FTL: Refactor compileArithDiv and compileArithMod into one function.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-02  Nadav Rotem  <nrotem@apple.com>
2
3         FTL: Refactor compileArithDiv and compileArithMod into one function.
4         https://bugs.webkit.org/show_bug.cgi?id=122205
5
6         Reviewed by Filip Pizlo.
7
8         * ftl/FTLLowerDFGToLLVM.cpp:
9         (JSC::FTL::LowerDFGToLLVM::compileNode):
10         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
11         (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
12
13 2013-10-02  Anders Carlsson  <andersca@apple.com>
14
15         Get rid of Qt code from JavaScriptCore
16         https://bugs.webkit.org/show_bug.cgi?id=122223
17
18         Reviewed by Oliver Hunt.
19
20         * API/JSStringRefQt.cpp: Removed.
21         * API/JSStringRefQt.h: Removed.
22         * API/OpaqueJSString.h:
23         * DerivedSources.pri: Removed.
24         * JavaScriptCore.pri: Removed.
25         * JavaScriptCore.pro: Removed.
26         * LLIntOffsetsExtractor.pro: Removed.
27         * Target.pri: Removed.
28         * assembler/AbstractMacroAssembler.h:
29         * assembler/MacroAssembler.h:
30         (JSC::MacroAssembler::urshift32):
31         * assembler/MacroAssemblerARMv7.h:
32         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
33         * assembler/MacroAssemblerX86Common.h:
34         * dfg/DFGSpeculativeJIT.cpp:
35         (JSC::DFG::SpeculativeJIT::compileArithSub):
36         * heap/HeapTimer.cpp:
37         (JSC::HeapTimer::timerEvent):
38         * heap/HeapTimer.h:
39         * heap/IncrementalSweeper.cpp:
40         (JSC::IncrementalSweeper::scheduleTimer):
41         * heap/IncrementalSweeper.h:
42         * jit/JITArithmetic32_64.cpp:
43         (JSC::JIT::emitSub32Constant):
44         * jsc.cpp:
45         (main):
46         * jsc.pro: Removed.
47         * runtime/DateConstructor.cpp:
48         * runtime/GCActivityCallback.cpp:
49         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
50         (JSC::DefaultGCActivityCallback::cancelTimer):
51         * runtime/GCActivityCallback.h:
52         * testRegExp.cpp:
53         (main):
54         * yarr/yarr.pri: Removed.
55
56 2013-10-01  Filip Pizlo  <fpizlo@apple.com>
57
58         FTL should use the new version of LLVM MCJIT memory manager APIs that take a SectionName
59         https://bugs.webkit.org/show_bug.cgi?id=122193
60
61         Reviewed by Geoffrey Garen.
62         
63         Update our usage of the LLVM C API since the API is about to change.
64
65         * ftl/FTLCompile.cpp:
66         (JSC::FTL::mmAllocateCodeSection):
67         (JSC::FTL::mmAllocateDataSection):
68
69 2013-10-01  Filip Pizlo  <fpizlo@apple.com>
70
71         REGRESSION(156464): 50% regression on SunSpider/string-fasta
72         https://bugs.webkit.org/show_bug.cgi?id=122202
73
74         Unreviewed, roll out r156464.
75         
76         This is a progression on string-fasta, since it fixes the regression.
77
78         * bytecode/UnlinkedCodeBlock.cpp:
79         (JSC::UnlinkedFunctionExecutable::paramString):
80         * bytecompiler/BytecodeGenerator.cpp:
81         (JSC::BytecodeGenerator::BytecodeGenerator):
82         * bytecompiler/BytecodeGenerator.h:
83         (JSC::BytecodeGenerator::emitExpressionInfo):
84         * bytecompiler/NodesCodegen.cpp:
85         (JSC::ForInNode::emitBytecode):
86         (JSC::FuncExprNode::emitBytecode):
87         * parser/ASTBuilder.h:
88         (JSC::ASTBuilder::createFormalParameterList):
89         (JSC::ASTBuilder::createForInLoop):
90         (JSC::ASTBuilder::addVar):
91         * parser/NodeConstructors.h:
92         (JSC::CommaNode::CommaNode):
93         (JSC::ParameterNode::ParameterNode):
94         (JSC::ForInNode::ForInNode):
95         * parser/Nodes.cpp:
96         (JSC::FunctionParameters::create):
97         (JSC::FunctionParameters::FunctionParameters):
98         (JSC::FunctionParameters::~FunctionParameters):
99         * parser/Nodes.h:
100         (JSC::ExpressionNode::isDotAccessorNode):
101         (JSC::CommaNode::append):
102         (JSC::ParameterNode::ident):
103         (JSC::FunctionParameters::at):
104         (JSC::FunctionParameters::identifiers):
105         * parser/Parser.cpp:
106         (JSC::::Parser):
107         (JSC::::parseVarDeclaration):
108         (JSC::::parseVarDeclarationList):
109         (JSC::::parseForStatement):
110         (JSC::::parseFormalParameters):
111         (JSC::::parseAssignmentExpression):
112         * parser/Parser.h:
113         (JSC::Scope::declareParameter):
114         (JSC::Parser::declareParameter):
115         * parser/SyntaxChecker.h:
116         (JSC::SyntaxChecker::createFormalParameterList):
117         (JSC::SyntaxChecker::createForInLoop):
118         (JSC::SyntaxChecker::operatorStackPop):
119         * runtime/JSONObject.cpp:
120         * runtime/JSONObject.h:
121
122 2013-10-01  Filip Pizlo  <fpizlo@apple.com>
123
124         Variable event stream (for DFG OSR exit) should be explicit about where on the stack a SetLocal put a value
125         https://bugs.webkit.org/show_bug.cgi?id=122178
126
127         Reviewed by Geoffrey Garen.
128         
129         Now if the DFG stores the value of a variable into the stack explicitly via a SetLocal,
130         it will record where on the stack it stored the value in addition to recording where on
131         the stack the bytecode would have done the SetLocal. Previously it just recorded the
132         format and the bytecode variable. Recording just the bytecode variable is currently fine
133         since the DFG always executes SetLocal's to the same stack location that the bytecode
134         would have used. But that prevents stack compression (webkit.org/b/122024) so this patch
135         allows the SetLocal to say both the bytecode variable that we're speaking of and the
136         actual stack location to which the SetLocal stored the value.
137         
138         This had to touch a lot of code, so I took the opportunity to also resolve
139         webkit.org/b/108019.
140
141         * bytecode/Operands.h:
142         (JSC::Operands::hasOperand):
143         * dfg/DFGFlushFormat.h:
144         (JSC::DFG::dataFormatFor):
145         * dfg/DFGMinifiedID.h:
146         (JSC::DFG::MinifiedID::bits):
147         (JSC::DFG::MinifiedID::invalidID):
148         (JSC::DFG::MinifiedID::otherInvalidID):
149         * dfg/DFGSpeculativeJIT.cpp:
150         (JSC::DFG::SpeculativeJIT::compileMovHint):
151         (JSC::DFG::SpeculativeJIT::compileInlineStart):
152         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
153         * dfg/DFGSpeculativeJIT.h:
154         (JSC::DFG::SpeculativeJIT::recordSetLocal):
155         * dfg/DFGSpeculativeJIT32_64.cpp:
156         (JSC::DFG::SpeculativeJIT::compile):
157         * dfg/DFGSpeculativeJIT64.cpp:
158         (JSC::DFG::SpeculativeJIT::compile):
159         * dfg/DFGValueSource.cpp:
160         (JSC::DFG::ValueSource::dump):
161         * dfg/DFGValueSource.h:
162         (JSC::DFG::ValueSource::ValueSource):
163         (JSC::DFG::ValueSource::forFlushFormat):
164         (JSC::DFG::ValueSource::forDataFormat):
165         (JSC::DFG::ValueSource::isSet):
166         (JSC::DFG::ValueSource::kind):
167         (JSC::DFG::ValueSource::valueRecovery):
168         (JSC::DFG::ValueSource::id):
169         (JSC::DFG::ValueSource::virtualRegister):
170         * dfg/DFGVariableEvent.cpp:
171         (JSC::DFG::VariableEvent::dump):
172         (JSC::DFG::VariableEvent::dumpSpillInfo):
173         * dfg/DFGVariableEvent.h:
174         (JSC::DFG::VariableEvent::fillGPR):
175         (JSC::DFG::VariableEvent::fillPair):
176         (JSC::DFG::VariableEvent::fillFPR):
177         (JSC::DFG::VariableEvent::spill):
178         (JSC::DFG::VariableEvent::death):
179         (JSC::DFG::VariableEvent::setLocal):
180         (JSC::DFG::VariableEvent::movHint):
181         (JSC::DFG::VariableEvent::id):
182         (JSC::DFG::VariableEvent::gpr):
183         (JSC::DFG::VariableEvent::tagGPR):
184         (JSC::DFG::VariableEvent::payloadGPR):
185         (JSC::DFG::VariableEvent::fpr):
186         (JSC::DFG::VariableEvent::spillRegister):
187         (JSC::DFG::VariableEvent::bytecodeRegister):
188         (JSC::DFG::VariableEvent::machineRegister):
189         (JSC::DFG::VariableEvent::variableRepresentation):
190         * dfg/DFGVariableEventStream.cpp:
191         (JSC::DFG::VariableEventStream::reconstruct):
192
193 2013-10-01  Nadav Rotem  <nrotem@apple.com>
194
195         FTL: split overflow checks into non-overflow arithmetic and an additional call to the overflow intrinsic check.
196         https://bugs.webkit.org/show_bug.cgi?id=122170
197
198         Reviewed by Filip Pizlo.
199
200         Overflow intrinsics are preventing SCEV and other LLVM analysis passes from analyzing loops. This patch changes the FTL-IR gen by splitting arithmetic calculations into two parts:
201         1. Generate the arithmetic calculation (that may overflow)
202         2. Generate the overflow check (that is only used by the OSR-exit logic).
203
204         We trust LLVM (SelectionDAG) to merge these calculations into a single opcode.
205
206         This JS function:
207
208         function foo() {
209             for (i=0; i < 10000000; i++) { }
210         }
211
212         Is now compiled into this LLVM-IR: 
213
214         "OSR exit continuation for @24<Int32>":           ; preds = %"Block #0", %"OSR exit continuation for @24<Int32>2"
215           %4 = phi i64 [ %10, %"OSR exit continuation for @24<Int32>2" ], [ -281474976710656, %"Block #0" ]
216           %5 = trunc i64 %4 to i32
217           %6 = add i32 %5, 1
218           %7 = tail call { i32, i1 } @llvm.sadd.with.overflow.i32(i32 %5, i32 1)
219           %8 = extractvalue { i32, i1 } %7, 1
220           br i1 %8, label %"OSR exit failCase for @24<Int32>1", label %"OSR exit continuation for @24<Int32>2"
221
222          And into this assembly:
223
224         LBB0_1:                                 ## %OSR exit continuation for @24<Int32>
225                                         ## =>This Inner Loop Header: Depth=1
226             movl  %ecx, %esi
227             incl  %esi
228             jo  LBB0_4
229
230         * ftl/FTLLowerDFGToLLVM.cpp:
231         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
232         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
233         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
234
235 2013-10-01  Nadav Rotem  <nrotem@apple.com>
236
237         Consolidate multiple OSRExit calls into one.
238         https://bugs.webkit.org/show_bug.cgi?id=122168
239
240         Reviewed by Filip Pizlo.
241
242         * ftl/FTLLowerDFGToLLVM.cpp:
243         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
244         (JSC::FTL::LowerDFGToLLVM::compileArithDiv):
245         (JSC::FTL::LowerDFGToLLVM::compileArithMod):
246
247 2013-09-30  Filip Pizlo  <fpizlo@apple.com>
248
249         SpeculativeJIT::m_arguments/m_variables are vestiges of a time long gone
250         https://bugs.webkit.org/show_bug.cgi?id=122140
251
252         Reviewed by Darin Adler.
253         
254         Just killing code.
255
256         * dfg/DFGSpeculativeJIT.cpp:
257         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
258         (JSC::DFG::SpeculativeJIT::compileInlineStart):
259         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
260         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
261         * dfg/DFGSpeculativeJIT.h:
262         (JSC::DFG::SpeculativeJIT::recordSetLocal):
263
264 2013-10-01  Daniel Bates  <dabates@apple.com>
265
266         [iOS] JavaScriptCore fails to build with newer versions of clang
267         https://bugs.webkit.org/show_bug.cgi?id=122162
268
269         Reviewed by Darin Adler.
270
271         * runtime/GCActivityCallback.cpp: Add !PLATFORM(IOS)-guard around constant pagingTimeOut
272         as we don't compile the code that uses it on iOS.
273
274 2013-09-30  Sam Weinig  <sam@webkit.org>
275
276         Remove support for DOMFileSystem
277         https://bugs.webkit.org/show_bug.cgi?id=122137
278
279         Reviewed by Anders Carlsson.
280
281         * Configurations/FeatureDefines.xcconfig:
282
283 2013-09-30  Dan Bernstein  <mitz@apple.com>
284
285         <rdar://problem/15114974> Assertion failure under -[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:] if no classes conform to JSExport
286         https://bugs.webkit.org/show_bug.cgi?id=122124
287
288         Reviewed by Darin Adler.
289
290         * API/JSWrapperMap.mm: Defined an empty class that conforms to the JSExport protocol, to
291         ensure that the protocol is always registered with the runtime by the time
292         getJSExportProtocol() is called.
293
294 2013-09-30  Benjamin Poulain  <benjamin@webkit.org>
295
296         Remove the code guarded by STYLE_SCOPED
297         https://bugs.webkit.org/show_bug.cgi?id=122123
298
299         Reviewed by Anders Carlsson.
300
301         * Configurations/FeatureDefines.xcconfig:
302
303 2013-09-30  Andreas Kling  <akling@apple.com>
304
305         Pass VM instead of ExecState to ObjectPrototype constructor.
306         <https://webkit.org/b/122116>
307
308         Reviewed by Geoffrey Garen.
309
310         The ObjectPrototype constructor was only using the ExecState to get
311         to the VM.
312
313 2013-09-30  Andreas Kling  <akling@apple.com>
314
315         Pass VM instead of JSGlobalObject to MathObject constructor.
316         <https://webkit.org/b/122119>
317
318         Reviewed by Geoffrey Garen.
319
320         The MathObject constructor was only using the global object to get
321         to the VM. finishCreation() still uses it to set up functions.
322
323 2013-09-30  Filip Pizlo  <fpizlo@apple.com>
324
325         Get rid of the AlreadyInJSStack recoveries since they are totally redundant with the DisplacedInJSStack recoveries
326         https://bugs.webkit.org/show_bug.cgi?id=122065
327
328         Reviewed by Mark Hahnenberg.
329         
330         This mostly just kills a bunch of code.
331         
332         But incidentaly while killing that code, I uncovered a bug in our FTL OSR entrypoint
333         creation phase. The phase inserts a sequence of SetLocal(ExtractOSREntryLocal) nodes.
334         If we hoist some type check into the local, then we might inject a conversion node
335         between the ExtractOSREntryLocal and the SetLocal - for example we might put in a
336         Int32ToDouble node. But currently the FixupPhase will make all conversion nodes placed
337         on an edge of a SetLocal use forward exit. This then confuses the OSR exit machinery.
338         When OSR exit sees a forward exit, it tries to "roll forward" execution from the exiting
339         node to the first node that has a different CodeOrigin. This only works if the nodes
340         after the forward exit are MovHints or other tnings that the OSR exit compiler can
341         forward-execute. But here, it will see a bunch of SetLocal and ExtractOSREntryLocal
342         nodes for the same bytecode index. Two possible solutions exist. We could teach the
343         forward-execution logic how to deal with multiple SetLocals and ExtractOSREntryLocals.
344         This would be a lot of complexity; right now it just needs to deal with exactly one
345         SetLocal-like operation. The alternative is to make sure that the conversion node that
346         we inject ends up exiting *backward* rather than forward.
347         
348         But making the conversion nodes exit backward is somewhat tricky. Before this patch,
349         conversion nodes always exit forward for SetLocals and backwards otherwise. It turns out
350         that the solution is to rationalize how we choose the speculation direciton for a
351         conversion node. The conversion node's speculation direction should be the same as the
352         speculation direction of the node for which it is doing a conversion. Since SetLocal's
353         already exit forward by default, this policy preserves our previous behavior. But it
354         also allows the OSR entrypoint creation phase to make its SetLocals exit backward
355         instead.
356         
357         Of course, if the SetLocal(ExtractOSREntryLocal) sequences exit backward, then we need
358         to make sure that the OSR exit machine knows that the local variables are indeed live.
359         Consider that if we have:
360         
361             a: ExtractOSREntryLocal(loc1)
362             b: SetLocal(@a, loc1)
363             c: ExtractOSRentryLocal(loc2)
364             d: SetLocal(@c, loc2)
365         
366         Without additional magic, the exit at @b will think that loc2 is dead and the OSR exit
367         compiler will clobber loc2 with Undefined. So we need to make sure that we actually
368         emit code like:
369         
370             a: ExtractOSREntryLocal(loc1)
371             b: ExtractOSREntryLocal(loc2)
372             c: SetLocal(@a, loc1)
373             d: SetLocal(@b, loc2)
374             e: SetLocal(@a, loc1)
375             f: SetLocal(@b, loc2)
376
377         * CMakeLists.txt:
378         * GNUmakefile.list.am:
379         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
380         * JavaScriptCore.xcodeproj/project.pbxproj:
381         * Target.pri:
382         * bytecode/CodeOrigin.h:
383         * bytecode/ValueRecovery.cpp: Added.
384         (JSC::ValueRecovery::recover):
385         (JSC::ValueRecovery::dumpInContext):
386         (JSC::ValueRecovery::dump):
387         * bytecode/ValueRecovery.h:
388         * dfg/DFGFixupPhase.cpp:
389         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
390         (JSC::DFG::FixupPhase::fixEdge):
391         * dfg/DFGJITCode.cpp:
392         (JSC::DFG::JITCode::reconstruct):
393         * dfg/DFGNode.h:
394         (JSC::DFG::Node::speculationDirection):
395         (JSC::DFG::Node::setSpeculationDirection):
396         * dfg/DFGOSREntrypointCreationPhase.cpp:
397         (JSC::DFG::OSREntrypointCreationPhase::run):
398         * dfg/DFGOSRExitCompiler32_64.cpp:
399         (JSC::DFG::OSRExitCompiler::compileExit):
400         * dfg/DFGOSRExitCompiler64.cpp:
401         (JSC::DFG::OSRExitCompiler::compileExit):
402         * dfg/DFGSpeculativeJIT.cpp:
403         (JSC::DFG::SpeculativeJIT::compileInlineStart):
404         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
405         * dfg/DFGSpeculativeJIT.h:
406         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
407         * dfg/DFGValueSource.h:
408         (JSC::DFG::ValueSource::valueRecovery):
409         * dfg/DFGVariableEventStream.cpp:
410         (JSC::DFG::VariableEventStream::reconstruct):
411         * ftl/FTLLowerDFGToLLVM.cpp:
412         (JSC::FTL::LowerDFGToLLVM::speculate):
413         (JSC::FTL::LowerDFGToLLVM::speculateMachineInt):
414         * interpreter/Register.h:
415         (JSC::Register::unboxedStrictInt52):
416         * runtime/Arguments.cpp:
417         (JSC::Arguments::tearOff):
418         * runtime/Arguments.h:
419
420 2013-09-30  Alex Christensen  <alex.christensen@flexsim.com>
421
422         Win64 compile fix after r1256490.
423         https://bugs.webkit.org/show_bug.cgi?id=122117
424
425         Reviewed by Michael Saboff.
426
427         * jit/JITStubsMSVC64.asm:
428         Implemented getHostCallReturnValue for Windows x86_64 processors.
429
430 2013-09-30  Andreas Kling  <akling@apple.com>
431
432         Pass VM instead of JSGlobalObject to RegExp constructor.
433         <https://webkit.org/b/122113>
434
435         Reviewed by Darin Adler.
436
437         RegExps don't need anything from the global object during their
438         construction and only use it to get to the VM. Reduce loads by
439         simply passing the VM around instead.
440
441         JSC release binary size -= 120 bytes(!)
442
443 2013-09-30  Patrick Gansterer  <paroga@webkit.org>
444
445         Fix compilation for COMPILER(MSVC) && !CPU(X86) after r156490.
446         https://bugs.webkit.org/show_bug.cgi?id=122102
447
448         Reviewed by Geoffrey Garen.
449
450         _AddressOfReturnAddress() is supported for all platforms of
451         ths Microsoft compiler, so we can use it for !CPU(X86) too.
452
453         * jit/JITOperationWrappers.h:
454
455 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
456
457         Unreviewed. Build fix for DEBUG_VERBOSE mode after r156511.
458
459         * dfg/DFGSpeculativeJIT.cpp:
460         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
461
462 2013-09-30  Gabor Rapcsanyi  <rgabor@webkit.org>
463
464         Unreviewed. Speculative build fix on ARMv7 Thumb2 after r156490.
465
466         * dfg/DFGSpeculativeJIT.cpp:
467         (JSC::DFG::fmodAsDFGOperation):
468
469 2013-09-29  Nadav Rotem  <nrotem@apple.com>
470
471         FTL: refactor compileAdd and compileArithSub into one function.
472         https://bugs.webkit.org/show_bug.cgi?id=122081
473
474         Reviewed by Geoffrey Garen.
475
476         * ftl/FTLLowerDFGToLLVM.cpp:
477         (JSC::FTL::LowerDFGToLLVM::compileNode):
478         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
479
480 2013-09-29  Andreas Kling  <akling@apple.com>
481
482         Pass VM instead of JSGlobalObject to function constructors.
483         <https://webkit.org/b/122082>
484
485         Reviewed by Darin Adler.
486
487         Functions don't need anything from the global object during their
488         construction and only use it to get to the VM. Reduce loads by
489         simply passing the VM around instead.
490
491         This patch is mostly mechanical, I just changed the signature of
492         InternalFunction and worked my way from there until it built.
493
494         JSC release binary size -= 4840 bytes.
495
496 2013-09-29  Andreas Kling  <akling@apple.com>
497
498         Pass VM instead of JSGlobalObject to ArrayPrototype constructor.
499         <https://webkit.org/b/122079>
500
501         Reviewed by Geoffrey Garen.
502
503         ArrayPrototype doesn't need the global object for anything during
504         construction, so reduce the amount of loads by just passing the VM.
505
506 2013-09-29  Andreas Kling  <akling@apple.com>
507
508         Pass VM instead of ExecState to simple builtin constructors.
509         <https://webkit.org/b/122077>
510
511         Reviewed by Sam Weinig.
512
513         None of the simple builtins need the ExecState for anything during
514         their construction, so reduce the amount of loads by just passing
515         the VM around instead.
516
517 2013-09-29  Nadav Rotem  <nrotem@apple.com>
518
519         Refactor code for finding x86 scratch register.
520         https://bugs.webkit.org/show_bug.cgi?id=122072
521
522         Reviewed by Geoffrey Garen.
523
524         * assembler/MacroAssemblerX86Common.h:
525         (JSC::MacroAssemblerX86Common::getUnusedRegister):
526         (JSC::MacroAssemblerX86Common::store8):
527         (JSC::MacroAssemblerX86Common::store16):
528
529 2013-09-28  Mark Rowe  <mrowe@apple.com>
530
531         Take Xcode's advice and enable some extra warnings.
532
533         Reviewed by Sam Weinig.
534
535         * Configurations/Base.xcconfig:
536         * JavaScriptCore.xcodeproj/project.pbxproj:
537
538 2013-09-28  Andreas Kling  <akling@apple.com>
539
540         Pass VM instead of ExecState to JSFunction constructors.
541         <https://webkit.org/b/122014>
542
543         Reviewed by Geoffrey Garen.
544
545         JSFunction doesn't need the ExecState for anything during its
546         construction, so reduce the amount of loads by just passing the
547         VM around instead.
548
549         Factored out putDirectNonIndexAccessor() from the existing
550         putDirectAccessor() to avoid snowballing the patch (and because
551         it's kinda neat to avoid the extra branch.)
552
553         JSC release binary size -= 9680 bytes.
554
555 2013-09-28  Mark Rowe  <mrowe@apple.com>
556
557         JavaScriptCore fails to build with newer versions of clang.
558
559         Reviewed by Sam Weinig.
560
561         * interpreter/Interpreter.cpp: Remove an unused function.
562         * parser/SourceProvider.cpp: Ditto.
563         * runtime/GCActivityCallback.cpp: #if a constant that's only used on non-CF platforms.
564         * runtime/JSCJSValue.cpp: Remove an unused constant.
565         * runtime/JSString.cpp: Ditto.
566
567 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
568
569         Get rid of SetMyScope/SetCallee; use normal variables for the scope and callee of inlined call frames of closures
570         https://bugs.webkit.org/show_bug.cgi?id=122047
571
572         Reviewed by Oliver Hunt.
573         
574         Currently we have the DFG reserve space for inline call frames at exactly the same stack
575         offsets that you would have gotten if the baseline interpreter/JIT had made the calls.
576         We need to get rid of that. One of the weirder parts of this is that we have special DFG
577         operations for accessing these inlined call frame headers. It's really hard for any
578         analysis of DFG IR to see what the liveness of any of those frame header "variables" is;
579         the liveness behaves like flushed arguments (it's all live until end of the inlinee) but
580         we don't have anything like a Flush node for those special variables.
581         
582         This patch gets rid of the special operations for accessing inline call frame headers.
583         GetMyScope and GetCallee still remain, and are only for accessing the machine call
584         frame's scope/callee entries. The inline call frame's scope/callee now behave like
585         normal variables, and have Flush behavior just like inline arguments.
586
587         * dfg/DFGAbstractInterpreterInlines.h:
588         (JSC::DFG::::executeEffects):
589         * dfg/DFGByteCodeParser.cpp:
590         (JSC::DFG::ByteCodeParser::getDirect):
591         (JSC::DFG::ByteCodeParser::get):
592         (JSC::DFG::ByteCodeParser::setDirect):
593         (JSC::DFG::ByteCodeParser::set):
594         (JSC::DFG::ByteCodeParser::setLocal):
595         (JSC::DFG::ByteCodeParser::setArgument):
596         (JSC::DFG::ByteCodeParser::flush):
597         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
598         (JSC::DFG::ByteCodeParser::handleInlining):
599         (JSC::DFG::ByteCodeParser::getScope):
600         * dfg/DFGCSEPhase.cpp:
601         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
602         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
603         (JSC::DFG::CSEPhase::performNodeCSE):
604         * dfg/DFGClobberize.h:
605         (JSC::DFG::clobberize):
606         * dfg/DFGFixupPhase.cpp:
607         (JSC::DFG::FixupPhase::fixupNode):
608         * dfg/DFGNodeType.h:
609         * dfg/DFGPredictionPropagationPhase.cpp:
610         (JSC::DFG::PredictionPropagationPhase::propagate):
611         * dfg/DFGSafeToExecute.h:
612         (JSC::DFG::safeToExecute):
613         * dfg/DFGSpeculativeJIT32_64.cpp:
614         (JSC::DFG::SpeculativeJIT::compile):
615         * dfg/DFGSpeculativeJIT64.cpp:
616         (JSC::DFG::SpeculativeJIT::compile):
617
618 2013-09-27  Filip Pizlo  <fpizlo@apple.com>
619
620         Deoptimize 32-bit deoptimization
621         https://bugs.webkit.org/show_bug.cgi?id=122025
622
623         Reviewed by Oliver Hunt.
624         
625         Just simplifying a bunch of code. I don't want the old, super-complicated,
626         deoptimization code to get in the way of changes I'll be making to DFG stack layout.
627
628         * bytecode/ValueRecovery.h:
629         (JSC::ValueRecovery::inGPR):
630         (JSC::ValueRecovery::isInRegisters):
631         (JSC::ValueRecovery::gpr):
632         (JSC::ValueRecovery::dumpInContext):
633         * dfg/DFGOSRExitCompiler32_64.cpp:
634         (JSC::DFG::OSRExitCompiler::compileExit):
635         * dfg/DFGOSRExitCompiler64.cpp:
636         (JSC::DFG::OSRExitCompiler::compileExit):
637
638 2013-09-27  Alex Christensen  <alex.christensen@flexsim.com>
639
640         Fixed Win64 build after r156184.
641         https://bugs.webkit.org/show_bug.cgi?id=121994
642
643         Reviewed by Oliver Hunt.
644
645         * jit/CCallHelpers.h:
646         (JSC::CCallHelpers::setupTwoStubArgsGPR):
647         (JSC::CCallHelpers::setupTwoStubArgsFPR):
648         Renamed from setupTwoStubArgs.
649         Visual Studio x64 compiler fails to see that this is an overloaded template function.
650         (JSC::CCallHelpers::setupStubArguments):
651         (JSC::CCallHelpers::setupArguments):
652         (JSC::CCallHelpers::setupArgumentsWithExecState):
653         Use setupTwoStubArgsGPR or setupTwoStubArgsFPR instead of setupTwoStubArgs.
654
655 2013-09-27  Gabor Rapcsanyi  <rgabor@webkit.org>
656
657         LLInt alignment problem on ARM in debug mode
658         https://bugs.webkit.org/show_bug.cgi?id=122012
659
660         Reviewed by Michael Saboff.
661
662         Force GCC to put the LLInt code to .text section.
663
664         * llint/LowLevelInterpreter.cpp:
665
666 2013-09-06  Jer Noble  <jer.noble@apple.com>
667
668         [Mac] Implement the media controls in JavaScript.
669         https://bugs.webkit.org/show_bug.cgi?id=120895
670
671         Reviewed by Dean Jackson.
672
673         Define and turn on ENABLE_MEDIA_CONTROLS_SCRIPT.
674
675         * Configurations/FeatureDefines.xcconfig:
676
677 2013-09-27  Andreas Kling  <akling@apple.com>
678
679         Pass VM instead of ExecState to JSDateMath functions.
680         <https://webkit.org/b/121997>
681
682         Reviewed by Geoffrey Garen.
683
684         The JSC date math functions only need the VM, so pass that from
685         callers instead of the whole ExecState.
686
687 2013-09-26  Andreas Kling  <akling@apple.com>
688
689         GetterSetter construction should take a VM instead of ExecState.
690         <https://webkit.org/b/121993>
691
692         Reviewed by Sam Weinig.
693
694         Pass VM& instead of ExecState* to GetterSetter. Updated surrounding
695         code at touched sites to cache VM in a local for fewer loads.
696
697         JSC release binary size -= 4120 bytes.
698
699 2013-09-26  Oliver Hunt  <oliver@apple.com>
700
701         Make GCC happy
702
703         * parser/Parser.h:
704
705 2013-09-25  Oliver Hunt  <oliver@apple.com>
706
707         Implement prefixed-destructuring assignment
708         https://bugs.webkit.org/show_bug.cgi?id=121930
709
710         Reviewed by Mark Hahnenberg.
711
712         Relanding with fix after rollout
713
714 2013-09-26  Michael Saboff  <msaboff@apple.com>
715
716         VirtualRegister should be a class
717         https://bugs.webkit.org/show_bug.cgi?id=121732
718
719         Reviewed by Geoffrey Garen.
720
721         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
722         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
723         and the similar functions for locals to VirtualRegister class.
724
725         This is in preparation for changing the offset for the first local register from
726         0 to -1.  This is needed since most native calling conventions have the architected
727         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
728         pointer.  Local values start below that address.
729
730         * bytecode/CodeBlock.cpp:
731         * bytecode/CodeBlock.h:
732         * bytecode/Instruction.h:
733         * bytecode/LazyOperandValueProfile.h:
734         * bytecode/MethodOfGettingAValueProfile.cpp:
735         * bytecode/Operands.h:
736         * bytecode/UnlinkedCodeBlock.cpp:
737         * bytecode/UnlinkedCodeBlock.h:
738         * bytecode/ValueRecovery.h:
739         * bytecode/VirtualRegister.h:
740         * bytecompiler/BytecodeGenerator.cpp:
741         * bytecompiler/BytecodeGenerator.h:
742         * bytecompiler/RegisterID.h:
743         * debugger/DebuggerCallFrame.cpp:
744         * dfg/DFGAbstractHeap.h:
745         * dfg/DFGAbstractInterpreterInlines.h:
746         * dfg/DFGArgumentPosition.h:
747         * dfg/DFGArgumentsSimplificationPhase.cpp:
748         * dfg/DFGByteCodeParser.cpp:
749         * dfg/DFGCFGSimplificationPhase.cpp:
750         * dfg/DFGCPSRethreadingPhase.cpp:
751         * dfg/DFGCapabilities.cpp:
752         * dfg/DFGConstantFoldingPhase.cpp:
753         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
754         * dfg/DFGGraph.cpp:
755         * dfg/DFGGraph.h:
756         * dfg/DFGJITCode.cpp:
757         * dfg/DFGNode.h:
758         * dfg/DFGOSREntry.cpp:
759         * dfg/DFGOSREntrypointCreationPhase.cpp:
760         * dfg/DFGOSRExit.h:
761         * dfg/DFGOSRExitCompiler32_64.cpp:
762         * dfg/DFGOSRExitCompiler64.cpp:
763         * dfg/DFGRegisterBank.h:
764         * dfg/DFGScoreBoard.h:
765         * dfg/DFGSpeculativeJIT.cpp:
766         * dfg/DFGSpeculativeJIT.h:
767         * dfg/DFGSpeculativeJIT32_64.cpp:
768         * dfg/DFGSpeculativeJIT64.cpp:
769         * dfg/DFGValidate.cpp:
770         * dfg/DFGValueRecoveryOverride.h:
771         * dfg/DFGVariableAccessData.h:
772         * dfg/DFGVariableEvent.h:
773         * dfg/DFGVariableEventStream.cpp:
774         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
775         * ftl/FTLExitArgumentForOperand.h:
776         * ftl/FTLLink.cpp:
777         * ftl/FTLLowerDFGToLLVM.cpp:
778         * ftl/FTLOSREntry.cpp:
779         * ftl/FTLOSRExit.cpp:
780         * ftl/FTLOSRExit.h:
781         * ftl/FTLOSRExitCompiler.cpp:
782         * interpreter/CallFrame.h:
783         * interpreter/Interpreter.cpp:
784         * jit/AssemblyHelpers.h:
785         * jit/JIT.h:
786         * jit/JITCall.cpp:
787         * jit/JITCall32_64.cpp:
788         * jit/JITInlines.h:
789         * jit/JITOpcodes.cpp:
790         * jit/JITOpcodes32_64.cpp:
791         * jit/JITPropertyAccess32_64.cpp:
792         * jit/JITStubs.cpp:
793         * llint/LLIntSlowPaths.cpp:
794         * profiler/ProfilerBytecodeSequence.cpp:
795         * runtime/CommonSlowPaths.cpp:
796         * runtime/JSActivation.cpp:
797
798 2013-09-26  Anders Carlsson  <andersca@apple.com>
799
800         Work around another MSVC bug.
801
802         * runtime/PrototypeMap.cpp:
803         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
804
805 2013-09-26  Anders Carlsson  <andersca@apple.com>
806
807         Attempt to fix the FTL build.
808
809         * ftl/FTLAbstractHeap.cpp:
810         (JSC::FTL::IndexedAbstractHeap::atSlow):
811
812 2013-09-26  Andreas Kling  <akling@apple.com>
813
814         Pass VM instead of ExecState to many finishCreation() functions.
815         <https://webkit.org/b/121975>
816
817         Reviewed by Sam Weinig.
818
819         Reduce unnecessary loads by passing the VM to object creation
820         functions that don't need the ExecState.
821
822         There are tons of opportunities in this area, I'm just scratching
823         the surface.
824
825 2013-09-26  Commit Queue  <commit-queue@webkit.org>
826
827         Unreviewed, rolling out r156464 and r156480.
828         http://trac.webkit.org/changeset/156464
829         http://trac.webkit.org/changeset/156480
830         https://bugs.webkit.org/show_bug.cgi?id=121981
831
832         Leaking too much and killi\1cng buildbot. (Requested by xenon on
833         #webkit).
834
835         * bytecode/UnlinkedCodeBlock.cpp:
836         (JSC::UnlinkedFunctionExecutable::paramString):
837         * bytecompiler/BytecodeGenerator.cpp:
838         (JSC::BytecodeGenerator::BytecodeGenerator):
839         * bytecompiler/BytecodeGenerator.h:
840         (JSC::BytecodeGenerator::emitExpressionInfo):
841         * bytecompiler/NodesCodegen.cpp:
842         (JSC::ForInNode::emitBytecode):
843         (JSC::FuncExprNode::emitBytecode):
844         * parser/ASTBuilder.h:
845         (JSC::ASTBuilder::createFormalParameterList):
846         (JSC::ASTBuilder::createForInLoop):
847         (JSC::ASTBuilder::addVar):
848         * parser/NodeConstructors.h:
849         (JSC::CommaNode::CommaNode):
850         (JSC::ParameterNode::ParameterNode):
851         (JSC::ForInNode::ForInNode):
852         * parser/Nodes.cpp:
853         (JSC::FunctionParameters::create):
854         (JSC::FunctionParameters::FunctionParameters):
855         (JSC::FunctionParameters::~FunctionParameters):
856         * parser/Nodes.h:
857         (JSC::CommaNode::append):
858         (JSC::ParameterNode::ident):
859         (JSC::FunctionParameters::at):
860         (JSC::FunctionParameters::identifiers):
861         * parser/Parser.cpp:
862         (JSC::::Parser):
863         (JSC::::parseVarDeclaration):
864         (JSC::::parseVarDeclarationList):
865         (JSC::::parseForStatement):
866         (JSC::::parseFormalParameters):
867         (JSC::::parseAssignmentExpression):
868         * parser/Parser.h:
869         (JSC::Scope::declareParameter):
870         * parser/SyntaxChecker.h:
871         (JSC::SyntaxChecker::createFormalParameterList):
872         (JSC::SyntaxChecker::createForInLoop):
873         (JSC::SyntaxChecker::operatorStackPop):
874         * runtime/JSONObject.cpp:
875         * runtime/JSONObject.h:
876
877 2013-09-26  Anders Carlsson  <andersca@apple.com>
878
879         Try to fix the Windows build.
880
881         * jit/JITThunks.cpp:
882         (JSC::JITThunks::hostFunctionStub):
883         * jit/JITThunks.h:
884
885 2013-09-26  Anders Carlsson  <andersca@apple.com>
886
887         Change a couple of HashMap value types from OwnPtr to std::unique_ptr
888         https://bugs.webkit.org/show_bug.cgi?id=121973
889
890         Reviewed by Andreas Kling.
891
892         * API/JSClassRef.cpp:
893         (OpaqueJSClassContextData::OpaqueJSClassContextData):
894         (OpaqueJSClass::contextData):
895         * API/JSClassRef.h:
896         * bytecode/SamplingTool.h:
897         * ftl/FTLAbstractHeap.h:
898         * parser/Parser.cpp:
899         (JSC::::parseFunctionInfo):
900         * parser/SourceProviderCache.cpp:
901         (JSC::SourceProviderCache::add):
902         * parser/SourceProviderCache.h:
903         * parser/SourceProviderCacheItem.h:
904         (JSC::SourceProviderCacheItem::create):
905         * profiler/ProfilerCompilation.cpp:
906         (JSC::Profiler::Compilation::executionCounterFor):
907         (JSC::Profiler::Compilation::toJS):
908         * profiler/ProfilerCompilation.h:
909         * runtime/JSGlobalObject.h:
910
911 2013-09-26  Mark Lam  <mark.lam@apple.com>
912
913         Move DFG inline caching logic into jit/.
914         https://bugs.webkit.org/show_bug.cgi?id=121749.
915
916         Reviewed by Geoffrey Garen.
917
918         Relanding http://trac.webkit.org/changeset/156235 after rebasing to latest
919         revision and fixing build breakages on Windows.
920
921         * CMakeLists.txt:
922         * GNUmakefile.list.am:
923         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
924         * JavaScriptCore.xcodeproj/project.pbxproj:
925         * Target.pri:
926         * bytecode/CallLinkInfo.cpp:
927         (JSC::CallLinkInfo::unlink):
928         * bytecode/CodeBlock.cpp:
929         (JSC::CodeBlock::resetStubInternal):
930         * bytecode/StructureStubInfo.h:
931         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
932         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
933         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
934         * dfg/DFGJITCompiler.h:
935         * dfg/DFGOSRExitCompiler.h:
936         * dfg/DFGOperations.cpp:
937         (JSC::DFG::operationPutByValInternal):
938         * dfg/DFGOperations.h:
939         (JSC::DFG::operationNewTypedArrayWithSizeForType):
940         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
941         * dfg/DFGRegisterSet.h: Removed.
942         * dfg/DFGRepatch.cpp: Removed.
943         * dfg/DFGRepatch.h: Removed.
944         * dfg/DFGScratchRegisterAllocator.h: Removed.
945         * dfg/DFGSpeculativeJIT.cpp:
946         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
947         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
948         (JSC::DFG::SpeculativeJIT::compare):
949         * dfg/DFGSpeculativeJIT.h:
950         (JSC::DFG::SpeculativeJIT::callOperation):
951         * dfg/DFGSpeculativeJIT32_64.cpp:
952         (JSC::DFG::SpeculativeJIT::cachedPutById):
953         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
954         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
955         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
956         (JSC::DFG::SpeculativeJIT::compile):
957         * dfg/DFGSpeculativeJIT64.cpp:
958         (JSC::DFG::SpeculativeJIT::cachedPutById):
959         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
960         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
961         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
962         (JSC::DFG::SpeculativeJIT::compile):
963         * dfg/DFGThunks.cpp:
964         * dfg/DFGThunks.h:
965         * ftl/FTLIntrinsicRepository.h:
966         * ftl/FTLLowerDFGToLLVM.cpp:
967         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
968         * ftl/FTLOSRExitCompiler.h:
969         * jit/AssemblyHelpers.h:
970         (JSC::AssemblyHelpers::writeBarrier):
971         * jit/JIT.cpp:
972         (JSC::JIT::linkFor):
973         (JSC::JIT::linkSlowCall):
974         * jit/JITCall.cpp:
975         (JSC::JIT::compileCallEvalSlowCase):
976         (JSC::JIT::compileOpCallSlowCase):
977         (JSC::JIT::privateCompileClosureCall):
978         * jit/JITCall32_64.cpp:
979         (JSC::JIT::compileCallEvalSlowCase):
980         (JSC::JIT::compileOpCallSlowCase):
981         (JSC::JIT::privateCompileClosureCall):
982         * jit/JITOperationWrappers.h: Copied from Source/JavaScriptCore/jit/JITOperationWrappers.h.
983         * jit/JITOperations.cpp: Copied from Source/JavaScriptCore/jit/JITOperations.cpp.
984         (JSC::getHostCallReturnValueWithExecState):
985         * jit/JITOperations.h: Copied from Source/JavaScriptCore/jit/JITOperations.h.
986         * jit/RegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
987         * jit/Repatch.cpp: Copied from Source/JavaScriptCore/jit/Repatch.cpp.
988         (JSC::tryBuildGetByIDList):
989         * jit/Repatch.h: Copied from Source/JavaScriptCore/jit/Repatch.h.
990         * jit/ScratchRegisterAllocator.h: Copied from Source/JavaScriptCore/jit/ScratchRegisterAllocator.h.
991         * jit/ThunkGenerators.cpp:
992         (JSC::oldStyleGenerateSlowCaseFor):
993         (JSC::oldStyleLinkForGenerator):
994         (JSC::oldStyleLinkCallGenerator):
995         (JSC::oldStyleLinkConstructGenerator):
996         (JSC::oldStyleLinkClosureCallGenerator):
997         (JSC::oldStyleVirtualForGenerator):
998         (JSC::oldStyleVirtualCallGenerator):
999         (JSC::oldStyleVirtualConstructGenerator):
1000         (JSC::emitPointerValidation):
1001         (JSC::throwExceptionFromCallSlowPathGenerator):
1002         (JSC::slowPathFor):
1003         (JSC::linkForThunkGenerator):
1004         (JSC::linkCallThunkGenerator):
1005         (JSC::linkConstructThunkGenerator):
1006         (JSC::linkClosureCallThunkGenerator):
1007         (JSC::virtualForThunkGenerator):
1008         (JSC::virtualCallThunkGenerator):
1009         (JSC::virtualConstructThunkGenerator):
1010         * jit/ThunkGenerators.h:
1011
1012 2013-09-26  Anders Carlsson  <andersca@apple.com>
1013
1014         Remove PassWeak.h
1015         https://bugs.webkit.org/show_bug.cgi?id=121971
1016
1017         Reviewed by Geoffrey Garen.
1018
1019         * GNUmakefile.list.am:
1020         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1021         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1022         * JavaScriptCore.xcodeproj/project.pbxproj:
1023         * heap/PassWeak.h: Removed.
1024         * heap/WeakInlines.h:
1025
1026 2013-09-26  Anders Carlsson  <andersca@apple.com>
1027
1028         Stop using PassWeak
1029         https://bugs.webkit.org/show_bug.cgi?id=121968
1030
1031         Reviewed by Sam Weinig.
1032
1033         * heap/Weak.h:
1034         Remove all knowledge of PassWeak.
1035
1036         (JSC::Weak::Weak):
1037         These constructors don't need to be explicit.
1038
1039         * heap/WeakInlines.h:
1040         (JSC::weakAdd):
1041         Change Value to be an rvalue reference and use std::forward.
1042
1043         * jit/JITThunks.cpp:
1044         (JSC::JITThunks::hostFunctionStub):
1045         Remove PassWeak.
1046
1047         * runtime/RegExpCache.cpp:
1048         (JSC::RegExpCache::lookupOrCreate):
1049         Use Weak instead of PassWeak.
1050
1051         * runtime/SimpleTypedArrayController.cpp:
1052         Change add and set to take Weak by value and std::move into place.
1053
1054         * runtime/WeakGCMap.h:
1055         (JSC::WeakGCMap::get):
1056         (JSC::WeakGCMap::set):
1057         (JSC::WeakGCMap::add):
1058
1059 2013-09-26  Commit Queue  <commit-queue@webkit.org>
1060
1061         Unreviewed, rolling out r156474.
1062         http://trac.webkit.org/changeset/156474
1063         https://bugs.webkit.org/show_bug.cgi?id=121966
1064
1065         Broke the builds. (Requested by xenon on #webkit).
1066
1067         * bytecode/CodeBlock.cpp:
1068         (JSC::CodeBlock::registerName):
1069         (JSC::CodeBlock::dumpBytecode):
1070         (JSC::CodeBlock::CodeBlock):
1071         (JSC::CodeBlock::createActivation):
1072         (JSC::CodeBlock::nameForRegister):
1073         * bytecode/CodeBlock.h:
1074         (JSC::unmodifiedArgumentsRegister):
1075         (JSC::CodeBlock::isKnownNotImmediate):
1076         (JSC::CodeBlock::setThisRegister):
1077         (JSC::CodeBlock::thisRegister):
1078         (JSC::CodeBlock::setArgumentsRegister):
1079         (JSC::CodeBlock::argumentsRegister):
1080         (JSC::CodeBlock::uncheckedArgumentsRegister):
1081         (JSC::CodeBlock::setActivationRegister):
1082         (JSC::CodeBlock::activationRegister):
1083         (JSC::CodeBlock::uncheckedActivationRegister):
1084         (JSC::CodeBlock::usesArguments):
1085         (JSC::CodeBlock::isCaptured):
1086         * bytecode/Instruction.h:
1087         * bytecode/LazyOperandValueProfile.h:
1088         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
1089         (JSC::LazyOperandValueProfileKey::operator!):
1090         (JSC::LazyOperandValueProfileKey::hash):
1091         (JSC::LazyOperandValueProfileKey::operand):
1092         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
1093         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
1094         * bytecode/MethodOfGettingAValueProfile.cpp:
1095         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
1096         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
1097         * bytecode/Operands.h:
1098         (JSC::localToOperand):
1099         (JSC::operandIsLocal):
1100         (JSC::operandToLocal):
1101         (JSC::operandIsArgument):
1102         (JSC::operandToArgument):
1103         (JSC::argumentToOperand):
1104         (JSC::Operands::operand):
1105         (JSC::Operands::hasOperand):
1106         (JSC::Operands::setOperand):
1107         (JSC::Operands::operandForIndex):
1108         (JSC::Operands::setOperandFirstTime):
1109         * bytecode/UnlinkedCodeBlock.cpp:
1110         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1111         * bytecode/UnlinkedCodeBlock.h:
1112         (JSC::UnlinkedCodeBlock::setThisRegister):
1113         (JSC::UnlinkedCodeBlock::setActivationRegister):
1114         (JSC::UnlinkedCodeBlock::setArgumentsRegister):
1115         (JSC::UnlinkedCodeBlock::usesArguments):
1116         (JSC::UnlinkedCodeBlock::argumentsRegister):
1117         (JSC::UnlinkedCodeBlock::usesGlobalObject):
1118         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister):
1119         (JSC::UnlinkedCodeBlock::globalObjectRegister):
1120         (JSC::UnlinkedCodeBlock::thisRegister):
1121         (JSC::UnlinkedCodeBlock::activationRegister):
1122         * bytecode/ValueRecovery.h:
1123         (JSC::ValueRecovery::displacedInJSStack):
1124         (JSC::ValueRecovery::virtualRegister):
1125         (JSC::ValueRecovery::dumpInContext):
1126         * bytecode/VirtualRegister.h:
1127         (WTF::printInternal):
1128         * bytecompiler/BytecodeGenerator.cpp:
1129         (JSC::BytecodeGenerator::generate):
1130         (JSC::BytecodeGenerator::addVar):
1131         (JSC::BytecodeGenerator::BytecodeGenerator):
1132         (JSC::BytecodeGenerator::createLazyRegisterIfNecessary):
1133         (JSC::BytecodeGenerator::newRegister):
1134         (JSC::BytecodeGenerator::emitLoadGlobalObject):
1135         (JSC::BytecodeGenerator::emitGetArgumentsLength):
1136         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1137         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1138         (JSC::BytecodeGenerator::emitReturn):
1139         * bytecompiler/BytecodeGenerator.h:
1140         (JSC::BytecodeGenerator::registerFor):
1141         * bytecompiler/RegisterID.h:
1142         (JSC::RegisterID::RegisterID):
1143         (JSC::RegisterID::setIndex):
1144         (JSC::RegisterID::index):
1145         * debugger/DebuggerCallFrame.cpp:
1146         (JSC::DebuggerCallFrame::thisObject):
1147         * dfg/DFGAbstractHeap.h:
1148         (JSC::DFG::AbstractHeap::Payload::Payload):
1149         * dfg/DFGAbstractInterpreterInlines.h:
1150         (JSC::DFG::::executeEffects):
1151         (JSC::DFG::::clobberCapturedVars):
1152         * dfg/DFGArgumentPosition.h:
1153         (JSC::DFG::ArgumentPosition::dump):
1154         * dfg/DFGArgumentsSimplificationPhase.cpp:
1155         (JSC::DFG::ArgumentsSimplificationPhase::run):
1156         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
1157         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
1158         * dfg/DFGByteCodeParser.cpp:
1159         (JSC::DFG::ByteCodeParser::newVariableAccessData):
1160         (JSC::DFG::ByteCodeParser::getDirect):
1161         (JSC::DFG::ByteCodeParser::get):
1162         (JSC::DFG::ByteCodeParser::setDirect):
1163         (JSC::DFG::ByteCodeParser::set):
1164         (JSC::DFG::ByteCodeParser::getLocal):
1165         (JSC::DFG::ByteCodeParser::setLocal):
1166         (JSC::DFG::ByteCodeParser::getArgument):
1167         (JSC::DFG::ByteCodeParser::setArgument):
1168         (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
1169         (JSC::DFG::ByteCodeParser::findArgumentPosition):
1170         (JSC::DFG::ByteCodeParser::flush):
1171         (JSC::DFG::ByteCodeParser::flushDirect):
1172         (JSC::DFG::ByteCodeParser::getToInt32):
1173         (JSC::DFG::ByteCodeParser::getThis):
1174         (JSC::DFG::ByteCodeParser::addCall):
1175         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
1176         (JSC::DFG::ByteCodeParser::handleCall):
1177         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
1178         (JSC::DFG::ByteCodeParser::emitArgumentPhantoms):
1179         (JSC::DFG::ByteCodeParser::handleInlining):
1180         (JSC::DFG::ByteCodeParser::handleMinMax):
1181         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1182         (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
1183         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1184         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1185         (JSC::DFG::ByteCodeParser::handleGetById):
1186         (JSC::DFG::ByteCodeParser::parseBlock):
1187         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1188         (JSC::DFG::ByteCodeParser::parse):
1189         * dfg/DFGCFGSimplificationPhase.cpp:
1190         * dfg/DFGCPSRethreadingPhase.cpp:
1191         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
1192         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
1193         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
1194         * dfg/DFGCapabilities.cpp:
1195         (JSC::DFG::capabilityLevel):
1196         * dfg/DFGConstantFoldingPhase.cpp:
1197         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
1198         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1199         (JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
1200         * dfg/DFGGraph.cpp:
1201         (JSC::DFG::Graph::dump):
1202         * dfg/DFGGraph.h:
1203         (JSC::DFG::Graph::argumentsRegisterFor):
1204         (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
1205         (JSC::DFG::Graph::uncheckedActivationRegisterFor):
1206         (JSC::DFG::Graph::valueProfileFor):
1207         * dfg/DFGJITCode.cpp:
1208         (JSC::DFG::JITCode::reconstruct):
1209         * dfg/DFGNode.h:
1210         (JSC::DFG::Node::Node):
1211         (JSC::DFG::Node::convertToGetLocalUnlinked):
1212         (JSC::DFG::Node::hasVirtualRegister):
1213         (JSC::DFG::Node::virtualRegister):
1214         (JSC::DFG::Node::setVirtualRegister):
1215         * dfg/DFGOSREntry.cpp:
1216         (JSC::DFG::prepareOSREntry):
1217         * dfg/DFGOSREntrypointCreationPhase.cpp:
1218         (JSC::DFG::OSREntrypointCreationPhase::run):
1219         * dfg/DFGOSRExit.h:
1220         * dfg/DFGOSRExitCompiler32_64.cpp:
1221         (JSC::DFG::OSRExitCompiler::compileExit):
1222         * dfg/DFGOSRExitCompiler64.cpp:
1223         (JSC::DFG::OSRExitCompiler::compileExit):
1224         * dfg/DFGRegisterBank.h:
1225         (JSC::DFG::RegisterBank::tryAllocate):
1226         (JSC::DFG::RegisterBank::allocateSpecific):
1227         (JSC::DFG::RegisterBank::retain):
1228         (JSC::DFG::RegisterBank::isInUse):
1229         (JSC::DFG::RegisterBank::dump):
1230         (JSC::DFG::RegisterBank::releaseAtIndex):
1231         (JSC::DFG::RegisterBank::allocateInternal):
1232         (JSC::DFG::RegisterBank::MapEntry::MapEntry):
1233         * dfg/DFGScoreBoard.h:
1234         (JSC::DFG::ScoreBoard::allocate):
1235         (JSC::DFG::ScoreBoard::use):
1236         * dfg/DFGSpeculativeJIT.cpp:
1237         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1238         (JSC::DFG::SpeculativeJIT::checkConsistency):
1239         (JSC::DFG::SpeculativeJIT::compileMovHint):
1240         (JSC::DFG::SpeculativeJIT::compileInlineStart):
1241         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1242         * dfg/DFGSpeculativeJIT.h:
1243         (JSC::DFG::SpeculativeJIT::allocate):
1244         (JSC::DFG::SpeculativeJIT::fprAllocate):
1245         (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):
1246         (JSC::DFG::SpeculativeJIT::flushRegisters):
1247         (JSC::DFG::SpeculativeJIT::isFlushed):
1248         (JSC::DFG::SpeculativeJIT::argumentSlot):
1249         (JSC::DFG::SpeculativeJIT::argumentTagSlot):
1250         (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
1251         (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
1252         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
1253         (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
1254         (JSC::DFG::SpeculativeJIT::recordSetLocal):
1255         (JSC::DFG::SpeculativeJIT::generationInfoFromVirtualRegister):
1256         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1257         * dfg/DFGSpeculativeJIT64.cpp:
1258         (JSC::DFG::SpeculativeJIT::compile):
1259         * dfg/DFGValidate.cpp:
1260         (JSC::DFG::Validate::validate):
1261         (JSC::DFG::Validate::validateCPS):
1262         (JSC::DFG::Validate::checkOperand):
1263         (JSC::DFG::Validate::reportValidationContext):
1264         * dfg/DFGValueRecoveryOverride.h:
1265         (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
1266         * dfg/DFGVariableAccessData.h:
1267         (JSC::DFG::VariableAccessData::operand):
1268         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
1269         (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
1270         (JSC::DFG::VariableAccessData::flushFormat):
1271         * dfg/DFGVariableEvent.h:
1272         (JSC::DFG::VariableEvent::spill):
1273         (JSC::DFG::VariableEvent::setLocal):
1274         * dfg/DFGVariableEventStream.cpp:
1275         (JSC::DFG::VariableEventStream::reconstruct):
1276         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1277         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1278         * ftl/FTLExitArgumentForOperand.h:
1279         (JSC::FTL::ExitArgumentForOperand::ExitArgumentForOperand):
1280         (JSC::FTL::ExitArgumentForOperand::operand):
1281         * ftl/FTLLink.cpp:
1282         (JSC::FTL::link):
1283         * ftl/FTLLowerDFGToLLVM.cpp:
1284         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
1285         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
1286         (JSC::FTL::LowerDFGToLLVM::compileExtractOSREntryLocal):
1287         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1288         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
1289         (JSC::FTL::LowerDFGToLLVM::observeMovHint):
1290         (JSC::FTL::LowerDFGToLLVM::addressFor):
1291         (JSC::FTL::LowerDFGToLLVM::payloadFor):
1292         (JSC::FTL::LowerDFGToLLVM::tagFor):
1293         * ftl/FTLOSREntry.cpp:
1294         (JSC::FTL::prepareOSREntry):
1295         * ftl/FTLOSRExit.cpp:
1296         (JSC::FTL::OSRExit::convertToForward):
1297         * ftl/FTLOSRExit.h:
1298         * ftl/FTLOSRExitCompiler.cpp:
1299         (JSC::FTL::compileStub):
1300         * interpreter/CallFrame.h:
1301         * interpreter/Interpreter.cpp:
1302         (JSC::Interpreter::dumpRegisters):
1303         (JSC::unwindCallFrame):
1304         (JSC::Interpreter::unwind):
1305         * jit/AssemblyHelpers.h:
1306         (JSC::AssemblyHelpers::addressFor):
1307         (JSC::AssemblyHelpers::tagFor):
1308         (JSC::AssemblyHelpers::payloadFor):
1309         (JSC::AssemblyHelpers::argumentsRegisterFor):
1310         * jit/JIT.h:
1311         * jit/JITCall.cpp:
1312         (JSC::JIT::compileLoadVarargs):
1313         * jit/JITInlines.h:
1314         (JSC::JIT::emitGetVirtualRegister):
1315         * jit/JITOpcodes.cpp:
1316         (JSC::JIT::emit_op_tear_off_arguments):
1317         (JSC::JIT::emit_op_get_pnames):
1318         (JSC::JIT::emit_op_enter):
1319         (JSC::JIT::emit_op_create_arguments):
1320         (JSC::JIT::emitSlow_op_get_argument_by_val):
1321         * jit/JITOpcodes32_64.cpp:
1322         (JSC::JIT::emit_op_enter):
1323         * jit/JITStubs.cpp:
1324         (JSC::DEFINE_STUB_FUNCTION):
1325         * llint/LLIntSlowPaths.cpp:
1326         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1327         * profiler/ProfilerBytecodeSequence.cpp:
1328         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1329         * runtime/CommonSlowPaths.cpp:
1330         (JSC::SLOW_PATH_DECL):
1331         * runtime/JSActivation.cpp:
1332         (JSC::JSActivation::argumentsGetter):
1333
1334 2013-09-26  Oliver Hunt  <oliver@apple.com>
1335
1336         Attempt to fix MSVC build
1337
1338         * parser/Parser.cpp:
1339         (JSC::::createBindingPattern):
1340         (JSC::::parseDeconstructionPattern):
1341         * parser/Parser.h:
1342
1343 2013-09-26  Julien Brianceau  <jbriance@cisco.com>
1344
1345         [sh4] JSValue* exception is unused since r70703 in JITStackFrame.
1346         https://bugs.webkit.org/show_bug.cgi?id=121962
1347
1348         This is a cosmetic change, but it could avoid people reading sh4 part to
1349         waste time to understand why there is a JSValue* here.
1350
1351         Reviewed by Darin Adler.
1352
1353         * jit/JITStubs.h:
1354
1355 2013-09-26  Anders Carlsson  <andersca@apple.com>
1356
1357         WeakGCMap should not inherit from HashMap
1358         https://bugs.webkit.org/show_bug.cgi?id=121964
1359
1360         Reviewed by Geoffrey Garen.
1361
1362         Add the HashMap as a member variable instead and implement the missing member functions.
1363
1364         * runtime/WeakGCMap.h:
1365
1366 2013-09-25  Michael Saboff  <msaboff@apple.com>
1367
1368         VirtualRegister should be a class
1369         https://bugs.webkit.org/show_bug.cgi?id=121732
1370
1371         Reviewed by Geoffrey Garen.
1372
1373         This is a refactoring change.  Changed VirtualRegister from an enum to a class.
1374         Moved Operands::operandIsArgument(), operandToArgument(), argumentToOperand()
1375         and the similar functions for locals to VirtualRegister class.
1376
1377         This is in preparation for changing the offset for the first local register from
1378         0 to -1.  This is needed since most native calling conventions have the architected
1379         frame pointer (e.g. %rbp for X86) point at the slot that stores the previous frame
1380         pointer.  Local values start below that address.
1381
1382         * bytecode/CodeBlock.cpp:
1383         * bytecode/CodeBlock.h:
1384         * bytecode/Instruction.h:
1385         * bytecode/LazyOperandValueProfile.h:
1386         * bytecode/MethodOfGettingAValueProfile.cpp:
1387         * bytecode/Operands.h:
1388         * bytecode/UnlinkedCodeBlock.cpp:
1389         * bytecode/UnlinkedCodeBlock.h:
1390         * bytecode/ValueRecovery.h:
1391         * bytecode/VirtualRegister.h:
1392         * bytecompiler/BytecodeGenerator.cpp:
1393         * bytecompiler/BytecodeGenerator.h:
1394         * bytecompiler/RegisterID.h:
1395         * debugger/DebuggerCallFrame.cpp:
1396         * dfg/DFGAbstractHeap.h:
1397         * dfg/DFGAbstractInterpreterInlines.h:
1398         * dfg/DFGArgumentPosition.h:
1399         * dfg/DFGArgumentsSimplificationPhase.cpp:
1400         * dfg/DFGByteCodeParser.cpp:
1401         * dfg/DFGCFGSimplificationPhase.cpp:
1402         * dfg/DFGCPSRethreadingPhase.cpp:
1403         * dfg/DFGCapabilities.cpp:
1404         * dfg/DFGConstantFoldingPhase.cpp:
1405         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1406         * dfg/DFGGraph.cpp:
1407         * dfg/DFGGraph.h:
1408         * dfg/DFGJITCode.cpp:
1409         * dfg/DFGNode.h:
1410         * dfg/DFGOSREntry.cpp:
1411         * dfg/DFGOSREntrypointCreationPhase.cpp:
1412         * dfg/DFGOSRExit.h:
1413         * dfg/DFGOSRExitCompiler32_64.cpp:
1414         * dfg/DFGOSRExitCompiler64.cpp:
1415         * dfg/DFGRegisterBank.h:
1416         * dfg/DFGScoreBoard.h:
1417         * dfg/DFGSpeculativeJIT.cpp:
1418         * dfg/DFGSpeculativeJIT.h:
1419         * dfg/DFGSpeculativeJIT64.cpp:
1420         * dfg/DFGValidate.cpp:
1421         * dfg/DFGValueRecoveryOverride.h:
1422         * dfg/DFGVariableAccessData.h:
1423         * dfg/DFGVariableEvent.h:
1424         * dfg/DFGVariableEventStream.cpp:
1425         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1426         * ftl/FTLExitArgumentForOperand.h:
1427         * ftl/FTLLink.cpp:
1428         * ftl/FTLLowerDFGToLLVM.cpp:
1429         * ftl/FTLOSREntry.cpp:
1430         * ftl/FTLOSRExit.cpp:
1431         * ftl/FTLOSRExit.h:
1432         * ftl/FTLOSRExitCompiler.cpp:
1433         * interpreter/CallFrame.h:
1434         * interpreter/Interpreter.cpp:
1435         * jit/AssemblyHelpers.h:
1436         * jit/JIT.h:
1437         * jit/JITCall.cpp:
1438         * jit/JITInlines.h:
1439         * jit/JITOpcodes.cpp:
1440         * jit/JITOpcodes32_64.cpp:
1441         * jit/JITStubs.cpp:
1442         * llint/LLIntSlowPaths.cpp:
1443         * profiler/ProfilerBytecodeSequence.cpp:
1444         * runtime/CommonSlowPaths.cpp:
1445         * runtime/JSActivation.cpp:
1446
1447 2013-09-26  Anders Carlsson  <andersca@apple.com>
1448
1449         Weak should have a move constructor and move assignment operator
1450         https://bugs.webkit.org/show_bug.cgi?id=121963
1451
1452         Reviewed by Oliver Hunt.
1453
1454         This is the first step towards getting rid of PassWeak.
1455
1456         * API/JSClassRef.cpp:
1457         (OpaqueJSClass::prototype):
1458         * heap/Weak.h:
1459         * heap/WeakInlines.h:
1460         (JSC::::Weak):
1461         (JSC::::leakImpl):
1462         * runtime/SimpleTypedArrayController.cpp:
1463         (JSC::SimpleTypedArrayController::toJS):
1464
1465 2013-09-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1466
1467         op_to_this shouldn't use value profiling
1468         https://bugs.webkit.org/show_bug.cgi?id=121920
1469
1470         Reviewed by Geoffrey Garen.
1471
1472         Currently it's the only opcode that uses m_singletonValue, which is unnecessary. Our current plan is 
1473         to remove m_singletonValue so that GenGC can have a simpler story for handling CodeBlocks/FunctionExecutables 
1474         during nursery collections.
1475
1476         This patch adds an inline cache for the Structure of to_this so it no longer depends on the ValueProfile's
1477         m_singletonValue. Since nobody uses m_singletonValue now, this patch also removes m_singletonValue from
1478         ValueProfile.
1479
1480         * bytecode/CodeBlock.cpp:
1481         (JSC::CodeBlock::CodeBlock):
1482         (JSC::CodeBlock::finalizeUnconditionally):
1483         (JSC::CodeBlock::stronglyVisitStrongReferences):
1484         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
1485         (JSC::CodeBlock::updateAllValueProfilePredictions):
1486         (JSC::CodeBlock::updateAllPredictions):
1487         (JSC::CodeBlock::shouldOptimizeNow):
1488         * bytecode/CodeBlock.h:
1489         (JSC::CodeBlock::updateAllValueProfilePredictions):
1490         (JSC::CodeBlock::updateAllPredictions):
1491         * bytecode/LazyOperandValueProfile.cpp:
1492         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
1493         * bytecode/LazyOperandValueProfile.h:
1494         * bytecode/ValueProfile.h:
1495         (JSC::ValueProfileBase::ValueProfileBase):
1496         (JSC::ValueProfileBase::briefDescription):
1497         (JSC::ValueProfileBase::dump):
1498         (JSC::ValueProfileBase::computeUpdatedPrediction):
1499         * bytecompiler/BytecodeGenerator.cpp:
1500         (JSC::BytecodeGenerator::BytecodeGenerator):
1501         * dfg/DFGByteCodeParser.cpp:
1502         (JSC::DFG::ByteCodeParser::parseBlock):
1503         * jit/JITOpcodes.cpp:
1504         (JSC::JIT::emit_op_to_this):
1505         (JSC::JIT::emitSlow_op_to_this):
1506         * jit/JITOpcodes32_64.cpp:
1507         (JSC::JIT::emit_op_to_this):
1508         (JSC::JIT::emitSlow_op_to_this):
1509         * llint/LowLevelInterpreter32_64.asm:
1510         * llint/LowLevelInterpreter64.asm:
1511         * runtime/CommonSlowPaths.cpp:
1512         (JSC::SLOW_PATH_DECL):
1513
1514 2013-09-25  Oliver Hunt  <oliver@apple.com>
1515
1516         Implement prefixed-destructuring assignment
1517         https://bugs.webkit.org/show_bug.cgi?id=121930
1518
1519         Reviewed by Mark Hahnenberg.
1520
1521         This is mostly simple - the semantics of deconstruction are already
1522         present in the language, so most of the complexity (if you call it
1523         that) is addition of new AST nodes, and parsing the syntax.
1524
1525         In order to get correct semantics for the parameter lists, FunctionParameters
1526         now needs to store refcounted references to the parameter patterns.
1527         There's also a little work to ensure that variable creation and assignment
1528         occurs in the correct order while the BytecodeGenerator is being constructed. 
1529
1530         * bytecode/UnlinkedCodeBlock.cpp:
1531         (JSC::UnlinkedFunctionExecutable::paramString):
1532         * bytecompiler/BytecodeGenerator.cpp:
1533         (JSC::BytecodeGenerator::BytecodeGenerator):
1534         * bytecompiler/BytecodeGenerator.h:
1535         (JSC::BytecodeGenerator::emitExpressionInfo):
1536         * bytecompiler/NodesCodegen.cpp:
1537         (JSC::ForInNode::emitBytecode):
1538         (JSC::DeconstructingAssignmentNode::emitBytecode):
1539         (JSC::DeconstructionPatternNode::~DeconstructionPatternNode):
1540         (JSC::ArrayPatternNode::emitBytecode):
1541         (JSC::ArrayPatternNode::emitDirectBinding):
1542         (JSC::ArrayPatternNode::toString):
1543         (JSC::ArrayPatternNode::collectBoundIdentifiers):
1544         (JSC::ObjectPatternNode::toString):
1545         (JSC::ObjectPatternNode::emitBytecode):
1546         (JSC::ObjectPatternNode::collectBoundIdentifiers):
1547         (JSC::BindingNode::emitBytecode):
1548         (JSC::BindingNode::toString):
1549         (JSC::BindingNode::collectBoundIdentifiers):
1550         * parser/ASTBuilder.h:
1551         (JSC::ASTBuilder::createFormalParameterList):
1552         (JSC::ASTBuilder::createForInLoop):
1553         (JSC::ASTBuilder::addVar):
1554         (JSC::ASTBuilder::createDeconstructingAssignment):
1555         (JSC::ASTBuilder::createArrayPattern):
1556         (JSC::ASTBuilder::appendArrayPatternSkipEntry):
1557         (JSC::ASTBuilder::appendArrayPatternEntry):
1558         (JSC::ASTBuilder::createObjectPattern):
1559         (JSC::ASTBuilder::appendObjectPatternEntry):
1560         (JSC::ASTBuilder::createBindingLocation):
1561         * parser/NodeConstructors.h:
1562         (JSC::CommaNode::CommaNode):
1563         (JSC::ParameterNode::ParameterNode):
1564         (JSC::ForInNode::ForInNode):
1565         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
1566         (JSC::ArrayPatternNode::ArrayPatternNode):
1567         (JSC::ArrayPatternNode::create):
1568         (JSC::ObjectPatternNode::ObjectPatternNode):
1569         (JSC::ObjectPatternNode::create):
1570         (JSC::BindingNode::create):
1571         (JSC::BindingNode::BindingNode):
1572         (JSC::DeconstructingAssignmentNode::DeconstructingAssignmentNode):
1573         * parser/Nodes.cpp:
1574         (JSC::FunctionParameters::create):
1575         (JSC::FunctionParameters::FunctionParameters):
1576         (JSC::FunctionParameters::~FunctionParameters):
1577         * parser/Nodes.h:
1578         (JSC::ExpressionNode::isDeconstructionNode):
1579         (JSC::ArrayNode::elements):
1580         (JSC::CommaNode::append):
1581         (JSC::ParameterNode::pattern):
1582         (JSC::FunctionParameters::at):
1583         (JSC::FunctionParameters::patterns):
1584         (JSC::DeconstructionPatternNode::isBindingNode):
1585         (JSC::DeconstructionPatternNode::emitDirectBinding):
1586         (JSC::ArrayPatternNode::appendIndex):
1587         (JSC::ObjectPatternNode::appendEntry):
1588         (JSC::ObjectPatternNode::Entry::Entry):
1589         (JSC::BindingNode::boundProperty):
1590         (JSC::BindingNode::isBindingNode):
1591         (JSC::DeconstructingAssignmentNode::bindings):
1592         (JSC::DeconstructingAssignmentNode::isLocation):
1593         (JSC::DeconstructingAssignmentNode::isDeconstructionNode):
1594         * parser/Parser.cpp:
1595         (JSC::::Parser):
1596         (JSC::::parseVarDeclaration):
1597         (JSC::::parseVarDeclarationList):
1598         (JSC::::createBindingPattern):
1599         (JSC::::parseDeconstructionPattern):
1600         (JSC::::parseForStatement):
1601         (JSC::::parseFormalParameters):
1602         (JSC::::parseAssignmentExpression):
1603         * parser/Parser.h:
1604         (JSC::Scope::declareBoundParameter):
1605         (JSC::Parser::declareBoundParameter):
1606         * parser/SyntaxChecker.h:
1607         (JSC::SyntaxChecker::createFormalParameterList):
1608         (JSC::SyntaxChecker::addVar):
1609         (JSC::SyntaxChecker::operatorStackPop):
1610         * runtime/JSONObject.cpp:
1611         (JSC::escapeStringToBuilder):
1612         * runtime/JSONObject.h:
1613
1614 2013-09-25  Brady Eidson  <beidson@apple.com>
1615
1616         Enable the IndexedDB build on Mac, but leave the feature non-functional
1617         https://bugs.webkit.org/show_bug.cgi?id=121918
1618
1619         Reviewed by Alexey Proskuryakov.
1620
1621         * Configurations/FeatureDefines.xcconfig:
1622
1623 2013-09-25  Commit Queue  <commit-queue@webkit.org>
1624
1625         Unreviewed, rolling out r156432.
1626         http://trac.webkit.org/changeset/156432
1627         https://bugs.webkit.org/show_bug.cgi?id=121932
1628
1629         some integer conversion things that need brady to fix
1630         (Requested by thorton on #webkit).
1631
1632         * Configurations/FeatureDefines.xcconfig:
1633
1634 2013-09-25  Anders Carlsson  <andersca@apple.com>
1635
1636         Move KeyValuePairTraits inside HashMap
1637         https://bugs.webkit.org/show_bug.cgi?id=121931
1638
1639         Reviewed by Sam Weinig.
1640
1641         * tools/ProfileTreeNode.h:
1642
1643 2013-09-25  Brady Eidson  <beidson@apple.com>
1644
1645         Enable the IndexedDB build on Mac, but leave the feature non-functional
1646         https://bugs.webkit.org/show_bug.cgi?id=121918
1647
1648         Reviewed by Alexey Proskuryakov.
1649
1650         * Configurations/FeatureDefines.xcconfig:
1651
1652 2013-09-25  Brady Eidson  <beidson@apple.com>
1653
1654         FeatureDefine.xcconfig cleanup (They should all be identical).
1655         https://bugs.webkit.org/show_bug.cgi?id=121921
1656
1657         Reviewed by Mark Rowe.
1658
1659         * Configurations/FeatureDefines.xcconfig:
1660
1661 2013-09-25  Patrick Gansterer  <paroga@webkit.org>
1662
1663         Build fix for WinCE after r155098.
1664
1665         Windows CE does not support getenv().
1666
1667         * jsc.cpp:
1668         (main):
1669
1670 2013-09-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1671
1672         op_get_callee shouldn't use value profiling
1673         https://bugs.webkit.org/show_bug.cgi?id=121821
1674
1675         Reviewed by Filip Pizlo.
1676
1677         Currently it's one of the two opcodes that uses m_singletonValue, which is unnecessary. 
1678         Our current plan is to remove m_singletonValue so that GenGC can have a simpler story 
1679         for handling CodeBlocks/FunctionExecutables during nursery collections.
1680
1681         Instead of using a ValueProfile op_get_callee now has a simple inline cache of the most 
1682         recent JSFunction that we saw.
1683
1684         * bytecode/CodeBlock.cpp:
1685         (JSC::CodeBlock::CodeBlock):
1686         (JSC::CodeBlock::finalizeUnconditionally):
1687         * bytecompiler/BytecodeGenerator.cpp:
1688         (JSC::BytecodeGenerator::emitCreateThis):
1689         * dfg/DFGByteCodeParser.cpp:
1690         (JSC::DFG::ByteCodeParser::parseBlock):
1691         * jit/JIT.cpp:
1692         (JSC::JIT::privateCompileSlowCases):
1693         * jit/JIT.h:
1694         * jit/JITOpcodes.cpp:
1695         (JSC::JIT::emit_op_get_callee):
1696         (JSC::JIT::emitSlow_op_get_callee):
1697         * jit/JITOpcodes32_64.cpp:
1698         (JSC::JIT::emit_op_get_callee):
1699         (JSC::JIT::emitSlow_op_get_callee):
1700         * llint/LowLevelInterpreter32_64.asm:
1701         * llint/LowLevelInterpreter64.asm:
1702         * runtime/CommonSlowPaths.cpp:
1703         (JSC::SLOW_PATH_DECL):
1704         * runtime/CommonSlowPaths.h:
1705
1706 2013-09-24  Mark Lam  <mark.lam@apple.com>
1707
1708         Change JSC debug hooks to pass a CallFrame* instead of a DebuggerCallFrame.
1709         https://bugs.webkit.org/show_bug.cgi?id=121867.
1710
1711         Reviewed by Geoffrey Garen.
1712
1713         1. Removed the need for passing the line and column info to the debug hook
1714            callbacks. We now get the line and column info from the CallFrame.
1715
1716         2. Simplify BytecodeGenerator::emitDebugHook() to only take 1 line number
1717            argument. The caller can determine whether to pass in the first or last
1718            line number of the block of source code as appropriate.
1719            Note: we still need to pass in the line and column info to emitDebugHook()
1720            because it uses this info to emit expression info which is later used by
1721            the StackVisitor to determine the line and column info for its "pc".
1722
1723         3. Pass the exceptionValue explicitly to the exception() debug hook
1724            callback. It should not be embedded in the CallFrame / DebuggerCallFrame.
1725
1726         4. Change the op_debug opcode size to 2 (from 5) since we've removing 3 arg
1727            values. Update the LLINT and JIT code to handle this.
1728
1729         * bytecode/CodeBlock.cpp:
1730         (JSC::CodeBlock::dumpBytecode):
1731         (JSC::CodeBlock::CodeBlock):
1732         * bytecode/Opcode.h:
1733         (JSC::padOpcodeName):
1734         * bytecompiler/BytecodeGenerator.cpp:
1735         (JSC::BytecodeGenerator::emitDebugHook):
1736         * bytecompiler/BytecodeGenerator.h:
1737         * bytecompiler/NodesCodegen.cpp:
1738         (JSC::ConstStatementNode::emitBytecode):
1739         (JSC::EmptyStatementNode::emitBytecode):
1740         (JSC::DebuggerStatementNode::emitBytecode):
1741         (JSC::ExprStatementNode::emitBytecode):
1742         (JSC::VarStatementNode::emitBytecode):
1743         (JSC::IfElseNode::emitBytecode):
1744         (JSC::DoWhileNode::emitBytecode):
1745         (JSC::WhileNode::emitBytecode):
1746         (JSC::ForNode::emitBytecode):
1747         (JSC::ForInNode::emitBytecode):
1748         (JSC::ContinueNode::emitBytecode):
1749         (JSC::BreakNode::emitBytecode):
1750         (JSC::ReturnNode::emitBytecode):
1751         (JSC::WithNode::emitBytecode):
1752         (JSC::SwitchNode::emitBytecode):
1753         (JSC::LabelNode::emitBytecode):
1754         (JSC::ThrowNode::emitBytecode):
1755         (JSC::TryNode::emitBytecode):
1756         (JSC::ProgramNode::emitBytecode):
1757         (JSC::EvalNode::emitBytecode):
1758         (JSC::FunctionBodyNode::emitBytecode):
1759         * debugger/Debugger.h:
1760         * debugger/DebuggerCallFrame.cpp:
1761         (JSC::LineAndColumnFunctor::operator()):
1762         (JSC::LineAndColumnFunctor::line):
1763         (JSC::LineAndColumnFunctor::column):
1764         (JSC::DebuggerCallFrame::DebuggerCallFrame):
1765         (JSC::DebuggerCallFrame::clear):
1766         * debugger/DebuggerCallFrame.h:
1767         (JSC::DebuggerCallFrame::line):
1768         (JSC::DebuggerCallFrame::column):
1769         * interpreter/Interpreter.cpp:
1770         (JSC::unwindCallFrame):
1771         (JSC::UnwindFunctor::UnwindFunctor):
1772         (JSC::UnwindFunctor::operator()):
1773         (JSC::Interpreter::unwind):
1774         (JSC::Interpreter::debug):
1775         * interpreter/Interpreter.h:
1776         * jit/JITOpcodes.cpp:
1777         (JSC::JIT::emit_op_debug):
1778         * jit/JITOpcodes32_64.cpp:
1779         (JSC::JIT::emit_op_debug):
1780         * jit/JITStubs.cpp:
1781         (JSC::DEFINE_STUB_FUNCTION):
1782         * llint/LLIntSlowPaths.cpp:
1783         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1784         * llint/LowLevelInterpreter.asm:
1785
1786 2013-09-24  Filip Pizlo  <fpizlo@apple.com>
1787
1788         Crashing under JSC::DFG::SpeculativeJIT::spill visiting citicards.com
1789         https://bugs.webkit.org/show_bug.cgi?id=121844
1790
1791         Reviewed by Mark Hahnenberg.
1792         
1793         Fix some int52 bugs that caused this.
1794
1795         * bytecode/ValueRecovery.h:
1796         (JSC::ValueRecovery::dumpInContext): There's no such thing as int53.
1797         * dfg/DFGSpeculativeJIT.h:
1798         (JSC::DFG::SpeculativeJIT::spill): Actually spill int52's, instead of hitting an assert and crashing.
1799         * dfg/DFGSpeculativeJIT64.cpp:
1800         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): Use the right format (from before when we clobber it).
1801
1802 2013-09-24  Mark Rowe  <mrowe@apple.com>
1803
1804         <rdar://problem/14971518> WebKit should build against the Xcode default toolchain when targeting OS X 10.8
1805
1806         Reviewed by Dan Bernstein.
1807
1808         * Configurations/Base.xcconfig:
1809
1810 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1811
1812         use NOMINMAX instead of #define min min
1813         https://bugs.webkit.org/show_bug.cgi?id=73563
1814
1815         Reviewed by Brent Fulgham.
1816
1817         Use NOMINMAX instead of #define min/max as a cleaner
1818         way of ensuring that Windows system header files don't
1819         define min/max as macro in the first place.
1820
1821         * config.h:
1822
1823 2013-09-23  Filip Pizlo  <fpizlo@apple.com>
1824
1825         Never use ReturnPC for exception handling and quit using exception check indices as a lame replica of the CodeOrigin index
1826         https://bugs.webkit.org/show_bug.cgi?id=121734
1827
1828         Reviewed by Mark Hahnenberg.
1829         
1830         Exception handling can deduce where the exception was thrown from by looking at the
1831         code origin that was stored into the call frame header. There is no need to pass any
1832         additional meta-data into the exception throwing logic. But the DFG was still doing it
1833         anyway.
1834         
1835         This removes all of the logic to pass extra meta-data into lookupExceptionHandler()
1836         and friends. It simplifies a lot of code.
1837
1838         * CMakeLists.txt:
1839         * GNUmakefile.list.am:
1840         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1841         * JavaScriptCore.xcodeproj/project.pbxproj:
1842         * Target.pri:
1843         * bytecode/CodeBlock.cpp:
1844         (JSC::CodeBlock::shrinkToFit):
1845         * bytecode/CodeBlock.h:
1846         (JSC::CodeBlock::codeOrigins):
1847         (JSC::CodeBlock::hasCodeOrigins):
1848         (JSC::CodeBlock::canGetCodeOrigin):
1849         (JSC::CodeBlock::codeOrigin):
1850         * bytecode/CodeOrigin.h:
1851         (JSC::InlineCallFrame::InlineCallFrame):
1852         * bytecode/InlineCallFrameSet.cpp: Added.
1853         (JSC::InlineCallFrameSet::InlineCallFrameSet):
1854         (JSC::InlineCallFrameSet::~InlineCallFrameSet):
1855         (JSC::InlineCallFrameSet::add):
1856         (JSC::InlineCallFrameSet::shrinkToFit):
1857         * bytecode/InlineCallFrameSet.h: Added.
1858         (JSC::InlineCallFrameSet::isEmpty):
1859         (JSC::InlineCallFrameSet::size):
1860         (JSC::InlineCallFrameSet::at):
1861         * dfg/DFGArgumentsSimplificationPhase.cpp:
1862         (JSC::DFG::ArgumentsSimplificationPhase::run):
1863         * dfg/DFGByteCodeParser.cpp:
1864         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1865         * dfg/DFGCommonData.cpp:
1866         (JSC::DFG::CommonData::addCodeOrigin):
1867         (JSC::DFG::CommonData::shrinkToFit):
1868         * dfg/DFGCommonData.h:
1869         * dfg/DFGDesiredWriteBarriers.cpp:
1870         (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
1871         (JSC::DFG::DesiredWriteBarrier::trigger):
1872         * dfg/DFGDesiredWriteBarriers.h:
1873         (JSC::DFG::DesiredWriteBarriers::add):
1874         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
1875         (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
1876         * dfg/DFGGraph.cpp:
1877         (JSC::DFG::Graph::Graph):
1878         * dfg/DFGGraph.h:
1879         * dfg/DFGJITCompiler.cpp:
1880         (JSC::DFG::JITCompiler::JITCompiler):
1881         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1882         (JSC::DFG::JITCompiler::link):
1883         (JSC::DFG::JITCompiler::compileFunction):
1884         * dfg/DFGJITCompiler.h:
1885         (JSC::DFG::JITCompiler::emitStoreCodeOrigin):
1886         (JSC::DFG::JITCompiler::exceptionCheck):
1887         (JSC::DFG::JITCompiler::fastExceptionCheck):
1888         * dfg/DFGOperations.cpp:
1889         * dfg/DFGOperations.h:
1890         * dfg/DFGRepatch.cpp:
1891         (JSC::DFG::tryBuildGetByIDList):
1892         * dfg/DFGSpeculativeJIT.h:
1893         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1894         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1895         (JSC::DFG::SpeculativeJIT::appendCall):
1896         * dfg/DFGSpeculativeJIT32_64.cpp:
1897         (JSC::DFG::SpeculativeJIT::emitCall):
1898         * dfg/DFGSpeculativeJIT64.cpp:
1899         (JSC::DFG::SpeculativeJIT::emitCall):
1900         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1901         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1902         * ftl/FTLLowerDFGToLLVM.cpp:
1903         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1904         * jit/AssemblyHelpers.h:
1905         (JSC::AssemblyHelpers::emitExceptionCheck):
1906
1907 2013-09-23  Oliver Hunt  <oliver@apple.com>
1908
1909         CodeLoad performance regression
1910
1911         Reviewed by Filip Pizlo.
1912
1913         Temporarily remove the ExpressionInfo compression until we can
1914         work out how to make it not clobber performance.
1915
1916         * bytecode/UnlinkedCodeBlock.cpp:
1917         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1918         (JSC::UnlinkedCodeBlock::addExpressionInfo):
1919         * bytecode/UnlinkedCodeBlock.h:
1920
1921 2013-09-23  Patrick Gansterer  <paroga@webkit.org>
1922
1923         Cleanup CMake files in JavaScriptCore
1924         https://bugs.webkit.org/show_bug.cgi?id=121762
1925
1926         Reviewed by Gyuyoung Kim.
1927
1928         Sort files and unify style.
1929
1930         * CMakeLists.txt:
1931         * shell/CMakeLists.txt:
1932         * shell/PlatformBlackBerry.cmake:
1933         * shell/PlatformEfl.cmake:
1934
1935 2013-09-22  Filip Pizlo  <fpizlo@apple.com>
1936
1937         Get rid of CodeBlock::RareData::callReturnIndexVector and most of the evil that it introduced
1938         https://bugs.webkit.org/show_bug.cgi?id=121766
1939
1940         Reviewed by Andreas Kling.
1941
1942         * bytecode/CodeBlock.cpp:
1943         (JSC::CodeBlock::shrinkToFit):
1944         * bytecode/CodeBlock.h:
1945         * dfg/DFGJITCompiler.cpp:
1946         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1947         (JSC::DFG::JITCompiler::link):
1948         * jit/JIT.cpp:
1949         (JSC::JIT::privateCompile):
1950
1951 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
1952
1953         Interpreter::unwind() has no need for the bytecodeOffset
1954         https://bugs.webkit.org/show_bug.cgi?id=121755
1955
1956         Reviewed by Oliver Hunt.
1957         
1958         It was only using the bytecodeOffset for some debugger stuff, but the debugger could
1959         just get the bytecodeOffset the same way the rest of the machinery does: by using the
1960         CallFrame's location.
1961         
1962         It turns out that a lot of really ugly code was in place just to supply this
1963         bytecodeOffset. This patch kills most of that code, and allows us to kill even more
1964         code in a future patch - though most likely that killage will involve further
1965         refactorings as well, see https://bugs.webkit.org/show_bug.cgi?id=121734.
1966
1967         * dfg/DFGOperations.cpp:
1968         * interpreter/CallFrame.cpp:
1969         (JSC::CallFrame::bytecodeOffset):
1970         (JSC::CallFrame::codeOrigin):
1971         * interpreter/CallFrame.h:
1972         * interpreter/Interpreter.cpp:
1973         (JSC::Interpreter::unwind):
1974         * interpreter/Interpreter.h:
1975         * jit/JITExceptions.cpp:
1976         (JSC::genericUnwind):
1977         * jit/JITExceptions.h:
1978         * jit/JITStubs.cpp:
1979         (JSC::DEFINE_STUB_FUNCTION):
1980         (JSC::cti_vm_handle_exception):
1981         * llint/LLIntExceptions.cpp:
1982         (JSC::LLInt::doThrow):
1983         (JSC::LLInt::returnToThrow):
1984         (JSC::LLInt::callToThrow):
1985         * llint/LLIntExceptions.h:
1986         * llint/LLIntSlowPaths.cpp:
1987         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1988         * runtime/CommonSlowPaths.cpp:
1989         (JSC::SLOW_PATH_DECL):
1990         * runtime/CommonSlowPathsExceptions.cpp:
1991         (JSC::CommonSlowPaths::interpreterThrowInCaller):
1992         * runtime/CommonSlowPathsExceptions.h:
1993
1994 2013-09-21  Darin Adler  <darin@apple.com>
1995
1996         Add ExecState::uncheckedArgument and use where possible to shrink a bit
1997         https://bugs.webkit.org/show_bug.cgi?id=121750
1998
1999         Reviewed by Andreas Kling.
2000
2001         * interpreter/CallFrame.h:
2002         (JSC::ExecState::uncheckedArgument): Added. Like argument, but with an
2003         assertion rather than a runtime check.
2004
2005         * API/APICallbackFunction.h:
2006         (JSC::APICallbackFunction::call): Use uncheckedArgument because we are
2007         already in a loop over arguments, so don't need a range check.
2008         * API/JSCallbackConstructor.cpp:
2009         (JSC::constructJSCallback): Ditto.
2010         * API/JSCallbackObjectFunctions.h:
2011         (JSC::JSCallbackObject::construct): Ditto.
2012         (JSC::JSCallbackObject::call): Ditto.
2013         * jsc.cpp:
2014         (functionPrint): Ditto.
2015         (functionRun): Ditto.
2016         (functionSetSamplingFlags): Ditto.
2017         (functionClearSamplingFlags): Ditto.
2018         * runtime/ArrayPrototype.cpp:
2019         (JSC::arrayProtoFuncConcat): Ditto.
2020         (JSC::arrayProtoFuncPush): Use uncheckedArgument because there is already
2021         code that explicitly checks argumentCount.
2022         (JSC::arrayProtoFuncSplice): Ditto.
2023         (JSC::arrayProtoFuncUnShift): Ditto.
2024         (JSC::arrayProtoFuncReduce): Ditto.
2025         (JSC::arrayProtoFuncReduceRight): Ditto.
2026         (JSC::arrayProtoFuncLastIndexOf): Ditto.
2027         * runtime/DatePrototype.cpp:
2028         (JSC::fillStructuresUsingTimeArgs): Ditto.
2029         (JSC::fillStructuresUsingDateArgs): Ditto.
2030         * runtime/JSArrayBufferConstructor.cpp:
2031         (JSC::constructArrayBuffer): Ditto.
2032         * runtime/JSArrayBufferPrototype.cpp:
2033         (JSC::arrayBufferProtoFuncSlice): Ditto.
2034         * runtime/JSBoundFunction.cpp:
2035         (JSC::boundFunctionCall): Ditto.
2036         (JSC::boundFunctionConstruct): Ditto.
2037         * runtime/JSDataViewPrototype.cpp:
2038         (JSC::getData): Ditto.
2039         (JSC::setData): Ditto.
2040         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
2041         (JSC::constructGenericTypedArrayView): Ditto.
2042         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
2043         (JSC::genericTypedArrayViewProtoFuncSet): Ditto.
2044         (JSC::genericTypedArrayViewProtoFuncSubarray): Ditto.
2045         * runtime/JSONObject.cpp:
2046         (JSC::JSONProtoFuncParse): Ditto.
2047         (JSC::JSONProtoFuncStringify): Ditto.
2048         * runtime/JSPromiseConstructor.cpp:
2049         (JSC::constructPromise): Ditto.
2050         (JSC::JSPromiseConstructorFuncFulfill): Ditto.
2051         (JSC::JSPromiseConstructorFuncResolve): Ditto.
2052         (JSC::JSPromiseConstructorFuncReject): Ditto.
2053         * runtime/MathObject.cpp:
2054         (JSC::mathProtoFuncMax): Ditto.
2055         (JSC::mathProtoFuncMin): Ditto.
2056
2057         * runtime/NameConstructor.cpp:
2058         (JSC::constructPrivateName): Removed unneeded check of argumentCout
2059         that simply repeats what argument already does.
2060         * runtime/NativeErrorConstructor.cpp:
2061         (JSC::Interpreter::constructWithNativeErrorConstructor): Ditto.
2062         (JSC::Interpreter::callNativeErrorConstructor): Ditto.
2063
2064         * runtime/NumberConstructor.cpp:
2065         (JSC::constructWithNumberConstructor): Use uncheckedArgument since
2066         there is already code that explicitly checks argument count.
2067         (JSC::callNumberConstructor): Ditto.
2068
2069         * runtime/ObjectConstructor.cpp:
2070         (JSC::objectConstructorCreate): Small refactoring to not call argument(0)
2071         three times.
2072
2073         * runtime/SetConstructor.cpp:
2074         (JSC::constructSet): Use uncheckedArgument since we are already in a loop
2075         over arguments.
2076
2077         * runtime/StringConstructor.cpp:
2078         (JSC::stringFromCharCodeSlowCase): In a loop.
2079         (JSC::stringFromCharCode): Already checked count.
2080         (JSC::constructWithStringConstructor): Ditto.
2081         (JSC::callStringConstructor): Ditto.
2082         * runtime/StringPrototype.cpp:
2083         (JSC::stringProtoFuncConcat): Already checked count.
2084         * runtime/TestRunnerUtils.cpp:
2085         (JSC::numberOfDFGCompiles): Ditto.
2086         (JSC::setNeverInline): Ditto.
2087
2088 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2089
2090         Remove the notion that a CallFrame can have a pointer to an InlineCallFrame, since that doesn't happen anymore
2091         https://bugs.webkit.org/show_bug.cgi?id=121753
2092
2093         Reviewed by Darin Adler.
2094
2095         * interpreter/CallFrame.cpp:
2096         (JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
2097         * interpreter/CallFrame.h:
2098         * interpreter/Register.h:
2099
2100 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2101
2102         Unreviewed, fix the revert.
2103
2104         * dfg/DFGRepatch.cpp:
2105
2106 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2107
2108         Unreviewed, revert http://trac.webkit.org/changeset/156235. It won't work on Windows.
2109
2110         * CMakeLists.txt:
2111         * GNUmakefile.list.am:
2112         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2113         * JavaScriptCore.xcodeproj/project.pbxproj:
2114         * Target.pri:
2115         * bytecode/CallLinkInfo.cpp:
2116         (JSC::CallLinkInfo::unlink):
2117         * bytecode/CodeBlock.cpp:
2118         (JSC::CodeBlock::resetStubInternal):
2119         * bytecode/StructureStubInfo.h:
2120         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2121         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
2122         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
2123         * dfg/DFGJITCompiler.h:
2124         * dfg/DFGOSRExitCompiler.h:
2125         * dfg/DFGOperations.cpp:
2126         (JSC::DFG::operationPutByValInternal):
2127         * dfg/DFGOperations.h:
2128         (JSC::DFG::operationNewTypedArrayWithSizeForType):
2129         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
2130         * dfg/DFGRegisterSet.h: Added.
2131         (JSC::DFG::RegisterSet::RegisterSet):
2132         (JSC::DFG::RegisterSet::asPOD):
2133         (JSC::DFG::RegisterSet::copyInfo):
2134         (JSC::DFG::RegisterSet::set):
2135         (JSC::DFG::RegisterSet::setGPRByIndex):
2136         (JSC::DFG::RegisterSet::clear):
2137         (JSC::DFG::RegisterSet::get):
2138         (JSC::DFG::RegisterSet::getGPRByIndex):
2139         (JSC::DFG::RegisterSet::getFreeGPR):
2140         (JSC::DFG::RegisterSet::setFPRByIndex):
2141         (JSC::DFG::RegisterSet::getFPRByIndex):
2142         (JSC::DFG::RegisterSet::setByIndex):
2143         (JSC::DFG::RegisterSet::getByIndex):
2144         (JSC::DFG::RegisterSet::numberOfSetGPRs):
2145         (JSC::DFG::RegisterSet::numberOfSetFPRs):
2146         (JSC::DFG::RegisterSet::numberOfSetRegisters):
2147         (JSC::DFG::RegisterSet::setBit):
2148         (JSC::DFG::RegisterSet::clearBit):
2149         (JSC::DFG::RegisterSet::getBit):
2150         * dfg/DFGRepatch.cpp: Added.
2151         (JSC::DFG::repatchCall):
2152         (JSC::DFG::repatchByIdSelfAccess):
2153         (JSC::DFG::addStructureTransitionCheck):
2154         (JSC::DFG::replaceWithJump):
2155         (JSC::DFG::emitRestoreScratch):
2156         (JSC::DFG::linkRestoreScratch):
2157         (JSC::DFG::generateProtoChainAccessStub):
2158         (JSC::DFG::tryCacheGetByID):
2159         (JSC::DFG::repatchGetByID):
2160         (JSC::DFG::getPolymorphicStructureList):
2161         (JSC::DFG::patchJumpToGetByIdStub):
2162         (JSC::DFG::tryBuildGetByIDList):
2163         (JSC::DFG::buildGetByIDList):
2164         (JSC::DFG::appropriateGenericPutByIdFunction):
2165         (JSC::DFG::appropriateListBuildingPutByIdFunction):
2166         (JSC::DFG::emitPutReplaceStub):
2167         (JSC::DFG::emitPutTransitionStub):
2168         (JSC::DFG::tryCachePutByID):
2169         (JSC::DFG::repatchPutByID):
2170         (JSC::DFG::tryBuildPutByIdList):
2171         (JSC::DFG::buildPutByIdList):
2172         (JSC::DFG::tryRepatchIn):
2173         (JSC::DFG::repatchIn):
2174         (JSC::DFG::linkSlowFor):
2175         (JSC::DFG::linkFor):
2176         (JSC::DFG::linkClosureCall):
2177         (JSC::DFG::resetGetByID):
2178         (JSC::DFG::resetPutByID):
2179         (JSC::DFG::resetIn):
2180         * dfg/DFGRepatch.h: Added.
2181         (JSC::DFG::resetGetByID):
2182         (JSC::DFG::resetPutByID):
2183         (JSC::DFG::resetIn):
2184         * dfg/DFGScratchRegisterAllocator.h: Added.
2185         (JSC::DFG::ScratchRegisterAllocator::ScratchRegisterAllocator):
2186         (JSC::DFG::ScratchRegisterAllocator::lock):
2187         (JSC::DFG::ScratchRegisterAllocator::allocateScratch):
2188         (JSC::DFG::ScratchRegisterAllocator::allocateScratchGPR):
2189         (JSC::DFG::ScratchRegisterAllocator::allocateScratchFPR):
2190         (JSC::DFG::ScratchRegisterAllocator::didReuseRegisters):
2191         (JSC::DFG::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2192         (JSC::DFG::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2193         (JSC::DFG::ScratchRegisterAllocator::desiredScratchBufferSize):
2194         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
2195         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
2196         * dfg/DFGSpeculativeJIT.cpp:
2197         (JSC::DFG::SpeculativeJIT::writeBarrier):
2198         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
2199         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2200         (JSC::DFG::SpeculativeJIT::compare):
2201         * dfg/DFGSpeculativeJIT.h:
2202         (JSC::DFG::SpeculativeJIT::callOperation):
2203         * dfg/DFGSpeculativeJIT32_64.cpp:
2204         (JSC::DFG::SpeculativeJIT::cachedPutById):
2205         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2206         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2207         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2208         (JSC::DFG::SpeculativeJIT::compile):
2209         * dfg/DFGSpeculativeJIT64.cpp:
2210         (JSC::DFG::SpeculativeJIT::cachedPutById):
2211         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2212         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2213         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2214         (JSC::DFG::SpeculativeJIT::compile):
2215         * dfg/DFGThunks.cpp:
2216         (JSC::DFG::emitPointerValidation):
2217         (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
2218         (JSC::DFG::slowPathFor):
2219         (JSC::DFG::linkForThunkGenerator):
2220         (JSC::DFG::linkCallThunkGenerator):
2221         (JSC::DFG::linkConstructThunkGenerator):
2222         (JSC::DFG::linkClosureCallThunkGenerator):
2223         (JSC::DFG::virtualForThunkGenerator):
2224         (JSC::DFG::virtualCallThunkGenerator):
2225         (JSC::DFG::virtualConstructThunkGenerator):
2226         * dfg/DFGThunks.h:
2227         * ftl/FTLIntrinsicRepository.h:
2228         * ftl/FTLLowerDFGToLLVM.cpp:
2229         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
2230         * ftl/FTLOSRExitCompiler.h:
2231         * jit/AssemblyHelpers.h:
2232         * jit/JIT.cpp:
2233         (JSC::JIT::linkFor):
2234         (JSC::JIT::linkSlowCall):
2235         * jit/JITCall.cpp:
2236         (JSC::JIT::compileCallEvalSlowCase):
2237         (JSC::JIT::compileOpCallSlowCase):
2238         (JSC::JIT::privateCompileClosureCall):
2239         * jit/JITCall32_64.cpp:
2240         (JSC::JIT::compileCallEvalSlowCase):
2241         (JSC::JIT::compileOpCallSlowCase):
2242         (JSC::JIT::privateCompileClosureCall):
2243         * jit/JITOperationWrappers.h: Removed.
2244         * jit/JITOperations.cpp: Removed.
2245         * jit/JITOperations.h: Removed.
2246         * jit/RegisterSet.h: Removed.
2247         * jit/Repatch.cpp: Removed.
2248         * jit/Repatch.h: Removed.
2249         * jit/ScratchRegisterAllocator.h: Removed.
2250         * jit/ThunkGenerators.cpp:
2251         (JSC::generateSlowCaseFor):
2252         (JSC::linkForGenerator):
2253         (JSC::linkCallGenerator):
2254         (JSC::linkConstructGenerator):
2255         (JSC::linkClosureCallGenerator):
2256         (JSC::virtualForGenerator):
2257         (JSC::virtualCallGenerator):
2258         (JSC::virtualConstructGenerator):
2259         * jit/ThunkGenerators.h:
2260
2261 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2262
2263         Move DFG inline caching logic into jit/
2264         https://bugs.webkit.org/show_bug.cgi?id=121749
2265
2266         Rubber stamped by Sam Weinig.
2267         
2268         We want to get rid of the baseline JIT's inline caching machinery and have it use the
2269         DFG's instead. But before we do that we need to move the DFG's inline caching machine
2270         out from behind its ENABLE(DFG_JIT) guards and make it available to the whole system.
2271         This patch does that:
2272         
2273         - dfg/DFGRepatch becomes jit/Repatch.
2274         
2275         - The thunks used by the DFG IC go into jit/ThunkGenerators, instead of dfg/DFGThunks.
2276         
2277         - The operations used by the DFG IC go into jit/JITOperations, instead of
2278           dfg/DFGOperations.
2279         
2280         - The old JIT's thunk generators for calls are renamed to reduce confusion. Previously
2281           it was easy to know which generators belong to which JIT because the old JIT used
2282           JSC::virtualCallBlah and the DFG used JSC::DFG::virtualCallBlah, but that's not the
2283           case anymore. Note that the old JIT's thunk generators will die in a future patch.
2284         
2285         No functional changes beyond those moves.
2286
2287         * CMakeLists.txt:
2288         * GNUmakefile.list.am:
2289         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2290         * JavaScriptCore.xcodeproj/project.pbxproj:
2291         * Target.pri:
2292         * bytecode/CallLinkInfo.cpp:
2293         (JSC::CallLinkInfo::unlink):
2294         * bytecode/CodeBlock.cpp:
2295         (JSC::CodeBlock::resetStubInternal):
2296         * bytecode/StructureStubInfo.h:
2297         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2298         (JSC::DFG::CallArrayAllocatorSlowPathGenerator::CallArrayAllocatorSlowPathGenerator):
2299         (JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::CallArrayAllocatorWithVariableSizeSlowPathGenerator):
2300         * dfg/DFGJITCompiler.h:
2301         * dfg/DFGOSRExitCompiler.h:
2302         * dfg/DFGOperations.cpp:
2303         (JSC::DFG::operationPutByValInternal):
2304         * dfg/DFGOperations.h:
2305         (JSC::DFG::operationNewTypedArrayWithSizeForType):
2306         (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
2307         * dfg/DFGRegisterSet.h: Removed.
2308         * dfg/DFGRepatch.cpp: Removed.
2309         * dfg/DFGRepatch.h: Removed.
2310         * dfg/DFGScratchRegisterAllocator.h: Removed.
2311         * dfg/DFGSpeculativeJIT.cpp:
2312         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
2313         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2314         (JSC::DFG::SpeculativeJIT::compare):
2315         * dfg/DFGSpeculativeJIT.h:
2316         (JSC::DFG::SpeculativeJIT::callOperation):
2317         * dfg/DFGSpeculativeJIT32_64.cpp:
2318         (JSC::DFG::SpeculativeJIT::cachedPutById):
2319         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2320         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2321         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2322         (JSC::DFG::SpeculativeJIT::compile):
2323         * dfg/DFGSpeculativeJIT64.cpp:
2324         (JSC::DFG::SpeculativeJIT::cachedPutById):
2325         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2326         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
2327         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2328         (JSC::DFG::SpeculativeJIT::compile):
2329         * dfg/DFGThunks.cpp:
2330         * dfg/DFGThunks.h:
2331         * ftl/FTLIntrinsicRepository.h:
2332         * ftl/FTLLowerDFGToLLVM.cpp:
2333         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
2334         * jit/AssemblyHelpers.h:
2335         (JSC::AssemblyHelpers::writeBarrier):
2336         * jit/JIT.cpp:
2337         (JSC::JIT::linkFor):
2338         (JSC::JIT::linkSlowCall):
2339         * jit/JITCall.cpp:
2340         (JSC::JIT::compileCallEval):
2341         (JSC::JIT::compileCallEvalSlowCase):
2342         (JSC::JIT::compileOpCallSlowCase):
2343         (JSC::JIT::privateCompileClosureCall):
2344         * jit/JITCall32_64.cpp:
2345         (JSC::JIT::compileCallEvalSlowCase):
2346         (JSC::JIT::compileOpCallSlowCase):
2347         (JSC::JIT::privateCompileClosureCall):
2348         * jit/JITOperationWrappers.h: Added.
2349         * jit/JITOperations.cpp: Added.
2350         * jit/JITOperations.h: Added.
2351         * jit/RegisterSet.h: Added.
2352         (JSC::RegisterSet::RegisterSet):
2353         (JSC::RegisterSet::asPOD):
2354         (JSC::RegisterSet::copyInfo):
2355         (JSC::RegisterSet::set):
2356         (JSC::RegisterSet::setGPRByIndex):
2357         (JSC::RegisterSet::clear):
2358         (JSC::RegisterSet::get):
2359         (JSC::RegisterSet::getGPRByIndex):
2360         (JSC::RegisterSet::getFreeGPR):
2361         (JSC::RegisterSet::setFPRByIndex):
2362         (JSC::RegisterSet::getFPRByIndex):
2363         (JSC::RegisterSet::setByIndex):
2364         (JSC::RegisterSet::getByIndex):
2365         (JSC::RegisterSet::numberOfSetGPRs):
2366         (JSC::RegisterSet::numberOfSetFPRs):
2367         (JSC::RegisterSet::numberOfSetRegisters):
2368         (JSC::RegisterSet::setBit):
2369         (JSC::RegisterSet::clearBit):
2370         (JSC::RegisterSet::getBit):
2371         * jit/Repatch.cpp: Added.
2372         (JSC::repatchCall):
2373         (JSC::repatchByIdSelfAccess):
2374         (JSC::addStructureTransitionCheck):
2375         (JSC::replaceWithJump):
2376         (JSC::emitRestoreScratch):
2377         (JSC::linkRestoreScratch):
2378         (JSC::generateProtoChainAccessStub):
2379         (JSC::tryCacheGetByID):
2380         (JSC::repatchGetByID):
2381         (JSC::getPolymorphicStructureList):
2382         (JSC::patchJumpToGetByIdStub):
2383         (JSC::tryBuildGetByIDList):
2384         (JSC::buildGetByIDList):
2385         (JSC::appropriateGenericPutByIdFunction):
2386         (JSC::appropriateListBuildingPutByIdFunction):
2387         (JSC::emitPutReplaceStub):
2388         (JSC::emitPutTransitionStub):
2389         (JSC::tryCachePutByID):
2390         (JSC::repatchPutByID):
2391         (JSC::tryBuildPutByIdList):
2392         (JSC::buildPutByIdList):
2393         (JSC::tryRepatchIn):
2394         (JSC::repatchIn):
2395         (JSC::linkSlowFor):
2396         (JSC::linkFor):
2397         (JSC::linkClosureCall):
2398         (JSC::resetGetByID):
2399         (JSC::resetPutByID):
2400         (JSC::resetIn):
2401         * jit/Repatch.h: Added.
2402         (JSC::resetGetByID):
2403         (JSC::resetPutByID):
2404         (JSC::resetIn):
2405         * jit/ScratchRegisterAllocator.h: Added.
2406         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
2407         (JSC::ScratchRegisterAllocator::lock):
2408         (JSC::ScratchRegisterAllocator::allocateScratch):
2409         (JSC::ScratchRegisterAllocator::allocateScratchGPR):
2410         (JSC::ScratchRegisterAllocator::allocateScratchFPR):
2411         (JSC::ScratchRegisterAllocator::didReuseRegisters):
2412         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2413         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2414         (JSC::ScratchRegisterAllocator::desiredScratchBufferSize):
2415         (JSC::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
2416         (JSC::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
2417         * jit/ThunkGenerators.cpp:
2418         (JSC::oldStyleGenerateSlowCaseFor):
2419         (JSC::oldStyleLinkForGenerator):
2420         (JSC::oldStyleLinkCallGenerator):
2421         (JSC::oldStyleLinkConstructGenerator):
2422         (JSC::oldStyleLinkClosureCallGenerator):
2423         (JSC::oldStyleVirtualForGenerator):
2424         (JSC::oldStyleVirtualCallGenerator):
2425         (JSC::oldStyleVirtualConstructGenerator):
2426         (JSC::emitPointerValidation):
2427         (JSC::throwExceptionFromCallSlowPathGenerator):
2428         (JSC::slowPathFor):
2429         (JSC::linkForThunkGenerator):
2430         (JSC::linkCallThunkGenerator):
2431         (JSC::linkConstructThunkGenerator):
2432         (JSC::linkClosureCallThunkGenerator):
2433         (JSC::virtualForThunkGenerator):
2434         (JSC::virtualCallThunkGenerator):
2435         (JSC::virtualConstructThunkGenerator):
2436         * jit/ThunkGenerators.h:
2437
2438 2013-09-21  Anders Carlsson  <andersca@apple.com>
2439
2440         Fix the non-DFG build.
2441
2442         * interpreter/Interpreter.cpp:
2443         (JSC::unwindCallFrame):
2444         * interpreter/StackVisitor.cpp:
2445         (JSC::StackVisitor::Frame::r):
2446
2447 2013-09-21  Filip Pizlo  <fpizlo@apple.com>
2448
2449         Get rid of IsInlinedCodeTag and its associated methods since it's unused
2450         https://bugs.webkit.org/show_bug.cgi?id=121737
2451
2452         Reviewed by Sam Weinig.
2453         
2454         This was meant to be easy, but I kept wondering if it was safe to remove the
2455         inline call frame check in Arguments::tearOff(). The check was clearly dead
2456         since the bit wasn't being set anywhere.
2457         
2458         It turns out that the unwindCallFrame() function was relying on tearOff()
2459         doing the right thing for inlined code, but it wasn't even passing it an
2460         inline call frame. I fixed this by having unwindCallFrame() inlining check,
2461         while also making sure that the code uses the right operand index for the
2462         arguments register.
2463
2464         * interpreter/CallFrame.h:
2465         * interpreter/CallFrameInlines.h:
2466         * interpreter/Interpreter.cpp:
2467         (JSC::unwindCallFrame):
2468         * interpreter/StackVisitor.cpp:
2469         (JSC::StackVisitor::Frame::r):
2470         * interpreter/StackVisitor.h:
2471         * runtime/Arguments.cpp:
2472         (JSC::Arguments::tearOff):
2473
2474 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2475
2476         (un)shiftCountWithAnyIndexingType will start over in the middle of copying if it sees a hole
2477         https://bugs.webkit.org/show_bug.cgi?id=121717
2478
2479         Reviewed by Oliver Hunt.
2480
2481         This bug caused the array to become corrupted. We now check for holes before we start moving things, 
2482         and start moving things only once we've determined that there are none.
2483
2484         * runtime/JSArray.cpp:
2485         (JSC::JSArray::shiftCountWithAnyIndexingType):
2486         (JSC::JSArray::unshiftCountWithAnyIndexingType):
2487
2488 2013-09-20  Filip Pizlo  <fpizlo@apple.com>
2489
2490         REGRESSION(r156047): WebCore hangs inside JSC::toInt32(double)
2491         https://bugs.webkit.org/show_bug.cgi?id=121648
2492
2493         Reviewed by Mark Hahnenberg.
2494         
2495         The Int52<->StrictInt52 conversion did the opposite fill() than what it was
2496         supposed to. For example when converting a Int52 to a StrictInt52 it would fill
2497         as Int52, and vice-versa.
2498
2499         * dfg/DFGSpeculativeJIT64.cpp:
2500         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
2501
2502 2013-09-20  Oliver Hunt  <oliver@apple.com>
2503
2504         REGRESSION(r153215): New iCloud site crashes
2505         https://bugs.webkit.org/show_bug.cgi?id=121710
2506
2507         Reviewed by Filip Pizlo.
2508
2509         Don't claim to be able to rely on the arguments structure, use the Arguments
2510         speculation type
2511
2512         * dfg/DFGAbstractInterpreterInlines.h:
2513         (JSC::DFG::::executeEffects):
2514
2515 2013-09-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2516
2517         Clobberize phase forgets to indicate that it writes GCState for several node types
2518         https://bugs.webkit.org/show_bug.cgi?id=121702
2519
2520         Reviewed by Oliver Hunt.
2521
2522         Added read and write for GCState to the nodes that could end up allocating (and thereby
2523         cause a garbage collection).
2524
2525         * dfg/DFGClobberize.h:
2526         (JSC::DFG::clobberize):
2527
2528 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2529
2530         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2531         https://bugs.webkit.org/show_bug.cgi?id=121637
2532
2533         Rubber stamped by Michael Saboff.
2534         
2535         Also moved GPRInfo/FPRInfo into jit/. Rolling back in after fixing JIT-only build
2536         and tests.
2537
2538         * CMakeLists.txt:
2539         * GNUmakefile.list.am:
2540         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2541         * JavaScriptCore.xcodeproj/project.pbxproj:
2542         * Target.pri:
2543         * bytecode/ValueRecovery.h:
2544         (JSC::ValueRecovery::dumpInContext):
2545         * dfg/DFGAssemblyHelpers.cpp: Removed.
2546         * dfg/DFGAssemblyHelpers.h: Removed.
2547         * dfg/DFGBinarySwitch.h:
2548         * dfg/DFGByteCodeParser.cpp:
2549         * dfg/DFGCCallHelpers.h: Removed.
2550         * dfg/DFGDisassembler.cpp:
2551         * dfg/DFGFPRInfo.h: Removed.
2552         * dfg/DFGGPRInfo.h: Removed.
2553         * dfg/DFGGraph.cpp:
2554         * dfg/DFGGraph.h:
2555         * dfg/DFGJITCompiler.h:
2556         * dfg/DFGOSRExit.cpp:
2557         * dfg/DFGOSRExit.h:
2558         * dfg/DFGOSRExitCompiler.h:
2559         * dfg/DFGOSRExitCompilerCommon.h:
2560         * dfg/DFGRegisterBank.h:
2561         * dfg/DFGRegisterSet.h:
2562         * dfg/DFGRepatch.cpp:
2563         * dfg/DFGSilentRegisterSavePlan.h:
2564         * dfg/DFGThunks.cpp:
2565         * dfg/DFGVariableEvent.cpp:
2566         * ftl/FTLCArgumentGetter.h:
2567         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2568         (JSC::FTL::CArgumentGetter::loadNext8):
2569         (JSC::FTL::CArgumentGetter::loadNext32):
2570         (JSC::FTL::CArgumentGetter::loadNext64):
2571         (JSC::FTL::CArgumentGetter::loadNextPtr):
2572         (JSC::FTL::CArgumentGetter::loadNextDouble):
2573         * ftl/FTLCompile.cpp:
2574         * ftl/FTLExitThunkGenerator.h:
2575         * ftl/FTLLink.cpp:
2576         * ftl/FTLThunks.cpp:
2577         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2578         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2579         (JSC::AssemblyHelpers::AssemblyHelpers):
2580         (JSC::AssemblyHelpers::debugCall):
2581         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2582         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2583         (WTF::printInternal):
2584         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2585         (WTF::printInternal):
2586         * jit/JIT.cpp:
2587         (JSC::JIT::JIT):
2588         * jit/JIT.h:
2589         * jit/JITPropertyAccess.cpp:
2590         (JSC::JIT::stringGetByValStubGenerator):
2591         * jit/JITPropertyAccess32_64.cpp:
2592         (JSC::JIT::stringGetByValStubGenerator):
2593         * jit/JSInterfaceJIT.h:
2594         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2595         * jit/SpecializedThunkJIT.h:
2596         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2597         (JSC::SpecializedThunkJIT::finalize):
2598         * jit/ThunkGenerators.cpp:
2599         (JSC::linkForGenerator):
2600         (JSC::virtualForGenerator):
2601         (JSC::stringLengthTrampolineGenerator):
2602         (JSC::nativeForGenerator):
2603         (JSC::arityFixup):
2604         (JSC::charCodeAtThunkGenerator):
2605         (JSC::charAtThunkGenerator):
2606         (JSC::fromCharCodeThunkGenerator):
2607         (JSC::sqrtThunkGenerator):
2608         (JSC::floorThunkGenerator):
2609         (JSC::ceilThunkGenerator):
2610         (JSC::roundThunkGenerator):
2611         (JSC::expThunkGenerator):
2612         (JSC::logThunkGenerator):
2613         (JSC::absThunkGenerator):
2614         (JSC::powThunkGenerator):
2615         (JSC::imulThunkGenerator):
2616         * llint/LLIntThunks.cpp:
2617         (JSC::LLInt::generateThunkWithJumpTo):
2618         * runtime/JSCJSValue.h:
2619
2620 2013-09-20  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2621
2622         Inline method exported
2623         https://bugs.webkit.org/show_bug.cgi?id=121664
2624
2625         Reviewed by Darin Adler.
2626
2627         WatchDog::didFire() is marked as an exported symbol eventhough it is
2628         defined inline. This breaks the build on MinGW since it results in dllimport
2629         being declared on a definition.
2630
2631         * runtime/Watchdog.h:
2632         (JSC::Watchdog::didFire):
2633
2634 2013-09-20  Patrick Gansterer  <paroga@webkit.org>
2635
2636         [CMake] Use COMPILE_DEFINITIONS target property for setting BUILDING_* defines
2637         https://bugs.webkit.org/show_bug.cgi?id=121672
2638
2639         Reviewed by Gyuyoung Kim.
2640
2641         Since the scope of add_definitions() is always a whole file, we need to use
2642         target properties instead to set definitions only for specific targets.
2643
2644         * CMakeLists.txt:
2645
2646 2013-09-19  Commit Queue  <commit-queue@webkit.org>
2647
2648         Unreviewed, rolling out r156120.
2649         http://trac.webkit.org/changeset/156120
2650         https://bugs.webkit.org/show_bug.cgi?id=121651
2651
2652         Broke windows runtime and all tests (Requested by bfulgham on
2653         #webkit).
2654
2655         * CMakeLists.txt:
2656         * GNUmakefile.list.am:
2657         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2658         * JavaScriptCore.xcodeproj/project.pbxproj:
2659         * Target.pri:
2660         * bytecode/ValueRecovery.h:
2661         (JSC::ValueRecovery::dumpInContext):
2662         * dfg/DFGAssemblyHelpers.cpp: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.cpp.
2663         (JSC::DFG::AssemblyHelpers::executableFor):
2664         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
2665         (JSC::DFG::AssemblyHelpers::setSamplingFlag):
2666         (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
2667         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2668         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2669         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2670         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2671         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2672         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2673         * dfg/DFGAssemblyHelpers.h: Renamed from Source/JavaScriptCore/jit/AssemblyHelpers.h.
2674         (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
2675         (JSC::DFG::AssemblyHelpers::codeBlock):
2676         (JSC::DFG::AssemblyHelpers::vm):
2677         (JSC::DFG::AssemblyHelpers::assembler):
2678         (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
2679         (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
2680         (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
2681         (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
2682         (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
2683         (JSC::DFG::AssemblyHelpers::branchIfNotCell):
2684         (JSC::DFG::AssemblyHelpers::addressFor):
2685         (JSC::DFG::AssemblyHelpers::tagFor):
2686         (JSC::DFG::AssemblyHelpers::payloadFor):
2687         (JSC::DFG::AssemblyHelpers::branchIfNotObject):
2688         (JSC::DFG::AssemblyHelpers::selectScratchGPR):
2689         (JSC::DFG::AssemblyHelpers::debugCall):
2690         (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
2691         (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
2692         (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
2693         (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
2694         (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
2695         (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
2696         (JSC::DFG::AssemblyHelpers::boxDouble):
2697         (JSC::DFG::AssemblyHelpers::unboxDouble):
2698         (JSC::DFG::AssemblyHelpers::boxInt52):
2699         (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
2700         (JSC::DFG::AssemblyHelpers::emitCount):
2701         (JSC::DFG::AssemblyHelpers::globalObjectFor):
2702         (JSC::DFG::AssemblyHelpers::strictModeFor):
2703         (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
2704         (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
2705         (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
2706         (JSC::DFG::AssemblyHelpers::symbolTableFor):
2707         (JSC::DFG::AssemblyHelpers::offsetOfLocals):
2708         (JSC::DFG::AssemblyHelpers::offsetOfArgumentsIncludingThis):
2709         * dfg/DFGBinarySwitch.h:
2710         * dfg/DFGByteCodeParser.cpp:
2711         * dfg/DFGCCallHelpers.h: Renamed from Source/JavaScriptCore/jit/CCallHelpers.h.
2712         (JSC::DFG::CCallHelpers::CCallHelpers):
2713         (JSC::DFG::CCallHelpers::resetCallArguments):
2714         (JSC::DFG::CCallHelpers::addCallArgument):
2715         (JSC::DFG::CCallHelpers::setupArguments):
2716         (JSC::DFG::CCallHelpers::setupArgumentsExecState):
2717         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2718         (JSC::DFG::CCallHelpers::setupTwoStubArgs):
2719         (JSC::DFG::CCallHelpers::setupStubArguments):
2720         (JSC::DFG::CCallHelpers::setupResults):
2721         * dfg/DFGDisassembler.cpp:
2722         * dfg/DFGFPRInfo.h: Renamed from Source/JavaScriptCore/jit/FPRInfo.h.
2723         (JSC::DFG::FPRInfo::toRegister):
2724         (JSC::DFG::FPRInfo::toIndex):
2725         (JSC::DFG::FPRInfo::toArgumentRegister):
2726         (JSC::DFG::FPRInfo::debugName):
2727         * dfg/DFGGPRInfo.h: Renamed from Source/JavaScriptCore/jit/GPRInfo.h.
2728         (JSC::DFG::JSValueRegs::JSValueRegs):
2729         (JSC::DFG::JSValueRegs::payloadOnly):
2730         (JSC::DFG::JSValueRegs::operator!):
2731         (JSC::DFG::JSValueRegs::gpr):
2732         (JSC::DFG::JSValueRegs::payloadGPR):
2733         (JSC::DFG::JSValueSource::JSValueSource):
2734         (JSC::DFG::JSValueSource::unboxedCell):
2735         (JSC::DFG::JSValueSource::operator!):
2736         (JSC::DFG::JSValueSource::isAddress):
2737         (JSC::DFG::JSValueSource::offset):
2738         (JSC::DFG::JSValueSource::base):
2739         (JSC::DFG::JSValueSource::gpr):
2740         (JSC::DFG::JSValueSource::asAddress):
2741         (JSC::DFG::JSValueSource::notAddress):
2742         (JSC::DFG::JSValueRegs::tagGPR):
2743         (JSC::DFG::JSValueSource::tagGPR):
2744         (JSC::DFG::JSValueSource::payloadGPR):
2745         (JSC::DFG::JSValueSource::hasKnownTag):
2746         (JSC::DFG::JSValueSource::tag):
2747         (JSC::DFG::GPRInfo::toRegister):
2748         (JSC::DFG::GPRInfo::toIndex):
2749         (JSC::DFG::GPRInfo::debugName):
2750         (JSC::DFG::GPRInfo::toArgumentRegister):
2751         * dfg/DFGGraph.cpp:
2752         * dfg/DFGGraph.h:
2753         * dfg/DFGJITCompiler.h:
2754         * dfg/DFGOSRExit.cpp:
2755         * dfg/DFGOSRExit.h:
2756         * dfg/DFGOSRExitCompiler.h:
2757         * dfg/DFGOSRExitCompilerCommon.h:
2758         * dfg/DFGRegisterBank.h:
2759         * dfg/DFGRegisterSet.h:
2760         * dfg/DFGRepatch.cpp:
2761         * dfg/DFGSilentRegisterSavePlan.h:
2762         * dfg/DFGThunks.cpp:
2763         * dfg/DFGVariableEvent.cpp:
2764         * ftl/FTLCArgumentGetter.h:
2765         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2766         (JSC::FTL::CArgumentGetter::loadNext8):
2767         (JSC::FTL::CArgumentGetter::loadNext32):
2768         (JSC::FTL::CArgumentGetter::loadNext64):
2769         (JSC::FTL::CArgumentGetter::loadNextPtr):
2770         (JSC::FTL::CArgumentGetter::loadNextDouble):
2771         * ftl/FTLCompile.cpp:
2772         * ftl/FTLExitThunkGenerator.h:
2773         * ftl/FTLLink.cpp:
2774         * ftl/FTLThunks.cpp:
2775         * jit/JIT.cpp:
2776         (JSC::JIT::JIT):
2777         * jit/JIT.h:
2778         * jit/JITPropertyAccess.cpp:
2779         (JSC::JIT::stringGetByValStubGenerator):
2780         * jit/JITPropertyAccess32_64.cpp:
2781         (JSC::JIT::stringGetByValStubGenerator):
2782         * jit/JSInterfaceJIT.h:
2783         (JSC::JSInterfaceJIT::preserveReturnAddressAfterCall):
2784         (JSC::JSInterfaceJIT::restoreReturnAddressBeforeReturn):
2785         * jit/SpecializedThunkJIT.h:
2786         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2787         (JSC::SpecializedThunkJIT::finalize):
2788         * jit/ThunkGenerators.cpp:
2789         (JSC::linkForGenerator):
2790         (JSC::virtualForGenerator):
2791         (JSC::stringLengthTrampolineGenerator):
2792         (JSC::nativeForGenerator):
2793         (JSC::arityFixup):
2794         (JSC::charCodeAtThunkGenerator):
2795         (JSC::charAtThunkGenerator):
2796         (JSC::fromCharCodeThunkGenerator):
2797         (JSC::sqrtThunkGenerator):
2798         (JSC::floorThunkGenerator):
2799         (JSC::ceilThunkGenerator):
2800         (JSC::roundThunkGenerator):
2801         (JSC::expThunkGenerator):
2802         (JSC::logThunkGenerator):
2803         (JSC::absThunkGenerator):
2804         (JSC::powThunkGenerator):
2805         (JSC::imulThunkGenerator):
2806         * llint/LLIntThunks.cpp:
2807         (JSC::LLInt::generateThunkWithJumpTo):
2808         * runtime/JSCJSValue.h:
2809
2810 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2811
2812         Unreviewed, fix Windows build part 2. m_jitCodeMap should always be there.
2813
2814         * bytecode/CodeBlock.h:
2815         (JSC::CodeBlock::jitCodeMap):
2816
2817 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2818
2819         Remove some of the tautologies in DFGRepatch function naming.
2820
2821         Rubber stamped by Mark Hahnenberg.
2822         
2823         For example change DFG::dfgLinkFor() to be DFG::linkFor().
2824
2825         * bytecode/CodeBlock.cpp:
2826         (JSC::CodeBlock::resetStubInternal):
2827         * dfg/DFGOperations.cpp:
2828         * dfg/DFGRepatch.cpp:
2829         (JSC::DFG::repatchCall):
2830         (JSC::DFG::repatchByIdSelfAccess):
2831         (JSC::DFG::tryCacheGetByID):
2832         (JSC::DFG::repatchGetByID):
2833         (JSC::DFG::buildGetByIDList):
2834         (JSC::DFG::tryCachePutByID):
2835         (JSC::DFG::repatchPutByID):
2836         (JSC::DFG::buildPutByIdList):
2837         (JSC::DFG::repatchIn):
2838         (JSC::DFG::linkFor):
2839         (JSC::DFG::linkSlowFor):
2840         (JSC::DFG::linkClosureCall):
2841         (JSC::DFG::resetGetByID):
2842         (JSC::DFG::resetPutByID):
2843         (JSC::DFG::resetIn):
2844         * dfg/DFGRepatch.h:
2845         (JSC::DFG::resetGetByID):
2846         (JSC::DFG::resetPutByID):
2847         (JSC::DFG::resetIn):
2848
2849 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2850
2851         Unreviewed, fix Windows build. ScratchBuffer should always be available regardless of
2852         ENABLE_DFG_JIT.
2853
2854         * runtime/VM.h:
2855
2856 2013-09-19  Daniel Bates  <dabates@apple.com>
2857
2858         [iOS] Add more iOS logic to the JavaScriptCore build configuration files
2859         https://bugs.webkit.org/show_bug.cgi?id=121635
2860
2861         Reviewed by Geoffrey Garen.
2862
2863         Towards building JavaScriptCore for both OS X and iOS using the same
2864         set of configuration files, add more iOS logic.
2865
2866         * Configurations/Base.xcconfig:
2867         * Configurations/JSC.xcconfig:
2868         * Configurations/JavaScriptCore.xcconfig:
2869         * Configurations/ToolExecutable.xcconfig:
2870
2871 2013-09-19  Filip Pizlo  <fpizlo@apple.com>
2872
2873         Move CCallHelpers and AssemblyHelpers into jit/ and have JSInterfaceJIT use them
2874         https://bugs.webkit.org/show_bug.cgi?id=121637
2875
2876         Rubber stamped by Michael Saboff.
2877         
2878         Also moved GPRInfo/FPRInfo into jit/.
2879
2880         * CMakeLists.txt:
2881         * GNUmakefile.list.am:
2882         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2883         * JavaScriptCore.xcodeproj/project.pbxproj:
2884         * Target.pri:
2885         * bytecode/ValueRecovery.h:
2886         (JSC::ValueRecovery::dumpInContext):
2887         * dfg/DFGAssemblyHelpers.cpp: Removed.
2888         * dfg/DFGAssemblyHelpers.h: Removed.
2889         * dfg/DFGBinarySwitch.h:
2890         * dfg/DFGByteCodeParser.cpp:
2891         * dfg/DFGCCallHelpers.h: Removed.
2892         * dfg/DFGDisassembler.cpp:
2893         * dfg/DFGFPRInfo.h: Removed.
2894         * dfg/DFGGPRInfo.h: Removed.
2895         * dfg/DFGGraph.cpp:
2896         * dfg/DFGGraph.h:
2897         * dfg/DFGJITCompiler.h:
2898         * dfg/DFGOSRExit.cpp:
2899         * dfg/DFGOSRExit.h:
2900         * dfg/DFGOSRExitCompiler.h:
2901         * dfg/DFGOSRExitCompilerCommon.h:
2902         * dfg/DFGRegisterBank.h:
2903         * dfg/DFGRegisterSet.h:
2904         * dfg/DFGRepatch.cpp:
2905         * dfg/DFGSilentRegisterSavePlan.h:
2906         * dfg/DFGThunks.cpp:
2907         * dfg/DFGVariableEvent.cpp:
2908         * ftl/FTLCArgumentGetter.h:
2909         (JSC::FTL::CArgumentGetter::CArgumentGetter):
2910         (JSC::FTL::CArgumentGetter::loadNext8):
2911         (JSC::FTL::CArgumentGetter::loadNext32):
2912         (JSC::FTL::CArgumentGetter::loadNext64):
2913         (JSC::FTL::CArgumentGetter::loadNextPtr):
2914         (JSC::FTL::CArgumentGetter::loadNextDouble):
2915         * ftl/FTLCompile.cpp:
2916         * ftl/FTLExitThunkGenerator.h:
2917         * ftl/FTLLink.cpp:
2918         * ftl/FTLThunks.cpp:
2919         * jit/AssemblyHelpers.cpp: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.cpp.
2920         * jit/AssemblyHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGAssemblyHelpers.h.
2921         (JSC::AssemblyHelpers::AssemblyHelpers):
2922         (JSC::AssemblyHelpers::debugCall):
2923         * jit/CCallHelpers.h: Copied from Source/JavaScriptCore/dfg/DFGCCallHelpers.h.
2924         * jit/FPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGFPRInfo.h.
2925         (WTF::printInternal):
2926         * jit/GPRInfo.h: Copied from Source/JavaScriptCore/dfg/DFGGPRInfo.h.
2927         (WTF::printInternal):
2928         * jit/JIT.cpp:
2929         (JSC::JIT::JIT):
2930         * jit/JIT.h:
2931         * jit/JITPropertyAccess.cpp:
2932         (JSC::JIT::stringGetByValStubGenerator):
2933         * jit/JITPropertyAccess32_64.cpp:
2934         (JSC::JIT::stringGetByValStubGenerator):
2935         * jit/JSInterfaceJIT.h:
2936         (JSC::JSInterfaceJIT::JSInterfaceJIT):
2937         * jit/SpecializedThunkJIT.h:
2938         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
2939         (JSC::SpecializedThunkJIT::finalize):
2940         * jit/ThunkGenerators.cpp:
2941         (JSC::linkForGenerator):
2942         (JSC::virtualForGenerator):
2943         (JSC::stringLengthTrampolineGenerator):
2944         (JSC::nativeForGenerator):
2945         (JSC::arityFixup):
2946         (JSC::charCodeAtThunkGenerator):
2947         (JSC::charAtThunkGenerator):
2948         (JSC::fromCharCodeThunkGenerator):
2949         (JSC::sqrtThunkGenerator):
2950         (JSC::floorThunkGenerator):
2951         (JSC::ceilThunkGenerator):
2952         (JSC::roundThunkGenerator):
2953         (JSC::expThunkGenerator):
2954         (JSC::logThunkGenerator):
2955         (JSC::absThunkGenerator):
2956         (JSC::powThunkGenerator):
2957         (JSC::imulThunkGenerator):
2958         * llint/LLIntThunks.cpp:
2959         (JSC::LLInt::generateThunkWithJumpTo):
2960         * runtime/JSCJSValue.h:
2961
2962 2013-09-19  Daniel Bates  <dabates@apple.com>
2963
2964         [iOS] Substitute UNREACHABLE_FOR_PLATFORM() for RELEASE_ASSERT_NOT_REACHED()
2965
2966         Rubber-stamped by Joseph Pecoraro.
2967
2968         Use UNREACHABLE_FOR_PLATFORM() instead of RELEASE_ASSERT_NOT_REACHED() in
2969         the non-x86/x86-64 variant of JIT::emitSlow_op_mod() so as to avoid a missing
2970         noreturn warning in Clang while simultaneously asserting unreachable code.
2971
2972         * jit/JITArithmetic.cpp:
2973         (JSC::JIT::emitSlow_op_mod):
2974
2975 2013-09-19  Michael Saboff  <msaboff@apple.com>
2976
2977         JSC: X86 disassembler shows 16, 32 and 64 bit displacements as unsigned
2978         https://bugs.webkit.org/show_bug.cgi?id=121625
2979
2980         Rubber-stamped by Filip Pizlo.
2981
2982         Chenged 16, 32 and 64 bit offsets to be signed.  Kept the original tab indented
2983         spacing to match the rest of the file.
2984
2985         * disassembler/udis86/udis86_syn-att.c:
2986         (gen_operand):
2987
2988 2013-09-19  Daniel Bates  <dabates@apple.com>
2989
2990         Remove names of unused arguments from the non-x86/x86-64 function prototype
2991         for JIT::emitSlow_op_mod()
2992
2993         Rubber-stamped by Ryosuke Niwa.
2994
2995         * jit/JITArithmetic.cpp:
2996         (JSC::JIT::emitSlow_op_mod):
2997
2998 2013-09-18  Sam Weinig  <sam@webkit.org>
2999
3000         Replace use of OwnArrayPtr<Foo> with std::unique_ptr<Foo[]> in JavaScriptCore
3001         https://bugs.webkit.org/show_bug.cgi?id=121583
3002
3003         Reviewed by Anders Carlsson.
3004
3005         * API/JSStringRefCF.cpp:
3006         (JSStringCreateWithCFString):
3007         * API/JSStringRefQt.cpp:
3008         * bytecompiler/BytecodeGenerator.cpp:
3009         (JSC::BytecodeGenerator::BytecodeGenerator):
3010         * dfg/DFGByteCodeParser.cpp:
3011         (JSC::DFG::ByteCodeParser::parseBlock):
3012         * dfg/DFGDisassembler.cpp:
3013         (JSC::DFG::Disassembler::dumpDisassembly):
3014         * runtime/Arguments.cpp:
3015         (JSC::Arguments::tearOff):
3016         * runtime/Arguments.h:
3017         (JSC::Arguments::isTornOff):
3018         (JSC::Arguments::allocateSlowArguments):
3019         * runtime/JSPropertyNameIterator.cpp:
3020         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
3021         * runtime/JSPropertyNameIterator.h:
3022         * runtime/JSSegmentedVariableObject.h:
3023         * runtime/JSVariableObject.h:
3024         * runtime/PropertyNameArray.h:
3025         * runtime/RegExp.cpp:
3026         * runtime/StructureChain.h:
3027         (JSC::StructureChain::finishCreation):
3028         * runtime/SymbolTable.h:
3029         (JSC::SharedSymbolTable::setSlowArguments):
3030
3031 2013-09-18  Brent Fulgham  <bfulgham@apple.com>
3032
3033         [Windows] Unreviewed build fix after r156064.
3034
3035         * jsc.cpp:
3036         (jscmain): Need a temporary to perform '&' in VS2010.
3037
3038 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
3039
3040         Give 'jsc' commandline an option to disable deleting the VM.
3041
3042         Reviewed by Mark Hahnenberg.
3043
3044         * jsc.cpp:
3045         (jscmain):
3046         * runtime/Options.h:
3047
3048 2013-09-18  Anders Carlsson  <andersca@apple.com>
3049
3050         RefPtrHashMap should work with move only types
3051         https://bugs.webkit.org/show_bug.cgi?id=121564
3052
3053         Reviewed by Andreas Kling.
3054
3055         * runtime/VM.cpp:
3056         (JSC::VM::addSourceProviderCache):
3057
3058 2013-09-17  Mark Hahnenberg  <mhahnenberg@apple.com>
3059
3060         Rename OperationInProgress to HeapOperation and move it out of Heap.h into its own header
3061         https://bugs.webkit.org/show_bug.cgi?id=121534
3062
3063         Reviewed by Geoffrey Garen.
3064
3065         OperationInProgress is a silly name. 
3066
3067         Many parts of the Heap would like to know what HeapOperation is currently underway, but 
3068         since they are included in Heap.h they can't directly reference HeapOperation if it also 
3069         lives in Heap.h. The simplest thing to do is to give HeapOperation its own header. While 
3070         a bit overkill, it simplifies including it wherever its needed.
3071
3072         * JavaScriptCore.xcodeproj/project.pbxproj:
3073         * bytecode/CodeBlock.cpp:
3074         (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
3075         (JSC::CodeBlock::updateAllValueProfilePredictions):
3076         (JSC::CodeBlock::updateAllPredictions):
3077         * bytecode/CodeBlock.h:
3078         (JSC::CodeBlock::updateAllValueProfilePredictions):
3079         (JSC::CodeBlock::updateAllPredictions):
3080         * bytecode/LazyOperandValueProfile.cpp:
3081         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
3082         * bytecode/LazyOperandValueProfile.h:
3083         * bytecode/ValueProfile.h:
3084         (JSC::ValueProfileBase::computeUpdatedPrediction):
3085         * heap/Heap.h:
3086         * heap/HeapOperation.h: Added.
3087
3088 2013-09-18  Filip Pizlo  <fpizlo@apple.com>
3089
3090         DFG should support Int52 for local variables
3091         https://bugs.webkit.org/show_bug.cgi?id=121064
3092
3093         Reviewed by Oliver Hunt.
3094         
3095         This adds Int52 support for local variables to the DFG and FTL. It's a speed-up on
3096         programs that have local int32 overflows but where a larger int representation can
3097         prevent us from having to convert all the way up to double.
3098         
3099         It's a small speed-up for now. But we're just supporting Int52 for a handful of
3100         operations (add, sub, mul, neg, compare, bitops, typed array access) and this lays
3101         the groundwork for adding Int52 to JSValue, which will probably be a bigger
3102         speed-up.
3103         
3104         The basic approach is:
3105         
3106         - We have a notion of Int52 in our typesystem. Int52 doesn't belong to BytecodeTop
3107           or HeapTop - i.e. it doesn't arise from JSValues.
3108         
3109         - DFG treats Int52 as being part of its FullTop and will treat it as being a
3110           subtype of double unless instructed otherwise.
3111         
3112         - Prediction propagator creates Int52s whenever we have a node going doubly but due
3113           to large values rather than fractional values, and that node is known to be able
3114           to produce Int52 natively in the DFG backend.
3115         
3116         - Fixup phase converts edges to MachineIntUses in nodes that are known to be able
3117           to deal with Int52, and where we have a subtype of Int32|Int52 as the predicted
3118           input.
3119         
3120         - The DFG backend and FTL LLVM IR lowering have two notions of Int52s - ones that
3121           are left-shifted by 16 (great for overflow checks) and ones that are
3122           sign-extended. Both backends know how to convert between Int52s and the other
3123           representations.
3124
3125         * assembler/MacroAssemblerX86_64.h:
3126         (JSC::MacroAssemblerX86_64::rshift64):
3127         (JSC::MacroAssemblerX86_64::mul64):
3128         (JSC::MacroAssemblerX86_64::branchMul64):
3129         (JSC::MacroAssemblerX86_64::branchNeg64):
3130         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
3131         * assembler/X86Assembler.h:
3132         (JSC::X86Assembler::imulq_rr):
3133         (JSC::X86Assembler::cvtsi2sdq_rr):
3134         * bytecode/DataFormat.h:
3135         (JSC::dataFormatToString):
3136         * bytecode/ExitKind.cpp:
3137         (JSC::exitKindToString):
3138         * bytecode/ExitKind.h:
3139         * bytecode/OperandsInlines.h:
3140         (JSC::::dumpInContext):
3141         * bytecode/SpeculatedType.cpp:
3142         (JSC::dumpSpeculation):
3143         (JSC::speculationToAbbreviatedString):
3144         (JSC::speculationFromValue):
3145         * bytecode/SpeculatedType.h:
3146         (JSC::isInt32SpeculationForArithmetic):
3147         (JSC::isInt52Speculation):
3148         (JSC::isMachineIntSpeculationForArithmetic):
3149         (JSC::isInt52AsDoubleSpeculation):
3150         (JSC::isBytecodeRealNumberSpeculation):
3151         (JSC::isFullRealNumberSpeculation):
3152         (JSC::isBytecodeNumberSpeculation):
3153         (JSC::isFullNumberSpeculation):
3154         (JSC::isBytecodeNumberSpeculationExpectingDefined):
3155         (JSC::isFullNumberSpeculationExpectingDefined):
3156         * bytecode/ValueRecovery.h:
3157         (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt52):
3158         (JSC::ValueRecovery::inGPR):
3159         (JSC::ValueRecovery::displacedInJSStack):
3160         (JSC::ValueRecovery::isAlreadyInJSStack):
3161         (JSC::ValueRecovery::gpr):
3162         (JSC::ValueRecovery::virtualRegister):
3163         (JSC::ValueRecovery::dumpInContext):
3164         * dfg/DFGAbstractInterpreter.h:
3165         (JSC::DFG::AbstractInterpreter::needsTypeCheck):
3166         (JSC::DFG::AbstractInterpreter::filterByType):
3167         * dfg/DFGAbstractInterpreterInlines.h:
3168         (JSC::DFG::::executeEffects):
3169         * dfg/DFGAbstractValue.cpp:
3170         (JSC::DFG::AbstractValue::set):
3171         (JSC::DFG::AbstractValue::checkConsistency):
3172         * dfg/DFGAbstractValue.h:
3173         (JSC::DFG::AbstractValue::couldBeType):
3174         (JSC::DFG::AbstractValue::isType):
3175         (JSC::DFG::AbstractValue::checkConsistency):
3176         (JSC::DFG::AbstractValue::validateType):
3177         * dfg/DFGArrayMode.cpp:
3178         (JSC::DFG::ArrayMode::refine):
3179         * dfg/DFGAssemblyHelpers.h:
3180         (JSC::DFG::AssemblyHelpers::boxInt52):
3181         * dfg/DFGByteCodeParser.cpp:
3182         (JSC::DFG::ByteCodeParser::makeSafe):
3183         * dfg/DFGCSEPhase.cpp:
3184         (JSC::DFG::CSEPhase::pureCSE):
3185         (JSC::DFG::CSEPhase::getByValLoadElimination):
3186         (JSC::DFG::CSEPhase::performNodeCSE):
3187         * dfg/DFGClobberize.h:
3188         (JSC::DFG::clobberize):
3189         * dfg/DFGCommon.h:
3190         (JSC::DFG::enableInt52):
3191         * dfg/DFGDCEPhase.cpp:
3192         (JSC::DFG::DCEPhase::fixupBlock):
3193         * dfg/DFGFixupPhase.cpp:
3194         (JSC::DFG::FixupPhase::run):
3195         (JSC::DFG::FixupPhase::fixupNode):
3196         (JSC::DFG::FixupPhase::fixupSetLocalsInBlock):
3197         (JSC::DFG::FixupPhase::fixupUntypedSetLocalsInBlock):
3198         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3199         (JSC::DFG::FixupPhase::fixEdge):
3200         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3201         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
3202         * dfg/DFGFlushFormat.cpp:
3203         (WTF::printInternal):
3204         * dfg/DFGFlushFormat.h:
3205         (JSC::DFG::resultFor):
3206         (JSC::DFG::useKindFor):
3207         * dfg/DFGGenerationInfo.h:
3208         (JSC::DFG::GenerationInfo::initInt52):
3209         (JSC::DFG::GenerationInfo::initStrictInt52):
3210         (JSC::DFG::GenerationInfo::isFormat):
3211         (JSC::DFG::GenerationInfo::isInt52):
3212         (JSC::DFG::GenerationInfo::isStrictInt52):
3213         (JSC::DFG::GenerationInfo::fillInt52):
3214         (JSC::DFG::GenerationInfo::fillStrictInt52):
3215         * dfg/DFGGraph.cpp:
3216         (JSC::DFG::Graph::dump):
3217         * dfg/DFGGraph.h:
3218         (JSC::DFG::Graph::addShouldSpeculateMachineInt):
3219         (JSC::DFG::Graph::mulShouldSpeculateMachineInt):
3220         (JSC::DFG::Graph::negateShouldSpeculateMachineInt):
3221         * dfg/DFGInPlaceAbstractState.cpp:
3222         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3223         * dfg/DFGJITCode.cpp:
3224         (JSC::DFG::JITCode::reconstruct):
3225         * dfg/DFGJITCompiler.h:
3226         (JSC::DFG::JITCompiler::noticeOSREntry):
3227         * dfg/DFGMinifiedNode.h:
3228         (JSC::DFG::belongsInMinifiedGraph):
3229         (JSC::DFG::MinifiedNode::hasChild):
3230         * dfg/DFGNode.h:
3231         (JSC::DFG::Node::shouldSpeculateNumber):
3232         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3233         (JSC::DFG::Node::canSpeculateInt52):
3234         * dfg/DFGNodeFlags.h:
3235         (JSC::DFG::nodeCanSpeculateInt52):
3236         * dfg/DFGNodeType.h:
3237         (JSC::DFG::permitsOSRBackwardRewiring):
3238         (JSC::DFG::forwardRewiringSelectionScore):
3239         * dfg/DFGOSREntry.cpp:
3240         (JSC::DFG::prepareOSREntry):
3241         * dfg/DFGOSREntry.h:
3242         * dfg/DFGOSRExitCompiler.cpp:
3243         * dfg/DFGOSRExitCompiler64.cpp:
3244         (JSC::DFG::OSRExitCompiler::compileExit):
3245         * dfg/DFGPredictionPropagationPhase.cpp:
3246         (JSC::DFG::PredictionPropagationPhase::speculatedDoubleTypeForPrediction):
3247         (JSC::DFG::PredictionPropagationPhase::propagate):
3248         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3249         * dfg/DFGSafeToExecute.h:
3250         (JSC::DFG::SafeToExecuteEdge::operator()):
3251         (JSC::DFG::safeToExecute):
3252         * dfg/DFGSilentRegisterSavePlan.h:
3253         * dfg/DFGSpeculativeJIT.cpp:
3254         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3255         (JSC::DFG::SpeculativeJIT::silentFill):
3256         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3257         (JSC::DFG::SpeculativeJIT::compileInlineStart):
3258         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3259         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3260         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3261         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3262         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3263         (JSC::DFG::SpeculativeJIT::compileAdd):
3264         (JSC::DFG::SpeculativeJIT::compileArithSub):
3265         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3266         (JSC::DFG::SpeculativeJIT::compileArithMul):
3267         (JSC::DFG::SpeculativeJIT::compare):
3268         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3269         (JSC::DFG::SpeculativeJIT::speculateMachineInt):
3270         (JSC::DFG::SpeculativeJIT::speculateNumber):
3271         (JSC::DFG::SpeculativeJIT::speculateRealNumber):
3272         (JSC::DFG::SpeculativeJIT::speculate):
3273         * dfg/DFGSpeculativeJIT.h:
3274         (JSC::DFG::SpeculativeJIT::canReuse):
3275         (JSC::DFG::SpeculativeJIT::isFilled):
3276         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3277         (JSC::DFG::SpeculativeJIT::use):
3278         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3279         (JSC::DFG::SpeculativeJIT::isKnownCell):
3280         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3281         (JSC::DFG::SpeculativeJIT::int52Result):
3282         (JSC::DFG::SpeculativeJIT::strictInt52Result):
3283         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3284         (JSC::DFG::SpeculativeJIT::isInteger):
3285         (JSC::DFG::SpeculativeJIT::betterUseStrictInt52):
3286         (JSC::DFG::SpeculativeJIT::generationInfo):
3287         (JSC::DFG::SpeculateInt52Operand::SpeculateInt52Operand):
3288         (JSC::DFG::SpeculateInt52Operand::~SpeculateInt52Operand):
3289         (JSC::DFG::SpeculateInt52Operand::edge):
3290         (JSC::DFG::SpeculateInt52Operand::node):
3291         (JSC::DFG::SpeculateInt52Operand::gpr):
3292         (JSC::DFG::SpeculateInt52Operand::use):
3293         (JSC::DFG::SpeculateStrictInt52Operand::SpeculateStrictInt52Operand):
3294         (JSC::DFG::SpeculateStrictInt52Operand::~SpeculateStrictInt52Operand):
3295         (JSC::DFG::SpeculateStrictInt52Operand::edge):
3296         (JSC::DFG::SpeculateStrictInt52Operand::node):
3297         (JSC::DFG::SpeculateStrictInt52Operand::gpr):
3298         (JSC::DFG::SpeculateStrictInt52Operand::use):
3299         (JSC::DFG::SpeculateWhicheverInt52Operand::SpeculateWhicheverInt52Operand):
3300         (JSC::DFG::SpeculateWhicheverInt52Operand::~SpeculateWhicheverInt52Operand):
3301         (JSC::DFG::SpeculateWhicheverInt52Operand::edge):
3302         (JSC::DFG::SpeculateWhicheverInt52Operand::node):
3303         (JSC::DFG::SpeculateWhicheverInt52Operand::gpr):
3304         (JSC::DFG::SpeculateWhicheverInt52Operand::use):
3305         (JSC::DFG::SpeculateWhicheverInt52Operand::format):
3306         * dfg/DFGSpeculativeJIT32_64.cpp:
3307         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3308         (JSC::DFG::SpeculativeJIT::compile):
3309         * dfg/DFGSpeculativeJIT64.cpp:
3310         (JSC::DFG::SpeculativeJIT::boxInt52):
3311         (JSC::DFG::SpeculativeJIT::fillJSValue):
3312         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
3313         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
3314         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3315         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3316         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3317         (JSC::DFG::SpeculativeJIT::compileInt52Compare):
3318         (JSC::DFG::SpeculativeJIT::compilePeepHoleInt52Branch):
3319         (JSC::DFG::SpeculativeJIT::compile):
3320         * dfg/DFGUseKind.cpp:
3321         (WTF::printInternal):
3322         * dfg/DFGUseKind.h:
3323         (JSC::DFG::typeFilterFor):
3324         (JSC::DFG::isNumerical):
3325         * dfg/DFGValueSource.cpp:
3326         (JSC::DFG::ValueSource::dump):
3327         * dfg/DFGValueSource.h:
3328         (JSC::DFG::dataFormatToValueSourceKind):
3329         (JSC::DFG::valueSourceKindToDataFormat):
3330         (JSC::DFG::ValueSource::forFlushFormat):
3331         (JSC::DFG::ValueSource::valueRecovery):
3332         * dfg/DFGVariableAccessData.h:
3333         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
3334         (JSC::DFG::VariableAccessData::flushFormat):
3335         * ftl/FTLCArgumentGetter.cpp:
3336         (JSC::FTL::CArgumentGetter::loadNextAndBox):
3337         * ftl/FTLCArgumentGetter.h:
3338         * ftl/FTLCapabilities.cpp:
3339         (JSC::FTL::canCompile):
3340         * ftl/FTLExitValue.cpp:
3341         (JSC::FTL::ExitValue::dumpInContext):
3342         * ftl/FTLExitValue.h:
3343         (JSC::FTL::ExitValue::inJSStackAsInt52):
3344         * ftl/FTLIntrinsicRepository.h:
3345         * ftl/FTLLowerDFGToLLVM.cpp:
3346         (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
3347         (JSC::FTL::LowerDFGToLLVM::compileNode):
3348         (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
3349         (JSC::FTL::LowerDFGToLLVM::compilePhi):
3350         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3351         (JSC::FTL::LowerDFGToLLVM::compileAdd):
3352         (JSC::FTL::LowerDFGToLLVM::compileArithSub):
3353         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
3354         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
3355         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3356         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
3357         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
3358         (JSC::FTL::LowerDFGToLLVM::compileCompareLess):
3359         (JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
3360         (JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
3361         (JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
3362         (JSC::FTL::LowerDFGToLLVM::lowInt32):
3363         (JSC::FTL::LowerDFGToLLVM::lowInt52):
3364         (JSC::FTL::LowerDFGToLLVM::lowStrictInt52):
3365         (JSC::FTL::LowerDFGToLLVM::betterUseStrictInt52):
3366         (JSC::FTL::LowerDFGToLLVM::bestInt52Kind):
3367         (JSC::FTL::LowerDFGToLLVM::opposite):
3368         (JSC::FTL::LowerDFGToLLVM::lowWhicheverInt52):
3369         (JSC::FTL::LowerDFGToLLVM::lowCell):
3370         (JSC::FTL::LowerDFGToLLVM::lowBoolean):
3371         (JSC::FTL::LowerDFGToLLVM::lowDouble):
3372         (JSC::FTL::LowerDFGToLLVM::lowJSValue):
3373         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt32):
3374         (JSC::FTL::LowerDFGToLLVM::strictInt52ToDouble):
3375         (JSC::FTL::LowerDFGToLLVM::strictInt52ToJSValue):
3376         (JSC::FTL::LowerDFGToLLVM::setInt52WithStrictValue):
3377         (JSC::FTL::LowerDFGToLLVM::strictInt52ToInt52):
3378         (JSC::FTL::LowerDFGToLLVM::int52ToStrictInt52):
3379         (JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
3380         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
3381         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3382         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
3383         (JSC::FTL::LowerDFGToLLVM::setInt52):
3384         (JSC::FTL::LowerDFGToLLVM::setStrictInt52):
3385         * ftl/FTLOSRExitCompiler.cpp:
3386         (JSC::FTL::compileStub):
3387         * ftl/FTLOutput.h:
3388         (JSC::FTL::Output::addWithOverflow64):
3389         (JSC::FTL::Output::subWithOverflow64):
3390         (JSC::FTL::Output::mulWithOverflow64):
3391         * ftl/FTLValueFormat.cpp:
3392         (WTF::printInternal):
3393         * ftl/FTLValueFormat.h:
3394         * ftl/FTLValueSource.cpp:
3395         (JSC::FTL::ValueSource::dump):
3396         * ftl/FTLValueSource.h:
3397         * interpreter/Register.h:
3398         (JSC::Register::unboxedInt52):
3399         * runtime/Arguments.cpp:
3400         (JSC::Arguments::tearOffForInlineCallFrame):
3401         * runtime/IndexingType.cpp:
3402         (JSC::leastUpperBoundOfIndexingTypeAndType):
3403         * runtime/JSCJSValue.h:
3404         * runtime/JSCJSValueInlines.h:
3405         (JSC::JSValue::isMachineInt):
3406         (JSC::JSValue::asMachineInt):
3407
3408 2013-09-17  Michael Saboff  <msaboff@apple.com>
3409
3410         REGRESSION(r155771): js/stack-overflow-arrity-catch.html is crashing on non-Mac platforms
3411         https://bugs.webkit.org/show_bug.cgi?id=121376
3412
3413         Reviewed by Oliver Hunt.
3414
3415         Fix stack grow() call for stack growing down.  This should catch running out of stack space before
3416         we try to move the frame down due to arity mismatch.
3417
3418         * runtime/CommonSlowPaths.h:
3419         (JSC::CommonSlowPaths::arityCheckFor):
3420