[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2013-07-16  Oliver Hunt  <oliver@apple.com>

        Merged dfgFourthTier r148570

    2013-04-16  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: DFG should be able to query Structure without modifying it
        https://bugs.webkit.org/show_bug.cgi?id=114708

        Reviewed by Oliver Hunt.
        
        This is work towards allowing the DFG, and FTL, to run on a separate thread.
        The idea is that the most evil thing that the DFG does that has thread-safety
        issues is fiddling with Structures by calling Structure::get(). This can lead
        to rematerialization of property tables, which is definitely not thread-safe
        due to how StringImpl works. So, this patch completely side-steps the problem
        by creating a new version of Structure::get, called
        Structure::getWithoutMaterializing, which may choose to do an O(n) search if
        necessary to avoid materialization. I believe this should be fine - the DFG
        does't call into these code path often enough for this to matter, and most of
        the time, the Structure that we call this on will already have a property
        table because some inline cache would have already called ::get() on that
        Structure.
        
        Also cleaned up the materialization logic: we can stop the search as soon as
        we find any Structure with a property table rather than searching all the way
        for a pinned one.

        * bytecode/GetByIdStatus.cpp:
        (JSC::GetByIdStatus::computeFor):
        * bytecode/PutByIdStatus.cpp:
        (JSC::PutByIdStatus::computeFromLLInt):
        (JSC::PutByIdStatus::computeFor):
        * runtime/Structure.cpp:
        (JSC::Structure::findStructuresAndMapForMaterialization):
        (JSC::Structure::materializePropertyMap):
        (JSC::Structure::getWithoutMaterializing):
        (JSC):
        * runtime/Structure.h:
        (Structure):
        * runtime/StructureInlines.h:
        (JSC::Structure::getWithoutMaterializing):
        (JSC):

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merged dfgFourthTier r148047

    2013-04-09  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: DFG should provide utilities for common OSR exit tasks
        https://bugs.webkit.org/show_bug.cgi?id=114306

        Reviewed by Mark Hahnenberg.
        
        Just abstract out some things that the FTL will want to use as well.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGOSRExitCompiler.h:
        (OSRExitCompiler):
        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompilerCommon.cpp: Added.
        (DFG):
        (JSC::DFG::handleExitCounts):
        (JSC::DFG::reifyInlinedCallFrames):
        (JSC::DFG::adjustAndJumpToTarget):
        * dfg/DFGOSRExitCompilerCommon.h: Added.
        (DFG):

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merged dfgFourthTier r148037

    2013-04-09  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: DFG should better abstract floating point arguments
        https://bugs.webkit.org/show_bug.cgi?id=114300

        Reviewed by Mark Hahnenberg.

        * dfg/DFGFPRInfo.h:
        (FPRInfo):
        (JSC::DFG::FPRInfo::toArgumentRegister):

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merged dfgFourthTier r147821

    2013-04-05  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: DFG should better abstract arguments
        https://bugs.webkit.org/show_bug.cgi?id=114073

        Reviewed by Mark Hahnenberg.

        * dfg/DFGGPRInfo.h:
        (GPRInfo):
        (JSC::DFG::GPRInfo::toArgumentRegister):

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merged dfgFourthTier r147609

    2013-04-03  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: put DFG data into a DFG::JITCode, and put common DFG and FTL data into something accessible from both DFG::JITCode and FTL::JITCode
        https://bugs.webkit.org/show_bug.cgi?id=113905

        Reviewed by Geoffrey Garen.
        
        This removes one pointer from CodeBlock.
        
        It also gives us a framework for having JITType-specific data in CodeBlock, by
        putting it into the appropriate JITCode class (either DFG::JITCode or
        FTL::JITCode). And it allows us to have DFG and FTL share some common data,
        via DFG::CommonData, which is stored in both DFG::JITCode and FTL::JITCode and
        always accessible via JITCode::dfgCommon().

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * bytecode/CodeBlock.cpp:
        (JSC):
        (JSC::CodeBlock::dumpBytecode):
        (JSC::CodeBlock::visitAggregate):
        (JSC::CodeBlock::performTracingFixpointIteration):
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::stronglyVisitWeakReferences):
        (JSC::CodeBlock::shrinkToFit):
        (JSC::CodeBlock::tallyFrequentExitSites):
        * bytecode/CodeBlock.h:
        (CodeBlock):
        (JSC::CodeBlock::setJITCode):
        (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
        (JSC::DFGCodeBlocks::mark):
        * dfg/DFGAssemblyHelpers.h:
        * dfg/DFGCommonData.cpp: Added.
        (DFG):
        (JSC::DFG::CommonData::notifyCompilingStructureTransition):
        (JSC::DFG::CommonData::shrinkToFit):
        * dfg/DFGCommonData.h: Added.
        (JSC):
        (DFG):
        (JSC::DFG::WeakReferenceTransition::WeakReferenceTransition):
        (WeakReferenceTransition):
        (CommonData):
        (JSC::DFG::CommonData::CommonData):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        (JSC::DFG::tryCompile):
        (JSC::DFG::tryCompileFunction):
        * dfg/DFGDriver.h:
        (DFG):
        (JSC::DFG::tryCompile):
        (JSC::DFG::tryCompileFunction):
        * dfg/DFGGraph.h:
        (Graph):
        * dfg/DFGJITCode.cpp: Added.
        (DFG):
        (JSC::DFG::JITCode::JITCode):
        (JSC::DFG::JITCode::~JITCode):
        (JSC::DFG::JITCode::dfgCommon):
        (JSC::DFG::JITCode::dfg):
        (JSC::DFG::JITCode::shrinkToFit):
        * dfg/DFGJITCode.h: Added.
        (DFG):
        (JITCode):
        (JSC::DFG::JITCode::appendOSREntryData):
        (JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
        (JSC::DFG::JITCode::appendOSRExit):
        (JSC::DFG::JITCode::lastOSRExit):
        (JSC::DFG::JITCode::appendSpeculationRecovery):
        (JSC::DFG::JITCode::appendWatchpoint):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::JITCompiler):
        (JSC::DFG::JITCompiler::linkOSRExits):
        (JSC::DFG::JITCompiler::link):
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGJITCompiler.h:
        (JITCompiler):
        (JSC::DFG::JITCompiler::addWeakReference):
        (JSC::DFG::JITCompiler::noticeOSREntry):
        (JSC::DFG::JITCompiler::jitCode):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::prepareOSREntry):
        * dfg/DFGOSRExit.h:
        (OSRExit):
        * dfg/DFGOSRExitCompiler.cpp:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
        (JSC::DFG::SpeculativeJIT::backwardSpeculationCheck):
        (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGVariableEventStream.cpp:
        * heap/DFGCodeBlocks.cpp:
        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
        (JSC::DFGCodeBlocks::jettison):
        (JSC::DFGCodeBlocks::clearMarks):
        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
        (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
        * jit/JITCode.cpp:
        (JSC::JITCode::dfgCommon):
        (JSC):
        (JSC::JITCode::dfg):
        (JSC::JITCode::ftl):
        (JSC::DirectJITCode::DirectJITCode):
        (JSC::DirectJITCode::initializeCodeRef):
        (JSC::DirectJITCode::addressForCall):
        (JSC::DirectJITCode::executableAddressAtOffset):
        (JSC::DirectJITCode::dataAddressAtOffset):
        (JSC::DirectJITCode::offsetOf):
        (JSC::DirectJITCode::size):
        (JSC::DirectJITCode::contains):
        * jit/JITCode.h:
        (DFG):
        (FTL):
        (JSC):
        (JITCode):
        (DirectJITCode):

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merge dfgFourthTier r147587

    2013-04-03  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: Everyone should know about the FTL
        https://bugs.webkit.org/show_bug.cgi?id=113897

        Reviewed by Mark Hahnenberg.
        
        In order to get OSR exit to work right, we need the distinction between DFG and
        FTL to be clear even after compilation finishes, since they will have subtly
        different OSR stories and likely use different data structures.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::resetStubInternal):
        (JSC::ProgramCodeBlock::compileOptimized):
        (JSC::EvalCodeBlock::compileOptimized):
        (JSC::FunctionCodeBlock::compileOptimized):
        (JSC::CodeBlock::adjustedExitCountThreshold):
        (JSC::CodeBlock::tallyFrequentExitSites):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setJITCode):
        (JSC::CodeBlock::hasOptimizedReplacement):
        (JSC::ExecState::isInlineCallFrame):
        * ftl/FTLCompile.cpp:
        (JSC::FTL::compile):
        * ftl/FTLJITCode.cpp:
        (JSC::FTL::JITCode::JITCode):
        * ftl/FTLState.cpp:
        (JSC::FTL::State::dumpState):
        * heap/DFGCodeBlocks.cpp:
        (JSC::DFGCodeBlocks::jettison):
        * interpreter/Interpreter.cpp:
        (JSC::getLineNumberForCallFrame):
        (JSC::getCallerInfo):
        * jit/JITCode.cpp:
        (WTF::printInternal):
        * jit/JITCode.h:
        (JSC::JITCode::topTierJIT):
        (JSC::JITCode::nextTierJIT):
        (JITCode):
        (JSC::JITCode::isJIT):
        (JSC::JITCode::isLowerTier):
        (JSC::JITCode::isHigherTier):
        (JSC::JITCode::isLowerOrSameTier):
        (JSC::JITCode::isHigherOrSameTier):
        (JSC::JITCode::isOptimizingJIT):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileOptimized):
        (JSC::samplingDescription):
        (JSC::ProgramExecutable::compileOptimized):
        (JSC::FunctionExecutable::compileOptimizedForCall):
        (JSC::FunctionExecutable::compileOptimizedForConstruct):

2013-04-03  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: DFG should abstract out how it does forward exits, and that code should be simplified
        https://bugs.webkit.org/show_bug.cgi?id=113894

        Reviewed by Mark Hahnenberg.
        
        1) We previously had two different ways of convertingToForward, one path for
           where we had a ValueRecovery for the current node and one where we didn't.
           But the paths were doing exactly the same thing except that if you have a
           ValueRecovery, you also find the last applicable mov hint and do some
           extra things. This patch combines the two paths and bases both of them on
           the previous no-ValueRecovery path, which was simpler to begin with.
        
        2) This moves the logic into DFG::OSRExit, which further simplifies the code
           and makes the logic available to the FTL.

        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::convertToForward):
        (DFG):
        * dfg/DFGOSRExit.h:
        (DFG):
        (OSRExit):
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merge dfgFourthTier r147582

2013-07-15  Oliver Hunt  <oliver@apple.com>

        Merge dfgFourthTier r147014

    2013-03-27  Filip Pizlo  <fpizlo@apple.com>

        fourthTier: JITCode should abstract exactly how the JIT code is structured and where it was allocated
        https://bugs.webkit.org/show_bug.cgi?id=113437

        Reviewed by Mark Hahnenberg.
        
        JITCode is now a virtual base class, which will allow different JITs to have radically
        different memory allocation and management conventions in the future. It will also
        make it easier to store JIT-specific meta-data in CodeBlock just by putting it into
        an appropriate JITCode subclass.
        
        For now there is one subclass, DirectJITCode, which just behaves like JITCode used to
        behave.

        * assembler/RepatchBuffer.h:
        (JSC::RepatchBuffer::RepatchBuffer):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::resetStubInternal):
        (JSC::CodeBlock::bytecodeOffset):
        (JSC::CodeBlock::codeOriginForReturn):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setJITCode):
        (JSC::CodeBlock::getJITCode):
        (JSC::CodeBlock::getJITType):
        (CodeBlock):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        (JSC::DFG::tryCompile):
        (JSC::DFG::tryCompileFunction):
        * dfg/DFGDriver.h:
        (DFG):
        (JSC::DFG::tryCompile):
        (JSC::DFG::tryCompileFunction):
        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):
        * dfg/DFGJITCompiler.h:
        (JITCompiler):
        * dfg/DFGOSREntry.cpp:
        (JSC::DFG::prepareOSREntry):
        * dfg/DFGOSRExit.cpp:
        (JSC::DFG::OSRExit::codeLocationForRepatch):
        * dfg/DFGOSRExitCompiler32_64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOSRExitCompiler64.cpp:
        (JSC::DFG::OSRExitCompiler::compileExit):
        * dfg/DFGOperations.cpp:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        (JSC::Interpreter::executeCall):
        (JSC::Interpreter::executeConstruct):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        (JSC::JIT::compile):
        (JIT):
        * jit/JITCode.cpp:
        (JSC):
        (JSC::JITCode::JITCode):
        (JSC::JITCode::~JITCode):
        (JSC::JITCode::execute):
        (JSC::JITCode::hostFunction):
        (JSC::DirectJITCode::DirectJITCode):
        (JSC::DirectJITCode::~DirectJITCode):
        (JSC::DirectJITCode::addressForCall):
        (JSC::DirectJITCode::executableAddressAtOffset):
        (JSC::DirectJITCode::dataAddressAtOffset):
        (JSC::DirectJITCode::offsetOf):
        (JSC::DirectJITCode::size):
        (JSC::DirectJITCode::contains):
        * jit/JITCode.h:
        (JSC):
        (JITCode):
        (JSC::JITCode::bottomTierJIT):
        (JSC::JITCode::topTierJIT):
        (JSC::JITCode::nextTierJIT):
        (JSC::JITCode::isOptimizingJIT):
        (JSC::JITCode::isBaselineCode):
        (JSC::JITCode::jitType):
        (JSC::JITCode::jitTypeFor):
        (JSC::JITCode::executableAddress):
        (JSC::JITCode::start):
        (JSC::JITCode::end):
        (DirectJITCode):
        * jit/JITDriver.h:
        (JSC::jitCompileIfAppropriate):
        (JSC::jitCompileFunctionIfAppropriate):
        * jit/JITStubs.cpp:
        (JSC::lazyLinkFor):
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/ThunkGenerators.cpp:
        (JSC::virtualForGenerator):
        * llint/LLIntEntrypoints.cpp:
        (JSC::LLInt::getFunctionEntrypoint):
        (JSC::LLInt::getEvalEntrypoint):
        (JSC::LLInt::getProgramEntrypoint):
        * llint/LLIntEntrypoints.h:
        (JSC):
        (LLInt):
        (JSC::LLInt::getEntrypoint):
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::jitCompileAndSetHeuristics):
        (JSC::LLInt::entryOSR):
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):
        * runtime/Executable.h:
        (JSC::ExecutableBase::generatedJITCodeForCall):
        (JSC::ExecutableBase::generatedJITCodeForConstruct):
        (JSC::ExecutableBase::generatedJITCodeFor):
        (ExecutableBase):
        (JSC::ExecutableBase::hostCodeEntryFor):
        (JSC::ExecutableBase::jsCodeEntryFor):
        (JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
        (JSC::NativeExecutable::create):
        (JSC::NativeExecutable::finishCreation):
        (JSC::EvalExecutable::generatedJITCode):
        (JSC::ProgramExecutable::generatedJITCode):
        * runtime/ExecutionHarness.h:
        (JSC::prepareForExecution):
        (JSC::prepareFunctionForExecution):

2013-07-24  Filip Pizlo  <fpizlo@apple.com>

        It should be possible to hijack IndexingHeader for things other than lengths
        https://bugs.webkit.org/show_bug.cgi?id=119065

        Reviewed by Mark Hahnenberg.
        
        Made the body of IndexingHeader be a union.
        
        Modified the offlineasm so that you can say IndexingHeader::u.lengths.publicLength.
        Previously those dots would cause parse errors. Now an identifier in offlineasm can
        have a dot anywhere except the first character.

        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:
        * offlineasm/parser.rb:
        * runtime/IndexingHeader.h:
        (JSC::IndexingHeader::offsetOfPublicLength):
        (JSC::IndexingHeader::offsetOfVectorLength):
        (JSC::IndexingHeader::IndexingHeader):
        (JSC::IndexingHeader::vectorLength):
        (JSC::IndexingHeader::setVectorLength):
        (JSC::IndexingHeader::publicLength):
        (JSC::IndexingHeader::setPublicLength):

2013-07-24  Mark Hahnenberg  <mhahnenberg@apple.com>

        JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0
        https://bugs.webkit.org/show_bug.cgi?id=118923

        Reviewed by Filip Pizlo.

        This bug causes the CallFrame's bytecodeOffset to not be properly set when we 
        enter, e.g., cti_optimize from an op_enter.

        * jit/JITInlines.h:
        (JSC::JIT::updateTopCallFrame):

2013-07-23  Filip Pizlo  <fpizlo@apple.com>

        DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
        https://bugs.webkit.org/show_bug.cgi?id=119032

        Reviewed by Oliver Hunt.

        It just needs some Phantom action.

        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):

2013-07-10  Mark Lam  <mark.lam@apple.com>

        Need ExpressionRangeInfo before ResolveForPuts in strict mode.
        https://bugs.webkit.org/show_bug.cgi?id=118997.

        Reviewed by Oliver Hunt.

        If we add an assertion in UnlinkedCodeBlock::expressionRangeForBytecodeOffset()
        to ensure that we are able to find an ExpressionRangeInfo for any given bytecode
        offset, the following tests will fails:
            fast/js/basic-strict-mode.html
            fast/js/mozilla/strict/8.7.2.html
        With this fix, those tests will no longer fail.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::AssignResolveNode::emitBytecode):
        (JSC::ForInNode::emitBytecode):
        - Emit expression info before calls to emitResolveBaseForPut() when in strict mode.

2013-07-23  Mark Lam  <mark.lam@apple.com>

        Added ExpressionRangeInfo for BinaryOpNodes that can throw exceptions
        due to type coersion.
        https://bugs.webkit.org/show_bug.cgi?id=116853.

        Reviewed by Geoffrey Garen.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::BinaryOpNode::emitBytecode):
        - Added expression info for the strcat and the general binary op cases.
          I did not add expression info for the "compare with null" case because
          that comparison cannot trigger type coersion, and hence it won't throw
          any exceptions and doesn't need the expression info.

2013-07-23  Mark Lam  <mark.lam@apple.com>

        Removed unused sourceOffset from JSTokenLocation.
        https://bugs.webkit.org/show_bug.cgi?id=118996.

        Reviewed by Geoffrey Garen.

        This also removes the assertion reported in the bug because it is now
        moot, thereby resolving the assertion failure issue on Windows.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::ArrayNode::toArgumentList):
        (JSC::ApplyFunctionCallDotNode::emitBytecode):
        * parser/Lexer.cpp:
        (JSC::::lex):
        * parser/Lexer.h:
        (JSC::::lexExpectIdentifier):
        * parser/Nodes.h:
        * parser/Parser.cpp:
        (JSC::::Parser):
        (JSC::::parseFunctionInfo):
        (JSC::::parseExpressionOrLabelStatement):
        (JSC::::parseMemberExpression):
        * parser/Parser.h:
        (JSC::::parse):
        * parser/ParserTokens.h:
        (JSC::JSTokenLocation::JSTokenLocation):

2013-07-22  Alex Christensen  <achristensen@apple.com>

        Added assembly files to Windows 64-bit builds.
        https://bugs.webkit.org/show_bug.cgi?id=118931

        Reviewed by Brent Fulgham.

        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added JITStubsMSVC64.asm for x64 and enabled MASM.
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added JITStubsMSVC64.asm.

2013-07-20  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Remove unneeded custom stdint.h now that we build on VS2010.
        https://bugs.webkit.org/show_bug.cgi?id=118868.

        Reviewed by Anders Carlsson.

        * os-win32/stdint.h: Removed.
        * GNUmakefile.list.am: Removed reference to os-win32/stdint.h

2013-07-19  Alex Christensen  <achristensen@apple.com>

        Added x64 configuration to Visual Studio build.
        https://bugs.webkit.org/show_bug.cgi?id=118888

        Reviewed by Brent Fulgham.

        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:

2013-07-18  Andreas Kling  <akling@apple.com>

        CodeBlock DFG entry list isn't getting shrunk-to-fit after linking.
        <http://webkit.org/b/118875>
        <rdar://problem/14488577>

        Reviewed by Geoffrey Garen.

        Move the CodeBlock::shrinkToFit() call out of JITCompiler::link() and to the call sites
        so SpeculativeJIT::linkOSREntries() can fill in CodeBlock::m_dfgData->osrEntry first.

        886 kB progression on <http://twitter.com/awesomekling>

        * dfg/DFGJITCompiler.cpp:
        (JSC::DFG::JITCompiler::link):
        (JSC::DFG::JITCompiler::compile):
        (JSC::DFG::JITCompiler::compileFunction):

2013-07-18  Chris Curtis  <chris_curtis@apple.com>

        Fixed ASSERTION FAILED: callFrame == vm->topCallFrame in JSC::Interpreter::addStackTraceIfNecessary
        https://bugs.webkit.org/show_bug.cgi?id=118498

        Reviewed by Geoffrey Garen.

        * jit/JITStubs.cpp:
        (throwExceptionFromOpCall):
        Created new throwExceptionFromOpCall that takes in a functor that contains
        a function pointer (to create the errorObject) instead of a JSValue. Inside
        of throwExceptionFromOpCall the topCallFrame is being rolled back in order
        to handle the error throw. By passing the function pointer in, we can defer
        the creation of the error object until after topCallFrame has been rolled 
        back. This allows the error object to be created with the appropriate top 
        frame.

        DEFINE_STUB_FUNCTION(void*, stack_check):
        DEFINE_STUB_FUNCTION(void*, op_call_arityCheck):
        DEFINE_STUB_FUNCTION(void*, op_construct_arityCheck):
        DEFINE_STUB_FUNCTION(EncodedJSValue, op_call_NotJSFunction):
        DEFINE_STUB_FUNCTION(EncodedJSValue, op_construct_NotJSConstruct):

        (JSC::ErrorFunctor::~ErrorFunctor):
        (JSC::ErrorWithExecFunctor::ErrorWithExecFunctor):
        (JSC::ErrorWithExecFunctor::operator()):
        (JSC::ErrorWithExecAndCalleeFunctor::ErrorWithExecAndCalleeFunctor):
        (JSC::ErrorWithExecAndCalleeFunctor::operator()):
        (JSC::ErrorWithExceptionFunctor::ErrorWithExceptionFunctor):
        (JSC::ErrorWithExceptionFunctor::operator()):
        (JSC::throwExceptionFromOpCall):

        In order to eliminate the need to duplicate code, an error functor was 
        created for the 3 different throwExceptionFromOpCall handles. 
        1. The exception needs to be created, and the function pointer takes 1 
            parameter(callFrame->callerFrame()).
        2. The exception needs to be created, and the function pointer takes 2 
            parameters (callFrame->callerFrame(), callFrame.calleeAsValue()).
        3. The exception is already created. In this case, At the time when 
            the error functor is called, vm.exception is returned. 

        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/ExceptionHelpers.cpp:
        (JSC::errorDescriptionForValue):
        (JSC::createError):
        (JSC::createInvalidParameterError):
        (JSC::createNotAConstructorError):
        (JSC::createNotAFunctionError):
        (JSC::createNotAnObjectError):
        * runtime/ExceptionHelpers.h:

        The function toString() was being used to stringify an object for an exception
        message. If the user wrote a toString() for that object, then the system would 
        continue to evaluate that code. A new helper function was created to prevent 
        the system to continue execution and exception creation from that execution.

2013-07-18  Filip Pizlo  <fpizlo@apple.com>

        LLInt get_argument_by_val for JSVALUE64 stores into the array profile when it meant to store into the value profile
        https://bugs.webkit.org/show_bug.cgi?id=118865

        Reviewed by Mark Hahnenberg.

        * llint/LowLevelInterpreter64.asm:

2013-07-18  Andreas Kling  <akling@apple.com>

        CodeBlock::m_argumentValueProfiles wastes a lot of memory.
        <http://webkit.org/b/118852>
        <rdar://problem/14481659>

        Reviewed by Anders Carlsson.

        Use Vector::resizeToFit() for CodeBlock::m_argumentValueProfiles. We don't need any padding
        for growth, since we won't be appending to it anyway.

        921 KB progression on <http://twitter.com/awesomekling>

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::setNumParameters):

2013-07-17  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2013-07-17  Geoffrey Garen  <ggaren@apple.com>

        API tests should test for JSStringCreateWithCFString with empty string
        https://bugs.webkit.org/show_bug.cgi?id=118819

        Reviewed by Mark Hahnenberg.

        * API/tests/testapi.c:
        (main): Test!

2013-07-17  Filip Pizlo  <fpizlo@apple.com>

        DFG assumes that NewFunction will never pass its input through
        https://bugs.webkit.org/show_bug.cgi?id=118798

        Reviewed by Sam Weinig.
        
        Previously the DFG was assuming that NewFunction always returns a function. That's not
        the case. It may return whatever was passed to it, if it wasn't passed SpecEmpty.
        
        This fact needed to be wired through the compiler.

        * dfg/DFGAbstractState.cpp:
        (JSC::DFG::AbstractState::executeEffects):
        * dfg/DFGAbstractValue.h:
        (JSC::DFG::AbstractValue::makeTop):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2013-07-17  Geoffrey Garen  <ggaren@apple.com>

        JSStringCreateWithCFString should not convert the empty string into the NULL string
        https://bugs.webkit.org/show_bug.cgi?id=118816

        Reviewed by Sam Weinig.

        * API/JSStringRef.cpp:
        (JSStringCreateWithUTF8CString): Removed an extraneous comment, which
        a previous version of the patch made incorrect.

        * API/JSStringRefCF.cpp:
        (JSStringCreateWithCFString): Don't convert the empty string into the
        null string.

2013-07-17  Chris Curtis  <chris_curtis@apple.com>

        Naming convention on createInvalidParamError is incorrect.
        https://bugs.webkit.org/show_bug.cgi?id=118756

        Reviewed by Geoffrey Garen.
        
        Changed the naming of createInvalidParamError to createInvalidParameterError.
        This corrects the naming convention for the function listed in the WebKit code styling.

        * interpreter/Interpreter.cpp:
        (JSC::loadVarargs):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/CommonSlowPaths.h:
        (JSC::CommonSlowPaths::opIn):
        * runtime/ExceptionHelpers.cpp:
        (JSC::createInvalidParameterError):
        * runtime/ExceptionHelpers.h:
        * runtime/JSObject.cpp:
        (JSC::JSObject::hasInstance):

2013-07-16  David Farler  <dfarler@apple.com>

        Typo in DFGInsertionSet.h header guard: "DFGInsectionSet_h" -> "DFGInsertionSet_h"
        https://bugs.webkit.org/show_bug.cgi?id=118753

        Reviewed by Geoffrey Garen.

        * dfg/DFGInsertionSet.h:
        "DFGInsectionSet_h" -> "DFGInsertionSet_h"

2013-07-16  Filip Pizlo  <fpizlo@apple.com>

        MakeRope fixup shouldn't lead to an Identity without kids
        https://bugs.webkit.org/show_bug.cgi?id=118745

        Reviewed by Mark Hahnenberg.
        
        Make the empty string pruning part of fixupMakeRope() stop if it's on the last child.
        
        Make Node::convertToIdentity release-assert that it has exactly one kid.

        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupMakeRope):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::convertToIdentity):

2013-07-16  Mark Hahnenberg  <mhahnenberg@apple.com>

        Remove reference to JSValueStructSupport.h from JSExport.h
        https://bugs.webkit.org/show_bug.cgi?id=118746

        Reviewed by Filip Pizlo.

        * API/JSExport.h: No such header exists, so it doesn't make sense to reference it.

2013-07-13  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r151978.
        http://trac.webkit.org/changeset/151978
        https://bugs.webkit.org/show_bug.cgi?id=118651

        Caused regressions at least 3 websites (Requested by rniwa on
        #webkit).

        * runtime/JSCJSValue.h:
        * runtime/JSString.h:

2013-07-12  Chris Curtis    <chris_curtis@apple.com>

        Optimize addStrackTraceIfNecessary to be faster in the case when it's not necessary
        https://bugs.webkit.org/show_bug.cgi?id=118328

        Reviewed by Geoffrey Garen.

        Retrieving the stack is costly. We want to get it only once. By moving the check
        for the .stack property above the code to retrieve the stack, we ensure this. 

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::addStackTraceIfNecessary):

2013-07-12  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Build correction after r152573/r152577.
        https://bugs.webkit.org/show_bug.cgi?id=118610

        Reviewed by Oliver Hunt.

        * jit/JITThunks.cpp:
        (JSC::JITThunks::hostFunctionStub): Hand-feed MSVC++ the fact that we want the second
        argument of the make_pair to be a function pointer.

2013-07-11  Oliver Hunt  <oliver@apple.com>

        Attempt to fix the windows build.

        * jit/JITThunks.cpp:
        (JSC::JITThunks::hostFunctionStub):
        * jit/JITThunks.h:

2013-07-10  Oliver Hunt  <oliver@apple.com>

        NativeExecutable cache needs to use both call and construct functions for key
        https://bugs.webkit.org/show_bug.cgi?id=118545

        Reviewed by Geoffrey Garen.

        Make the native executable cache make use a key pair so we don't decide to
        treat all subsequent functions as not being constructors.

        * jit/JITThunks.cpp:
        (JSC::JITThunks::hostFunctionStub):
        * jit/JITThunks.h:
        * runtime/JSBoundFunction.cpp:
        (JSC::JSBoundFunction::create):
        * runtime/JSCell.cpp:
        (JSC::JSCell::getCallData):
        (JSC::JSCell::getConstructData):

2013-07-09  Mark Lam  <mark.lam@apple.com>

        Gardening to unbreak builds on the Windows bot.

        Not reviewed.

        * parser/ParserTokens.h:

2013-07-09  Mark Lam  <mark.lam@apple.com>

        Fix 30% JSBench regression (caused by adding column numbers to stack traces).
        https://bugs.webkit.org/show_bug.cgi?id=118481.

        Reviewed by Mark Hahnenberg and Geoffrey Garen.

        Previously, we already capture ExpressionRangeInfo that provides a divot for
        each bytecode that can potentially throw an exception (and therefore generate
        a stack trace). On first attempt to compute column numbers, we then do a walk
        of the source string to record all line start positions in a table associated
        with the SourceProvider. The column number can then be computed as
            divot - lineStartFor(bytecodeOffset).

        The computation of this lineStarts table is the source of the 30% JSBench
        performance regression.

        The new code now records lineStarts as the lexer and parser scans the source
        code. These lineStarts are then used to compute the column number for the
        given divot, and stored in the ExpressionRangeInfo. Similarly, we also capture
        the line number at the divot point and store that in the ExpressionRangeInfo.
        Hence, to look up line and column numbers, we now lookup the ExpressionRangeInfo
        for the bytecodeOffset, and then compute the line and column from the values
        stored in the expression info.

        The strategy:
        1. We want to minimize perturbations to the lexer and parser. Specifically,
           the changes added should not change how it scans code, and generate bytecode.
        2. We regard the divot as the source character position we are interested
           in. As such, we'll capture line and lineStart (for column) at the point
           when we capture the divot information. This ensures that the 3 values are
           consistent.

        How the change is done:
        1. Change the lexer to track lineStarts.
        2. Change the parser to capture line and lineStarts at the point of capturing
           divots.
        3. Change the parser and associated code to plumb these values all the way to
           the point that the correspoinding ExpressionRangeInfo is emitted.
        4. Propagate and record SourceCode firstLine and firstLineColumnOffset to the
           the necessary places so that we can add them as needed when reifying
           UnlinkedCodeBlocks into CodeBlocks.
        5. Compress the line and column number values in the ExpressionRangeInfo. In
           practice, we seldom have both large line and column numbers. Hence, we can
           encode both in an uint32_t most of the time. For the times when we encounter
           both large line and column numbers, we have a fallback to store the "fat"
           position info.
        6. Emit an ExpressionRangeInfo for UnaryOp nodes to get more line and column
           number coverage.
        7. Change the interpreter to use the new way of computing line and column.
        8. Delete old line and column computation code that is now unused.

        Misc details:
        - the old lexer was tracking both a startOffset and charPosition where
          charPosition equals startOffset - SourceCode.startOffset. We now use
          startOffset exclusively throughout the system for consistency.
          All offset values (including lineStart) are relative to the start of the
          SourceProvider string. These values will only be converted to be relative
          to the SourceCode.startOffset at the very last minute i.e. when the divot
          is stored into the ExpressionRangeInfo.

          This change to use the same offset system everywhere reduces confusion
          from having to convert back and forth between the 2 systems. It also
          enables a lot of assertions to be used.

        - Also fixed some bugs in the choice of divot positions to use. For example,
          both Eval and Function expressions previously used column numbers from
          the start of the expression but used the line number at the end of the
          expression. This is now fixed to use either the start or end positions
          as appropriate, but not a mix of line and columns from both.

        - Why use ints instead of unsigneds for offsets and lineStarts inside the
          lexer and parser?
          Some tests (e.g. fast/js/call-base-resolution.html and
          fast/js/eval-cross-window.html) has shown that lineStart offsets can be
          prior to the SourceCode.startOffset. Keeping the lexer offsets as ints
          simplifies computations and makes it easier to maintain the assertions
          that (startOffset >= lineStartOffset).

          However, column and line numbers are always unsigned when we publish
          them to the ExpressionRangeInfo. The ints are only used inside the
          lexer and parser ... well, and bytecode generator.

        - For all cases, lineStart is always captured where the divot is captured.
          However, some sputnik conformance tests have shown that we cannot honor
          line breaks for assignment statements like the following:

              eval("x\u000A*=\u000A-1;");

          In this case, the lineStart is expected to be captured at the start of
          the assignment expression instead of at the divot point in the middle.
          The assignment expression is the only special case for this.

        This patch has been tested against the full layout tests both with release
        and debug builds with no regression.

        * API/JSContextRef.cpp:
        (JSContextCreateBacktrace):
          - Updated to use the new StackFrame::computeLineAndColumn().
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
          - Added m_firstLineColumnOffset initialization.
          - Plumbed the firstLineColumnOffset into the SourceCode.
          - Initialized column for op_debug using the new way.
        (JSC::CodeBlock::lineNumberForBytecodeOffset):
          - Changed to compute line number using the ExpressionRangeInfo.
        (JSC::CodeBlock::columnNumberForBytecodeOffset): Added
          - Changed to compute column number using the ExpressionRangeInfo.
        (JSC::CodeBlock::expressionRangeForBytecodeOffset):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::firstLineColumnOffset):
        (JSC::GlobalCodeBlock::GlobalCodeBlock):
          - Plumbed firstLineColumnOffset through to the super class.
        (JSC::ProgramCodeBlock::ProgramCodeBlock):
          - Plumbed firstLineColumnOffset through to the super class.
        (JSC::EvalCodeBlock::EvalCodeBlock):
          - Plumbed firstLineColumnOffset through to the super class.
            But for EvalCodeBlocks, the firstLineColumnOffset is always 1
            because we're starting with a new source string with no start
            offset.
        (JSC::FunctionCodeBlock::FunctionCodeBlock):
          - Plumbed firstLineColumnOffset through to the super class.

        * bytecode/ExpressionRangeInfo.h:
          - Added modes for encoding line and column into a single 30-bit
            unsigned. The encoding is in 1 of 3 modes:
            1. FatLineMode: 22-bit line, 8-bit column
            2. FatColumnMode: 8-bit line, 22-bit column
            3. FatLineAndColumnMode: 32-bit line, 32-bit column
        (JSC::ExpressionRangeInfo::encodeFatLineMode): Added.
          - Encodes line and column into the 30-bit position using FatLine mode.
        (JSC::ExpressionRangeInfo::encodeFatColumnMode): Added.
          - Encodes line and column into the 30-bit position using FatColumn mode.
        (JSC::ExpressionRangeInfo::decodeFatLineMode): Added.
          - Decodes the FatLine mode 30-bit position into line and column.
        (JSC::ExpressionRangeInfo::decodeFatColumnMode): Added.
          - Decodes the FatColumn mode 30-bit position into line and column.

        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
          - Plumbed startColumn through.
        (JSC::UnlinkedFunctionExecutable::link):
          - Plumbed startColumn through.
        (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
          - Computes a line number using the new way.
        (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
          - Added decoding of line and column.
          - Added handling of the case when we do not find a fitting expression
            range info for a specified bytecodeOffset. This only happens if the
            bytecodeOffset is below the first expression range info. In that
            case, we'll use the first expression range info entry.
        (JSC::UnlinkedCodeBlock::addExpressionInfo):
          - Added encoding of line and column.

        * bytecode/UnlinkedCodeBlock.h:
          - Added m_expressionInfoFatPositions in RareData.
        (JSC::UnlinkedFunctionExecutable::functionStartColumn):
        (JSC::UnlinkedCodeBlock::shrinkToFit):
          - Removed obsoleted m_lineInfo.
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCall): Plumbed line and lineStart through.
        (JSC::BytecodeGenerator::emitCallEval): Plumbed line and lineStart through.
        (JSC::BytecodeGenerator::emitCallVarargs): Plumbed line and lineStart through.
        (JSC::BytecodeGenerator::emitConstruct): Plumbed line and lineStart through.
        (JSC::BytecodeGenerator::emitDebugHook): Plumbed lineStart through.
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::emitNode):
        (JSC::BytecodeGenerator::emitNodeInConditionContext):
          - Removed obsoleted m_lineInfo.
        (JSC::BytecodeGenerator::emitExpressionInfo):
          - Plumbed line and lineStart through.
          - Compute the line and column to be added to the expression range info.
        * bytecompiler/NodesCodegen.cpp:
        (JSC::ThrowableExpressionData::emitThrowReferenceError):
        (JSC::ResolveNode::emitBytecode):
        (JSC::ArrayNode::toArgumentList):
        (JSC::BracketAccessorNode::emitBytecode):
        (JSC::DotAccessorNode::emitBytecode):
        (JSC::NewExprNode::emitBytecode):
        (JSC::EvalFunctionCallNode::emitBytecode):
        (JSC::FunctionCallValueNode::emitBytecode):
        (JSC::FunctionCallResolveNode::emitBytecode):
        (JSC::FunctionCallBracketNode::emitBytecode):
        (JSC::FunctionCallDotNode::emitBytecode):
        (JSC::CallFunctionCallDotNode::emitBytecode):
        (JSC::ApplyFunctionCallDotNode::emitBytecode):
        (JSC::PostfixNode::emitResolve):
        (JSC::PostfixNode::emitBracket):
        (JSC::PostfixNode::emitDot):
        (JSC::DeleteResolveNode::emitBytecode):
        (JSC::DeleteBracketNode::emitBytecode):
        (JSC::DeleteDotNode::emitBytecode):
        (JSC::PrefixNode::emitResolve):
        (JSC::PrefixNode::emitBracket):
        (JSC::PrefixNode::emitDot):
          - Plumbed line and lineStart through the above as needed.

        (JSC::UnaryOpNode::emitBytecode):
          - Added emission of an ExpressionRangeInfo for the UnaryOp node.

        (JSC::BinaryOpNode::emitStrcat):
        (JSC::ThrowableBinaryOpNode::emitBytecode):
        (JSC::InstanceOfNode::emitBytecode):
        (JSC::emitReadModifyAssignment):
        (JSC::ReadModifyResolveNode::emitBytecode):
        (JSC::AssignResolveNode::emitBytecode):
        (JSC::AssignDotNode::emitBytecode):
        (JSC::ReadModifyDotNode::emitBytecode):
        (JSC::AssignBracketNode::emitBytecode):
        (JSC::ReadModifyBracketNode::emitBytecode):
          - Plumbed line and lineStart through the above as needed.

        (JSC::ConstStatementNode::emitBytecode):
        (JSC::EmptyStatementNode::emitBytecode):
        (JSC::DebuggerStatementNode::emitBytecode):
        (JSC::ExprStatementNode::emitBytecode):
        (JSC::VarStatementNode::emitBytecode):
        (JSC::IfElseNode::emitBytecode):
        (JSC::DoWhileNode::emitBytecode):
        (JSC::WhileNode::emitBytecode):
        (JSC::ForNode::emitBytecode):
        (JSC::ForInNode::emitBytecode):
        (JSC::ContinueNode::emitBytecode):
        (JSC::BreakNode::emitBytecode):
        (JSC::ReturnNode::emitBytecode):
        (JSC::WithNode::emitBytecode):
        (JSC::SwitchNode::emitBytecode):
        (JSC::LabelNode::emitBytecode):
        (JSC::ThrowNode::emitBytecode):
        (JSC::TryNode::emitBytecode):
        (JSC::ProgramNode::emitBytecode):
        (JSC::EvalNode::emitBytecode):
        (JSC::FunctionBodyNode::emitBytecode):
          - Plumbed line and lineStart through the above as needed.

        * interpreter/Interpreter.cpp:
        (JSC::appendSourceToError):
          - Added line and column arguments for expressionRangeForBytecodeOffset().
        (JSC::StackFrame::computeLineAndColumn):
          - Replaces StackFrame::line() and StackFrame::column().
        (JSC::StackFrame::expressionInfo):
          - Added line and column arguments.
        (JSC::StackFrame::toString):
          - Changed to use the new StackFrame::computeLineAndColumn().
        (JSC::Interpreter::getStackTrace):
          - Added the needed firstLineColumnOffset arg for the StackFrame.

        * interpreter/Interpreter.h:
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::BinaryOpInfo::BinaryOpInfo):
        (JSC::ASTBuilder::AssignmentInfo::AssignmentInfo):
        (JSC::ASTBuilder::createResolve):
        (JSC::ASTBuilder::createBracketAccess):
        (JSC::ASTBuilder::createDotAccess):
        (JSC::ASTBuilder::createRegExp):
        (JSC::ASTBuilder::createNewExpr):
        (JSC::ASTBuilder::createAssignResolve):
        (JSC::ASTBuilder::createFunctionExpr):
        (JSC::ASTBuilder::createFunctionBody):
        (JSC::ASTBuilder::createGetterOrSetterProperty):
        (JSC::ASTBuilder::createFuncDeclStatement):
        (JSC::ASTBuilder::createBlockStatement):
        (JSC::ASTBuilder::createExprStatement):
        (JSC::ASTBuilder::createIfStatement):
        (JSC::ASTBuilder::createForLoop):
        (JSC::ASTBuilder::createForInLoop):
        (JSC::ASTBuilder::createVarStatement):
        (JSC::ASTBuilder::createReturnStatement):
        (JSC::ASTBuilder::createBreakStatement):
        (JSC::ASTBuilder::createContinueStatement):
        (JSC::ASTBuilder::createTryStatement):
        (JSC::ASTBuilder::createSwitchStatement):
        (JSC::ASTBuilder::createWhileStatement):
        (JSC::ASTBuilder::createDoWhileStatement):
        (JSC::ASTBuilder::createLabelStatement):
        (JSC::ASTBuilder::createWithStatement):
        (JSC::ASTBuilder::createThrowStatement):
        (JSC::ASTBuilder::createDebugger):
        (JSC::ASTBuilder::createConstStatement):
        (JSC::ASTBuilder::appendBinaryExpressionInfo):
        (JSC::ASTBuilder::appendUnaryToken):
        (JSC::ASTBuilder::unaryTokenStackLastStart):
        (JSC::ASTBuilder::unaryTokenStackLastLineStartPosition): Added.
        (JSC::ASTBuilder::assignmentStackAppend):
        (JSC::ASTBuilder::createAssignment):
        (JSC::ASTBuilder::setExceptionLocation):
        (JSC::ASTBuilder::makeDeleteNode):
        (JSC::ASTBuilder::makeFunctionCallNode):
        (JSC::ASTBuilder::makeBinaryNode):
        (JSC::ASTBuilder::makeAssignNode):
        (JSC::ASTBuilder::makePrefixNode):
        (JSC::ASTBuilder::makePostfixNode):.
          - Plumbed line, lineStart, and startColumn through the above as needed.

        * parser/Lexer.cpp:
        (JSC::::currentSourcePtr):
        (JSC::::setCode):
          - Added tracking for sourceoffset and lineStart.
        (JSC::::internalShift):
        (JSC::::parseIdentifier):
          - Added tracking for lineStart.
        (JSC::::parseIdentifierSlowCase):
        (JSC::::parseString):
          - Added tracking for lineStart.
        (JSC::::parseStringSlowCase):
        (JSC::::lex):
          - Added tracking for sourceoffset.
        (JSC::::sourceCode):
        * parser/Lexer.h:
        (JSC::Lexer::currentOffset):
        (JSC::Lexer::currentLineStartOffset):
        (JSC::Lexer::setOffset):
          - Added tracking for lineStart.
        (JSC::Lexer::offsetFromSourcePtr): Added. conversion function.
        (JSC::Lexer::sourcePtrFromOffset): Added. conversion function.
        (JSC::Lexer::setOffsetFromSourcePtr):
        (JSC::::lexExpectIdentifier):
          - Added tracking for sourceoffset and lineStart.

        * parser/NodeConstructors.h:
        (JSC::Node::Node):
        (JSC::ResolveNode::ResolveNode):
        (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
        (JSC::FunctionCallValueNode::FunctionCallValueNode):
        (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
        (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
        (JSC::FunctionCallDotNode::FunctionCallDotNode):
        (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
        (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
        (JSC::PostfixNode::PostfixNode):
        (JSC::DeleteResolveNode::DeleteResolveNode):
        (JSC::DeleteBracketNode::DeleteBracketNode):
        (JSC::DeleteDotNode::DeleteDotNode):
        (JSC::PrefixNode::PrefixNode):
        (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
        (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
        (JSC::AssignBracketNode::AssignBracketNode):
        (JSC::AssignDotNode::AssignDotNode):
        (JSC::ReadModifyDotNode::ReadModifyDotNode):
        (JSC::AssignErrorNode::AssignErrorNode):
        (JSC::WithNode::WithNode):
        (JSC::ForInNode::ForInNode):
          - Plumbed line and lineStart through the above as needed.
        * parser/Nodes.cpp:
        (JSC::StatementNode::setLoc): Plumbed lineStart.
        (JSC::ScopeNode::ScopeNode): Plumbed lineStart.
        (JSC::ProgramNode::ProgramNode): Plumbed startColumn.
        (JSC::ProgramNode::create): Plumbed startColumn.
        (JSC::EvalNode::create):
        (JSC::FunctionBodyNode::FunctionBodyNode): Plumbed startColumn.
        (JSC::FunctionBodyNode::create): Plumbed startColumn.
        * parser/Nodes.h:
        (JSC::Node::startOffset):
        (JSC::Node::lineStartOffset): Added.
        (JSC::StatementNode::firstLine):
        (JSC::StatementNode::lastLine):
        (JSC::ThrowableExpressionData::ThrowableExpressionData):
        (JSC::ThrowableExpressionData::setExceptionSourceCode):
        (JSC::ThrowableExpressionData::divotStartOffset):
        (JSC::ThrowableExpressionData::divotEndOffset):
        (JSC::ThrowableExpressionData::divotLine):
        (JSC::ThrowableExpressionData::divotLineStart):
        (JSC::ThrowableSubExpressionData::ThrowableSubExpressionData):
        (JSC::ThrowableSubExpressionData::setSubexpressionInfo):
        (JSC::ThrowableSubExpressionData::subexpressionDivot):
        (JSC::ThrowableSubExpressionData::subexpressionStartOffset):
        (JSC::ThrowableSubExpressionData::subexpressionEndOffset):
        (JSC::ThrowableSubExpressionData::subexpressionLine):
        (JSC::ThrowableSubExpressionData::subexpressionLineStart):
        (JSC::ThrowablePrefixedSubExpressionData::ThrowablePrefixedSubExpressionData):
        (JSC::ThrowablePrefixedSubExpressionData::setSubexpressionInfo):
        (JSC::ThrowablePrefixedSubExpressionData::subexpressionDivot):
        (JSC::ThrowablePrefixedSubExpressionData::subexpressionStartOffset):
        (JSC::ThrowablePrefixedSubExpressionData::subexpressionEndOffset):
        (JSC::ThrowablePrefixedSubExpressionData::subexpressionLine):
        (JSC::ThrowablePrefixedSubExpressionData::subexpressionLineStart):
        (JSC::ScopeNode::startStartOffset):
        (JSC::ScopeNode::startLineStartOffset):
        (JSC::ProgramNode::startColumn):
        (JSC::EvalNode::startColumn):
        (JSC::FunctionBodyNode::startColumn):
          - Plumbed line and lineStart through the above as needed.
        * parser/Parser.cpp:
        (JSC::::Parser):
        (JSC::::parseSourceElements):
        (JSC::::parseVarDeclarationList):
        (JSC::::parseConstDeclarationList):
        (JSC::::parseForStatement):
        (JSC::::parseBreakStatement):
        (JSC::::parseContinueStatement):
        (JSC::::parseReturnStatement):
        (JSC::::parseThrowStatement):
        (JSC::::parseWithStatement):
          - Plumbed line and lineStart through the above as needed.
        (JSC::::parseFunctionBody):
          - Plumbed startColumn.
        (JSC::::parseFunctionInfo):
        (JSC::::parseFunctionDeclaration):
        (JSC::LabelInfo::LabelInfo):
        (JSC::::parseExpressionOrLabelStatement):
        (JSC::::parseAssignmentExpression):
        (JSC::::parseBinaryExpression):
        (JSC::::parseProperty):
        (JSC::::parseObjectLiteral):
        (JSC::::parsePrimaryExpression):
        (JSC::::parseMemberExpression):
        (JSC::::parseUnaryExpression):
          - Plumbed line, lineStart, startColumn through the above as needed.
        * parser/Parser.h:
        (JSC::Parser::next):
        (JSC::Parser::nextExpectIdentifier):
        (JSC::Parser::tokenStart):
        (JSC::Parser::tokenColumn):
        (JSC::Parser::tokenEnd):
        (JSC::Parser::tokenLineStart):
        (JSC::Parser::lastTokenLine):
        (JSC::Parser::lastTokenLineStart):
        (JSC::::parse):
        * parser/ParserTokens.h:
        (JSC::JSTokenLocation::JSTokenLocation):
          - Plumbed lineStart.
        (JSC::JSTokenLocation::lineStartPosition):
        (JSC::JSTokenLocation::startPosition):
        (JSC::JSTokenLocation::endPosition):
        * parser/SourceCode.h:
        (JSC::SourceCode::SourceCode):
        (JSC::SourceCode::startColumn):
        (JSC::makeSource):
        (JSC::SourceCode::subExpression):
        * parser/SourceProvider.cpp: delete old code.
        * parser/SourceProvider.h: delete old code.
        * parser/SourceProviderCacheItem.h:
        (JSC::SourceProviderCacheItem::closeBraceToken):
        (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
          - Plumbed lineStart.
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::makeFunctionCallNode):
        (JSC::SyntaxChecker::makeAssignNode):
        (JSC::SyntaxChecker::makePrefixNode):
        (JSC::SyntaxChecker::makePostfixNode):
        (JSC::SyntaxChecker::makeDeleteNode):
        (JSC::SyntaxChecker::createResolve):
        (JSC::SyntaxChecker::createBracketAccess):
        (JSC::SyntaxChecker::createDotAccess):
        (JSC::SyntaxChecker::createRegExp):
        (JSC::SyntaxChecker::createNewExpr):
        (JSC::SyntaxChecker::createAssignResolve):
        (JSC::SyntaxChecker::createFunctionExpr):
        (JSC::SyntaxChecker::createFunctionBody):
        (JSC::SyntaxChecker::createFuncDeclStatement):
        (JSC::SyntaxChecker::createForInLoop):
        (JSC::SyntaxChecker::createReturnStatement):
        (JSC::SyntaxChecker::createBreakStatement):
        (JSC::SyntaxChecker::createContinueStatement):
        (JSC::SyntaxChecker::createWithStatement):
        (JSC::SyntaxChecker::createLabelStatement):
        (JSC::SyntaxChecker::createThrowStatement):
        (JSC::SyntaxChecker::createGetterOrSetterProperty):
        (JSC::SyntaxChecker::appendBinaryExpressionInfo):
        (JSC::SyntaxChecker::operatorStackPop):
          - Made SyntaxChecker prototype changes to match ASTBuilder due to new
            args added for plumbing line, lineStart, and startColumn.
        * runtime/CodeCache.cpp:
        (JSC::CodeCache::generateBytecode):
        (JSC::CodeCache::getCodeBlock):
          - Plumbed startColumn.
        * runtime/Executable.cpp:
        (JSC::FunctionExecutable::FunctionExecutable):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::produceCodeBlockFor):
        (JSC::FunctionExecutable::fromGlobalCode):
          - Plumbed startColumn.
        * runtime/Executable.h:
        (JSC::ScriptExecutable::startColumn):
        (JSC::ScriptExecutable::recordParse):
        (JSC::FunctionExecutable::create):
          - Plumbed startColumn.

2013-07-08  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Add missing header files.

2013-07-04  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Add generation of JITStubs for x86_64 MSVC
        https://bugs.webkit.org/show_bug.cgi?id=116666

        Reviewed by Laszlo Gombos.

        Also move the generation for ARM CPU into the CMakeLists.txt,
        since it's compiler specific and not dedicated to Windows CE.

        * CMakeLists.txt:
        * PlatformWinCE.cmake: Removed.

2013-07-04  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Add STATICALLY_LINKED_WITH_WTF to JavaScriptCore project
        https://bugs.webkit.org/show_bug.cgi?id=118120

        Reviewed by Gyuyoung Kim.

        Since WTF is a static library linked to JavaScriptCore on all CMake ports
        we need to define STATICALLY_LINKED_WITH_WTF for all of them.
        This makes only a difference for Windows, since WTF_EXPORT and WTF_IMPORT
        are the same on all other platforms.

        * CMakeLists.txt:

2013-07-02  Mark Hahnenberg  <mhahnenberg@apple.com>

        Replace RELEASE_ASSERT with ASSERT in CodeBlock:: bytecodeOffsetForCallAtIndex
        https://bugs.webkit.org/show_bug.cgi?id=118316

        Reviewed by Geoffrey Garen.

        This is causing some crashiness in release builds. We should replace it with an ASSERT 
        until we track down all the places that need fixing in bug 118315.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):

2013-07-02  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build correction for 'DebugSuffix' target.

        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: Must pass the
        DEBUGSUFFIX definition to the nmake instance to be available during script processing.

2013-07-01  Sergio Correia  <sergio.correia@openbossa.org>

        [JSC]: Fix maybe-uninitialized gcc 4.8 warning in DFGSpeculativeJIT.cpp
        https://bugs.webkit.org/show_bug.cgi?id=118278

        Reviewed by Filip Pizlo.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
        Initialize valueGPR with InvalidGPRReg.

2013-07-01  Csaba Osztrogonác  <ossy@webkit.org>

        Fix cast-align warnings in JavaScriptCore/heap/HandleBlockInlines.h
        https://bugs.webkit.org/show_bug.cgi?id=118242

        Reviewed by Mark Hahnenberg.

        * heap/HandleBlockInlines.h:
        (JSC::HandleBlock::nodes):

2013-06-29  Andreas Kling  <akling@apple.com>

        Follow-up to r152206: also update HashFlags8BitBuffer in the LLInt.

        * llint/LowLevelInterpreter.asm:

2013-06-28  Andreas Kling  <akling@apple.com>

        Un-crashify JSC tests on debug bots after Anders had his way with StringImpl.

        * llint/LLIntData.cpp:
        (JSC::LLInt::Data::performAssertions):

2013-06-28  Anders Carlsson  <andersca@apple.com>

        Remove String::deprecatedCharactersWithNullTermination() and related code
        https://bugs.webkit.org/show_bug.cgi?id=118211

        Reviewed by Benjamin Poulain.

        * API/JSStringRef.cpp:
        (JSStringCreateWithCharactersNoCopy):
        Update call to StringImpl::createWithoutCopying.

2013-06-27  Timothy Hatcher  <timothy@apple.com>

        Notify the debugger about functions created from source code via new Function() or WebCore::JSLazyEventListener.

        https://bugs.webkit.org/show_bug.cgi?id=118063

        Reviewed by Geoffrey Garen.

        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Call Debugger::sourceParsed.

2013-06-26  Anders Carlsson  <andersca@apple.com>

        Add JSStringCreateWithCharactersNoCopy SPI
        https://bugs.webkit.org/show_bug.cgi?id=118074
        <rdar://problem/14279905>

        Reviewed by Geoffrey Garen.

        * API/JSStringRef.cpp:
        (JSStringCreateWithCharactersNoCopy):
        Create a new OpaqueJSString, using the newly added StringImpl::createWithoutCopying function.

        * API/JSStringRefPrivate.h: Added.
        Add a home for the JSStringCreateWithCharactersNoCopy function.

        * API/OpaqueJSString.h:
        (OpaqueJSString::OpaqueJSString):
        Just call isolatedCopy on the passed in string.

        * API/tests/testapi.c:
        Add an API test for JSStringCreateWithCharactersNoCopy.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        Add new files.

2013-06-25  Ryosuke Niwa  <rniwa@webkit.org>

        JSString should remember AtomicString
        https://bugs.webkit.org/show_bug.cgi?id=117386

        Reviewed by Geoffrey Garen.

        Added JSValue::toAtomicString and JSString::atomicString. These two functions allow WebCore to update
        JSString's m_value to set isAtomic flag and avoid the AtomicStringTable lookups in subsequent attempts
        to obtain the AtomicString of the same value.

        * runtime/JSCJSValue.h:
        * runtime/JSString.h:
        (JSC::JSString::atomicString):
        (JSC::JSValue::toAtomicString):

2013-06-24  Roger Fong  <roger_fong@apple.com>

        Unreviewed. Makefile build fix for AppleWindows.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-06-17  Darin Adler  <darin@apple.com>

        Sort all the Xcode project files
        https://bugs.webkit.org/show_bug.cgi?id=117696

        Reviewed by Anders Carlsson.

        * JavaScriptCore.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.

2013-06-21  Mark Lam  <mark.lam@apple.com>

        Introducing the VMStackBounds class.
        https://bugs.webkit.org/show_bug.cgi?id=117862.

        Reviewed by Geoffrey Garen.

        - Removed Interpreter::StackPolicy.
        - The new VMStackBounds will take over choosing the appropriate stack
          size requirements, and invoking the underlying WTF::StackBounds to
          to the real bounds check.
        - VMStackBounds will now be used universally throughout JSC instead of
          WTF::StackBounds.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * bytecompiler/BytecodeGenerator.h:
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        (JSC::Interpreter::executeCall):
        (JSC::Interpreter::executeConstruct):
        (JSC::Interpreter::prepareForRepeatCall):
        * interpreter/Interpreter.h:
        (JSC::Interpreter::isInErrorHandlingMode):
        * parser/Parser.cpp:
        (JSC::::Parser):
        * parser/Parser.h:
        * runtime/StringRecursionChecker.h:
        (JSC::StringRecursionChecker::performCheck):
        * runtime/VMStackBounds.h: Added.
        (JSC::VMStackBounds::VMStackBounds):
        (JSC::VMStackBounds::isSafeToRecurse):
        (JSC::VMStackBounds::requiredCapacity):

2013-06-20  Mark Lam  <mark.lam@apple.com>

        Change stack capacity requirement to be more reasonable.
        https://bugs.webkit.org/show_bug.cgi?id=117801.

        Reviewed by Geoffrey Garen.

        Previously, the requiredStack in StackPolicy::StackPolicy() was set to
        to a high value like 256K to reduce the chances of encountering an
        undetected stack overflow in a scenario where we have a combination of
        deeply nested divs and a large amount recursive re-entries into the VM.

        However, this high value of requiredStack still does not completely
        ensure that we will never encounter an undetected stack overflow. It
        only lessens the probability of encountering it.

        Secondly, on some platforms, the total stack size can be less than 256K
        to start with. Hence, this high value requiredStack renders the VM
        unuseable on those platforms.

        This patch will fix the requiredStack to be more reasonable based on
        real world stack usage by the VM. We won't (and cannot) try to prevent
        undetected stack overflows outside of JSC as well. External code that
        do deep recursion (e.g. Documnet::updateLayout()) should do their own
        stack checks.

        From a previous experiment, we measured the following:

        On a debug build on OSX:
        1. Stack usage different between recursive calls to interpreter entry:
           7744 bytes
        On a release build on OSX:
        2. Stack usage difference between recursive calls to interpreter entry:
           6352 bytes

        Using these as a guide, we'll pick the following values for the
        StackPolicy:
           requiredStack: 32K
           errorModeRequiredStack: 16K

        The requiredStack is chosen to be 4x the measured usage above. The
        additional 3x is a conservative estimate to account for stack space
        that may be needed by other native functions called while in the
        interpreter.

        The errorModeRequiredStack has to be less than the requiredStack or we
        won't be able to reenter the interpreter to do error handling work when
        an imminent stack overflow is detected. It is assumed that the error
        handling code will only do minimal work to allocate an exception and its
        stack trace, and not run any arbitrary JS code. As such, it is safe to
        allow re-entry into the interpreter with only 2x the measured usage in
        this case.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::StackPolicy::StackPolicy):

2013-06-20  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>

        HashSet: reverse the order of the template arguments at alternate 'find', 'contains' and 'add' methods
        https://bugs.webkit.org/show_bug.cgi?id=117830

        Reviewed by Anders Carlsson.

        The order of the template arguments at HashSet alternate 'find', 'contains' and
        'add' methods is reversed so that callers can just pass the translator
        and let the compiler deduce input argument type.

        * runtime/Identifier.h:
        (JSC::IdentifierTable::add):

2013-06-20  Roger Fong  <roger_fong@apple.com>

        Make Windows makefile copy build output to a different folder.
        <rdar://problem/14219184>.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-06-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Improper deallocation of JSManagedValue causes crashes during autorelease pool draining
        https://bugs.webkit.org/show_bug.cgi?id=117840

        Reviewed by Geoffrey Garen.

        Improperly managing a JSManagedValue can cause a crash when the JSC::Weak inside the 
        JSManagedValue is destroyed upon deallocation. We would rather have improperly maintained 
        JSManagedValues cause memory leaks than take down the whole app. 

        The fix is to use the callback to the JSC::Weak on the destruction of the VM so that we 
        can safely null it out. This will prevent ~Weak from crashing.

        * API/JSManagedValue.mm:
        (-[JSManagedValue JSC::JSC::]):
        (JSManagedValueHandleOwner::finalize):
        * API/tests/testapi.mm: Added a test that crashed prior to this fix due to a leaked 
        managed reference. Also fixed a small style nit I noticed in another test.

2013-06-18  Oliver Hunt  <oliver@apple.com>

        Going to google.com/trends causes a crash
        https://bugs.webkit.org/show_bug.cgi?id=117602

        Reviewed by Geoffrey Garen.

        When handling op_throw, etc we need to flush the variables and arguments
        for the entire inline stack, not just the top frame.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::flushAllArgumentsAndCapturedVariablesInInlineStack):
        (JSC::DFG::ByteCodeParser::parseBlock):

2013-06-18  Roger Fong  <roger_fong@apple.com>

        Replace tools32 folder with tools and update WebKit Windows solution accordingly.
        <rdar://problem/14118143>.

        Rubberstamped by Brent Fulgham.

        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
        * JavaScriptCore.vcxproj/jsc/jscProduction.props:
        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
        * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
        * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:

2013-06-17  Roger Fong  <roger_fong@apple.com>

        Modify Windows makefiles to copy some bin output into Program Files.
        https://bugs.webkit.org/show_bug.cgi?id=117714.
        <rdar://problem/14179054>

        Reviewed by Brent Fulgham.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-06-14  Ryosuke Niwa  <rniwa@webkit.org>

        Function names on Object.prototype should be common identifiers
        https://bugs.webkit.org/show_bug.cgi?id=117614

        Reviewed by Darin Adler.

        Patch written by Sam Weinig. Make Object's prototype function names common identififers since they're used frequently.

        * runtime/CommonIdentifiers.h:
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * runtime/JSObject.h:
        * runtime/ObjectPrototype.cpp:
        (JSC::ObjectPrototype::finishCreation):
        * runtime/StringPrototype.cpp:
        (JSC::StringPrototype::finishCreation):

2013-06-13  Ryosuke Niwa  <rniwa@webkit.org>

        Remove LiteralIdentifierTable
        https://bugs.webkit.org/show_bug.cgi?id=117613

        Reviewed by Geoffrey Garen.

        Removed LiteralIdentifierTable since it doesn't seem to have any perf. impact now.

        * runtime/Identifier.cpp:
        (JSC::Identifier::add):

2013-06-12  Conrad Shultz  <conrad_shultz@apple.com>

        JSExport header documentation substitutes "semicolon" for "colon"
        https://bugs.webkit.org/show_bug.cgi?id=117552

        Reviewed by Mark Hahnenberg.

        * API/JSExport.h:
        Fix a couple typos.

2013-06-10  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>

        [JSC] Remove a vestige of wxWidgets support.
        https://bugs.webkit.org/show_bug.cgi?id=117419

        Reviewed by Benjamin Poulain.

        * runtime/JSExportMacros.h: Remove a check for BUILDING_WX__ that
        seems to have gone unnoticed when the wxWidgets port was removed.

2013-06-06  Roger Fong  <roger_fong@apple.com>

        Stop copying AAS binaries into build folder.
        https://bugs.webkit.org/show_bug.cgi?id=117319.

        Rubberstamped by Darin Adler.

        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:

2013-06-05  Filip Pizlo  <fpizlo@apple.com>

        DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray
        https://bugs.webkit.org/show_bug.cgi?id=117279
        <rdar://problem/14078025>        

        Reviewed by Mark Hahnenberg.

        * dfg/DFGAbstractValue.h:
        (JSC::DFG::AbstractValue::filterArrayModesByType):

2013-06-05  Michael Saboff  <msaboff@apple.com>

        JSC: Crash beneath cti_op_div @ http://gmailblog.blogspot.com
        https://bugs.webkit.org/show_bug.cgi?id=117280

        Reviewed by Filip Pizlo.

        Updated the merging of VariableAccessData nodes in ArgumentPosition lists
        to find the unified VariableAccessData node that is the root of the
        current node instead of using the current node directly when merging
        attributes.
        Added new dump code to dump the ArgumentPosition list.

        * dfg/DFGArgumentPosition.h:
        (JSC::DFG::rgumentPosition::mergeArgumentPredictionAwareness):
        (JSC::DFG::ArgumentPosition::mergeArgumentUnboxingAwareness):
        (JSC::DFG::ArgumentPosition::dump):
        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):

2013-06-05  Bear Travis  <betravis@adobe.com>

        [CSS Exclusions][CSS Shapes] Split CSS Exclusions & Shapes compile & runtime flags
        https://bugs.webkit.org/show_bug.cgi?id=117172

        Reviewed by Alexandru Chiculita.

        Adding the CSS_SHAPES compile flag.

        * Configurations/FeatureDefines.xcconfig:

2013-06-05  Balazs Kilvady  <kilvadyb@homejinni.com>

        JSC Assertion tests failures on MIPS.
        https://bugs.webkit.org/show_bug.cgi?id=116552

        Reviewed by Geoffrey Garen.

        Fix condition handlig in branchAdd32 implemetations.

        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::branchAdd32):

2013-06-04  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Add floating point absolute function support in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117147

        Reviewed by Geoffrey Garen.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
        (JSC::MacroAssemblerSH4::absDouble):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::dabs):
        (JSC::SH4Assembler::printInstr):

2013-06-04  Zan Dobersek  <zdobersek@igalia.com>

        [JSC] Test262 15.5.4.9_3 test is failing
        https://bugs.webkit.org/show_bug.cgi?id=116789

        Reviewed by Geoffrey Garen.

        Bring the String.prototype.localeCompare behavior in line wit ES5 15.9.4.9.
        If method is not given enough arguments, the minimal amount of arguments must be assumed, with their value being undefined.
        The first argument to localeCompare, in its string form, is used as the 'that' string that's used in the comparison.
        Therefor, when calling str.localeCompare() or str.localeCompare(undefined), the first argument is `undefined` and the
        string "undefined" is used as the string to which value of str is compared.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncLocaleCompare): Remove the early return in case of no given arguments to achieve the desired behavior.

2013-06-03  Hojong Han  <hojong.han@samsung.com>

        [EFL] Implement GCActivityCallback
        https://bugs.webkit.org/show_bug.cgi?id=95923

        Reviewed by Geoffrey Garen.

        Implements the activity triggered garbage collector.
        Additional GCs can be triggered by platfrom timer.
        It has sort of compaction effect not to make JSC heap grow fast
        so that memory usage becomes lower than usual.

        * PlatformEfl.cmake: Added.
        * heap/HeapTimer.cpp:
        (JSC):
        (JSC::HeapTimer::HeapTimer):
        (JSC::HeapTimer::~HeapTimer):
        (JSC::HeapTimer::add):
        (JSC::HeapTimer::stop):
        (JSC::HeapTimer::timerEvent):
        * heap/HeapTimer.h:
        (HeapTimer):
        * jsc.cpp:
        (main):
        * runtime/GCActivityCallback.cpp:
        (JSC):
        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
        (JSC::DefaultGCActivityCallback::scheduleTimer):
        (JSC::DefaultGCActivityCallback::cancelTimer):
        (JSC::DefaultGCActivityCallback::didAllocate):
        * runtime/GCActivityCallback.h:
        (GCActivityCallback):
        (JSC::GCActivityCallback::GCActivityCallback):
        (DefaultGCActivityCallback):

2013-06-03  Roger Fong  <roger_fong@apple.com>

        Nuke VS2005 files from the tree.
        <rdar://problem/14042021>.

        Rubberstamped by Brent Fulgham.

        * JavaScriptCore.vcproj: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.make: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.resources: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.resources/Info.plist: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore.sln: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCF.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePGOOptimize.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreLink.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed.
        * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly/LLIntAssembly.vcproj: Removed.
        * JavaScriptCore.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcproj: Removed.
        * JavaScriptCore.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcproj: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc: Removed.
        * JavaScriptCore.vcproj/jsc/jsc.vcproj: Removed.
        * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/jsc/jscPreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/jsc/jscPreLink.cmd: Removed.
        * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi: Removed.
        * JavaScriptCore.vcproj/testapi/testapi.vcproj: Removed.
        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiPostBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testapi/testapiPreBuild.cmd: Removed.
        * JavaScriptCore.vcproj/testapi/testapiPreLink.cmd: Removed.
        * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: Removed.
        * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: Removed.

2013-05-31  Filip Pizlo  <fpizlo@apple.com>

        Incorrect assertion in DFG::Graph::uncheckedActivationRegisterFor()
        <rdar://problem/13989324>

        Rubber stamped by Mark Hahnenberg.
        
        This has a bogus assertion that checks that the passed CodeOrigin doesn't have
        an inline call frame. This was well intentioned in the sense that it is true
        that inlined call frames wouldn't have an activation register. But that doesn't
        mean that people won't ask. Removing the assertion fixes a debug-only crash and
        has no impact on production code. This change adds a comment to that effect.

        * dfg/DFGGraph.h:
        (JSC::DFG::Graph::uncheckedActivationRegisterFor):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Fix Overflow case of branchMul32 in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117057

        Reviewed by Oliver Hunt.

        Current implementation of Overflow case in branchMul32 performs an
        unsigned multiplication whereas a signed multiplication is expected.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchMul32):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Fix floating point comparisons in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117066.

        Reviewed by Oliver Hunt.

        Current implementation of branchDouble function in baseline JIT is wrong
        for some conditions and overkill for others. For instance:
        - With DoubleGreaterThanOrEqual condition, branch will be taken if either
          operand is NaN with current implementation whereras it should not.
        - With DoubleNotEqualOrUnordered condition, performed NaN checks are
          useless (because comparison result is false if either operand is NaN).

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchDouble):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Fix double floating point transfer in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=117054

        Reviewed by Oliver Hunt.

        In current implementation, dmovRegReg function transfers only one single
        FPRegister as PR=1 and SZ=0 in floating point status/control register.
        Double transfers must be performed with two fmov.s opcodes.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::moveDouble):
        (JSC::MacroAssemblerSH4::addDouble): Handle (op2==dest) case properly.
        (JSC::MacroAssemblerSH4::sqrtDouble):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::fmovsRegReg):

2013-05-31  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Handle branchType properly in branchTruncateDoubleToInt32.
        https://bugs.webkit.org/show_bug.cgi?id=117062

        Reviewed by Oliver Hunt.

        Current implementation of branchTruncateDoubleToInt32 is incorrect
        when branchType == BranchIfTruncateSuccessful in sh4 baseline JIT.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::branchTruncateDoubleToInt32):

2013-05-31  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build fix for VS2005 builders.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def: Add
        missing export for WTF::SHA1::computeHexDigest

2013-05-30  David Farler  <dfarler@apple.com>

        Fix jscore-test when not using --sdk option with jsDriver.pl
        https://bugs.webkit.org/show_bug.cgi?id=116339

        Reviewed by Joe Pecoraro.

        * tests/mozilla/jsDriver.pl:
        (execute_tests):
        With each test, the shell_command needs to be started from scratch.

        This fix will clear the shell_command and start over as before with
        the opt_arch option when not using --sdk with jsDriver.pl.

2013-05-30  Roger Fong  <roger_fong@apple.com>

        Get rid of JavaScript exports file on AppleWin port.
        https://bugs.webkit.org/show_bug.cgi?id=117050.

        Reviewed by Darin Adler.

        Delete the JavaScriptCoreExportGenerator folder and remove dependencies.
        Start linking in WTF.lib now that it's a shared library.

        * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/make-export-file-generator: Removed.
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:

2013-05-22  David Farler  <dfarler@apple.com>

        Add --sdk option to jsDriver.pl to run with iOS Simulator
        https://bugs.webkit.org/show_bug.cgi?id=116339

        Reviewed by David Kilzer.

        * tests/mozilla/jsDriver.pl:
        (execute_tests):
        Prefix shell command with the path to the "sim" tool.
        (parse_args):
        Add -d / --sdk option.
        (usage):
        Help message for -d / --sdk option.

2013-05-30  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Optimize NaN checks in LLINT for floating point comparisons.
        https://bugs.webkit.org/show_bug.cgi?id=117049

        Reviewed by Oliver Hunt.

        Use the fcmp/eq opcode in sh4 LLINT to test if a double is NaN.
        This is more efficient, doesn't require two tmp registers and requires
        less code than current implementation (which converts double to float,
        then checks 'E = Emax + 1' and 'f != 0').

        * offlineasm/sh4.rb:

2013-05-30  Oliver Hunt  <oliver@apple.com>

        JSCallbackObject does not correctly initialise the PropertySlot for getOwnPropertyDescriptor
        https://bugs.webkit.org/show_bug.cgi?id=117053

        Reviewed by Mark Hahnenberg.

        Set appropriate thisValue on the PropertySlot

        * API/JSCallbackObjectFunctions.h:
        (JSC::::getOwnPropertyDescriptor):
        * API/tests/testapi.mm:

2013-05-29  Jeffrey Pfau  <jpfau@apple.com>

        [Mac] Enable cache partitioning and the public suffix list on 10.8
        <rdar://problem/13679019>

        Rubber-stamped by David Kilzer.

        * Configurations/FeatureDefines.xcconfig:

2013-05-28  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Put correct byteCompile symbol in file. Previous version
        had an extra 'i' appended to the end.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-28  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build fix.  Remove ?byteCompile symbol that
        is no longer accessible during link.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-28  Gavin Barraclough  <barraclough@apple.com>

        String(new Date(2010,10,1)) is wrong in KRAT, YAKT
        https://bugs.webkit.org/show_bug.cgi?id=106750

        Reviewed by Darin Adler.

        * runtime/JSDateMath.cpp:
        (JSC::msToGregorianDateTime):
            - Additional review comment fix.

2013-05-28  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed build fix after r150833

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        A CR/LF combination was lost in the file, combining two symbols.

2013-05-27  Gavin Barraclough  <barraclough@apple.com>

        String(new Date(2010,10,1)) is wrong in KRAT, YAKT
        https://bugs.webkit.org/show_bug.cgi?id=106750

        Reviewed by Darin Adler.

        First part of a fix, simplfy date handling code, instead of operating separately
        on the UTC-standard and standard-DST offsets, just generate a combined UTC-local
        offset (this is what we actually need, and what the OS gives us).

        * runtime/JSDateMath.cpp:
        (JSC::getLocalTimeOffset):
            - removed getUTCOffset, converted getDSTOffset -> getLocalTimeOffset
        (JSC::gregorianDateTimeToMS):
        (JSC::msToGregorianDateTime):
        (JSC::parseDateFromNullTerminatedCharacters):
            - call getLocalTimeOffset instead of getUTCOffset/getDSTOffset
        * runtime/VM.cpp:
        (JSC::VM::resetDateCache):
            - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache
        * runtime/VM.h:
        (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
        (JSC::LocalTimeOffsetCache::reset):
        (LocalTimeOffsetCache):
            - removed cachedUTCOffset, converted DSTOffsetCache -> LocalTimeOffsetCache

2013-05-28  Mark Hahnenberg  <mhahnenberg@apple.com>

        r150199 is very wrong
        https://bugs.webkit.org/show_bug.cgi?id=116876

        JSValue needs to protect its internal JSValueRef.

        Reviewed by Darin Adler.

        * API/JSValue.mm:
        (-[JSValue initWithValue:inContext:]):
        (-[JSValue dealloc]):
        * API/tests/testapi.mm: Added a simple test to make sure that we protect the
        underlying JavaScript value across garbage collections.

2013-05-27  Patrick Gansterer  <paroga@webkit.org>

        Use ICU_INCLUDE_DIRS in BlackBerry CMake files
        https://bugs.webkit.org/show_bug.cgi?id=116210

        Reviewed by Rob Buis.

        Set and use the ICU_INCLUDE_DIRS variable to avoid
        duplicated adding of the ICU include directory.

        * PlatformBlackBerry.cmake:

2013-05-27  Gabor Rapcsanyi  <rgabor@webkit.org>

        MacroAssemblerARM should use xor to swap registers instead of move
        https://bugs.webkit.org/show_bug.cgi?id=116306

        Reviewed by Zoltan Herczeg.

        Change register swapping to xor from move and this way we don't need
        temporary register anymore.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::swap):

2013-05-25  Filip Pizlo  <fpizlo@apple.com>

        We broke (-2^31/-1)|0 in the DFG
        https://bugs.webkit.org/show_bug.cgi?id=116767

        Reviewed by Andreas Kling.
        
        The bug is that we were assuming that in the -2^31 case, we already had -2^31
        in the result register. This was a wrong assumption.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):

2013-05-24  Filip Pizlo  <fpizlo@apple.com>

        We broke !(0/0)
        https://bugs.webkit.org/show_bug.cgi?id=116736

        Reviewed by Gavin Barraclough.

        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createLogicalNot):
        * runtime/JSCJSValueInlines.h:
        (JSC::JSValue::pureToBoolean):

2013-05-24  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Optimize LLINT generated code and fix few bugs in baseline JIT.
        https://bugs.webkit.org/show_bug.cgi?id=116716

        Reviewed by Geoffrey Garen.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::mul32): Cosmetic changes.
        (JSC::MacroAssemblerSH4::convertInt32ToDouble): Absolute address was not dereferenced.
        (JSC::MacroAssemblerSH4::branch32): Absolute address was not dereferenced.
        (JSC::MacroAssemblerSH4::revertJumpReplacementToBranchPtrWithPatch): Use all 32 bits of pointer for revertJump call.
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::revertJump): Use changePCrelativeAddress to patch the whole pointer.
        (JSC::SH4Assembler::linkJump): Cosmetic change.
        * offlineasm/sh4.rb: Optimize LLINT generated code.

2013-05-23  Peter Wang  <peter.wang@torchmobile.com.cn>

        CLoop llint backend should not use the d8 register as scratch register
        https://bugs.webkit.org/show_bug.cgi?id=116019

        Reviewed by Csaba Osztrogonác.

        * offlineasm/cloop.rb:

2013-05-22  Peter Wang  <peter.wang@torchmobile.com.cn>

        Use uninitialized register in "JIT::emit_op_neq_null" and "emit_op_eq_null"
        https://bugs.webkit.org/show_bug.cgi?id=116593

        Reviewed by Filip Pizlo.

        Generated instructions using uninitialized register. It's caused by a mistake of r126494.

        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_eq_null):
        (JSC::JIT::emit_op_neq_null):

2013-05-22  Filip Pizlo  <fpizlo@apple.com>

        Fix indentation of CodeBlock.h

        Rubber stampted by Mark Hahnenberg.

        * bytecode/CodeBlock.h:

2013-05-22  Julien Brianceau  <jbrianceau@nds.com>

        [sh4] Remove MacroAssemblerSH4.cpp file.
        https://bugs.webkit.org/show_bug.cgi?id=116596.

        Reviewed by Geoffrey Garen.

        Move linkCall and repatchCall implementations from MacroAssemblerSH4.cpp
        to MacroAssemblerSH4.h and remove MacroAssemblerSH4.cpp, as it is done
        for other architectures.

        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * assembler/MacroAssemblerSH4.cpp: Removed.
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::linkCall):
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::repatchCall):

2013-05-21  Brent Fulgham  <bfulgham@apple.com>

        [Windows] Unreviewed speculative fix for test-bots.

        Add export declaration for WTFInvokeCrashHook to avoid runtime
        load error on test bots.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-21  Mark Lam  <mark.lam@apple.com>

        Added missing assert condition for PositiveOrZero in ARM branch32().
        https://bugs.webkit.org/show_bug.cgi?id=116538.

        Reviewed by Geoffrey Garen.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::branchAdd32):

2013-05-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        Disable SuperRegion
        https://bugs.webkit.org/show_bug.cgi?id=116362

        Rubber stamped by Geoff Garen.

        * heap/Region.h:

2013-05-20  Oliver Hunt  <oliver@apple.com>

        Make C API more robust against null contexts
        https://bugs.webkit.org/show_bug.cgi?id=116462

        Reviewed by Anders Carlsson.

        Handle null contexts in a non-crashy way.  It's a bug to ever call the
        API with a null context, and the absence of a context means we can't
        produce a meaningful result, so we still assert in debug builds.

        Now where possible we detect and early return, returning null for any
        pointer type, NaN for doubles, and false for any boolean result.

        * API/JSBase.cpp:
        (JSEvaluateScript):
        (JSCheckScriptSyntax):
        (JSReportExtraMemoryCost):
        * API/JSContextRef.cpp:
        (JSContextGetGlobalObject):
        (JSContextGetGroup):
        (JSContextGetGlobalContext):
        (JSContextCreateBacktrace):
        * API/JSObjectRef.cpp:
        (JSObjectMake):
        (JSObjectMakeFunctionWithCallback):
        (JSObjectMakeConstructor):
        (JSObjectMakeFunction):
        (JSObjectMakeArray):
        (JSObjectMakeDate):
        (JSObjectMakeError):
        (JSObjectMakeRegExp):
        (JSObjectGetPrototype):
        (JSObjectSetPrototype):
        (JSObjectHasProperty):
        (JSObjectGetProperty):
        (JSObjectSetProperty):
        (JSObjectGetPropertyAtIndex):
        (JSObjectSetPropertyAtIndex):
        (JSObjectDeleteProperty):
        (JSObjectCopyPropertyNames):
        * API/JSValueRef.cpp:
        (JSValueGetType):
        (JSValueIsUndefined):
        (JSValueIsNull):
        (JSValueIsBoolean):
        (JSValueIsNumber):
        (JSValueIsString):
        (JSValueIsObject):
        (JSValueIsObjectOfClass):
        (JSValueIsEqual):
        (JSValueIsStrictEqual):
        (JSValueIsInstanceOfConstructor):
        (JSValueMakeUndefined):
        (JSValueMakeNull):
        (JSValueMakeBoolean):
        (JSValueMakeNumber):
        (JSValueMakeString):
        (JSValueMakeFromJSONString):
        (JSValueCreateJSONString):
        (JSValueToBoolean):
        (JSValueToNumber):
        (JSValueToStringCopy):
        (JSValueToObject):
        (JSValueProtect):
        * API/JSWeakObjectMapRefPrivate.cpp:

2013-05-20  David Kilzer  <ddkilzer@apple.com>

        Synchronize FeatureDefines.xcconfig

        * Configurations/FeatureDefines.xcconfig: Remove
        ENABLE_LINK_PRERENDER.  This was missed in r150356.

2013-05-19  Anders Carlsson  <andersca@apple.com>

        Remove link prerendering code
        https://bugs.webkit.org/show_bug.cgi?id=116415

        Reviewed by Darin Adler.

        This code was only used by Chromium and is dead now.

        * Configurations/FeatureDefines.xcconfig:

2013-05-18  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Replace *_LIBRARY_NAME with *_OUTPUT_NAME
        https://bugs.webkit.org/show_bug.cgi?id=114554

        Reviewed by Gyuyoung Kim.

        Using variables as target names is very uncommon in CMake.
        The usual way to specify the name of the resulting binary
        is to set the OUTPUT_NAME target property.

        * CMakeLists.txt:
        * shell/CMakeLists.txt:

2013-05-17  Patrick Gansterer  <paroga@webkit.org>

        [CMake] Remove invalid include paths
        https://bugs.webkit.org/show_bug.cgi?id=116213

        Reviewed by Gyuyoung Kim.

        Since "${JAVASCRIPTCORE_DIR}/wtf" does not exist, it is safe
        to remove them from the list of include directories.

        * PlatformEfl.cmake: Removed.
        * PlatformGTK.cmake: Removed.

2013-05-16  Patrick Gansterer  <paroga@webkit.org>

        Consolidate lists in JavaScriptCore CMake files
        https://bugs.webkit.org/show_bug.cgi?id=115992

        Reviewed by Gyuyoung Kim.

        Move common files into the CMakeLists.txt to avoid duplicating the list of files.
        Also rebase the recently added GTK files to match the other CMake ports, since
        the submitted patch was based on an older version of the source tree.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * shell/CMakeLists.txt:
        * shell/PlatformEfl.cmake:
        * shell/PlatformGTK.cmake:

2013-05-16  Geoffrey Garen  <ggaren@apple.com>

        JSValue shouldn't protect/unprotect its context
        https://bugs.webkit.org/show_bug.cgi?id=116234

        Reviewed by Mark Hahnenberg.

        Our retain on _context is sufficient.

        * API/JSValue.mm:
        (-[JSValue initWithValue:inContext:]):
        (-[JSValue dealloc]):

2013-05-15  Ryosuke Niwa  <rniwa@webkit.org>

        Another Windows build fix attempt after r150160.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-05-15  Oliver Hunt  <oliver@apple.com>

        RefCountedArray needs to use vector initialisers for its backing store
        https://bugs.webkit.org/show_bug.cgi?id=116194

        Reviewed by Gavin Barraclough.

        Use an out of line function to clear the exception stack to avoid
        needing to include otherwise unnecessary headers all over the place.

        Everything else is just being updated to use that.

        * bytecompiler/BytecodeGenerator.cpp:
        * interpreter/CallFrame.h:
        (JSC::ExecState::clearSupplementaryExceptionInfo):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::addStackTraceIfNecessary):
        (JSC::Interpreter::throwException):
        * runtime/JSGlobalObject.cpp:
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
        * runtime/VM.cpp:
        (JSC):
        (JSC::VM::clearExceptionStack):
        * runtime/VM.h:
        (VM):
        (JSC::VM::exceptionStack):

2013-05-15  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r150051.
        http://trac.webkit.org/changeset/150051
        https://bugs.webkit.org/show_bug.cgi?id=116186

        Broke all JSC tests on Mac and the author is unresponsive
        (Requested by rniwa on #webkit).

        * JavaScriptCore.xcodeproj/project.pbxproj:

2013-05-15  Julien Brianceau  <jbrianceau@nds.com>

        Remove savedTimeoutReg from JITStackFrame for sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=116143

        Reviewed by Geoffrey Garen.

        Since r148119, timeoutCheckRegister is removed from baseline JIT.
        So we don't need to save r8 register in JITStackFrame anymore for sh4.

        * jit/JITStubs.cpp:
        * jit/JITStubs.h:
        (JITStackFrame):

2013-05-15  Nico Weber  <thakis@chromium.org>

        WebKit doesn't support MSVS2003 any more, remove preprocessor checks for older versions.
        https://bugs.webkit.org/show_bug.cgi?id=116157

        Reviewed by Anders Carlsson.

        Also remove a gcc3.2 workaround.

        Merges parts of these two commits by the talented Nico Weber:
        https://chromium.googlesource.com/chromium/blink/+/3677e2f47348daeff405a40b6f90fbdf0654c2f5
        https://chromium.googlesource.com/chromium/blink/+/0fcd96c448dc30be1416dcc15713c53710c1a312

        * os-win32/inttypes.h:

2013-05-13  Alvaro Lopez Ortega  <alvaro@alobbs.com>

        Nightly build's jsc doesn't work without DYLD_FRAMEWORK...
        https://bugs.webkit.org/show_bug.cgi?id=79065

        Reviewed by Darin Adler.

        Fixes the build process so the depencencies of the jsc binary are
        modified before its copied to its target directory. In this way
        jsc should always use relative reference to the JavaScriptCore
        libraries.

        * JavaScriptCore.xcodeproj/project.pbxproj: Fixes the commands in
        the "Copy Into Framework" target.

2013-05-13  Mark Hahnenberg  <mhahnenberg@apple.com>

        Objective-C API: scanExternalObjectGraph should not create new JSVirtualMachine wrappers
        https://bugs.webkit.org/show_bug.cgi?id=116074

        If scanExternalObjectGraph creates a new JSVirtualMachine wrapper during collection, when the 
        scanExternalObjectGraph call finishes and the autorelease pool is drained we will dealloc the 
        JSVirtualMachine which will cause us to try to take the API lock for the corresponding VM. 
        If this happens on a GC thread other than the "main" thread, we will deadlock. The solution 
        is to just check the VM cache, and if there is no JSVirtualMachine wrapper, return early.

        Reviewed by Darin Adler.

        * API/JSVirtualMachine.mm:
        (scanExternalObjectGraph):

2013-05-13  Benjamin Poulain  <benjamin@webkit.org>

        Improve stringProtoFuncLastIndexOf for the prefix case
        https://bugs.webkit.org/show_bug.cgi?id=115952

        Reviewed by Geoffrey Garen.

        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncLastIndexOf):
        Use the optimized string search when possible.

        On Joseph Pecoraro's tests, this gives a ~30% speed improvement.

2013-05-13  Zalan Bujtas  <zalan@apple.com>

        WebProcess consuming very high CPU on linkedin.com
        https://bugs.webkit.org/show_bug.cgi?id=115601

        Reviewed by Andreas Kling.

        Disable WEB_TIMING_MINIMAL.
        Turn off window.performance and performance.now(). Some JS frameworks expect
        additional Web Timing APIs, when performance.now() is available.

        * Configurations/FeatureDefines.xcconfig:

2013-05-12  Anders Carlsson  <andersca@apple.com>

        Stop including UnusedParam.h
        https://bugs.webkit.org/show_bug.cgi?id=116003

        Reviewed by Sam Weinig.

        UnusedParam.h is empty now so there's no need to include it anymore.

        * API/APICast.h:
        * API/tests/JSNode.c:
        * API/tests/JSNodeList.c:
        * API/tests/minidom.c:
        * API/tests/testapi.c:
        * assembler/AbstractMacroAssembler.h:
        * assembler/MacroAssemblerCodeRef.h:
        * bytecode/CodeBlock.cpp:
        * heap/HandleStack.h:
        * interpreter/JSStackInlines.h:
        * jit/CompactJITCodeMap.h:
        * jit/ExecutableAllocator.h:
        * parser/SourceProvider.h:
        * runtime/DatePrototype.cpp:
        * runtime/JSNotAnObject.cpp:
        * runtime/JSSegmentedVariableObject.h:
        * runtime/JSVariableObject.h:
        * runtime/Options.cpp:
        * runtime/PropertyOffset.h:

2013-05-11  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Add a basic cmake build for WTF and JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=115967

        Reviewed by Laszlo Gombos.

        * PlatformGTK.cmake: Added.
        * shell/PlatformGTK.cmake: Added.

2013-05-10  Laszlo Gombos  <l.gombos@samsung.com>

        Remove USE(OS_RANDOMNESS)
        https://bugs.webkit.org/show_bug.cgi?id=108095

        Reviewed by Darin Adler.

        Remove the USE(OS_RANDOMNESS) guard as it is turned on for all
        ports.

        * jit/JIT.cpp:
        (JSC::JIT::JIT):

2013-05-10  Mark Hahnenberg  <mhahnenberg@apple.com>

        Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
        https://bugs.webkit.org/show_bug.cgi?id=115938

        We're going to add some more types of check hoisting soon, so let's have the right name here.

        Rubber stamped by Filip Pizlo.
        
        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * Target.pri:
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile):
        * dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
        * dfg/DFGStructureCheckHoistingPhase.h: Removed.
        * dfg/DFGTypeCheckHoistingPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp.
        (JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
        (JSC::DFG::performTypeCheckHoisting):
        * dfg/DFGTypeCheckHoistingPhase.h: Copied from Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.h.

2013-05-09  Christophe Dumez  <ch.dumez@sisa.samsung.com>

        Unreviewed build fix after r149836.

        It broke at least EFL and GTK builds. Move new static members initialization
        outside the class. Those need to have a definition outside the class because
        their address is used (e.g. CodeCacheMap::nonGlobalWorkingSetMaxEntries).

        * runtime/CodeCache.cpp:
        (JSC):
        * runtime/CodeCache.h:
        (CodeCacheMap):

2013-05-08  Oliver Hunt  <oliver@apple.com>

        Code cache stores bogus var references for functions in eval code
        https://bugs.webkit.org/show_bug.cgi?id=115747

        Reviewed by Mark Hahnenberg.

        Non-global eval now uses a per-CodeBlock cache, and only use it
        when we're at the top of a function's scope.  This means that we
        will no longer cache the parsing of a single string across
        multiple functions, and we won't cache when we're nested inside
        constructs like |with| and |catch| where previously we would, which
        is good because caching in those cases is unsound.

        * bytecode/EvalCodeCache.h:
        (JSC):
        (JSC::EvalCodeCache::getSlow):
        (JSC::EvalCodeCache::get):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedCodeBlock::codeCacheForEval):
        (UnlinkedCodeBlock):
        (RareData):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/Interpreter.cpp:
        (JSC::eval):
        * runtime/CodeCache.cpp:
        (JSC::CodeCache::CodeCache):
        (JSC::CodeCache::generateBytecode):
        (JSC):
        (JSC::CodeCache::getCodeBlock):
        * runtime/CodeCache.h:
        (JSC::CodeCacheMap::CodeCacheMap):
        (CodeCacheMap):
        (JSC::CodeCacheMap::canPruneQuickly):
        (JSC::CodeCacheMap::prune):
        (JSC::CodeCache::create):
        (CodeCache):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::EvalExecutable):
        (JSC::EvalExecutable::compileInternal):
        * runtime/Executable.h:
        (JSC::EvalExecutable::create):
        (EvalExecutable):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::createEvalCodeBlock):
        * runtime/JSGlobalObject.h:
        (JSGlobalObject):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * runtime/VM.cpp:
        (JSC::VM::VM):
        * runtime/VM.h:
        (VM):

2013-05-08  Mark Hahnenberg  <mhahnenberg@apple.com>

        DFGArrayMode::fromObserved is too liberal when it sees different Array and NonArray shapes
        https://bugs.webkit.org/show_bug.cgi?id=115805

        Reviewed by Geoffrey Garen.

        It checks the observed ArrayModes to see if we have seen any ArrayWith* first. If so, it assumes it's 
        an Array::Array, even if we've also observed any NonArrayWith* in the ArrayProfile. This leads to the 
        code generated by jumpSlowForUnwantedArrayMode to check the indexing type against (shape | IsArray) 
        instead of just shape, which can cause us to exit a lot in the case that we saw a NonArray.

        To fix this we need to add a case that checks for both ArrayWith* and NonArrayWith* cases first, which 
        should then use Array::PossiblyArray, then do the checks we were already doing.

        * bytecode/ArrayProfile.h:
        (JSC::hasSeenArray):
        (JSC::hasSeenNonArray):
        * dfg/DFGArrayMode.cpp:
        (JSC::DFG::ArrayMode::fromObserved):

2013-05-09  Joe Mason  <jmason@blackberry.com>

        [BlackBerry] Set up logging buffer on start of jsc executable
        https://bugs.webkit.org/show_bug.cgi?id=114688

        Reviewed by Rob Buis.

        Internal PR: 322715
        Internally Reviewed By: Jeff Rogers

        * jsc.cpp:
        (main): call BB::Platform::setupApplicationLogging

2013-05-08  Michael Saboff  <msaboff@apple.com>

        JSC: There should be a disassembler for ARM Thumb 2
        https://bugs.webkit.org/show_bug.cgi?id=115827

        Reviewed by Filip Pizlo.

        Added a new disassembler for ARMv7 Thumb2 instructions for use by the JSC debugging
        and profiling code.  The opcode coverage is currently not complete.  It covers all
        of the integer instructions JSC currently emits, but only a limited number of
        floating point opcodes.  Currently that is just the 64 bit vmov and vmsr instructions.

        The disassembler is structured as a base opcode class ARMv7DOpcode with sub-classes
        for each instruction group.  There is a public format method that does the bulk of
        the disassembly work.  There are two broad sub-classes, ARMv7D16BitOpcode and
        ARMv7D32BitOpcode, for the 16 bit and 32 bit opcodes.  There are sub-classes under
        those two classes for individual and related groups of opcodes.  Instructions are
        "dispatched" to the right subclass via two arrays of linked lists in the inner classes
        OpcodeGroup.  There is one such inner class for each ARMv7D16BitOpcode and ARMv7D32BitOpcode.
        Each OpcodeGroup has a mask and a pattern that it applies to the instruction to determine
        that it matches a particular group.  OpcodeGroup uses a static method to reinterpret_cast
        the Opcode object to the right base class for the instruction group for formatting.
        The cast eliminates the need of allocating an object for each decoded instruction.
        Unknown instructions are formatted as ".word 1234" or ".long 12345678" depending whether
        the instruction is 16 or 32 bit.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * disassembler/ARMv7: Added.
        * disassembler/ARMv7/ARMv7DOpcode.cpp: Added.
        (ARMv7Disassembler):
        (OpcodeGroupInitializer):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::init):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::startITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::saveITConditionAt):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::fetchOpcode):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::disassemble):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::bufferPrintf):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendRegisterList):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendFPRegisterName):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::init):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::doDisassemble):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::defaultFormat):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::format):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::init):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::doDisassemble):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::defaultFormat):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::appendModifiedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::appendImmShift):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::appendFPRegister):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::format):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::format):
        * disassembler/ARMv7/ARMv7DOpcode.h: Added.
        (ARMv7Disassembler):
        (ARMv7DOpcode):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::ARMv7DOpcode):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::is32BitInstruction):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::isFPInstruction):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::conditionName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::shiftName):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::inITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::startingITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::endITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendInstructionNameNoITBlock):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSeparator):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendCharacter):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendString):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftType):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendSignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendUnsignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendPCRelativeOffset):
        (JSC::ARMv7Disassembler::ARMv7DOpcode::appendShiftAmount):
        (ARMv7D16BitOpcode):
        (OpcodeGroup):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::OpcodeGroup):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::setNext):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::next):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::matches):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::OpcodeGroup::format):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rm):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::rd):
        (JSC::ARMv7Disassembler::ARMv7D16BitOpcode::opcodeGroupNumber):
        (ARMv7DOpcodeAddRegisterT2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rdn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddRegisterT2::rm):
        (ARMv7DOpcodeAddSPPlusImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSPPlusImmediate::immediate8):
        (ARMv7DOpcodeAddSubtract):
        (ARMv7DOpcodeAddSubtractT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rm):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractT1::rn):
        (ARMv7DOpcodeAddSubtractImmediate3):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::rn):
        (ARMv7DOpcodeAddSubtractImmediate8):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::rdn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate8::immediate8):
        (ARMv7DOpcodeBranchConditionalT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::condition):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchConditionalT1::offset):
        (ARMv7DOpcodeBranchExchangeT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchExchangeT1::rm):
        (ARMv7DOpcodeBranchT2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchT2::immediate11):
        (ARMv7DOpcodeCompareImmediateT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareImmediateT1::immediate8):
        (ARMv7DOpcodeCompareRegisterT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT1::rn):
        (ARMv7DOpcodeCompareRegisterT2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeCompareRegisterT2::rm):
        (ARMv7DOpcodeDataProcessingRegisterT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rm):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegisterT1::rdn):
        (ARMv7DOpcodeGeneratePCRelativeAddress):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeGeneratePCRelativeAddress::immediate8):
        (ARMv7DOpcodeLoadFromLiteralPool):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadFromLiteralPool::immediate8):
        (ARMv7DOpcodeLoadStoreRegisterImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::immediate5):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
        (ARMv7DOpcodeLoadStoreRegisterImmediateWordAndByte):
        (ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord):
        (ARMv7DOpcodeLoadStoreRegisterOffsetT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::opB):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rm):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rn):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterOffsetT1::rt):
        (ARMv7DOpcodeLoadStoreRegisterSPRelative):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterSPRelative::immediate8):
        (ARMv7DOpcodeLogicalImmediateT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLogicalImmediateT1::immediate5):
        (ARMv7DOpcodeMiscAddSubSP):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscAddSubSP::immediate7):
        (ARMv7DOpcodeMiscByteHalfwordOps):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscByteHalfwordOps::op):
        (ARMv7DOpcodeMiscBreakpointT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscBreakpointT1::immediate8):
        (ARMv7DOpcodeMiscCompareAndBranch):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::immediate6):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscCompareAndBranch::rn):
        (ARMv7DOpcodeMiscHint16):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscHint16::opA):
        (ARMv7DOpcodeMiscIfThenT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::firstCondition):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscIfThenT1::mask):
        (ARMv7DOpcodeMiscPushPop):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMiscPushPop::registerMask):
        (ARMv7DOpcodeMoveImmediateT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveImmediateT1::immediate8):
        (ARMv7DOpcodeMoveRegisterT1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeMoveRegisterT1::rm):
        (ARMv7D32BitOpcode):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::OpcodeGroup):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::setNext):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::next):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::matches):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::OpcodeGroup::format):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rd):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rm):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rn):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::rt):
        (JSC::ARMv7Disassembler::ARMv7D32BitOpcode::opcodeGroupNumber):
        (ARMv7DOpcodeBranchRelative):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::sBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::j2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchRelative::immediate11):
        (ARMv7DOpcodeConditionalBranchT3):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::offset):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::condition):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeConditionalBranchT3::immediate6):
        (ARMv7DOpcodeBranchOrBranchLink):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::offset):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::immediate10):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeBranchOrBranchLink::isBL):
        (ARMv7DOpcodeDataProcessingLogicalAndRithmetic):
        (ARMv7DOpcodeDataProcessingModifiedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::sBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingModifiedImmediate::immediate12):
        (ARMv7DOpcodeDataProcessingShiftedReg):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::sBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::immediate5):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::type):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tbBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingShiftedReg::tBit):
        (ARMv7DOpcodeDataProcessingReg):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingReg::op2):
        (ARMv7DOpcodeDataProcessingRegShift):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegShift::opName):
        (ARMv7DOpcodeDataProcessingRegExtend):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::opExtendAndAddName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegExtend::rotate):
        (ARMv7DOpcodeDataProcessingRegParallel):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegParallel::opName):
        (ARMv7DOpcodeDataProcessingRegMisc):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataProcessingRegMisc::opName):
        (ARMv7DOpcodeHint32):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::isDebugHint):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::debugOption):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeHint32::op):
        (ARMv7DOpcodeFPTransfer):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opH):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opL):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opC):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::opB):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vd):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeFPTransfer::vn):
        (ARMv7DOpcodeDataLoad):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataLoad::op):
        (ARMv7DOpcodeLoadRegister):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadRegister::immediate2):
        (ARMv7DOpcodeLoadSignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::pBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::uBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::wBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadSignedImmediate::immediate8):
        (ARMv7DOpcodeLoadUnsignedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadUnsignedImmediate::immediate12):
        (ARMv7DOpcodeLongMultipleDivide):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlalOpName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlaldOpName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::smlsldOpName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdLo):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::rdHi):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op1):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::op2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::nBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeLongMultipleDivide::mBit):
        (ARMv7DOpcodeDataPushPopSingle):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopSingle::op):
        (ARMv7DOpcodeDataStoreSingle):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeDataStoreSingle::op):
        (ARMv7DOpcodeStoreSingleImmediate12):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate12::immediate12):
        (ARMv7DOpcodeStoreSingleImmediate8):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::pBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::uBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::wBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleImmediate8::immediate8):
        (ARMv7DOpcodeStoreSingleRegister):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeStoreSingleRegister::immediate2):
        (ARMv7DOpcodeUnmodifiedImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::opName):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::shBit):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::bitNumOrSatImmediate):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate5):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate12):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeUnmodifiedImmediate::immediate16):
        (ARMv7DOpcodeVMOVDoublePrecision):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVDoublePrecision::vm):
        (ARMv7DOpcodeVMOVSinglePrecision):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::op):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt2):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::rt):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMOVSinglePrecision::vm):
        (ARMv7DOpcodeVMSR):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::opL):
        (JSC::ARMv7Disassembler::ARMv7DOpcodeVMSR::rt):
        * disassembler/ARMv7Disassembler.cpp: Added.
        (JSC::tryToDisassemble):

2013-05-07  Julien Brianceau  <jbrianceau@nds.com>

        Take advantage of pre-decrement and post-increment opcodes for sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=115722

        Reviewed by Oliver Hunt.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::load8PostInc):
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::load16Unaligned):
        (JSC::MacroAssemblerSH4::load16PostInc):
        (JSC::MacroAssemblerSH4::storeDouble):
        (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::movwMemRegIn):
        (SH4Assembler):
        (JSC::SH4Assembler::movbMemRegIn):
        (JSC::SH4Assembler::printInstr):

2013-05-07  Anders Carlsson  <andersca@apple.com>

        Remove AlwaysInline.h from WTF
        https://bugs.webkit.org/show_bug.cgi?id=115727

        Reviewed by Brent Fulgham.

        The macro that used to be in AlwaysInline.h is now in Compiler.h so there's no reason
        to keep AlwaysInline.h around anymore.

        * jit/JSInterfaceJIT.h:
        * parser/Lexer.h:
        * runtime/JSCJSValue.h:
        * runtime/SymbolTable.h:

2013-05-07  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>

        HashTraits<RefPtr<P> >::PeekType should be raw pointer for better performance
        https://bugs.webkit.org/show_bug.cgi?id=115646

        Reviewed by Darin Adler.

        * bytecompiler/StaticPropertyAnalyzer.h:
        (JSC::StaticPropertyAnalyzer::putById):
            Updated accordingly to new HashMap<.., RefPtr>::get() semantics.

2013-05-06  Julien Brianceau  <jbrianceau@nds.com>

        Misc bugfix and cleaning in sh4 base JIT.
        https://bugs.webkit.org/show_bug.cgi?id=115627

        Reviewed by Oliver Hunt.

        Get rid of loadX(RegisterID r0, RegisterID src, RegisterID dest) functions.
        Remove misplaced extuw() implementation from MacroAssemblerSH4.
        Add movbRegMemr0 and movwRegMemr0 functions in SH4Assembler.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::add32): Skip operation when first operand is a zero immediate.
        (JSC::MacroAssemblerSH4::sub32): Skip operation when first operand is a zero immediate.
        (JSC::MacroAssemblerSH4::load32): Fix wrong usage of r0 register.
        (JSC::MacroAssemblerSH4::load8Signed): Handle "base == r0" case.
        (MacroAssemblerSH4):
        (JSC::MacroAssemblerSH4::load16): Handle "base == r0" case.
        (JSC::MacroAssemblerSH4::load16Unaligned): Use extuw() implementation from SH4Assembler.
        (JSC::MacroAssemblerSH4::load16Signed): Cosmetic change.
        (JSC::MacroAssemblerSH4::store8): Fix unhandled BaseIndex offset and handle (base == r0) case.
        (JSC::MacroAssemblerSH4::store16): Fix unhandled BaseIndex offset and handle (base == r0) case.
        (JSC::MacroAssemblerSH4::store32):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::movwRegMemr0):
        (SH4Assembler):
        (JSC::SH4Assembler::movbRegMemr0):
        (JSC::SH4Assembler::placeConstantPoolBarrier): Cosmetic change.
        (JSC::SH4Assembler::maxJumpReplacementSize):
        (JSC::SH4Assembler::replaceWithJump): Correct branch range and save an opcode.
        (JSC::SH4Assembler::printInstr):

2013-05-06  Anders Carlsson  <andersca@apple.com>

        Stop using WTF::deleteAllValues in JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=115670

        Reviewed by Oliver Hunt.

        Change the Vectors used to Vectors of OwnPtrs instead.

        * heap/DFGCodeBlocks.cpp:
        (JSC::DFGCodeBlocks::~DFGCodeBlocks):
        (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):

2013-05-06  Andras Becsi  <andras.becsi@digia.com>

        Build with GCC 4.8 fails because of -Wmaybe-uninitialized
        https://bugs.webkit.org/show_bug.cgi?id=115648

        Reviewed by Michael Saboff.

        Initialize values in Options::setOption since from
        there we end up calling OptionRange::init with
        uninitialized members.

        * runtime/Options.cpp:

2013-05-06  Gabor Rapcsanyi  <rgabor@webkit.org>

        JSC ARM traditional failing on Octane NavierStokes test
        https://bugs.webkit.org/show_bug.cgi?id=115626

        Reviewed by Zoltan Herczeg.

        Change the ARM traditional assembler to use double precision on value
        conversions.

        * assembler/ARMAssembler.h:

2013-05-03  Michael Saboff  <msaboff@apple.com>

        There should be a runtime option to constrain what functions get DFG compiled
        https://bugs.webkit.org/show_bug.cgi?id=115576

        Reviewed by Mark Hahnenberg.

        Added OptionRange to Options to allow checking that something is within an option
        or not.  The new OptionClass supports range strings in the form of [!]<low>[:<high>].
        If only one value is given, then it will be used for both low and high.  A leading
        '!' inverts the check.  If no range is given, then checking for a value within a range
        will always return true.  Added the option "bytecodeRangeToDFGCompile" that takes an
        OptionRange string to select the bytecode range of code blocks to DFG compile.

        * dfg/DFGDriver.cpp:
        (JSC::DFG::compile): Added new check for bytecode count within bytecodeRangeToDFGCompile
        range.
        * runtime/Options.cpp:
        (JSC::parse): Added overloaded parse() for OptionRange.
        (JSC::OptionRange::init): Parse range string and then initialize the range.
        (JSC::OptionRange::isInRange): Function used by consumer to check if a value is within
        the specified range.
        (JSC::Options::dumpOption): Added code to dump OptionRange options.
        * runtime/Options.h:
        (OptionRange): New class.
        (JSC::OptionRange::operator= ): This is really used as a default ctor for use within
        the Option static array initialization.
        (JSC::OptionRange::rangeString): This is used for debug.  It assumes that the char*
        passed into OptionRange::init is valid when this function is called.

2013-05-02  Oliver Hunt  <oliver@apple.com>

        Fix potential bug in lookup logic
        https://bugs.webkit.org/show_bug.cgi?id=115522

        Reviewed by Mark Hahnenberg.

        Though not a problem in practise, it is technically possible
        to inject an un-proxied global object into the scope chain
        via the C API.  This change makes sure that the scope walk
        in BytecodeGenerator actually limits itself to scopes that
        are statically bindable.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::resolve):
        * runtime/JSObject.h:
        (JSObject):
        (JSC):
        (JSC::JSObject::isStaticScopeObject):

2013-05-01  Roger Fong  <roger_fong@apple.com>

        Set Path in makefile for AppleWin.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:

2013-05-01  Benjamin Poulain  <benjamin@webkit.org>

        Remove the remaining wscript
        https://bugs.webkit.org/show_bug.cgi?id=115459

        Reviewed by Andreas Kling.

        * wscript: Removed.

2013-04-30  Mark Lam  <mark.lam@apple.com>

        JSContextGroupSetExecutionTimeLimit() should not pass a callback to the
        VM watchdog if its client did not pass one in.
        https://bugs.webkit.org/show_bug.cgi?id=115461.

        Reviewed by Geoffrey Garen.

        * API/JSContextRef.cpp:
        (internalScriptTimeoutCallback):
        (JSContextGroupSetExecutionTimeLimit):
        * API/tests/testapi.c:
        (main):
        - Added test case when the time limit callback is 0.
        - Also updated a check to verify that a TerminatedExecutionException is
          thrown when the time out is cancelled.
        - Also fixed some cosmetic typos.

2013-04-30  Geoffrey Garen  <ggaren@apple.com>

        Removed op_ensure_property_exists
        https://bugs.webkit.org/show_bug.cgi?id=115460

        Reviewed by Mark Hahnenberg.

        It was unused, and whatever it was once used for was not optimized.

        * JavaScriptCore.order:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        * jit/JIT.h:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * jit/JITStubs.cpp:
        * jit/JITStubs.h:
        * llint/LLIntSlowPaths.cpp:
        * llint/LLIntSlowPaths.h:
        * llint/LowLevelInterpreter.asm:

2013-04-30  Oliver Hunt  <oliver@apple.com>

        JSC Stack walking logic craches in the face of inlined functions triggering VM re-entry
        https://bugs.webkit.org/show_bug.cgi?id=115449

        Reviewed by Geoffrey Garen.

        Rename callframeishost to something that makes sense, and fix
        getCallerInfo to correctly handle inline functions calling into
        the VM.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::codeOriginForReturn):
          Make this more robust in the face of incorrect stack walking
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::trueCallerFrame):
          Everyone has to perform a codeblock() check before calling this
          so we might as well just do it here.
        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):

2013-04-30  Julien Brianceau  <jbrianceau@nds.com>

        Bug fixing in sh4 base JIT and LLINT.
        https://bugs.webkit.org/show_bug.cgi?id=115420

        Reviewed by Oliver Hunt.

        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::lshift32):
        (JSC::MacroAssemblerSH4::rshift32):
        (JSC::MacroAssemblerSH4::branchMul32):
        (JSC::MacroAssemblerSH4::urshift32):
        (JSC::MacroAssemblerSH4::replaceWithJump):
        (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::shldRegReg):
        (JSC::SH4Assembler::shadRegReg):
        (JSC::SH4Assembler::shalImm8r):
        (SH4Assembler):
        (JSC::SH4Assembler::sharImm8r):
        (JSC::SH4Assembler::maxJumpReplacementSize):
        (JSC::SH4Assembler::replaceWithJump):
        * offlineasm/sh4.rb:

2013-04-30  Geoffrey Garen  <ggaren@apple.com>

        Objective-C JavaScriptCore API should publicly support bridging to C
        https://bugs.webkit.org/show_bug.cgi?id=115447

        Reviewed by Mark Hahnenberg.

        For consistency, I renamed

            +[JSValue valueWithValue:] => +[JSValue valueWithJSValueRef]
            +[JSContext contextWithGlobalContextRef] => +[JSContext contextWithJSGlobalContextRef]
            -[JSContext globalContext] => -[JSContext JSGlobalContextRef]

        I searched svn to verify that these functions don't have clients yet,
        so we won't break anything.

        I also exported as public API

            +[JSValue valueWithJSValueRef:]
            +[JSContext contextWithJSGlobalContextRef:]

        It's hard to integrate with the C API without these.

2013-04-30  Commit Queue  <rniwa@webkit.org>

        Unreviewed, rolling out r149349 and r149354.
        http://trac.webkit.org/changeset/149349
        http://trac.webkit.org/changeset/149354
        https://bugs.webkit.org/show_bug.cgi?id=115444

         The Thumb version of compileSoftModulo make invalid use of
        registers (Requested by benjaminp on #webkit).

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/ARMv7Assembler.h:
        (ARMv7Assembler):
        * assembler/AbstractMacroAssembler.h:
        (JSC::isARMv7s):
        (JSC):
        * assembler/MacroAssemblerARMv7.cpp: Removed.
        * assembler/MacroAssemblerARMv7.h:
        (MacroAssemblerARMv7):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGOperations.cpp:
        * dfg/DFGOperations.h:
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):
        (DFG):
        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):
        (SpeculativeJIT):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):

2013-04-30  Zalan Bujtas  <zalan@apple.com>

        Animations fail to start on http://www.google.com/insidesearch/howsearchworks/thestory/
        https://bugs.webkit.org/show_bug.cgi?id=111244

        Reviewed by David Kilzer.
        
        Enable performance.now() as a minimal subset of Web Timing API. 
        It returns DOMHighResTimeStamp, a monotonically increasing value representing the 
        number of milliseconds from the start of the navigation of the current document.
        JS libraries use this API to check against the requestAnimationFrame() timestamp.

        * Configurations/FeatureDefines.xcconfig:

2013-04-30  Zoltan Arvai  <zarvai@inf.u-szeged.hu>

        Unreviewed. Speculative build fix on Qt Arm and Mips after r149349.

        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo):

2013-04-29  Cosmin Truta  <ctruta@blackberry.com>

        [ARM] Expand the use of integer division
        https://bugs.webkit.org/show_bug.cgi?id=115138

        Reviewed by Benjamin Poulain.

        If availability of hardware integer division isn't known at compile
        time, check the CPU flags and decide at runtime whether to fall back
        to software. Currently, this OS-specific check is implemented on QNX.

        Moreover, use operator % instead of fmod() in the calculation of the
        software modulo. Even when it's software-emulated, operator % is faster
        than fmod(): on ARM v7 QNX, without hardware division, we noticed
        >3% speedup on SunSpider.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::sdiv): Did not compile conditionally.
        (JSC::ARMv7Assembler::udiv): Ditto.
        * assembler/AbstractMacroAssembler.h:
        (JSC::isARMv7s): Removed.
        * assembler/MacroAssemblerARMv7.cpp: Added.
        (JSC::isIntegerDivSupported): Added.
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::supportsIntegerDiv): Added.
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode): Checked MacroAssembler::supportsIntegerDiv() in ArithDiv case.
        * dfg/DFGOperations.cpp:
        (JSC::DFG::operationModOnInts): Added.
        * dfg/DFGOperations.h:
        (JSC::DFG::Z_DFGOperation_ZZ): Added.
        * dfg/DFGSpeculativeJIT.cpp:
        (JSC::DFG::SpeculativeJIT::compileSoftModulo): Separated the X86-specific and ARM-specific codegen
        from the common implementation; used operationModOnInts on ARM.
        (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARM): Renamed from compileIntegerArithDivForARMv7.
        (JSC::DFG::SpeculativeJIT::compileArithMod): Allowed run-time detection of integer div on ARM.
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation): Added overloads with Z_DFGOperation_ZZ arguments.
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile): Used compileIntegerArithDivForARM.

2013-04-29  Benjamin Poulain  <benjamin@webkit.org>

        Unify the data access of StringImpl members from JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=115320

        Reviewed by Andreas Kling.

        DFG accesses the member infos by directly calling the methods on StringImpl,
        while the baseline JIT was using helper methods on ThunkHelpers.

        Cut the middle man, and use StringImpl directly everywhere.

        * jit/JITInlines.h:
        (JSC::JIT::emitLoadCharacterString):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::stringGetByValStubGenerator):
        * jit/JSInterfaceJIT.h:
        * jit/ThunkGenerators.cpp:
        (JSC::stringCharLoad):

2013-04-29  Benjamin Poulain  <bpoulain@apple.com>

        Use push and pop for iOS math function thunks
        https://bugs.webkit.org/show_bug.cgi?id=115215

        Reviewed by Filip Pizlo.

        The iOS ABI is a little different than regular ARM ABI regarding stack alignment.
        The requirement is 4 bytes:
        "The ARM environment uses a stack that—at the point of function calls—is 4-byte aligned,
         grows downward, and contains local variables and a function’s parameters."

        Subsequently, we can just use push and pop to preserve the link register.

        * jit/ThunkGenerators.cpp:

2013-04-29  Brent Fulgham  <bfulgham@webkit.org>

        [Windows, WinCairo] Get rid of last few pthread include/link references.
        https://bugs.webkit.org/show_bug.cgi?id=115375

        Reviewed by Tim Horton.

        * JavaScriptCore.vcproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:

2013-04-29  Roger Fong  <roger_fong@apple.com>

        Unreviewed. AppleWin VS2010 build fix.

        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:

2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>

        ~BlockAllocator should ASSERT that it has no more Regions left
        https://bugs.webkit.org/show_bug.cgi?id=115287

        Reviewed by Andreas Kling.

        * heap/BlockAllocator.cpp:
        (JSC::BlockAllocator::~BlockAllocator):
        (JSC::BlockAllocator::allRegionSetsAreEmpty):
        * heap/BlockAllocator.h:
        (RegionSet):
        (JSC::BlockAllocator::RegionSet::isEmpty):
        (BlockAllocator):

2013-04-29  Mark Hahnenberg  <mhahnenberg@apple.com>

        IndexingTypes should use hex
        https://bugs.webkit.org/show_bug.cgi?id=115286

        Decimal is kind of confusing/hard to read because they're used as bit masks. Hex seems more appropriate.

        Reviewed by Geoffrey Garen.

        * runtime/IndexingType.h:

2013-04-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix make distcheck.

        * GNUmakefile.list.am: Add missing headers files to compilation
        and offlineasm/sh4.rb script.

2013-04-28  Dean Jackson  <dino@apple.com>

        [Mac] Disable canvas backing store scaling (HIGH_DPI_CANVAS)
        https://bugs.webkit.org/show_bug.cgi?id=115310

        Reviewed by Simon Fraser.

        Remove ENABLE_HIGH_DPI_CANVAS_macosx.

        * Configurations/FeatureDefines.xcconfig:

2013-04-27  Darin Adler  <darin@apple.com>

        Move from constructor and member function adoptCF/NS to free function adoptCF/NS.
        https://bugs.webkit.org/show_bug.cgi?id=115307

        Reviewed by Geoffrey Garen.

        * heap/HeapTimer.cpp:
        (JSC::HeapTimer::HeapTimer):
        * runtime/VM.cpp:
        (JSC::enableAssembler):
        Use adoptCF free function.

2013-04-27  Anders Carlsson  <andersca@apple.com>

        Try to fix the Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:

2013-04-25  Geoffrey Garen  <ggaren@apple.com>

        Cleaned up pre/post inc/dec in bytecode
        https://bugs.webkit.org/show_bug.cgi?id=115222

        Reviewed by Filip Pizlo.

        A few related changes here:

        (*) Removed post_inc and post_dec. The two-result form was awkward to
        reason about. Being explicit about the intermediate mov and to_number
        reduces DFG overhead, removes some fragile ASSERTs from the DFG, and
        fixes a const bug. Plus, we get to blow away 262 lines of code.

        (*) Renamed pre_inc and pre_dec to inc and dec, since there's only one
        version now.

        (*) Renamed to_jsnumber to to_number, to match the ECMA name.

        (*) Tightened up the codegen and runtime support for to_number.


        * JavaScriptCore.order: Order!

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitInc):
        (JSC::BytecodeGenerator::emitDec):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::emitToNumber):
        (BytecodeGenerator): Removed post_inc and post_dec.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::emitPreIncOrDec): Updated for rename.

        (JSC::emitPostIncOrDec): Issue an explicit mov and to_number when needed.
        These are rare, and they boil away in the DFG.

        (JSC::PostfixNode::emitResolve):
        (JSC::PrefixNode::emitResolve): For const, use an explicit mov instead
        of any special forms. This fixes a bug where we would do string
        add/subtract instead of number.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCapabilities.h:
        (JSC::DFG::canCompileOpcode):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompileMainPass):
        (JSC::JIT::privateCompileSlowCases):
        * jit/JIT.h:
        * jit/JITArithmetic.cpp:
        (JSC::JIT::emit_op_inc):
        (JSC::JIT::emitSlow_op_inc):
        (JSC::JIT::emit_op_dec):
        (JSC::JIT::emitSlow_op_dec):
        * jit/JITArithmetic32_64.cpp:
        (JSC::JIT::emit_op_inc):
        (JSC::JIT::emitSlow_op_inc):
        (JSC::JIT::emit_op_dec):
        (JSC::JIT::emitSlow_op_dec): Removed post_inc/dec, and updated for renames.

        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_to_number):
        (JSC::JIT::emitSlow_op_to_number): Removed a test for number cells. There's
        no such thing!

        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_to_number): Use LowestTag to avoid making assumptions
        about the lowest valued tag.

        (JSC::JIT::emitSlow_op_to_number): Updated for renames.

        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITStubs.h:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * llint/LLIntSlowPaths.h:
        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:
        * parser/NodeConstructors.h:
        (JSC::UnaryPlusNode::UnaryPlusNode): Removed post_inc/dec, and updated for renames.

        * runtime/Operations.cpp:
        (JSC::jsIsObjectType): Removed a test for number cells. There's
        no such thing!

2013-04-27  Julien Brianceau  <jbrianceau@nds.com>

        REGRESSION(r149114): cache flush for SH4 arch may flush an extra page.
        https://bugs.webkit.org/show_bug.cgi?id=115305

        Reviewed by Andreas Kling.

        * assembler/SH4Assembler.h:
        (JSC::SH4Assembler::cacheFlush):

2013-04-26  Geoffrey Garen  <ggaren@apple.com>

        Re-landing <http://trac.webkit.org/changeset/148999>

            Filled out more cases of branch folding in bytecode when emitting
            expressions into a branching context
            https://bugs.webkit.org/show_bug.cgi?id=115057

            Reviewed by Phil Pizlo.

        We can't fold the number == 1 case to boolean because all non-zero numbers
        down-cast to true, but only 1 is == to true.

2013-04-26  Filip Pizlo  <fpizlo@apple.com>

        Correct indentation of SymbolTable.h
        
        Rubber stamped by Mark Hahnenberg.

        * runtime/SymbolTable.h:

2013-04-26  Roger Fong  <roger_fong@apple.com>

        Make Apple Windows VS2010 build results into and get dependencies from __32 suffixed folders.
        Make the DebugSuffix configuration use _debug dependencies.

        * JavaScriptCore.vcxproj/JavaScriptCore.make:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make:
        * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
        * JavaScriptCore.vcxproj/JavaScriptCoreProduction.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreRelease.props:
        * JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.make:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.make:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorProduction.props:
        * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props:
        * JavaScriptCore.vcxproj/build-generated-files.sh:
        * JavaScriptCore.vcxproj/copy-files.cmd:
        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
        * JavaScriptCore.vcxproj/jsc/jscCommon.props:
        * JavaScriptCore.vcxproj/jsc/jscDebug.props:
        * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
        * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
        * JavaScriptCore.vcxproj/jsc/jscProduction.props:
        * JavaScriptCore.vcxproj/jsc/jscRelease.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpProduction.props:
        * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
        * JavaScriptCore.vcxproj/testapi/testapiCommon.props:
        * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
        * JavaScriptCore.vcxproj/testapi/testapiDebug.props:
        * JavaScriptCore.vcxproj/testapi/testapiDebugCFLite.props:
        * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd:
        * JavaScriptCore.vcxproj/testapi/testapiProduction.props:
        * JavaScriptCore.vcxproj/testapi/testapiRelease.props:
        * JavaScriptCore.vcxproj/testapi/testapiReleaseCFLite.props:

2013-04-26  Roger Fong  <roger_fong@apple.com>

        Disable sub-pixel layout on mac.
        https://bugs.webkit.org/show_bug.cgi?id=114999.

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2013-04-26  Oliver Hunt  <oliver@apple.com>

        Make stack tracing more robust
        https://bugs.webkit.org/show_bug.cgi?id=115272

        Reviewed by Geoffrey Garen.

        CallFrame already handles stack walking confusion robustly,
        so we should make sure that the actual walk handles that as well.

        * interpreter/Interpreter.cpp:
        (JSC::getCallerInfo):

2013-04-26  Mark Hahnenberg  <mhahnenberg@apple.com>

        REGRESSION(r149165): It made many tests crash on 32 bit
        https://bugs.webkit.org/show_bug.cgi?id=115227

        Reviewed by Csaba Osztrogonác.

        m_reservation is uninitialized when ENABLE(SUPER_REGION) is false.