[CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
2
3         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
4         https://bugs.webkit.org/show_bug.cgi?id=80469
5
6         Reviewed by Antonio Gomes.
7
8         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
9         property on the library being created.
10
11 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
12
13         DFG BasicBlock should group the Phi nodes together and separate them
14         from the other nodes
15         https://bugs.webkit.org/show_bug.cgi?id=80361
16
17         Reviewed by Filip Pizlo.
18
19         This would make it more efficient to remove the redundant Phi nodes or
20         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
21         This is performance neutral on SunSpider, V8 and Kraken.
22
23         * dfg/DFGAbstractState.cpp:
24         (JSC::DFG::AbstractState::clobberStructures):
25         (JSC::DFG::AbstractState::dump):
26         * dfg/DFGBasicBlock.h:
27         (JSC::DFG::BasicBlock::BasicBlock):
28         (BasicBlock):
29         * dfg/DFGByteCodeParser.cpp:
30         (JSC::DFG::ByteCodeParser::addToGraph):
31         (JSC::DFG::ByteCodeParser::insertPhiNode):
32         * dfg/DFGCFAPhase.cpp:
33         (JSC::DFG::CFAPhase::performBlockCFA):
34         * dfg/DFGCSEPhase.cpp:
35         (JSC::DFG::CSEPhase::pureCSE):
36         (JSC::DFG::CSEPhase::impureCSE):
37         (JSC::DFG::CSEPhase::globalVarLoadElimination):
38         (JSC::DFG::CSEPhase::getByValLoadElimination):
39         (JSC::DFG::CSEPhase::checkFunctionElimination):
40         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
41         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
42         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
43         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
44         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
45         (JSC::DFG::CSEPhase::performBlockCSE):
46         * dfg/DFGGraph.cpp:
47         (JSC::DFG::Graph::dump):
48         * dfg/DFGSpeculativeJIT.cpp:
49         (JSC::DFG::SpeculativeJIT::compile):
50
51 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
52
53         GCActivityCallback timer should vary with the length of the previous GC
54         https://bugs.webkit.org/show_bug.cgi?id=80344
55
56         Reviewed by Geoffrey Garen.
57
58         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
59         GC length so that the GC Activity Callback can use it.
60         (JSC::Heap::Heap):
61         (JSC::Heap::collect):
62         * heap/Heap.h:
63         (JSC::Heap::lastGCLength):
64         (Heap):
65         * runtime/GCActivityCallbackCF.cpp:
66         (JSC):
67         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
68         GC to determine the length of our timer trigger (currently set at 100x the duration 
69         of the last GC).
70
71 2012-03-06  Rob Buis  <rbuis@rim.com>
72
73         BlackBerry] Fix cast-align gcc warnings when compiling JSC
74         https://bugs.webkit.org/show_bug.cgi?id=80420
75
76         Reviewed by Gavin Barraclough.
77
78         Fix warnings given in Blackberry build.
79
80         * heap/CopiedBlock.h:
81         (JSC::CopiedBlock::CopiedBlock):
82         * wtf/RefCountedArray.h:
83         (WTF::RefCountedArray::Header::fromPayload):
84
85 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
86
87         writable/configurable not respected for some properties of Function/String/Arguments
88         https://bugs.webkit.org/show_bug.cgi?id=80436
89
90         Reviewed by Oliver Hunt.
91
92         Special properties should behave like regular properties.
93
94         * runtime/Arguments.cpp:
95         (JSC::Arguments::defineOwnProperty):
96             - Mis-nested logic for making read-only properties non-live.
97         * runtime/JSFunction.cpp:
98         (JSC::JSFunction::put):
99             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
100         (JSC::JSFunction::deleteProperty):
101             - Attempting to delete prototype/caller should fail.
102         (JSC::JSFunction::defineOwnProperty):
103             - Ensure prototype is reified on attempt to reify it.
104             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
105         * runtime/JSFunction.h:
106             - added declaration for defineOwnProperty.
107         (JSFunction):
108         * runtime/StringObject.cpp:
109         (JSC::StringObject::put):
110             - length is non-writable, non-configurable - reject appropriately.
111
112 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
113
114         TypedArray subarray call for subarray does not clamp the end index parameter properly
115         https://bugs.webkit.org/show_bug.cgi?id=80285
116
117         Reviewed by Kenneth Russell.
118
119         * wtf/ArrayBufferView.h:
120         (WTF::ArrayBufferView::calculateOffsetAndLength):
121
122 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
123
124         Unreviewed, rolling out r109837.
125         http://trac.webkit.org/changeset/109837
126         https://bugs.webkit.org/show_bug.cgi?id=80399
127
128         breaks Mac Productions builds, too late to try and fix it
129         tonight (Requested by eseidel on #webkit).
130
131         * API/tests/JSNode.c:
132         * API/tests/JSNodeList.c:
133         * Configurations/Base.xcconfig:
134         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
135         * JavaScriptCore.xcodeproj/project.pbxproj:
136         * assembler/MacroAssemblerCodeRef.h:
137         * bytecompiler/BytecodeGenerator.h:
138         * dfg/DFGOperations.cpp:
139         * heap/GCAssertions.h:
140         * heap/HandleHeap.h:
141         * heap/HandleStack.h:
142         * heap/MarkedSpace.h:
143         * heap/PassWeak.h:
144         * heap/Strong.h:
145         * heap/Weak.h:
146         * jit/HostCallReturnValue.cpp:
147         * jit/JIT.cpp:
148         * jit/JITStubs.cpp:
149         * jit/ThunkGenerators.cpp:
150         * parser/Lexer.cpp:
151         * runtime/Completion.cpp:
152         * runtime/Executable.cpp:
153         * runtime/Identifier.h:
154         * runtime/InitializeThreading.cpp:
155         * runtime/JSDateMath.cpp:
156         * runtime/JSGlobalObjectFunctions.cpp:
157         * runtime/JSStringBuilder.h:
158         * runtime/JSVariableObject.h:
159         * runtime/NumberPrototype.cpp:
160         * runtime/WriteBarrier.h:
161         * tools/CodeProfile.cpp:
162         * tools/TieredMMapArray.h:
163         * yarr/YarrJIT.cpp:
164
165 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
166
167         [Qt][ARM] Speculative buildfix after r109834.
168
169         Reviewed by Csaba Osztrogonác.
170
171         * assembler/MacroAssemblerARM.h:
172         (JSC::MacroAssemblerARM::and32):
173         (MacroAssemblerARM):
174
175 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
176
177         Unreviewed windows build fix pt 2.
178
179         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
180
181 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
182
183         Unreviewed windows build fix pt 1.
184
185         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
186
187 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
188
189         putByIndex should throw in strict mode
190         https://bugs.webkit.org/show_bug.cgi?id=80335
191
192         Reviewed by Filip Pizlo.
193
194         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
195
196         This is a largely mechanical change, simply adding an extra parameter to a number
197         of functions. Some call sites need perform additional exception checks, and
198         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
199
200         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
201         an existing bug), I'll follow up with a third patch to handle that.
202
203         * API/JSObjectRef.cpp:
204         (JSObjectSetPropertyAtIndex):
205         * JSCTypedArrayStubs.h:
206         (JSC):
207         * dfg/DFGOperations.cpp:
208         (JSC::DFG::putByVal):
209         * dfg/DFGOperations.h:
210         * dfg/DFGSpeculativeJIT32_64.cpp:
211         (JSC::DFG::SpeculativeJIT::compile):
212         * dfg/DFGSpeculativeJIT64.cpp:
213         (JSC::DFG::SpeculativeJIT::compile):
214         * interpreter/Interpreter.cpp:
215         (JSC::Interpreter::privateExecute):
216         * jit/JITStubs.cpp:
217         (JSC::DEFINE_STUB_FUNCTION):
218         * jsc.cpp:
219         (GlobalObject::finishCreation):
220         * llint/LLIntSlowPaths.cpp:
221         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
222         * runtime/Arguments.cpp:
223         (JSC::Arguments::putByIndex):
224         * runtime/Arguments.h:
225         (Arguments):
226         * runtime/ArrayPrototype.cpp:
227         (JSC::arrayProtoFuncPush):
228         (JSC::arrayProtoFuncReverse):
229         (JSC::arrayProtoFuncShift):
230         (JSC::arrayProtoFuncSort):
231         (JSC::arrayProtoFuncSplice):
232         (JSC::arrayProtoFuncUnShift):
233         * runtime/ClassInfo.h:
234         (MethodTable):
235         * runtime/JSArray.cpp:
236         (JSC::SparseArrayValueMap::put):
237         (JSC::JSArray::put):
238         (JSC::JSArray::putByIndex):
239         (JSC::JSArray::putByIndexBeyondVectorLength):
240         (JSC::JSArray::push):
241         (JSC::JSArray::shiftCount):
242         (JSC::JSArray::unshiftCount):
243         * runtime/JSArray.h:
244         (SparseArrayValueMap):
245         (JSArray):
246         * runtime/JSByteArray.cpp:
247         (JSC::JSByteArray::putByIndex):
248         * runtime/JSByteArray.h:
249         (JSByteArray):
250         * runtime/JSCell.cpp:
251         (JSC::JSCell::putByIndex):
252         * runtime/JSCell.h:
253         (JSCell):
254         * runtime/JSNotAnObject.cpp:
255         (JSC::JSNotAnObject::putByIndex):
256         * runtime/JSNotAnObject.h:
257         (JSNotAnObject):
258         * runtime/JSONObject.cpp:
259         (JSC::Walker::walk):
260         * runtime/JSObject.cpp:
261         (JSC::JSObject::putByIndex):
262         * runtime/JSObject.h:
263         (JSC::JSValue::putByIndex):
264         * runtime/RegExpConstructor.cpp:
265         (JSC::RegExpMatchesArray::fillArrayInstance):
266         * runtime/RegExpMatchesArray.h:
267         (JSC::RegExpMatchesArray::putByIndex):
268         * runtime/StringPrototype.cpp:
269         (JSC::stringProtoFuncSplit):
270
271 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
272
273         PredictNone is incorrectly treated as isDoublePrediction
274         https://bugs.webkit.org/show_bug.cgi?id=80365
275
276         Reviewed by Filip Pizlo.
277
278         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
279
280         * bytecode/PredictedType.h:
281         (JSC::isFixedIndexedStorageObjectPrediction):
282         (JSC::isDoublePrediction):
283
284 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
285
286         The LLInt should work even when the JIT is disabled
287         https://bugs.webkit.org/show_bug.cgi?id=80340
288         <rdar://problem/10922235>
289
290         Reviewed by Gavin Barraclough.
291
292         * assembler/MacroAssemblerCodeRef.h:
293         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
294         (MacroAssemblerCodeRef):
295         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
296         * interpreter/Interpreter.cpp:
297         (JSC::Interpreter::initialize):
298         (JSC::Interpreter::execute):
299         (JSC::Interpreter::executeCall):
300         (JSC::Interpreter::executeConstruct):
301         * jit/JIT.h:
302         (JSC::JIT::compileCTINativeCall):
303         * jit/JITStubs.h:
304         (JSC::JITThunks::ctiNativeCall):
305         (JSC::JITThunks::ctiNativeConstruct):
306         * llint/LLIntEntrypoints.cpp:
307         (JSC::LLInt::getFunctionEntrypoint):
308         (JSC::LLInt::getEvalEntrypoint):
309         (JSC::LLInt::getProgramEntrypoint):
310         * llint/LLIntSlowPaths.cpp:
311         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
312         (LLInt):
313         * llint/LLIntSlowPaths.h:
314         (LLInt):
315         * llint/LowLevelInterpreter.h:
316         * llint/LowLevelInterpreter32_64.asm:
317         * runtime/Executable.h:
318         (NativeExecutable):
319         (JSC::NativeExecutable::create):
320         (JSC::NativeExecutable::finishCreation):
321         * runtime/JSGlobalData.cpp:
322         (JSC::JSGlobalData::JSGlobalData):
323         * runtime/JSGlobalData.h:
324         (JSGlobalData):
325         * runtime/Options.cpp:
326         (Options):
327         (JSC::Options::parse):
328         (JSC::Options::initializeOptions):
329         * runtime/Options.h:
330         (Options):
331         * wtf/Platform.h:
332
333 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
334
335         Checks for dead variables are not sufficient when fixing the expected
336         values in DFG OSR entry
337         https://bugs.webkit.org/show_bug.cgi?id=80371
338
339         Reviewed by Filip Pizlo.
340
341         A dead variable should be identified when there's no node referencing it.
342         But we currently failed to catch the case where there are some nodes
343         referencing a variable but those nodes are actually not referenced by
344         others so will be ignored in code generation. In such case we should
345         also consider that variable to be a dead variable in the block and fix
346         the expected values.
347         This is performance neutral on SunSpider, V8 and Kraken.
348
349         * dfg/DFGJITCompiler.h:
350         (JSC::DFG::JITCompiler::noticeOSREntry):
351
352 2012-03-05  Oliver Hunt  <oliver@apple.com>
353
354         Fix Qt build.
355
356         * assembler/AbstractMacroAssembler.h:
357         * assembler/MacroAssembler.h:
358         (MacroAssembler):
359         * dfg/DFGSpeculativeJIT.cpp:
360         (JSC::DFG::SpeculativeJIT::compileArithSub):
361         * jit/JITArithmetic32_64.cpp:
362         (JSC::JIT::emitSub32Constant):
363
364 2012-03-05  Eric Seidel  <eric@webkit.org>
365
366         Update JavaScriptCore files to use fully-qualified WTF include paths
367         https://bugs.webkit.org/show_bug.cgi?id=79960
368
369         Reviewed by Adam Barth.
370
371         This change does 5 small/related things:
372          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
373             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
374             was not installing headers there.)
375          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
376             header search path, as that's where the WTF headers will be installed.
377          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
378             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
379          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
380             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
381          5. Makes build-webkit build the WTF XCode project by default.
382
383         * API/tests/JSNode.c:
384         * API/tests/JSNodeList.c:
385         * Configurations/Base.xcconfig:
386         * assembler/MacroAssemblerCodeRef.h:
387         * bytecompiler/BytecodeGenerator.h:
388         * dfg/DFGOperations.cpp:
389         * heap/GCAssertions.h:
390         * heap/HandleHeap.h:
391         * heap/HandleStack.h:
392         * heap/MarkedSpace.h:
393         * heap/PassWeak.h:
394         * heap/Strong.h:
395         * heap/Weak.h:
396         * jit/HostCallReturnValue.cpp:
397         * jit/JIT.cpp:
398         * jit/JITStubs.cpp:
399         * jit/ThunkGenerators.cpp:
400         * parser/Lexer.cpp:
401         * runtime/Completion.cpp:
402         * runtime/Executable.cpp:
403         * runtime/Identifier.h:
404         * runtime/InitializeThreading.cpp:
405         * runtime/JSDateMath.cpp:
406         * runtime/JSGlobalObjectFunctions.cpp:
407         * runtime/JSStringBuilder.h:
408         * runtime/JSVariableObject.h:
409         * runtime/NumberPrototype.cpp:
410         * runtime/WriteBarrier.h:
411         * tools/CodeProfile.cpp:
412         * tools/TieredMMapArray.h:
413         * yarr/YarrJIT.cpp:
414
415 2012-03-05  Oliver Hunt  <oliver@apple.com>
416
417         Add basic support for constant blinding to the JIT
418         https://bugs.webkit.org/show_bug.cgi?id=80354
419
420         Reviewed by Filip Pizlo.
421
422         This patch adds basic constant blinding support to the JIT, at the
423         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
424         get constant blinding.  Woo!
425
426         This patch only introduces blinding for Imm32, a later patch will do similar
427         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
428         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
429         accessor that's needed to access the actual value.  This also means you cannot
430         accidentally pass an untrusted value to a function that does not perform
431         blinding.
432
433         To make everything work sensibly, this patch also corrects some code that was using
434         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
435         untrusted immediates, so that they call slightly different varaints of the functions
436         that they used previously.  This is largely necessary to deal with x86-32 not having
437         sufficient registers to handle the additional work required when we choose to blind
438         a constant.
439
440         * assembler/AbstractMacroAssembler.h:
441         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
442         (Imm32):
443         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
444         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
445         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
446         (AbstractMacroAssembler):
447         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
448         (JSC::AbstractMacroAssembler::random):
449         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
450         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
451         * assembler/MacroAssembler.h:
452         (JSC::MacroAssembler::addressForPoke):
453         (MacroAssembler):
454         (JSC::MacroAssembler::poke):
455         (JSC::MacroAssembler::branchPtr):
456         (JSC::MacroAssembler::branch32):
457         (JSC::MacroAssembler::convertInt32ToDouble):
458         (JSC::MacroAssembler::shouldBlind):
459         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
460         (BlindedImm32):
461         (JSC::MacroAssembler::keyForConstant):
462         (JSC::MacroAssembler::xorBlindConstant):
463         (JSC::MacroAssembler::additionBlindedConstant):
464         (JSC::MacroAssembler::andBlindedConstant):
465         (JSC::MacroAssembler::orBlindedConstant):
466         (JSC::MacroAssembler::loadXorBlindedConstant):
467         (JSC::MacroAssembler::add32):
468         (JSC::MacroAssembler::addPtr):
469         (JSC::MacroAssembler::and32):
470         (JSC::MacroAssembler::andPtr):
471         (JSC::MacroAssembler::move):
472         (JSC::MacroAssembler::or32):
473         (JSC::MacroAssembler::store32):
474         (JSC::MacroAssembler::sub32):
475         (JSC::MacroAssembler::subPtr):
476         (JSC::MacroAssembler::xor32):
477         (JSC::MacroAssembler::branchAdd32):
478         (JSC::MacroAssembler::branchMul32):
479         (JSC::MacroAssembler::branchSub32):
480         (JSC::MacroAssembler::trustedImm32ForShift):
481         (JSC::MacroAssembler::lshift32):
482         (JSC::MacroAssembler::rshift32):
483         (JSC::MacroAssembler::urshift32):
484         * assembler/MacroAssemblerARMv7.h:
485         (MacroAssemblerARMv7):
486         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
487         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
488         * assembler/MacroAssemblerX86_64.h:
489         (JSC::MacroAssemblerX86_64::branchSubPtr):
490         (MacroAssemblerX86_64):
491         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
492         * dfg/DFGJITCompiler.cpp:
493         (JSC::DFG::JITCompiler::linkOSRExits):
494         (JSC::DFG::JITCompiler::compileBody):
495         (JSC::DFG::JITCompiler::compileFunction):
496         * dfg/DFGOSRExitCompiler32_64.cpp:
497         (JSC::DFG::OSRExitCompiler::compileExit):
498         * dfg/DFGOSRExitCompiler64.cpp:
499         (JSC::DFG::OSRExitCompiler::compileExit):
500         * dfg/DFGSpeculativeJIT.cpp:
501         (JSC::DFG::SpeculativeJIT::compile):
502         (JSC::DFG::SpeculativeJIT::compileArithSub):
503         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
504         * dfg/DFGSpeculativeJIT.h:
505         (JSC::DFG::SpeculativeJIT::callOperation):
506         * dfg/DFGSpeculativeJIT32_64.cpp:
507         (JSC::DFG::SpeculativeJIT::emitCall):
508         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
509         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
510         (JSC::DFG::SpeculativeJIT::compile):
511         * dfg/DFGSpeculativeJIT64.cpp:
512         (JSC::DFG::SpeculativeJIT::emitCall):
513         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
514         (JSC::DFG::SpeculativeJIT::compile):
515         * jit/JIT.cpp:
516         (JSC::JIT::privateCompileSlowCases):
517         (JSC::JIT::privateCompile):
518         * jit/JITArithmetic.cpp:
519         (JSC::JIT::compileBinaryArithOp):
520         (JSC::JIT::emit_op_add):
521         (JSC::JIT::emit_op_mul):
522         (JSC::JIT::emit_op_div):
523         * jit/JITArithmetic32_64.cpp:
524         (JSC::JIT::emitAdd32Constant):
525         (JSC::JIT::emitSub32Constant):
526         (JSC::JIT::emitBinaryDoubleOp):
527         (JSC::JIT::emitSlow_op_mul):
528         (JSC::JIT::emit_op_div):
529         * jit/JITCall.cpp:
530         (JSC::JIT::compileLoadVarargs):
531         * jit/JITCall32_64.cpp:
532         (JSC::JIT::compileLoadVarargs):
533         * jit/JITInlineMethods.h:
534         (JSC::JIT::updateTopCallFrame):
535         (JSC::JIT::emitValueProfilingSite):
536         * jit/JITOpcodes32_64.cpp:
537         (JSC::JIT::emitSlow_op_jfalse):
538         (JSC::JIT::emitSlow_op_jtrue):
539         * jit/JITStubCall.h:
540         (JITStubCall):
541         (JSC::JITStubCall::addArgument):
542         * yarr/YarrJIT.cpp:
543         (JSC::Yarr::YarrGenerator::backtrack):
544
545 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
546
547         putByIndex should throw in strict mode
548         https://bugs.webkit.org/show_bug.cgi?id=80335
549
550         Reviewed by Filip Pizlo.
551
552         We'll need to pass an additional parameter.
553
554         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
555         to match the method in the MethodTable, make this take a parameter indicating
556         whether the put should throw. This fixes the cases where the base of the put
557         is a primitive.
558
559         * dfg/DFGOperations.cpp:
560         (DFG):
561         (JSC::DFG::putByVal):
562         (JSC::DFG::operationPutByValInternal):
563         * interpreter/Interpreter.cpp:
564         (JSC::Interpreter::execute):
565         (JSC::Interpreter::privateExecute):
566         * jit/JITStubs.cpp:
567         (JSC::DEFINE_STUB_FUNCTION):
568         * llint/LLIntSlowPaths.cpp:
569         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
570         * runtime/JSObject.h:
571         (JSC::JSValue::putByIndex):
572         * runtime/JSValue.cpp:
573         (JSC):
574         * runtime/JSValue.h:
575         (JSValue):
576
577 2012-03-05  Sam Weinig  <sam@webkit.org>
578
579         Add support for hosting layers in the window server in WebKit2
580         <rdar://problem/10400246>
581         https://bugs.webkit.org/show_bug.cgi?id=80310
582
583         Reviewed by Anders Carlsson.
584
585         * wtf/Platform.h:
586         Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
587
588 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
589
590         Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
591
592         * bytecode/ExecutionCounter.cpp:
593         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
594         * bytecode/ExecutionCounter.h:
595
596 2012-03-05  Patrick Gansterer  <paroga@webkit.org>
597
598         Unreviewed. Build fix for !ENABLE(JIT) after r109705.
599
600         * bytecode/ExecutionCounter.cpp:
601         * bytecode/ExecutionCounter.h:
602
603 2012-03-05  Andy Wingo  <wingo@igalia.com>
604
605         Lexer: Specialize character predicates for LChar, UChar
606         https://bugs.webkit.org/show_bug.cgi?id=79677
607
608         Reviewed by Oliver Hunt.
609
610         This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
611         and isLineTerminator to perform a more limited number of checks if
612         the lexer is being instantiated to work on LChar sequences.  This
613         is about a 1.5% win on the --parse-only suite, here.
614
615         * parser/Lexer.cpp:
616         (JSC::isLatin1): New static helper, specialized for LChar and
617         UChar.
618         (JSC::typesOfLatin1Characters): Rename from
619         typesOfASCIICharacters, and expand to the range of the LChar
620         type.  All uses of isASCII are changed to use isLatin1.  Generated
621         using libunistring.
622         (JSC::isNonLatin1IdentStart):
623         (JSC::isIdentStart):
624         (JSC::isNonLatin1IdentPart):
625         (JSC::isIdentPart):
626         (JSC::Lexer::shiftLineTerminator):
627         (JSC::Lexer::parseIdentifier):
628         (JSC::Lexer::parseIdentifierSlowCase):
629         (JSC::Lexer::parseStringSlowCase):
630         (JSC::Lexer::parseMultilineComment):
631         (JSC::Lexer::lex):
632         (JSC::Lexer::scanRegExp):
633         (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
634         * parser/Lexer.h:
635         (JSC::Lexer::isWhiteSpace):
636         (JSC::Lexer::isLineTerminator):
637         * KeywordLookupGenerator.py:
638         (Trie.printAsC): Declare specialized isIdentPart static functions.
639
640 2012-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
641
642         Unreviewed. Fix make distcheck.
643
644         * GNUmakefile.list.am: Add missing header file.
645
646 2012-03-05  Andy Wingo  <wingo@igalia.com>
647
648         WTF: Micro-optimize cleanup of empty vectors and hash tables
649         https://bugs.webkit.org/show_bug.cgi?id=79903
650
651         Reviewed by Michael Saboff and Geoffrey Garen.
652
653         This patch speeds up cleanup of vectors and hash tables whose
654         backing store was never allocated.  This is the case by default
655         for most vectors / hash tables that never had any entries added.
656
657         The result for me is that calling checkSyntax 1000 times on
658         concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
659         2.4% speedup.
660
661         * wtf/HashTable.h:
662         (WTF::HashTable::~HashTable):
663         (WTF::::clear): Don't deallocate the storage or frob member
664         variables if there is no backing storage.
665         * wtf/Vector.h:
666         (WTF::VectorBufferBase::deallocateBuffer): Likewise.
667
668 2012-03-04  Filip Pizlo  <fpizlo@apple.com>
669
670         JIT heuristics should be hyperbolic
671         https://bugs.webkit.org/show_bug.cgi?id=80055
672         <rdar://problem/10922260>
673
674         Reviewed by Oliver Hunt.
675         
676         Added tracking of the amount of executable memory typically used for a bytecode
677         instruction. Modified the execution counter scheme to use this, and the amount
678         of free memory, to determine how long to wait before invoking the JIT.
679         
680         The result is that even if we bomb the VM with more code than can fit in our
681         executable memory pool, we still keep running and almost never run out of
682         executable memory - which ensures that if we have to JIT something critical, then
683         we'll likely have enough memory to do so. This also does not regress performance
684         on the three main benchmarks.
685         
686         * CMakeLists.txt:
687         * GNUmakefile.list.am:
688         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
689         * JavaScriptCore.xcodeproj/project.pbxproj:
690         * Target.pri:
691         * bytecode/CodeBlock.cpp:
692         (JSC::CodeBlock::predictedMachineCodeSize):
693         (JSC):
694         (JSC::CodeBlock::usesOpcode):
695         * bytecode/CodeBlock.h:
696         (CodeBlock):
697         (JSC::CodeBlock::checkIfJITThresholdReached):
698         (JSC::CodeBlock::dontJITAnytimeSoon):
699         (JSC::CodeBlock::jitAfterWarmUp):
700         (JSC::CodeBlock::jitSoon):
701         (JSC::CodeBlock::llintExecuteCounter):
702         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
703         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
704         (JSC::CodeBlock::addressOfJITExecuteCounter):
705         (JSC::CodeBlock::offsetOfJITExecuteCounter):
706         (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
707         (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
708         (JSC::CodeBlock::jitExecuteCounter):
709         (JSC::CodeBlock::checkIfOptimizationThresholdReached):
710         (JSC::CodeBlock::optimizeNextInvocation):
711         (JSC::CodeBlock::dontOptimizeAnytimeSoon):
712         (JSC::CodeBlock::optimizeAfterWarmUp):
713         (JSC::CodeBlock::optimizeAfterLongWarmUp):
714         (JSC::CodeBlock::optimizeSoon):
715         * bytecode/ExecutionCounter.cpp: Added.
716         (JSC):
717         (JSC::ExecutionCounter::ExecutionCounter):
718         (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
719         (JSC::ExecutionCounter::setNewThreshold):
720         (JSC::ExecutionCounter::deferIndefinitely):
721         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
722         (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
723         (JSC::ExecutionCounter::hasCrossedThreshold):
724         (JSC::ExecutionCounter::setThreshold):
725         (JSC::ExecutionCounter::reset):
726         * bytecode/ExecutionCounter.h: Added.
727         (JSC):
728         (ExecutionCounter):
729         (JSC::ExecutionCounter::formattedTotalCount):
730         * dfg/DFGOSRExitCompiler32_64.cpp:
731         (JSC::DFG::OSRExitCompiler::compileExit):
732         * dfg/DFGOSRExitCompiler64.cpp:
733         (JSC::DFG::OSRExitCompiler::compileExit):
734         * jit/ExecutableAllocator.cpp:
735         (JSC::DemandExecutableAllocator::allocateNewSpace):
736         (JSC::ExecutableAllocator::underMemoryPressure):
737         (JSC):
738         (JSC::ExecutableAllocator::memoryPressureMultiplier):
739         * jit/ExecutableAllocator.h:
740         * jit/ExecutableAllocatorFixedVMPool.cpp:
741         (JSC::ExecutableAllocator::memoryPressureMultiplier):
742         (JSC):
743         * jit/JIT.cpp:
744         (JSC::JIT::privateCompile):
745         * jit/JITStubs.cpp:
746         (JSC::DEFINE_STUB_FUNCTION):
747         * llint/LLIntSlowPaths.cpp:
748         (JSC::LLInt::jitCompileAndSetHeuristics):
749         * llint/LowLevelInterpreter32_64.asm:
750         * runtime/JSGlobalData.h:
751         (JSGlobalData):
752         * runtime/Options.cpp:
753         (Options):
754         (JSC::Options::initializeOptions):
755         * runtime/Options.h:
756         (Options):
757         * wtf/SimpleStats.h: Added.
758         (WTF):
759         (SimpleStats):
760         (WTF::SimpleStats::SimpleStats):
761         (WTF::SimpleStats::add):
762         (WTF::SimpleStats::operator!):
763         (WTF::SimpleStats::count):
764         (WTF::SimpleStats::sum):
765         (WTF::SimpleStats::sumOfSquares):
766         (WTF::SimpleStats::mean):
767         (WTF::SimpleStats::variance):
768         (WTF::SimpleStats::standardDeviation):
769
770 2012-03-04  Raphael Kubo da Costa  <kubo@profusion.mobi>
771
772         [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
773         https://bugs.webkit.org/show_bug.cgi?id=71507
774
775         Reviewed by Antonio Gomes.
776
777         * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
778
779 2012-03-04  David Kilzer  <ddkilzer@apple.com>
780
781         Fix build when the classic interpreter is enabled
782
783         Reviewed by Gavin Barraclough.
784
785         Fixes the following build error when running the "Generate
786         Derived Sources" build phase script:
787
788             offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
789             ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
790                     from JavaScriptCore/offlineasm/asm.rb:131
791             Command /bin/sh failed with exit code 1
792
793         Gavin's fix in r109674 avoided the #error statement in
794         JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
795         caused the "Generate Derived Sources" build phase script to fail
796         when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
797         to detect when the classic interpreter is being built and simply
798         exit early from asm.rb in that case.
799
800         * llint/LLIntOffsetsExtractor.cpp:
801         (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
802         JIT is disabled.  Note that offsets.rb doesn't care about the
803         return value here, but instead it cares about finding the magic
804         values in the binary.  The magic values are no longer present
805         when the JIT is disabled.
806         * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
807         early with a status message.
808         * offlineasm/offsets.rb:
809         (MissingMagicValuesException): Add new exception class.
810         (offsetsAndConfigurationIndex): Throw
811         MissingMagicValuesException when no magic values are found.
812
813 2012-03-04  Jurij Smakov  <jurij@wooyd.org>
814
815         SPARC also needs aligned accesses.
816
817         Rubber-stamped by Gustavo Noronha Silva.
818
819         * wtf/Platform.h:
820
821 2012-03-04  Gavin Barraclough  <barraclough@apple.com>
822
823         Unreviewed build fix.
824
825         * jit/JITStubs.h:
826             - Move ENABLE(JIT) to head of file.
827
828 2012-03-03  Gavin Barraclough  <barraclough@apple.com>
829
830         Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
831         https://bugs.webkit.org/show_bug.cgi?id=80217
832
833         Reviewed by Filip Pizlo.
834
835         putByIndex() provides similar behavior to put(), but for indexed property names.
836         Many places in ArrayPrototype call putByIndex() where they really mean to call
837         [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
838         calling numeric accessors (& respecting numeric read only properties) on the
839         prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
840         putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
841
842         * runtime/ArrayPrototype.cpp:
843         (JSC::arrayProtoFuncConcat):
844         (JSC::arrayProtoFuncSlice):
845         (JSC::arrayProtoFuncFilter):
846         (JSC::arrayProtoFuncMap):
847         * runtime/JSArray.cpp:
848         (JSC):
849         (JSC::reject):
850         (JSC::SparseArrayValueMap::putDirect):
851         (JSC::JSArray::defineOwnNumericProperty):
852         (JSC::JSArray::putByIndexBeyondVectorLength):
853         (JSC::JSArray::putDirectIndexBeyondVectorLength):
854         * runtime/JSArray.h:
855         (SparseArrayValueMap):
856         (JSArray):
857         (JSC::JSArray::putDirectIndex):
858
859 2012-03-03  Benjamin Poulain  <benjamin@webkit.org>
860
861         Implement the basis of KURLWTFURL
862         https://bugs.webkit.org/show_bug.cgi?id=79600
863
864         Reviewed by Adam Barth.
865
866         Add an API to know if a ParsedURL is valid.
867
868         * wtf/url/api/ParsedURL.cpp:
869         (WTF::ParsedURL::ParsedURL):
870         (WTF):
871         (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
872         and by KURL's detach() on write.
873         (WTF::ParsedURL::baseAsString):
874         (WTF::ParsedURL::segment):
875         Add a stronger constraint on accessors: the client of this API should never ask for the segments
876         on an invalid URL.
877         * wtf/url/api/ParsedURL.h:
878         (WTF):
879         (WTF::ParsedURL::ParsedURL):
880         (ParsedURL):
881         (WTF::ParsedURL::isValid):
882
883 2012-03-03  Hans Wennborg  <hans@chromium.org>
884
885         Implement Speech JavaScript API
886         https://bugs.webkit.org/show_bug.cgi?id=80019
887
888         Reviewed by Adam Barth.
889
890         Add ENABLE_SCRIPTED_SPEECH.
891
892         * Configurations/FeatureDefines.xcconfig:
893
894 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
895
896         When getting the line number of a call into a call frame with no code block, it's
897         incorrect to rely on the returnPC
898         https://bugs.webkit.org/show_bug.cgi?id=80195
899
900         Reviewed by Oliver Hunt.
901
902         * interpreter/Interpreter.cpp:
903         (JSC::getCallerInfo):
904         * jit/JITCall.cpp:
905         (JSC::JIT::compileLoadVarargs):
906
907 2012-03-02  Han Hojong  <hojong.han@samsung.com>
908
909         Expected results updated for checking type conversion
910         https://bugs.webkit.org/show_bug.cgi?id=80138
911
912         Reviewed by Gavin Barraclough.
913
914         * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
915
916 2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>
917
918         Adding WebSocket per-frame DEFLATE extension
919         https://bugs.webkit.org/show_bug.cgi?id=77522
920
921         Added USE(ZLIB) flag.
922
923         Reviewed by Kent Tamura.
924
925         * wtf/Platform.h:
926
927 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
928
929         Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
930
931         * bytecode/CodeBlock.cpp:
932         (JSC::CodeBlock::visitAggregate):
933
934 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
935
936         DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
937         virtue of being in the transitive closure
938         https://bugs.webkit.org/show_bug.cgi?id=80098
939  
940         Reviewed by Anders Carlsson.
941         
942         If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
943         then you might have the visitAggregate() method called concurrently by multiple threads.
944         This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
945         racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
946         due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
947         
948         It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
949         not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
950         any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
951         Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
952         don't lead to two threads racing over each other as they clobber state. This patch
953         achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
954         trivially linearizable) will get to trace the CodeBlock; all other threads give up and
955         go home.
956         
957         Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
958         times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
959         even when it's gotten sufficient counts. But that takes a while - sometimes up to a
960         minute to get a crash. I have no other reliable repro case.
961
962         * bytecode/CodeBlock.cpp:
963         (JSC::CodeBlock::visitAggregate):
964         * bytecode/CodeBlock.h:
965         (DFGData):
966         * heap/DFGCodeBlocks.cpp:
967         (JSC::DFGCodeBlocks::clearMarks):
968
969 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
970
971         The JIT should not crash the entire process just because there is not enough executable
972         memory, if the LLInt is enabled
973         https://bugs.webkit.org/show_bug.cgi?id=79962
974
975         Reviewed by Csaba Osztrogonác.
976         
977         Fix for ARM, SH4.
978
979         * assembler/AssemblerBufferWithConstantPool.h:
980         (JSC::AssemblerBufferWithConstantPool::executableCopy):
981
982 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
983
984         Revert my change. Broke builds.
985         Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
986         Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
987
988         * wtf/Atomics.h:
989         (WTF):
990         (WTF::weakCompareAndSwap):
991
992 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
993
994         Gcc build fix.
995
996         Rubber-stamped by Filip Pizlo.
997
998         * wtf/Atomics.h:
999         (WTF):
1000         (WTF::weakCompareAndSwap):
1001
1002 2012-03-01  Gavin Barraclough  <barraclough@apple.com>
1003
1004         ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
1005         https://bugs.webkit.org/show_bug.cgi?id=80011
1006
1007         Reviewed by Oliver Hunt.
1008
1009         Also, fix getting the caller from within a bound function, for within a getter,
1010         or setter (make our implementation match other browsers).
1011
1012         * interpreter/Interpreter.cpp:
1013         (JSC::getCallerInfo):
1014             - Allow this to get the caller of host functions.
1015         (JSC::Interpreter::retrieveCallerFromVMCode):
1016             - This should use getCallerInfo, and should skip over function bindings.
1017         * runtime/JSFunction.cpp:
1018         (JSC::JSFunction::callerGetter):
1019             - This should never return a strict-mode function.
1020
1021 2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>
1022
1023         DFG local CSE for a node can be terminated earlier
1024         https://bugs.webkit.org/show_bug.cgi?id=80014
1025
1026         Reviewed by Filip Pizlo.
1027
1028         When one of the node's childredn is met in the process of back traversing
1029         the nodes, we don't need to traverse the remaining nodes.
1030         This is performance neutral on SunSpider, V8 and Kraken.
1031
1032         * dfg/DFGCSEPhase.cpp:
1033         (JSC::DFG::CSEPhase::pureCSE):
1034         (JSC::DFG::CSEPhase::impureCSE):
1035         (JSC::DFG::CSEPhase::getByValLoadElimination):
1036         (JSC::DFG::CSEPhase::checkFunctionElimination):
1037         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1038         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1039         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1040         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1041
1042 2012-02-29  Yuqiang Xian  <yuqiang.xian@intel.com>
1043
1044         DFG BasicBlocks should not require that their nodes have continuous indices in the graph
1045         https://bugs.webkit.org/show_bug.cgi?id=79899
1046
1047         Reviewed by Filip Pizlo.
1048
1049         This will make it more convenient to insert nodes into the DFG.
1050         With this capability we now place the Phi nodes in the corresponding
1051         blocks.
1052         Local CSE is modified to not to rely on the assumption of continuous
1053         node indices in a block.
1054         This is performance neutral on SunSpider, V8 and Kraken.
1055
1056         * dfg/DFGAbstractState.cpp:
1057         (JSC::DFG::AbstractState::AbstractState):
1058         (JSC::DFG::AbstractState::beginBasicBlock):
1059         (JSC::DFG::AbstractState::execute):
1060         (JSC::DFG::AbstractState::clobberStructures):
1061         (JSC::DFG::AbstractState::mergeToSuccessors):
1062         (JSC::DFG::AbstractState::dump):
1063         * dfg/DFGAbstractState.h:
1064         (JSC::DFG::AbstractState::forNode):
1065         (AbstractState):
1066         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1067         (ArithNodeFlagsInferencePhase):
1068         * dfg/DFGBasicBlock.h:
1069         (JSC::DFG::BasicBlock::BasicBlock):
1070         (BasicBlock):
1071         * dfg/DFGByteCodeParser.cpp:
1072         (JSC::DFG::ByteCodeParser::addToGraph):
1073         (ByteCodeParser):
1074         (JSC::DFG::ByteCodeParser::insertPhiNode):
1075         (JSC::DFG::ByteCodeParser::handleInlining):
1076         (JSC::DFG::ByteCodeParser::parseBlock):
1077         (JSC::DFG::ByteCodeParser::processPhiStack):
1078         (JSC::DFG::ByteCodeParser::linkBlock):
1079         (JSC::DFG::ByteCodeParser::determineReachability):
1080         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1081         * dfg/DFGCFAPhase.cpp:
1082         (JSC::DFG::CFAPhase::performBlockCFA):
1083         (CFAPhase):
1084         * dfg/DFGCSEPhase.cpp:
1085         (JSC::DFG::CSEPhase::CSEPhase):
1086         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1087         (JSC::DFG::CSEPhase::pureCSE):
1088         (JSC::DFG::CSEPhase::impureCSE):
1089         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1090         (JSC::DFG::CSEPhase::getByValLoadElimination):
1091         (JSC::DFG::CSEPhase::checkFunctionElimination):
1092         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1093         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1094         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1095         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1096         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1097         (JSC::DFG::CSEPhase::performNodeCSE):
1098         (JSC::DFG::CSEPhase::performBlockCSE):
1099         (CSEPhase):
1100         * dfg/DFGGraph.cpp:
1101         (JSC::DFG::Graph::dump):
1102         * dfg/DFGPhase.cpp:
1103         (JSC::DFG::Phase::beginPhase):
1104         * dfg/DFGSpeculativeJIT.cpp:
1105         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1106         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1107         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1108         (JSC::DFG::SpeculativeJIT::compile):
1109         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1110         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1111         * dfg/DFGSpeculativeJIT.h:
1112         (SpeculativeJIT):
1113         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1114         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1115         * dfg/DFGSpeculativeJIT32_64.cpp:
1116         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1117         * dfg/DFGSpeculativeJIT64.cpp:
1118         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1119         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1120         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1121
1122 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
1123
1124         The JIT should not crash the entire process just because there is not
1125         enough executable memory, if the LLInt is enabled
1126         https://bugs.webkit.org/show_bug.cgi?id=79962
1127         <rdar://problem/10922215>
1128
1129         Unreviewed, adding forgotten file.
1130
1131         * jit/JITCompilationEffort.h: Added.
1132         (JSC):
1133
1134 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
1135
1136         The JIT should not crash the entire process just because there is not
1137         enough executable memory, if the LLInt is enabled
1138         https://bugs.webkit.org/show_bug.cgi?id=79962
1139         <rdar://problem/10922215>
1140
1141         Reviewed by Gavin Barraclough.
1142         
1143         Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
1144         a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
1145         JITCompilationMustSucceed. This preserves the old behavior of LLInt is
1146         disabled or if we're compiling something that can't be interpreted (like
1147         an OSR exit stub).
1148
1149         * JavaScriptCore.xcodeproj/project.pbxproj:
1150         * assembler/ARMAssembler.cpp:
1151         (JSC::ARMAssembler::executableCopy):
1152         * assembler/ARMAssembler.h:
1153         (ARMAssembler):
1154         * assembler/AssemblerBuffer.h:
1155         (JSC::AssemblerBuffer::executableCopy):
1156         * assembler/LinkBuffer.h:
1157         (JSC::LinkBuffer::LinkBuffer):
1158         (JSC::LinkBuffer::~LinkBuffer):
1159         (LinkBuffer):
1160         (JSC::LinkBuffer::didFailToAllocate):
1161         (JSC::LinkBuffer::isValid):
1162         (JSC::LinkBuffer::linkCode):
1163         (JSC::LinkBuffer::performFinalization):
1164         * assembler/MIPSAssembler.h:
1165         (JSC::MIPSAssembler::executableCopy):
1166         * assembler/SH4Assembler.h:
1167         (JSC::SH4Assembler::executableCopy):
1168         * assembler/X86Assembler.h:
1169         (JSC::X86Assembler::executableCopy):
1170         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
1171         * bytecode/CodeBlock.cpp:
1172         (JSC::ProgramCodeBlock::jitCompileImpl):
1173         (JSC::EvalCodeBlock::jitCompileImpl):
1174         (JSC::FunctionCodeBlock::jitCompileImpl):
1175         * bytecode/CodeBlock.h:
1176         (JSC::CodeBlock::jitCompile):
1177         (CodeBlock):
1178         (ProgramCodeBlock):
1179         (EvalCodeBlock):
1180         (FunctionCodeBlock):
1181         * dfg/DFGDriver.cpp:
1182         (JSC::DFG::compile):
1183         * dfg/DFGJITCompiler.cpp:
1184         (JSC::DFG::JITCompiler::compile):
1185         (JSC::DFG::JITCompiler::compileFunction):
1186         * dfg/DFGJITCompiler.h:
1187         (JITCompiler):
1188         * jit/ExecutableAllocator.cpp:
1189         (JSC::DemandExecutableAllocator::allocateNewSpace):
1190         (JSC::ExecutableAllocator::allocate):
1191         * jit/ExecutableAllocator.h:
1192         (ExecutableAllocator):
1193         * jit/ExecutableAllocatorFixedVMPool.cpp:
1194         (JSC::ExecutableAllocator::allocate):
1195         * jit/JIT.cpp:
1196         (JSC::JIT::privateCompile):
1197         * jit/JIT.h:
1198         (JSC::JIT::compile):
1199         (JIT):
1200         * jit/JITCompilationEffort.h: Added.
1201         (JSC):
1202         * jit/JITDriver.h:
1203         (JSC::jitCompileIfAppropriate):
1204         (JSC::jitCompileFunctionIfAppropriate):
1205         * llint/LLIntSlowPaths.cpp:
1206         (LLInt):
1207         (JSC::LLInt::jitCompileAndSetHeuristics):
1208         (JSC::LLInt::entryOSR):
1209         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1210         * runtime/Executable.cpp:
1211         (JSC::EvalExecutable::jitCompile):
1212         (JSC::ProgramExecutable::jitCompile):
1213         (JSC::FunctionExecutable::jitCompileForCall):
1214         (JSC::FunctionExecutable::jitCompileForConstruct):
1215         * runtime/Executable.h:
1216         (EvalExecutable):
1217         (ProgramExecutable):
1218         (FunctionExecutable):
1219         (JSC::FunctionExecutable::jitCompileFor):
1220         * runtime/ExecutionHarness.h:
1221         (JSC::prepareForExecution):
1222         (JSC::prepareFunctionForExecution):
1223
1224 2012-02-29  No'am Rosenthal  <noam.rosenthal@nokia.com>
1225
1226         [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
1227         https://bugs.webkit.org/show_bug.cgi?id=79501
1228
1229         Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
1230
1231         Reviewed by Kenneth Rohde Christiansen.
1232
1233         * wtf/Platform.h:
1234
1235 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
1236
1237         Rubber stamped by Oliver Hunt.
1238
1239         * tests/mozilla/ecma_2/RegExp/constructor-001.js:
1240         * tests/mozilla/ecma_2/RegExp/function-001.js:
1241         * tests/mozilla/ecma_2/RegExp/properties-001.js:
1242             - Check in new test cases results.
1243
1244 2012-02-29  Mark Rowe  <mrowe@apple.com>
1245
1246         Stop installing JSCLLIntOffsetsExtractor.
1247
1248         Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
1249         that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
1250         This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
1251
1252         While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
1253         for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
1254         to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
1255         allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
1256
1257         Reviewed by Filip Pizlo.
1258
1259         * Configurations/TestRegExp.xcconfig: Removed.
1260         * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
1261         * JavaScriptCore.xcodeproj/project.pbxproj:
1262
1263 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
1264
1265         RefCounted::deprecatedTurnOffVerifier() should not be deprecated
1266         https://bugs.webkit.org/show_bug.cgi?id=79864
1267
1268         Reviewed by Oliver Hunt.
1269         
1270         Removed the word "deprecated" from the name of this method, since this method
1271         should not be deprecated. It works just fine as it is, and there is simply no
1272         alternative to calling this method for many interesting JSC classes.
1273
1274         * parser/SourceProvider.h:
1275         (JSC::SourceProvider::SourceProvider):
1276         * runtime/SymbolTable.h:
1277         (JSC::SharedSymbolTable::SharedSymbolTable):
1278         * wtf/MetaAllocator.cpp:
1279         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
1280         (WTF::MetaAllocator::allocate):
1281         * wtf/RefCounted.h:
1282         (RefCountedBase):
1283         (WTF::RefCountedBase::turnOffVerifier):
1284
1285 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
1286
1287         'source' property of RegExp instance cannot be ""
1288         https://bugs.webkit.org/show_bug.cgi?id=79938
1289
1290         Reviewed by Oliver Hunt.
1291
1292         15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
1293         and also states that the result must be a valid RegularExpressionLiteral. '//' is
1294         not a valid RegularExpressionLiteral (since it is a single line comment), and hence
1295         source cannot ever validly be "". If the source is empty, return a different Pattern
1296         that would match the same thing.
1297
1298         * runtime/RegExpObject.cpp:
1299         (JSC::regExpObjectSource):
1300             - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
1301         * runtime/RegExpPrototype.cpp:
1302         (JSC::regExpProtoFuncToString):
1303             - No need to special case the empty string - this should be being done by 'source'.
1304
1305 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
1306
1307         Writable attribute not set correctly when redefining an accessor to a data descriptor
1308         https://bugs.webkit.org/show_bug.cgi?id=79931
1309
1310         Reviewed by Oliver Hunt.
1311
1312         * runtime/JSObject.cpp:
1313         (JSC::JSObject::defineOwnProperty):
1314             - use attributesOverridingCurrent instead of attributesWithOverride.
1315         * runtime/PropertyDescriptor.cpp:
1316         * runtime/PropertyDescriptor.h:
1317             - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
1318
1319 2012-02-29  Kevin Ollivier  <kevino@theolliviers.com>
1320
1321         Add JSCore symbol exports needed by wx port
1322         https://bugs.webkit.org/show_bug.cgi?id=77280
1323
1324         Reviewed by Hajime Morita.
1325
1326         * wtf/ArrayBufferView.h:
1327         * wtf/ExportMacros.h:
1328
1329 2012-02-28  Raphael Kubo da Costa  <kubo@profusion.mobi>
1330
1331         [CMake] Always build wtf as a static library.
1332         https://bugs.webkit.org/show_bug.cgi?id=79857
1333
1334         Reviewed by Eric Seidel.
1335
1336         To help the efforts in bug 75673 to move WTF out of
1337         JavaScriptCore, act more like the other ports and remove the
1338         possibility of building WTF as a shared library.
1339
1340         It does not make much sense to, for example, ship WTF as a
1341         separate .so with webkit-efl packages, and it should be small
1342         enough not to cause problems during linking.
1343
1344         * wtf/CMakeLists.txt:
1345
1346 2012-02-28  Dmitry Lomov  <dslomov@google.com>
1347
1348         [JSC] Implement ArrayBuffer transfer
1349         https://bugs.webkit.org/show_bug.cgi?id=73493.
1350         Implement ArrayBuffer transfer, per Khronos spec:  http://www.khronos.org/registry/typedarray/specs/latest/#9.
1351         This brings parity with V8 implementation of transferable typed arrays.
1352
1353         Reviewed by Oliver Hunt.
1354
1355         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
1356         * wtf/ArrayBuffer.h:
1357         (ArrayBuffer): Added extra export.
1358
1359 2012-02-28  Kevin Ollivier  <kevino@theolliviers.com>
1360
1361         [wx] Unreviewed. Build fix after recent LLInt additions.
1362         
1363         * wscript:
1364
1365 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1366
1367         Refactor SpeculativeJIT::emitAllocateJSFinalObject
1368         https://bugs.webkit.org/show_bug.cgi?id=79801
1369
1370         Reviewed by Filip Pizlo.
1371
1372         * dfg/DFGSpeculativeJIT.h:
1373         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
1374         function, which is more generic in that it can allocate a variety of classes.
1375         (SpeculativeJIT):
1376         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
1377
1378 2012-02-28  Gavin Barraclough  <barraclough@apple.com>
1379
1380         [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
1381         https://bugs.webkit.org/show_bug.cgi?id=79588
1382
1383         Reviewed by Oliver Hunt.
1384
1385         In the case of [[Get]], this is a pretty trivial bug - just don't wrap
1386         primitives at the point you call a getter.
1387
1388         For setters, this is a little more involved, since we have already wrapped
1389         the value up in a synthesized object. Stop doing so. There is also a further
1390         subtely, that in strict mode all attempts to create a new data property on
1391         the object should throw.
1392
1393         * runtime/JSCell.cpp:
1394         (JSC::JSCell::put):
1395             - [[Put]] to a string primitive should use JSValue::putToPrimitive.
1396         * runtime/JSObject.cpp:
1397         (JSC::JSObject::put):
1398             - Remove static function called in one place.
1399         * runtime/JSObject.h:
1400         (JSC::JSValue::put):
1401             - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
1402         * runtime/JSValue.cpp:
1403         (JSC::JSValue::synthesizePrototype):
1404             - Add support for synthesizing the prototype of strings.
1405         (JSC::JSValue::putToPrimitive):
1406             - Added, implements [[Put]] for primitive bases, per 8.7.2.
1407         * runtime/JSValue.h:
1408         (JSValue):
1409             - Add declaration for JSValue::putToPrimitive.
1410         * runtime/PropertySlot.cpp:
1411         (JSC::PropertySlot::functionGetter):
1412             - Don't call ToObject on primitive this values.
1413
1414 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1415
1416         Re-enable parallel GC on Mac
1417         https://bugs.webkit.org/show_bug.cgi?id=79837
1418
1419         Rubber stamped by Filip Pizlo.
1420
1421         * runtime/Options.cpp:
1422         (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
1423         so we removed it and things should go back to normal.
1424
1425 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
1426
1427         Some run-javascriptcore-tests broken for 32-bit debug
1428         https://bugs.webkit.org/show_bug.cgi?id=79844
1429
1430         Rubber stamped by Oliver Hunt.
1431         
1432         These assertions are just plain wrong for 32-bit. We could either have a massive
1433         assertion that depends on value representation, that has to be changed every
1434         time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
1435         could get rid of the assertions. I pick the latter.
1436
1437         * dfg/DFGOperations.cpp:
1438         * jit/JITStubs.cpp:
1439         (JSC::DEFINE_STUB_FUNCTION):
1440
1441 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1442
1443         Get rid of padding cruft in CopiedBlock
1444         https://bugs.webkit.org/show_bug.cgi?id=79686
1445
1446         Reviewed by Filip Pizlo.
1447
1448         * heap/CopiedBlock.h:
1449         (CopiedBlock): Removed the extra padding that was used for alignment purposes until 
1450         the calculation of the payload offset into CopiedBlocks was redone recently.
1451
1452 2012-02-28  Anders Carlsson  <andersca@apple.com>
1453
1454         Fix build with newer versions of clang.
1455
1456         Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
1457         but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
1458         takes a string literal.
1459
1460         * wtf/Assertions.cpp:
1461
1462 2012-02-28  Mario Sanchez Prada  <msanchez@igalia.com>
1463
1464         [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
1465         https://bugs.webkit.org/show_bug.cgi?id=79496
1466
1467         Reviewed by Martin Robinson.
1468
1469         Handle GMainLoop and GMainContext in GRefPtr, by calling
1470         g_main_loop_(un)ref and g_main_context_(un)ref in the
1471         implementation of the refGPtr and derefGPtr template functions.
1472
1473         * wtf/gobject/GRefPtr.cpp:
1474         (WTF::refGPtr):
1475         (WTF):
1476         (WTF::derefGPtr):
1477         * wtf/gobject/GRefPtr.h:
1478         (WTF):
1479         * wtf/gobject/GTypedefs.h:
1480
1481 2012-02-28  Yong Li  <yoli@rim.com>
1482
1483         JSString::resolveRope() should report extra memory cost to the heap.
1484         https://bugs.webkit.org/show_bug.cgi?id=79555
1485
1486         Reviewed by Michael Saboff.
1487
1488         At the time a JSString is constructed with fibers, it doesn't report
1489         extra memory cost, which is reasonable because it hasn't allocate
1490         new memory. However when the rope is resolved, it should report meory
1491         cost for the new buffer.
1492
1493         * runtime/JSString.cpp:
1494         (JSC::JSString::resolveRope):
1495
1496 2012-02-27  Oliver Hunt  <oliver@apple.com>
1497
1498         sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
1499         https://bugs.webkit.org/show_bug.cgi?id=79728
1500
1501         Reviewed by Gavin Barraclough.
1502
1503         When initialising a chained get instruction we may end up in a state where
1504         the instruction stream says we have a scopechain, but it has not yet been set
1505         (eg. if allocating the StructureChain itself is what leads to the GC).  We could
1506         re-order the allocation, but it occurs in a couple of places, so it seems less
1507         fragile simply to null check the scopechain slot before we actually visit the slot.
1508
1509         * bytecode/CodeBlock.cpp:
1510         (JSC::CodeBlock::visitStructures):
1511
1512 2012-02-27  Filip Pizlo  <fpizlo@apple.com>
1513
1514         Old JIT's style of JSVALUE64 strict equality is subtly wrong
1515         https://bugs.webkit.org/show_bug.cgi?id=79700
1516
1517         Reviewed by Oliver Hunt.
1518
1519         * assembler/MacroAssemblerX86_64.h:
1520         (JSC::MacroAssemblerX86_64::comparePtr):
1521         (MacroAssemblerX86_64):
1522         * dfg/DFGOperations.cpp:
1523         * dfg/DFGSpeculativeJIT.cpp:
1524         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1525         * dfg/DFGSpeculativeJIT64.cpp:
1526         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
1527         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
1528         * jit/JITOpcodes.cpp:
1529         (JSC::JIT::compileOpStrictEq):
1530         (JSC::JIT::emitSlow_op_stricteq):
1531         (JSC::JIT::emitSlow_op_nstricteq):
1532         * jit/JITStubs.cpp:
1533         (JSC::DEFINE_STUB_FUNCTION):
1534
1535 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
1536
1537         Implement support for op_negate and op_bitnot in the DFG JIT
1538         https://bugs.webkit.org/show_bug.cgi?id=79617
1539
1540         Reviewed by Filip Pizlo.
1541
1542         Add an ArithNegate op to the DFG JIT, to implement op_negate.
1543
1544         This patch also adds support for op_negate to the JSVALUE64 baseline JIT
1545         (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
1546
1547         This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
1548
1549         * assembler/ARMv7Assembler.h:
1550         (JSC::ARMv7Assembler::sub_S):
1551             - Added sub_S from immediate.
1552         (ARMv7Assembler):
1553         (JSC::ARMv7Assembler::vneg):
1554             - Added double negate.
1555         * assembler/MacroAssemblerARMv7.h:
1556         (JSC::MacroAssemblerARMv7::negateDouble):
1557             - Added double negate.
1558         (MacroAssemblerARMv7):
1559         (JSC::MacroAssemblerARMv7::branchNeg32):
1560             - Added.
1561         * assembler/MacroAssemblerX86.h:
1562         (MacroAssemblerX86):
1563             - moved loadDouble, absDouble to common.
1564         * assembler/MacroAssemblerX86Common.h:
1565         (MacroAssemblerX86Common):
1566         (JSC::MacroAssemblerX86Common::absDouble):
1567             - implementation can be shared.
1568         (JSC::MacroAssemblerX86Common::negateDouble):
1569             - Added.
1570         (JSC::MacroAssemblerX86Common::loadDouble):
1571             - allow absDouble to have a common implementation.
1572         * assembler/MacroAssemblerX86_64.h:
1573         (MacroAssemblerX86_64):
1574             - moved loadDouble, absDouble to common.
1575         * dfg/DFGAbstractState.cpp:
1576         (JSC::DFG::AbstractState::execute):
1577             - support ArithNegate.
1578         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1579         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1580             - support ArithNegate.
1581         * dfg/DFGByteCodeParser.cpp:
1582         (JSC::DFG::ByteCodeParser::makeSafe):
1583             - support ArithNegate.
1584         (JSC::DFG::ByteCodeParser::parseBlock):
1585             - support op_negate.
1586         * dfg/DFGCSEPhase.cpp:
1587         (JSC::DFG::CSEPhase::performNodeCSE):
1588             - support ArithNegate.
1589         * dfg/DFGCapabilities.h:
1590         (JSC::DFG::canCompileOpcode):
1591             - support op_negate.
1592         * dfg/DFGGraph.h:
1593         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1594             - support ArithNegate.
1595         * dfg/DFGNode.h:
1596         (JSC::DFG::Node::hasArithNodeFlags):
1597             - support ArithNegate.
1598         * dfg/DFGPredictionPropagationPhase.cpp:
1599         (JSC::DFG::PredictionPropagationPhase::propagate):
1600             - support ArithNegate.
1601         * dfg/DFGSpeculativeJIT.cpp:
1602         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1603             - support ArithNegate.
1604         * dfg/DFGSpeculativeJIT.h:
1605         (SpeculativeJIT):
1606             - support ArithNegate.
1607         * dfg/DFGSpeculativeJIT32_64.cpp:
1608         (JSC::DFG::SpeculativeJIT::compile):
1609             - support ArithNegate.
1610         * dfg/DFGSpeculativeJIT64.cpp:
1611         (JSC::DFG::SpeculativeJIT::compile):
1612             - support ArithNegate.
1613         * jit/JIT.cpp:
1614         (JSC::JIT::privateCompileMainPass):
1615         (JSC::JIT::privateCompileSlowCases):
1616             - Add support for op_negate in JSVALUE64.
1617         * jit/JITArithmetic.cpp:
1618         (JSC::JIT::emit_op_negate):
1619         (JSC::JIT::emitSlow_op_negate):
1620             - Add support for op_negate in JSVALUE64.
1621
1622 2012-02-27  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
1623
1624         Unreviewed. Build fix for linux-bot (qt) after r109021.
1625
1626         * runtime/Error.cpp:
1627
1628 2012-02-27  Oliver Hunt  <oliver@apple.com>
1629
1630         REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
1631         https://bugs.webkit.org/show_bug.cgi?id=79693
1632
1633         Reviewed by Filip Pizlo.
1634
1635         Alas we can't provide the stack trace as an array, as despite everyone wanting
1636         an array, everyone arbitrarily creates the array by calling split on the stack
1637         trace.  To create the array we would have provided them in the first place.
1638
1639         This changes the exception's stack property to a \n separated string.  To get the
1640         old array just do <exception>.stack.split("\n").
1641
1642         * runtime/Error.cpp:
1643         (JSC::addErrorInfo):
1644
1645 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
1646
1647         RegExp lastIndex should behave as a regular property
1648         https://bugs.webkit.org/show_bug.cgi?id=79446
1649
1650         Reviewed by Sam Weinig.
1651
1652         lastIndex should be a regular data descriptor, with the attributes configurable:false,
1653         enumerable:false, writable:true. As such, it should be possible to reconfigure writable
1654         as false. If the lastIndex property is reconfigured to be read-only, we should respect
1655         this correctly.
1656
1657         * runtime/CommonIdentifiers.h:
1658             - Removed some unused identifiers, added lastIndex.
1659         * runtime/RegExpObject.cpp:
1660         (JSC::RegExpObject::getOwnPropertySlot):
1661             - lastIndex is no longer a static value, provided specific handling.
1662         (JSC::RegExpObject::getOwnPropertyDescriptor):
1663             - lastIndex is no longer a static value, provided specific handling.
1664         (JSC::RegExpObject::deleteProperty):
1665             - lastIndex is no longer a static value, provided specific handling.
1666         (JSC::RegExpObject::getOwnPropertyNames):
1667             - lastIndex is no longer a static value, provided specific handling.
1668         (JSC::RegExpObject::getPropertyNames):
1669             - lastIndex is no longer a static value, provided specific handling.
1670         (JSC::reject):
1671             - helper function for defineOwnProperty.
1672         (JSC::RegExpObject::defineOwnProperty):
1673             - lastIndex is no longer a static value, provided specific handling.
1674         (JSC::RegExpObject::put):
1675             - lastIndex is no longer a static value, provided specific handling.
1676         (JSC::RegExpObject::match):
1677             - Pass setLastIndex an ExecState, so it can throw if read-only.
1678         * runtime/RegExpObject.h:
1679         (JSC::RegExpObject::setLastIndex):
1680             - Pass setLastIndex an ExecState, so it can throw if read-only.
1681         (RegExpObjectData):
1682             - Added lastIndexIsWritable.
1683         * runtime/RegExpPrototype.cpp:
1684         (JSC::regExpProtoFuncCompile):
1685             - Pass setLastIndex an ExecState, so it can throw if read-only.
1686
1687 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
1688
1689         Implement support for op_negate and op_bitnot in the DFG JIT
1690         https://bugs.webkit.org/show_bug.cgi?id=79617
1691
1692         Reviewed by Sam Weinig.
1693
1694         Remove op_bitnop - this is redundant, ~x === x^-1.
1695         This is a fractional (<1%) progression.
1696
1697         Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
1698         Remove CanReuse from the result type - this was unused.
1699         Remove op_bitnot.
1700
1701         * assembler/MacroAssemblerARM.h:
1702         (MacroAssemblerARM):
1703         (JSC::MacroAssemblerARM::xor32):
1704         * assembler/MacroAssemblerARMv7.h:
1705         (MacroAssemblerARMv7):
1706         (JSC::MacroAssemblerARMv7::xor32):
1707         * assembler/MacroAssemblerMIPS.h:
1708         (MacroAssemblerMIPS):
1709         (JSC::MacroAssemblerMIPS::xor32):
1710         * assembler/MacroAssemblerSH4.h:
1711         (MacroAssemblerSH4):
1712         (JSC::MacroAssemblerSH4::xor32):
1713         * assembler/MacroAssemblerX86Common.h:
1714         (MacroAssemblerX86Common):
1715         (JSC::MacroAssemblerX86Common::xor32):
1716         * bytecode/CodeBlock.cpp:
1717         (JSC::CodeBlock::dump):
1718         * bytecode/Opcode.h:
1719         (JSC):
1720         (JSC::padOpcodeName):
1721         * bytecompiler/NodesCodegen.cpp:
1722         (JSC):
1723         (JSC::BitwiseNotNode::emitBytecode):
1724         * interpreter/Interpreter.cpp:
1725         (JSC::Interpreter::privateExecute):
1726         * jit/JIT.cpp:
1727         (JSC::JIT::privateCompileMainPass):
1728         (JSC::JIT::privateCompileSlowCases):
1729         * jit/JIT.h:
1730         (JIT):
1731         * jit/JITArithmetic32_64.cpp:
1732         (JSC):
1733         * jit/JITOpcodes.cpp:
1734         (JSC):
1735         * jit/JITStubs.cpp:
1736         (JSC):
1737         * jit/JITStubs.h:
1738         * llint/LLIntSlowPaths.cpp:
1739         (LLInt):
1740         * llint/LLIntSlowPaths.h:
1741         (LLInt):
1742         * llint/LowLevelInterpreter32_64.asm:
1743         * parser/NodeConstructors.h:
1744         (JSC::NegateNode::NegateNode):
1745         (JSC::BitwiseNotNode::BitwiseNotNode):
1746         (JSC::MultNode::MultNode):
1747         (JSC::DivNode::DivNode):
1748         (JSC::ModNode::ModNode):
1749         (JSC::SubNode::SubNode):
1750         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
1751         * parser/Nodes.h:
1752         (BitwiseNotNode):
1753         (JSC::BitwiseNotNode::expr):
1754         (JSC):
1755         * parser/ResultType.h:
1756         (ResultType):
1757         (JSC::ResultType::numberTypeIsInt32):
1758         (JSC::ResultType::stringOrNumberType):
1759         (JSC::ResultType::forAdd):
1760         (JSC::ResultType::forBitOp):
1761
1762 2012-02-27  Michael Saboff  <msaboff@apple.com>
1763
1764         Error check regexp min quantifier
1765         https://bugs.webkit.org/show_bug.cgi?id=70648
1766
1767         Reviewed by Gavin Barraclough.
1768
1769         Added checking for min or only quantifier being UINT_MAX.
1770         When encountered this becomes a SyntaxError during parsing.
1771
1772         * yarr/YarrParser.h:
1773         (JSC::Yarr::Parser::parseQuantifier):
1774         (JSC::Yarr::Parser::parse):
1775         (Parser):
1776
1777 2012-02-27  Carlos Garcia Campos  <cgarcia@igalia.com>
1778
1779         Unreviewed. Fix make distcheck.
1780
1781         * GNUmakefile.list.am: Add missing files.
1782
1783 2012-02-26  Hajime Morrita  <morrita@chromium.org>
1784
1785         Move ChromeClient::showContextMenu() to ContextMenuClient
1786         https://bugs.webkit.org/show_bug.cgi?id=79427
1787
1788         Reviewed by Adam Barth.
1789
1790         Added ACCESSIBILITY_CONTEXT_MENUS.
1791
1792         * wtf/Platform.h:
1793
1794 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
1795
1796         LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
1797         https://bugs.webkit.org/show_bug.cgi?id=79616
1798
1799         Reviewed by Oliver Hunt.
1800         
1801         Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
1802
1803         * dfg/DFGAbstractValue.h:
1804         (JSC::DFG::AbstractValue::validate):
1805
1806 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
1807
1808         DFG should support activations and nested functions
1809         https://bugs.webkit.org/show_bug.cgi?id=79554
1810
1811         Reviewed by Sam Weinig.
1812         
1813         Fix 32-bit. The 32-bit function+activation code had some really weird
1814         register reuse bugs.
1815
1816         * dfg/DFGSpeculativeJIT32_64.cpp:
1817         (JSC::DFG::SpeculativeJIT::compile):
1818
1819 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
1820
1821         Getting the instruction stream for a code block should not require two loads
1822         https://bugs.webkit.org/show_bug.cgi?id=79608
1823
1824         Reviewed by Sam Weinig.
1825         
1826         Introduced the RefCountedArray class, which contains a single inline pointer
1827         to a ref-counted non-resizeable vector backing store. This satisfies the
1828         requirements of CodeBlock, which desires the ability to share instruction
1829         streams with other CodeBlocks. It also reduces the number of loads required
1830         for getting the instruction stream by one.
1831         
1832         This patch also gets rid of the bytecode discarding logic, since we don't
1833         use it anymore and it's unlikely to ever work right with DFG or LLInt. And
1834         I didn't feel like porting dead code to use RefCountedArray.
1835
1836         * GNUmakefile.list.am:
1837         * JavaScriptCore.xcodeproj/project.pbxproj:
1838         * bytecode/CodeBlock.cpp:
1839         (JSC::instructionOffsetForNth):
1840         (JSC::CodeBlock::dump):
1841         (JSC::CodeBlock::CodeBlock):
1842         (JSC::CodeBlock::finalizeUnconditionally):
1843         (JSC::CodeBlock::handlerForBytecodeOffset):
1844         (JSC::CodeBlock::lineNumberForBytecodeOffset):
1845         (JSC::CodeBlock::expressionRangeForBytecodeOffset):
1846         (JSC::CodeBlock::shrinkToFit):
1847         * bytecode/CodeBlock.h:
1848         (CodeBlock):
1849         (JSC::CodeBlock::numberOfInstructions):
1850         (JSC::CodeBlock::instructions):
1851         (JSC::CodeBlock::instructionCount):
1852         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1853         (JSC):
1854         * bytecompiler/BytecodeGenerator.cpp:
1855         (JSC::Label::setLocation):
1856         (JSC):
1857         (JSC::BytecodeGenerator::generate):
1858         (JSC::BytecodeGenerator::newLabel):
1859         * bytecompiler/BytecodeGenerator.h:
1860         (JSC):
1861         (BytecodeGenerator):
1862         (JSC::BytecodeGenerator::instructions):
1863         * bytecompiler/Label.h:
1864         (JSC::Label::Label):
1865         (Label):
1866         * dfg/DFGByteCodeCache.h:
1867         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
1868         (JSC::DFG::ByteCodeCache::get):
1869         * jit/JITExceptions.cpp:
1870         (JSC::genericThrow):
1871         * llint/LowLevelInterpreter32_64.asm:
1872         * runtime/Executable.cpp:
1873         (JSC::EvalExecutable::compileInternal):
1874         (JSC::ProgramExecutable::compileInternal):
1875         (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
1876         (JSC::FunctionExecutable::produceCodeBlockFor):
1877         * wtf/RefCountedArray.h: Added.
1878         (WTF):
1879         (RefCountedArray):
1880         (WTF::RefCountedArray::RefCountedArray):
1881         (WTF::RefCountedArray::operator=):
1882         (WTF::RefCountedArray::~RefCountedArray):
1883         (WTF::RefCountedArray::size):
1884         (WTF::RefCountedArray::data):
1885         (WTF::RefCountedArray::begin):
1886         (WTF::RefCountedArray::end):
1887         (WTF::RefCountedArray::at):
1888         (WTF::RefCountedArray::operator[]):
1889         (Header):
1890         (WTF::RefCountedArray::Header::size):
1891         (WTF::RefCountedArray::Header::payload):
1892         (WTF::RefCountedArray::Header::fromPayload):
1893         * wtf/Platform.h:
1894
1895 2012-02-26  Yusuke Suzuki  <utatane.tea@gmail.com>
1896
1897         StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
1898         https://bugs.webkit.org/show_bug.cgi?id=79571
1899
1900         Reviewed by Gavin Barraclough.
1901
1902         * parser/ASTBuilder.h:
1903         (JSC::ASTBuilder::createGetterOrSetterProperty):
1904         * parser/Parser.cpp:
1905         (JSC::::parseProperty):
1906         * parser/SyntaxChecker.h:
1907         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1908
1909 2012-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1910
1911         Implement fast path for op_new_array in the baseline JIT
1912         https://bugs.webkit.org/show_bug.cgi?id=78612
1913
1914         Reviewed by Filip Pizlo.
1915
1916         heap/CopiedAllocator.h:
1917         (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
1918         * heap/CopiedSpace.h:
1919         (CopiedSpace): Friended the JIT to allow access to isOversize.
1920         (JSC::CopiedSpace::allocator):
1921         * heap/Heap.h:
1922         (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
1923         can use it for simple allocation i.e. when we can just bump the offset without having to 
1924         do anything else.
1925         * jit/JIT.cpp:
1926         (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
1927         we have to bail out because the fast allocation path fails for whatever reason.
1928         * jit/JIT.h:
1929         (JIT):
1930         * jit/JITInlineMethods.h:
1931         (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
1932         allocate generic backing stores. This function is used by emitAllocateJSArray.
1933         (JSC):
1934         (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
1935         more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
1936         it will also be used for emit_op_new_array_buffer.
1937         * jit/JITOpcodes.cpp:
1938         (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
1939         a stub call for oversize arrays.
1940         (JSC):
1941         (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
1942         fail in any way on the fast path.
1943         * runtime/JSArray.cpp:
1944         (JSC):
1945         * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
1946         initialize in the JIT.
1947         (ArrayStorage):
1948         (JSC::ArrayStorage::lengthOffset):
1949         (JSC::ArrayStorage::numValuesInVectorOffset):
1950         (JSC::ArrayStorage::allocBaseOffset):
1951         (JSC::ArrayStorage::vectorOffset):
1952         (JSArray):
1953         (JSC::JSArray::sparseValueMapOffset):
1954         (JSC::JSArray::subclassDataOffset):
1955         (JSC::JSArray::indexBiasOffset):
1956         (JSC):
1957         (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
1958         to being a static function in the JSArray class. This move allows the JIT to call it to 
1959         see what size it should allocate.
1960
1961 2012-02-26  Patrick Gansterer  <paroga@webkit.org>
1962
1963         Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
1964
1965         * interpreter/Interpreter.cpp:
1966         (JSC::getLineNumberForCallFrame):
1967         (JSC::Interpreter::getStackTrace):
1968
1969 2012-02-26  Patrick Gansterer  <paroga@webkit.org>
1970
1971         Unreviewed. Build fix for !ENABLE(JIT) after r108681.
1972
1973         * interpreter/Interpreter.cpp:
1974         (JSC::getLineNumberForCallFrame):
1975
1976 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
1977
1978         LLInt assembly file should be split into 32-bit and 64-bit parts
1979         https://bugs.webkit.org/show_bug.cgi?id=79584
1980
1981         Reviewed by Sam Weinig.
1982         
1983         Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
1984         the ability to include files, and correctly track dependencies: it restricts
1985         the include mechanism to using the same directory as the source file, and uses
1986         the SHA1 hash of all .asm files in that directory as an input hash.
1987
1988         * llint/LLIntOfflineAsmConfig.h:
1989         * llint/LowLevelInterpreter.asm:
1990         * llint/LowLevelInterpreter32_64.asm: Added.
1991             - This is just the entire contents of what was previously LowLevelInterpreter.asm
1992         * llint/LowLevelInterpreter64.asm: Added.
1993         * offlineasm/asm.rb:
1994         * offlineasm/ast.rb:
1995         * offlineasm/generate_offset_extractor.rb:
1996         * offlineasm/parser.rb:
1997         * offlineasm/self_hash.rb:
1998
1999 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2000
2001         Offlineasm should support X86_64
2002         https://bugs.webkit.org/show_bug.cgi?id=79581
2003
2004         Reviewed by Oliver Hunt.
2005
2006         * llint/LLIntOfflineAsmConfig.h:
2007         * offlineasm/backends.rb:
2008         * offlineasm/instructions.rb:
2009         * offlineasm/settings.rb:
2010         * offlineasm/x86.rb:
2011
2012 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2013
2014         DFG should support activations and nested functions
2015         https://bugs.webkit.org/show_bug.cgi?id=79554
2016
2017         Reviewed by Oliver Hunt.
2018         
2019         Wrote the simplest possible implementation of activations. Big speed-up on
2020         code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
2021         Kraken) because they do not appear to have sufficient coverage over code
2022         that uses activations.
2023
2024         * bytecode/PredictedType.cpp:
2025         (JSC::predictionToString):
2026         (JSC::predictionFromValue):
2027         * bytecode/PredictedType.h:
2028         (JSC):
2029         (JSC::isEmptyPrediction):
2030         * dfg/DFGAbstractState.cpp:
2031         (JSC::DFG::AbstractState::execute):
2032         * dfg/DFGByteCodeParser.cpp:
2033         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2034         (ByteCodeParser):
2035         (JSC::DFG::ByteCodeParser::parseBlock):
2036         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2037         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2038         (JSC::DFG::ByteCodeParser::parse):
2039         * dfg/DFGCapabilities.h:
2040         (JSC::DFG::canCompileOpcode):
2041         (JSC::DFG::canInlineOpcode):
2042         * dfg/DFGGraph.h:
2043         (JSC::DFG::Graph::needsActivation):
2044         * dfg/DFGNode.h:
2045         (DFG):
2046         (JSC::DFG::Node::storageAccessDataIndex):
2047         (Node):
2048         (JSC::DFG::Node::hasFunctionDeclIndex):
2049         (JSC::DFG::Node::functionDeclIndex):
2050         (JSC::DFG::Node::hasFunctionExprIndex):
2051         (JSC::DFG::Node::functionExprIndex):
2052         * dfg/DFGOperations.cpp:
2053         * dfg/DFGOperations.h:
2054         * dfg/DFGPredictionPropagationPhase.cpp:
2055         (JSC::DFG::PredictionPropagationPhase::propagate):
2056         * dfg/DFGSpeculativeJIT.cpp:
2057         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
2058         (DFG):
2059         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
2060         * dfg/DFGSpeculativeJIT.h:
2061         (JSC::DFG::SpeculativeJIT::callOperation):
2062         * dfg/DFGSpeculativeJIT32_64.cpp:
2063         (JSC::DFG::SpeculativeJIT::compile):
2064         * dfg/DFGSpeculativeJIT64.cpp:
2065         (JSC::DFG::SpeculativeJIT::compile):
2066
2067 2012-02-25  Benjamin Poulain  <benjamin@webkit.org>
2068
2069         Add an empty skeleton of KURL for WTFURL
2070         https://bugs.webkit.org/show_bug.cgi?id=78990
2071
2072         Reviewed by Adam Barth.
2073
2074         * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
2075         so that can use them in WebCore.
2076
2077 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2078
2079         Unreviewed, fix build for DFG disabled and LLInt enabled.
2080
2081         * jit/JIT.cpp:
2082         (JSC::JIT::privateCompile):
2083         * llint/LLIntSlowPaths.cpp:
2084         (LLInt):
2085         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2086
2087 2012-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2088
2089         Fix the CopiedBlock offset alignment in a cross platform fashion
2090         https://bugs.webkit.org/show_bug.cgi?id=79556
2091
2092         Reviewed by Filip Pizlo.
2093
2094         Replaced m_payload with a payload() method that calculates the offset
2095         of the payload with the proper alignment. This change allows us to 
2096         avoid alignment-related issues in a cross-platform manner.
2097
2098         * heap/CopiedAllocator.h:
2099         (JSC::CopiedAllocator::currentUtilization):
2100         * heap/CopiedBlock.h:
2101         (JSC::CopiedBlock::CopiedBlock):
2102         (JSC::CopiedBlock::payload):
2103         (CopiedBlock):
2104         * heap/CopiedSpace.cpp:
2105         (JSC::CopiedSpace::doneFillingBlock):
2106         * heap/CopiedSpaceInlineMethods.h:
2107         (JSC::CopiedSpace::borrowBlock):
2108         (JSC::CopiedSpace::allocateFromBlock):
2109
2110 2012-02-24  Michael Saboff  <msaboff@apple.com>
2111
2112         Unreviewed, Windows build fix.  Changed signature in export to match
2113         change made in r108858.
2114
2115         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2116
2117 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2118
2119         DFG support for op_new_regexp should be enabled
2120         https://bugs.webkit.org/show_bug.cgi?id=79538
2121
2122         Reviewed by Oliver Hunt.
2123         
2124         No performance change.
2125
2126         * dfg/DFGCapabilities.h:
2127         (JSC::DFG::canCompileOpcode):
2128         * dfg/DFGCommon.h:
2129
2130 2012-02-24  Michael Saboff  <msaboff@apple.com>
2131
2132         ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
2133         https://bugs.webkit.org/show_bug.cgi?id=73728
2134
2135         Reviewed by Gavin Barraclough.
2136
2137         Fixed the mixing of signed and unsigned character indeces in YARR
2138         interpreter.
2139
2140         * runtime/RegExp.cpp:
2141         (JSC::RegExp::match): Added code to check for match longer than 2^31 and
2142         return no match after resetting the offsets.
2143         * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
2144         handling except when matching back references.
2145         (JSC::Yarr::Interpreter::InputStream::readChecked):
2146         (JSC::Yarr::Interpreter::InputStream::checkInput):
2147         (JSC::Yarr::Interpreter::InputStream::uncheckInput):
2148         (JSC::Yarr::Interpreter::InputStream::atStart):
2149         (JSC::Yarr::Interpreter::InputStream::atEnd):
2150         (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
2151         (JSC::Yarr::Interpreter::checkCharacter):
2152         (JSC::Yarr::Interpreter::checkCasedCharacter):
2153         (JSC::Yarr::Interpreter::checkCharacterClass):
2154         (JSC::Yarr::Interpreter::tryConsumeBackReference):
2155         (JSC::Yarr::Interpreter::matchAssertionBOL):
2156         (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
2157         (JSC::Yarr::Interpreter::backtrackPatternCharacter):
2158         (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
2159         (JSC::Yarr::Interpreter::matchCharacterClass):
2160         (JSC::Yarr::Interpreter::backtrackCharacterClass):
2161         (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
2162         (JSC::Yarr::Interpreter::matchDisjunction):
2163         (JSC::Yarr::Interpreter::interpret):
2164         (JSC::Yarr::ByteCompiler::assertionBOL):
2165         (JSC::Yarr::ByteCompiler::assertionEOL):
2166         (JSC::Yarr::ByteCompiler::assertionWordBoundary):
2167         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
2168         (JSC::Yarr::ByteCompiler::atomCharacterClass):
2169         (JSC::Yarr::ByteCompiler::atomBackReference):
2170         (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
2171         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
2172         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
2173         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
2174         (JSC::Yarr::ByteCompiler::emitDisjunction):
2175         * yarr/YarrInterpreter.h:
2176
2177 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2178
2179         Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
2180         enabled.
2181
2182         * llint/LLIntOfflineAsmConfig.h:
2183         * llint/LowLevelInterpreter.asm:
2184
2185 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2186
2187         DFG should be able to handle variables getting captured
2188         https://bugs.webkit.org/show_bug.cgi?id=79469
2189
2190         Reviewed by Oliver Hunt.
2191         
2192         Made captured variables work by placing a Flush on the SetLocal and
2193         forcing the emission of the GetLocal even if copy propagation tells us
2194         who has the value.
2195         
2196         Changed the CFA and various prediction codes to understand that we can't
2197         really prove anything about captured variables. Well, we could in the
2198         future by just looking at what side effects are happening, but in this
2199         first cut we just assume that we can't reason about captured variables.
2200         
2201         Also added a mode where the DFG pretends that all variables and arguments
2202         got captured. Used this mode to harden the code.
2203         
2204         This is performance neutral. Capturing all variables is a slow down, but
2205         not too big of one. This seems to predict that when we add activation
2206         support, the amount of speed benefit we'll get from increased coverage
2207         will far outweigh the pessimism that we'll have to endure for captured
2208         variables.
2209
2210         * bytecode/CodeType.h:
2211         (JSC::codeTypeToString):
2212         * dfg/DFGAbstractState.cpp:
2213         (JSC::DFG::AbstractState::initialize):
2214         (JSC::DFG::AbstractState::endBasicBlock):
2215         (JSC::DFG::AbstractState::execute):
2216         (JSC::DFG::AbstractState::merge):
2217         * dfg/DFGAbstractState.h:
2218         (AbstractState):
2219         * dfg/DFGByteCodeParser.cpp:
2220         (JSC::DFG::ByteCodeParser::getLocal):
2221         (JSC::DFG::ByteCodeParser::setLocal):
2222         (JSC::DFG::ByteCodeParser::getArgument):
2223         (JSC::DFG::ByteCodeParser::setArgument):
2224         (JSC::DFG::ByteCodeParser::flushArgument):
2225         (JSC::DFG::ByteCodeParser::handleInlining):
2226         (JSC::DFG::ByteCodeParser::processPhiStack):
2227         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2228         (JSC::DFG::ByteCodeParser::parse):
2229         * dfg/DFGCapabilities.h:
2230         (JSC::DFG::mightInlineFunctionForCall):
2231         (JSC::DFG::mightInlineFunctionForConstruct):
2232         * dfg/DFGCommon.h:
2233         * dfg/DFGGraph.h:
2234         (JSC::DFG::Graph::needsActivation):
2235         (Graph):
2236         (JSC::DFG::Graph::argumentIsCaptured):
2237         (JSC::DFG::Graph::localIsCaptured):
2238         (JSC::DFG::Graph::isCaptured):
2239         * dfg/DFGNode.h:
2240         (JSC::DFG::Node::shouldGenerate):
2241         * dfg/DFGPredictionPropagationPhase.cpp:
2242         (JSC::DFG::PredictionPropagationPhase::propagate):
2243         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2244         * dfg/DFGSpeculativeJIT.cpp:
2245         (DFG):
2246         (JSC::DFG::ValueSource::dump):
2247         (JSC::DFG::SpeculativeJIT::compile):
2248         * dfg/DFGSpeculativeJIT.h:
2249         (ValueSource):
2250         * dfg/DFGSpeculativeJIT32_64.cpp:
2251         (JSC::DFG::SpeculativeJIT::compile):
2252         * dfg/DFGSpeculativeJIT64.cpp:
2253         (JSC::DFG::SpeculativeJIT::compile):
2254         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2255         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2256
2257 2012-02-24  Gavin Barraclough  <barraclough@apple.com>
2258
2259         Should not allow malformed \x escapes
2260         https://bugs.webkit.org/show_bug.cgi?id=79462
2261
2262         Reviewed by Oliver Hunt.
2263
2264         * parser/Lexer.cpp:
2265         (JSC::::parseString):
2266         (JSC::::parseStringSlowCase):
2267             - Prohibit malformed '\x' escapes
2268         * tests/mozilla/ecma/Array/15.4.5.1-1.js:
2269         * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
2270         * tests/mozilla/ecma_2/RegExp/hex-001.js:
2271         * tests/mozilla/js1_2/regexp/hexadecimal.js:
2272             - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
2273
2274 2012-02-24  Daniel Bates  <dbates@webkit.org>
2275
2276         Fix change log entry for changeset r108819; add bug URL
2277         https://bugs.webkit.org/show_bug.cgi?id=79504
2278
2279         Changeset r108819 is associated with bug #79504.
2280
2281         * ChangeLog
2282
2283 2012-02-24  Daniel Bates  <dbates@webkit.org>
2284
2285         Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
2286         https://bugs.webkit.org/show_bug.cgi?id=79504
2287
2288         Reviewed by Oliver Hunt.
2289
2290         There are a few places in Interpreter.cpp that need to be updated to use
2291         ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
2292         ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
2293         (https://bugs.webkit.org/show_bug.cgi?id=78791).
2294
2295         * interpreter/Interpreter.cpp:
2296         (JSC::getLineNumberForCallFrame):
2297         (JSC::getCallerInfo):
2298         (JSC::getSourceURLFromCallFrame):
2299
2300 2012-02-24  Adam Roben  <aroben@apple.com>
2301
2302         Undo the BUILDING_WTF part of r108808
2303
2304         This broke the build, which is obviously worse than the linker warning it was trying to
2305         solve.
2306
2307         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2308
2309 2012-02-24  Adam Roben  <aroben@apple.com>
2310
2311         Fix linker warnings on Windows
2312
2313         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
2314         exported via JS_EXPORTDATA.
2315
2316         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
2317         aren't actually building WTF, but we are statically linking it, so we need to define this
2318         symbol so that we export WTF's exports.
2319
2320 2012-02-24  Philippe Normand  <pnormand@igalia.com>
2321
2322         Fix GTK WebAudio build for WebKitGTK 1.7.90.
2323
2324         Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
2325         Rubber-stamped by Philippe Normand.
2326
2327         * GNUmakefile.list.am: Add Complex.h to the list of files so it
2328         gets disted in the tarballs.
2329
2330 2012-02-24  Zoltan Herczeg  <zherczeg@webkit.org>
2331
2332         [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
2333         https://bugs.webkit.org/show_bug.cgi?id=79199
2334
2335         Ruber stamped by Csaba Osztrogonác.
2336
2337         Temporary fix since the new member wastes a little space on
2338         64 bit systems. Although it is harmless, it is only needed
2339         for 32 bit systems.
2340
2341         * heap/CopiedBlock.h:
2342         (CopiedBlock):
2343
2344 2012-02-24  Han Hojong  <hojong.han@samsung.com>
2345
2346         Remove useless jump instructions for short circuit
2347         https://bugs.webkit.org/show_bug.cgi?id=75602
2348
2349         Reviewed by Michael Saboff.
2350
2351         Jump instruction is inserted to make short circuit, 
2352         however it does nothing but moving to the next instruction.
2353         Therefore useless jump instructions are removed, 
2354         and jump list is moved into the case not for a short circuit,
2355         so that only necessary instructions are added to JIT code
2356         unless it has a 16 bit pattern character and an 8 bit string.
2357
2358         * yarr/YarrJIT.cpp:
2359         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
2360         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
2361
2362 2012-02-24  Sheriff Bot  <webkit.review.bot@gmail.com>
2363
2364         Unreviewed, rolling out r108731.
2365         http://trac.webkit.org/changeset/108731
2366         https://bugs.webkit.org/show_bug.cgi?id=79464
2367
2368         Broke Chromium Win tests (Requested by bashi on #webkit).
2369
2370         * wtf/Platform.h:
2371
2372 2012-02-24  Andrew Lo  <anlo@rim.com>
2373
2374         [BlackBerry] Enable requestAnimationFrame
2375         https://bugs.webkit.org/show_bug.cgi?id=79408
2376
2377         Use timer implementation of requestAnimationFrame on BlackBerry.
2378
2379         Reviewed by Rob Buis.
2380
2381         * wtf/Platform.h:
2382
2383 2012-02-24  Mathias Bynens  <mathias@qiwi.be>
2384
2385         `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
2386         https://bugs.webkit.org/show_bug.cgi?id=78908
2387
2388         Add additional checks for zero-width non-joiner (0x200C) and
2389         zero-width joiner (0x200D) characters.
2390
2391         Reviewed by Michael Saboff.
2392
2393         * parser/Lexer.cpp:
2394         (JSC::isNonASCIIIdentPart)
2395         * runtime/LiteralParser.cpp:
2396         (JSC::::Lexer::lexIdentifier)
2397
2398 2012-02-23  Kenichi Ishibashi  <bashi@chromium.org>
2399
2400         Adding WebSocket per-frame DEFLATE extension
2401         https://bugs.webkit.org/show_bug.cgi?id=77522
2402
2403         Added USE(ZLIB) flag.
2404
2405         Reviewed by Kent Tamura.
2406
2407         * wtf/Platform.h:
2408
2409 2012-02-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2410
2411         Zero out CopiedBlocks on initialization
2412         https://bugs.webkit.org/show_bug.cgi?id=79199
2413
2414         Reviewed by Filip Pizlo.
2415
2416         Made CopyBlocks zero their payloads during construction. This allows 
2417         JSArray to avoid having to manually clear its backing store upon allocation
2418         and also alleviates any future pain with regard to the garbage collector trying 
2419         to mark what it thinks are values in what is actually uninitialized memory.
2420
2421         * heap/CopiedBlock.h:
2422         (JSC::CopiedBlock::CopiedBlock):
2423         * runtime/JSArray.cpp:
2424         (JSC::JSArray::finishCreation):
2425         (JSC::JSArray::tryFinishCreationUninitialized):
2426         (JSC::JSArray::increaseVectorLength):
2427         (JSC::JSArray::unshiftCountSlowCase):
2428
2429 2012-02-23  Oliver Hunt  <oliver@apple.com>
2430
2431         Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
2432         https://bugs.webkit.org/show_bug.cgi?id=79407
2433
2434         Reviewed by Gavin Barraclough.
2435
2436         Outside of exception handling, we don't know what our source line number is.  This
2437         change allows us to pass -1 is as the initial line number, and get the correct line
2438         number in the resultant stack trace.  We can't completely elide the initial line
2439         number (yet) due to some idiosyncrasies of the exception handling machinery.
2440
2441         * interpreter/Interpreter.cpp:
2442         (JSC::getLineNumberForCallFrame):
2443         (JSC):
2444         (JSC::Interpreter::getStackTrace):
2445
2446 2012-02-22  Filip Pizlo  <fpizlo@apple.com>
2447
2448         DFG OSR exit value profiling should have graceful handling of local variables and arguments
2449         https://bugs.webkit.org/show_bug.cgi?id=79310
2450
2451         Reviewed by Gavin Barraclough.
2452         
2453         Previously, if we OSR exited because a prediction in a local was wrong, we'd
2454         only realize what the true type of the local was if the regular value profiling
2455         kicked in and told us. Unless the local was block-locally copy propagated, in
2456         which case we'd know from an OSR exit profile.
2457         
2458         This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
2459         exit because of a mispredicted local or argument type, we'll know what the type of
2460         the local or argument should be immediately upon exiting.
2461         
2462         The way that local variable OSR exit profiling works is that we now have a lazily
2463         added set of OSR-exit-only value profiles for exit sites that are BadType and that
2464         cited a GetLocal as their value source. The value profiles are only added if the
2465         OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
2466         operand. The look-up is performed by querying the
2467         CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
2468         the bytecode index and the operand. Because the value profiles are added at random
2469         times, they are not sorted; instead they are just stored in an arbitrarily-ordered
2470         SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
2471         creates a LazyOperandValueProfileParser, which turns the
2472         CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
2473         of DFG parsing.
2474         
2475         Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
2476         into which values observed during OSR exit would be placed. Now it uses a lazy
2477         thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
2478         either contain a ValueProfile inside it (which works for previous uses of OSR exit
2479         profiling) or it may just have knowledge of how to go about creating the
2480         LazyOperandValueProfile in the case that the OSR exit is actually taken. This
2481         ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
2482         value profiling buckets unless we actually did OSR exit on every single operand,
2483         in every single instruction, in each code block (that's probably unlikely).
2484         
2485         This appears to be neutral on the major benchmarks, but is a double-digit speed-up
2486         on code deliberately written to have data flow that spans basic blocks and where
2487         the code exhibits post-optimization polymorphism in a local variable.
2488
2489         * CMakeLists.txt:
2490         * GNUmakefile.list.am:
2491         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2492         * JavaScriptCore.xcodeproj/project.pbxproj:
2493         * Target.pri:
2494         * bytecode/CodeBlock.cpp:
2495         (JSC::CodeBlock::stronglyVisitStrongReferences):
2496         * bytecode/CodeBlock.h:
2497         (CodeBlock):
2498         (JSC::CodeBlock::lazyOperandValueProfiles):
2499         * bytecode/LazyOperandValueProfile.cpp: Added.
2500         (JSC):
2501         (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
2502         (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
2503         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
2504         (JSC::CompressedLazyOperandValueProfileHolder::add):
2505         (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
2506         (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
2507         (JSC::LazyOperandValueProfileParser::getIfPresent):
2508         (JSC::LazyOperandValueProfileParser::prediction):
2509         * bytecode/LazyOperandValueProfile.h: Added.
2510         (JSC):
2511         (LazyOperandValueProfileKey):
2512         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
2513         (JSC::LazyOperandValueProfileKey::operator!):
2514         (JSC::LazyOperandValueProfileKey::operator==):
2515         (JSC::LazyOperandValueProfileKey::hash):
2516         (JSC::LazyOperandValueProfileKey::bytecodeOffset):
2517         (JSC::LazyOperandValueProfileKey::operand):
2518         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
2519         (JSC::LazyOperandValueProfileKeyHash::hash):
2520         (JSC::LazyOperandValueProfileKeyHash::equal):
2521         (LazyOperandValueProfileKeyHash):
2522         (WTF):
2523         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
2524         (LazyOperandValueProfile):
2525         (JSC::LazyOperandValueProfile::key):
2526         (CompressedLazyOperandValueProfileHolder):
2527         (LazyOperandValueProfileParser):
2528         * bytecode/MethodOfGettingAValueProfile.cpp: Added.
2529         (JSC):
2530         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
2531         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
2532         * bytecode/MethodOfGettingAValueProfile.h: Added.
2533         (JSC):
2534         (MethodOfGettingAValueProfile):
2535         (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
2536         (JSC::MethodOfGettingAValueProfile::operator!):
2537         * bytecode/ValueProfile.cpp: Removed.
2538         * bytecode/ValueProfile.h:
2539         (JSC):
2540         (ValueProfileBase):
2541         (JSC::ValueProfileBase::ValueProfileBase):
2542         (JSC::ValueProfileBase::dump):
2543         (JSC::ValueProfileBase::computeUpdatedPrediction):
2544         (JSC::MinimalValueProfile::MinimalValueProfile):
2545         (ValueProfileWithLogNumberOfBuckets):
2546         (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
2547         (JSC::ValueProfile::ValueProfile):
2548         (JSC::getValueProfileBytecodeOffset):
2549         (JSC::getRareCaseProfileBytecodeOffset):
2550         * dfg/DFGByteCodeParser.cpp:
2551         (ByteCodeParser):
2552         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2553         (JSC::DFG::ByteCodeParser::getLocal):
2554         (JSC::DFG::ByteCodeParser::getArgument):
2555         (InlineStackEntry):
2556         (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
2557         (DFG):
2558         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2559         (JSC::DFG::ByteCodeParser::parse):
2560         * dfg/DFGDriver.cpp:
2561         (JSC::DFG::compile):
2562         * dfg/DFGGraph.h:
2563         (JSC::DFG::Graph::valueProfileFor):
2564         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2565         (Graph):
2566         * dfg/DFGNode.h:
2567         (Node):
2568         * dfg/DFGOSRExit.cpp:
2569         (JSC::DFG::OSRExit::OSRExit):
2570         * dfg/DFGOSRExit.h:
2571         (OSRExit):
2572         * dfg/DFGOSRExitCompiler32_64.cpp:
2573         (JSC::DFG::OSRExitCompiler::compileExit):
2574         * dfg/DFGOSRExitCompiler64.cpp:
2575         (JSC::DFG::OSRExitCompiler::compileExit):
2576         * dfg/DFGPhase.cpp:
2577         (JSC::DFG::Phase::beginPhase):
2578         (JSC::DFG::Phase::endPhase):
2579         * dfg/DFGSpeculativeJIT.cpp:
2580         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2581         * dfg/DFGSpeculativeJIT.h:
2582         (JSC::DFG::SpeculativeJIT::speculationCheck):
2583         * dfg/DFGVariableAccessData.h:
2584         (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
2585         (VariableAccessData):
2586
2587 2012-02-23  Filip Pizlo  <fpizlo@apple.com>
2588
2589         Build fix.
2590
2591         * llint/LLIntOffsetsExtractor.cpp:
2592
2593 2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
2594
2595         [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
2596
2597         * llint/LLIntOffsetsExtractor.cpp:
2598         * wtf/Platform.h:
2599
2600 2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
2601
2602         [wx] Build fix for non-Mac wx builds.
2603
2604         * runtime/DatePrototype.cpp:
2605
2606 2012-02-22  Filip Pizlo  <fpizlo@apple.com>
2607
2608         DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
2609         https://bugs.webkit.org/show_bug.cgi?id=79334
2610
2611         Reviewed by Oliver Hunt.
2612
2613         * dfg/DFGByteCodeParser.cpp:
2614         (JSC::DFG::ByteCodeParser::getLocal):
2615         (JSC::DFG::ByteCodeParser::getArgument):
2616         (JSC::DFG::ByteCodeParser::flush):
2617
2618 2012-02-23  Gavin Barraclough  <barraclough@apple.com>
2619
2620         Object.isSealed / Object.isFrozen don't work for native objects
2621         https://bugs.webkit.org/show_bug.cgi?id=79331
2622
2623         Reviewed by Sam Weinig.
2624
2625         Need to inspect all properties, including static ones.
2626         This exposes a couple of bugs in Array & Arguments:
2627             - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
2628             - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
2629
2630         * runtime/Arguments.cpp:
2631         (JSC::Arguments::defineOwnProperty):
2632             - Add handling for callee/caller/length.
2633         * runtime/JSArray.cpp:
2634         (JSC::JSArray::getOwnPropertyDescriptor):
2635             - report length's writability correctly.
2636         * runtime/ObjectConstructor.cpp:
2637         (JSC::objectConstructorSeal):
2638         (JSC::objectConstructorFreeze):
2639         (JSC::objectConstructorIsSealed):
2640         (JSC::objectConstructorIsFrozen):
2641             - Add spec-based implementation for non-final objects.
2642
2643 2012-02-23  Gavin Barraclough  <barraclough@apple.com>
2644
2645         pop of array hole should get from the prototype chain
2646         https://bugs.webkit.org/show_bug.cgi?id=79338
2647
2648         Reviewed by Sam Weinig.
2649
2650         * runtime/JSArray.cpp:
2651         (JSC::JSArray::pop):
2652             - If the fast fast vector case fails, more closely follow the spec.
2653
2654 2012-02-23  Yong Li  <yoli@rim.com>
2655
2656         JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
2657         https://bugs.webkit.org/show_bug.cgi?id=79268
2658
2659         Reviewed by Michael Saboff.
2660
2661         resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
2662         after it fails to allocate a buffer for m_value. So outOfMemory() should assert
2663         isRope() rather than !isRope().
2664
2665         * runtime/JSString.cpp:
2666         (JSC::JSString::outOfMemory):
2667
2668 2012-02-23  Patrick Gansterer  <paroga@webkit.org>
2669
2670         [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
2671         https://bugs.webkit.org/show_bug.cgi?id=79371
2672
2673         Reviewed by Daniel Bates.
2674
2675         * CMakeLists.txt:
2676         * shell/CMakeLists.txt:
2677         * wtf/CMakeLists.txt:
2678
2679 2012-02-23  Aron Rosenberg  <arosenberg@logitech.com>
2680
2681         Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
2682         https://bugs.webkit.org/show_bug.cgi?id=76210
2683
2684         Add compile time check for Visual Studio 2005 or newer.
2685
2686         Reviewed by Simon Hausmann.
2687
2688         * os-win32/inttypes.h:
2689
2690 2012-02-22  Gavin Barraclough  <barraclough@apple.com>
2691
2692         Implement [[DefineOwnProperty]] for the arguments object
2693         https://bugs.webkit.org/show_bug.cgi?id=79309
2694
2695         Reviewed by Sam Weinig.
2696
2697         * runtime/Arguments.cpp:
2698         (JSC::Arguments::deletePropertyByIndex):
2699         (JSC::Arguments::deleteProperty):
2700             - Deleting an argument should also delete the copy on the object, if any.
2701         (JSC::Arguments::defineOwnProperty):
2702             - Defining a property may override the live mapping.
2703         * runtime/Arguments.h:
2704         (Arguments):
2705
2706 2012-02-22  Gavin Barraclough  <barraclough@apple.com>
2707
2708         Fix Object.freeze for non-final objects.
2709         https://bugs.webkit.org/show_bug.cgi?id=79286
2710
2711         Reviewed by Oliver Hunt.
2712
2713         For vanilla objects we implement this with a single transition, for objects
2714         with special properties we should just follow the spec defined algorithm.
2715
2716         * runtime/JSArray.cpp:
2717         (JSC::SparseArrayValueMap::put):
2718             - this does need to handle inextensible objects.
2719         * runtime/ObjectConstructor.cpp:
2720         (JSC::objectConstructorSeal):
2721         (JSC::objectConstructorFreeze):
2722             - Implement spec defined algorithm for non-final objects.
2723         * runtime/Structure.cpp:
2724         (JSC::Structure::Structure):
2725         (JSC::Structure::freezeTransition):
2726             - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
2727         * runtime/Structure.h:
2728         (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
2729         (JSC::Structure::setHasGetterSetterProperties):
2730         (JSC::Structure::setContainsReadOnlyProperties):
2731         (Structure):
2732             - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
2733
2734 2012-02-22  Mark Hahnenberg  <mhahnenberg@apple.com>
2735
2736         Allocations from CopiedBlocks should always be 8-byte aligned
2737         https://bugs.webkit.org/show_bug.cgi?id=79271
2738
2739         Reviewed by Geoffrey Garen.
2740
2741         * heap/CopiedAllocator.h:
2742         (JSC::CopiedAllocator::allocate):
2743         * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 
2744         guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
2745         (CopiedBlock):
2746         * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
2747         (JSC::CopiedSpace::tryAllocateOversize):
2748         (JSC::CopiedSpace::getFreshBlock):
2749         * heap/CopiedSpaceInlineMethods.h:
2750         (JSC::CopiedSpace::allocateFromBlock):
2751         * runtime/JSArray.h:
2752         (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 
2753         aligned on both 64- and 32-bit platforms.
2754         * wtf/StdLibExtras.h:
2755         (WTF::is8ByteAligned): Added new utility function that functions similarly to the 
2756         way isPointerAligned does, but it just always checks for 8 byte alignment.
2757         (WTF):
2758
2759 2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2760
2761         Unreviewed, rolling out r108456.
2762         http://trac.webkit.org/changeset/108456
2763         https://bugs.webkit.org/show_bug.cgi?id=79223
2764
2765         Broke fast/regex/pcre-test-4.html and cannot find anyone on
2766         IRC (Requested by zherczeg on #webkit).
2767
2768         * yarr/YarrJIT.cpp:
2769         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
2770
2771 2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2772
2773         Unreviewed, rolling out r108468.
2774         http://trac.webkit.org/changeset/108468
2775         https://bugs.webkit.org/show_bug.cgi?id=79219
2776
2777         Broke Chromium Win release build (Requested by bashi on
2778         #webkit).
2779
2780         * wtf/Platform.h:
2781
2782 2012-02-22  Kenichi Ishibashi  <bashi@chromium.org>
2783
2784         Adding WebSocket per-frame DEFLATE extension
2785         https://bugs.webkit.org/show_bug.cgi?id=77522
2786
2787         Added USE(ZLIB) flag.
2788
2789         Reviewed by Kent Tamura.
2790
2791         * wtf/Platform.h:
2792
2793 2012-02-22  Hojong Han  <hojong.han@samsung.com>
2794
2795         Short circuit fixed for a 16 bt pattern character and an 8 bit string.
2796         https://bugs.webkit.org/show_bug.cgi?id=75602
2797
2798         Reviewed by Gavin Barraclough.
2799
2800         * yarr/YarrJIT.cpp:
2801         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
2802
2803 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
2804
2805         Build fix for systems with case sensitive disks.
2806
2807         * llint/LLIntOfflineAsmConfig.h:
2808
2809 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
2810
2811         JSC should be a triple-tier VM
2812         https://bugs.webkit.org/show_bug.cgi?id=75812
2813         <rdar://problem/10079694>
2814
2815         Reviewed by Gavin Barraclough.
2816         
2817         Implemented an interpreter that uses the JIT's calling convention. This
2818         interpreter is called LLInt, or the Low Level Interpreter. JSC will now
2819         will start by executing code in LLInt and will only tier up to the old
2820         JIT after the code is proven hot.
2821         
2822         LLInt is written in a modified form of our macro assembly. This new macro
2823         assembly is compiled by an offline assembler (see offlineasm), which
2824         implements many modern conveniences such as a Turing-complete CPS-based
2825         macro language and direct access to relevant C++ type information
2826         (basically offsets of fields and sizes of structs/classes).
2827         
2828         Code executing in LLInt appears to the rest of the JSC world "as if" it
2829         were executing in the old JIT. Hence, things like exception handling and
2830         cross-execution-engine calls just work and require pretty much no
2831         additional overhead.
2832         
2833         This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
2834         V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
2835         V8, and Kraken, but appear to get a double-digit improvement on real-world
2836         websites due to a huge reduction in the amount of JIT'ing.
2837         
2838         * CMakeLists.txt:
2839         * GNUmakefile.am:
2840         * GNUmakefile.list.am:
2841         * JavaScriptCore.pri:
2842         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2843         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2844         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2845         * JavaScriptCore.xcodeproj/project.pbxproj:
2846         * Target.pri:
2847         * assembler/LinkBuffer.h:
2848         * assembler/MacroAssemblerCodeRef.h:
2849         (MacroAssemblerCodePtr):
2850         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2851         * bytecode/BytecodeConventions.h: Added.
2852         * bytecode/CallLinkStatus.cpp:
2853         (JSC::CallLinkStatus::computeFromLLInt):
2854         (JSC):
2855         (JSC::CallLinkStatus::computeFor):
2856         * bytecode/CallLinkStatus.h:
2857         (JSC::CallLinkStatus::isSet):
2858         (JSC::CallLinkStatus::operator!):
2859         (CallLinkStatus):
2860         * bytecode/CodeBlock.cpp:
2861         (JSC::CodeBlock::dump):
2862         (JSC::CodeBlock::CodeBlock):
2863         (JSC::CodeBlock::~CodeBlock):
2864         (JSC::CodeBlock::finalizeUnconditionally):
2865         (JSC::CodeBlock::stronglyVisitStrongReferences):
2866         (JSC):
2867         (JSC::CodeBlock::unlinkCalls):
2868         (JSC::CodeBlock::unlinkIncomingCalls):
2869         (JSC::CodeBlock::bytecodeOffset):
2870         (JSC::ProgramCodeBlock::jettison):
2871         (JSC::EvalCodeBlock::jettison):
2872         (JSC::FunctionCodeBlock::jettison):
2873         (JSC::ProgramCodeBlock::jitCompileImpl):
2874         (JSC::EvalCodeBlock::jitCompileImpl):
2875         (JSC::FunctionCodeBlock::jitCompileImpl):
2876         * bytecode/CodeBlock.h:
2877         (JSC):
2878         (CodeBlock):
2879         (JSC::CodeBlock::baselineVersion):
2880         (JSC::CodeBlock::linkIncomingCall):
2881         (JSC::CodeBlock::bytecodeOffset):
2882         (JSC::CodeBlock::jitCompile):
2883         (JSC::CodeBlock::hasOptimizedReplacement):
2884         (JSC::CodeBlock::addPropertyAccessInstruction):
2885         (JSC::CodeBlock::addGlobalResolveInstruction):
2886         (JSC::CodeBlock::addLLIntCallLinkInfo):
2887         (JSC::CodeBlock::addGlobalResolveInfo):
2888         (JSC::CodeBlock::numberOfMethodCallLinkInfos):
2889         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2890         (JSC::CodeBlock::likelyToTakeSlowCase):
2891         (JSC::CodeBlock::couldTakeSlowCase):
2892         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
2893         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
2894         (JSC::CodeBlock::likelyToTakeAnySlowCase):
2895         (JSC::CodeBlock::addFrequentExitSite):
2896         (JSC::CodeBlock::dontJITAnytimeSoon):
2897         (JSC::CodeBlock::jitAfterWarmUp):
2898         (JSC::CodeBlock::jitSoon):
2899         (JSC::CodeBlock::llintExecuteCounter):
2900         (ProgramCodeBlock):
2901         (EvalCodeBlock):
2902         (FunctionCodeBlock):
2903         * bytecode/GetByIdStatus.cpp:
2904         (JSC::GetByIdStatus::computeFromLLInt):
2905         (JSC):
2906         (JSC::GetByIdStatus::computeFor):
2907         * bytecode/GetByIdStatus.h:
2908         (JSC::GetByIdStatus::GetByIdStatus):
2909         (JSC::GetByIdStatus::wasSeenInJIT):
2910         (GetByIdStatus):
2911         * bytecode/Instruction.h:
2912         (JSC):
2913         (JSC::Instruction::Instruction):
2914         (Instruction):
2915         * bytecode/LLIntCallLinkInfo.h: Added.
2916         (JSC):
2917         (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
2918         (LLIntCallLinkInfo):
2919         (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
2920         (JSC::LLIntCallLinkInfo::isLinked):
2921         (JSC::LLIntCallLinkInfo::unlink):
2922         * bytecode/MethodCallLinkStatus.cpp:
2923         (JSC::MethodCallLinkStatus::computeFor):
2924         * bytecode/Opcode.cpp:
2925         (JSC):
2926         * bytecode/Opcode.h:
2927         (JSC):
2928         (JSC::padOpcodeName):
2929         * bytecode/PutByIdStatus.cpp:
2930         (JSC::PutByIdStatus::computeFromLLInt):
2931         (JSC):
2932         (JSC::PutByIdStatus::computeFor):
2933         * bytecode/PutByIdStatus.h:
2934         (PutByIdStatus):
2935         * bytecompiler/BytecodeGenerator.cpp:
2936         (JSC::BytecodeGenerator::emitResolve):
2937         (JSC::BytecodeGenerator::emitResolveWithBase):
2938         (JSC::BytecodeGenerator::emitGetById):
2939         (JSC::BytecodeGenerator::emitPutById):
2940         (JSC::BytecodeGenerator::emitDirectPutById):
2941         (JSC::BytecodeGenerator::emitCall):
2942         (JSC::BytecodeGenerator::emitConstruct):
2943         (JSC::BytecodeGenerator::emitCatch):
2944         * dfg/DFGByteCodeParser.cpp:
2945         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2946         (JSC::DFG::ByteCodeParser::handleInlining):
2947         (JSC::DFG::ByteCodeParser::parseBlock):
2948         * dfg/DFGCapabilities.h:
2949         (JSC::DFG::canCompileOpcode):
2950         * dfg/DFGOSRExitCompiler.cpp:
2951         * dfg/DFGOperations.cpp:
2952         * heap/Heap.h:
2953         (JSC):
2954         (JSC::Heap::firstAllocatorWithoutDestructors):
2955         (Heap):
2956         * heap/MarkStack.cpp:
2957         (JSC::visitChildren):
2958         * heap/MarkedAllocator.h:
2959         (JSC):
2960         (MarkedAllocator):
2961         * heap/MarkedSpace.h:
2962         (JSC):
2963         (MarkedSpace):
2964         (JSC::MarkedSpace::firstAllocator):
2965         * interpreter/CallFrame.cpp:
2966         (JSC):
2967         (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
2968         (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
2969         (JSC::CallFrame::currentVPC):
2970         (JSC::CallFrame::setCurrentVPC):
2971         (JSC::CallFrame::trueCallerFrame):
2972         * interpreter/CallFrame.h:
2973         (JSC::ExecState::hasReturnPC):
2974         (JSC::ExecState::clearReturnPC):
2975         (ExecState):
2976         (JSC::ExecState::bytecodeOffsetForNonDFGCode):
2977         (JSC::ExecState::currentVPC):
2978         (JSC::ExecState::setCurrentVPC):
2979         * interpreter/Interpreter.cpp:
2980         (JSC::Interpreter::Interpreter):
2981         (JSC::Interpreter::~Interpreter):
2982         (JSC):
2983         (JSC::Interpreter::initialize):
2984         (JSC::Interpreter::isOpcode):
2985         (JSC::Interpreter::unwindCallFrame):
2986         (JSC::getCallerInfo):
2987         (JSC::Interpreter::privateExecute):
2988         (JSC::Interpreter::retrieveLastCaller):
2989         * interpreter/Interpreter.h:
2990         (JSC):
2991         (Interpreter):
2992         (JSC::Interpreter::getOpcode):
2993         (JSC::Interpreter::getOpcodeID):
2994         (JSC::Interpreter::classicEnabled):
2995         * interpreter/RegisterFile.h:
2996         (JSC):
2997         (RegisterFile):
2998         * jit/ExecutableAllocator.h:
2999         (JSC):
3000         * jit/HostCallReturnValue.cpp: Added.
3001         (JSC):
3002         (JSC::getHostCallReturnValueWithExecState):
3003         * jit/HostCallReturnValue.h: Added.
3004         (JSC):
3005         (JSC::initializeHostCallReturnValue):
3006         * jit/JIT.cpp:
3007         (JSC::JIT::privateCompileMainPass):
3008         (JSC::JIT::privateCompileSlowCases):
3009         (JSC::JIT::privateCompile):
3010         * jit/JITCode.h:
3011         (JSC::JITCode::isOptimizingJIT):
3012         (JITCode):
3013         (JSC::JITCode::isBaselineCode):
3014         (JSC::JITCode::JITCode):
3015         * jit/JITDriver.h:
3016         (JSC::jitCompileIfAppropriate):
3017         (JSC::jitCompileFunctionIfAppropriate):
3018         * jit/JITExceptions.cpp:
3019         (JSC::jitThrow):
3020         * jit/JITInlineMethods.h:
3021         (JSC::JIT::updateTopCallFrame):
3022         * jit/JITStubs.cpp:
3023         (JSC::DEFINE_STUB_FUNCTION):
3024         (JSC):
3025         * jit/JITStubs.h:
3026         (JSC):
3027         * jit/JSInterfaceJIT.h:
3028         * llint: Added.
3029         * llint/LLIntCommon.h: Added.
3030         * llint/LLIntData.cpp: Added.
3031         (LLInt):
3032         (JSC::LLInt::Data::Data):
3033         (JSC::LLInt::Data::performAssertions):
3034         (JSC::LLInt::Data::~Data):
3035         * llint/LLIntData.h: Added.
3036         (JSC):
3037         (LLInt):
3038         (Data):
3039         (JSC::LLInt::Data::exceptionInstructions):
3040         (JSC::LLInt::Data::opcodeMap):
3041         (JSC::LLInt::Data::performAssertions):
3042         * llint/LLIntEntrypoints.cpp: Added.
3043         (LLInt):
3044         (JSC::LLInt::getFunctionEntrypoint):
3045         (JSC::LLInt::getEvalEntrypoint):
3046         (JSC::LLInt::getProgramEntrypoint):
3047         * llint/LLIntEntrypoints.h: Added.
3048         (JSC):
3049         (LLInt):
3050         (JSC::LLInt::getEntrypoint):
3051         * llint/LLIntExceptions.cpp: Added.
3052         (LLInt):
3053         (JSC::LLInt::interpreterThrowInCaller):
3054         (JSC::LLInt::returnToThrowForThrownException):
3055         (JSC::LLInt::returnToThrow):
3056         (JSC::LLInt::callToThrow):
3057         * llint/LLIntExceptions.h: Added.
3058         (JSC):
3059         (LLInt):
3060         * llint/LLIntOfflineAsmConfig.h: Added.
3061         * llint/LLIntOffsetsExtractor.cpp: Added.
3062         (JSC):
3063         (LLIntOffsetsExtractor):
3064         (JSC::LLIntOffsetsExtractor::dummy):
3065         (main):
3066         * llint/LLIntSlowPaths.cpp: Added.
3067         (LLInt):
3068         (JSC::LLInt::llint_trace_operand):
3069         (JSC::LLInt::llint_trace_value):
3070         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3071         (JSC::LLInt::traceFunctionPrologue):
3072         (JSC::LLInt::shouldJIT):
3073         (JSC::LLInt::entryOSR):
3074         (JSC::LLInt::resolveGlobal):
3075         (JSC::LLInt::getByVal):
3076         (JSC::LLInt::handleHostCall):
3077         (JSC::LLInt::setUpCall):
3078         (JSC::LLInt::genericCall):
3079         * llint/LLIntSlowPaths.h: Added.
3080         (JSC):
3081         (LLInt):
3082         * llint/LLIntThunks.cpp: Added.
3083         (LLInt):
3084         (JSC::LLInt::generateThunkWithJumpTo):
3085         (JSC::LLInt::functionForCallEntryThunkGenerator):
3086         (JSC::LLInt::functionForConstructEntryThunkGenerator):
3087         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
3088         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
3089         (JSC::LLInt::evalEntryThunkGenerator):
3090         (JSC::LLInt::programEntryThunkGenerator):
3091         * llint/LLIntThunks.h: Added.
3092         (JSC):
3093         (LLInt):
3094         * llint/LowLevelInterpreter.asm: Added.
3095         * llint/LowLevelInterpreter.cpp: Added.
3096         * llint/LowLevelInterpreter.h: Added.
3097         * offlineasm: Added.
3098         * offlineasm/armv7.rb: Added.
3099         * offlineasm/asm.rb: Added.
3100         * offlineasm/ast.rb: Added.
3101         * offlineasm/backends.rb: Added.
3102         * offlineasm/generate_offset_extractor.rb: Added.
3103         * offlineasm/instructions.rb: Added.
3104         * offlineasm/offset_extractor_constants.rb: Added.
3105         * offlineasm/offsets.rb: Added.
3106         * offlineasm/opt.rb: Added.
3107         * offlineasm/parser.rb: Added.
3108         * offlineasm/registers.rb: Added.
3109         * offlineasm/self_hash.rb: Added.
3110         * offlineasm/settings.rb: Added.
3111         * offlineasm/transform.rb: Added.
3112         * offlineasm/x86.rb: Added.
3113         * runtime/CodeSpecializationKind.h: Added.
3114         (JSC):
3115         * runtime/CommonSlowPaths.h:
3116         (JSC::CommonSlowPaths::arityCheckFor):
3117         (CommonSlowPaths):
3118         * runtime/Executable.cpp:
3119         (JSC::jettisonCodeBlock):
3120         (JSC):
3121         (JSC::EvalExecutable::jitCompile):
3122         (JSC::samplingDescription):
3123         (JSC::EvalExecutable::compileInternal):
3124         (JSC::ProgramExecutable::jitCompile):
3125         (JSC::ProgramExecutable::compileInternal):
3126         (JSC::FunctionExecutable::baselineCodeBlockFor):
3127         (JSC::FunctionExecutable::jitCompileForCall):
3128         (JSC::FunctionExecutable::jitCompileForConstruct):
3129         (JSC::FunctionExecutable::compileForCallInternal):
3130         (JSC::FunctionExecutable::compileForConstructInternal):
3131         * runtime/Executable.h:
3132         (JSC):
3133         (EvalExecutable):
3134         (ProgramExecutable):
3135         (FunctionExecutable):
3136         (JSC::FunctionExecutable::jitCompileFor):
3137         * runtime/ExecutionHarness.h: Added.
3138         (JSC):
3139         (JSC::prepareForExecution):
3140         (JSC::prepareFunctionForExecution):
3141         * runtime/JSArray.h:
3142         (JSC):
3143         (JSArray):
3144         * runtime/JSCell.h:
3145         (JSC):
3146         (JSCell):
3147         * runtime/JSFunction.h:
3148         (JSC):
3149         (JSFunction):
3150         * runtime/JSGlobalData.cpp:
3151         (JSC::JSGlobalData::JSGlobalData):
3152         * runtime/JSGlobalData.h:
3153         (JSC):
3154         (JSGlobalData):
3155         * runtime/JSGlobalObject.h:
3156         (JSC):
3157         (JSGlobalObject):
3158         * runtime/JSObject.h:
3159         (JSC):
3160         (JSObject):
3161         (JSFinalObject):
3162         * runtime/JSPropertyNameIterator.h:
3163         (JSC):
3164         (JSPropertyNameIterator):
3165         * runtime/JSString.h:
3166         (JSC):
3167         (JSString):
3168         * runtime/JSTypeInfo.h:
3169         (JSC):
3170         (TypeInfo):
3171         * runtime/JSValue.cpp:
3172         (JSC::JSValue::description):
3173         * runtime/JSValue.h:
3174         (LLInt):
3175         (JSValue):
3176         * runtime/JSVariableObject.h:
3177         (JSC):
3178         (JSVariableObject):
3179         * runtime/Options.cpp:
3180         (Options):
3181         (JSC::Options::initializeOptions):
3182         * runtime/Options.h:
3183         (Options):
3184         * runtime/ScopeChain.h:
3185         (JSC):
3186         (ScopeChainNode):
3187         * runtime/Structure.cpp:
3188         (JSC::Structure::addPropertyTransition):
3189         * runtime/Structure.h:
3190         (JSC):
3191         (Structure):
3192         * runtime/StructureChain.h:
3193         (JSC):
3194         (StructureChain):
3195         * wtf/InlineASM.h:
3196         * wtf/Platform.h:
3197         * wtf/SentinelLinkedList.h:
3198         (SentinelLinkedList):
3199         (WTF::SentinelLinkedList::isEmpty):
3200         * wtf/text/StringImpl.h:
3201         (JSC):
3202         (StringImpl):
3203
3204 2012-02-21  Oliver Hunt  <oliver@apple.com>
3205
3206         Unbreak double-typed arrays on ARMv7
3207         https://bugs.webkit.org/show_bug.cgi?id=79177
3208
3209         Reviewed by Gavin Barraclough.
3210
3211         The existing code had completely broken address arithmetic.
3212
3213         * JSCTypedArrayStubs.h:
3214         (JSC):
3215         * assembler/MacroAssemblerARMv7.h:
3216         (JSC::MacroAssemblerARMv7::storeDouble):
3217         (JSC::MacroAssemblerARMv7::storeFloat):
3218
3219 2012-02-21  Gavin Barraclough  <barraclough@apple.com>
3220
3221         Should be able to reconfigure a non-configurable property as read-only
3222         https://bugs.webkit.org/show_bug.cgi?id=79170
3223
3224         Reviewed by Sam Weinig.
3225
3226         See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
3227         but does not inhibit making a writable property read-only.
3228
3229         * runtime/JSGlobalData.cpp:
3230         (JSC::JSGlobalData::JSGlobalData):
3231         * runtime/JSGlobalData.h:
3232         (JSC::JSGlobalData::setInDefineOwnProperty):
3233         (JSGlobalData):
3234         (JSC::JSGlobalData::isInDefineOwnProperty):
3235             - Added flag, tracking whether we are in JSObject::defineOwnProperty.
3236         * runtime/JSObject.cpp:
3237         (JSC::JSObject::deleteProperty):
3238         (DefineOwnPropertyScope):
3239             - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
3240         (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
3241         (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
3242             - Added RAII helper.
3243         (JSC::JSObject::defineOwnProperty):
3244             - Track on the globalData when we are in this method.
3245
3246 2012-02-21  Oliver Hunt  <oliver@apple.com>
3247
3248         Make TypedArrays be available in commandline jsc
3249         https://bugs.webkit.org/show_bug.cgi?id=79163
3250
3251         Reviewed by Gavin Barraclough.
3252
3253         Adds a compile time option to have jsc support a basic implementation
3254         of the TypedArrays available in WebCore.  This lets us test the typed
3255         array logic in the JIT witout having to build webcore.
3256
3257         * JSCTypedArrayStubs.h: Added.
3258         (JSC):
3259         * JavaScriptCore.xcodeproj/project.pbxproj:
3260         * jsc.cpp:
3261         (GlobalObject::finishCreation):
3262         (GlobalObject):
3263         (GlobalObject::addConstructableFunction):
3264         * runtime/JSGlobalData.h:
3265         (JSGlobalData):
3266
3267 2012-02-21  Tom Sepez  <tsepez@chromium.org>
3268
3269         equalIgnoringNullity() only comparing half the bytes for equality
3270         https://bugs.webkit.org/show_bug.cgi?id=79135
3271
3272         Reviewed by Adam Barth.
3273
3274         * wtf/text/StringImpl.h:
3275         (WTF::equalIgnoringNullity):
3276
3277 2012-02-21  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
3278
3279         Unnecessary preprocessor macros in MainThread.h/cpp
3280         https://bugs.webkit.org/show_bug.cgi?id=79083
3281
3282         Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.
3283
3284         * wtf/MainThread.cpp:
3285         (WTF):
3286         * wtf/MainThread.h:
3287         (WTF):
3288
3289 2012-02-21  Sam Weinig  <sam@webkit.org>
3290
3291         Attempt to fix the Snow Leopard build.
3292
3293         * Configurations/Base.xcconfig:
3294
3295 2012-02-21  Sam Weinig  <sam@webkit.org>
3296
3297         Use libc++ when building with Clang on Mac
3298         https://bugs.webkit.org/show_bug.cgi?id=78981
3299
3300         Reviewed by Dan Bernstein.
3301
3302         * Configurations/Base.xcconfig:
3303
3304 2012-02-21  Adam Roben  <aroben@apple.com>
3305
3306         Roll out r108309, r108323, and r108326
3307
3308         They broke the 32-bit Lion build.
3309
3310         Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
3311
3312         * CMakeLists.txt:
3313         * GNUmakefile.am:
3314         * GNUmakefile.list.am:
3315         * JavaScriptCore.pri:
3316         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3317         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3318         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3319         * JavaScriptCore.xcodeproj/project.pbxproj:
3320         * Target.pri:
3321         * assembler/LinkBuffer.h:
3322         * assembler/MacroAssemblerCodeRef.h:
3323         * bytecode/BytecodeConventions.h: Removed.
3324         * bytecode/CallLinkStatus.cpp:
3325         * bytecode/CallLinkStatus.h:
3326         * bytecode/CodeBlock.cpp:
3327         * bytecode/CodeBlock.h:
3328         * bytecode/GetByIdStatus.cpp:
3329         * bytecode/GetByIdStatus.h:
3330         * bytecode/Instruction.h:
3331         * bytecode/LLIntCallLinkInfo.h: Removed.
3332         * bytecode/MethodCallLinkStatus.cpp:
3333         * bytecode/Opcode.cpp:
3334         * bytecode/Opcode.h:
3335         * bytecode/PutByIdStatus.cpp:
3336         * bytecode/PutByIdStatus.h:
3337         * bytecompiler/BytecodeGenerator.cpp:
3338         * dfg/DFGByteCodeParser.cpp:
3339         * dfg/DFGCapabilities.h:
3340         * dfg/DFGOSRExitCompiler.cpp:
3341         * dfg/DFGOperations.cpp:
3342         * heap/Heap.h:
3343         * heap/MarkStack.cpp:
3344         * heap/MarkedAllocator.h:
3345         * heap/MarkedSpace.h:
3346         * interpreter/CallFrame.cpp:
3347         * interpreter/CallFrame.h:
3348         * interpreter/Interpreter.cpp:
3349         * interpreter/Interpreter.h:
3350         * interpreter/RegisterFile.h:
3351         * jit/ExecutableAllocator.h:
3352         * jit/HostCallReturnValue.cpp: Removed.
3353         * jit/HostCallReturnValue.h: Removed.
3354         * jit/JIT.cpp:
3355         * jit/JITCode.h:
3356         * jit/JITDriver.h:
3357         * jit/JITExceptions.cpp:
3358         * jit/JITInlineMethods.h:
3359         * jit/JITStubs.cpp:
3360         * jit/JITStubs.h:
3361         * jit/JSInterfaceJIT.h:
3362         * llint/LLIntCommon.h: Removed.
3363         * llint/LLIntData.cpp: Removed.
3364         * llint/LLIntData.h: Removed.
3365         * llint/LLIntEntrypoints.cpp: Removed.
3366         * llint/LLIntEntrypoints.h: Removed.
3367         * llint/LLIntExceptions.cpp: Removed.
3368         * llint/LLIntExceptions.h: Removed.
3369         * llint/LLIntOfflineAsmConfig.h: Removed.
3370         * llint/LLIntOffsetsExtractor.cpp: Removed.
3371         * llint/LLIntSlowPaths.cpp: Removed.
3372         * llint/LLIntSlowPaths.h: Removed.
3373         * llint/LLIntThunks.cpp: Removed.
3374         * llint/LLIntThunks.h: Removed.
3375         * llint/LowLevelInterpreter.asm: Removed.
3376         * llint/LowLevelInterpreter.cpp: Removed.
3377         * llint/LowLevelInterpreter.h: Removed.
3378         * offlineasm/armv7.rb: Removed.
3379         * offlineasm/asm.rb: Removed.
3380         * offlineasm/ast.rb: Removed.
3381         * offlineasm/backends.rb: Removed.
3382         * offlineasm/generate_offset_extractor.rb: Removed.
3383         * offlineasm/instructions.rb: Removed.
3384         * offlineasm/offset_extractor_constants.rb: Removed.
3385         * offlineasm/offsets.rb: Removed.
3386         * offlineasm/opt.rb: Removed.
3387         * offlineasm/parser.rb: Removed.
3388         * offlineasm/registers.rb: Removed.
3389         * offlineasm/self_hash.rb: Removed.
3390         * offlineasm/settings.rb: Removed.
3391         * offlineasm/transform.rb: Removed.
3392         * offlineasm/x86.rb: Removed.
3393         * runtime/CodeSpecializationKind.h: Removed.
3394         * runtime/CommonSlowPaths.h:
3395         * runtime/Executable.cpp:
3396         * runtime/Executable.h:
3397         * runtime/ExecutionHarness.h: Removed.
3398         * runtime/JSArray.h:
3399         * runtime/JSCell.h:
3400         * runtime/JSFunction.h:
3401         * runtime/JSGlobalData.cpp:
3402         * runtime/JSGlobalData.h:
3403         * runtime/JSGlobalObject.h:
3404         * runtime/JSObject.h:
3405         * runtime/JSPropertyNameIterator.h:
3406         * runtime/JSString.h:
3407         * runtime/JSTypeInfo.h:
3408         * runtime/JSValue.cpp:
3409         * runtime/JSValue.h:
3410         * runtime/JSVariableObject.h:
3411         * runtime/Options.cpp:
3412         * runtime/Options.h:
3413         * runtime/ScopeChain.h:
3414         * runtime/Structure.cpp:
3415         * runtime/Structure.h:
3416         * runtime/StructureChain.h:
3417         * wtf/InlineASM.h:
3418         * wtf/Platform.h:
3419         * wtf/SentinelLinkedList.h:
3420         * wtf/text/StringImpl.h:
3421
3422 2012-02-21  Gustavo Noronha Silva  <kov@debian.org> and Bob Tracy  <rct@frus.com>
3423
3424         Does not build on IA64, SPARC and Alpha
3425         https://bugs.webkit.org/show_bug.cgi?id=79047
3426
3427         Rubber-stamped by Kent Tamura.
3428
3429         * wtf/dtoa/utils.h: these architectures also have correct double
3430         operations, so add them to the appropriate side of the check.
3431
3432 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
3433