h:
3015         * wtf/IntegralTypedArrayBase.h:
3016         * wtf/ListHashSet.h:
3017         * wtf/MainThread.h:
3018         * wtf/MetaAllocator.h:
3019         * wtf/Noncopyable.h:
3020         * wtf/OwnArrayPtr.h:
3021         * wtf/OwnPtr.h:
3022         * wtf/PackedIntVector.h:
3023         * wtf/ParallelJobs.h:
3024         * wtf/PassOwnArrayPtr.h:
3025         * wtf/PassOwnPtr.h:
3026         * wtf/PassRefPtr.h:
3027         * wtf/PassTraits.h:
3028         * wtf/Platform.h:
3029         * wtf/PossiblyNull.h:
3030         * wtf/RefCounted.h:
3031         * wtf/RefCountedLeakCounter.h:
3032         * wtf/RefPtr.h:
3033         * wtf/RetainPtr.h:
3034         * wtf/SimpleStats.h:
3035         * wtf/Spectrum.h:
3036         * wtf/StdLibExtras.h:
3037         * wtf/TCPageMap.h:
3038         * wtf/TemporaryChange.h:
3039         * wtf/ThreadSafeRefCounted.h:
3040         * wtf/Threading.h:
3041         * wtf/ThreadingPrimitives.h:
3042         * wtf/TypeTraits.h:
3043         * wtf/TypedArrayBase.h:
3044         * wtf/Uint16Array.h:
3045         * wtf/Uint32Array.h:
3046         * wtf/Uint8Array.h:
3047         * wtf/Uint8ClampedArray.h:
3048         * wtf/UnusedParam.h:
3049         * wtf/Vector.h:
3050         * wtf/VectorTraits.h:
3051         * wtf/dtoa/double-conversion.h:
3052         * wtf/dtoa/utils.h:
3053         * wtf/gobject/GRefPtr.h:
3054         * wtf/gobject/GlibUtilities.h:
3055         * wtf/text/AtomicString.h:
3056         * wtf/text/AtomicStringImpl.h:
3057         * wtf/text/CString.h:
3058         * wtf/text/StringConcatenate.h:
3059         * wtf/text/StringHash.h:
3060         * wtf/text/WTFString.h:
3061         * wtf/unicode/CharacterNames.h:
3062         * wtf/unicode/UTF8.h:
3063         * wtf/unicode/glib/UnicodeGLib.h:
3064         * wtf/unicode/qt4/UnicodeQt4.h:
3065         * wtf/unicode/wince/UnicodeWinCE.h:
3066         * wtf/url/api/ParsedURL.h:
3067         * wtf/url/api/URLString.h:
3068         * wtf/wince/FastMallocWinCE.h:
3069         * yarr/YarrJIT.cpp:
3070
3071 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3072
3073         Array.prototype functions should throw if delete fails
3074         https://bugs.webkit.org/show_bug.cgi?id=80467
3075
3076         Reviewed by Oliver Hunt.
3077
3078         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
3079         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
3080         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
3081         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
3082         routines, for handling arrays with holes. These three copies should be unified.
3083
3084         * runtime/ArrayPrototype.cpp:
3085         (JSC::shift):
3086         (JSC::unshift):
3087             - Added - shared copies of the shift/unshift functionality.
3088         (JSC::arrayProtoFuncPop):
3089             - should throw if the delete fails.
3090         (JSC::arrayProtoFuncReverse):
3091             - should throw if the delete fails.
3092         (JSC::arrayProtoFuncShift):
3093         (JSC::arrayProtoFuncSplice):
3094         (JSC::arrayProtoFuncUnShift):
3095             - use shift/unshift.
3096         * runtime/JSArray.cpp:
3097         (JSC::JSArray::shiftCount):
3098         (JSC::JSArray::unshiftCount):
3099             - Don't try to handle arrays with holes; return a value indicating
3100               the generic routine should be used instead.
3101         * runtime/JSArray.h:
3102             - declaration for shiftCount/unshiftCount changed.
3103         * tests/mozilla/js1_6/Array/regress-304828.js:
3104             - this was asserting incorrect behaviour.
3105
3106 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
3107
3108         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
3109         https://bugs.webkit.org/show_bug.cgi?id=80469
3110
3111         Reviewed by Antonio Gomes.
3112
3113         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
3114         property on the library being created.
3115
3116 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
3117
3118         DFG BasicBlock should group the Phi nodes together and separate them
3119         from the other nodes
3120         https://bugs.webkit.org/show_bug.cgi?id=80361
3121
3122         Reviewed by Filip Pizlo.
3123
3124         This would make it more efficient to remove the redundant Phi nodes or
3125         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
3126         This is performance neutral on SunSpider, V8 and Kraken.
3127
3128         * dfg/DFGAbstractState.cpp:
3129         (JSC::DFG::AbstractState::clobberStructures):
3130         (JSC::DFG::AbstractState::dump):
3131         * dfg/DFGBasicBlock.h:
3132         (JSC::DFG::BasicBlock::BasicBlock):
3133         (BasicBlock):
3134         * dfg/DFGByteCodeParser.cpp:
3135         (JSC::DFG::ByteCodeParser::addToGraph):
3136         (JSC::DFG::ByteCodeParser::insertPhiNode):
3137         * dfg/DFGCFAPhase.cpp:
3138         (JSC::DFG::CFAPhase::performBlockCFA):
3139         * dfg/DFGCSEPhase.cpp:
3140         (JSC::DFG::CSEPhase::pureCSE):
3141         (JSC::DFG::CSEPhase::impureCSE):
3142         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3143         (JSC::DFG::CSEPhase::getByValLoadElimination):
3144         (JSC::DFG::CSEPhase::checkFunctionElimination):
3145         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3146         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3147         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3148         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3149         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3150         (JSC::DFG::CSEPhase::performBlockCSE):
3151         * dfg/DFGGraph.cpp:
3152         (JSC::DFG::Graph::dump):
3153         * dfg/DFGSpeculativeJIT.cpp:
3154         (JSC::DFG::SpeculativeJIT::compile):
3155
3156 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3157
3158         GCActivityCallback timer should vary with the length of the previous GC
3159         https://bugs.webkit.org/show_bug.cgi?id=80344
3160
3161         Reviewed by Geoffrey Garen.
3162
3163         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3164         GC length so that the GC Activity Callback can use it.
3165         (JSC::Heap::Heap):
3166         (JSC::Heap::collect):
3167         * heap/Heap.h:
3168         (JSC::Heap::lastGCLength):
3169         (Heap):
3170         * runtime/GCActivityCallbackCF.cpp:
3171         (JSC):
3172         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
3173         GC to determine the length of our timer trigger (currently set at 100x the duration 
3174         of the last GC).
3175
3176 2012-03-06  Rob Buis  <rbuis@rim.com>
3177
3178         BlackBerry] Fix cast-align gcc warnings when compiling JSC
3179         https://bugs.webkit.org/show_bug.cgi?id=80420
3180
3181         Reviewed by Gavin Barraclough.
3182
3183         Fix warnings given in Blackberry build.
3184
3185         * heap/CopiedBlock.h:
3186         (JSC::CopiedBlock::CopiedBlock):
3187         * wtf/RefCountedArray.h:
3188         (WTF::RefCountedArray::Header::fromPayload):
3189
3190 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3191
3192         writable/configurable not respected for some properties of Function/String/Arguments
3193         https://bugs.webkit.org/show_bug.cgi?id=80436
3194
3195         Reviewed by Oliver Hunt.
3196
3197         Special properties should behave like regular properties.
3198
3199         * runtime/Arguments.cpp:
3200         (JSC::Arguments::defineOwnProperty):
3201             - Mis-nested logic for making read-only properties non-live.
3202         * runtime/JSFunction.cpp:
3203         (JSC::JSFunction::put):
3204             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3205         (JSC::JSFunction::deleteProperty):
3206             - Attempting to delete prototype/caller should fail.
3207         (JSC::JSFunction::defineOwnProperty):
3208             - Ensure prototype is reified on attempt to reify it.
3209             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3210         * runtime/JSFunction.h:
3211             - added declaration for defineOwnProperty.
3212         (JSFunction):
3213         * runtime/StringObject.cpp:
3214         (JSC::StringObject::put):
3215             - length is non-writable, non-configurable - reject appropriately.
3216
3217 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
3218
3219         TypedArray subarray call for subarray does not clamp the end index parameter properly
3220         https://bugs.webkit.org/show_bug.cgi?id=80285
3221
3222         Reviewed by Kenneth Russell.
3223
3224         * wtf/ArrayBufferView.h:
3225         (WTF::ArrayBufferView::calculateOffsetAndLength):
3226
3227 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3228
3229         Unreviewed, rolling out r109837.
3230         http://trac.webkit.org/changeset/109837
3231         https://bugs.webkit.org/show_bug.cgi?id=80399
3232
3233         breaks Mac Productions builds, too late to try and fix it
3234         tonight (Requested by eseidel on #webkit).
3235
3236         * API/tests/JSNode.c:
3237         * API/tests/JSNodeList.c:
3238         * Configurations/Base.xcconfig:
3239         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3240         * JavaScriptCore.xcodeproj/project.pbxproj:
3241         * assembler/MacroAssemblerCodeRef.h:
3242         * bytecompiler/BytecodeGenerator.h:
3243         * dfg/DFGOperations.cpp:
3244         * heap/GCAssertions.h:
3245         * heap/HandleHeap.h:
3246         * heap/HandleStack.h:
3247         * heap/MarkedSpace.h:
3248         * heap/PassWeak.h:
3249         * heap/Strong.h:
3250         * heap/Weak.h:
3251         * jit/HostCallReturnValue.cpp:
3252         * jit/JIT.cpp:
3253         * jit/JITStubs.cpp:
3254         * jit/ThunkGenerators.cpp:
3255         * parser/Lexer.cpp:
3256         * runtime/Completion.cpp:
3257         * runtime/Executable.cpp:
3258         * runtime/Identifier.h:
3259         * runtime/InitializeThreading.cpp:
3260         * runtime/JSDateMath.cpp:
3261         * runtime/JSGlobalObjectFunctions.cpp:
3262         * runtime/JSStringBuilder.h:
3263         * runtime/JSVariableObject.h:
3264         * runtime/NumberPrototype.cpp:
3265         * runtime/WriteBarrier.h:
3266         * tools/CodeProfile.cpp:
3267         * tools/TieredMMapArray.h:
3268         * yarr/YarrJIT.cpp:
3269
3270 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3271
3272         [Qt][ARM] Speculative buildfix after r109834.
3273
3274         Reviewed by Csaba Osztrogonác.
3275
3276         * assembler/MacroAssemblerARM.h:
3277         (JSC::MacroAssemblerARM::and32):
3278         (MacroAssemblerARM):
3279
3280 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3281
3282         Unreviewed windows build fix pt 2.
3283
3284         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3285
3286 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3287
3288         Unreviewed windows build fix pt 1.
3289
3290         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3291
3292 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3293
3294         putByIndex should throw in strict mode
3295         https://bugs.webkit.org/show_bug.cgi?id=80335
3296
3297         Reviewed by Filip Pizlo.
3298
3299         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3300
3301         This is a largely mechanical change, simply adding an extra parameter to a number
3302         of functions. Some call sites need perform additional exception checks, and
3303         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3304
3305         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3306         an existing bug), I'll follow up with a third patch to handle that.
3307
3308         * API/JSObjectRef.cpp:
3309         (JSObjectSetPropertyAtIndex):
3310         * JSCTypedArrayStubs.h:
3311         (JSC):
3312         * dfg/DFGOperations.cpp:
3313         (JSC::DFG::putByVal):
3314         * dfg/DFGOperations.h:
3315         * dfg/DFGSpeculativeJIT32_64.cpp:
3316         (JSC::DFG::SpeculativeJIT::compile):
3317         * dfg/DFGSpeculativeJIT64.cpp:
3318         (JSC::DFG::SpeculativeJIT::compile):
3319         * interpreter/Interpreter.cpp:
3320         (JSC::Interpreter::privateExecute):
3321         * jit/JITStubs.cpp:
3322         (JSC::DEFINE_STUB_FUNCTION):
3323         * jsc.cpp:
3324         (GlobalObject::finishCreation):
3325         * llint/LLIntSlowPaths.cpp:
3326         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3327         * runtime/Arguments.cpp:
3328         (JSC::Arguments::putByIndex):
3329         * runtime/Arguments.h:
3330         (Arguments):
3331         * runtime/ArrayPrototype.cpp:
3332         (JSC::arrayProtoFuncPush):
3333         (JSC::arrayProtoFuncReverse):
3334         (JSC::arrayProtoFuncShift):
3335         (JSC::arrayProtoFuncSort):
3336         (JSC::arrayProtoFuncSplice):
3337         (JSC::arrayProtoFuncUnShift):
3338         * runtime/ClassInfo.h:
3339         (MethodTable):
3340         * runtime/JSArray.cpp:
3341         (JSC::SparseArrayValueMap::put):
3342         (JSC::JSArray::put):
3343         (JSC::JSArray::putByIndex):
3344         (JSC::JSArray::putByIndexBeyondVectorLength):
3345         (JSC::JSArray::push):
3346         (JSC::JSArray::shiftCount):
3347         (JSC::JSArray::unshiftCount):
3348         * runtime/JSArray.h:
3349         (SparseArrayValueMap):
3350         (JSArray):
3351         * runtime/JSByteArray.cpp:
3352         (JSC::JSByteArray::putByIndex):
3353         * runtime/JSByteArray.h:
3354         (JSByteArray):
3355         * runtime/JSCell.cpp:
3356         (JSC::JSCell::putByIndex):
3357         * runtime/JSCell.h:
3358         (JSCell):
3359         * runtime/JSNotAnObject.cpp:
3360         (JSC::JSNotAnObject::putByIndex):
3361         * runtime/JSNotAnObject.h:
3362         (JSNotAnObject):
3363         * runtime/JSONObject.cpp:
3364         (JSC::Walker::walk):
3365         * runtime/JSObject.cpp:
3366         (JSC::JSObject::putByIndex):
3367         * runtime/JSObject.h:
3368         (JSC::JSValue::putByIndex):
3369         * runtime/RegExpConstructor.cpp:
3370         (JSC::RegExpMatchesArray::fillArrayInstance):
3371         * runtime/RegExpMatchesArray.h:
3372         (JSC::RegExpMatchesArray::putByIndex):
3373         * runtime/StringPrototype.cpp:
3374         (JSC::stringProtoFuncSplit):
3375
3376 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3377
3378         PredictNone is incorrectly treated as isDoublePrediction
3379         https://bugs.webkit.org/show_bug.cgi?id=80365
3380
3381         Reviewed by Filip Pizlo.
3382
3383         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3384
3385         * bytecode/PredictedType.h:
3386         (JSC::isFixedIndexedStorageObjectPrediction):
3387         (JSC::isDoublePrediction):
3388
3389 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3390
3391         The LLInt should work even when the JIT is disabled
3392         https://bugs.webkit.org/show_bug.cgi?id=80340
3393         <rdar://problem/10922235>
3394
3395         Reviewed by Gavin Barraclough.
3396
3397         * assembler/MacroAssemblerCodeRef.h:
3398         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3399         (MacroAssemblerCodeRef):
3400         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3401         * interpreter/Interpreter.cpp:
3402         (JSC::Interpreter::initialize):
3403         (JSC::Interpreter::execute):
3404         (JSC::Interpreter::executeCall):
3405         (JSC::Interpreter::executeConstruct):
3406         * jit/JIT.h:
3407         (JSC::JIT::compileCTINativeCall):
3408         * jit/JITStubs.h:
3409         (JSC::JITThunks::ctiNativeCall):
3410         (JSC::JITThunks::ctiNativeConstruct):
3411         * llint/LLIntEntrypoints.cpp:
3412         (JSC::LLInt::getFunctionEntrypoint):
3413         (JSC::LLInt::getEvalEntrypoint):
3414         (JSC::LLInt::getProgramEntrypoint):
3415         * llint/LLIntSlowPaths.cpp:
3416         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3417         (LLInt):
3418         * llint/LLIntSlowPaths.h:
3419         (LLInt):
3420         * llint/LowLevelInterpreter.h:
3421         * llint/LowLevelInterpreter32_64.asm:
3422         * runtime/Executable.h:
3423         (NativeExecutable):
3424         (JSC::NativeExecutable::create):
3425         (JSC::NativeExecutable::finishCreation):
3426         * runtime/JSGlobalData.cpp:
3427         (JSC::JSGlobalData::JSGlobalData):
3428         * runtime/JSGlobalData.h:
3429         (JSGlobalData):
3430         * runtime/Options.cpp:
3431         (Options):
3432         (JSC::Options::parse):