1 2012-01-27 Carlos Garcia Campos <cgarcia@igalia.com>
3 [GTK] Add a GKeyFile especialization to GOwnPtr
4 https://bugs.webkit.org/show_bug.cgi?id=77191
6 Reviewed by Martin Robinson.
8 * wtf/gobject/GOwnPtr.cpp:
9 (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
10 * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
11 * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
13 2012-01-25 Yury Semikhatsky <yurys@chromium.org>
15 Web Inspector: should be possible to open function declaration from script popover
16 https://bugs.webkit.org/show_bug.cgi?id=76913
18 Added display function name and source location to the popover in scripts panel.
19 Now when a function is hovered user can navigate to its definition.
21 Reviewed by Pavel Feldman.
23 * JavaScriptCore/JavaScriptCore.exp
24 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
25 * runtime/JSFunction.h:
28 2012-01-26 Kevin Ollivier <kevino@theolliviers.com>
30 [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
32 * runtime/DatePrototype.cpp:
35 2012-01-26 Mark Hahnenberg <mhahnenberg@apple.com>
37 Merge AllocationSpace into MarkedSpace
38 https://bugs.webkit.org/show_bug.cgi?id=77116
40 Reviewed by Geoffrey Garen.
42 Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to
43 MarkedSpace allocation.
46 * GNUmakefile.list.am:
48 * JavaScriptCore.gypi:
49 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
50 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
51 * JavaScriptCore.xcodeproj/project.pbxproj:
53 * heap/AllocationSpace.cpp: Removed.
54 * heap/AllocationSpace.h: Removed.
58 (JSC::Heap::objectSpace):
63 * heap/MarkedSpace.cpp:
64 (JSC::MarkedSpace::tryAllocateHelper):
66 (JSC::MarkedSpace::tryAllocate):
67 (JSC::MarkedSpace::allocateSlowCase):
68 (JSC::MarkedSpace::allocateBlock):
69 (JSC::MarkedSpace::freeBlocks):
71 (JSC::TakeIfUnmarked::TakeIfUnmarked):
72 (JSC::TakeIfUnmarked::operator()):
73 (JSC::TakeIfUnmarked::returnValue):
74 (JSC::MarkedSpace::shrink):
76 (JSC::GatherDirtyCells::returnValue):
77 (JSC::GatherDirtyCells::GatherDirtyCells):
78 (JSC::GatherDirtyCells::operator()):
79 (JSC::MarkedSpace::gatherDirtyCells):
82 (JSC::MarkedSpace::blocks):
83 (JSC::MarkedSpace::forEachCell):
85 (JSC::MarkedSpace::allocate):
87 2012-01-26 Oliver Hunt <oliver@apple.com>
90 <rdar://problem/10703671> MSVC generates bad code for enum compare.
94 Make bitfield large enough to work around MSVC's desire to make enums
97 * bytecode/CallLinkInfo.h:
100 2012-01-26 Filip Pizlo <fpizlo@apple.com>
102 All DFG helpers that may call out to arbitrary JS code must know where they
103 were called from due to inlining and call stack walking
104 https://bugs.webkit.org/show_bug.cgi?id=77070
105 <rdar://problem/10750834>
107 Reviewed by Geoff Garen.
109 Changed the DFG to always record a code origin index in the tag of the argument
110 count (which we previously left blank for the benefit of LLInt, but is still
111 otherwise unused by the DFG), so that if we ever need to walk the stack accurately
112 we know where to start. In particular, if the current ExecState* points several
113 semantic call frames away from the true semantic call frame because we had
114 performed inlining, having the code origin index recorded means that we can reify
115 those call frames as necessary to give runtime/library code an accurate view of
116 the current JS state.
118 This required several large but mechanical changes:
120 - Calling a function from the DFG now plants a store32 instruction to store the
121 code origin index. But the indices of code origins were previously picked by
122 the DFG::JITCompiler after code generation completed. I changed this somewhat;
123 even though the code origins are put into the CodeBlock after code gen, the
124 code gen now knows a priori what their indices will be. Extensive assertions
125 are in place to ensure that the two don't get out of sync, in the form of the
126 DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
127 those don't need the code origin index set in the call frame because we can get
128 it by doing a binary search on the return PC.
130 - Stack walking now always calls trueCallFrame() first before beginning the walk,
131 since even the top call frame may be wrong. It still calls trueCallerFrame() as
132 before to get to the next frame, though trueCallerFrame() is now mostly a
133 wrapper around callerFrame()->trueCallFrame().
135 - Because the mechanism for getting the code origin of a call frame is bimodal
136 (either the call frame knows its code origin because the code origin index was
137 set, or it's necessary to use the callee frame's return PC), I put in extra
138 mechanisms to determine whether your caller, or your callee, corresponds to
139 a call out of C++ code. Previously we just had the host call flag, but this is
140 insufficient as it does not cover the case of someone calling JSC::call(). But
141 luckily we can determine this just by looking at the return PC: if the return
142 PC is in range of the ctiTrampiline, then two things are true: this call
143 frame's PC will tell you nothing about where you came from in your caller, and
144 the caller already knows where it's at because it must have set the code origin
145 index (unless it's not DFG code, in which case we don't care because there is
146 no inlining to worry about).
148 - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
149 inlining code, so I fixed it.
151 - Finally because I was tired of doing random #if's for checking if I should be
152 passing around an Instruction* or a ReturnAddressPtr, I created a class called
153 AbstractPC that holds whatever notion of a PC is appropriate for the current
154 execution environment. It's designed to work gracefully even if both the
155 interpreter and the JIT are compiled in, and should integrate nicely with the
158 This is neutral on all benchmarks and fixes some nasty corner-case regressions of
159 evil code that uses combinations of getters/setters and function.arguments.
162 * GNUmakefile.list.am:
163 * JavaScriptCore.exp:
164 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
165 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
166 * JavaScriptCore.xcodeproj/project.pbxproj:
168 * bytecode/CodeBlock.h:
169 (JSC::CodeBlock::codeOrigin):
171 * dfg/DFGByteCodeParser.cpp:
172 (JSC::DFG::ByteCodeParser::handleInlining):
173 * dfg/DFGJITCompiler.cpp:
174 (JSC::DFG::JITCompiler::link):
175 * dfg/DFGJITCompiler.h:
177 (JSC::DFG::CallBeginToken::CallBeginToken):
178 (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
179 (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
181 (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
182 (CallExceptionRecord):
183 (JSC::DFG::JITCompiler::JITCompiler):
185 (JSC::DFG::JITCompiler::nextCallBeginToken):
186 (JSC::DFG::JITCompiler::beginCall):
187 (JSC::DFG::JITCompiler::notifyCall):
188 (JSC::DFG::JITCompiler::addExceptionCheck):
189 (JSC::DFG::JITCompiler::addFastExceptionCheck):
190 * dfg/DFGOperations.cpp:
192 * dfg/DFGRepatch.cpp:
193 (JSC::DFG::tryBuildGetByIDList):
194 * dfg/DFGSpeculativeJIT.h:
195 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
196 * dfg/DFGSpeculativeJIT32_64.cpp:
197 (JSC::DFG::SpeculativeJIT::emitCall):
198 * dfg/DFGSpeculativeJIT64.cpp:
199 (JSC::DFG::SpeculativeJIT::emitCall):
200 * interpreter/AbstractPC.cpp: Added.
202 (JSC::AbstractPC::AbstractPC):
203 * interpreter/AbstractPC.h: Added.
206 (JSC::AbstractPC::AbstractPC):
207 (JSC::AbstractPC::hasJITReturnAddress):
208 (JSC::AbstractPC::jitReturnAddress):
209 (JSC::AbstractPC::hasInterpreterReturnAddress):
210 (JSC::AbstractPC::interpreterReturnAddress):
211 (JSC::AbstractPC::isSet):
212 (JSC::AbstractPC::operator!):
214 * interpreter/CallFrame.cpp:
216 (JSC::CallFrame::trueCallFrame):
217 (JSC::CallFrame::trueCallerFrame):
218 * interpreter/CallFrame.h:
219 (JSC::ExecState::abstractReturnPC):
220 (JSC::ExecState::codeOriginIndexForDFGWithInlining):
222 (JSC::ExecState::trueCallFrame):
223 (JSC::ExecState::trueCallFrameFromVMCode):
224 * interpreter/Interpreter.cpp:
225 (JSC::Interpreter::retrieveArgumentsFromVMCode):
226 (JSC::Interpreter::retrieveCallerFromVMCode):
227 (JSC::Interpreter::findFunctionCallFrameFromVMCode):
228 * interpreter/Interpreter.h:
236 (JSC::returnAddressIsInCtiTrampoline):
237 * runtime/JSFunction.cpp:
238 (JSC::JSFunction::argumentsGetter):
239 (JSC::JSFunction::callerGetter):
240 (JSC::JSFunction::getOwnPropertyDescriptor):
242 2012-01-26 Peter Varga <pvarga@webkit.org>
244 Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
245 https://bugs.webkit.org/show_bug.cgi?id=77104
247 Reviewed by Filip Pizlo.
249 * dfg/DFGOperations.cpp:
252 2012-01-26 Michael Saboff <msaboff@apple.com>
254 String::latin1() should take advantage of 8 bit strings
255 https://bugs.webkit.org/show_bug.cgi?id=76646
257 Reviewed by Geoffrey Garen.
259 * wtf/text/WTFString.cpp:
260 (WTF::String::latin1): For 8 bit strings, use existing buffer
263 2012-01-26 Michael Saboff <msaboff@apple.com>
265 Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
266 https://bugs.webkit.org/show_bug.cgi?id=76645
268 Reviewed by Geoffrey Garen.
270 * wtf/text/StringImpl.cpp:
271 (WTF::equalIgnoringCase): New LChar version.
272 (WTF::findInner): New helper function.
273 (WTF::StringImpl::find): Added 8 bit path.
274 (WTF::reverseFindInner): New helper funciton.
275 (WTF::StringImpl::reverseFind): Added 8 bit path.
276 (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
277 * wtf/text/StringImpl.h:
280 2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
282 [Qt][Win] One more speculative buildfix after r105970.
284 * JavaScriptCore.pri:
286 2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
288 [Qt][Win] Speculative buildfix after r105970.
290 * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
292 2012-01-26 Sheriff Bot <webkit.review.bot@gmail.com>
294 Unreviewed, rolling out r105982.
295 http://trac.webkit.org/changeset/105982
296 https://bugs.webkit.org/show_bug.cgi?id=77090
298 breaks the world (Requested by WildFox on #webkit).
300 * wtf/MainThread.cpp:
303 * wtf/mac/MainThreadMac.mm:
305 (WTF::registerGCThread):
306 (WTF::isMainThreadOrGCThread):
308 2012-01-26 Roland Takacs <takacs.roland@stud.u-szeged.hu>
310 [Qt] GC should be parallel on Qt platform
311 https://bugs.webkit.org/show_bug.cgi?id=73309
313 Reviewed by Zoltan Herczeg.
315 These changes made the parallel gc feature available for Qt port.
316 The implementation of "registerGCThread" and "isMainThreadOrGCThread"
317 is moved from MainThreadMac.mm to the common MainThread.cpp to make
318 them available for other platforms.
321 V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ]
322 WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms]
323 V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ]
325 Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
327 * wtf/MainThread.cpp:
329 (WTF::registerGCThread):
330 (WTF::isMainThreadOrGCThread):
332 * wtf/mac/MainThreadMac.mm:
334 2012-01-26 Andy Estes <aestes@apple.com>
336 REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
337 https://bugs.webkit.org/show_bug.cgi?id=77073
339 Reviewed by Ryosuke Niwa.
341 r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
342 This should have been changed to OS(WINDOWS). This causes the
343 preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
344 causing allocations made by Win32 to be deleted by fastmalloc.
346 * wtf/OwnPtrCommon.h:
347 (WTF): Use OS(WINDOWS) instead of OS(WIN).
349 2012-01-25 Mark Rowe <mrowe@apple.com>
351 Attempted Mac build fix after r105939.
353 * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
354 It isn't used on these platforms and isn't available in the ICU headers
357 2012-01-25 Mark Rowe <mrowe@apple.com>
359 Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
361 <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
363 Reviewed by David Kilzer.
365 * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
366 the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
367 to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
368 * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
369 the normal framework location. This prevents an incorrect install name from being used when
370 installing in to the staged frameworks directory.
372 2012-01-25 Eli Fidler <efidler@rim.com>
374 Implement Date.toLocaleString() using ICU
375 https://bugs.webkit.org/show_bug.cgi?id=76714
377 Reviewed by Darin Adler.
379 * runtime/DatePrototype.cpp:
380 (JSC::formatLocaleDate):
382 2012-01-25 Hajime Morita <morrita@google.com>
384 ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
385 https://bugs.webkit.org/show_bug.cgi?id=76863
387 Reviewed by Dimitri Glazkov.
389 Added a feature flag.
391 * Configurations/FeatureDefines.xcconfig:
393 2012-01-25 Yong Li <yoli@rim.com>
395 [BlackBerry] Implement OSAllocator::commit/decommit.
396 BlackBerry port should support virtual memory decommiting.
397 https://bugs.webkit.org/show_bug.cgi?id=77013
399 Reviewed by Rob Buis.
401 * wtf/OSAllocatorPosix.cpp:
402 (WTF::OSAllocator::reserveUncommitted):
403 (WTF::OSAllocator::commit):
404 (WTF::OSAllocator::decommit):
407 2012-01-24 Oliver Hunt <oliver@apple.com>
409 Make DFG update topCallFrame
410 https://bugs.webkit.org/show_bug.cgi?id=76969
412 Reviewed by Filip Pizlo.
414 Add NativeCallFrameTracer to manage topCallFrame assignment
415 in the DFG operations, and make use of it.
417 * dfg/DFGOperations.cpp:
418 (JSC::DFG::operationPutByValInternal):
420 * interpreter/Interpreter.h:
422 (NativeCallFrameTracer):
423 (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
425 2012-01-24 Filip Pizlo <fpizlo@apple.com>
427 Inlining breaks call frame walking when the walking is done from outside the inlinee,
428 but inside a code block that had inlining
429 https://bugs.webkit.org/show_bug.cgi?id=76978
430 <rdar://problem/10720904>
432 Reviewed by Oliver Hunt.
434 * bytecode/CodeBlock.h:
435 (JSC::CodeBlock::codeOriginForReturn):
436 * interpreter/CallFrame.cpp:
437 (JSC::CallFrame::trueCallerFrame):
439 2012-01-24 Gavin Barraclough <barraclough@apple.com>
441 https://bugs.webkit.org/show_bug.cgi?id=76855
442 Implement a JIT-code aware sampling profiler for JSC
444 Reviewed by Oliver Hunt.
446 Add support to MetaAllocator.cpp to track all live handles in a map,
447 allowing lookup based on any address within the allocation.
449 * wtf/MetaAllocator.cpp:
450 (WTF::MetaAllocatorTracker::notify):
451 (WTF::MetaAllocatorTracker::release):
452 - Track live handle objects in a map.
453 (WTF::MetaAllocator::release):
454 - Removed support for handles with null m_allocator (no longer used).
455 - Notify the tracker of handles being released.
456 (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
457 - Moved functionality out into MetaAllocator::release.
458 (WTF::MetaAllocatorHandle::shrink):
459 - Removed support for handles with null m_allocator (no longer used).
460 (WTF::MetaAllocator::MetaAllocator):
461 - Initialize m_tracker.
462 (WTF::MetaAllocator::allocate):
463 - Notify the tracker of new allocations.
464 * wtf/MetaAllocator.h:
465 (WTF::MetaAllocatorTracker::find):
466 - Lookup a MetaAllocatorHandle based on an address inside the allocation.
467 (WTF::MetaAllocator::trackAllocations):
468 - Register a callback object to track allocation state.
469 * wtf/MetaAllocatorHandle.h:
470 - Remove unused createSelfManagedHandle/constructor.
471 (WTF::MetaAllocatorHandle::key):
472 - Added, for use in RedBlackTree.
474 2012-01-24 Mark Hahnenberg <mhahnenberg@apple.com>
476 Use copying collector for out-of-line JSObject property storage
477 https://bugs.webkit.org/show_bug.cgi?id=76665
479 Reviewed by Geoffrey Garen.
481 * runtime/JSObject.cpp:
482 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
483 Also added a temporary variable to avoid warnings from GCC.
484 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
485 operator new. Also added a temporary variable to avoid warnings from GCC.
486 * runtime/JSObject.h:
488 2012-01-24 Geoffrey Garen <ggaren@apple.com>
490 JSValue::toString() should return a JSString* instead of a UString
491 https://bugs.webkit.org/show_bug.cgi?id=76861
493 Fixed two failing layout tests after my last patch.
495 Reviewed by Gavin Barraclough.
497 * runtime/ArrayPrototype.cpp:
498 (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
501 I missed this case because the JSString* type has a valid operator<,
502 so the compiler didn't complain.
504 2012-01-24 Kenichi Ishibashi <bashi@chromium.org>
506 [V8] Add Uint8ClampedArray support
507 https://bugs.webkit.org/show_bug.cgi?id=76803
509 Reviewed by Kenneth Russell.
511 * wtf/ArrayBufferView.h:
512 (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
513 * wtf/Uint8ClampedArray.h:
514 (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.
516 2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
518 [GTK] Add WebKitDownload to WebKit2 GTK+ API
519 https://bugs.webkit.org/show_bug.cgi?id=72949
521 Reviewed by Martin Robinson.
523 * wtf/gobject/GOwnPtr.cpp:
524 (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
525 * wtf/gobject/GOwnPtr.h: Add GTimer template.
526 * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.
528 2012-01-24 Ilya Tikhonovsky <loislo@chromium.org>
530 Unreviewed build fix for Qt LinuxSH4 build after r105698.
532 * interpreter/Interpreter.cpp:
533 (JSC::Interpreter::privateExecute):
535 2012-01-23 Geoffrey Garen <ggaren@apple.com>
537 JSValue::toString() should return a JSString* instead of a UString
538 https://bugs.webkit.org/show_bug.cgi?id=76861
540 Reviewed by Gavin Barraclough.
542 This makes the common case -- toString() on a string -- faster and
543 inline-able. (Not a measureable speedup, but we can now remove a bunch
544 of duplicate hand-rolled code for this optimization.)
546 This also clarifies the boundary between "C++ strings" and "JS strings".
548 In all cases other than true, false, null, undefined, and multi-digit
549 numbers, the JS runtime was just retrieving a UString from a JSString,
550 so returning a JSString* is strictly better. In the other cases, we can
551 optimize to avoid creating a new JSString if we care to, but it doesn't
552 seem to be a big deal.
554 * JavaScriptCore.exp: Export!
561 (functionCheckSyntax):
564 * API/JSValueRef.cpp:
565 (JSValueToStringCopy):
566 * bytecode/CodeBlock.cpp:
567 (JSC::valueToSourceString): Call value() after calling toString(), to
568 convert from "JS string" (JSString*) to "C++ string" (UString), since
569 toString() no longer returns a "C++ string".
571 * dfg/DFGOperations.cpp:
572 (JSC::DFG::operationValueAddNotNumber):
574 (op_add): Updated for removal of toPrimitiveString():
575 all '+' operands can use toString(), except for object operands, which
576 need to take a slow path to call toPrimitive().
578 * runtime/ArrayPrototype.cpp:
579 (JSC::arrayProtoFuncToString):
580 (JSC::arrayProtoFuncToLocaleString):
581 (JSC::arrayProtoFuncJoin):
582 (JSC::arrayProtoFuncPush):
583 * runtime/CommonSlowPaths.h:
584 (JSC::CommonSlowPaths::opIn):
585 * runtime/DateConstructor.cpp:
587 * runtime/DatePrototype.cpp:
588 (JSC::formatLocaleDate): Call value() after calling toString(), as above.
590 * runtime/ErrorInstance.h:
591 (JSC::ErrorInstance::create): Simplified down to one canonical create()
592 function, to make string handling easier.
594 * runtime/ErrorPrototype.cpp:
595 (JSC::errorProtoFuncToString):
596 * runtime/ExceptionHelpers.cpp:
597 (JSC::createInvalidParamError):
598 (JSC::createNotAConstructorError):
599 (JSC::createNotAFunctionError):
600 (JSC::createNotAnObjectError):
601 * runtime/FunctionConstructor.cpp:
602 (JSC::constructFunctionSkippingEvalEnabledCheck):
603 * runtime/FunctionPrototype.cpp:
604 (JSC::functionProtoFuncBind):
605 * runtime/JSArray.cpp:
606 (JSC::JSArray::sort): Call value() after calling toString(), as above.
608 * runtime/JSCell.cpp:
609 * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
610 job now. Doing it in JSCell is slower (requires extra type checking), and
611 creates the misimpression that language-defined toString() behavior is
612 an implementation detail of JSCell.
614 * runtime/JSGlobalObjectFunctions.cpp:
617 (JSC::globalFuncEval):
618 (JSC::globalFuncParseInt):
619 (JSC::globalFuncParseFloat):
620 (JSC::globalFuncEscape):
621 (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
623 * runtime/JSONObject.cpp:
624 (JSC::unwrapBoxedPrimitive):
625 (JSC::Stringifier::Stringifier):
626 (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
629 * runtime/JSObject.cpp:
630 (JSC::JSObject::toString):
631 * runtime/JSObject.h: Updated to return JSString*.
633 * runtime/JSString.cpp:
634 * runtime/JSString.h:
635 (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
637 * runtime/JSValue.cpp:
638 (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
639 spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
640 basically did what we want all the time. (Note that the toPrimitive()
641 preference changes from NoPreference to PreferString, because that's
642 how ToString is defined in the language. op_add does not want this behavior.)
644 * runtime/NumberPrototype.cpp:
645 (JSC::numberProtoFuncToString):
646 (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
649 * runtime/ObjectConstructor.cpp:
650 (JSC::objectConstructorGetOwnPropertyDescriptor):
651 (JSC::objectConstructorDefineProperty):
652 * runtime/ObjectPrototype.cpp:
653 (JSC::objectProtoFuncHasOwnProperty):
654 (JSC::objectProtoFuncDefineGetter):
655 (JSC::objectProtoFuncDefineSetter):
656 (JSC::objectProtoFuncLookupGetter):
657 (JSC::objectProtoFuncLookupSetter):
658 (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
660 * runtime/Operations.cpp:
661 (JSC::jsAddSlowCase): Need to check for object before taking the toString()
662 fast path becuase adding an object to a string requires calling toPrimitive()
663 on the object, not toString(). (They differ in their preferred conversion
666 * runtime/Operations.h:
668 (JSC::jsStringFromArguments): This code gets simpler, now that toString()
669 does the right thing.
671 (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
673 * runtime/RegExpConstructor.cpp:
674 (JSC::setRegExpConstructorInput):
675 (JSC::constructRegExp):
676 * runtime/RegExpObject.cpp:
677 (JSC::RegExpObject::match):
678 * runtime/RegExpPrototype.cpp:
679 (JSC::regExpProtoFuncCompile):
680 (JSC::regExpProtoFuncToString): More calls to value(), as above.
682 * runtime/StringConstructor.cpp:
683 (JSC::constructWithStringConstructor):
684 (JSC::callStringConstructor): This code gets simpler, now that toString()
685 does the right thing.
687 * runtime/StringPrototype.cpp:
688 (JSC::replaceUsingRegExpSearch):
689 (JSC::replaceUsingStringSearch):
690 (JSC::stringProtoFuncReplace):
691 (JSC::stringProtoFuncCharAt):
692 (JSC::stringProtoFuncCharCodeAt):
693 (JSC::stringProtoFuncConcat):
694 (JSC::stringProtoFuncIndexOf):
695 (JSC::stringProtoFuncLastIndexOf):
696 (JSC::stringProtoFuncMatch):
697 (JSC::stringProtoFuncSearch):
698 (JSC::stringProtoFuncSlice):
699 (JSC::stringProtoFuncSplit):
700 (JSC::stringProtoFuncSubstr):
701 (JSC::stringProtoFuncSubstring):
702 (JSC::stringProtoFuncToLowerCase):
703 (JSC::stringProtoFuncToUpperCase):
704 (JSC::stringProtoFuncLocaleCompare):
705 (JSC::stringProtoFuncBig):
706 (JSC::stringProtoFuncSmall):
707 (JSC::stringProtoFuncBlink):
708 (JSC::stringProtoFuncBold):
709 (JSC::stringProtoFuncFixed):
710 (JSC::stringProtoFuncItalics):
711 (JSC::stringProtoFuncStrike):
712 (JSC::stringProtoFuncSub):
713 (JSC::stringProtoFuncSup):
714 (JSC::stringProtoFuncFontcolor):
715 (JSC::stringProtoFuncFontsize):
716 (JSC::stringProtoFuncAnchor):
717 (JSC::stringProtoFuncLink):
718 (JSC::trimString): Some of this code gets simpler, now that toString()
719 does the right thing. More calls to value(), as above.
721 2012-01-23 Luke Macpherson <macpherson@chromium.org>
723 Unreviewed, rolling out r105676.
724 http://trac.webkit.org/changeset/105676
725 https://bugs.webkit.org/show_bug.cgi?id=76665
727 Breaks build on max due to compile warnings.
729 * runtime/JSObject.cpp:
730 (JSC::JSObject::finalize):
731 (JSC::JSObject::visitChildren):
732 (JSC::JSObject::allocatePropertyStorage):
733 * runtime/JSObject.h:
735 2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
737 Use copying collector for out-of-line JSObject property storage
738 https://bugs.webkit.org/show_bug.cgi?id=76665
740 Reviewed by Geoffrey Garen.
742 * runtime/JSObject.cpp:
743 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
744 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
746 * runtime/JSObject.h:
748 2012-01-23 Brian Weinstein <bweinstein@apple.com>
750 More build fixing after r105646.
752 * JavaScriptCore.exp:
754 2012-01-23 Gavin Barraclough <barraclough@apple.com>
756 https://bugs.webkit.org/show_bug.cgi?id=76855
757 Implement a JIT-code aware sampling profiler for JSC
759 Reviewed by Geoff Garen.
761 Step 2: generalize RedBlackTree. The profiler is going to want tio use
762 a RedBlackTree, allow this class to work with subclasses of
763 RedBlackTree::Node, Node should not need to know the names of the m_key
764 and m_value fields (the subclass can provide a key() accessor), and
765 RedBlackTree does not need to know anything about ValueType.
767 * JavaScriptCore.exp:
768 * wtf/MetaAllocator.cpp:
769 (WTF::MetaAllocator::findAndRemoveFreeSpace):
770 (WTF::MetaAllocator::debugFreeSpaceSize):
771 (WTF::MetaAllocator::addFreeSpace):
772 * wtf/MetaAllocator.h:
773 (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
774 (WTF::MetaAllocator::FreeSpaceNode::key):
775 * wtf/MetaAllocatorHandle.h:
776 (WTF::MetaAllocatorHandle::key):
777 * wtf/RedBlackTree.h:
778 (WTF::RedBlackTree::Node::successor):
779 (WTF::RedBlackTree::Node::predecessor):
780 (WTF::RedBlackTree::Node::parent):
781 (WTF::RedBlackTree::Node::setParent):
782 (WTF::RedBlackTree::Node::left):
783 (WTF::RedBlackTree::Node::setLeft):
784 (WTF::RedBlackTree::Node::right):
785 (WTF::RedBlackTree::Node::setRight):
786 (WTF::RedBlackTree::insert):
787 (WTF::RedBlackTree::remove):
788 (WTF::RedBlackTree::findExact):
789 (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
790 (WTF::RedBlackTree::findGreatestLessThanOrEqual):
791 (WTF::RedBlackTree::first):
792 (WTF::RedBlackTree::last):
793 (WTF::RedBlackTree::size):
794 (WTF::RedBlackTree::treeMinimum):
795 (WTF::RedBlackTree::treeMaximum):
796 (WTF::RedBlackTree::treeInsert):
797 (WTF::RedBlackTree::leftRotate):
798 (WTF::RedBlackTree::rightRotate):
799 (WTF::RedBlackTree::removeFixup):
801 2012-01-23 Andy Estes <aestes@apple.com>
803 Fix the build after r105635.
805 * JavaScriptCore.exp:
807 2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
809 Remove StackBounds from JSGlobalData
810 https://bugs.webkit.org/show_bug.cgi?id=76310
812 Reviewed by Sam Weinig.
814 Removed StackBounds and the stack() function from JSGlobalData since it no
815 longer accessed any members of JSGlobalData.
817 * bytecompiler/BytecodeGenerator.cpp:
818 (JSC::BytecodeGenerator::BytecodeGenerator):
819 * heap/MachineStackMarker.cpp:
820 (JSC::MachineThreads::addCurrentThread):
821 (JSC::MachineThreads::gatherFromCurrentThread):
824 * runtime/JSGlobalData.cpp:
825 (JSC::JSGlobalData::JSGlobalData):
826 * runtime/JSGlobalData.h:
828 2012-01-23 Gavin Barraclough <barraclough@apple.com>
830 Implement a JIT-code aware sampling profiler for JSC
831 https://bugs.webkit.org/show_bug.cgi?id=76855
833 Rubber stanmped by Geoff Garen.
835 Mechanical change - pass CodeBlock through to the executable allocator,
836 such that we will be able to map ranges of JIT code back to their owner.
838 * assembler/ARMAssembler.cpp:
839 (JSC::ARMAssembler::executableCopy):
840 * assembler/ARMAssembler.h:
841 * assembler/AssemblerBuffer.h:
842 (JSC::AssemblerBuffer::executableCopy):
843 * assembler/AssemblerBufferWithConstantPool.h:
844 (JSC::AssemblerBufferWithConstantPool::executableCopy):
845 * assembler/LinkBuffer.h:
846 (JSC::LinkBuffer::LinkBuffer):
847 (JSC::LinkBuffer::linkCode):
848 * assembler/MIPSAssembler.h:
849 (JSC::MIPSAssembler::executableCopy):
850 * assembler/SH4Assembler.h:
851 (JSC::SH4Assembler::executableCopy):
852 * assembler/X86Assembler.h:
853 (JSC::X86Assembler::executableCopy):
854 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
855 * dfg/DFGJITCompiler.cpp:
856 (JSC::DFG::JITCompiler::compile):
857 (JSC::DFG::JITCompiler::compileFunction):
858 * dfg/DFGOSRExitCompiler.cpp:
859 * dfg/DFGRepatch.cpp:
860 (JSC::DFG::generateProtoChainAccessStub):
861 (JSC::DFG::tryCacheGetByID):
862 (JSC::DFG::tryBuildGetByIDList):
863 (JSC::DFG::tryCachePutByID):
865 (JSC::DFG::osrExitGenerationThunkGenerator):
866 * jit/ExecutableAllocator.cpp:
867 (JSC::ExecutableAllocator::allocate):
868 * jit/ExecutableAllocator.h:
869 * jit/ExecutableAllocatorFixedVMPool.cpp:
870 (JSC::ExecutableAllocator::allocate):
872 (JSC::JIT::privateCompile):
873 * jit/JITOpcodes.cpp:
874 (JSC::JIT::privateCompileCTIMachineTrampolines):
875 * jit/JITOpcodes32_64.cpp:
876 (JSC::JIT::privateCompileCTIMachineTrampolines):
877 (JSC::JIT::privateCompileCTINativeCall):
878 * jit/JITPropertyAccess.cpp:
879 (JSC::JIT::stringGetByValStubGenerator):
880 (JSC::JIT::privateCompilePutByIdTransition):
881 (JSC::JIT::privateCompilePatchGetArrayLength):
882 (JSC::JIT::privateCompileGetByIdProto):
883 (JSC::JIT::privateCompileGetByIdSelfList):
884 (JSC::JIT::privateCompileGetByIdProtoList):
885 (JSC::JIT::privateCompileGetByIdChainList):
886 (JSC::JIT::privateCompileGetByIdChain):
887 * jit/JITPropertyAccess32_64.cpp:
888 (JSC::JIT::stringGetByValStubGenerator):
889 (JSC::JIT::privateCompilePutByIdTransition):
890 (JSC::JIT::privateCompilePatchGetArrayLength):
891 (JSC::JIT::privateCompileGetByIdProto):
892 (JSC::JIT::privateCompileGetByIdSelfList):
893 (JSC::JIT::privateCompileGetByIdProtoList):
894 (JSC::JIT::privateCompileGetByIdChainList):
895 (JSC::JIT::privateCompileGetByIdChain):
897 * jit/SpecializedThunkJIT.h:
898 (JSC::SpecializedThunkJIT::finalize):
900 (JSC::Yarr::YarrGenerator::compile):
902 2012-01-23 Xianzhu Wang <wangxianzhu@chromium.org>
904 Basic enhancements to StringBuilder
905 https://bugs.webkit.org/show_bug.cgi?id=67081
907 This change contains the following enhancements to StringBuilder,
908 for convenience, performance, testability, etc.:
909 - Change toStringPreserveCapacity() to const
910 - new public methods: capacity(), swap(), toAtomicString(), canShrink()
911 and append(const StringBuilder&)
912 - == and != opearators to compare StringBuilders and a StringBuilder/String
914 Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp
916 Reviewed by Darin Adler.
918 * JavaScriptCore.exp:
919 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
920 * wtf/text/AtomicString.cpp:
921 (WTF::SubstringTranslator::hash):
922 (WTF::SubstringTranslator::equal):
923 (WTF::SubstringTranslator::translate):
924 (WTF::AtomicString::add):
925 (WTF::AtomicString::addSlowCase):
926 * wtf/text/AtomicString.h:
927 (WTF::AtomicString::AtomicString):
928 (WTF::AtomicString::add):
929 * wtf/text/StringBuilder.cpp:
930 (WTF::StringBuilder::reifyString):
931 (WTF::StringBuilder::resize):
932 (WTF::StringBuilder::canShrink):
933 (WTF::StringBuilder::shrinkToFit):
934 * wtf/text/StringBuilder.h:
935 (WTF::StringBuilder::append):
936 (WTF::StringBuilder::toString):
937 (WTF::StringBuilder::toStringPreserveCapacity):
938 (WTF::StringBuilder::toAtomicString):
939 (WTF::StringBuilder::isEmpty):
940 (WTF::StringBuilder::capacity):
941 (WTF::StringBuilder::is8Bit):
942 (WTF::StringBuilder::swap):
946 * wtf/text/StringImpl.h:
948 2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
950 Unreviewed. Fix make distcheck.
952 * GNUmakefile.list.am: Add missing files, remove deleted files and
955 2012-01-22 Filip Pizlo <fpizlo@apple.com>
957 Build fix for non-DFG platforms that error out on warn-unused-parameter.
959 * bytecode/CallLinkStatus.cpp:
960 (JSC::CallLinkStatus::computeFor):
961 * bytecode/GetByIdStatus.cpp:
962 (JSC::GetByIdStatus::computeFor):
963 * bytecode/MethodCallLinkStatus.cpp:
964 (JSC::MethodCallLinkStatus::computeFor):
965 * bytecode/PutByIdStatus.cpp:
966 (JSC::PutByIdStatus::computeFor):
968 2012-01-22 Filip Pizlo <fpizlo@apple.com>
970 Build fix for non-DFG platforms.
972 * bytecode/CallLinkStatus.cpp:
973 (JSC::CallLinkStatus::computeFor):
974 * bytecode/GetByIdStatus.cpp:
975 (JSC::GetByIdStatus::computeFor):
976 * bytecode/MethodCallLinkStatus.cpp:
977 (JSC::MethodCallLinkStatus::computeFor):
978 * bytecode/PutByIdStatus.cpp:
979 (JSC::PutByIdStatus::computeFor):
981 2012-01-20 Filip Pizlo <fpizlo@apple.com>
983 DFG should not have code that directly decodes the states of old JIT inline
984 cache data structures
985 https://bugs.webkit.org/show_bug.cgi?id=76768
987 Reviewed by Sam Weinig.
989 Introduced new classes (like GetByIdStatus) that encapsulate the set of things
990 that the DFG would like to know about property accesses and calls. Whereas it
991 previously got this information by directly decoding the data structures used
992 by the old JIT for inline caching, it now uses these classes, which do the work
993 for it. This should make it somewhat more straight forward to introduce new
994 ways of profiling the same information.
996 Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by
999 Making this work right involved carefully ensuring that the heuristics for
1000 choosing how to handle property accesses was at least as good as what we had
1001 before, since I completely restructured that code. Currently the performance
1002 looks neutral. Since I rewrote the code I did change some things that I never
1003 liked before, like previously if a put_bu_id had executed exactly once then
1004 we'd compile it as if it had taken slow-path. Executing once is special because
1005 then the inline cache is not baked in, so there is no information about how the
1006 DFG should optimize the code. Now this is rationalized: if the put_by_id does
1007 not offer enough information to be optimized (i.e. had executed 0 or 1 times)
1008 then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id
1009 still has the old behavior; I left it that way because I didn't want to make
1010 too many changes at once.
1013 * GNUmakefile.list.am:
1014 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1015 * JavaScriptCore.xcodeproj/project.pbxproj:
1017 * bytecode/CallLinkStatus.cpp: Added.
1018 (JSC::CallLinkStatus::computeFor):
1019 * bytecode/CallLinkStatus.h: Added.
1020 (JSC::CallLinkStatus::CallLinkStatus):
1021 (JSC::CallLinkStatus::isSet):
1022 (JSC::CallLinkStatus::operator!):
1023 (JSC::CallLinkStatus::couldTakeSlowPath):
1024 (JSC::CallLinkStatus::callTarget):
1025 * bytecode/GetByIdStatus.cpp: Added.
1026 (JSC::GetByIdStatus::computeFor):
1027 * bytecode/GetByIdStatus.h: Added.
1028 (JSC::GetByIdStatus::GetByIdStatus):
1029 (JSC::GetByIdStatus::state):
1030 (JSC::GetByIdStatus::isSet):
1031 (JSC::GetByIdStatus::operator!):
1032 (JSC::GetByIdStatus::isSimpleDirect):
1033 (JSC::GetByIdStatus::takesSlowPath):
1034 (JSC::GetByIdStatus::makesCalls):
1035 (JSC::GetByIdStatus::structureSet):
1036 (JSC::GetByIdStatus::offset):
1037 * bytecode/MethodCallLinkStatus.cpp: Added.
1038 (JSC::MethodCallLinkStatus::computeFor):
1039 * bytecode/MethodCallLinkStatus.h: Added.
1040 (JSC::MethodCallLinkStatus::MethodCallLinkStatus):
1041 (JSC::MethodCallLinkStatus::isSet):
1042 (JSC::MethodCallLinkStatus::operator!):
1043 (JSC::MethodCallLinkStatus::needsPrototypeCheck):
1044 (JSC::MethodCallLinkStatus::structure):
1045 (JSC::MethodCallLinkStatus::prototypeStructure):
1046 (JSC::MethodCallLinkStatus::function):
1047 (JSC::MethodCallLinkStatus::prototype):
1048 * bytecode/PutByIdStatus.cpp: Added.
1049 (JSC::PutByIdStatus::computeFor):
1050 * bytecode/PutByIdStatus.h: Added.
1051 (JSC::PutByIdStatus::PutByIdStatus):
1052 (JSC::PutByIdStatus::state):
1053 (JSC::PutByIdStatus::isSet):
1054 (JSC::PutByIdStatus::operator!):
1055 (JSC::PutByIdStatus::isSimpleReplace):
1056 (JSC::PutByIdStatus::isSimpleTransition):
1057 (JSC::PutByIdStatus::takesSlowPath):
1058 (JSC::PutByIdStatus::oldStructure):
1059 (JSC::PutByIdStatus::newStructure):
1060 (JSC::PutByIdStatus::structureChain):
1061 (JSC::PutByIdStatus::offset):
1062 * bytecode/StructureSet.h: Added.
1063 (JSC::StructureSet::StructureSet):
1064 (JSC::StructureSet::clear):
1065 (JSC::StructureSet::add):
1066 (JSC::StructureSet::addAll):
1067 (JSC::StructureSet::remove):
1068 (JSC::StructureSet::contains):
1069 (JSC::StructureSet::isSubsetOf):
1070 (JSC::StructureSet::isSupersetOf):
1071 (JSC::StructureSet::size):
1072 (JSC::StructureSet::at):
1073 (JSC::StructureSet::operator[]):
1074 (JSC::StructureSet::last):
1075 (JSC::StructureSet::predictionFromStructures):
1076 (JSC::StructureSet::operator==):
1077 (JSC::StructureSet::dump):
1078 * dfg/DFGAbstractValue.h:
1079 * dfg/DFGByteCodeParser.cpp:
1080 (JSC::DFG::ByteCodeParser::handleCall):
1081 (JSC::DFG::ByteCodeParser::parseBlock):
1082 * dfg/DFGStructureSet.h: Removed.
1084 2012-01-20 Filip Pizlo <fpizlo@apple.com>
1086 JIT compilation should not require ExecState
1087 https://bugs.webkit.org/show_bug.cgi?id=76729
1088 <rdar://problem/10731545>
1090 Reviewed by Gavin Barraclough.
1092 Changed the relevant JIT driver functions to take JSGlobalData& instead of
1093 ExecState*, since really they just needed the global data.
1095 * dfg/DFGDriver.cpp:
1096 (JSC::DFG::compile):
1097 (JSC::DFG::tryCompile):
1098 (JSC::DFG::tryCompileFunction):
1100 (JSC::DFG::tryCompile):
1101 (JSC::DFG::tryCompileFunction):
1103 (JSC::jitCompileIfAppropriate):
1104 (JSC::jitCompileFunctionIfAppropriate):
1105 * runtime/Executable.cpp:
1106 (JSC::EvalExecutable::compileInternal):
1107 (JSC::ProgramExecutable::compileInternal):
1108 (JSC::FunctionExecutable::compileForCallInternal):
1109 (JSC::FunctionExecutable::compileForConstructInternal):
1111 2012-01-20 David Levin <levin@chromium.org>
1113 Make OwnPtr<HDC> work for the Chromium Windows port.
1114 https://bugs.webkit.org/show_bug.cgi?id=76738
1116 Reviewed by Jian Li.
1118 * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the
1119 Chromium Windows build.
1120 * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for
1121 OwnPtr<HDC> and similar constructs.
1123 2012-01-19 Geoffrey Garen <ggaren@apple.com>
1125 Removed some regexp entry boilerplate code
1126 https://bugs.webkit.org/show_bug.cgi?id=76687
1128 Reviewed by Darin Adler.
1130 1% - 2% speedup on regexp tests, no change overall.
1132 * runtime/RegExp.cpp:
1133 (JSC::RegExp::match):
1134 - ASSERT that our startIndex is non-negative, because anything less
1135 would be uncivilized.
1137 - ASSERT that our input is not the null string for the same reason.
1139 - No need to test for startOffset being past the end of the string,
1140 since the regular expression engine will do this test for us.
1142 - No need to initialize the output vector, since the regular expression
1143 engine will fill it in for us.
1145 * yarr/YarrInterpreter.cpp:
1146 (JSC::Yarr::Interpreter::interpret):
1148 (JSC::Yarr::YarrGenerator::compile):
1150 RegExp used to do these jobs for us, but now we do them for ourselves
1151 because it's a better separation of concerns, and the JIT can do them
1152 more efficiently than C++ code:
1154 - Test for "past the end" before doing any matching -- otherwise
1155 a* will match with zero length past the end of the string, which is wrong.
1157 - Initialize the output vector before doing any matching.
1159 2012-01-20 Filip Pizlo <fpizlo@apple.com>
1161 Build fix for no-DFG configuration.
1162 Needed for <rdar://problem/10727689>.
1164 * bytecompiler/BytecodeGenerator.cpp:
1165 (JSC::BytecodeGenerator::emitProfiledOpcode):
1167 (JSC::JIT::emitValueProfilingSite):
1169 2012-01-19 Filip Pizlo <fpizlo@apple.com>
1171 Bytecode instructions that may have value profiling should have a direct inline
1172 link to the ValueProfile instance
1173 https://bugs.webkit.org/show_bug.cgi?id=76682
1174 <rdar://problem/10727689>
1176 Reviewed by Sam Weinig.
1178 Each opcode that gets value profiled now has a link to its ValueProfile. This
1179 required rationalizing the emission of value profiles for opcode combos, like
1180 op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
1181 sense for one of them to have a value profile link, and it makes most sense
1182 for it to be the one that actually sets the result. The previous behavior was
1183 to have op_method_check profile for op_get_by_id when they were used together,
1184 but otherwise for op_get_by_id to have its own profiles. op_call already did
1185 the right thing; all profiling was done by op_call_put_result.
1187 But rationalizing this code required breaking some of the natural boundaries
1188 that the code had; for instance the code in DFG that emits a GetById in place
1189 of both op_method_check and op_get_by_id must now know that it's the latter of
1190 those that has the value profile, while the first of those constitutes the OSR
1191 target. Hence each CodeOrigin must now have two bytecode indices - one for
1192 OSR exit and one for profiling.
1194 Finally this change required some refiddling of our optimization heuristics,
1195 because now all code blocks have "more instructions" due to the value profile
1198 * bytecode/CodeBlock.cpp:
1199 (JSC::CodeBlock::printGetByIdOp):
1200 (JSC::CodeBlock::dump):
1201 * bytecode/CodeBlock.h:
1202 (JSC::CodeBlock::valueProfileForBytecodeOffset):
1203 * bytecode/CodeOrigin.h:
1204 (JSC::CodeOrigin::CodeOrigin):
1205 (JSC::CodeOrigin::bytecodeIndexForValueProfile):
1206 * bytecode/Instruction.h:
1207 (JSC::Instruction::Instruction):
1208 * bytecode/Opcode.h:
1209 * bytecompiler/BytecodeGenerator.cpp:
1210 (JSC::BytecodeGenerator::emitProfiledOpcode):
1211 (JSC::BytecodeGenerator::emitResolve):
1212 (JSC::BytecodeGenerator::emitGetScopedVar):
1213 (JSC::BytecodeGenerator::emitResolveBase):
1214 (JSC::BytecodeGenerator::emitResolveBaseForPut):
1215 (JSC::BytecodeGenerator::emitResolveWithBase):
1216 (JSC::BytecodeGenerator::emitResolveWithThis):
1217 (JSC::BytecodeGenerator::emitGetById):
1218 (JSC::BytecodeGenerator::emitGetByVal):
1219 (JSC::BytecodeGenerator::emitCall):
1220 (JSC::BytecodeGenerator::emitCallVarargs):
1221 (JSC::BytecodeGenerator::emitConstruct):
1222 * bytecompiler/BytecodeGenerator.h:
1223 * dfg/DFGByteCodeParser.cpp:
1224 (JSC::DFG::ByteCodeParser::ByteCodeParser):
1225 (JSC::DFG::ByteCodeParser::currentCodeOrigin):
1226 (JSC::DFG::ByteCodeParser::addCall):
1227 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1228 (JSC::DFG::ByteCodeParser::getPrediction):
1229 (JSC::DFG::ByteCodeParser::handleCall):
1230 (JSC::DFG::ByteCodeParser::handleInlining):
1231 (JSC::DFG::ByteCodeParser::parseBlock):
1232 (JSC::DFG::ByteCodeParser::parse):
1234 (JSC::DFG::Graph::valueProfileFor):
1236 (JSC::JIT::emitValueProfilingSite):
1238 (JSC::JIT::emit_op_call_put_result):
1239 * jit/JITCall32_64.cpp:
1240 (JSC::JIT::emit_op_call_put_result):
1241 * jit/JITInlineMethods.h:
1242 (JSC::JIT::emitValueProfilingSite):
1243 * jit/JITOpcodes.cpp:
1244 (JSC::JIT::emit_op_resolve):
1245 (JSC::JIT::emit_op_resolve_base):
1246 (JSC::JIT::emit_op_resolve_skip):
1247 (JSC::JIT::emit_op_resolve_global):
1248 (JSC::JIT::emitSlow_op_resolve_global):
1249 (JSC::JIT::emit_op_resolve_with_base):
1250 (JSC::JIT::emit_op_resolve_with_this):
1251 (JSC::JIT::emitSlow_op_resolve_global_dynamic):
1252 * jit/JITOpcodes32_64.cpp:
1253 (JSC::JIT::emit_op_resolve):
1254 (JSC::JIT::emit_op_resolve_base):
1255 (JSC::JIT::emit_op_resolve_skip):
1256 (JSC::JIT::emit_op_resolve_global):
1257 (JSC::JIT::emitSlow_op_resolve_global):
1258 (JSC::JIT::emit_op_resolve_with_base):
1259 (JSC::JIT::emit_op_resolve_with_this):
1260 * jit/JITPropertyAccess.cpp:
1261 (JSC::JIT::emit_op_get_by_val):
1262 (JSC::JIT::emitSlow_op_get_by_val):
1263 (JSC::JIT::emit_op_method_check):
1264 (JSC::JIT::emitSlow_op_method_check):
1265 (JSC::JIT::emit_op_get_by_id):
1266 (JSC::JIT::emitSlow_op_get_by_id):
1267 (JSC::JIT::emit_op_get_scoped_var):
1268 (JSC::JIT::emit_op_get_global_var):
1269 * jit/JITPropertyAccess32_64.cpp:
1270 (JSC::JIT::emit_op_method_check):
1271 (JSC::JIT::emitSlow_op_method_check):
1272 (JSC::JIT::emit_op_get_by_val):
1273 (JSC::JIT::emitSlow_op_get_by_val):
1274 (JSC::JIT::emit_op_get_by_id):
1275 (JSC::JIT::emitSlow_op_get_by_id):
1276 (JSC::JIT::emit_op_get_scoped_var):
1277 (JSC::JIT::emit_op_get_global_var):
1278 * jit/JITStubCall.h:
1279 (JSC::JITStubCall::callWithValueProfiling):
1280 * runtime/Options.cpp:
1281 (JSC::Options::initializeOptions):
1283 2012-01-20 ChangSeok Oh <shivamidow@gmail.com>
1285 undefined reference to symbol eina_module_free
1286 https://bugs.webkit.org/show_bug.cgi?id=76681
1288 Reviewed by Martin Robinson.
1290 eina_module_free has been used without including eina libraries after r104936.
1292 * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES.
1294 2012-01-19 Tony Chang <tony@chromium.org>
1296 [chromium] Remove an obsolete comment about features.gypi
1297 https://bugs.webkit.org/show_bug.cgi?id=76643
1299 There can be only one features.gypi.
1301 Reviewed by James Robinson.
1303 * JavaScriptCore.gyp/JavaScriptCore.gyp:
1305 2012-01-19 Geoffrey Garen <ggaren@apple.com>
1307 Implicit creation of a regular expression should eagerly check for syntax errors
1308 https://bugs.webkit.org/show_bug.cgi?id=76642
1310 Reviewed by Oliver Hunt.
1312 This is a correctness fix and a slight optimization.
1314 * runtime/StringPrototype.cpp:
1315 (JSC::stringProtoFuncMatch):
1316 (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
1319 * runtime/RegExp.cpp:
1320 (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
1321 of code change, many lines of indentation change.)
1323 Since we have no clients that try to match a RegExp that is a syntax error,
1324 let's optimize out the check.
1326 2012-01-19 Mark Hahnenberg <mhahnenberg@apple.com>
1328 Implement a new allocator for backing stores
1329 https://bugs.webkit.org/show_bug.cgi?id=75181
1331 Reviewed by Filip Pizlo.
1333 We want to move away from using fastMalloc for the backing stores for
1334 some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing
1335 stores have a nice property in that they only have a single owner (i.e. a
1336 single pointer to them at any one time). One way that we can take advantage
1337 of this property is to implement a simple bump allocator/copying collector,
1338 which will run alongside our normal mark/sweep collector, that only needs to
1339 update the single owner pointer rather than having to redirect an arbitrary
1340 number of pointers in from-space to to-space.
1342 This plan can give us a number of benefits. We can beat fastMalloc in terms
1343 of both performance and memory usage, we can track how much memory we're using
1344 far more accurately than our rough estimation now through the use of
1345 reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed
1346 to being limited to size classes like we have been historically). This is also
1347 another step toward moving away from lazy destruction, which will improve our memory footprint.
1349 We start by creating said allocator and moving the ArrayStorage for JSArray
1350 to use it rather than fastMalloc.
1352 The design of the collector is as follows:
1354 -The collector allocates 64KB chunks from the OS to use for object allocation.
1355 -Each chunk contains an offset, a flag indicating if the block has been pinned,
1356 and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
1357 -Any allocation greater than 64KB gets its own separate oversize block, which
1358 is managed separately from the rest.
1359 -If the allocator receives a request for more than the remaining amount in the
1360 current block, it grabs a fresh block.
1361 -Grabbing a fresh block means grabbing one off of the global free list (which is now
1362 shared between the mark/sweep allocator and the bump allocator) if there is one.
1363 If there isn't a new one we do one of two things: allocate a new block from the OS
1364 if we're not ready for a GC yet, or run a GC and then try again. If we still don't
1365 have enough space after the GC, we allocate a new block from the OS.
1368 -At the start of garbage collection during conservative stack scanning, if we encounter
1369 what appears to be a pointer to a bump-allocated block of memory, we pin that block so
1370 that it will not be copied for this round of collection.
1371 -We also pin any oversize blocks that we encounter, which effectively doubles as a
1372 "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying
1373 are given back to the OS.
1374 -Marking threads are now also responsible for copying bump-allocated objects to newSpace
1375 -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
1376 -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
1377 -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
1378 -At the conclusion of copying (which is done by the end of the marking phase), we un-pin
1379 any pinned blocks and give any blocks left in from-space to the global free list.
1382 * GNUmakefile.list.am:
1383 * JavaScriptCore.gypi:
1384 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1385 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1386 * JavaScriptCore.xcodeproj/project.pbxproj:
1388 * heap/AllocationSpace.cpp:
1389 (JSC::AllocationSpace::allocateSlowCase):
1390 (JSC::AllocationSpace::allocateBlock):
1391 (JSC::AllocationSpace::freeBlocks):
1392 * heap/AllocationSpace.h:
1393 (JSC::AllocationSpace::waterMark):
1394 * heap/BumpBlock.h: Added.
1395 (JSC::BumpBlock::BumpBlock):
1396 * heap/BumpSpace.cpp: Added.
1397 (JSC::BumpSpace::tryAllocateSlowCase):
1398 * heap/BumpSpace.h: Added.
1399 (JSC::BumpSpace::isInCopyPhase):
1400 (JSC::BumpSpace::totalMemoryAllocated):
1401 (JSC::BumpSpace::totalMemoryUtilized):
1402 * heap/BumpSpaceInlineMethods.h: Added.
1403 (JSC::BumpSpace::BumpSpace):
1404 (JSC::BumpSpace::init):
1405 (JSC::BumpSpace::contains):
1406 (JSC::BumpSpace::pin):
1407 (JSC::BumpSpace::startedCopying):
1408 (JSC::BumpSpace::doneCopying):
1409 (JSC::BumpSpace::doneFillingBlock):
1410 (JSC::BumpSpace::recycleBlock):
1411 (JSC::BumpSpace::getFreshBlock):
1412 (JSC::BumpSpace::borrowBlock):
1413 (JSC::BumpSpace::addNewBlock):
1414 (JSC::BumpSpace::allocateNewBlock):
1415 (JSC::BumpSpace::fitsInBlock):
1416 (JSC::BumpSpace::fitsInCurrentBlock):
1417 (JSC::BumpSpace::tryAllocate):
1418 (JSC::BumpSpace::tryAllocateOversize):
1419 (JSC::BumpSpace::allocateFromBlock):
1420 (JSC::BumpSpace::tryReallocate):
1421 (JSC::BumpSpace::tryReallocateOversize):
1422 (JSC::BumpSpace::isOversize):
1423 (JSC::BumpSpace::isPinned):
1424 (JSC::BumpSpace::oversizeBlockFor):
1425 (JSC::BumpSpace::blockFor):
1426 * heap/ConservativeRoots.cpp:
1427 (JSC::ConservativeRoots::ConservativeRoots):
1428 (JSC::ConservativeRoots::genericAddPointer):
1429 (JSC::ConservativeRoots::add):
1430 * heap/ConservativeRoots.h:
1433 (JSC::Heap::blockFreeingThreadMain):
1434 (JSC::Heap::reportExtraMemoryCostSlowCase):
1435 (JSC::Heap::getConservativeRegisterRoots):
1436 (JSC::Heap::markRoots):
1437 (JSC::Heap::collect):
1438 (JSC::Heap::releaseFreeBlocks):
1440 (JSC::Heap::waterMark):
1441 (JSC::Heap::highWaterMark):
1442 (JSC::Heap::setHighWaterMark):
1443 (JSC::Heap::tryAllocateStorage):
1444 (JSC::Heap::tryReallocateStorage):
1445 * heap/HeapBlock.h: Added.
1446 (JSC::HeapBlock::HeapBlock):
1447 * heap/MarkStack.cpp:
1448 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
1449 (JSC::SlotVisitor::drain):
1450 (JSC::SlotVisitor::drainFromShared):
1451 (JSC::SlotVisitor::startCopying):
1452 (JSC::SlotVisitor::allocateNewSpace):
1453 (JSC::SlotVisitor::copy):
1454 (JSC::SlotVisitor::copyAndAppend):
1455 (JSC::SlotVisitor::doneCopying):
1457 * heap/MarkedBlock.cpp:
1458 (JSC::MarkedBlock::recycle):
1459 (JSC::MarkedBlock::MarkedBlock):
1460 * heap/MarkedBlock.h:
1461 * heap/MarkedSpace.cpp:
1462 (JSC::MarkedSpace::MarkedSpace):
1463 * heap/MarkedSpace.h:
1464 (JSC::MarkedSpace::allocate):
1465 (JSC::MarkedSpace::forEachBlock):
1466 (JSC::MarkedSpace::SizeClass::resetAllocator):
1467 * heap/SlotVisitor.h:
1468 (JSC::SlotVisitor::SlotVisitor):
1469 * heap/TinyBloomFilter.h:
1470 (JSC::TinyBloomFilter::reset):
1471 * runtime/JSArray.cpp:
1472 (JSC::JSArray::JSArray):
1473 (JSC::JSArray::finishCreation):
1474 (JSC::JSArray::tryFinishCreationUninitialized):
1475 (JSC::JSArray::~JSArray):
1476 (JSC::JSArray::enterSparseMode):
1477 (JSC::JSArray::defineOwnNumericProperty):
1478 (JSC::JSArray::setLengthWritable):
1479 (JSC::JSArray::getOwnPropertySlotByIndex):
1480 (JSC::JSArray::getOwnPropertyDescriptor):
1481 (JSC::JSArray::putByIndexBeyondVectorLength):
1482 (JSC::JSArray::deletePropertyByIndex):
1483 (JSC::JSArray::getOwnPropertyNames):
1484 (JSC::JSArray::increaseVectorLength):
1485 (JSC::JSArray::unshiftCountSlowCase):
1486 (JSC::JSArray::setLength):
1487 (JSC::JSArray::pop):
1488 (JSC::JSArray::unshiftCount):
1489 (JSC::JSArray::visitChildren):
1490 (JSC::JSArray::sortNumeric):
1491 (JSC::JSArray::sort):
1492 (JSC::JSArray::compactForSorting):
1493 (JSC::JSArray::subclassData):
1494 (JSC::JSArray::setSubclassData):
1495 (JSC::JSArray::checkConsistency):
1496 * runtime/JSArray.h:
1497 (JSC::JSArray::inSparseMode):
1498 (JSC::JSArray::isLengthWritable):
1499 * wtf/CheckedBoolean.h: Added.
1500 (CheckedBoolean::CheckedBoolean):
1501 (CheckedBoolean::~CheckedBoolean):
1502 (CheckedBoolean::operator bool):
1503 * wtf/DoublyLinkedList.h:
1505 * wtf/StdLibExtras.h:
1506 (WTF::isPointerAligned):
1508 2012-01-19 Joi Sigurdsson <joi@chromium.org>
1510 Enable use of precompiled headers in Chromium port on Windows.
1512 Bug 76381 - Use precompiled headers in Chromium port on Windows
1513 https://bugs.webkit.org/show_bug.cgi?id=76381
1515 Reviewed by Tony Chang.
1517 * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi.
1519 2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
1521 Cross-platform processor core counter fix
1522 https://bugs.webkit.org/show_bug.cgi?id=76540
1524 Reviewed by Zoltan Herczeg.
1526 I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)"
1527 and I removed the OS checking macros from ParallelJobsGeneric.cpp because
1528 the NumberOfCores.cpp contains them for counting CPU cores.
1529 The processor core counter patch located at
1530 https://bugs.webkit.org/show_bug.cgi?id=76530
1532 * wtf/NumberOfCores.cpp:
1533 * wtf/ParallelJobsGeneric.cpp:
1535 2012-01-18 Csaba Osztrogonác <ossy@webkit.org>
1537 Cross-platform processor core counter
1538 https://bugs.webkit.org/show_bug.cgi?id=76530
1540 Unreviewed cross-MinGW buildfix after r105270.
1542 * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h.
1544 2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
1546 Cross-platform processor core counter
1547 https://bugs.webkit.org/show_bug.cgi?id=76530
1549 Reviewed by Zoltan Herczeg.
1551 Two files have been created that include the processor core counter function.
1552 It used to be in ParallelJobsGeneric.h/cpp before.
1554 * GNUmakefile.list.am:
1555 * JavaScriptCore.gypi:
1556 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1557 * JavaScriptCore.xcodeproj/project.pbxproj:
1558 * runtime/Options.cpp:
1559 (JSC::Options::initializeOptions):
1560 * wtf/CMakeLists.txt:
1561 * wtf/NumberOfCores.cpp: Added.
1562 (WTF::numberOfProcessorCores):
1563 * wtf/NumberOfCores.h: Added.
1564 * wtf/ParallelJobsGeneric.cpp:
1565 (WTF::ParallelEnvironment::ParallelEnvironment):
1566 * wtf/ParallelJobsGeneric.h:
1568 2012-01-18 Balazs Kelemen <kbalazs@webkit.org>
1570 [Qt] Consolidate layout test crash logging
1571 https://bugs.webkit.org/show_bug.cgi?id=75088
1573 Reviewed by Simon Hausmann.
1575 Move backtrace generating logic into WTFReportBacktrace
1576 and add a way to deinstall signal handlers if we know
1577 that we have already printed the backtrace.
1579 * JavaScriptCore.exp:
1580 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1581 * wtf/Assertions.cpp:
1582 (WTFLogLocker::WTFReportBacktrace):
1583 (WTFLogLocker::WTFSetCrashHook):
1584 (WTFLogLocker::WTFInvokeCrashHook):
1587 2012-01-17 Geoffrey Garen <ggaren@apple.com>
1589 Factored out some code into a helper function.
1591 I think this might help getting rid of omit-frame-pointer.
1593 Reviewed by Sam Weinig.
1595 No benchmark change.
1597 * runtime/StringPrototype.cpp:
1598 (JSC::removeUsingRegExpSearch): Moved to here...
1599 (JSC::replaceUsingRegExpSearch): ...from here.
1601 2012-01-17 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
1603 Uint8ClampedArray support
1604 https://bugs.webkit.org/show_bug.cgi?id=74455
1606 Reviewed by Filip Pizlo.
1608 * GNUmakefile.list.am:
1609 * JavaScriptCore.xcodeproj/project.pbxproj:
1610 * bytecode/PredictedType.cpp:
1611 (JSC::predictionToString):
1612 (JSC::predictionFromClassInfo):
1613 * bytecode/PredictedType.h:
1614 (JSC::isUint8ClampedArrayPrediction):
1615 (JSC::isActionableMutableArrayPrediction):
1616 * dfg/DFGAbstractState.cpp:
1617 (JSC::DFG::AbstractState::initialize):
1618 (JSC::DFG::AbstractState::execute):
1620 (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
1621 * dfg/DFGPropagator.cpp:
1622 (JSC::DFG::Propagator::propagateNodePredictions):
1623 (JSC::DFG::Propagator::fixupNode):
1624 (JSC::DFG::Propagator::performNodeCSE):
1625 * dfg/DFGSpeculativeJIT.cpp:
1626 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1627 (JSC::DFG::clampDoubleToByte):
1628 (JSC::DFG::compileClampIntegerToByte):
1629 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1630 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1631 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
1632 * dfg/DFGSpeculativeJIT.h:
1633 * dfg/DFGSpeculativeJIT32_64.cpp:
1634 (JSC::DFG::SpeculativeJIT::compile):
1635 * dfg/DFGSpeculativeJIT64.cpp:
1636 (JSC::DFG::SpeculativeJIT::compile):
1638 * runtime/JSGlobalData.h:
1641 * wtf/Uint8ClampedArray.h: Added.
1642 (WTF::Uint8ClampedArray::set):
1643 (WTF::Uint8ClampedArray::create):
1644 (WTF::Uint8ClampedArray::Uint8ClampedArray):
1645 (WTF::Uint8ClampedArray::subarray):
1647 2012-01-17 Sam Weinig <sam@webkit.org>
1649 Add helper macro for forward declaring objective-c classes
1650 https://bugs.webkit.org/show_bug.cgi?id=76485
1652 Reviewed by Anders Carlsson.
1655 Add OBJC_CLASS macro which helps reduce code when forward declaring an
1656 objective-c class in a header which can be included from both Objective-C
1657 and non-Objective-C files.
1659 2012-01-17 Filip Pizlo <fpizlo@apple.com>
1661 DFG should be able to do JS and custom getter caching
1662 https://bugs.webkit.org/show_bug.cgi?id=76361
1664 Reviewed by Csaba Osztrogonác.
1668 * dfg/DFGRepatch.cpp:
1669 (JSC::DFG::tryBuildGetByIDList):
1670 * dfg/DFGSpeculativeJIT32_64.cpp:
1671 (JSC::DFG::SpeculativeJIT::compile):
1673 2012-01-15 Filip Pizlo <fpizlo@apple.com>
1675 DFG should be able to do JS and custom getter caching
1676 https://bugs.webkit.org/show_bug.cgi?id=76361
1677 <rdar://problem/10698060>
1679 Reviewed by Geoff Garen.
1681 Added the ability to cache JS getter calls and custom getter calls in the DFG.
1682 Most of this is pretty mundane, since the old JIT supported this functionality
1683 as well. But a couple interesting things had to happen:
1685 - There are now two variants of GetById: GetById, which works as before, and
1686 GetByIdFlush, which flushes registers prior to doing the GetById. Only
1687 GetByIdFlush can be used for caching getters. We detect which GetById style
1688 to use by looking at the inline caches of the old JIT.
1690 - Exception handling for getter calls planted in stubs uses a separate lookup
1691 handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
1693 This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
1694 the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
1697 * bytecode/StructureStubInfo.h:
1698 * dfg/DFGAbstractState.cpp:
1699 (JSC::DFG::AbstractState::execute):
1700 * dfg/DFGAssemblyHelpers.h:
1701 (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
1702 * dfg/DFGByteCodeParser.cpp:
1703 (JSC::DFG::ByteCodeParser::willNeedFlush):
1704 (JSC::DFG::ByteCodeParser::parseBlock):
1705 * dfg/DFGCCallHelpers.h:
1706 (JSC::DFG::CCallHelpers::setupResults):
1707 * dfg/DFGJITCompiler.cpp:
1708 (JSC::DFG::JITCompiler::link):
1709 * dfg/DFGJITCompiler.h:
1710 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
1711 (JSC::DFG::JITCompiler::addExceptionCheck):
1713 (JSC::DFG::Node::hasIdentifier):
1714 (JSC::DFG::Node::hasHeapPrediction):
1715 * dfg/DFGOperations.cpp:
1716 * dfg/DFGOperations.h:
1717 * dfg/DFGPropagator.cpp:
1718 (JSC::DFG::Propagator::propagateNodePredictions):
1719 * dfg/DFGRepatch.cpp:
1720 (JSC::DFG::tryCacheGetByID):
1721 (JSC::DFG::tryBuildGetByIDList):
1722 * dfg/DFGSpeculativeJIT.h:
1723 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
1724 * dfg/DFGSpeculativeJIT32_64.cpp:
1725 (JSC::DFG::SpeculativeJIT::cachedGetById):
1726 (JSC::DFG::SpeculativeJIT::compile):
1727 * dfg/DFGSpeculativeJIT64.cpp:
1728 (JSC::DFG::SpeculativeJIT::cachedGetById):
1729 (JSC::DFG::SpeculativeJIT::compile):
1731 2012-01-16 Jon Lee <jonlee@apple.com>
1733 Build fix for r105086.
1735 * Configurations/FeatureDefines.xcconfig:
1738 2012-01-16 Jon Lee <jonlee@apple.com>
1740 Remove HTML notifications support on Mac
1741 https://bugs.webkit.org/show_bug.cgi?id=76401
1742 <rdar://problem/10589881>
1744 Reviewed by Sam Weinig.
1746 * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro.
1748 2012-01-16 Zeno Albisser <zeno@webkit.org>
1750 [Qt] Fix QT_VERSION related warnings when building on Mac OS X
1751 https://bugs.webkit.org/show_bug.cgi?id=76340
1753 This bug was caused by r104826.
1754 As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239
1755 we should not use "using namespace WebCore" in header files,
1756 because it might cause ambiguous references.
1757 This patch reverts the changes from r104826 and r104981
1758 and removes the "using namespace WebCore" statement from
1761 Reviewed by Tor Arne Vestbø.
1765 2012-01-16 Carlos Garcia Campos <cgarcia@igalia.com>
1767 Unreviewed. Fix make distcheck.
1769 * GNUmakefile.list.am: Fix typo.
1771 2012-01-16 Pavel Heimlich <tropikhajma@gmail.com>
1773 Solaris Studio supports alignment macros too
1774 https://bugs.webkit.org/show_bug.cgi?id=75453
1776 Reviewed by Hajime Morita.
1780 2012-01-16 Yuqiang Xian <yuqiang.xian@intel.com>
1782 Build fix on 32bit if verbose debug is enabled in DFG
1783 https://bugs.webkit.org/show_bug.cgi?id=76351
1785 Reviewed by Hajime Morita.
1787 Mostly change "%lu" to "%zu" to print a "size_t" variable.
1789 * dfg/DFGAbstractState.cpp:
1790 (JSC::DFG::AbstractState::endBasicBlock):
1791 * dfg/DFGByteCodeParser.cpp:
1792 (JSC::DFG::ByteCodeParser::handleCall):
1793 (JSC::DFG::ByteCodeParser::handleInlining):
1794 (JSC::DFG::ByteCodeParser::parseBlock):
1795 (JSC::DFG::ByteCodeParser::parseCodeBlock):
1797 (JSC::DFG::Graph::predictArgumentTypes):
1798 * dfg/DFGJITCompiler.cpp:
1799 (JSC::DFG::JITCompiler::link):
1800 * dfg/DFGOSREntry.cpp:
1801 (JSC::DFG::prepareOSREntry):
1803 2012-01-15 Filip Pizlo <fpizlo@apple.com>
1805 The C calling convention logic in DFG::SpeculativeJIT should be available even
1806 when not generating code for the DFG speculative path
1807 https://bugs.webkit.org/show_bug.cgi?id=76355
1809 Reviewed by Dan Bernstein.
1811 Moved all of the logic for placing C call arguments into the right place (stack
1812 or registers) into a new class, DFG::CCallHelpers. This class inherits from
1813 AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved
1814 this code into AssemblyHelpers, but decided against it, because I wanted to
1815 limit the number of methods each class in the JIT has. Hence now we have a
1816 slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction
1817 emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers
1818 (understands calls to C functions) <= JITCompiler (can compile a graph to machine
1819 code). Each of these except for JITCompiler can be reused for stub compilation.
1821 * GNUmakefile.list.am:
1822 * JavaScriptCore.xcodeproj/project.pbxproj:
1823 * dfg/DFGCCallHelpers.h: Added.
1824 (JSC::DFG::CCallHelpers::CCallHelpers):
1825 (JSC::DFG::CCallHelpers::resetCallArguments):
1826 (JSC::DFG::CCallHelpers::addCallArgument):
1827 (JSC::DFG::CCallHelpers::setupArguments):
1828 (JSC::DFG::CCallHelpers::setupArgumentsExecState):
1829 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1830 (JSC::DFG::CCallHelpers::setupTwoStubArgs):
1831 (JSC::DFG::CCallHelpers::setupStubArguments):
1832 * dfg/DFGJITCompiler.h:
1833 (JSC::DFG::JITCompiler::JITCompiler):
1834 * dfg/DFGSpeculativeJIT.h:
1835 (JSC::DFG::SpeculativeJIT::callOperation):
1837 2012-01-15 Pablo Flouret <pablof@motorola.com>
1839 Fix compilation errors on build-webkit --debug --no-video on mac.
1840 https://bugs.webkit.org/show_bug.cgi?id=75867
1842 Reviewed by Philippe Normand.
1844 Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature
1845 doesn't build without video.
1849 2012-01-14 David Levin <levin@chromium.org>
1851 HWndDC should be in platform/win instead of wtf.
1852 https://bugs.webkit.org/show_bug.cgi?id=76314
1854 Reviewed by Sam Weinig.
1856 * JavaScriptCore.gyp/JavaScriptCore.gyp:
1857 * JavaScriptCore.gypi:
1859 2012-01-13 David Levin <levin@chromium.org>
1861 check-webkit-style: should encourage the use of Own* classes for Windows DC.
1862 https://bugs.webkit.org/show_bug.cgi?id=76227
1864 Reviewed by Dirk Pranke.
1866 * wtf/win/HWndDCWin.h:
1867 (WTF::HwndDC::HwndDC): Add a way to do GetDCEx.
1868 There are no users, but I want to catch this in check-webkit-style
1869 and tell any users to use HwndDC to avoid leaks.
1871 2012-01-13 David Levin <levin@chromium.org>
1873 Header file is missing header guard.
1875 Reviewed by Dirk Pranke.
1877 * wtf/win/HWndDCWin.h: Added the guards.
1879 2012-01-13 Andy Wingo <wingo@igalia.com>
1881 Eval in strict mode does not need dynamic checks
1882 https://bugs.webkit.org/show_bug.cgi?id=76286
1884 Reviewed by Oliver Hunt.
1886 * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation):
1887 Eval in strict mode cannot introduce variables, so it not impose
1888 the need for dynamic checks.
1890 2012-01-13 David Levin <levin@chromium.org>
1892 HWndDC is a better name than HwndDC.
1893 https://bugs.webkit.org/show_bug.cgi?id=76281
1895 Reviewed by Darin Adler.
1897 * JavaScriptCore.gyp/JavaScriptCore.gyp:
1898 * JavaScriptCore.gypi:
1899 * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h.
1900 (WTF::HWndDC::HWndDC):
1901 (WTF::HWndDC::~HWndDC):
1902 (WTF::HWndDC::operator HDC):
1904 2012-01-13 YoungTaeck Song <youngtaeck.song@samsung.com>
1906 [EFL] Add OwnPtr specialization for Eina_Module.
1907 https://bugs.webkit.org/show_bug.cgi?id=76255
1909 Reviewed by Andreas Kling.
1911 Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port.
1913 * wtf/OwnPtrCommon.h:
1914 * wtf/efl/OwnPtrEfl.cpp:
1915 (WTF::deleteOwnedPtr):
1917 2012-01-13 Yuqiang Xian <yuqiang.xian@intel.com>
1919 Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined
1922 (JSC::DEFINE_STUB_FUNCTION):
1924 2012-01-12 Hajime Morrita <morrita@chromium.org>
1926 JavaScriptCore: Mark all exported symbols in the header file automatically.
1927 https://bugs.webkit.org/show_bug.cgi?id=72855
1929 Reviewed by Darin Adler.
1931 Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
1932 The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)
1934 * API/OpaqueJSString.h:
1935 * bytecode/CodeBlock.h:
1936 * bytecode/SamplingTool.h:
1937 * debugger/Debugger.h:
1938 * debugger/DebuggerActivation.h:
1939 * debugger/DebuggerCallFrame.h:
1940 * heap/AllocationSpace.h:
1941 * heap/HandleHeap.h:
1943 * heap/MachineStackMarker.h:
1945 * heap/VTableSpectrum.h:
1946 * heap/WriteBarrierSupport.h:
1948 * parser/ParserArena.h:
1949 * profiler/Profile.h:
1950 * runtime/ArgList.h:
1951 * runtime/CallData.h:
1952 * runtime/Completion.h:
1953 * runtime/ConstructData.h:
1954 * runtime/DateInstance.h:
1956 * runtime/ExceptionHelpers.h:
1957 * runtime/FunctionConstructor.h:
1958 * runtime/Identifier.h:
1959 * runtime/InitializeThreading.h:
1960 * runtime/InternalFunction.h:
1961 * runtime/JSArray.h:
1962 * runtime/JSByteArray.h:
1964 * runtime/JSFunction.h:
1965 * runtime/JSGlobalData.cpp:
1966 * runtime/JSGlobalData.h:
1967 * runtime/JSGlobalObject.h:
1968 * runtime/JSGlobalThis.h:
1970 * runtime/JSObject.h:
1971 * runtime/JSString.h:
1972 * runtime/JSValue.h:
1973 * runtime/JSVariableObject.h:
1975 * runtime/MemoryStatistics.h:
1976 * runtime/ObjectPrototype.h:
1977 * runtime/Options.h:
1978 * runtime/PropertyDescriptor.h:
1979 * runtime/PropertyNameArray.h:
1980 * runtime/PropertySlot.h:
1982 * runtime/RegExpObject.h:
1983 * runtime/SamplingCounter.h:
1984 * runtime/SmallStrings.h:
1985 * runtime/StringObject.h:
1986 * runtime/Structure.h:
1987 * runtime/TimeoutChecker.h:
1988 * runtime/UString.h:
1989 * runtime/WriteBarrier.h:
1990 * wtf/ArrayBufferView.h:
1992 * wtf/CryptographicallyRandomNumber.h:
1993 * wtf/CurrentTime.h:
1995 * wtf/DecimalNumber.h:
1996 * wtf/FastMalloc.cpp:
2000 * wtf/MetaAllocator.h:
2001 * wtf/MetaAllocatorHandle.h:
2002 * wtf/OSAllocator.h:
2004 * wtf/RandomNumber.h:
2005 * wtf/RefCountedLeakCounter.h:
2007 * wtf/Threading.cpp:
2009 * wtf/ThreadingPrimitives.h:
2010 * wtf/WTFThreadData.h:
2012 * wtf/text/AtomicString.h:
2013 * wtf/text/CString.h:
2014 * wtf/text/StringBuilder.h:
2015 * wtf/text/StringImpl.h:
2016 * wtf/text/WTFString.h:
2017 * wtf/unicode/Collator.h:
2018 * wtf/unicode/UTF8.h:
2020 * yarr/YarrPattern.h:
2022 2012-01-12 MORITA Hajime <morrita@google.com>
2024 [Chromium] JSExportMacros.h should be visible.
2025 https://bugs.webkit.org/show_bug.cgi?id=76147
2027 Reviewed by Tony Chang.
2031 2012-01-12 David Levin <levin@chromium.org>
2033 HwndDC is a better name than OwnGetDC.
2034 https://bugs.webkit.org/show_bug.cgi?id=76235
2036 Reviewed by Dmitry Titov.
2038 This is a better name for two reasons:
2039 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC).
2040 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr)
2041 classes always take something to hold on to. In this case, the object (the DC)
2042 is created by the class once it is given a Window to ensure that the HDC
2043 was actually created using GetDC.
2045 * JavaScriptCore.gyp/JavaScriptCore.gyp:
2046 * JavaScriptCore.gypi:
2047 * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h.
2048 (WTF::HwndDC::HwndDC):
2049 (WTF::HwndDC::~HwndDC):
2050 (WTF::HwndDC::operator HDC):
2052 2012-01-12 Gavin Barraclough <barraclough@apple.com>
2054 Clean up putDirect (part 2)
2055 https://bugs.webkit.org/show_bug.cgi?id=76232
2057 Reviewed by Sam Weinig.
2059 Rename putWithAttributes to putDirectVirtual, to identify that this
2060 has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
2061 to be templated on an enum indicating which behaviour it is supposed to be
2062 implementing, and change clients that are defining properties to call
2063 putDirectInternal correctly.
2065 * API/JSObjectRef.cpp:
2066 (JSObjectSetProperty):
2067 * JavaScriptCore.exp:
2068 * debugger/DebuggerActivation.cpp:
2069 (JSC::DebuggerActivation::putDirectVirtual):
2070 * debugger/DebuggerActivation.h:
2071 * interpreter/Interpreter.cpp:
2072 (JSC::Interpreter::execute):
2073 * runtime/ClassInfo.h:
2074 * runtime/Error.cpp:
2075 (JSC::addErrorInfo):
2076 * runtime/JSActivation.cpp:
2077 (JSC::JSActivation::putDirectVirtual):
2078 * runtime/JSActivation.h:
2079 * runtime/JSCell.cpp:
2080 (JSC::JSCell::putDirectVirtual):
2082 * runtime/JSGlobalObject.cpp:
2083 (JSC::JSGlobalObject::putDirectVirtual):
2084 * runtime/JSGlobalObject.h:
2085 * runtime/JSObject.cpp:
2086 (JSC::JSObject::put):
2087 (JSC::JSObject::putDirectVirtual):
2088 (JSC::JSObject::defineGetter):
2089 (JSC::JSObject::initializeGetterSetterProperty):
2090 (JSC::JSObject::defineSetter):
2091 (JSC::putDescriptor):
2092 * runtime/JSObject.h:
2093 (JSC::JSObject::putDirectInternal):
2094 (JSC::JSObject::putOwnDataProperty):
2095 (JSC::JSObject::putDirect):
2096 * runtime/JSStaticScopeObject.cpp:
2097 (JSC::JSStaticScopeObject::putDirectVirtual):
2098 * runtime/JSStaticScopeObject.h:
2099 * runtime/JSVariableObject.cpp:
2100 (JSC::JSVariableObject::putDirectVirtual):
2101 * runtime/JSVariableObject.h:
2103 2012-01-12 Gavin Barraclough <barraclough@apple.com>
2105 Clean up putDirect (part 1)
2106 https://bugs.webkit.org/show_bug.cgi?id=76232
2108 Reviewed by Sam Weinig.
2110 putDirect has ambiguous semantics, clean these up a bit.
2112 putDirect generally behaves a bit like a fast defineOwnProperty, but one that
2113 always creates the property, with no checking to validate the put it permitted.
2115 It also encompasses two slightly different behaviors.
2116 (1) a fast form of put for JSActivation, which doesn't have to handle searching
2117 the prototype chain, getter/setter properties, or the magic __proto__ value.
2118 Break this out as a new method, 'putOwnDataProperty'.
2119 (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
2120 values, in strict mode. This is, however, not so smart on a few level, since
2121 it is only called from op_put_by_id with direct set, which is only used with
2122 an object as the base, and is only used to put new properties onto objects.
2124 * dfg/DFGOperations.cpp:
2125 * interpreter/Interpreter.cpp:
2126 (JSC::Interpreter::privateExecute):
2128 (JSC::DEFINE_STUB_FUNCTION):
2129 * runtime/JSActivation.cpp:
2130 (JSC::JSActivation::put):
2131 * runtime/JSFunction.cpp:
2132 (JSC::JSFunction::getOwnPropertySlot):
2133 * runtime/JSObject.h:
2134 (JSC::JSObject::putOwnDataProperty):
2135 * runtime/JSValue.h:
2137 2012-01-12 Gavin Barraclough <barraclough@apple.com>
2139 https://bugs.webkit.org/show_bug.cgi?id=76141
2140 defineSetter/defineGetter may fail to update Accessor attribute
2142 Reviewed by Oliver Hunt.
2144 * runtime/JSObject.cpp:
2145 (JSC::JSObject::defineGetter):
2146 (JSC::JSObject::initializeGetterSetterProperty):
2147 (JSC::JSObject::defineSetter):
2148 * runtime/Structure.cpp:
2149 (JSC::Structure::attributeChangeTransition):
2150 * runtime/Structure.h:
2152 2012-01-12 David Levin <levin@chromium.org>
2154 [chromium] Fix DC leak in WebScreenInfoFactory.
2155 https://bugs.webkit.org/show_bug.cgi?id=76203
2157 Reviewed by Dmitry Titov.
2159 * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h
2160 * JavaScriptCore.gypi: Added OwnGetDCWin.h
2161 * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC.
2163 2012-01-11 Gavin Barraclough <barraclough@apple.com>
2165 Allow accessor get/set property to be set to undefined
2166 https://bugs.webkit.org/show_bug.cgi?id=76148
2168 Reviewed by Oliver Hunt.
2170 AccessorDescriptor properties may have their get & set properties defined to reference a function
2171 (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
2172 (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
2173 three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
2175 On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
2176 any JSObject* (with a constraint that this must be callable).
2178 Logically the get/set property of an accessor descriptor on an object might be in any of the three
2179 states above, but in practice there is no way to distinguish between the first two states. As such
2180 we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
2181 undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
2183 * runtime/GetterSetter.h:
2184 (JSC::GetterSetter::setGetter):
2185 (JSC::GetterSetter::setSetter):
2186 - Allow the getter/setter to be cleared.
2187 * runtime/JSArray.cpp:
2188 (JSC::JSArray::putDescriptor):
2189 - Changed to call getterObject/setterObject.
2190 (JSC::JSArray::defineOwnNumericProperty):
2192 * runtime/JSObject.cpp:
2193 (JSC::putDescriptor):
2194 (JSC::JSObject::defineOwnProperty):
2195 - Changed to call getterObject/setterObject.
2196 * runtime/ObjectConstructor.cpp:
2197 (JSC::objectConstructorGetOwnPropertyDescriptor):
2198 - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
2199 (JSC::toPropertyDescriptor):
2200 - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
2201 * runtime/PropertyDescriptor.cpp:
2202 (JSC::PropertyDescriptor::getterObject):
2203 (JSC::PropertyDescriptor::setterObject):
2204 - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
2205 (JSC::PropertyDescriptor::setDescriptor):
2206 (JSC::PropertyDescriptor::setAccessorDescriptor):
2207 - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
2208 * runtime/PropertyDescriptor.h:
2209 - Declare getterObject/setterObject.
2211 2012-01-12 Zeno Albisser <zeno@webkit.org>
2213 [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560.
2214 https://bugs.webkit.org/show_bug.cgi?id=76175
2216 Defining ENABLE_CSS_FILTERS leads to ambiguous references
2217 due to MacTypes.h being included.
2218 Defining CF_OPEN_SOURCE works around this problem.
2220 Reviewed by Simon Hausmann.
2224 2012-01-12 Simon Hausmann <simon.hausmann@nokia.com>
2226 Make the new WTF module build on Qt
2227 https://bugs.webkit.org/show_bug.cgi?id=76163
2229 Reviewed by Tor Arne Vestbø.
2231 * JavaScriptCore.pro: Removed wtf from the subdirs to build.
2233 2012-01-11 Filip Pizlo <fpizlo@apple.com>
2235 CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter
2236 https://bugs.webkit.org/show_bug.cgi?id=76144
2237 <rdar://problem/10681711>
2239 Rubber stamped by Gavin Barraclough.
2241 * bytecode/CodeBlock.h:
2242 (JSC::CodeBlock::addressOfJITExecuteCounter):
2243 (JSC::CodeBlock::offsetOfJITExecuteCounter):
2244 (JSC::CodeBlock::jitExecuteCounter):
2245 (JSC::CodeBlock::optimizeNextInvocation):
2246 (JSC::CodeBlock::dontOptimizeAnytimeSoon):
2247 (JSC::CodeBlock::optimizeAfterWarmUp):
2248 (JSC::CodeBlock::optimizeAfterLongWarmUp):
2249 (JSC::CodeBlock::optimizeSoon):
2250 * dfg/DFGOSRExitCompiler32_64.cpp:
2251 (JSC::DFG::OSRExitCompiler::compileExit):
2252 * dfg/DFGOSRExitCompiler64.cpp:
2253 (JSC::DFG::OSRExitCompiler::compileExit):
2255 (JSC::JIT::emitOptimizationCheck):
2257 2012-01-11 Gavin Barraclough <barraclough@apple.com>
2259 Merge 'Getter'/'Setter' attributes into 'Accessor'
2260 https://bugs.webkit.org/show_bug.cgi?id=76141
2262 Reviewed by Filip Pizlo.
2264 These are currently ambiguous (and used inconsistently). It would logically appear
2265 that either being bit set implies that the corresponding type of accessor is present
2266 but (a) we don't correctly enforce this, and (b) this means the attributes would not
2267 be able to distinguish between a data descriptor and an accessor descriptor with
2268 neither a getter nor setter defined (which is a descriptor permissible under the spec).
2269 This ambiguity would lead to unsafe property caching behavior (though this does not
2270 represent an actual current bug, since we are currently unable to create descriptors
2271 that have neither a getter nor setter, it just prevents us from doing so).
2273 * runtime/Arguments.cpp:
2274 (JSC::Arguments::createStrictModeCallerIfNecessary):
2275 (JSC::Arguments::createStrictModeCalleeIfNecessary):
2276 * runtime/JSArray.cpp:
2277 (JSC::SparseArrayValueMap::put):
2278 (JSC::JSArray::putDescriptor):
2279 * runtime/JSBoundFunction.cpp:
2280 (JSC::JSBoundFunction::finishCreation):
2281 * runtime/JSFunction.cpp:
2282 (JSC::JSFunction::getOwnPropertySlot):
2283 (JSC::JSFunction::getOwnPropertyDescriptor):
2284 * runtime/JSObject.cpp:
2285 (JSC::JSObject::defineGetter):
2286 (JSC::JSObject::initializeGetterSetterProperty):
2287 (JSC::JSObject::defineSetter):
2288 (JSC::putDescriptor):
2289 (JSC::JSObject::defineOwnProperty):
2290 * runtime/JSObject.h:
2291 * runtime/ObjectConstructor.cpp:
2292 (JSC::objectConstructorDefineProperty):
2293 * runtime/PropertyDescriptor.cpp:
2294 (JSC::PropertyDescriptor::setDescriptor):
2295 (JSC::PropertyDescriptor::setAccessorDescriptor):
2296 (JSC::PropertyDescriptor::setSetter):
2297 (JSC::PropertyDescriptor::setGetter):
2298 (JSC::PropertyDescriptor::attributesOverridingCurrent):
2300 2012-01-11 Gavin Barraclough <barraclough@apple.com>
2302 Object.defineProperty([], 'length', {}) should not make length read-only
2303 https://bugs.webkit.org/show_bug.cgi?id=76097
2305 Reviewed by Oliver Hunt.
2307 * runtime/JSArray.cpp:
2308 (JSC::JSArray::defineOwnProperty):
2309 - We should be checking writablePresent().
2311 2012-01-11 Filip Pizlo <fpizlo@apple.com>
2313 Code duplication for invoking the JIT and DFG should be reduced
2314 https://bugs.webkit.org/show_bug.cgi?id=76117
2315 <rdar://problem/10680189>
2317 Rubber stamped by Geoff Garen.
2319 * GNUmakefile.list.am:
2320 * JavaScriptCore.xcodeproj/project.pbxproj:
2321 * jit/JITDriver.h: Added.
2322 (JSC::jitCompileIfAppropriate):
2323 (JSC::jitCompileFunctionIfAppropriate):
2324 * runtime/Executable.cpp:
2325 (JSC::EvalExecutable::compileInternal):
2326 (JSC::ProgramExecutable::compileInternal):
2327 (JSC::FunctionExecutable::compileForCallInternal):
2328 (JSC::FunctionExecutable::compileForConstructInternal):
2330 2012-01-11 Geoffrey Garen <ggaren@apple.com>
2332 Bytecode dumping is broken for call opcodes (due to two new operands)
2333 https://bugs.webkit.org/show_bug.cgi?id=75886
2335 Reviewed by Oliver Hunt.
2337 * bytecode/CodeBlock.cpp:
2338 (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
2339 to fix this more than once. The helper function skips the extra two operands
2340 at the end of the opcode, used for optimization.
2342 (JSC::CodeBlock::dump): Used the helper function.
2344 * bytecode/CodeBlock.h: Declared the helper function.
2346 2012-01-09 Geoffrey Garen <ggaren@apple.com>
2348 REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
2349 https://bugs.webkit.org/show_bug.cgi?id=75911
2351 * bytecompiler/BytecodeGenerator.h:
2352 (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
2353 explicitly cast to our return type in C++.
2355 * bytecompiler/NodesCodegen.cpp:
2356 (JSC::FunctionCallResolveNode::emitBytecode):
2357 (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
2358 into a temporary register before evaluating our arguments, since argument
2359 evaluation might include function calls or assignments that overwrite our callee by name.
2361 2012-01-11 Michael Saboff <msaboff@apple.com>
2363 v8-regexp spends 35% of its time allocating and copying internal regexp results data
2364 https://bugs.webkit.org/show_bug.cgi?id=76079
2366 Reviewed by Geoffrey Garen.
2368 Added a new RegExpResults struct that has the input string, the number of
2369 subexpressions and the output vector. Changed RegExpConstructor to
2370 include a RegExpConstructorPrivate instead of having a reference to one.
2371 Changed RegExpMatchesArray to include a RegExpResults instead of a
2372 reference to a RegExpConstructorPrivate. Created an overloaded assignment
2373 operator to assign a RegExpConstructorPrivate to a RegExpResults.
2374 Collectively this change is worth 24% performance improvement to v8-regexp.
2376 * runtime/RegExpConstructor.cpp:
2377 (JSC::RegExpResult::operator=):
2378 (JSC::RegExpConstructor::RegExpConstructor):
2379 (JSC::RegExpMatchesArray::RegExpMatchesArray):
2380 (JSC::RegExpMatchesArray::finishCreation):
2381 (JSC::RegExpMatchesArray::~RegExpMatchesArray):
2382 (JSC::RegExpMatchesArray::fillArrayInstance):
2383 (JSC::RegExpConstructor::arrayOfMatches):
2384 (JSC::RegExpConstructor::getBackref):
2385 (JSC::RegExpConstructor::getLastParen):
2386 (JSC::RegExpConstructor::getLeftContext):
2387 (JSC::RegExpConstructor::getRightContext):
2388 (JSC::RegExpConstructor::setInput):
2389 (JSC::RegExpConstructor::input):
2390 (JSC::RegExpConstructor::setMultiline):
2391 (JSC::RegExpConstructor::multiline):
2392 * runtime/RegExpConstructor.h:
2393 (JSC::RegExpResult::RegExpResult):
2394 (JSC::RegExpConstructor::performMatch):
2395 * runtime/RegExpMatchesArray.h:
2396 (JSC::RegExpMatchesArray::create):
2397 (JSC::RegExpMatchesArray::getOwnPropertySlot):
2398 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
2399 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
2400 (JSC::RegExpMatchesArray::put):
2401 (JSC::RegExpMatchesArray::putByIndex):
2402 (JSC::RegExpMatchesArray::deleteProperty):
2403 (JSC::RegExpMatchesArray::deletePropertyByIndex):
2404 (JSC::RegExpMatchesArray::getOwnPropertyNames):
2406 2012-01-11 Eugene Girard <girard@google.com>
2408 Typo in error message: Unexpected token 'defualt'
2409 https://bugs.webkit.org/show_bug.cgi?id=75105
2411 Reviewed by Simon Fraser.
2414 (JSC::Parser::getTokenName):
2416 2012-01-11 Anders Carlsson <andersca@apple.com>
2418 Assertion failure in JSC::allocateCell trying to allocate a JSString
2419 https://bugs.webkit.org/show_bug.cgi?id=76101
2421 Reviewed by Adam Roben.
2423 Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and
2424 export them explicitly using the JS_EXPORTDATA macro.
2426 member variables explicitly using
2427 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2428 * runtime/Executable.h:
2429 * runtime/JSString.h:
2431 2012-01-10 Mark Rowe <mrowe@apple.com>
2433 <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder
2435 This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT
2436 as JavaScriptCore.framework or in to a different one.
2438 Rubber-stamped by Dan Bernstein.
2440 * Configurations/JSC.xcconfig: Update INSTALL_PATH.
2442 2012-01-10 Filip Pizlo <fpizlo@apple.com>
2444 DFG inlining block linking compares BlockIndex against bytecode index
2445 https://bugs.webkit.org/show_bug.cgi?id=76018
2446 <rdar://problem/10671979>
2448 Reviewed by Gavin Barraclough.
2450 * dfg/DFGByteCodeParser.cpp:
2451 (JSC::DFG::ByteCodeParser::parseCodeBlock):
2453 2012-01-10 Filip Pizlo <fpizlo@apple.com>
2455 CodeBlock.h declares too many things
2456 https://bugs.webkit.org/show_bug.cgi?id=76001
2458 Rubber stamped by Gavin Barraclough.
2460 Removed all non-CodeBlock type declarations from CodeBlock.h, and put them
2461 into separate header files. Also removed all non-CodeBlock method implementations
2462 from CodeBlock.cpp and put them into corresponding cpp files.
2465 * GNUmakefile.list.am:
2466 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2467 * JavaScriptCore.xcodeproj/project.pbxproj:
2469 * assembler/RepatchBuffer.h:
2470 * bytecode/CallLinkInfo.cpp: Added.
2471 (JSC::CallLinkInfo::unlink):
2472 * bytecode/CallLinkInfo.h: Added.
2473 (JSC::CallLinkInfo::callTypeFor):
2474 (JSC::CallLinkInfo::CallLinkInfo):
2475 (JSC::CallLinkInfo::~CallLinkInfo):
2476 (JSC::CallLinkInfo::isLinked):
2477 (JSC::CallLinkInfo::seenOnce):
2478 (JSC::CallLinkInfo::setSeen):
2479 (JSC::getCallLinkInfoReturnLocation):
2480 (JSC::getCallLinkInfoBytecodeIndex):
2481 * bytecode/CallReturnOffsetToBytecodeOffset.h: Added.
2482 (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
2483 (JSC::getCallReturnOffset):
2484 * bytecode/CodeBlock.cpp:
2485 * bytecode/CodeBlock.h:
2486 * bytecode/CodeType.h: Added.
2487 * bytecode/ExpressionRangeInfo.h: Added.
2488 * bytecode/GlobalResolveInfo.h: Added.
2489 (JSC::GlobalResolveInfo::GlobalResolveInfo):
2490 * bytecode/HandlerInfo.h: Added.
2491 * bytecode/LineInfo.h: Added.
2492 * bytecode/MethodCallLinkInfo.cpp: Added.
2493 (JSC::MethodCallLinkInfo::reset):
2494 * bytecode/MethodCallLinkInfo.h: Added.
2495 (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
2496 (JSC::MethodCallLinkInfo::seenOnce):
2497 (JSC::MethodCallLinkInfo::setSeen):
2498 (JSC::getMethodCallLinkInfoReturnLocation):
2499 (JSC::getMethodCallLinkInfoBytecodeIndex):
2500 * bytecode/StructureStubInfo.h:
2501 (JSC::getStructureStubInfoReturnLocation):
2502 (JSC::getStructureStubInfoBytecodeIndex):
2504 2012-01-10 Anders Carlsson <andersca@apple.com>
2506 Hang opening movie that requires authentication
2507 https://bugs.webkit.org/show_bug.cgi?id=75989
2508 <rdar://problem/9601915>
2510 Reviewed by Sam Weinig.
2513 Add function wrapper for a function that takes three parameters.
2515 2012-01-10 Filip Pizlo <fpizlo@apple.com>
2517 CodeBlock::m_numParameters should be encapsulated
2518 https://bugs.webkit.org/show_bug.cgi?id=75985
2519 <rdar://problem/10671020>
2521 Reviewed by Oliver Hunt.
2523 Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
2524 into it. This appears to be performance neutral.
2526 * bytecode/CodeBlock.cpp:
2527 (JSC::CodeBlock::CodeBlock):
2528 (JSC::CodeBlock::setNumParameters):
2529 (JSC::CodeBlock::addParameter):
2530 * bytecode/CodeBlock.h:
2531 (JSC::CodeBlock::numParameters):
2532 (JSC::CodeBlock::addressOfNumParameters):
2533 (JSC::CodeBlock::offsetOfNumParameters):
2534 (JSC::CodeBlock::numberOfArgumentValueProfiles):
2535 * bytecompiler/BytecodeGenerator.cpp:
2536 (JSC::BytecodeGenerator::BytecodeGenerator):
2537 (JSC::BytecodeGenerator::addParameter):
2538 (JSC::BytecodeGenerator::emitReturn):
2539 * dfg/DFGAbstractState.cpp:
2540 (JSC::DFG::AbstractState::AbstractState):
2541 * dfg/DFGByteCodeParser.cpp:
2542 (JSC::DFG::ByteCodeParser::ByteCodeParser):
2543 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2545 (JSC::DFG::Graph::predictArgumentTypes):
2546 * dfg/DFGJITCompiler.cpp:
2547 (JSC::DFG::JITCompiler::compileFunction):
2548 * dfg/DFGOperations.cpp:
2549 * dfg/DFGSpeculativeJIT.cpp:
2550 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2551 * dfg/DFGSpeculativeJIT.h:
2552 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
2553 * interpreter/Interpreter.cpp:
2554 (JSC::Interpreter::slideRegisterWindowForCall):
2555 (JSC::Interpreter::dumpRegisters):
2556 (JSC::Interpreter::execute):
2557 (JSC::Interpreter::prepareForRepeatCall):
2559 (JSC::JIT::privateCompile):
2561 (JSC::arityCheckFor):
2563 * runtime/Executable.cpp:
2564 (JSC::FunctionExecutable::compileForCallInternal):
2565 (JSC::FunctionExecutable::compileForConstructInternal):
2567 2012-01-10 Gavin Barraclough <barraclough@apple.com>
2569 Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
2573 * runtime/JSArray.cpp:
2574 (JSC::JSArray::getOwnPropertyNames):
2575 (JSC::JSArray::setLength):
2577 2012-01-10 Gavin Barraclough <barraclough@apple.com>
2581 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2583 2012-01-10 Gavin Barraclough <barraclough@apple.com>
2585 Do not allow Array length to be set if it is non-configurable
2586 https://bugs.webkit.org/show_bug.cgi?id=75935
2588 Reviewed by Sam Weinig.
2590 Do not allow Array length to be set if it is non-configurable, and if the new
2591 length is less than the old length then intervening properties should removed
2592 in reverse order. Removal of properties should cease if an intervening indexed
2593 property being removed is non-configurable.
2595 * JavaScriptCore.exp:
2596 - Removed export for setLength.
2597 * runtime/ArrayPrototype.cpp:
2598 (JSC::arrayProtoFuncConcat):
2599 - JSArray::setLength now takes an ExecState*
2600 (JSC::arrayProtoFuncSlice):
2601 - JSArray::setLength now takes an ExecState*
2602 * runtime/JSArray.cpp:
2603 (JSC::JSArray::defineOwnProperty):
2604 - JSArray::setLength now takes an ExecState*
2605 (JSC::JSArray::put):
2606 - JSArray::setLength now takes an ExecState*
2607 (JSC::compareKeysForQSort):
2608 - Keys extracted from the map can be stored as unsigneds.
2609 (JSC::JSArray::getOwnPropertyNames):
2610 - Keys extracted from the map can be stored as unsigneds.
2611 (JSC::JSArray::setLength):
2612 - Check lengthIsReadOnly(), rather than copying the entire map to iterate
2613 over to determine which keys to remove, instead just copy the keys from
2614 the map to a Vector. When inSparseMode sort the keys in the Vector so
2615 that we can remove properties in reverse order.
2616 * runtime/JSArray.h:
2617 - JSArray::setLength now takes an ExecState*
2619 2012-01-10 Gavin Barraclough <barraclough@apple.com>
2621 Use SameValue to compare property descriptor values
2622 https://bugs.webkit.org/show_bug.cgi?id=75975
2624 Reviewed by Sam Weinig.
2626 Rather than strictEqual.
2628 * runtime/JSArray.cpp:
2629 (JSC::JSArray::defineOwnNumericProperty):
2630 - Missing configurablePresent() check.
2631 * runtime/JSObject.cpp:
2632 (JSC::JSObject::defineOwnProperty):
2634 * runtime/PropertyDescriptor.cpp:
2636 - Moved from JSArray.cpp, fix NaN comparison.
2637 (JSC::PropertyDescriptor::equalTo):
2639 * runtime/PropertyDescriptor.h:
2640 - Added declaration for sameValue.
2641 2012-01-09 Gavin Barraclough <barraclough@apple.com>
2643 Error handling : in ISO8601 timezone
2644 https://bugs.webkit.org/show_bug.cgi?id=75919
2646 Reviewed by Sam Weinig.
2649 (WTF::parseDateFromNullTerminatedCharacters):
2650 - need to increment the string position.
2652 2012-01-09 Mark Rowe <mrowe@apple.com>
2654 JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target
2655 <http://webkit.org/b/75907> / <rdar://problem/10659862>
2657 We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit
2658 dependencies prevent this.
2660 Reviewed by Dan Bernstein.
2662 * JavaScriptCore.xcodeproj/project.pbxproj:
2664 2012-01-09 Adam Treat <atreat@rim.com>
2666 Log is a little to verbose for blackberry port
2667 https://bugs.webkit.org/show_bug.cgi?id=75728
2669 The BlackBerry::Platform::Log* functions take care of the call to vfprintf
2670 which is resulting in unintentional noise in our logs. Add a conditional
2673 Change to using BlackBerry::Platform::logStreamV which does not insert
2674 threading info and newlines unlike BlackBerry::Platform::log.
2676 Finally, add log locking and unlocking which the BlackBerry platform
2677 uses to ensure that N threads do not trample on each other's logs.
2679 Reviewed by Rob Buis.
2681 * wtf/Assertions.cpp:
2682 (WTFLogLocker::WTFReportAssertionFailure):
2683 (WTFLogLocker::WTFReportAssertionFailureWithMessage):
2684 (WTFLogLocker::WTFReportArgumentAssertionFailure):
2685 (WTFLogLocker::WTFReportFatalError):
2686 (WTFLogLocker::WTFReportError):
2687 (WTFLogLocker::WTFLog):
2688 (WTFLogLocker::WTFLogVerbose):
2690 2012-01-09 Gavin Barraclough <barraclough@apple.com>
2692 https://bugs.webkit.org/show_bug.cgi?id=75789
2693 defineOwnProperty not implemented for Array objects
2695 Reviewed by Sam Weinig.
2697 Implements support for getter/setter & non-default attribute properties on arrays,
2698 by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
2701 * JavaScriptCore.exp:
2703 * dfg/DFGOperations.cpp:
2704 - JSArray::pop now requires an exec state.
2705 * runtime/ArrayPrototype.cpp:
2706 (JSC::arrayProtoFuncPop):
2707 - JSArray::pop now requires an exec state.
2708 * runtime/JSArray.cpp:
2709 (JSC::SparseArrayValueMap::add):
2710 - Add a potentially empty entry into the map.
2711 (JSC::SparseArrayValueMap::put):
2712 - Changed to call setter.
2713 (JSC::SparseArrayEntry::get):
2715 (JSC::SparseArrayEntry::getNonSparseMode):
2716 - does not call getters.
2717 (JSC::JSArray::enterSparseMode):
2718 - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
2719 (JSC::JSArray::putDescriptor):
2720 - Create a numeric property based on a descriptor.
2724 - Helper for the [[DefineOwnProperty]] algorithm.
2725 (JSC::JSArray::defineOwnNumericProperty):
2726 - Define an indexed property on an array object.
2727 (JSC::JSArray::setLengthWritable):
2728 - Marks the length read-only, enters SparseMode as necessary.
2729 (JSC::JSArray::defineOwnProperty):
2730 - Defines either an indexed property or 'length' on an array object.
2731 (JSC::JSArray::getOwnPropertySlotByIndex):
2732 - Updated to correctly handle accessor descriptors & attributes.
2733 (JSC::JSArray::getOwnPropertyDescriptor):
2734 - Updated to correctly handle accessor descriptors & attributes.
2735 (JSC::JSArray::put):
2736 - Pass strict mode flag to setLength.
2737 (JSC::JSArray::putByIndex):
2738 - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
2739 (JSC::JSArray::putByIndexBeyondVectorLength):
2740 - Pass exec to SparseArrayValueMap::put.
2741 (JSC::JSArray::deletePropertyByIndex):
2742 - Do not allow deletion of non-configurable properties.
2743 (JSC::compareKeysForQSort):
2744 - used in implementation of getOwnPropertyNames.
2745 (JSC::JSArray::getOwnPropertyNames):
2746 - Properties in the sparse map should be iterated in order.
2747 (JSC::JSArray::setLength):
2748 - Updated to take a 'shouldThrow' flag, return a result indicating error.
2749 (JSC::JSArray::pop):
2750 - pop should throw an error if length is not writable, even if the array is empty.
2751 (JSC::JSArray::push):
2752 - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
2753 (JSC::JSArray::sort):
2754 - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
2755 (JSC::JSArray::compactForSorting):
2756 - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
2757 * runtime/JSArray.h:
2758 (JSC::SparseArrayValueMap::lengthIsReadOnly):
2759 - Check if the length is read only.
2760 (JSC::SparseArrayValueMap::setLengthIsReadOnly):
2761 - Mark the length as read only.
2762 (JSC::SparseArrayValueMap::find):
2763 - Moved into header.
2764 (JSC::JSArray::isLengthWritable):
2765 - Wraps SparseArrayValueMap::lengthIsReadOnly.
2766 * runtime/JSObject.cpp:
2767 (JSC::JSObject::defineOwnProperty):
2768 - Should be returning the result of putDescriptor.
2769 * runtime/PropertyDescriptor.cpp:
2770 (JSC::PropertyDescriptor::attributesOverridingCurrent):
2771 - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
2772 * runtime/PropertyDescriptor.h:
2773 - Added attributesOverridingCurrent.
2775 2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
2777 There is no support for fastcall in Solaris Studio.
2778 Fixes build on Solaris.
2779 https://bugs.webkit.org/show_bug.cgi?id=75736
2781 Reviewed by Gavin Barraclough.
2785 2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
2787 Fix build failure on Solaris
2788 https://bugs.webkit.org/show_bug.cgi?id=75733
2790 Reviewed by Gavin Barraclough.
2794 2012-01-01 Raphael Kubo da Costa <kubo@profusion.mobi>
2796 [CMake] Clean up some cruft from WTF's CMakeLists.txt
2797 https://bugs.webkit.org/show_bug.cgi?id=75420
2799 Reviewed by Daniel Bates.
2801 * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add
2802 all needed paths to WTF_INCLUDE_DIRECTORIES in a single place.
2804 2012-01-08 Xianzhu Wang <wangxianzhu@chromium.org>
2806 Fix compilation error about ListHashSetReverseIterator
2807 https://bugs.webkit.org/show_bug.cgi?id=75372
2809 Reviewed by Darin Adler.
2811 There is a typo in class ListHashSetReverseIterator:
2812 typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
2814 typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
2816 * wtf/ListHashSet.h:
2818 2012-01-08 Ryosuke Niwa <rniwa@webkit.org>
2820 WinCE build fix after r104415.
2822 * jit/JITExceptions.cpp:
2823 * jit/JITExceptions.h:
2825 2012-01-08 Filip Pizlo <fpizlo@apple.com>
2827 The JIT's protocol for exception handling should be available to other parts of the system
2828 https://bugs.webkit.org/show_bug.cgi?id=75808
2829 <rdar://problem/10661025>
2831 Reviewed by Oliver Hunt.
2834 * GNUmakefile.list.am:
2835 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2836 * JavaScriptCore.xcodeproj/project.pbxproj:
2838 * jit/JITExceptions.cpp: Added.
2839 (JSC::genericThrow):
2841 * jit/JITExceptions.h: Added.
2843 * runtime/JSGlobalData.h:
2845 2012-01-06 Hajime Morrita <morrita@chromium.org>
2847 https://bugs.webkit.org/show_bug.cgi?id=75296
2848 JSString should not have JS_EXPORTCLASS annotation
2850 Reviewed by Kevin Ollivier.
2852 * runtime/JSString.h: Removed JS_EXPORTCLASS annotation.
2853 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2854 Added missing symbols which were hidden by JS_EXPORTCLASS.
2856 2012-01-06 Michael Saboff <msaboff@apple.com>
2858 JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound()
2859 https://bugs.webkit.org/show_bug.cgi?id=75757
2861 Reviewed by Gavin Barraclough.
2863 * runtime/JSArray.cpp:
2864 (JSC::JSArray::pop): Changed map->end() to map->notFound().
2866 2012-01-06 Filip Pizlo <fpizlo@apple.com>
2868 JIT stub slow paths that would be identical to that of an interpreter should be factored out
2869 https://bugs.webkit.org/show_bug.cgi?id=75743
2870 <rdar://problem/10657024>
2872 Reviewed by Geoff Garen.
2874 * GNUmakefile.list.am:
2875 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2876 * JavaScriptCore.xcodeproj/project.pbxproj:
2878 (JSC::DEFINE_STUB_FUNCTION):
2879 * runtime/CommonSlowPaths.h: Added.
2880 (JSC::CommonSlowPaths::opInstanceOfSlow):
2881 (JSC::CommonSlowPaths::opIn):
2882 (JSC::CommonSlowPaths::opResolve):
2883 (JSC::CommonSlowPaths::opResolveSkip):
2884 (JSC::CommonSlowPaths::opResolveWithBase):
2885 (JSC::CommonSlowPaths::opResolveWithThis):
2887 2012-01-06 Sam Weinig <sam@webkit.org>
2891 * wtf/TypeTraits.cpp:
2893 2012-01-05 Michael Saboff <msaboff@apple.com>
2895 Default HashTraits for Opcode don't work for Opcode = 0
2896 https://bugs.webkit.org/show_bug.cgi?id=75595
2898 Reviewed by Oliver Hunt.
2900 Removed the populating of the m_opcodeIDTable table in the
2901 case where the OpcodeID and Opcode are the same (m_enabled is false).
2902 Instead we just cast the one type to the other.
2904 * interpreter/Interpreter.cpp:
2905 (JSC::Interpreter::initialize):
2906 (JSC::Interpreter::isOpcode):
2907 * interpreter/Interpreter.h:
2908 (JSC::Interpreter::getOpcodeID):
2910 2012-01-06 Sam Weinig <sam@webkit.org>
2912 Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr
2913 https://bugs.webkit.org/show_bug.cgi?id=75737
2915 Reviewed by Anders Carlsson.
2917 * wtf/TypeTraits.cpp:
2919 Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray
2920 is composed of some helpers which are also exposed, Conditional<>, which
2921 can provide one type or another based on a boolean predicate, IsArray<>
2922 which can deduce array types, and RemoveExtent<>, which removes the extent
2925 2012-01-06 Oliver Hunt <oliver@apple.com>
2927 GetByteArrayLength is incorrect
2928 https://bugs.webkit.org/show_bug.cgi?id=75735
2930 Reviewed by Filip Pizlo.
2932 Load the byte array length from the correct location.
2933 This stops an existing test from hanging.
2935 * dfg/DFGSpeculativeJIT32_64.cpp:
2936 (JSC::DFG::SpeculativeJIT::compile):
2937 * dfg/DFGSpeculativeJIT64.cpp:
2938 (JSC::DFG::SpeculativeJIT::compile):
2940 2012-01-06 Filip Pizlo <fpizlo@apple.com>
2944 * JavaScriptCore.xcodeproj/project.pbxproj:
2946 2012-01-06 Oliver Hunt <oliver@apple.com>
2948 DFG no longer optimises CanvasPixelArray
2949 https://bugs.webkit.org/show_bug.cgi?id=75729
2951 Reviewed by Gavin Barraclough.
2953 Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match
2954 the future name when we switch over to the new typed-array based
2955 ImageData specification.
2957 * runtime/JSByteArray.cpp:
2959 2012-01-06 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
2961 Use HashMap<OwnPtr> for SourceProviderCache items
2962 https://bugs.webkit.org/show_bug.cgi?id=75346
2964 Reviewed by Daniel Bates.
2966 * parser/Parser.cpp:
2967 * parser/SourceProviderCache.cpp:
2968 (JSC::SourceProviderCache::clear):
2969 (JSC::SourceProviderCache::add):
2970 * parser/SourceProviderCache.h:
2972 2012-01-06 Sam Weinig <sam@webkit.org>
2974 Remove unused OwnFastMallocPtr class.
2975 https://bugs.webkit.org/show_bug.cgi?id=75722
2977 Reviewed by Geoffrey Garen.
2979 * GNUmakefile.list.am:
2980 * JavaScriptCore.gypi:
2981 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2982 * JavaScriptCore.xcodeproj/project.pbxproj:
2983 * wtf/CMakeLists.txt:
2984 * wtf/OwnFastMallocPtr.h: Removed.
2985 * wtf/text/StringImpl.h:
2988 2012-01-06 Benjamin Poulain <bpoulain@webkit.org>
2990 [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates
2991 https://bugs.webkit.org/show_bug.cgi?id=75631
2993 Reviewed by Andreas Kling.
2995 * JavaScriptCore.xcodeproj/project.pbxproj:
2997 2012-01-06 Eric Seidel <eric@webkit.org> and Gustavo Noronha Silva <gustavo.noronha@collabora.com>
2999 Make the new WTF module build on Gtk
3000 https://bugs.webkit.org/show_bug.cgi?id=75669
3004 2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
3006 [Qt] Remove un-needed VPATHs from project includes
3008 Reviewed by Simon Hausmann.
3010 * JavaScriptCore.pri:
3013 2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
3015 [Qt] Move listing of include paths and libs to pri files in sources
3017 Includepaths are sometimes modified by non-Qt contributors so keeping
3018 them in files inside Sources makes it more likely that they are updated
3019 along with project files for the other ports.
3021 Using pri files instead of prf files for this also has the benefit that
3022 the include() from the main target file can be parsed and followed by
3023 Qt Creator -- something that does not work with load().
3025 Dependency from a target to a library through the WEBKIT variable are
3026 handled through forwarding-files in Tools/qmake/mkspecs/modules, which
3027 set the source root of the module and include the right pri file.
3029 Ideally we'd use the variant of include() that takes an optional
3030 namespace to read the variables into, or the fromfile() function,
3031 but both of these add an overhead of about 40% on the total qmake
3032 runtime, due to making a deep copy of all the variables in the
3033 project or re-reading all the prf files from scratch.
3035 Reviewed by Simon Hausmann.
3038 * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
3040 * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
3043 2012-01-06 Hajime Morrita <morrita@chromium.org>
3045 WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
3046 https://bugs.webkit.org/show_bug.cgi?id=75612
3048 Reviewed by Kevin Ollivier.
3050 * wtf/text/WTFString.h:
3051 (WTF::String::findIgnoringCase):
3052 (WTF::String::append):
3053 (WTF::String::fromUTF8):
3054 (WTF::String::fromUTF8WithLatin1Fallback):
3055 (WTF::String::isHashTableDeletedValue):
3057 2012-01-05 Dan Bernstein <mitz@apple.com>
3059 <rdar://problem/10633760> Update copyright strings
3061 Reviewed by Mark Rowe.
3065 2012-01-05 Gavin Barraclough <barraclough@apple.com>
3067 Date constructor handles infinite values incorrectly.
3068 https://bugs.webkit.org/show_bug.cgi?id=70998
3070 Reviewed by Filip Pizlo.
3072 * runtime/DateConstructor.cpp:
3073 (JSC::constructDate):
3074 - should be checking !finite rather then isnan.
3076 2012-01-05 Gavin Barraclough <barraclough@apple.com>
3078 date.toISOString produces incorrect results for dates with ms prior to 1970
3079 https://bugs.webkit.org/show_bug.cgi?id=75684
3081 Reviewed by Sam Weinig.
3083 * runtime/DatePrototype.cpp:
3084 (JSC::dateProtoFuncToISOString):
3086 2012-01-05 Gavin Barraclough <barraclough@apple.com>
3088 Array.prototype.lastIndexOf ignores undefined fromIndex.
3089 https://bugs.webkit.org/show_bug.cgi?id=75678
3091 Reviewed by Sam Weinig.
3093 array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)
3095 * runtime/ArrayPrototype.cpp:
3096 (JSC::arrayProtoFuncLastIndexOf):
3097 - should check argumnet count, rather than checking agument value for undefined.
3099 2012-01-05 Gavin Barraclough <barraclough@apple.com>
3101 Date parsing is too restrictive.
3102 https://bugs.webkit.org/show_bug.cgi?id=75671
3104 Reviewed by Oliver Hunt.
3106 ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
3107 The spec allow a date to be date only, or date + time.
3109 The date portion on the should match: (pseudocode!:)
3110 [(+|-)YY]YYYY[-MM[-DD]]
3111 though we are slightly more liberal (permitted by the spec), allowing:
3113 The time portion should match:
3114 THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
3115 again we're slightly more liberal, allowing:
3116 THH:mm[:ss[.s+]][Z|(+|-)HH:mm]
3119 (WTF::parseES5DatePortion):
3120 - Month/day fields are optional, default to 01.
3121 (WTF::parseES5TimePortion):
3122 - Hours/Minutes are requires, seconds/timezone are optional.
3123 (WTF::parseES5DateFromNullTerminatedCharacters):
3124 - Dates may be date only, or date + time.
3126 2012-01-05 Bruno Dilly <bdilly@profusion.mobi>
3128 [EFL] Undefined references to ICU_I18N symbols on WTF
3129 https://bugs.webkit.org/show_bug.cgi?id=75642
3131 Unreviewed build fix.
3133 Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
3134 Some undefined references were ucol_setAttribute_44, ucol_close_44,
3135 ucol_getAttribute_44...
3137 * wtf/PlatformEfl.cmake:
3139 2012-01-05 Geoffrey Garen <ggaren@apple.com>
3141 Refined the fast path for StringImpl::hash()
3142 https://bugs.webkit.org/show_bug.cgi?id=75178
3144 Reviewed by Darin Adler.
3146 Moved the hash calculation code into an out-of-line function to clean up
3149 No measurable benchmark change, but this knocks some samples off in
3150 Instruments, and I think this is a step toward removing -fomit-frame-pointer.
3152 * wtf/text/StringImpl.cpp:
3153 (WTF::StringImpl::hashSlowCase):
3154 * wtf/text/StringImpl.h:
3155 (WTF::StringImpl::hash): The patch.
3157 * wtf/text/StringStatics.cpp:
3158 (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
3159 scheme, which requires all out-of-line StringImpl functions used by
3160 WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)
3162 2012-01-05 Gavin Barraclough <barraclough@apple.com>
3164 Literal tab in JSONString fails
3165 https://bugs.webkit.org/show_bug.cgi?id=71772
3167 Reviewed by Oliver Hunt.
3169 rfc4627 does not allow literal tab characters in JSON source.
3171 * runtime/LiteralParser.cpp:
3172 (JSC::isSafeStringCharacter):
3173 - do not allow literal tab in StrictJSON mode.
3175 2012-01-05 Gavin Barraclough <barraclough@apple.com>
3177 push/shift fifo may consume excessive memory
3178 https://bugs.webkit.org/show_bug.cgi?id=75610
3180 Reviewed by Sam Weinig.
3182 Array object commonly store data in a vector, consisting of a portion that is
3183 in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
3184 m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
3185 the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
3186 never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
3187 amount of memory, whilst having a relatively small active length.
3189 * runtime/JSArray.cpp:
3190 (JSC::JSArray::increaseVectorLength):
3191 - If m_indexBias is non-zero, decay it over time.
3193 2012-01-05 Csaba Osztrogonác <ossy@webkit.org>
3195 unshift/pop fifo may consume excessive memory
3196 https://bugs.webkit.org/show_bug.cgi?id=75588
3198 Reviewed by Zoltan Herczeg.
3200 Buildfix after r104120.
3202 * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
3203 (JSC::JSArray::unshiftCount):
3205 2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
3207 Unreviewed gardening after r104134.
3209 * wtf/Assertions.cpp:
3211 2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
3213 Unreviewed gardening after r75605.
3215 Rubber stamped by NOBODY Csaba Osztrogonác.
3217 * wtf/Assertions.cpp:
3219 2012-01-05 Benjamin Poulain <benjamin@webkit.org>
3221 Improve charactersAreAllASCII() to compare multiple characters at a time
3222 https://bugs.webkit.org/show_bug.cgi?id=74063
3224 Reviewed by Darin Adler.
3226 A new header ASCIIFastPath.h contains the functions related to
3227 the detection of ASCII by using machine words. Part of it comes from
3228 WebCore's TextCodecASCIIFastPath.h.
3230 The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
3231 and is implemented with computer word comparison.
3232 The gain over the previous implementation of charactersAreAllASCII() is of
3233 the order of how many comparison are avoided (4x, 8x, 16x depending on the
3234 format and the CPU type).
3236 * GNUmakefile.list.am:
3237 * JavaScriptCore.gypi:
3238 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3239 * JavaScriptCore.xcodeproj/project.pbxproj:
3240 * wtf/text/ASCIIFastPath.h: Added.
3241 (WTF::isAlignedToMachineWord):
3242 (WTF::alignToMachineWord):
3244 (WTF::charactersAreAllASCII):
3245 * wtf/text/WTFString.h:
3248 2012-01-05 Mark Rowe <mrowe@apple.com>
3250 <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
3252 We should always log to both ASL and stderr on platforms where this won't result in launchd
3253 duplicating the messages.
3255 Reviewed by Dan Bernstein.
3257 * wtf/Assertions.cpp:
3258 (vprintf_stderr_common):
3260 2012-01-05 Mark Rowe <mrowe@apple.com>
3262 <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line
3264 Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
3265 single line of text. This results in strangely formatted output if vprintf_stderr_common is
3266 retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
3269 Reviewed by Dan Bernstein.
3271 * wtf/Assertions.cpp:
3272 (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
3273 string before handing it off to vprintf_stderr_common. This requires disabling warnings about
3274 calling a printf-like function with a non-literal format string for this piece of code. It's
3275 safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
3276 (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
3277 given format string if one does not already exist. It requires the same treatment with regards
3278 to the non-literal format string warning.
3279 (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
3280 (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
3281 (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
3282 (WTFReportError): Ditto.
3283 (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
3284 (WTFLogVerbose): Ditto.
3286 2012-01-04 Gavin Barraclough <barraclough@apple.com>
3288 unshift/pop fifo may consume excessive memory
3289 https://bugs.webkit.org/show_bug.cgi?id=75588
3291 Reviewed by Sam Weinig.
3293 The Array object commonly store data in a vector, consisting of a portion that
3294 is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
3295 m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
3296 current algorithm for increasePrefixVectorLength (used by unshift) will never
3297 stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
3298 of memory, whilst having a relatively small active length.
3300 * runtime/JSArray.cpp:
3302 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
3303 (JSC::SparseArrayValueMap::put):
3304 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
3305 (JSC::JSArray::increaseVectorLength):
3306 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
3307 (JSC::JSArray::unshiftCountSlowCase):
3308 - renamed from increaseVectorPrefixLength (this was a bad name, since it
3309 also moved the ArrayStorage header), rewritten.
3310 (JSC::JSArray::shiftCount):
3311 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
3312 (JSC::JSArray::unshiftCount):
3313 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
3314 increaseVectorPrefixLength renamed to unshiftCountSlowCase
3315 (JSC::JSArray::sortNumeric):
3316 * runtime/JSArray.h:
3317 - Updated function declarations, m_indexBias should be unsigned.
3319 2012-01-04 Mark Rowe <mrowe@apple.com>
3321 <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
3323 Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
3324 to ensure that the correct destructor is invoked. This is necessary because
3325 JSCell subclasses all intentionally have non-virtual destructors.
3327 Reviewed by Filip Pizlo.
3329 * runtime/Arguments.cpp:
3330 (JSC::Arguments::destroy):
3331 * runtime/Arguments.h:
3333 2012-01-04 Filip Pizlo <fpizlo@apple.com>
3335 Unreviewed, accidentally turned off the JIT in previous commit. Turning
3340 2012-01-04 Filip Pizlo <fpizlo@apple.com>
3342 Changed "return" to "break" in some macrology I introduced in
3343 http://trac.webkit.org/changeset/104086. This is a benign change, as
3344 "return" was technically correct for all uses of the macro.
3346 Reviewed by Oliver Hunt.
3351 2012-01-04 Michael Saboff <msaboff@apple.com>
3353 StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
3354 https://bugs.webkit.org/show_bug.cgi?id=75583
3356 Reviewed by Filip Pizlo.
3358 * bytecode/CodeBlock.cpp:
3359 (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
3360 StructureStubInfo and reset the appropriate JIT and
3361 the StructureStubInfo itself when reseting a MethodCallLinkInfo.
3363 2012-01-04 Michael Saboff <msaboff@apple.com>
3365 Invalid ASSERT() in DFGRepatch.cpp near line 385
3366 https://bugs.webkit.org/show_bug.cgi?id=75584
3368 Reviewed by Filip Pizlo.
3370 * dfg/DFGRepatch.cpp:
3371 (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.
3373 2012-01-04 Filip Pizlo <fpizlo@apple.com>
3375 Incorrect use of DFG node reference counts when mutating the graph
3376 https://bugs.webkit.org/show_bug.cgi?id=75580
3377 <rdar://problem/10644607>
3379 Reviewed by Oliver Hunt.
3381 Made deref(node) follow the pattern of ref(node), which it should have
3385 (JSC::DFG::Graph::refChildren):
3386 (JSC::DFG::Graph::derefChildren):
3388 (JSC::DFG::Graph::deref):
3389 (JSC::DFG::Graph::clearAndDerefChild1):
3390 (JSC::DFG::Graph::clearAndDerefChild2):
3391 (JSC::DFG::Graph::clearAndDerefChild3):
3393 (JSC::DFG::Node::deref):
3394 * dfg/DFGPropagator.cpp:
3395 (JSC::DFG::Propagator::fixupNode):
3397 2012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
3399 [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies
3401 The custom qmake variable 'WEBKIT' is used for signaling that a
3402 target depends in some way on other subproject of the WebKit
3403 project. For now this is limited to the set of intermediate
3404 libraries: wtf, javascriptcore, webcore, and webkit2.
3406 This replaces the previous convension of using load(foo) for
3407 just include paths, and CONFIG += foo to also link against foo.
3409 Adding a dependency results in additional include paths being
3410 available, and potentially linking to the library. This is
3411 decided by the build system based on conditions such as what
3412 kind of target is being built and the general build config.
3414 An advantage to his approach is that it simplifies the individual
3415 foo.prf files, for example by allowing us to use INCLUDEPATH +=
3416 and LIBS += as normal instead of prepending.
3418 Reviewed by Simon Hausmann.
3424 2012-01-03 Filip Pizlo <fpizlo@apple.com>
3426 DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
3427 https://bugs.webkit.org/show_bug.cgi?id=75516
3428 <rdar://problem/10640266>
3430 Reviewed by Gavin Barraclough.
3432 Removed the offending assertion, since it was wrong. Also hardened the code to make
3433 this case less likely by first having the propagator fixpoint converge, and then doing
3434 double voting combined with a second fixpoint. This is neutral on benchmarks and
3435 fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
3436 until we've converged to the conclusion that it really is double).
3438 * dfg/DFGPropagator.cpp:
3439 (JSC::DFG::Propagator::propagatePredictions):
3440 * dfg/DFGVariableAccessData.h:
3441 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
3443 2012-01-03 Filip Pizlo <fpizlo@apple.com>
3445 REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
3446 https://bugs.webkit.org/show_bug.cgi?id=75303
3447 <rdar://problem/10633533>
3449 Reviewed by Gavin Barraclough.
3451 The this argument was not being kept alive in some cases during inlining and intrinsic
3454 * dfg/DFGByteCodeParser.cpp:
3455 (JSC::DFG::ByteCodeParser::handleCall):
3456 (JSC::DFG::ByteCodeParser::emitFunctionCheck):
3457 (JSC::DFG::ByteCodeParser::handleInlining):
3459 2012-01-03 Gavin Barraclough <barraclough@apple.com>
3463 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3465 2012-01-03 Gavin Barraclough <barraclough@apple.com>
3469 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3471 2012-01-03 Gavin Barraclough <barraclough@apple.com>
3473 https://bugs.webkit.org/show_bug.cgi?id=75140
3475 Reviewed by Sam Weinig.
3477 Rewrite JSArray::putSlowCase to be much cleaner & simpler.
3479 This rewrite only significantly changes behaviour for sparse array, specifically
3480 in how sparse arrays are reified back to vector form. This does not affect arrays
3481 with less than 10000 entries (since these always use a vector). The more common
3482 cases of sparse array behavior (though large sparse arrays are rare) - arrays that
3483 always remain sparse, and arrays that are filled in reverse sequential order -
3484 should be just as fast or faster (since reification is simpler & no longer
3485 requires map lookups) after these changes.
3487 Simplifying this code allows all cases of putByIndex that need to grow the vector
3488 to do so via increaseVectorLength, which means that this method can encapsulate
3489 the policy of determining how the vector should be grown.
3491 No performance impact.
3493 * runtime/JSArray.cpp:
3494 (JSC::isDenseEnoughForVector):
3495 - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
3496 (JSC::JSArray::putByIndex):
3497 - simplify & comment.
3498 (JSC::JSArray::putByIndexBeyondVectorLength):
3499 - Re-written to be much clearer & simpler.
3500 (JSC::JSArray::increaseVectorLength):
3501 (JSC::JSArray::increaseVectorPrefixLength):
3502 - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
3503 (JSC::JSArray::push):
3504 - simplify & comment.
3505 * runtime/JSArray.h:
3506 - removed SparseArrayValueMap::take.
3508 2012-01-03 Gavin Barraclough <barraclough@apple.com>
3512 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3514 2012-01-03 Gavin Barraclough <barraclough@apple.com>
3516 https://bugs.webkit.org/show_bug.cgi?id=75140
3518 Reviewed by Sam Weinig.
3520 Simplify JSArray creation - remove ArgsList/JSValue* create methods
3521 (this functionality can be implemented in terms of tryCreateUninitialized).
3523 * JavaScriptCore.exp:
3524 * runtime/ArrayConstructor.cpp:
3525 - use constructArray/constructEmptyArray instead of calling JSArray::create directly
3526 (JSC::constructArrayWithSizeQuirk):
3527 * runtime/JSArray.cpp:
3528 * runtime/JSArray.h:
3529 - removed ArgsList/JSValue* create methods
3530 * runtime/JSGlobalObject.h:
3531 (JSC::constructEmptyArray):
3532 (JSC::constructArray):
3533 - changed to be implemented in terms of JSArray::tryCreateUninitialized
3535 2012-01-03 Gavin Barraclough <barraclough@apple.com>
3537 https://bugs.webkit.org/show_bug.cgi?id=75429
3538 ThrowTypeError should be a singleton object
3540 Reviewed by Sam Weinig.
3542 Per section 13.2.3 of the spec.
3543 We could change setAccessorDescriptor to be able to share the global
3544 GetterSetter object, rather than storing the accessor functions and
3545 creating a new GetterSetter in defineProperty - but this won't be a
3546 small change to PropertyDescriptors (and would probably mean making
3547 GetterSetter objects immutable?) - so I'll leave that for another
3550 * JavaScriptCore.exp:
3551 - don't export setAccessorDescriptor
3552 * runtime/Arguments.cpp:
3553 (JSC::Arguments::createStrictModeCallerIfNecessary):
3554 (JSC::Arguments::createStrictModeCalleeIfNecessary):
3555 - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
3556 * runtime/Error.cpp:
3558 - remove createTypeErrorFunction
3559 * runtime/JSFunction.cpp:
3560 * runtime/JSFunction.h:
3561 - remove unused createDescriptorForThrowingProperty
3562 * runtime/JSGlobalObject.cpp:
3563 (JSC::JSGlobalObject::reset):
3564 (JSC::JSGlobalObject::visitChildren):
3565 - removed m_strictModeTypeErrorFunctionStructure.
3566 * runtime/JSGlobalObject.h:
3567 (JSC::JSGlobalObject::internalFunctionStructure):
3568 - removed m_strictModeTypeErrorFunctionStructure.
3569 * runtime/PropertyDescriptor.cpp:
3570 (JSC::PropertyDescriptor::setAccessorDescriptor):
3571 - changed to take a GetterSetter
3572 * runtime/PropertyDescriptor.h:
3573 - changed to take a GetterSetter
3575 2012-01-02 Gavin Barraclough <barraclough@apple.com>
3577 Check in fixes for jsc tests following bug #75455.
3579 * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
3580 * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:
3582 2012-01-02 Gavin Barraclough <barraclough@apple.com>
3584 https://bugs.webkit.org/show_bug.cgi?id=75452
3585 If argument to Error is undefined, message is not set
3587 Reviewed by Sam Weinig.
3589 Per section 15.11.1.1 of the spec.
3591 * runtime/ErrorInstance.h:
3592 (JSC::ErrorInstance::create):
3593 (JSC::ErrorInstance::finishCreation):
3595 2012-01-02 Gavin Barraclough <barraclough@apple.com>
3597 ES5 prohibits parseInt from supporting octal
3598 https://bugs.webkit.org/show_bug.cgi?id=75455
3600 Reviewed by Sam Weinig.
3602 See sections 15.1.2.2 and annex E.
3604 * runtime/JSGlobalObjectFunctions.cpp:
3607 2012-01-02 Gavin Barraclough <barraclough@apple.com>
3609 https://bugs.webkit.org/show_bug.cgi?id=55343
3610 Global JSON should be configurable but isn't
3612 Reviewed by Sam Weinig.
3614 * runtime/JSGlobalObject.cpp:
3615 (JSC::JSGlobalObject::reset):
3616 - make JSON configurable
3618 2012-01-01 Filip Pizlo <fpizlo@apple.com>
3620 Call instructions should leave room for linking information
3621 https://bugs.webkit.org/show_bug.cgi?id=75422
3622 <rdar://problem/10633985>
3624 Reviewed by Oliver Hunt.
3626 * bytecode/Opcode.h:
3627 * bytecompiler/BytecodeGenerator.cpp:
3628 (JSC::BytecodeGenerator::emitCall):
3629 (JSC::BytecodeGenerator::emitConstruct):
3631 2011-12-31 Dan Bernstein <mitz@apple.com>
3633 Continue trying to fix the Windows build after r103823.
3635 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3637 2011-12-31 Dan Bernstein <mitz@apple.com>
3639 Start trying to fix the Windows build after r103823.
3641 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3643 2011-12-30 Anders Carlsson <andersca@apple.com>
3645 Add a ParamStorageTraits specialization for RetainPtr
3646 https://bugs.webkit.org/show_bug.cgi?id=75392
3648 Reviewed by Daniel Bates.
3651 Add a partial specialization of ParamStorageTraits for RetainPtr<T>.
3654 Bring in the retainPtr function template from WTF.
3656 2011-12-29 Sam Weinig <sam@webkit.org>
3658 It should be easier to iterate a Vector backwards
3659 https://bugs.webkit.org/show_bug.cgi?id=75359
3661 Reviewed by Anders Carlsson.
3663 Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
3664 a new proxy driven way to access a vector backwards. One can use
3665 reversed() in a range-based for loop like so:
3667 for (auto val: myVector.reversed())
3671 (WTF::Vector::~Vector):
3674 (WTF::Vector::rbegin):
3675 (WTF::Vector::rend):
3676 Added using standard adaptor std::reverse_iterator.
3678 (WTF::Vector::reversed):
3679 (WTF::Vector::VectorReverseProxy::begin):
3680 (WTF::Vector::VectorReverseProxy::end):
3681 Add proxy similar to one used in HashMap for keys() and values()
3682 which allows access to a Vector backwards for use in range-based
3685 2011-12-29 Gavin Barraclough <barraclough@apple.com>
3687 https://bugs.webkit.org/show_bug.cgi?id=75140
3689 Reviewed by Oliver Hunt.
3691 Start cleaning up JSArray construction. JSArray has a set of create methods,
3692 one of which (currently) takes a 'creation mode' enum parameter. Based on that
3693 parameter, the constructor does one of two completely different things. If the
3694 parameter is 'CreateInitialized' it creates an array, setting the length, but
3695 does not eagerly allocate a storage vector of the specified length. A small
3696 (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
3697 access to the vector will read the hole value (return undefined). The alternate
3698 usage of this method ('CreateCompact') does something very different. It tries
3699 to create an array of the requested length, and also allocates a storage vector
3700 large enough to hold all properties. It does not clear the storage vector,
3701 leaving the memory uninitialized and requiring the user to call a method
3702 'uncheckedSetIndex' to initialize values in the vector.
3704 This patch factors out these two behaviours, moving the 'CreateCompact' mode
3705 into its own method, 'tryCreateUninitialized' (matching the naming for this
3706 functionality in the string classes). 'tryCreateUninitialized' may return 0 if
3707 memory allocation fails during construction of the object. The construction
3708 pattern changes such that values added during initialization will be marked if
3709 a GC is triggered during array allocation. 'CreateInitialized' no longer need
3710 be passed to create a normal, fully constructed array with a length, and this
3711 method is merged with the version of 'create' that does not take an initial
3712 length (length parameter defaults to 0).
3714 * JavaScriptCore.exp:
3715 * runtime/ArrayConstructor.cpp:
3716 (JSC::constructArrayWithSizeQuirk):
3717 - removed 'CreateInitialized' argument
3718 * runtime/ArrayPrototype.cpp:
3719 (JSC::arrayProtoFuncSplice):
3720 - changed to call 'tryCreateUninitialized'
3721 * runtime/FunctionPrototype.cpp:
3722 (JSC::functionProtoFuncBind):
3723 - changed to call 'tryCreateUninitialized'
3724 * runtime/JSArray.cpp:
3725 (JSC::JSArray::JSArray):
3726 - initialize m_storage to null; if construction fails, make destruction safe
3727 (JSC::JSArray::finishCreation):
3728 - merge versions of this method, takes an initialLength parameter defaulting to zero
3729 (JSC::JSArray::tryFinishCreationUninitialized):
3730 - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
3731 (JSC::JSArray::~JSArray):
3732 - check for null m_storage, in case array construction failed.
3733 (JSC::JSArray::increaseVectorPrefixLength):
3734 * runtime/JSArray.h:
3735 (JSC::JSArray::create):
3736 - merge versions of this method, takes an initialLength parameter defaulting to zero
3737 (JSC::JSArray::tryCreateUninitialized):
3738 - version of 'create' that tries to eagerly allocate storage; may fail & return 0
3739 (JSC::JSArray::initializeIndex):
3740 (JSC::JSArray::completeInitialization):
3741 - used in conjunction with 'tryCreateUninitialized' to initialize the array
3742 * runtime/JSGlobalObject.h:
3743 (JSC::constructEmptyArray):
3744 - removed 'CreateInitialized' argument
3745 * runtime/RegExpConstructor.cpp:
3746 (JSC::RegExpMatchesArray::finishCreation):
3747 - removed 'CreateInitialized' argument
3749 2011-12-29 Anders Carlsson <andersca@apple.com>
3751 Add a retainPtr function template
3752 https://bugs.webkit.org/show_bug.cgi?id=75365
3754 Reviewed by Dan Bernstein.
3756 This makes it easier to make a RetainPtr using template argument deduction, which
3757 is useful when passing RetainPtr objects as function arguments.
3762 2011-12-28 Yuqiang Xian <yuqiang.xian@intel.com>
3764 spill unboxed values in DFG 32_64
3765 https://bugs.webkit.org/show_bug.cgi?id=75291
3767 Reviewed by Filip Pizlo.
3769 Currently all the values are spilled as boxed in DFG 32_64, which is
3770 not necessary and introduces additional stores/loads. Instead we
3771 can spill them as unboxed if feasible. It can be applied to the
3772 Integers, Cells and Booleans in DFG 32_64. Doubles are left as is
3773 because they don't need to be boxed at all. The modifications to the
3774 spill/fill and the OSR exit are required, as well as a bug fix to the
3775 "isUnknownJS" logic.
3777 * bytecode/ValueRecovery.h:
3778 (JSC::ValueRecovery::displacedInRegisterFile):
3779 (JSC::ValueRecovery::virtualRegister):
3780 (JSC::ValueRecovery::dump):
3781 * dfg/DFGGenerationInfo.h:
3782 (JSC::DFG::GenerationInfo::isUnknownJS):
3783 (JSC::DFG::GenerationInfo::spill):
3784 * dfg/DFGOSRExitCompiler32_64.cpp:
3785 (JSC::DFG::OSRExitCompiler::compileExit):
3786 * dfg/DFGSpeculativeJIT.cpp:
3787 (JSC::DFG::SpeculativeJIT::isKnownNotBoolean):
3788 * dfg/DFGSpeculativeJIT.h:
3789 (JSC::DFG::SpeculativeJIT::silentFillGPR):
3790 (JSC::DFG::SpeculativeJIT::spill):
3791 * dfg/DFGSpeculativeJIT32_64.cpp:
3792 (JSC::DFG::SpeculativeJIT::fillInteger):
3793 (JSC::DFG::SpeculativeJIT::fillDouble):
3794 (JSC::DFG::SpeculativeJIT::fillJSValue):
3795 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3796 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3797 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3798 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3799 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3800 (JSC::DFG::SpeculativeJIT::compile):
3802 2011-12-28 Anders Carlsson <andersca@apple.com>
3804 Add an implicit block conversion operator to WTF::Function
3805 https://bugs.webkit.org/show_bug.cgi?id=75325
3807 Reviewed by Dan Bernstein.
3810 Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation
3811 is buggy, especially when it comes to C++.
3814 Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed.
3816 2011-12-27 Anders Carlsson <andersca@apple.com>
3818 Add a new WTF::bind overload that takes 6 parameters
3819 https://bugs.webkit.org/show_bug.cgi?id=75287
3821 Reviewed by Sam Weinig.
3825 2011-12-27 Sam Weinig <sam@webkit.org>
3827 Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro
3828 https://bugs.webkit.org/show_bug.cgi?id=75268
3830 Reviewed by Anders Carlsson.
3833 Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
3835 * wtf/Noncopyable.h:
3836 Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
3840 Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR).
3844 Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR).
3846 2011-12-27 Anders Carlsson <andersca@apple.com>
3848 Misc fixes and cleanups in Functional.h
3849 https://bugs.webkit.org/show_bug.cgi?id=75281
3851 Reviewed by Andreas Kling.
3853 - Reformat template declarations so that the class begins on a new line.
3854 - Change the parameter template parameters to start at P1 instead of P0.
3855 - Add function wrappers and bind overloads for 4 and 5 parameter functions.
3856 - Change the Function call operator to be const so const functions can be called.
3860 2011-12-27 Tony Chang <tony@chromium.org>
3862 [chromium] Minor cleanup of gyp files.
3863 https://bugs.webkit.org/show_bug.cgi?id=75269
3865 Reviewed by Adam Barth.
3867 * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed
3868 and vim/emacs specific hooks should be added by the user.
3870 2011-12-27 Gavin Barraclough <barraclough@apple.com>
3872 https://bugs.webkit.org/show_bug.cgi?id=75260
3873 Null name for host function can result in dereference of uninitialize memory
3875 Reviewed by Filip Pizlo.
3877 This is a recent regression in ToT, if the name passed to finishCreation of a host function is null,
3878 we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the
3879 aspect of the change that introduced the issue. It might be better if functions that don't have a
3880 name don't have this property at all, but that's change should be separate from fixing the bug.
3882 * runtime/JSFunction.cpp:
3883 (JSC::JSFunction::finishCreation):
3884 - Always initialize the name property.
3886 2011-12-27 Anders Carlsson <andersca@apple.com>
3888 Function should handle wrapping/unwrapping RefPtr and PassRefPtr
3889 https://bugs.webkit.org/show_bug.cgi?id=75266
3891 Reviewed by Sam Weinig.
3893 Add ParamStorageTraits that can be used for deciding how bound parameters should be stored
3894 and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn.
3895 For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking.
3898 (WTF::ParamStorageTraits::wrap):
3899 (WTF::ParamStorageTraits::unwrap):
3901 2011-12-27 Tony Chang <tony@chromium.org>
3903 [chromium] really enable wpo for WebCore libs and for WTF
3904 https://bugs.webkit.org/show_bug.cgi?id=75264
3906 Reviewed by Adam Barth.
3908 * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr.
3910 2011-12-26 Gavin Barraclough <barraclough@apple.com>
3912 Errk! OS X build fix.
3914 * JavaScriptCore.exp:
3916 2011-12-26 Gavin Barraclough <barraclough@apple.com>
3920 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3921 * runtime/JSObject.h:
3923 2011-12-26 Gavin Barraclough <barraclough@apple.com>
3925 https://bugs.webkit.org/show_bug.cgi?id=75231
3926 Fail to throw in strict mode on assign to read only static properties
3928 Reviewed by Filip Pizlo.
3930 There are three bugs here:
3931 * symbolTablePut should throw for strict mode accesses.
3932 * lookupPut should throw for strict mode accesses.
3933 * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties.
3935 * runtime/JSActivation.cpp:
3936 (JSC::JSActivation::symbolTablePut):
3937 (JSC::JSActivation::put):
3938 * runtime/JSActivation.h:
3939 * runtime/JSGlobalObject.cpp:
3940 (JSC::JSGlobalObject::put):
3941 * runtime/JSStaticScopeObject.cpp:
3942 (JSC::JSStaticScopeObject::put):
3943 * runtime/JSVariableObject.h:
3944 (JSC::JSVariableObject::symbolTablePut):
3947 * runtime/NumberConstructor.cpp:
3948 (JSC::NumberConstructor::put):
3949 * runtime/NumberConstructor.h:
3951 2011-12-26 Gavin Barraclough <barraclough@apple.com>
3953 Fix miss-commit of utf8 change.
3955 Reviewed by Filip Pizlo
3957 Eeep, patch as landed a while ago had no effect! - acidentally landed
3958 modified version of patch used for performance testing.
3960 (This isn't covered by layout tests because layour tests don't use jsc,
3961 and the tests/mozilla tests use latin1, which was already supported!)
3963 Landing changes as intended (and as originally reviewed).
3968 2011-12-26 Filip Pizlo <fpizlo@apple.com>
3970 Unreviewed build fix for ARMv7.
3972 * assembler/MacroAssemblerARMv7.h:
3973 (JSC::MacroAssemblerARMv7::load16Signed):
3974 (JSC::MacroAssemblerARMv7::load8Signed):
3976 2011-12-26 Hajime Morrita <morrita@google.com>
3978 Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE
3979 https://bugs.webkit.org/show_bug.cgi?id=74990
3981 Reviewed by Kevin Ollivier.
3983 * runtime/JSExportMacros.h: Removed JS_INLINE
3984 * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE
3986 2011-12-24 Filip Pizlo <fpizlo@apple.com>
3988 The ArgumentCount field in the CallFrame should have its tag left blank for other uses
3989 https://bugs.webkit.org/show_bug.cgi?id=75199
3990 <rdar://problem/10625105>
3991 <rdar://problem/10625106>
3993 Reviewed by Oliver Hunt.
git://git.webkit.org / WebKit-https.git / blob