CMake: Add support to optionally install the built JavaScript shell
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-10-27  Daniel Bates  <dbates@rim.com>
2
3         CMake: Add support to optionally install the built JavaScript shell
4         https://bugs.webkit.org/show_bug.cgi?id=71062
5
6         Reviewed by Antonio Gomes.
7
8         Generate an installation rule for installing the JavaScript shell in
9         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
10         is defined.
11
12         * shell/CMakeLists.txt:
13
14 2011-10-27  Kentaro Hara  <haraken@chromium.org>
15
16         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
17         https://bugs.webkit.org/show_bug.cgi?id=70215
18
19         Reviewed by Adam Barth.
20
21         Added a method that judges if a given JSValue is empty.
22
23         Tests: transforms/svg-vs-css.xhtml
24                transforms/cssmatrix-2d-interface.xhtml
25                transforms/cssmatrix-3d-interface.xhtml
26
27         * runtime/JSValue.h:
28         * runtime/JSValueInlineMethods.h:
29         (JSC::JSValue::isEmpty):
30
31 2011-10-27  Michael Saboff  <msaboff@apple.com>
32
33         ENH: Add 8 bit string support to JSC JIT
34         https://bugs.webkit.org/show_bug.cgi?id=71073
35
36         Changed the JIT String character access generation to create code
37         to check the character size and load8() or load16() as approriate.
38
39         Reviewed by Gavin Barraclough.
40
41         * assembler/MacroAssemblerX86Common.h:
42         (JSC::MacroAssemblerX86Common::load8):
43         * assembler/X86Assembler.h:
44         (JSC::X86Assembler::movzbl_mr):
45         * dfg/DFGSpeculativeJIT.cpp:
46         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
47         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
48         * jit/JITInlineMethods.h:
49         (JSC::JIT::emitLoadCharacterString):
50         * jit/JITPropertyAccess.cpp:
51         (JSC::JIT::stringGetByValStubGenerator):
52         * jit/JITPropertyAccess32_64.cpp:
53         (JSC::JIT::stringGetByValStubGenerator):
54         * jit/JSInterfaceJIT.h:
55         (JSC::ThunkHelpers::stringImplFlagsOffset):
56         (JSC::ThunkHelpers::stringImpl8BitFlag):
57         * jit/ThunkGenerators.cpp:
58         (JSC::stringCharLoad):
59
60 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
61
62         If the bytecode generator emits code after the return in the first basic block,
63         DFG's inliner crashes
64         https://bugs.webkit.org/show_bug.cgi?id=71071
65
66         Reviewed by Gavin Barraclough.
67         
68         Removed some cruft dealing with parsing failures due to unsupported functionality
69         (that's never reached anymore due to it being caught in DFGCapabilities). This
70         allowed me to repurpose the bool return from parseBlock() to mean: true if we
71         should continue to parse, or false if we've already parsed all live code.
72
73         * dfg/DFGByteCodeParser.cpp:
74         (JSC::DFG::ByteCodeParser::ByteCodeParser):
75         (JSC::DFG::ByteCodeParser::parseBlock):
76         (JSC::DFG::ByteCodeParser::parseCodeBlock):
77
78 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
79
80         Reviewed by David Kilzer.
81
82         Make FeatureDefines Identical Across OS X Projects
83         https://bugs.webkit.org/show_bug.cgi?id=71051
84
85         * Configurations/FeatureDefines.xcconfig:
86
87 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
88
89         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
90         https://bugs.webkit.org/show_bug.cgi?id=71045
91
92         Reviewed by Geoff Garen.
93         
94         Make sure that if a structure is pinned, it also has a property map.
95
96         * runtime/Structure.cpp:
97         (JSC::Structure::changePrototypeTransition):
98         (JSC::Structure::despecifyFunctionTransition):
99         (JSC::Structure::getterSetterTransition):
100         (JSC::Structure::toDictionaryTransition):
101         (JSC::Structure::preventExtensionsTransition):
102         (JSC::Structure::addPropertyWithoutTransition):
103         (JSC::Structure::removePropertyWithoutTransition):
104         (JSC::Structure::pin):
105         (JSC::Structure::copyPropertyTableForPinning):
106         * runtime/Structure.h:
107         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
108
109 2011-10-27  Michael Saboff  <msaboff@apple.com>
110
111         32bit build failure after r98624
112         https://bugs.webkit.org/show_bug.cgi?id=71064
113
114         Disambiguated operator overload with unsigned index (0u).
115
116         Reviewed by Sam Weinig.
117
118         * runtime/UString.h:
119         (JSC::operator==):
120
121 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
122
123         Fix building on GNU/kFreeBSD
124         https://bugs.webkit.org/show_bug.cgi?id=71005
125
126         Reviewed by Darin Adler.
127
128         * config.h:
129         * wtf/Platform.h:
130
131 2011-10-27  Michael Saboff  <msaboff@apple.com>
132
133         Investigate storing strings in 8-bit buffers when possible
134         https://bugs.webkit.org/show_bug.cgi?id=66161
135
136         Investigate storing strings in 8-bit buffers when possible
137         https://bugs.webkit.org/show_bug.cgi?id=66161
138
139         Added support for 8 bit string data in StringImpl.  Changed
140         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
141         with m_data16.  Added UChar* m_copyData16 to the other union
142         to store a 16 bit copy of an 8 bit string when needed.
143         Added characters8() and characters16() accessor methods
144         that assume the caller has checked the underlying string type
145         via the new is8Bit() method. The characters() method will
146         return a UChar* of the string, materializing a 16 bit copy if the
147         string is an 8 bit string.  Added two flags, one for 8 bit buffer
148         and a second for a 16 bit copy for an 8 bit string.
149
150         Fixed method name typo (StringHasher::defaultCoverter()).
151
152         Over time the goal is to eliminate calls to characters() and
153         us the character8() and characters16() accessors.
154
155         This patch does not include changes that actually create 8 bit
156         strings. This is the first of at least 8 patches.  Subsequent
157         patches will be submitted for JIT changes, making the JSC lexer,
158         parser and literal parser, JavaScript string changes and
159         then changes in webcore to take advantage of the 8 bit strings.
160
161         This change is performance neutral for SunSpider and V8 when
162         run from the command line with "jsc".
163
164         Reviewed by Geoffrey Garen.
165
166         * JavaScriptCore.exp:
167         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
168         * interpreter/Interpreter.cpp:
169         (JSC::Interpreter::callEval):
170         * parser/SourceProvider.h:
171         (JSC::UStringSourceProvider::data):
172         (JSC::UStringSourceProvider::UStringSourceProvider):
173         * runtime/Identifier.cpp:
174         (JSC::IdentifierCStringTranslator::hash):
175         (JSC::IdentifierCStringTranslator::equal):
176         (JSC::IdentifierCStringTranslator::translate):
177         (JSC::Identifier::add):
178         (JSC::Identifier::toUInt32):
179         * runtime/Identifier.h:
180         (JSC::Identifier::equal):
181         (JSC::operator==):
182         (JSC::operator!=):
183         * runtime/JSString.cpp:
184         (JSC::JSString::resolveRope):
185         (JSC::JSString::resolveRopeSlowCase):
186         * runtime/RegExp.cpp:
187         (JSC::RegExp::match):
188         * runtime/StringPrototype.cpp:
189         (JSC::jsSpliceSubstringsWithSeparators):
190         * runtime/UString.cpp:
191         (JSC::UString::UString):
192         (JSC::equalSlowCase):
193         (JSC::UString::utf8):
194         * runtime/UString.h:
195         (JSC::UString::characters):
196         (JSC::UString::characters8):
197         (JSC::UString::characters16):
198         (JSC::UString::is8Bit):
199         (JSC::UString::operator[]):
200         (JSC::UString::find):
201         (JSC::operator==):
202         * wtf/StringHasher.h:
203         (WTF::StringHasher::computeHash):
204         (WTF::StringHasher::defaultConverter):
205         * wtf/text/AtomicString.cpp:
206         (WTF::CStringTranslator::hash):
207         (WTF::CStringTranslator::equal):
208         (WTF::CStringTranslator::translate):
209         (WTF::AtomicString::add):
210         * wtf/text/AtomicString.h:
211         (WTF::AtomicString::AtomicString):
212         (WTF::AtomicString::contains):
213         (WTF::AtomicString::find):
214         (WTF::AtomicString::add):
215         (WTF::operator==):
216         (WTF::operator!=):
217         (WTF::equalIgnoringCase):
218         * wtf/text/StringConcatenate.h:
219         * wtf/text/StringHash.h:
220         (WTF::StringHash::equal):
221         (WTF::CaseFoldingHash::hash):
222         * wtf/text/StringImpl.cpp:
223         (WTF::StringImpl::~StringImpl):
224         (WTF::StringImpl::createUninitialized):
225         (WTF::StringImpl::create):
226         (WTF::StringImpl::getData16SlowCase):
227         (WTF::StringImpl::containsOnlyWhitespace):
228         (WTF::StringImpl::substring):
229         (WTF::StringImpl::characterStartingAt):
230         (WTF::StringImpl::lower):
231         (WTF::StringImpl::upper):
232         (WTF::StringImpl::fill):
233         (WTF::StringImpl::foldCase):
234         (WTF::StringImpl::stripMatchedCharacters):
235         (WTF::StringImpl::removeCharacters):
236         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
237         (WTF::StringImpl::toIntStrict):
238         (WTF::StringImpl::toUIntStrict):
239         (WTF::StringImpl::toInt64Strict):
240         (WTF::StringImpl::toUInt64Strict):
241         (WTF::StringImpl::toIntPtrStrict):
242         (WTF::StringImpl::toInt):
243         (WTF::StringImpl::toUInt):
244         (WTF::StringImpl::toInt64):
245         (WTF::StringImpl::toUInt64):
246         (WTF::StringImpl::toIntPtr):
247         (WTF::StringImpl::toDouble):
248         (WTF::StringImpl::toFloat):
249         (WTF::equal):
250         (WTF::equalIgnoringCase):
251         (WTF::StringImpl::find):
252         (WTF::StringImpl::findIgnoringCase):
253         (WTF::StringImpl::reverseFind):
254         (WTF::StringImpl::replace):
255         (WTF::StringImpl::defaultWritingDirection):
256         (WTF::StringImpl::adopt):
257         (WTF::StringImpl::createWithTerminatingNullCharacter):
258         * wtf/text/StringImpl.h:
259         (WTF::StringImpl::StringImpl):
260         (WTF::StringImpl::create):
261         (WTF::StringImpl::create8):
262         (WTF::StringImpl::tryCreateUninitialized):
263         (WTF::StringImpl::flagsOffset):
264         (WTF::StringImpl::flagIs8Bit):
265         (WTF::StringImpl::dataOffset):
266         (WTF::StringImpl::is8Bit):
267         (WTF::StringImpl::characters8):
268         (WTF::StringImpl::characters16):
269         (WTF::StringImpl::characters):
270         (WTF::StringImpl::has16BitShadow):
271         (WTF::StringImpl::setHash):
272         (WTF::StringImpl::hash):
273         (WTF::StringImpl::copyChars):
274         (WTF::StringImpl::operator[]):
275         (WTF::StringImpl::find):
276         (WTF::StringImpl::findIgnoringCase):
277         (WTF::equal):
278         (WTF::equalIgnoringCase):
279         (WTF::StringImpl::isolatedCopy):
280         * wtf/text/WTFString.cpp:
281         (WTF::String::String):
282         (WTF::String::append):
283         (WTF::String::format):
284         (WTF::String::fromUTF8):
285         (WTF::String::fromUTF8WithLatin1Fallback):
286         * wtf/text/WTFString.h:
287         (WTF::String::find):
288         (WTF::String::findIgnoringCase):
289         (WTF::String::contains):
290         (WTF::String::append):
291         (WTF::String::fromUTF8):
292         (WTF::String::fromUTF8WithLatin1Fallback):
293         (WTF::operator==):
294         (WTF::operator!=):
295         (WTF::equalIgnoringCase):
296         * wtf/unicode/Unicode.h:
297         * yarr/YarrJIT.cpp:
298         (JSC::Yarr::execute):
299         * yarr/YarrJIT.h:
300         (JSC::Yarr::YarrCodeBlock::execute):
301         * yarr/YarrParser.h:
302         (JSC::Yarr::Parser::Parser):
303
304 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
305
306         Fixing windows build
307
308         Unreviewed build fix
309
310         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
311
312 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
313
314         Add ability to check for presence of static members at compile time
315         https://bugs.webkit.org/show_bug.cgi?id=70986
316
317         Reviewed by Geoffrey Garen.
318
319         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
320         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
321         does indeed have a method with that name.  This mechanism is not currently 
322         used anywhere, but will be in the future when adding virtual methods from 
323         JSObject to the MethodTable.
324
325         * runtime/ClassInfo.h:
326
327 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
328
329         De-virtualize JSCell::toThisObject
330         https://bugs.webkit.org/show_bug.cgi?id=70958
331
332         Reviewed by Geoffrey Garen.
333
334         Converted all instances of toThisObject to static functions, 
335         added toThisObject to the MethodTable, and replaced all call sites
336         with a corresponding lookup in the MethodTable.
337
338         * API/JSContextRef.cpp:
339         * JavaScriptCore.exp:
340         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
341         * runtime/ClassInfo.h:
342         * runtime/JSActivation.cpp:
343         (JSC::JSActivation::toThisObject):
344         * runtime/JSActivation.h:
345         * runtime/JSCell.cpp:
346         (JSC::JSCell::toThisObject):
347         * runtime/JSCell.h:
348         * runtime/JSObject.cpp:
349         (JSC::JSObject::put):
350         (JSC::JSObject::toThisObject):
351         * runtime/JSObject.h:
352         (JSC::JSValue::toThisObject):
353         * runtime/JSStaticScopeObject.cpp:
354         (JSC::JSStaticScopeObject::toThisObject):
355         * runtime/JSStaticScopeObject.h:
356         * runtime/JSString.cpp:
357         (JSC::JSString::toThisObject):
358         * runtime/JSString.h:
359         * runtime/StrictEvalActivation.cpp:
360         (JSC::StrictEvalActivation::toThisObject):
361         * runtime/StrictEvalActivation.h:
362
363 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
364
365         Fix a small bug in callOperation after r98431
366         https://bugs.webkit.org/show_bug.cgi?id=70984
367
368         Reviewed by Geoffrey Garen.
369
370         TrustedImmPtr is not expecting "int" type parameters.
371
372         * dfg/DFGJITCodeGenerator.h:
373         (JSC::DFG::callOperation):
374
375 2011-10-26  Oliver Hunt  <oliver@apple.com>
376
377         Restore structure-clearing behaviour of allocateCell<>
378         https://bugs.webkit.org/show_bug.cgi?id=70976
379
380         Reviewed by Geoffrey Garen.
381
382         This restores the logic that allows the markstack to filter
383         live objects that have not yet been initialised.
384
385         * runtime/JSCell.h:
386         (JSC::JSCell::clearStructure):
387            Validation-safe method to clear a cell's structure.
388         (JSC::allocateCell):
389            Call the above method.
390         * runtime/Structure.h:
391         (JSC::MarkStack::internalAppend):
392            Don't visit cells that haven't been initialised.
393
394 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
395
396         REGRESSION (r97030): Cannot log in to progressive.com
397         https://bugs.webkit.org/show_bug.cgi?id=70094
398
399         Reviewed by Oliver Hunt.
400
401         * dfg/DFGByteCodeParser.cpp:
402         (JSC::DFG::ByteCodeParser::handleCall):
403
404 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
405
406         Remove getOwnPropertySlotVirtual
407         https://bugs.webkit.org/show_bug.cgi?id=70741
408
409         Reviewed by Geoffrey Garen.
410
411         Removed all declarations and definitions of getOwnPropertySlotVirtual.
412         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
413         corresponding lookup in the MethodTable.
414
415         * API/JSCallbackObject.h:
416         * API/JSCallbackObjectFunctions.h:
417         (JSC::::getOwnPropertyDescriptor):
418         * JavaScriptCore.exp:
419         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
420         * debugger/DebuggerActivation.cpp:
421         (JSC::DebuggerActivation::getOwnPropertySlot):
422         * debugger/DebuggerActivation.h:
423         * runtime/Arguments.cpp:
424         * runtime/Arguments.h:
425         * runtime/ArrayConstructor.cpp:
426         * runtime/ArrayConstructor.h:
427         * runtime/ArrayPrototype.cpp:
428         * runtime/ArrayPrototype.h:
429         * runtime/BooleanPrototype.cpp:
430         * runtime/BooleanPrototype.h:
431         * runtime/DateConstructor.cpp:
432         * runtime/DateConstructor.h:
433         * runtime/DatePrototype.cpp:
434         * runtime/DatePrototype.h:
435         (JSC::DatePrototype::create):
436         * runtime/ErrorPrototype.cpp:
437         * runtime/ErrorPrototype.h:
438         * runtime/JSActivation.cpp:
439         * runtime/JSActivation.h:
440         * runtime/JSArray.cpp:
441         (JSC::JSArray::getOwnPropertySlotByIndex):
442         * runtime/JSArray.h:
443         * runtime/JSByteArray.cpp:
444         * runtime/JSByteArray.h:
445         * runtime/JSCell.cpp:
446         * runtime/JSCell.h:
447         * runtime/JSFunction.cpp:
448         (JSC::JSFunction::getOwnPropertyDescriptor):
449         (JSC::JSFunction::getOwnPropertyNames):
450         (JSC::JSFunction::put):
451         * runtime/JSFunction.h:
452         * runtime/JSGlobalObject.cpp:
453         * runtime/JSGlobalObject.h:
454         * runtime/JSNotAnObject.cpp:
455         * runtime/JSNotAnObject.h:
456         * runtime/JSONObject.cpp:
457         (JSC::Stringifier::Holder::appendNextProperty):
458         (JSC::Walker::walk):
459         * runtime/JSONObject.h:
460         * runtime/JSObject.cpp:
461         (JSC::JSObject::getOwnPropertySlotByIndex):
462         (JSC::JSObject::hasOwnProperty):
463         * runtime/JSObject.h:
464         (JSC::JSCell::fastGetOwnPropertySlot):
465         (JSC::JSObject::getPropertySlot):
466         (JSC::JSValue::get):
467         * runtime/JSStaticScopeObject.cpp:
468         * runtime/JSStaticScopeObject.h:
469         * runtime/JSString.cpp:
470         (JSC::JSString::getOwnPropertySlot):
471         * runtime/JSString.h:
472         * runtime/MathObject.cpp:
473         * runtime/MathObject.h:
474         (JSC::MathObject::create):
475         * runtime/NumberConstructor.cpp:
476         * runtime/NumberConstructor.h:
477         * runtime/NumberPrototype.cpp:
478         * runtime/NumberPrototype.h:
479         * runtime/ObjectConstructor.cpp:
480         * runtime/ObjectConstructor.h:
481         * runtime/ObjectPrototype.cpp:
482         * runtime/ObjectPrototype.h:
483         * runtime/RegExpConstructor.cpp:
484         * runtime/RegExpConstructor.h:
485         * runtime/RegExpMatchesArray.h:
486         (JSC::RegExpMatchesArray::createStructure):
487         * runtime/RegExpObject.cpp:
488         * runtime/RegExpObject.h:
489         * runtime/RegExpPrototype.cpp:
490         * runtime/RegExpPrototype.h:
491         * runtime/StringConstructor.cpp:
492         * runtime/StringConstructor.h:
493         * runtime/StringObject.cpp:
494         * runtime/StringObject.h:
495         * runtime/StringPrototype.cpp:
496         * runtime/StringPrototype.h:
497
498 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
499
500         [GTK] [WK2] Add WebKit2 distcheck support
501         https://bugs.webkit.org/show_bug.cgi?id=70933
502
503         Reviewed by Martin Robinson.
504
505         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
506
507 2011-10-26  Michael Saboff  <msaboff@apple.com>
508
509         Increase StringImpl Flag Bits for 8 bit Strings
510         https://bugs.webkit.org/show_bug.cgi?id=70937
511
512         Increased the number of bits used for flags in StringImpl
513         from 6 to 8 bits. This frees up 2 flag bits that will be
514         used for 8-bit string support. Updated hash methods accordingly.
515         Changed hash value masking from the low bits to the high
516         bits.
517
518         Reviewed by Darin Adler.
519
520         * create_hash_table:
521         * wtf/StringHasher.h:
522         (WTF::StringHasher::hash):
523         * wtf/text/StringImpl.h:
524
525 2011-10-26  Dan Bernstein  <mitz@apple.com>
526
527         Build fix.
528
529         Reverted r98488, which caused the scripts’ status messages to be included in the generated
530         files.
531
532         * create_hash_table:
533         * create_jit_stubs:
534
535 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
536
537         Don't print regular output to STDERR when generating hashtables and JIT stubs
538
539         Reviewed by Simon Hausmann.
540
541         * create_hash_table:
542         * create_jit_stubs:
543
544 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
545
546         Split DFGJITCodeGenerator::callOperation methods
547         https://bugs.webkit.org/show_bug.cgi?id=70870
548
549         Reviewed by Filip Pizlo.
550
551         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
552         One set works with the JSVALUE64 value representation and passes arguments in
553         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
554         value representation and passes arguments in memory  (suitable for use on x86).
555         By refactoring out the representation and calling convention specific aspects
556         of the code we can also configure the DFG JIT to operator on platforms that use
557         the JSVALUE32_64 value representation but pass arguments in registers.
558
559         On platforms supported by the JIT, the payload precedes the tag of a value in
560         argument/result ordering, as such, in order to make the setupResults method
561         generally applicable to return the results of a function that are returned in
562         two registers, the ordering of arguments to this function has been reversed -
563         as is the ordering of augments passed to setupArguments methods, with respect
564         to the ordering with which they are passed in to callOperation.
565         This inconsistency will be resolved in a later change when we combine the pairs
566         of arguments passed into callOperation, such that the function signatures can
567         be made consistent across the two value representations (the callOperation
568         methods will be passed a reference to a struct representing the JSValue
569         temporary, this will consist of two gprs on 32_64 and one on 64).
570
571         * dfg/DFGJITCodeGenerator.h:
572         (JSC::DFG::resetCallArguments):
573         (JSC::DFG::addCallArgument):
574             - moved, removed tag,payload version of this method.
575         (JSC::DFG::setupArguments):
576         (JSC::DFG::setupArgumentsExecState):
577         (JSC::DFG::setupArgumentsWithExecState):
578             - Calling convention specific portion of callOperation refactored out into these methods.
579         (JSC::DFG::callOperation):
580             - updated these methods to use setupArguments* methods.
581         (JSC::DFG::setupResults):
582             - setupResults is now passed payload,tag.
583         (JSC::DFG::appendCallWithExceptionCheckSetResult):
584             - Added fpr versions of this function.
585         (JSC::DFG::appendCallSetResult):
586             - Added versions of this function without exception check.
587         * dfg/DFGJITCodeGenerator32_64.cpp:
588         (JSC::DFG::JITCodeGenerator::emitCall):
589             - setupResults is now passed payload,tag.
590
591 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
592
593         Remove deletePropertyVirtual
594         https://bugs.webkit.org/show_bug.cgi?id=70738
595
596         Reviewed by Geoffrey Garen.
597
598         Removed all declarations and definitions of deletePropertyVirtual.
599         Also replaced all call sites to deletePropertyVirtual with a 
600         corresponding lookup in the MethodTable.
601
602         * API/JSCallbackObject.h:
603         * API/JSCallbackObjectFunctions.h:
604         (JSC::::deletePropertyByIndex):
605         * API/JSObjectRef.cpp:
606         (JSObjectDeleteProperty):
607         * JavaScriptCore.exp:
608         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
609         * debugger/DebuggerActivation.cpp:
610         (JSC::DebuggerActivation::deleteProperty):
611         * debugger/DebuggerActivation.h:
612         * interpreter/Interpreter.cpp:
613         (JSC::Interpreter::privateExecute):
614         * jit/JITStubs.cpp:
615         (JSC::DEFINE_STUB_FUNCTION):
616         * runtime/Arguments.cpp:
617         * runtime/Arguments.h:
618         * runtime/ArrayPrototype.cpp:
619         (JSC::arrayProtoFuncPop):
620         (JSC::arrayProtoFuncReverse):
621         (JSC::arrayProtoFuncShift):
622         (JSC::arrayProtoFuncSplice):
623         (JSC::arrayProtoFuncUnShift):
624         * runtime/JSActivation.cpp:
625         * runtime/JSActivation.h:
626         * runtime/JSArray.cpp:
627         (JSC::JSArray::deleteProperty):
628         (JSC::JSArray::deletePropertyByIndex):
629         * runtime/JSArray.h:
630         * runtime/JSCell.cpp:
631         (JSC::JSCell::deleteProperty):
632         (JSC::JSCell::deletePropertyByIndex):
633         * runtime/JSCell.h:
634         * runtime/JSFunction.cpp:
635         * runtime/JSFunction.h:
636         * runtime/JSNotAnObject.cpp:
637         * runtime/JSNotAnObject.h:
638         * runtime/JSONObject.cpp:
639         (JSC::Walker::walk):
640         * runtime/JSObject.cpp:
641         (JSC::JSObject::deletePropertyByIndex):
642         (JSC::JSObject::defineOwnProperty):
643         * runtime/JSObject.h:
644         * runtime/JSVariableObject.cpp:
645         * runtime/JSVariableObject.h:
646         * runtime/RegExpMatchesArray.h:
647         * runtime/StrictEvalActivation.cpp:
648         * runtime/StrictEvalActivation.h:
649         * runtime/StringObject.cpp:
650         * runtime/StringObject.h:
651
652 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
653
654         Remove putVirtual
655         https://bugs.webkit.org/show_bug.cgi?id=70740
656
657         Reviewed by Geoffrey Garen.
658
659         Removed all declarations and definitions of putVirtual.
660         Also replaced all call sites to putVirtual with a 
661         corresponding lookup in the MethodTable.
662
663         * API/JSCallbackObject.h:
664         * API/JSCallbackObjectFunctions.h:
665         * API/JSObjectRef.cpp:
666         (JSObjectSetProperty):
667         (JSObjectSetPropertyAtIndex):
668         * JavaScriptCore.exp:
669         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
670         * debugger/DebuggerActivation.cpp:
671         (JSC::DebuggerActivation::put):
672         * debugger/DebuggerActivation.h:
673         * dfg/DFGOperations.cpp:
674         * interpreter/Interpreter.cpp:
675         (JSC::Interpreter::execute):
676         (JSC::Interpreter::privateExecute):
677         * jsc.cpp:
678         (GlobalObject::finishCreation):
679         * runtime/Arguments.cpp:
680         * runtime/Arguments.h:
681         * runtime/ArrayPrototype.cpp:
682         (JSC::putProperty):
683         (JSC::arrayProtoFuncConcat):
684         (JSC::arrayProtoFuncPush):
685         (JSC::arrayProtoFuncReverse):
686         (JSC::arrayProtoFuncShift):
687         (JSC::arrayProtoFuncSlice):
688         (JSC::arrayProtoFuncSort):
689         (JSC::arrayProtoFuncSplice):
690         (JSC::arrayProtoFuncUnShift):
691         (JSC::arrayProtoFuncFilter):
692         (JSC::arrayProtoFuncMap):
693         * runtime/JSActivation.cpp:
694         * runtime/JSActivation.h:
695         * runtime/JSArray.cpp:
696         (JSC::JSArray::putSlowCase):
697         (JSC::JSArray::push):
698         (JSC::JSArray::shiftCount):
699         (JSC::JSArray::unshiftCount):
700         * runtime/JSArray.h:
701         * runtime/JSByteArray.cpp:
702         * runtime/JSByteArray.h:
703         * runtime/JSCell.cpp:
704         (JSC::JSCell::put):
705         (JSC::JSCell::putByIndex):
706         * runtime/JSCell.h:
707         * runtime/JSFunction.cpp:
708         * runtime/JSFunction.h:
709         * runtime/JSGlobalObject.cpp:
710         * runtime/JSGlobalObject.h:
711         * runtime/JSNotAnObject.cpp:
712         * runtime/JSNotAnObject.h:
713         * runtime/JSONObject.cpp:
714         (JSC::Walker::walk):
715         * runtime/JSObject.cpp:
716         (JSC::JSObject::putByIndex):
717         (JSC::JSObject::defineOwnProperty):
718         * runtime/JSObject.h:
719         (JSC::JSValue::put):
720         * runtime/JSStaticScopeObject.cpp:
721         * runtime/JSStaticScopeObject.h:
722         * runtime/ObjectPrototype.cpp:
723         * runtime/ObjectPrototype.h:
724         * runtime/RegExpConstructor.cpp:
725         * runtime/RegExpConstructor.h:
726         * runtime/RegExpMatchesArray.h:
727         * runtime/RegExpObject.cpp:
728         * runtime/RegExpObject.h:
729         * runtime/StringObject.cpp:
730         * runtime/StringObject.h:
731         * runtime/StringPrototype.cpp:
732         (JSC::stringProtoFuncSplit):
733
734 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
735
736         Separate out function linking & exception check data structures.
737         https://bugs.webkit.org/show_bug.cgi?id=70858
738
739         Reviewed by Oliver Hunt.
740
741         This will make it easier to refactor the callOperation methods to spilt the value
742         representation specific handling from the cpu/calling-convention implementation.
743
744         * dfg/DFGJITCodeGenerator.h:
745         (JSC::DFG::appendCallWithExceptionCheck):
746         * dfg/DFGJITCodeGenerator32_64.cpp:
747         (JSC::DFG::JITCodeGenerator::emitCall):
748         * dfg/DFGJITCodeGenerator64.cpp:
749         (JSC::DFG::JITCodeGenerator::emitCall):
750         * dfg/DFGJITCompiler.cpp:
751         (JSC::DFG::JITCompiler::compileBody):
752         (JSC::DFG::JITCompiler::link):
753         * dfg/DFGJITCompiler.h:
754         (JSC::DFG::CallLinkRecord::CallLinkRecord):
755         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
756         (JSC::DFG::JITCompiler::JITCompiler):
757         (JSC::DFG::JITCompiler::notifyCall):
758         (JSC::DFG::JITCompiler::appendCall):
759         (JSC::DFG::JITCompiler::addExceptionCheck):
760         (JSC::DFG::JITCompiler::addFastExceptionCheck):
761         * dfg/DFGJITCompiler32_64.cpp:
762         (JSC::DFG::JITCompiler::compileBody):
763         (JSC::DFG::JITCompiler::link):
764
765 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
766
767         Tiered compilation may introduce dangling pointers in constant buffers
768         https://bugs.webkit.org/show_bug.cgi?id=70854
769
770         Reviewed by Oliver Hunt.
771         
772         Tiered compilation now copies constant buffers, which fixes the regression in
773         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
774         regression relies on a subtle interleaving of optimized compilation and garbage
775         collection, and cannot be reproduced in a simple test.
776         
777         This also adds some new debug support, which was used to fix this bug and is
778         likely to be useful in the future.
779
780         * bytecode/CodeBlock.cpp:
781         (JSC::CodeBlock::copyDataFrom):
782         (JSC::CodeBlock::usesOpcode):
783         * bytecode/CodeBlock.h:
784         * dfg/DFGGraph.cpp:
785         (JSC::DFG::Graph::dump):
786
787 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
788
789         Fixing Windows build after r98367
790
791         Unreviewed build fix
792
793         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
794
795 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
796
797         Add missing DFG file entries to the make lists for GTK and Qt ports
798         https://bugs.webkit.org/show_bug.cgi?id=70806
799
800         Reviewed by Darin Adler.
801
802         * GNUmakefile.list.am:
803         * JavaScriptCore.pro:
804
805 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
806
807         Add getOwnPropertySlot to MethodTable
808         https://bugs.webkit.org/show_bug.cgi?id=69807
809
810         Reviewed by Oliver Hunt.
811
812         * JavaScriptCore.exp:
813         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
814         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
815         reference it in their MethodTables.
816
817 2011-10-25  Oliver Hunt  <oliver@apple.com>
818
819         Need to support marking of multiple nested codeblocks when compiling
820         https://bugs.webkit.org/show_bug.cgi?id=70832
821
822         Reviewed by Gavin Barraclough.
823
824         When inlining a function we end up with multiple codeblocks being
825         compiled at the same time, so we need to support a list of live
826         codeblocks.
827
828         * heap/Heap.cpp:
829         (JSC::Heap::markRoots):
830         * runtime/JSGlobalData.cpp:
831         (JSC::JSGlobalData::JSGlobalData):
832         * runtime/JSGlobalData.h:
833         (JSC::JSGlobalData::startedCompiling):
834         (JSC::JSGlobalData::finishedCompiling):
835
836 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
837
838         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
839         https://bugs.webkit.org/show_bug.cgi?id=70798
840
841         Reviewed by Filip Pizlo.
842
843         When filling an integer for a known integer node (not speculated), it
844         should accept DataFormatJSInteger as well.
845
846         * dfg/DFGJITCodeGenerator32_64.cpp:
847         (JSC::DFG::JITCodeGenerator::fillInteger):
848
849 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
850
851         Build fix: removed some cases of threadsafeCopy() that I missed in
852         my previous patch.
853
854         * JavaScriptCore.order:
855
856 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
857
858         Removed SharedUChar and tightened language around its previous uses
859         https://bugs.webkit.org/show_bug.cgi?id=70698
860
861         Reviewed by David Levin.
862
863         - Removed SharedUChar because most of its functionality has moved into
864         other abstraction layers, and we want remaining clients to choose their
865         abstractions explicitly instead of relying on StringImpl to provide this
866         behavior implicitly, since we think they can sometimes make more efficient
867         choices.
868
869         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
870         the former names could give the impression that the resulting object was
871         thread-safe, but actually it's just an isolated copy, which is not
872         thread-safe by itself, but can be used to implement a thread-safe
873         algorithm through isolation.
874
875         * wtf/CrossThreadRefCounted.h: Removed.
876
877         * JavaScriptCore.exp: Export!
878
879         * wtf/text/StringImpl.cpp:
880         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
881
882         * wtf/text/StringImpl.h:
883         (WTF::StringImpl::length): Ditto.
884
885         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
886
887         * wtf/text/WTFString.cpp:
888         (WTF::String::isolatedCopy):
889         * wtf/text/WTFString.h: Updated for StringImpl changes.
890
891         * API/OpaqueJSString.h:
892         * GNUmakefile.list.am:
893         * JavaScriptCore.exp:
894         * JavaScriptCore.gypi:
895         * JavaScriptCore.order:
896         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
897         * JavaScriptCore.xcodeproj/project.pbxproj:
898         * wtf/CMakeLists.txt:
899         * wtf/OwnFastMallocPtr.h:
900         * wtf/RefCounted.h:
901         * wtf/SizeLimits.cpp:
902         * wtf/ThreadSafeRefCounted.h:
903         * wtf/wtf.pri:
904         * yarr/YarrPattern.h: Updated these files to accomodate removal of
905         CrossThreadRefCounted.h.
906
907 2011-10-24  Oliver Hunt  <oliver@apple.com>
908
909         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
910         https://bugs.webkit.org/show_bug.cgi?id=70689
911
912         Reviewed by Filip Pizlo.
913
914         While performing codegen we need to make the GlobalData explicitly
915         aware of the codeblock being compiled, as compilation may trigger GC
916         and CodeBlock holds GC values, but has not yet been assigned to its
917         owner executable.
918
919         * bytecompiler/BytecodeGenerator.cpp:
920         (JSC::BytecodeGenerator::BytecodeGenerator):
921         (JSC::BytecodeGenerator::~BytecodeGenerator):
922         * bytecompiler/BytecodeGenerator.h:
923         * heap/AllocationSpace.cpp:
924         (JSC::AllocationSpace::allocateSlowCase):
925         * heap/Heap.cpp:
926         (JSC::Heap::markRoots):
927         * runtime/JSGlobalData.cpp:
928         (JSC::JSGlobalData::JSGlobalData):
929         * runtime/JSGlobalData.h:
930         (JSC::JSGlobalData::startedCompiling):
931         (JSC::JSGlobalData::finishedCompiling):
932
933 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
934
935         Object-or-other branch speculation may corrupt the state for OSR if the child of the
936         branch is an integer
937         https://bugs.webkit.org/show_bug.cgi?id=70777
938
939         Reviewed by Oliver Hunt.
940
941         * dfg/DFGSpeculativeJIT64.cpp:
942         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
943
944 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
945
946         op_new_array_buffer is not inlined correctly
947         https://bugs.webkit.org/show_bug.cgi?id=70770
948
949         Reviewed by Oliver Hunt.
950         
951         Disabled inlining of op_new_array_buffer, for now.
952
953         * dfg/DFGCapabilities.h:
954         (JSC::DFG::canInlineOpcode):
955
956 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
957
958         Add boolean speculations to DFG JIT 32_64
959         https://bugs.webkit.org/show_bug.cgi?id=70706
960
961         Reviewed by Filip Pizlo.
962
963         Different from the boolean speculations in DFG 64, the boolean
964         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
965         boolean instead of a JSBoolean. This choice is not only for
966         performance, but also to save a register as we're short of registers on
967         X86.
968         To accomplish this we make use of DataFormatBoolean, allow a value to
969         be represented as a primitive boolean and converted from/to a
970         JSBoolean.
971         This patch also fixes SpillOrder in 32_64, which should be different
972         from 64, and fixes needDataFormatConversion logic in 32_64.
973
974         * assembler/MacroAssemblerX86Common.h:
975         (JSC::MacroAssemblerX86Common::branchTest32):
976             We don't expect byte test actually as it doesn't work for registers
977             esp..edi on X86.
978         * dfg/DFGGenerationInfo.h:
979         (JSC::DFG::needDataFormatConversion):
980         (JSC::DFG::GenerationInfo::initBoolean):
981         (JSC::DFG::GenerationInfo::gpr):
982         (JSC::DFG::GenerationInfo::fillInteger):
983         (JSC::DFG::GenerationInfo::fillBoolean):
984         * dfg/DFGJITCodeGenerator.cpp:
985         (JSC::DFG::JITCodeGenerator::checkConsistency):
986         * dfg/DFGJITCodeGenerator.h:
987         (JSC::DFG::JITCodeGenerator::use):
988         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
989         (JSC::DFG::JITCodeGenerator::silentFillGPR):
990         (JSC::DFG::JITCodeGenerator::spill):
991         (JSC::DFG::cellResult):
992         (JSC::DFG::booleanResult):
993         * dfg/DFGJITCodeGenerator32_64.cpp:
994         (JSC::DFG::JITCodeGenerator::fillJSValue):
995         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
996         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
997         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
998         * dfg/DFGJITCompiler32_64.cpp:
999         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1000         * dfg/DFGSpeculativeJIT.cpp:
1001         (JSC::DFG::ValueSource::dump):
1002         (JSC::DFG::ValueRecovery::dump):
1003         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1004         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1005         * dfg/DFGSpeculativeJIT.h:
1006         (JSC::DFG::ValueSource::forPrediction):
1007         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
1008         (JSC::DFG::ValueRecovery::inGPR):
1009         (JSC::DFG::ValueRecovery::gpr):
1010         * dfg/DFGSpeculativeJIT32_64.cpp:
1011         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1012         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1013         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1014         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
1015         (JSC::DFG::SpeculativeJIT::compare):
1016         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1017         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1018         (JSC::DFG::SpeculativeJIT::emitBranch):
1019         (JSC::DFG::SpeculativeJIT::compile):
1020
1021 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1022
1023         Fixing Windows build
1024
1025         Unreviewed build fix
1026
1027         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1028
1029 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
1030
1031         BitVector isInline check could fail
1032         https://bugs.webkit.org/show_bug.cgi?id=70691
1033
1034         Reviewed by Geoffrey Garen.
1035
1036         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
1037         whether it's an inlined bit set or a pointer to an outOfLine bit set.
1038         This check may fail in case the pointer also has the highest bit set,
1039         which is surely possible on IA32 (Linux).
1040         In this case the check failure can result in unexpected behaviors,
1041         for example if the BitVector is incorrectly determined as having an
1042         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
1043         modify the memory adjacent to the BitVector object.
1044         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
1045         or outofline, based on the assumption that the pointer to OutOfLineBits
1046         should be 4 or 8 byte aligned.
1047         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
1048         and bits 1~bitsInPointer are used for bit set/test.
1049         In this case we need do one bit more shift for bit set/test.
1050
1051         * wtf/BitVector.cpp:
1052         (WTF::BitVector::resizeOutOfLine):
1053         * wtf/BitVector.h:
1054         (WTF::BitVector::quickGet):
1055         (WTF::BitVector::quickSet):
1056         (WTF::BitVector::quickClear):
1057         (WTF::BitVector::makeInlineBits):
1058         (WTF::BitVector::isInline):
1059
1060 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
1061
1062         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
1063         https://bugs.webkit.org/show_bug.cgi?id=70271
1064
1065         Reviewed by Darin Adler.
1066
1067         Renaming versions of getOwnPropertySlot that use an unsigned as the property
1068         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
1069         MethodTable, which requires unique names for each method.
1070
1071         * JavaScriptCore.exp:
1072         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1073         * runtime/Arguments.cpp:
1074         (JSC::Arguments::getOwnPropertySlotVirtual):
1075         (JSC::Arguments::getOwnPropertySlotByIndex):
1076         * runtime/Arguments.h:
1077         * runtime/JSArray.cpp:
1078         (JSC::JSArray::getOwnPropertySlotVirtual):
1079         (JSC::JSArray::getOwnPropertySlotByIndex):
1080         (JSC::JSArray::getOwnPropertySlot):
1081         * runtime/JSArray.h:
1082         * runtime/JSByteArray.cpp:
1083         (JSC::JSByteArray::getOwnPropertySlotVirtual):
1084         (JSC::JSByteArray::getOwnPropertySlotByIndex):
1085         * runtime/JSByteArray.h:
1086         * runtime/JSCell.cpp:
1087         (JSC::JSCell::getOwnPropertySlotVirtual):
1088         (JSC::JSCell::getOwnPropertySlotByIndex):
1089         * runtime/JSCell.h:
1090         * runtime/JSNotAnObject.cpp:
1091         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
1092         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
1093         * runtime/JSNotAnObject.h:
1094         * runtime/JSObject.cpp:
1095         (JSC::JSObject::getOwnPropertySlotVirtual):
1096         (JSC::JSObject::getOwnPropertySlotByIndex):
1097         * runtime/JSObject.h:
1098         * runtime/JSString.cpp:
1099         (JSC::JSString::getOwnPropertySlotVirtual):
1100         (JSC::JSString::getOwnPropertySlotByIndex):
1101         * runtime/JSString.h:
1102         * runtime/ObjectPrototype.cpp:
1103         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
1104         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
1105         * runtime/ObjectPrototype.h:
1106         * runtime/RegExpMatchesArray.h:
1107         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
1108         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
1109         * runtime/StringObject.cpp:
1110         (JSC::StringObject::getOwnPropertySlotVirtual):
1111         (JSC::StringObject::getOwnPropertySlotByIndex):
1112         * runtime/StringObject.h:
1113
1114 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
1115
1116         Interpreter build fix after r98179.
1117
1118         * bytecode/CodeBlock.h:
1119         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
1120         since it is only used there.
1121
1122 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
1123
1124         Fixed a typo Darin spotted.
1125
1126         * wtf/StringHasher.h:
1127         (WTF::StringHasher::hash): Expelliarmus!
1128
1129 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
1130
1131         Removed StringImpl::createStrippingNullCharacters
1132         https://bugs.webkit.org/show_bug.cgi?id=70700
1133
1134         Reviewed by David Levin.
1135         
1136         It was unused.
1137
1138         * JavaScriptCore.exp:
1139         * wtf/text/StringImpl.cpp:
1140         * wtf/text/StringImpl.h:
1141
1142 2011-10-22  Filip Pizlo  <fpizlo@apple.com>
1143
1144         DFG should inline constructors
1145         https://bugs.webkit.org/show_bug.cgi?id=70675
1146
1147         Reviewed by Oliver Hunt.
1148         
1149         Adds support for inlining constructors. Also fixes two pathologies
1150         uncovered along the way: CheckMethod claimed that it never returned a
1151         result (causing CheckMethod -> SetLocal -> GetLocal sequences to
1152         result in the GetLocal doing OSR exit), and get_by_id parsing never
1153         checked if it was hot in slow path. Also fiddled with inlining
1154         heuristics; it appears that for now, the more inlining, the happier
1155         V8 is. Finally, a bug was uncovered where a silent spill of a boxed
1156         integer that had previously been spilled unboxed causes the silent
1157         fill to forget to unbox.
1158         
1159         This appears to be a 4% speed-up on V8 in their harness, or a 1%
1160         speed-up in my harness. The difference is due to warm-up: in my
1161         harness we see significant amounts of time spent in compilation, but
1162         in V8's harness compilation gets amortizes. Profiling indicates that
1163         we have the potential for a 5% win from basic optimizations like
1164         generating OSR exits lazily and holding onto bytecode longer.
1165
1166         * dfg/DFGAbstractState.cpp:
1167         (JSC::DFG::AbstractState::execute):
1168         * dfg/DFGByteCodeParser.cpp:
1169         (JSC::DFG::ByteCodeParser::handleCall):
1170         (JSC::DFG::ByteCodeParser::handleInlining):
1171         (JSC::DFG::ByteCodeParser::handleMinMax):
1172         (JSC::DFG::ByteCodeParser::parseBlock):
1173         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1174         (JSC::DFG::ByteCodeParser::parse):
1175         * dfg/DFGCapabilities.h:
1176         (JSC::DFG::mightInlineFunctionForConstruct):
1177         (JSC::DFG::canInlineOpcode):
1178         (JSC::DFG::mightInlineFunctionFor):
1179         (JSC::DFG::canInlineFunctionFor):
1180         * dfg/DFGJITCodeGenerator.h:
1181         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1182         * runtime/Executable.h:
1183         (JSC::isCall):
1184         (JSC::ExecutableBase::intrinsicFor):
1185         * runtime/Heuristics.cpp:
1186         (JSC::Heuristics::initializeHeuristics):
1187         * runtime/Heuristics.h:
1188
1189 2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
1190
1191         [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
1192         https://bugs.webkit.org/show_bug.cgi?id=70703
1193
1194         Reviewed by Kent Tamura.
1195
1196         runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
1197         to these files from the gyp project files.
1198
1199         * JavaScriptCore.gypi:
1200
1201 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
1202
1203         Add deleteProperty to the MethodTable
1204         https://bugs.webkit.org/show_bug.cgi?id=70162
1205
1206         Reviewed by Sam Weinig.
1207
1208         * JavaScriptCore.exp:
1209         * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
1210         * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
1211         be protected rather than private for subclasses who don't provide their own
1212         implementation.
1213
1214 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
1215
1216         Remove getConstructDataVirtual
1217         https://bugs.webkit.org/show_bug.cgi?id=70638
1218
1219         Reviewed by Darin Adler.
1220
1221         Removed all declarations and definitions of getConstructDataVirtual.
1222         Also replaced all call sites to getConstructDataVirtual with a 
1223         corresponding lookup in the MethodTable.
1224
1225         * API/JSCallbackConstructor.cpp:
1226         * API/JSCallbackConstructor.h:
1227         * API/JSCallbackObject.h:
1228         * API/JSCallbackObjectFunctions.h:
1229         * API/JSObjectRef.cpp:
1230         (JSObjectIsConstructor):
1231         (JSObjectCallAsConstructor):
1232         * JavaScriptCore.exp:
1233         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1234         * dfg/DFGOperations.cpp:
1235         * interpreter/Interpreter.cpp:
1236         (JSC::Interpreter::privateExecute):
1237         * jit/JITStubs.cpp:
1238         (JSC::DEFINE_STUB_FUNCTION):
1239         * runtime/ArrayConstructor.cpp:
1240         * runtime/ArrayConstructor.h:
1241         * runtime/BooleanConstructor.cpp:
1242         * runtime/BooleanConstructor.h:
1243         * runtime/DateConstructor.cpp:
1244         * runtime/DateConstructor.h:
1245         * runtime/Error.h:
1246         (JSC::StrictModeTypeErrorFunction::getConstructData):
1247         * runtime/ErrorConstructor.cpp:
1248         * runtime/ErrorConstructor.h:
1249         * runtime/FunctionConstructor.cpp:
1250         * runtime/FunctionConstructor.h:
1251         * runtime/JSCell.cpp:
1252         * runtime/JSCell.h:
1253         * runtime/JSFunction.cpp:
1254         * runtime/JSFunction.h:
1255         * runtime/JSObject.h:
1256         (JSC::getConstructData):
1257         * runtime/NativeErrorConstructor.cpp:
1258         * runtime/NativeErrorConstructor.h:
1259         * runtime/NumberConstructor.cpp:
1260         * runtime/NumberConstructor.h:
1261         * runtime/ObjectConstructor.cpp:
1262         * runtime/ObjectConstructor.h:
1263         * runtime/RegExpConstructor.cpp:
1264         * runtime/RegExpConstructor.h:
1265         * runtime/StringConstructor.cpp:
1266         * runtime/StringConstructor.h:
1267
1268 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
1269
1270         Try to fix the SL build.
1271
1272         * dfg/DFGByteCodeParser.cpp:
1273         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
1274         away int vs unisgned warning.
1275
1276 2011-10-21  Geoffrey Garen  <ggaren@apple.com>
1277
1278         Separated string lifetime bits from character buffer state bits
1279         https://bugs.webkit.org/show_bug.cgi?id=70673
1280
1281         Reviewed by Anders Carlsson.
1282         
1283         Moved the static/immortal bit into the bottom bit of the refcount, and
1284         moved all other bits into the high bits of the hash code.
1285         
1286         This is the first step toward a new Characters/PassString class, and it
1287         makes ref/deref slightly more efficient.
1288
1289         * create_hash_table:
1290         * wtf/StringHasher.h:
1291         (WTF::StringHasher::hash): Tweaked the string hashing function to leave
1292         the top bits clear, so they can be used as flags.
1293         
1294         Fixed some small differences between the PERL copy of this function and
1295         the C++ copy of this function, which could have in theory caused subtle
1296         crashes.
1297
1298         * wtf/text/StringImpl.cpp:
1299         (WTF::StringImpl::sharedBuffer):
1300         (WTF::StringImpl::createWithTerminatingNullCharacter):
1301         * wtf/text/StringImpl.h:
1302         (WTF::StringImpl::StringImpl):
1303         (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
1304         s_didReportExtraCost, since the original name was both self-contradictory
1305         and used as a double-negative.
1306
1307         (WTF::StringImpl::isIdentifier):
1308         (WTF::StringImpl::setIsIdentifier):
1309         (WTF::StringImpl::hasTerminatingNullCharacter):
1310         (WTF::StringImpl::isAtomic):
1311         (WTF::StringImpl::setIsAtomic):
1312         (WTF::StringImpl::setHash):
1313         (WTF::StringImpl::rawHash):
1314         (WTF::StringImpl::hasHash):
1315         (WTF::StringImpl::existingHash):
1316         (WTF::StringImpl::hash):
1317         (WTF::StringImpl::hasOneRef):
1318         (WTF::StringImpl::ref):
1319         (WTF::StringImpl::deref):
1320         (WTF::StringImpl::bufferOwnership):
1321         (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
1322         bit of the refcount. Now, all lifetime information lives in the refcount
1323         field. Moved the other bits into the hash code field.
1324
1325 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
1326
1327         DFG inlining sometimes fails to reset constant references
1328         https://bugs.webkit.org/show_bug.cgi?id=70668
1329
1330         Reviewed by Anders Carlsson.
1331         
1332         Reset constant references when we need to (new block created) and not
1333         when we don't (change of inlining depth).
1334
1335         * dfg/DFGByteCodeParser.cpp:
1336         (JSC::DFG::ByteCodeParser::handleInlining):
1337         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
1338         (JSC::DFG::ByteCodeParser::parseBlock):
1339         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1340
1341 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
1342
1343         DFG should have inlining
1344         https://bugs.webkit.org/show_bug.cgi?id=69996
1345
1346         Reviewed by Oliver Hunt.
1347         
1348         Implements inlining that's hooked into the bytecode parser. Only
1349         works for calls, for now, though nothing fundamentally prevents us
1350         from inlining constructor calls. 2% overall speed-up on all
1351         benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
1352         richards respectively), neutral on Kraken and SunSpider. 
1353         
1354         * bytecode/CodeBlock.cpp:
1355         (JSC::CodeBlock::visitAggregate):
1356         * bytecode/CodeBlock.h:
1357         (JSC::CodeBlock::baselineVersion):
1358         (JSC::CodeBlock::setInstructionCount):
1359         (JSC::CodeBlock::likelyToTakeSlowCase):
1360         (JSC::CodeBlock::couldTakeSlowCase):
1361         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
1362         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
1363         (JSC::CodeBlock::likelyToTakeAnySlowCase):
1364         * bytecode/CodeOrigin.h:
1365         (JSC::CodeOrigin::inlineDepthForCallFrame):
1366         (JSC::CodeOrigin::inlineDepth):
1367         (JSC::CodeOrigin::operator==):
1368         (JSC::CodeOrigin::inlineStack):
1369         * bytecompiler/BytecodeGenerator.cpp:
1370         (JSC::BytecodeGenerator::generate):
1371         * dfg/DFGAbstractState.cpp:
1372         (JSC::DFG::AbstractState::beginBasicBlock):
1373         (JSC::DFG::AbstractState::execute):
1374         (JSC::DFG::AbstractState::mergeStateAtTail):
1375         * dfg/DFGBasicBlock.h:
1376         (JSC::DFG::BasicBlock::BasicBlock):
1377         (JSC::DFG::BasicBlock::ensureLocals):
1378         (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
1379         * dfg/DFGByteCodeParser.cpp:
1380         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1381         (JSC::DFG::ByteCodeParser::getDirect):
1382         (JSC::DFG::ByteCodeParser::get):
1383         (JSC::DFG::ByteCodeParser::setDirect):
1384         (JSC::DFG::ByteCodeParser::set):
1385         (JSC::DFG::ByteCodeParser::getLocal):
1386         (JSC::DFG::ByteCodeParser::getArgument):
1387         (JSC::DFG::ByteCodeParser::flush):
1388         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
1389         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
1390         (JSC::DFG::ByteCodeParser::handleInlining):
1391         (JSC::DFG::ByteCodeParser::parseBlock):
1392         (JSC::DFG::ByteCodeParser::processPhiStack):
1393         (JSC::DFG::ByteCodeParser::linkBlock):
1394         (JSC::DFG::ByteCodeParser::linkBlocks):
1395         (JSC::DFG::ByteCodeParser::handleSuccessor):
1396         (JSC::DFG::ByteCodeParser::determineReachability):
1397         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
1398         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1399         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1400         (JSC::DFG::ByteCodeParser::parse):
1401         * dfg/DFGCapabilities.cpp:
1402         (JSC::DFG::canHandleOpcodes):
1403         (JSC::DFG::canCompileOpcodes):
1404         (JSC::DFG::canInlineOpcodes):
1405         * dfg/DFGCapabilities.h:
1406         (JSC::DFG::mightCompileEval):
1407         (JSC::DFG::mightCompileProgram):
1408         (JSC::DFG::mightCompileFunctionForCall):
1409         (JSC::DFG::mightCompileFunctionForConstruct):
1410         (JSC::DFG::mightInlineFunctionForCall):
1411         (JSC::DFG::mightInlineFunctionForConstruct):
1412         (JSC::DFG::canInlineOpcode):
1413         (JSC::DFG::canInlineOpcodes):
1414         (JSC::DFG::canInlineFunctionForCall):
1415         (JSC::DFG::canInlineFunctionForConstruct):
1416         * dfg/DFGGraph.cpp:
1417         (JSC::DFG::printWhiteSpace):
1418         (JSC::DFG::Graph::dumpCodeOrigin):
1419         (JSC::DFG::Graph::dump):
1420         * dfg/DFGGraph.h:
1421         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
1422         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
1423         * dfg/DFGJITCompiler.cpp:
1424         (JSC::DFG::JITCompiler::decodedCodeMapFor):
1425         (JSC::DFG::JITCompiler::linkOSRExits):
1426         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1427         * dfg/DFGJITCompiler.h:
1428         (JSC::DFG::JITCompiler::debugCall):
1429         (JSC::DFG::JITCompiler::baselineCodeBlockFor):
1430         * dfg/DFGJITCompiler32_64.cpp:
1431         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1432         * dfg/DFGNode.h:
1433         (JSC::DFG::Node::hasVariableAccessData):
1434         (JSC::DFG::Node::shouldGenerate):
1435         * dfg/DFGOperands.h:
1436         (JSC::DFG::Operands::ensureLocals):
1437         (JSC::DFG::Operands::setLocal):
1438         (JSC::DFG::Operands::getLocal):
1439         * dfg/DFGPropagator.cpp:
1440         (JSC::DFG::Propagator::propagateNodePredictions):
1441         * dfg/DFGSpeculativeJIT.cpp:
1442         (JSC::DFG::OSRExit::OSRExit):
1443         (JSC::DFG::SpeculativeJIT::compile):
1444         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1445         * dfg/DFGSpeculativeJIT.h:
1446         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1447         * dfg/DFGSpeculativeJIT32_64.cpp:
1448         (JSC::DFG::SpeculativeJIT::compile):
1449         * dfg/DFGSpeculativeJIT64.cpp:
1450         (JSC::DFG::SpeculativeJIT::compile):
1451         * interpreter/CallFrame.cpp:
1452         (JSC::CallFrame::trueCallerFrameSlow):
1453         * jit/JITCall.cpp:
1454         (JSC::JIT::compileOpCallSlowCase):
1455         * jit/JITStubs.cpp:
1456         (JSC::DEFINE_STUB_FUNCTION):
1457         * runtime/Executable.cpp:
1458         (JSC::FunctionExecutable::baselineCodeBlockFor):
1459         (JSC::FunctionExecutable::produceCodeBlockFor):
1460         (JSC::FunctionExecutable::compileForCallInternal):
1461         (JSC::FunctionExecutable::compileForConstructInternal):
1462         * runtime/Executable.h:
1463         (JSC::FunctionExecutable::profiledCodeBlockFor):
1464         (JSC::FunctionExecutable::parameterCount):
1465         * runtime/Heuristics.cpp:
1466         (JSC::Heuristics::initializeHeuristics):
1467         * runtime/Heuristics.h:
1468         * runtime/JSFunction.h:
1469
1470 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
1471
1472         Add put to the MethodTable
1473         https://bugs.webkit.org/show_bug.cgi?id=70439
1474
1475         Reviewed by Oliver Hunt.
1476
1477         * JavaScriptCore.exp:
1478         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1479         * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
1480         * runtime/JSFunction.h: Changed access modifier for put to protected since some
1481         subclasses of JSFunction need to reference it in their MethodTables.
1482
1483 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
1484
1485         Add finalizer to JSObject
1486         https://bugs.webkit.org/show_bug.cgi?id=70336
1487
1488         Reviewed by Darin Adler.
1489
1490         * heap/MarkedBlock.cpp:
1491         (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 
1492         if we're a JSFinalObject, since the finalizer takes care of things.
1493         * runtime/JSCell.h:
1494         (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 
1495         future changes and the fact that we no longer always call the destructor, making 
1496         the information provided less useful.
1497         * runtime/JSObject.cpp:
1498         (JSC::JSObject::finalize): Add finalizer for JSObject.
1499         (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
1500         property storage, we add a finalizer to ourself.
1501         * runtime/JSObject.h:
1502
1503 2011-10-21  Simon Hausmann  <simon.hausmann@nokia.com>
1504
1505         Remove QtScript source code from WebKit.
1506         https://bugs.webkit.org/show_bug.cgi?id=64088
1507
1508         Reviewed by Tor Arne Vestbø.
1509
1510         Removed dead code that isn't developed anymore.
1511
1512         * JavaScriptCore.gypi:
1513         * JavaScriptCore.pri:
1514         * qt/api/QtScript.pro: Removed.
1515         * qt/api/qscriptconverter_p.h: Removed.
1516         * qt/api/qscriptengine.cpp: Removed.
1517         * qt/api/qscriptengine.h: Removed.
1518         * qt/api/qscriptengine_p.cpp: Removed.
1519         * qt/api/qscriptengine_p.h: Removed.
1520         * qt/api/qscriptfunction.cpp: Removed.
1521         * qt/api/qscriptfunction_p.h: Removed.
1522         * qt/api/qscriptoriginalglobalobject_p.h: Removed.
1523         * qt/api/qscriptprogram.cpp: Removed.
1524         * qt/api/qscriptprogram.h: Removed.
1525         * qt/api/qscriptprogram_p.h: Removed.
1526         * qt/api/qscriptstring.cpp: Removed.
1527         * qt/api/qscriptstring.h: Removed.
1528         * qt/api/qscriptstring_p.h: Removed.
1529         * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
1530         * qt/api/qscriptsyntaxcheckresult.h: Removed.
1531         * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
1532         * qt/api/qscriptvalue.cpp: Removed.
1533         * qt/api/qscriptvalue.h: Removed.
1534         * qt/api/qscriptvalue_p.h: Removed.
1535         * qt/api/qscriptvalueiterator.cpp: Removed.
1536         * qt/api/qscriptvalueiterator.h: Removed.
1537         * qt/api/qscriptvalueiterator_p.h: Removed.
1538         * qt/api/qtscriptglobal.h: Removed.
1539         * qt/benchmarks/benchmarks.pri: Removed.
1540         * qt/benchmarks/benchmarks.pro: Removed.
1541         * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
1542         * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
1543         * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
1544         * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
1545         * qt/tests/qscriptengine/qscriptengine.pro: Removed.
1546         * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
1547         * qt/tests/qscriptstring/qscriptstring.pro: Removed.
1548         * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
1549         * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
1550         * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
1551         * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
1552         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
1553         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
1554         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
1555         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
1556         * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
1557         * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
1558         * qt/tests/tests.pri: Removed.
1559         * qt/tests/tests.pro: Removed.
1560
1561 2011-10-21  Zheng Liu  <zheng.z.liu@intel.com>
1562
1563         bytecompiler sometimes generates incorrect bytecode for put_by_id
1564         https://bugs.webkit.org/show_bug.cgi?id=70403
1565
1566         Reviewed by Filip Pizlo.
1567
1568         * bytecompiler/NodesCodegen.cpp:
1569         (JSC::AssignDotNode::emitBytecode):
1570         (JSC::AssignBracketNode::emitBytecode):
1571
1572 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
1573
1574         DFG should not try to predict argument types by looking at the values of
1575         argument registers at the time of compilation
1576         https://bugs.webkit.org/show_bug.cgi?id=70578
1577
1578         Reviewed by Oliver Hunt.
1579
1580         * bytecode/CodeBlock.cpp:
1581         * dfg/DFGDriver.cpp:
1582         (JSC::DFG::compile):
1583         (JSC::DFG::tryCompile):
1584         (JSC::DFG::tryCompileFunction):
1585         * dfg/DFGDriver.h:
1586         (JSC::DFG::tryCompileFunction):
1587         * dfg/DFGGraph.cpp:
1588         (JSC::DFG::Graph::predictArgumentTypes):
1589         * dfg/DFGGraph.h:
1590         * runtime/Executable.cpp:
1591         (JSC::FunctionExecutable::compileOptimizedForCall):
1592         (JSC::FunctionExecutable::compileOptimizedForConstruct):
1593         (JSC::FunctionExecutable::compileForCallInternal):
1594         (JSC::FunctionExecutable::compileForConstructInternal):
1595         * runtime/Executable.h:
1596         (JSC::FunctionExecutable::compileForCall):
1597         (JSC::FunctionExecutable::compileForConstruct):
1598         (JSC::FunctionExecutable::compileFor):
1599         (JSC::FunctionExecutable::compileOptimizedFor):
1600
1601 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
1602
1603         DFG call optimization handling will fail if the call had been unlinked due
1604         to the callee being optimized
1605         https://bugs.webkit.org/show_bug.cgi?id=70468
1606
1607         Reviewed by Geoff Garen.
1608         
1609         If a call had ever been linked, we remember this fact as well as the function
1610         to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
1611         called.
1612
1613         * bytecode/CodeBlock.cpp:
1614         (JSC::CodeBlock::visitAggregate):
1615         * bytecode/CodeBlock.h:
1616         * dfg/DFGByteCodeParser.cpp:
1617         (JSC::DFG::ByteCodeParser::parseBlock):
1618         * dfg/DFGRepatch.cpp:
1619         (JSC::DFG::dfgLinkFor):
1620         * jit/JIT.cpp:
1621         (JSC::JIT::linkFor):
1622
1623 2011-10-20  Yuqiang Xian  <yuqiang.xian@intel.com>
1624
1625         DFG JIT 32_64 - Fix ByteArray speculation
1626         https://bugs.webkit.org/show_bug.cgi?id=70571
1627
1628         Reviewed by Filip Pizlo.
1629
1630         * dfg/DFGSpeculativeJIT.h:
1631         (JSC::DFG::ValueSource::forPrediction):
1632         * dfg/DFGSpeculativeJIT32_64.cpp:
1633         (JSC::DFG::SpeculativeJIT::compile):
1634
1635 2011-10-20  Vincent Scheib  <scheib@chromium.org>
1636
1637         MouseLock compile and run time flags.
1638         https://bugs.webkit.org/show_bug.cgi?id=70530
1639
1640         Reviewed by Darin Fisher.
1641
1642         * wtf/Platform.h:
1643
1644 2011-10-20  Mark Hahnenberg  <mhahnenberg@apple.com>
1645
1646         Rename static deleteProperty to deletePropertyByIndex
1647         https://bugs.webkit.org/show_bug.cgi?id=70257
1648
1649         Reviewed by Geoffrey Garen.
1650
1651         Renaming versions of deleteProperty that use an unsigned as the property
1652         name to "deletePropertyByIndex" in preparation for adding them to the 
1653         MethodTable, which requires unique names for each method.
1654
1655         * API/JSCallbackObject.h:
1656         * API/JSCallbackObjectFunctions.h:
1657         (JSC::::deletePropertyVirtual):
1658         (JSC::::deletePropertyByIndex):
1659         * runtime/Arguments.cpp:
1660         (JSC::Arguments::deletePropertyVirtual):
1661         (JSC::Arguments::deletePropertyByIndex):
1662         * runtime/Arguments.h:
1663         * runtime/JSArray.cpp:
1664         (JSC::JSArray::deletePropertyVirtual):
1665         (JSC::JSArray::deletePropertyByIndex):
1666         * runtime/JSArray.h:
1667         * runtime/JSCell.cpp:
1668         (JSC::JSCell::deletePropertyVirtual):
1669         (JSC::JSCell::deletePropertyByIndex):
1670         * runtime/JSCell.h:
1671         * runtime/JSNotAnObject.cpp:
1672         (JSC::JSNotAnObject::deletePropertyVirtual):
1673         (JSC::JSNotAnObject::deletePropertyByIndex):
1674         * runtime/JSNotAnObject.h:
1675         * runtime/JSObject.cpp:
1676         (JSC::JSObject::deletePropertyVirtual):
1677         (JSC::JSObject::deletePropertyByIndex):
1678         * runtime/JSObject.h:
1679         * runtime/RegExpMatchesArray.h:
1680         (JSC::RegExpMatchesArray::deletePropertyVirtual):
1681         (JSC::RegExpMatchesArray::deletePropertyByIndex):
1682
1683 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
1684
1685         https://bugs.webkit.org/show_bug.cgi?id=70482
1686         DFG-related stubs in the old JIT should not be built if the DFG is disabled
1687
1688         Reviewed by Zoltan Herczeg.
1689         
1690         Aiming for a slight code size/build time reduction if the DFG is not in
1691         play. This should also make further DFG development slightly easier since
1692         the bodies of these JIT stubs can now safely refer to things that are only
1693         declared when the DFG is enabled.
1694
1695         * jit/JITStubs.cpp:
1696         * jit/JITStubs.h:
1697
1698 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
1699
1700         DFG ConvertThis emits slow code when the source node is known to be,
1701         but not predicted to be, a final object
1702         https://bugs.webkit.org/show_bug.cgi?id=70466
1703
1704         Reviewed by Oliver Hunt.
1705         
1706         Added a new case in ConvertThis compilation.
1707
1708         * dfg/DFGSpeculativeJIT32_64.cpp:
1709         (JSC::DFG::SpeculativeJIT::compile):
1710         * dfg/DFGSpeculativeJIT64.cpp:
1711         (JSC::DFG::SpeculativeJIT::compile):
1712
1713 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
1714
1715         Optimization triggers in the old JIT may sometimes fire repeatedly even
1716         though there is no optimization to be done
1717         https://bugs.webkit.org/show_bug.cgi?id=70467
1718
1719         Reviewed by Oliver Hunt.
1720         
1721         If optimize_from_ret does nothing, it delays the next optimization trigger.
1722         This is performance-neutral.
1723
1724         * jit/JITStubs.cpp:
1725         (JSC::DEFINE_STUB_FUNCTION):
1726         * runtime/Heuristics.cpp:
1727         (JSC::Heuristics::initializeHeuristics):
1728
1729 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
1730
1731         DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
1732         https://bugs.webkit.org/show_bug.cgi?id=70460
1733
1734         Reviewed by Filip Pizlo.
1735
1736         As pointed out by Gavin in bug #70418, when a value is already in memory
1737         we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
1738         This gives 9% improvement on Kraken if without the change in bug #70418,
1739         and 1% if based on the code with bug #70418 change.
1740         Performance is neutral in V8 and SunSpider.
1741
1742         * dfg/DFGJITCodeGenerator32_64.cpp:
1743         (JSC::DFG::JITCodeGenerator::fillDouble):
1744         * dfg/DFGSpeculativeJIT32_64.cpp:
1745         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1746
1747 2011-10-19  Gavin Barraclough  <barraclough@apple.com>
1748
1749         Poisoning of strict caller,arguments inappropriately poisoning "in"
1750         https://bugs.webkit.org/show_bug.cgi?id=63398
1751
1752         Reviewed by Oliver Hunt.
1753
1754         This fixes the problem by correctly implementing the spec -
1755         the error should actually be being thrown from a standard JS getter/setter.
1756         This implements spec correct behaviour for strict mode JS functions & bound
1757         functions, I'll follow up with a patch to do the same for arguments.
1758
1759         * runtime/JSBoundFunction.cpp:
1760         (JSC::JSBoundFunction::finishCreation):
1761             - Add the poisoned caller/arguments properties.
1762         * runtime/JSBoundFunction.h:
1763         * runtime/JSFunction.cpp:
1764         (JSC::JSFunction::finishCreation):
1765         (JSC::JSFunction::getOwnPropertySlot):
1766         (JSC::JSFunction::getOwnPropertyDescriptor):
1767         (JSC::JSFunction::put):
1768             - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
1769         * runtime/JSFunction.h:
1770         * runtime/JSGlobalObject.cpp:
1771         (JSC::JSGlobalObject::createThrowTypeError):
1772         (JSC::JSGlobalObject::visitChildren):
1773         * runtime/JSGlobalObject.h:
1774         (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
1775             - Add a ThrowTypeError type, per ES5 13.2.3.
1776         * runtime/JSGlobalObjectFunctions.cpp:
1777         (JSC::globalFuncThrowTypeError):
1778         * runtime/JSGlobalObjectFunctions.h:
1779             - Implementation of ThrowTypeError.
1780         * runtime/JSObject.cpp:
1781         (JSC::JSObject::initializeGetterSetterProperty):
1782         * runtime/JSObject.h:
1783             - This function adds a new property (must not exist already) that is an initialized getter/setter.
1784
1785 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
1786
1787         DFG JIT 32_64 - improve double boxing/unboxing
1788         https://bugs.webkit.org/show_bug.cgi?id=70418
1789
1790         Reviewed by Gavin Barraclough.
1791
1792         Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
1793         which tries to exchange data through memory.
1794         On X86 some SSE instructions can help us on such operations with better performance.
1795         This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
1796         and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
1797
1798         * assembler/MacroAssemblerX86Common.h:
1799         (JSC::MacroAssemblerX86Common::lshiftPacked):
1800         (JSC::MacroAssemblerX86Common::rshiftPacked):
1801         (JSC::MacroAssemblerX86Common::orPacked):
1802         (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
1803         (JSC::MacroAssemblerX86Common::movePackedToInt32):
1804         * assembler/X86Assembler.h:
1805         (JSC::X86Assembler::movd_rr):
1806         (JSC::X86Assembler::psllq_i8r):
1807         (JSC::X86Assembler::psrlq_i8r):
1808         (JSC::X86Assembler::por_rr):
1809         * dfg/DFGJITCodeGenerator.h:
1810         (JSC::DFG::JITCodeGenerator::boxDouble):
1811         (JSC::DFG::JITCodeGenerator::unboxDouble):
1812         * dfg/DFGJITCodeGenerator32_64.cpp:
1813         (JSC::DFG::JITCodeGenerator::fillDouble):
1814         (JSC::DFG::JITCodeGenerator::fillJSValue):
1815         (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
1816         (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
1817         (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
1818         (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
1819         * dfg/DFGJITCompiler.h:
1820         (JSC::DFG::JITCompiler::boxDouble):
1821         (JSC::DFG::JITCompiler::unboxDouble):
1822         * dfg/DFGSpeculativeJIT32_64.cpp:
1823         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1824         (JSC::DFG::SpeculativeJIT::convertToDouble):
1825         (JSC::DFG::SpeculativeJIT::compile):
1826
1827 2011-10-19  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1828
1829         [EFL] Fix DSO linkage of wtf_efl.
1830
1831         Unreviewed build fix.
1832
1833         Need to add -ldl to jsc_efl (requested by dladdr).
1834
1835         * wtf/CMakeListsEfl.txt:
1836
1837 2011-10-19  Geoffrey Garen  <ggaren@apple.com>
1838
1839         Removed StringImplBase, fusing it into StringImpl
1840         https://bugs.webkit.org/show_bug.cgi?id=70443
1841
1842         Reviewed by Gavin Barraclough.
1843
1844         * GNUmakefile.list.am:
1845         * JavaScriptCore.gypi:
1846         * JavaScriptCore.order:
1847         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1848         * JavaScriptCore.xcodeproj/project.pbxproj:
1849         * wtf/CMakeLists.txt:
1850         * wtf/text/StringImpl.h:
1851         (WTF::StringImpl::StringImpl):
1852         (WTF::StringImpl::ref):
1853         (WTF::StringImpl::length):
1854         * wtf/text/StringImplBase.h: Removed.
1855         * wtf/wtf.pri: Removed!
1856
1857 2011-10-19  Mark Hahnenberg  <mhahnenberg@apple.com>
1858
1859         Add getConstructData to the MethodTable
1860         https://bugs.webkit.org/show_bug.cgi?id=70163
1861
1862         Reviewed by Geoffrey Garen.
1863
1864         Adding getConstructData to the MethodTable in order to be able to 
1865         remove all calls to getConstructDataVirtual soon.  Part of the process 
1866         of de-virtualizing JSCell.
1867
1868         * JavaScriptCore.exp:
1869         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1870         * runtime/ClassInfo.h:
1871
1872 2011-10-18  Oliver Hunt  <oliver@apple.com>
1873
1874         Support CanvasPixelArray in the DFG
1875         https://bugs.webkit.org/show_bug.cgi?id=70384
1876
1877         Reviewed by Filip Pizlo.
1878
1879         Add support for the old CanvasPixelArray optimisations to the
1880         DFG.  This removes the regression seen in the DFG when using
1881         a CPA.
1882
1883         * assembler/MacroAssemblerX86Common.h:
1884         (JSC::MacroAssemblerX86Common::store8):
1885         (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
1886         * assembler/X86Assembler.h:
1887         (JSC::X86Assembler::movb_rm):
1888         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1889         * bytecode/PredictedType.cpp:
1890         (JSC::predictionToString):
1891         (JSC::predictionFromClassInfo):
1892         * bytecode/PredictedType.h:
1893         (JSC::isByteArrayPrediction):
1894         * dfg/DFGAbstractState.cpp:
1895         (JSC::DFG::AbstractState::initialize):
1896         (JSC::DFG::AbstractState::execute):
1897         * dfg/DFGNode.h:
1898         (JSC::DFG::Node::shouldSpeculateByteArray):
1899         * dfg/DFGPropagator.cpp:
1900         (JSC::DFG::Propagator::propagateNodePredictions):
1901         (JSC::DFG::Propagator::fixupNode):
1902         (JSC::DFG::Propagator::performNodeCSE):
1903         * dfg/DFGSpeculativeJIT.cpp:
1904         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1905         (JSC::DFG::compileClampDoubleToByte):
1906         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1907         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
1908         * dfg/DFGSpeculativeJIT.h:
1909         * dfg/DFGSpeculativeJIT32_64.cpp:
1910         (JSC::DFG::SpeculativeJIT::compile):
1911         * dfg/DFGSpeculativeJIT64.cpp:
1912         (JSC::DFG::SpeculativeJIT::compile):
1913         * runtime/JSByteArray.h:
1914         (JSC::JSByteArray::offsetOfStorage):
1915         * wtf/ByteArray.cpp:
1916         * wtf/ByteArray.h:
1917         (WTF::ByteArray::offsetOfSize):
1918         (WTF::ByteArray::offsetOfData):
1919
1920 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
1921
1922         Some rope cleanup following r97827
1923         https://bugs.webkit.org/show_bug.cgi?id=70398
1924
1925         Reviewed by Oliver Hunt.
1926
1927         9% speedup on date-format-xparb, neutral overall.
1928         
1929         - Removed RopeImpl*.
1930         - Removed JSString::m_fiberCount, since this can be deduced from other data.
1931         - Renamed a jsString() variant to jsStringFromArguments for clarity.
1932
1933         * CMakeLists.txt:
1934         * GNUmakefile.list.am:
1935         * JavaScriptCore.order:
1936         * JavaScriptCore.pro:
1937         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1938         * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
1939
1940         * dfg/DFGSpeculativeJIT.cpp:
1941         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1942         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1943         * jit/JITInlineMethods.h:
1944         (JSC::JIT::emitLoadCharacterString):
1945         * jit/JITPropertyAccess.cpp:
1946         (JSC::JIT::stringGetByValStubGenerator):
1947         * jit/JITPropertyAccess32_64.cpp:
1948         (JSC::JIT::stringGetByValStubGenerator):
1949         * jit/SpecializedThunkJIT.h:
1950         (JSC::SpecializedThunkJIT::loadJSStringArgument):
1951         * jit/ThunkGenerators.cpp:
1952         (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
1953         of testing m_fiberCount, since m_fiberCount is gone now.
1954
1955         * runtime/JSString.cpp:
1956         (JSC::JSString::RopeBuilder::expand):
1957         (JSC::JSString::visitChildren):
1958         (JSC::JSString::resolveRope):
1959         (JSC::JSString::resolveRopeSlowCase):
1960         (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
1961         in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
1962
1963         * runtime/JSString.h:
1964         (JSC::RopeBuilder::JSString):
1965         (JSC::RopeBuilder::finishCreation):
1966         (JSC::RopeBuilder::offsetOfLength):
1967         (JSC::RopeBuilder::isRope):
1968         (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
1969         jsString => jsStringFromArguments for clarity.
1970
1971         * runtime/Operations.h:
1972         (JSC::jsStringFromArguments): Renamed.
1973
1974         * runtime/RopeImpl.cpp: Removed.
1975         * runtime/RopeImpl.h: Removed.
1976
1977         * runtime/SmallStrings.cpp:
1978         (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
1979         which is slightly faster.
1980
1981         * runtime/StringPrototype.cpp:
1982         (JSC::stringProtoFuncConcat): Updated for rename.
1983
1984         * wtf/text/StringImplBase.h:
1985         (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
1986         StringImpl, since this was only used by RopeImpl, which is now gone.
1987
1988 2011-10-19  Rafael Antognolli  <antognolli@profusion.mobi>
1989
1990         [EFL] Fix DSO linkage of jsc_efl.
1991         https://bugs.webkit.org/show_bug.cgi?id=70412
1992
1993         Unreviewed build fix.
1994
1995         Need to add -ldl to jsc_efl (requested by dladdr).
1996
1997         * shell/CMakeListsEfl.txt:
1998
1999 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2000
2001         Rolled out last Windows build fix because it was wrong.
2002
2003 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2004
2005         Rolled out last Windows build fix because it was wrong.
2006
2007 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2008
2009         Try to fix part of the Windows build.
2010         
2011         Export!
2012
2013 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
2014
2015         Switched ropes from malloc memory to GC memory
2016         https://bugs.webkit.org/show_bug.cgi?id=70364
2017
2018         Reviewed by Gavin Barraclough.
2019
2020         ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
2021         having C++ destructors.
2022
2023         * heap/MarkStack.cpp:
2024         (JSC::visitChildren): Call the JSString visitChildren function now,
2025         since it's no longer a no-op.
2026
2027         * runtime/JSString.cpp:
2028         (JSC::JSString::~JSString): Moved this destructor out of line because
2029         it's called virtually, so there's no value to inlining.
2030
2031         (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
2032         initializing wrapper around JSString. JSString now represents ropes
2033         directly, rather than relying on an underlying malloc object.
2034
2035         (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
2036         objects now.
2037
2038         (JSC::JSString::resolveRope):
2039         (JSC::JSString::resolveRopeSlowCase):
2040         (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
2041         of malloc objects.
2042
2043         (JSC::JSString::replaceCharacter): Removed optimizations for substringing
2044         ropes and replacing subsections of ropes. We want to reimplement versions
2045         of these optimizations in the future, but this patch already has good
2046         performance without them.
2047
2048         * runtime/JSString.h:
2049         (JSC::RopeBuilder::JSString):
2050         (JSC::RopeBuilder::finishCreation):
2051         (JSC::RopeBuilder::createNull):
2052         (JSC::RopeBuilder::create):
2053         (JSC::RopeBuilder::createHasOtherOwner):
2054         (JSC::jsSingleCharacterString):
2055         (JSC::jsSingleCharacterSubstring):
2056         (JSC::jsNontrivialString):
2057         (JSC::jsString):
2058         (JSC::jsSubstring):
2059         (JSC::jsOwnedString): Lots of mechanical changes here. The two important
2060         things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
2061         malloc objects; (2) I simplified the JSString constructor interface to
2062         only accept PassRefPtr<StringImpl>, instead of variations on that like
2063         UString, reducing refcount churn.
2064
2065         * runtime/JSValue.h:
2066         * runtime/JSValue.cpp:
2067         (JSC::JSValue::toPrimitiveString): Updated this function to return a
2068         JSString instead of a UString, since that's what clients want now.
2069
2070         * runtime/Operations.cpp:
2071         (JSC::jsAddSlowCase):
2072         * runtime/Operations.h:
2073         (JSC::jsString):
2074         * runtime/SmallStrings.cpp:
2075         (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
2076
2077         * runtime/StringConstructor.cpp:
2078         (JSC::constructWithStringConstructor):
2079         * runtime/StringObject.h:
2080         (JSC::StringObject::create): Don't create a new JSString if we already
2081         have a JSString.
2082
2083         * runtime/StringPrototype.cpp:
2084         (JSC::stringProtoFuncConcat): Updated for interface changes above.
2085
2086 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
2087
2088         Errrk, fix partial commit of r97825!
2089
2090         * runtime/DatePrototype.cpp:
2091         (JSC::dateProtoFuncToISOString):
2092
2093 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
2094
2095         Date.prototype.toISOString fails to throw exception
2096         https://bugs.webkit.org/show_bug.cgi?id=70394
2097
2098         Reviewed by Sam Weinig.
2099
2100         * runtime/DatePrototype.cpp:
2101         (JSC::dateProtoFuncToISOString):
2102             - Should throw a range error if the internal value is not finite.
2103
2104 2011-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
2105
2106         Rename static put to putByIndex
2107         https://bugs.webkit.org/show_bug.cgi?id=70281
2108
2109         Reviewed by Geoffrey Garen.
2110
2111         Renaming versions of deleteProperty that use an unsigned as the property
2112         name to "deletePropertyByIndex" in preparation for adding them to the 
2113         MethodTable, which requires unique names for each method.
2114
2115         * dfg/DFGOperations.cpp:
2116         (JSC::DFG::putByVal):
2117         * jit/JITStubs.cpp:
2118         (JSC::DEFINE_STUB_FUNCTION):
2119         * runtime/Arguments.cpp:
2120         (JSC::Arguments::putVirtual):
2121         (JSC::Arguments::putByIndex):
2122         * runtime/Arguments.h:
2123         * runtime/ArrayPrototype.cpp:
2124         (JSC::arrayProtoFuncMap):
2125         * runtime/JSArray.cpp:
2126         (JSC::JSArray::put):
2127         (JSC::JSArray::putVirtual):
2128         (JSC::JSArray::putByIndex):
2129         * runtime/JSArray.h:
2130         * runtime/JSByteArray.cpp:
2131         (JSC::JSByteArray::putVirtual):
2132         (JSC::JSByteArray::putByIndex):
2133         * runtime/JSByteArray.h:
2134         * runtime/JSCell.cpp:
2135         (JSC::JSCell::putVirtual):
2136         (JSC::JSCell::putByIndex):
2137         * runtime/JSCell.h:
2138         * runtime/JSNotAnObject.cpp:
2139         (JSC::JSNotAnObject::putVirtual):
2140         (JSC::JSNotAnObject::putByIndex):
2141         * runtime/JSNotAnObject.h:
2142         * runtime/JSObject.cpp:
2143         (JSC::JSObject::putVirtual):
2144         (JSC::JSObject::putByIndex):
2145         * runtime/JSObject.h:
2146         * runtime/RegExpConstructor.cpp:
2147         (JSC::RegExpMatchesArray::fillArrayInstance):
2148         * runtime/RegExpMatchesArray.h:
2149         (JSC::RegExpMatchesArray::putVirtual):
2150         (JSC::RegExpMatchesArray::putByIndex):
2151
2152 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
2153
2154         Array.prototype methods missing exception checks
2155         https://bugs.webkit.org/show_bug.cgi?id=70360
2156
2157         Reviewed by Geoff Garen.
2158
2159         Missing exception checks after calls to the static getProperty helper,
2160         these may result in the wrong exception being thrown (or an ASSERT being hit,
2161         as is currently the case running test-262).
2162
2163         No performance impact.
2164
2165         * runtime/ArrayPrototype.cpp:
2166         (JSC::arrayProtoFuncConcat):
2167         (JSC::arrayProtoFuncReverse):
2168         (JSC::arrayProtoFuncShift):
2169         (JSC::arrayProtoFuncSlice):
2170         (JSC::arrayProtoFuncSplice):
2171         (JSC::arrayProtoFuncUnShift):
2172         (JSC::arrayProtoFuncReduce):
2173         (JSC::arrayProtoFuncReduceRight):
2174         (JSC::arrayProtoFuncIndexOf):
2175         (JSC::arrayProtoFuncLastIndexOf):
2176
2177 2011-10-18  Adam Barth  <abarth@webkit.org>
2178
2179         Always enable ENABLE(XPATH)
2180         https://bugs.webkit.org/show_bug.cgi?id=70217
2181
2182         Reviewed by Eric Seidel.
2183
2184         * Configurations/FeatureDefines.xcconfig:
2185
2186 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
2187
2188         Indexed arguments on the Arguments object should be enumerable.
2189         https://bugs.webkit.org/show_bug.cgi?id=70302
2190
2191         Reviewed by Sam Weinig.
2192
2193         See ECMA-262 5.1 chapter 10.6 step 11b.
2194         This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
2195
2196         * runtime/Arguments.cpp:
2197         (JSC::Arguments::getOwnPropertyDescriptor):
2198             - The 'enumerable' property should be true for indexed arguments.
2199         (JSC::Arguments::getOwnPropertyNames):
2200             - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
2201
2202 2011-10-18  Gustavo Noronha Silva  <gns@gnome.org>
2203
2204         Fix distcheck.
2205
2206         * GNUmakefile.list.am: fix a typo and add a missing header to the
2207         list.
2208
2209 2011-10-18  Balazs Kelemen  <kbalazs@webkit.org>
2210
2211         ParallelJobs: maximum number of threads should be determined dynamically
2212         https://bugs.webkit.org/show_bug.cgi?id=68540
2213
2214         Reviewed by Zoltan Herczeg.
2215
2216         Add logic to determine the number of cores and use this as
2217         the maximum number of threads. The implementation currently
2218         covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
2219         The patch was tested on Linux, Mac and Windows which was enough to
2220         cover all code path. It should work on the rest accoring to the
2221         documentation of those OS's. The hard coded constant is still used
2222         on uncovered OS's which should be fixed in the future.
2223
2224         * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
2225         argument because clients should always fill it and the 0 default value
2226         was incorrect anyway.
2227         (WTF::ParallelJobs::ParallelJobs):
2228         * wtf/ParallelJobsGeneric.cpp:
2229         (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
2230         * wtf/ParallelJobsGeneric.h:
2231         (WTF::ParallelEnvironment::ParallelEnvironment):
2232
2233 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
2234
2235         Reverted r997709, this caused test failures.
2236
2237         * jit/JITStubs.cpp:
2238         (JSC::DEFINE_STUB_FUNCTION):
2239         * runtime/JSObject.cpp:
2240         (JSC::JSObject::hasProperty):
2241         (JSC::JSObject::hasOwnProperty):
2242
2243 2011-10-17  Ryosuke Niwa  <rniwa@webkit.org>
2244
2245         Rename deregister* to unregister*
2246         https://bugs.webkit.org/show_bug.cgi?id=70272
2247
2248         Reviewed by Darin Adler.
2249
2250         Renamed deregisterWeakMap to unregisterWeakMap.
2251
2252         * runtime/JSGlobalObject.h:
2253         (JSC::JSGlobalObject::unregisterWeakMap):
2254
2255 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
2256
2257         Poisoning of strict caller/arguments inappropriately poisoning "in"
2258         https://bugs.webkit.org/show_bug.cgi?id=63398
2259
2260         Reviewed by Sam Weinig.
2261
2262         The problem here is that the has[Own]Property methods get the slot rather than
2263         the descriptor, and getting the slot may cause the property to be eagerly accessed.
2264
2265         * jit/JITStubs.cpp:
2266         (JSC::DEFINE_STUB_FUNCTION):
2267             - We don't expect hasProperty to ever throw. If it does, it won't get caught
2268               (since it is after the exception check), so ASSERT to guard against this.
2269         * runtime/JSObject.cpp:
2270         (JSC::JSObject::hasProperty):
2271         (JSC::JSObject::hasOwnProperty):
2272             - These methods should not check for the presence of the descriptor; never get the value.
2273
2274 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
2275
2276         Exception ordering in String.prototype.replace
2277         https://bugs.webkit.org/show_bug.cgi?id=70290
2278
2279         If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
2280
2281         Reviewed by Oliver Hunt.
2282
2283         * runtime/StringPrototype.cpp:
2284         (JSC::stringProtoFuncReplace):
2285
2286 2011-10-17  Filip Pizlo  <fpizlo@apple.com>
2287
2288         DFG bytecode parser should understand inline stacks
2289         https://bugs.webkit.org/show_bug.cgi?id=70278
2290
2291         Reviewed by Oliver Hunt.
2292         
2293         The DFG bytecode parser is now capable of parsing multiple code blocks at
2294         once. This remains turned off since not all inlining functionality is
2295         implemented.       
2296         
2297         This required making a few changes elsewhere in the system. The bytecode
2298         parser now may do some of the same things that the bytecode generator does,
2299         like allocating constants and identifiers. Basic block linking relies on
2300         bytecode indices, which are only meaningful within the context of one basic
2301         block. This is fine, so long as linking is done eagerly whenever switching
2302         from one code block to another.
2303
2304         * bytecode/CodeOrigin.h:
2305         (JSC::CodeOrigin::CodeOrigin):
2306         * bytecompiler/BytecodeGenerator.h:
2307         * dfg/DFGBasicBlock.h:
2308         * dfg/DFGByteCodeParser.cpp:
2309         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2310         (JSC::DFG::ByteCodeParser::get):
2311         (JSC::DFG::ByteCodeParser::set):
2312         (JSC::DFG::ByteCodeParser::getThis):
2313         (JSC::DFG::ByteCodeParser::setThis):
2314         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
2315         (JSC::DFG::ByteCodeParser::getPrediction):
2316         (JSC::DFG::ByteCodeParser::makeSafe):
2317         (JSC::DFG::ByteCodeParser::makeDivSafe):
2318         (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
2319         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
2320         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
2321         (JSC::DFG::ByteCodeParser::parseBlock):
2322         (JSC::DFG::ByteCodeParser::linkBlock):
2323         (JSC::DFG::ByteCodeParser::linkBlocks):
2324         (JSC::DFG::ByteCodeParser::setupPredecessors):
2325         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2326         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2327         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2328         (JSC::DFG::ByteCodeParser::parse):
2329         * dfg/DFGGraph.h:
2330         (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
2331         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
2332         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
2333         * dfg/DFGNode.h:
2334         * runtime/Identifier.h:
2335         (JSC::IdentifierMapIndexHashTraits::emptyValue):
2336         * runtime/JSValue.h:
2337         * wtf/StdLibExtras.h:
2338         (WTF::binarySearchWithFunctor):
2339
2340 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
2341
2342         Incorrect behavior from String match/search & undefined pattern
2343         https://bugs.webkit.org/show_bug.cgi?id=70286
2344
2345         Reviewed by Sam weinig.
2346
2347         * runtime/StringPrototype.cpp:
2348         (JSC::stringProtoFuncMatch):
2349             - In case of undefined, pattern is "".
2350         (JSC::stringProtoFuncSearch):
2351             - In case of undefined, pattern is "".
2352
2353 2011-10-17  Gavin Barraclough  <barraclough@apple.com>
2354
2355         https://bugs.webkit.org/show_bug.cgi?id=70207
2356         After deleting __defineSetter__, it is absent but appears in name list
2357
2358         Reviewed by Darin Adler.
2359
2360         * runtime/JSObject.cpp:
2361         (JSC::JSObject::getOwnPropertyNames):
2362             - This should check whether static functions have been reified.
2363
2364 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
2365
2366         Mac build fix.
2367
2368         * JavaScriptCore.exp: Export!
2369
2370 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
2371
2372         Windows build fix.
2373
2374         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
2375
2376 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
2377
2378         Windows build fix.
2379
2380         * heap/HandleStack.cpp: Added a missing #include.
2381
2382 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
2383
2384         Windows build fix.
2385
2386         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
2387         longer existant symbol.
2388
2389         * heap/MarkStack.cpp:
2390         (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
2391
2392 2011-10-17  Geoffrey Garen  <ggaren@apple.com>
2393
2394         Simplified GC marking logic
2395         https://bugs.webkit.org/show_bug.cgi?id=70258
2396
2397         Reviewed by Filip Pizlo.
2398         
2399         No perf. change.
2400         
2401         This is a first step toward GC allocating string backing stores, starting
2402         with ropes. It also enables future simplifications and optimizations.
2403         
2404         - Replaced some complex mark stack logic with a simple linear stack of
2405         JSCell pointers.
2406         
2407         - Replaced logic for short-circuiting marking based on JSType and/or
2408         Structure flags with special cases for object, array, and string.
2409         
2410         - Fiddled with inlining for better codegen.
2411
2412         * JavaScriptCore.exp:
2413         * heap/HandleStack.cpp: Build!
2414
2415         * heap/Heap.cpp:
2416         (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
2417
2418         * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
2419
2420         * heap/MarkStack.cpp:
2421         (JSC::MarkStackArray::MarkStackArray):
2422         (JSC::MarkStackArray::~MarkStackArray):
2423         (JSC::MarkStackArray::expand):
2424         (JSC::MarkStackArray::shrinkAllocation):
2425         (JSC::MarkStack::reset):
2426         (JSC::visitChildren):
2427         (JSC::SlotVisitor::drain):
2428         * heap/MarkStack.h:
2429         (JSC::MarkStack::MarkStack):
2430         (JSC::MarkStack::~MarkStack):
2431         (JSC::MarkStackArray::append):
2432         (JSC::MarkStackArray::removeLast):
2433         (JSC::MarkStackArray::isEmpty):
2434         (JSC::MarkStack::append):
2435         (JSC::MarkStack::appendUnbarrieredPointer):
2436         (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
2437         simple linear stack.
2438
2439         * heap/SlotVisitor.h:
2440         (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
2441
2442         * runtime/JSArray.cpp:
2443         (JSC::JSArray::visitChildren):
2444         * runtime/JSArray.h:
2445         * runtime/JSObject.cpp:
2446         (JSC::JSObject::visitChildren):
2447         * runtime/JSObject.h: Don't inline visitChildren; it's too big.
2448
2449         * runtime/Structure.h:
2450         (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
2451         because it prevented strings from owning GC pointers.
2452
2453         * runtime/WriteBarrier.h:
2454         (JSC::MarkStack::appendValues): No need to validate; internalAppend will
2455         do that for us.
2456
2457 2011-10-17  Adam Roben  <aroben@apple.com>
2458
2459         Windows build fix after r97536, part 3
2460
2461         * runtime/JSAPIValueWrapper.h:
2462         * runtime/JSObject.h:
2463         Use JS_EXPORTDATA to export the s_info members.
2464
2465 2011-10-17  Adam Roben  <aroben@apple.com>
2466
2467         Interpreter build fix after r97564
2468
2469         * runtime/Executable.cpp:
2470         (JSC::FunctionExecutable::compileForCallInternal):
2471         (JSC::FunctionExecutable::compileForConstructInternal):
2472         Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
2473         there.
2474
2475 2011-10-17  Adam Roben  <aroben@apple.com>
2476
2477         Windows build fix after r97536, part 2
2478
2479         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
2480         JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
2481         was at it.
2482
2483 2011-10-17  Adam Roben  <aroben@apple.com>
2484
2485         Windows build fix after r97536
2486
2487         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
2488         JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
2489         s_info members, which need to be exported via JS_EXPORTDATA instead.
2490
2491 2011-10-17  Patrick Gansterer  <paroga@webkit.org>
2492
2493         Interpreter build fix after r97436, r97506, r97532 and r97537.
2494
2495         * interpreter/Interpreter.cpp:
2496         (JSC::Interpreter::privateExecute):
2497
2498 2011-10-16  Adam Barth  <abarth@webkit.org>
2499
2500         Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
2501         https://bugs.webkit.org/show_bug.cgi?id=70216
2502
2503         Reviewed by Eric Seidel.
2504
2505         * wtf/Platform.h:
2506
2507 2011-10-16  Noel Gordon  <noel.gordon@gmail.com>
2508
2509         [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
2510         https://bugs.webkit.org/show_bug.cgi?id=70205
2511
2512         Reviewed by James Robinson.
2513
2514         wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
2515         wtf/gtk/ThreadingGtk.cpp was removed in r97269.
2516
2517         * JavaScriptCore.gypi:
2518
2519 2011-10-16  Adam Barth  <abarth@webkit.org>
2520
2521         Always enable ENABLE(DOM_STORAGE)
2522         https://bugs.webkit.org/show_bug.cgi?id=70189
2523
2524         Reviewed by Eric Seidel.
2525
2526         * Configurations/FeatureDefines.xcconfig:
2527
2528 2011-10-15  Dan Horák <dan@danny.cz>
2529
2530         The s390 and s390x architectures both use 64-bit double type
2531         that conforms to the IEEE-754 standard.
2532
2533         https://bugs.webkit.org/show_bug.cgi?id=69940
2534
2535         Reviewed by Gavin Barraclough.
2536
2537         * wtf/dtoa/utils.h:
2538
2539 2011-10-14  Filip Pizlo  <fpizlo@apple.com>
2540
2541         FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
2542         https://bugs.webkit.org/show_bug.cgi?id=70157
2543
2544         Reviewed by Geoff Garen.
2545         
2546         Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
2547         and compileForConstructInternal() to use this method. This required more cleanly
2548         exposing some of CodeBlock's tiering functionality and moving the CompilationKind
2549         enum to Executable.h, as this was the easiest way to make it available to the
2550         declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
2551
2552         * bytecode/CodeBlock.cpp:
2553         (JSC::CodeBlock::copyDataFrom):
2554         (JSC::CodeBlock::copyDataFromAlternative):
2555         * bytecode/CodeBlock.h:
2556         (JSC::CodeBlock::setAlternative):
2557         * bytecompiler/BytecodeGenerator.h:
2558         * runtime/Executable.cpp:
2559         (JSC::EvalExecutable::compileInternal):
2560         (JSC::ProgramExecutable::compileInternal):
2561         (JSC::FunctionExecutable::produceCodeBlockFor):
2562         (JSC::FunctionExecutable::compileForCallInternal):
2563         (JSC::FunctionExecutable::compileForConstructInternal):
2564         * runtime/Executable.h:
2565         (JSC::FunctionExecutable::codeBlockFor):
2566
2567 2011-10-15  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
2568
2569         [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
2570         https://bugs.webkit.org/show_bug.cgi?id=69920
2571
2572         Reviewed by Kenneth Rohde Christiansen.
2573
2574         * JavaScriptCore.pri:
2575         * JavaScriptCore.pro:
2576         * heap/MarkStack.h:
2577         (JSC::::shrinkAllocation):
2578         * jit/ExecutableAllocator.cpp:
2579         * jit/ExecutableAllocator.h:
2580         (JSC::ExecutableAllocator::cacheFlush):
2581         * jit/JITStubs.cpp:
2582         * jsc.pro:
2583         * runtime/ArrayPrototype.cpp:
2584         (JSC::arrayProtoFuncToString):
2585         * runtime/DatePrototype.cpp:
2586         (JSC::formatLocaleDate):
2587         * runtime/StringPrototype.cpp:
2588         (JSC::stringProtoFuncLastIndexOf):
2589         * runtime/TimeoutChecker.cpp:
2590         (JSC::getCPUTime):
2591         * wtf/Assertions.cpp:
2592         * wtf/Assertions.h:
2593         * wtf/Atomics.h:
2594         * wtf/MathExtras.h:
2595         * wtf/OSAllocator.h:
2596         (WTF::OSAllocator::decommitAndRelease):
2597         * wtf/OSAllocatorSymbian.cpp: Removed.
2598         * wtf/OSRandomSource.cpp:
2599         (WTF::cryptographicallyRandomValuesFromOS):
2600         * wtf/PageAllocation.h:
2601         * wtf/PageAllocatorSymbian.h: Removed.
2602         * wtf/PageBlock.cpp:
2603         * wtf/Platform.h:
2604         * wtf/StackBounds.cpp:
2605         * wtf/wtf.pri:
2606
2607 2011-10-15  Yuqiang Xian  <yuqiang.xian@intel.com>
2608
2609         Trivial fix for a missing change in r97512
2610         https://bugs.webkit.org/show_bug.cgi?id=70166
2611
2612         Reviewed by Gavin Barraclough.
2613
2614         * dfg/DFGJITCompiler32_64.cpp:
2615         (JSC::DFG::JITCompiler::link):
2616
2617 2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2618
2619         Rename getOwnPropertySlot to getOwnPropertySlotVirtual
2620         https://bugs.webkit.org/show_bug.cgi?id=69810
2621
2622         Reviewed by Geoffrey Garen.
2623
2624         Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
2625         in preparation for when we add the static getOwnPropertySlot to the MethodTable 
2626         in ClassInfo.
2627
2628         Also added a few static getOwnPropertySlot functions where they had been overlooked 
2629         before (especially in CodeGeneratorJS.pm).
2630
2631         * API/JSCallbackObject.h:
2632         * API/JSCallbackObjectFunctions.h:
2633         (JSC::::getOwnPropertySlotVirtual):
2634         (JSC::::getOwnPropertySlot):
2635         (JSC::::getOwnPropertyDescriptor):
2636         (JSC::::staticFunctionGetter):
2637         * JavaScriptCore.exp:
2638         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2639         * debugger/DebuggerActivation.cpp:
2640         (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
2641         (JSC::DebuggerActivation::getOwnPropertySlot):
2642         * debugger/DebuggerActivation.h:
2643         * runtime/Arguments.cpp:
2644         (JSC::Arguments::getOwnPropertySlotVirtual):
2645         (JSC::Arguments::getOwnPropertySlot):
2646         * runtime/Arguments.h:
2647         * runtime/ArrayConstructor.cpp:
2648         (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
2649         (JSC::ArrayConstructor::getOwnPropertySlot):
2650         * runtime/ArrayConstructor.h:
2651         * runtime/ArrayPrototype.cpp:
2652         (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
2653         * runtime/ArrayPrototype.h:
2654         * runtime/BooleanPrototype.cpp:
2655         (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
2656         * runtime/BooleanPrototype.h:
2657         * runtime/DateConstructor.cpp:
2658         (JSC::DateConstructor::getOwnPropertySlotVirtual):
2659         * runtime/DateConstructor.h:
2660         * runtime/DatePrototype.cpp:
2661         (JSC::DatePrototype::getOwnPropertySlotVirtual):
2662         * runtime/DatePrototype.h:
2663         * runtime/ErrorPrototype.cpp:
2664         (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
2665         * runtime/ErrorPrototype.h:
2666         * runtime/JSActivation.cpp:
2667         (JSC::JSActivation::getOwnPropertySlotVirtual):
2668         * runtime/JSActivation.h:
2669         * runtime/JSArray.cpp:
2670         (JSC::JSArray::getOwnPropertySlotVirtual):
2671         (JSC::JSArray::getOwnPropertySlot):
2672         * runtime/JSArray.h:
2673         * runtime/JSBoundFunction.cpp:
2674         (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
2675         * runtime/JSBoundFunction.h:
2676         * runtime/JSByteArray.cpp:
2677         (JSC::JSByteArray::getOwnPropertySlotVirtual):
2678         * runtime/JSByteArray.h:
2679         * runtime/JSCell.cpp:
2680         (JSC::JSCell::getOwnPropertySlotVirtual):
2681         * runtime/JSCell.h:
2682         * runtime/JSFunction.cpp:
2683         (JSC::JSFunction::getOwnPropertySlotVirtual):
2684         (JSC::JSFunction::getOwnPropertyDescriptor):
2685         (JSC::JSFunction::getOwnPropertyNames):
2686         (JSC::JSFunction::put):
2687         * runtime/JSFunction.h:
2688         * runtime/JSGlobalObject.cpp:
2689         (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
2690         * runtime/JSGlobalObject.h:
2691         (JSC::JSGlobalObject::hasOwnPropertyForWrite):
2692         * runtime/JSNotAnObject.cpp:
2693         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
2694         * runtime/JSNotAnObject.h:
2695         * runtime/JSONObject.cpp:
2696         (JSC::Stringifier::Holder::appendNextProperty):
2697         (JSC::JSONObject::getOwnPropertySlotVirtual):
2698         (JSC::Walker::walk):
2699         * runtime/JSONObject.h:
2700         * runtime/JSObject.cpp:
2701         (JSC::JSObject::getOwnPropertySlotVirtual):
2702         (JSC::JSObject::getOwnPropertySlot):
2703         (JSC::JSObject::hasOwnProperty):
2704         * runtime/JSObject.h:
2705         (JSC::JSObject::getOwnPropertySlotVirtual):
2706         (JSC::JSCell::fastGetOwnPropertySlot):
2707         (JSC::JSObject::getPropertySlot):
2708         (JSC::JSValue::get):
2709         * runtime/JSStaticScopeObject.cpp:
2710         (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
2711         * runtime/JSStaticScopeObject.h:
2712         * runtime/JSString.cpp:
2713         (JSC::JSString::getOwnPropertySlotVirtual):
2714         (JSC::JSString::getOwnPropertySlot):
2715         * runtime/JSString.h:
2716         * runtime/Lookup.h:
2717         (JSC::getStaticPropertySlot):
2718         (JSC::getStaticFunctionSlot):
2719         (JSC::getStaticValueSlot):
2720         * runtime/MathObject.cpp:
2721         (JSC::MathObject::getOwnPropertySlotVirtual):
2722         * runtime/MathObject.h:
2723         * runtime/NumberConstructor.cpp:
2724         (JSC::NumberConstructor::getOwnPropertySlotVirtual):
2725         * runtime/NumberConstructor.h:
2726         * runtime/NumberPrototype.cpp:
2727         (JSC::NumberPrototype::getOwnPropertySlotVirtual):
2728         * runtime/NumberPrototype.h:
2729         * runtime/ObjectConstructor.cpp:
2730         (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
2731         * runtime/ObjectConstructor.h:
2732         * runtime/ObjectPrototype.cpp:
2733         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
2734         * runtime/ObjectPrototype.h:
2735         * runtime/RegExpConstructor.cpp:
2736         (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
2737         * runtime/RegExpConstructor.h:
2738         * runtime/RegExpMatchesArray.h:
2739         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
2740         * runtime/RegExpObject.cpp:
2741         (JSC::RegExpObject::getOwnPropertySlotVirtual):
2742         * runtime/RegExpObject.h:
2743         * runtime/RegExpPrototype.cpp:
2744         (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
2745         * runtime/RegExpPrototype.h:
2746         * runtime/StringConstructor.cpp:
2747         (JSC::StringConstructor::getOwnPropertySlotVirtual):
2748         * runtime/StringConstructor.h:
2749         * runtime/StringObject.cpp:
2750         (JSC::StringObject::getOwnPropertySlotVirtual):
2751         * runtime/StringObject.h:
2752         * runtime/StringPrototype.cpp:
2753         (JSC::StringPrototype::getOwnPropertySlotVirtual):
2754         * runtime/StringPrototype.h:
2755
2756 2011-10-14  Gavin Barraclough  <baraclough@apple.com>
2757
2758         Most built-in properties are not deletable
2759         https://bugs.webkit.org/show_bug.cgi?id=61014
2760
2761         Reviewed by Filip Pizlo.
2762
2763         Our static hash tables don't allow for deleting properties.
2764         This is the cause of a bunch of expected failures in LayoutTests/sputnik.
2765
2766         This fixes the problem by reifying all static functions immediately prior
2767         to the first deletion.  Reification is tracked by a flag on the structure,
2768         so properties will no longer 'bounce-back' on later access.
2769
2770         Theoretically there could probably also be an issue with custom accessor
2771         properties, but we probably do not really require any of these to be
2772         Configurable anyway. I'll follow up with a separate patch to address this.
2773
2774         * runtime/ClassInfo.h:
2775         (JSC::ClassInfo::hasStaticProperties):
2776             - detects static property tables.
2777         * runtime/JSObject.cpp:
2778         (JSC::JSObject::deleteProperty):
2779             - call reifyStaticFunctions before deletion.
2780         (JSC::JSObject::reifyStaticFunctions):
2781             - If the class has static functions, set them up now.
2782         * runtime/JSObject.h:
2783         (JSC::JSObject::staticFunctionsReified):
2784             - returns true if static functions have been reified,
2785               and as such should no longer be added.
2786         * runtime/Lookup.cpp:
2787         (JSC::setUpStaticFunctionSlot):
2788             - If static functions have been reified do not add.
2789         * runtime/Lookup.h:
2790         (JSC::HashTable::ConstIterator::ConstIterator):
2791         (JSC::HashTable::ConstIterator::operator->):
2792         (JSC::HashTable::ConstIterator::operator*):
2793         (JSC::HashTable::ConstIterator::operator!=):
2794         (JSC::HashTable::ConstIterator::operator++):
2795         (JSC::HashTable::ConstIterator::skipInvalidKeys):
2796         (JSC::HashTable::begin):
2797         (JSC::HashTable::end):
2798         (JSC::getStaticPropertySlot):
2799         (JSC::getStaticPropertyDescriptor):
2800         (JSC::getStaticFunctionSlot):
2801         (JSC::getStaticFunctionDescriptor):
2802             - setUpStaticFunctionSlot may not add, returns a bool.
2803         (JSC::lookupPut):
2804             - remove redundant branch.
2805         * runtime/Structure.cpp:
2806         (JSC::Structure::Structure):
2807             - initialize new flag in constructors.
2808         * runtime/Structure.h:
2809         (JSC::Structure::staticFunctionsReified):
2810         (JSC::Structure::setStaticFunctionsReified):
2811             - added flag
2812
2813 2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2814
2815         Rename virtual put to putVirtual
2816         https://bugs.webkit.org/show_bug.cgi?id=69851
2817
2818         Reviewed by Darin Adler.
2819
2820         Renamed virtual versions of put to putVirtual in prepration for 
2821         adding the static put to the MethodTable in ClassInfo since the 
2822         compiler gets mad if the virtual and static versions have the same 
2823         name.
2824
2825         * API/JSCallbackObject.h:
2826         * API/JSCallbackObjectFunctions.h:
2827         (JSC::::putVirtual):
2828         * API/JSObjectRef.cpp:
2829         (JSObjectSetProperty):
2830         (JSObjectSetPropertyAtIndex):
2831         * JavaScriptCore.exp:
2832         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2833         * debugger/DebuggerActivation.cpp:
2834         (JSC::DebuggerActivation::putVirtual):
2835         (JSC::DebuggerActivation::put):
2836         * debugger/DebuggerActivation.h:
2837         * dfg/DFGOperations.cpp:
2838         (JSC::DFG::putByVal):
2839         * interpreter/Interpreter.cpp:
2840         (JSC::Interpreter::execute):
2841         * jit/JITStubs.cpp:
2842         (JSC::DEFINE_STUB_FUNCTION):
2843         * jsc.cpp:
2844         (GlobalObject::finishCreation):
2845         * runtime/Arguments.cpp:
2846         (JSC::Arguments::putVirtual):
2847         * runtime/Arguments.h:
2848         * runtime/ArrayPrototype.cpp:
2849         (JSC::putProperty):
2850         (JSC::arrayProtoFuncConcat):
2851         (JSC::arrayProtoFuncPush):
2852         (JSC::arrayProtoFuncReverse):
2853         (JSC::arrayProtoFuncShift):
2854         (JSC::arrayProtoFuncSlice):
2855         (JSC::arrayProtoFuncSort):
2856         (JSC::arrayProtoFuncSplice):
2857         (JSC::arrayProtoFuncUnShift):
2858         (JSC::arrayProtoFuncFilter):
2859         (JSC::arrayProtoFuncMap):
2860         * runtime/JSActivation.cpp:
2861         (JSC::JSActivation::putVirtual):
2862         * runtime/JSActivation.h:
2863         * runtime/JSArray.cpp:
2864         (JSC::JSArray::putVirtual):
2865         (JSC::JSArray::putSlowCase):
2866         (JSC::JSArray::push):
2867         (JSC::JSArray::shiftCount):
2868         (JSC::JSArray::unshiftCount):
2869         * runtime/JSArray.h:
2870         * runtime/JSByteArray.cpp:
2871         (JSC::JSByteArray::putVirtual):
2872         * runtime/JSByteArray.h:
2873         * runtime/JSCell.cpp:
2874         (JSC::JSCell::putVirtual):
2875         (JSC::JSCell::put):
2876         * runtime/JSCell.h:
2877         * runtime/JSFunction.cpp:
2878         (JSC::JSFunction::putVirtual):
2879         * runtime/JSFunction.h:
2880         * runtime/JSGlobalObject.cpp:
2881         (JSC::JSGlobalObject::putVirtual):
2882         (JSC::JSGlobalObject::putWithAttributes):
2883         * runtime/JSGlobalObject.h:
2884         * runtime/JSNotAnObject.cpp:
2885         (JSC::JSNotAnObject::putVirtual):
2886         * runtime/JSNotAnObject.h:
2887         * runtime/JSONObject.cpp:
2888         (JSC::Walker::walk):
2889         * runtime/JSObject.cpp:
2890         (JSC::JSObject::putVirtual):
2891         (JSC::JSObject::put):
2892         (JSC::JSObject::defineOwnProperty):
2893         * runtime/JSObject.h:
2894         (JSC::JSValue::put):
2895         * runtime/JSStaticScopeObject.cpp:
2896         (JSC::JSStaticScopeObject::putVirtual):
2897         * runtime/JSStaticScopeObject.h:
2898         * runtime/Lookup.h:
2899         (JSC::lookupPut):
2900         * runtime/ObjectPrototype.cpp:
2901         (JSC::ObjectPrototype::putVirtual):
2902         * runtime/ObjectPrototype.h:
2903         * runtime/RegExpConstructor.cpp:
2904         (JSC::RegExpMatchesArray::fillArrayInstance):
2905         (JSC::RegExpConstructor::putVirtual):
2906         * runtime/RegExpConstructor.h:
2907         * runtime/RegExpMatchesArray.h:
2908         (JSC::RegExpMatchesArray::putVirtual):
2909         * runtime/RegExpObject.cpp:
2910         (JSC::RegExpObject::putVirtual):
2911         * runtime/RegExpObject.h:
2912         * runtime/StringObject.cpp:
2913         (JSC::StringObject::putVirtual):
2914         * runtime/StringObject.h:
2915         * runtime/StringPrototype.cpp:
2916         (JSC::stringProtoFuncSplit):
2917
2918 2011-10-13  Filip Pizlo  <fpizlo@apple.com>
2919
2920         Reflective Arguments retrieval should be hardened for the
2921         possibility of inlining
2922         https://bugs.webkit.org/show_bug.cgi?id=70068
2923
2924         Reviewed by Oliver Hunt.
2925         
2926         CodeBlock can now track, as part of its RareData, the virtual inline
2927         stack at callsites. CallFrame walking can now rematerialize "inline"
2928         CallFrames by combining the meta-data in CodeBlock with the information
2929         already in the JS stack. Arguments can now safely retrieve the
2930         arguments from inline CallFrames.
2931         
2932         The DFG already had the notion of a "CodeOrigin" in preparation for
2933         inlining. This notion will now be saved into the CodeBlock, if the DFG
2934         had done inlining. So, CodeOrigin has been moved to bytecode/ and has
2935         been changed to behave more like a struct since that is how it's
2936         meant to be used.
2937
2938         * GNUmakefile.list.am:
2939         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2940         * JavaScriptCore.xcodeproj/project.pbxproj:
2941         * bytecode/CodeBlock.h:
2942         (JSC::CodeBlock::inlineCallFrames):
2943         (JSC::CodeBlock::codeOrigins):
2944         (JSC::CodeBlock::hasCodeOrigins):
2945         (JSC::CodeBlock::codeOriginForReturn):
2946         * bytecode/CodeOrigin.h: Added.
2947         (JSC::CodeOrigin::CodeOrigin):
2948         (JSC::CodeOrigin::isSet):
2949         (JSC::getCallReturnOffsetForCodeOrigin):
2950         * dfg/DFGJITCompiler.cpp:
2951         (JSC::DFG::JITCompiler::link):
2952         * dfg/DFGNode.h:
2953         * dfg/DFGSpeculativeJIT.cpp:
2954         (JSC::DFG::SpeculativeJIT::compile):
2955         * dfg/DFGSpeculativeJIT32_64.cpp:
2956         (JSC::DFG::SpeculativeJIT::compile):
2957         * dfg/DFGSpeculativeJIT64.cpp:
2958         (JSC::DFG::SpeculativeJIT::compile):
2959         * interpreter/CallFrame.cpp:
2960         (JSC::CallFrame::isInlineCallFrame):
2961         (JSC::CallFrame::trueCallerFrame):
2962         * interpreter/CallFrame.h:
2963         (JSC::ExecState::inlineCallFrame):
2964         (JSC::ExecState::setInlineCallFrame):
2965         (JSC::ExecState::isInlineCallFrame):
2966         (JSC::ExecState::trueCallerFrame):
2967         * interpreter/Interpreter.cpp:
2968         (JSC::Interpreter::findFunctionCallFrame):
2969         * interpreter/Register.h:
2970         (JSC::Register::operator=):
2971         (JSC::Register::inlineCallFrame):
2972         * runtime/Arguments.h:
2973         (JSC::Arguments::getArgumentsData):
2974         (JSC::Arguments::finishCreationButDontCopyRegisters):
2975         (JSC::Arguments::finishCreation):
2976         (JSC::Arguments::finishCreationAndCopyRegisters):
2977         * runtime/Executable.h:
2978         (JSC::FunctionExecutable::parameterCount):
2979
2980 2011-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2981
2982         Rename virtual deleteProperty to deletePropertyVirtual
2983         https://bugs.webkit.org/show_bug.cgi?id=69884
2984
2985         Reviewed by Darin Adler.
2986
2987         Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for 
2988         adding the static deleteProperty to the MethodTable in ClassInfo since the 
2989         compiler gets mad if the virtual and static versions have the same name.
2990
2991         * API/JSCallbackObject.h:
2992         * API/JSCallbackObjectFunctions.h:
2993         (JSC::::deletePropertyVirtual):
2994         (JSC::::deleteProperty):
2995         * API/JSObjectRef.cpp:
2996         (JSObjectDeleteProperty):
2997         * JavaScriptCore.exp:
2998         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2999         * debugger/DebuggerActivation.cpp:
3000         (JSC::DebuggerActivation::deletePropertyVirtual):
3001         (JSC::DebuggerActivation::deleteProperty):
3002         * debugger/DebuggerActivation.h:
3003         * jit/JITStubs.cpp:
3004         (JSC::DEFINE_STUB_FUNCTION):
3005         * runtime/Arguments.cpp:
3006         (JSC::Arguments::deletePropertyVirtual):
3007         * runtime/Arguments.h:
3008         * runtime/ArrayPrototype.cpp:
3009         (JSC::arrayProtoFuncPop):
3010         (JSC::arrayProtoFuncReverse):
3011         (JSC::arrayProtoFuncShift):
3012         (JSC::arrayProtoFuncSplice):
3013         (JSC::arrayProtoFuncUnShift):
3014         * runtime/JSActivation.cpp:
3015         (JSC::JSActivation::deletePropertyVirtual):
3016         * runtime/JSActivation.h:
3017         * runtime/JSArray.cpp:
3018         (JSC::JSArray::deletePropertyVirtual):
3019         (JSC::JSArray::deleteProperty):
3020         * runtime/JSArray.h:
3021         * runtime/JSCell.cpp:
3022         (JSC::JSCell::deletePropertyVirtual):
3023         (JSC::JSCell::deleteProperty):
3024         * runtime/JSCell.h:
3025         * runtime/JSFunction.cpp:
3026         (JSC::JSFunction::deletePropertyVirtual):
3027         * runtime/JSFunction.h:
3028         * runtime/JSNotAnObject.cpp:
3029         (JSC::JSNotAnObject::deletePropertyVirtual):
3030         * runtime/JSNotAnObject.h:
3031         * runtime/JSONObject.cpp:
3032         (JSC::Walker::walk):
3033         * runtime/JSObject.cpp:
3034         (JSC::JSObject::deletePropertyVirtual):
3035         (JSC::JSObject::deleteProperty):
3036         (JSC::JSObject::defineOwnProperty):
3037         * runtime/JSObject.h:
3038         * runtime/JSVariableObject.cpp:
3039         (JSC::JSVariableObject::deletePropertyVirtual):
3040         * runtime/JSVariableObject.h:
3041         * runtime/RegExpMatchesArray.h:
3042         (JSC::RegExpMatchesArray::deletePropertyVirtual):
3043         * runtime/StrictEvalActivation.cpp:
3044         (JSC::StrictEvalActivation::deletePropertyVirtual):
3045         * runtime/StrictEvalActivation.h:
3046         * runtime/StringObject.cpp:
3047         (JSC::StringObject::deletePropertyVirtual):
3048         * runtime/StringObject.h:
3049
3050 2011-10-14  Peter Beverloo  <peter@chromium.org>
3051
3052         [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
3053         https://bugs.webkit.org/show_bug.cgi?id=70028
3054
3055         Reviewed by Adam Barth.
3056
3057         * JavaScriptCore.gyp/JavaScriptCore.gyp:
3058
3059 2011-10-14  Yuqiang Xian  <yuqiang.xian@intel.com>
3060
3061         DFG JIT 32_64 - Performance fix for ResolveGlobal
3062         https://bugs.webkit.org/show_bug.cgi?id=70096
3063
3064         Reviewed by Gavin Barraclough.
3065
3066         Structure check of global object should be a pointer comparison
3067         instead of a tag and payload pair comparison. This fix improves
3068         SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
3069         Also two trivial fixes for successful 32-bit build are included.
3070
3071         * dfg/DFGSpeculativeJIT.cpp:
3072         * dfg/DFGSpeculativeJIT32_64.cpp:
3073         (JSC::DFG::SpeculativeJIT::compile):
3074
3075 2011-10-13  Filip Pizlo  <fpizlo@apple.com>
3076
3077         Speculation failures in ValueToInt32 are causing a 2x slow-down
3078         in Kraken/stanford-crypto-pbkdf2
3079         https://bugs.webkit.org/show_bug.cgi?id=70089
3080
3081         Reviewed by Gavin Barraclough.
3082         
3083         If we can't truncate to Int32 using machine code, then don't fail
3084         speculation. Just call JSC::toInt32.
3085
3086         * dfg/DFGJITCodeGenerator.h:
3087         (JSC::DFG::callOperation):
3088         * dfg/DFGOperations.h:
3089         * dfg/DFGSpeculativeJIT.cpp:
3090         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3091         * dfg/DFGSpeculativeJIT64.cpp:
3092         (JSC::DFG::SpeculativeJIT::compile):
3093
3094 2011-10-13  Mark Hahnenberg  <mhahnenberg@apple.com>
3095
3096         Rename virtual getConstructData to getConstructDataVirtual
3097         https://bugs.webkit.org/show_bug.cgi?id=69872
3098
3099         Reviewed by Geoffrey Garen.
3100
3101         Renamed virtual getConstructData functions to getConstructDataVirtual to 
3102         avoid conflicts when we add static getConstructData to the MethodTable.
3103
3104         * API/JSCallbackConstructor.cpp:
3105         (JSC::JSCallbackConstructor::getConstructDataVirtual):
3106         * API/JSCallbackConstructor.h:
3107         * API/JSCallbackObject.h:
3108         * API/JSCallbackObjectFunctions.h:
3109         (JSC::::getConstructDataVirtual):
3110         * API/JSObjectRef.cpp:
3111         (JSObjectIsConstructor):
3112         (JSObjectCallAsConstructor):
3113         * JavaScriptCore.exp:
3114         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3115         * dfg/DFGOperations.cpp:
3116         * jit/JITStubs.cpp:
3117         (JSC::DEFINE_STUB_FUNCTION):
3118         * runtime/ArrayConstructor.cpp:
3119         (JSC::ArrayConstructor::getConstructDataVirtual):
3120         * runtime/ArrayConstructor.h:
3121         * runtime/BooleanConstructor.cpp:
3122         (JSC::BooleanConstructor::getConstructDataVirtual):
3123         * runtime/BooleanConstructor.h:
3124         * runtime/DateConstructor.cpp:
3125         (JSC::DateConstructor::getConstructDataVirtual):
3126         * runtime/DateConstructor.h:
3127         * runtime/Error.h:
3128         (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
3129         * runtime/ErrorConstructor.cpp:
3130         (JSC::ErrorConstructor::getConstructDataVirtual):
3131         * runtime/ErrorConstructor.h:
3132         * runtime/FunctionConstructor.cpp:
3133         (JSC::FunctionConstructor::getConstructDataVirtual):
3134         * runtime/FunctionConstructor.h:
3135         * runtime/JSCell.cpp:
3136         (JSC::JSCell::getConstructDataVirtual):
3137         * runtime/JSCell.h:
3138         (JSC::getConstructData):
3139         * runtime/JSFunction.cpp:
3140         (JSC::JSFunction::getConstructDataVirtual):
3141         * runtime/JSFunction.h:
3142         * runtime/NativeErrorConstructor.cpp:
3143         (JSC::NativeErrorConstructor::getConstructDataVirtual):
3144         * runtime/NativeErrorConstructor.h:
3145         * runtime/NumberConstructor.cpp:
3146         (JSC::NumberConstructor::getConstructDataVirtual):
3147         * runtime/NumberConstructor.h:
3148         * runtime/ObjectConstructor.cpp:
3149         (JSC::ObjectConstructor::getConstructDataVirtual):
3150         * runtime/ObjectConstructor.h:
3151         * runtime/RegExpConstructor.cpp:
3152         (JSC::RegExpConstructor::getConstructDataVirtual):
3153         * runtime/RegExpConstructor.h:
3154         * runtime/StringConstructor.cpp:
3155         (JSC::StringConstructor::getConstructDataVirtual):
3156         * runtime/StringConstructor.h:
3157
3158 2011-10-13  Filip Pizlo  <fpizlo@apple.com>
3159
3160         Rubber stamped Stephanie Lewis.
3161         
3162         DFG_ENABLE() macro was always returning false.
3163
3164         * dfg/DFGNode.h:
3165
3166 2011-10-13  Gavin Barraclough  <baraclough@apple.com>
3167
3168         Speculative build fix for !DFG builds.
3169
3170         * jit/JIT.cpp:
3171         (JSC::JIT::privateCompile):
3172
3173 2011-10-13  Oliver Hunt  <oliver@apple.com>
3174
3175         Fix performance of ValueToInt32 node when predicting double
3176         https://bugs.webkit.org/show_bug.cgi?id=70063
3177
3178         Reviewed by Filip Pizlo.
3179
3180         Currently we fail to inline double to int conversion when
3181         performing a ValueToInt32 operation on a value we predict
3182         to be a double.
3183
3184         * dfg/DFGAbstractState.cpp:
3185         (JSC::DFG::AbstractState::execute):
3186            Apply correct filter for the double prediction path
3187         * dfg/DFGJITCodeGenerator32_64.cpp:
3188         (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
3189         * dfg/DFGJITCodeGenerator64.cpp:
3190         (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
3191            Support double parameters even when value has been spilled.
3192         * dfg/DFGSpeculativeJIT.cpp:
3193         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3194            Moved old valueToInt32 code to this function, and added
3195            path for double prediction
3196         * dfg/DFGSpeculativeJIT.h:
3197         * dfg/DFGSpeculativeJIT32_64.cpp:
3198         (JSC::DFG::SpeculativeJIT::compile):
3199         * dfg/DFGSpeculativeJIT64.cpp:
3200         (JSC::DFG::SpeculativeJIT::compile):
3201            Made the two implementations of ValueToInt32 call a single
3202            shared compileValueToInt32 function.
3203
3204 2011-10-13  Chris Marrin  <cmarrin@apple.com>
3205
3206         Sync requestAnimationFrame callback to CVDisplayLink on Mac
3207         https://bugs.webkit.org/show_bug.cgi?id=68911
3208
3209         Reviewed by Simon Fraser.
3210
3211         Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
3212         that use the DisplayRefreshMonitor logic.
3213
3214         * wtf/Platform.h:
3215
3216 2011-10-13  Gavin Barraclough  <baraclough@apple.com>
3217
3218         DFG JIT should not be using ENABLE macro to enable features
3219         https://bugs.webkit.org/show_bug.cgi?id=70060
3220
3221         Reviewed by Oliver Hunt.
3222
3223         The ENABLE macro is only intended to be used to detect features that are configured
3224         in Platform.h. Using its to detect settings defined in other headers is an error.
3225
3226         The problem is that the ENABLE macro checks if the value is defined, so will silently
3227         return false if you fail to include the header defining the switch. This is not a problem
3228         if (1) the settings are defined in the same header that defines the macro that tests them,
3229         or (2) the header is included everywhere.  In the case of ENABLE settings defined in
3230         Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
3231
3232         * bytecode/CodeBlock.cpp:
3233         * dfg/DFGByteCodeParser.cpp:
3234         (JSC::DFG::ByteCodeParser::getPrediction):
3235         (JSC::DFG::ByteCodeParser::makeSafe):
3236         * dfg/DFGCapabilities.h:
3237         (JSC::DFG::canCompileOpcode):
3238         * dfg/DFGGraph.cpp:
3239         (JSC::DFG::Graph::predictArgumentTypes):
3240         * dfg/DFGJITCodeGenerator.cpp:
3241         * dfg/DFGJITCodeGenerator.h:
3242         * dfg/DFGJITCompiler.cpp:
3243         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3244         (JSC::DFG::JITCompiler::compileBody):
3245         (JSC::DFG::JITCompiler::link):
3246         * dfg/DFGJITCompiler.h:
3247         (JSC::DFG::JITCompiler::noticeOSREntry):
3248         * dfg/DFGJITCompiler32_64.cpp:
3249         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
3250         (JSC::DFG::JITCompiler::compileBody):
3251         (JSC::DFG::JITCompiler::link):
3252         * dfg/DFGNode.h:
3253         * dfg/DFGOSREntry.cpp:
3254         (JSC::DFG::prepareOSREntry):
3255         * dfg/DFGOperations.cpp:
3256         * dfg/DFGOperations.h:
3257         * dfg/DFGPropagator.cpp:
3258         (JSC::DFG::Propagator::fixpoint):
3259         (JSC::DFG::Propagator::propagateArithNodeFlags):
3260         (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
3261         (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
3262         (JSC::DFG::Propagator::propagateNodePredictions):
3263         (JSC::DFG::Propagator::propagatePredictionsForward):
3264         (JSC::DFG::Propagator::propagatePredictionsBackward):
3265         (JSC::DFG::Propagator::propagatePredictions):
3266         (JSC::DFG::Propagator::toDouble):
3267         (JSC::DFG::Propagator::fixupNode):
3268         (JSC::DFG::Propagator::fixup):
3269         (JSC::DFG::Propagator::startIndexForChildren):
3270         (JSC::DFG::Propagator::endIndexForPureCSE):
3271         (JSC::DFG::Propagator::setReplacement):
3272         (JSC::DFG::Propagator::eliminate):
3273         (JSC::DFG::Propagator::performNodeCSE):
3274         (JSC::DFG::Propagator::localCSE):
3275         (JSC::DFG::Propagator::allocateVirtualRegisters):
3276         (JSC::DFG::Propagator::performBlockCFA):
3277         (JSC::DFG::Propagator::performForwardCFA):
3278         (JSC::DFG::Propagator::globalCFA):
3279         * dfg/DFGScoreBoard.h:
3280         * dfg/DFGSpeculativeJIT.cpp:
3281         (JSC::DFG::SpeculativeJIT::compile):
3282         * dfg/DFGSpeculativeJIT.h:
3283         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
3284         * dfg/DFGSpeculativeJIT32_64.cpp:
3285         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3286         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3287         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3288         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3289         (JSC::DFG::SpeculativeJIT::compile):
3290         * dfg/DFGSpeculativeJIT64.cpp:
3291         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3292         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3293         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3294         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3295         (JSC::DFG::SpeculativeJIT::compile):
3296         * jit/JIT.cpp:
3297         (JSC::JIT::privateCompile):
3298
3299 2011-10-13  Gavin Barraclough  <baraclough@apple.com>
3300
3301         terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
3302
3303         Rubber stamped by Filip Pizlo
3304
3305         This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
3306
3307         * dfg/DFGSpeculativeJIT32_64.cpp:
3308         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3309         * dfg/DFGSpeculativeJIT64.cpp:
3310         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3311
3312 2011-10-13  Mark Hahnenberg  <mhahnenberg@apple.com>
3313
3314         De-virtualized JSCell::toNumber
3315         https://bugs.webkit.org/show_bug.cgi?id=69858
3316
3317         Reviewed by Sam Weinig.
3318
3319
3320         Removed JSCallbackObject::toNumber because its no longer necessary since 
3321         JSObject::toNumber now suffices since we implicitly add valueOf to an object's
3322         prototype whenever a convertToType callback is provided.
3323         * API/JSCallbackObject.h:
3324         * API/JSCallbackObjectFunctions.h:
3325         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3326
3327         De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
3328         * runtime/JSCell.cpp:
3329         (JSC::JSCell::toNumber):
3330         * runtime/JSCell.h:
3331         * runtime/JSObject.h:
3332         * runtime/JSString.h:
3333
3334         Removed JSNotAnObject::toNumber because its result doesn't matter and it implements 
3335         defaultValue, therefore JSObject::toNumber can cover its case.
3336         * runtime/JSNotAnObject.cpp:
3337         * runtime/JSNotAnObject.h:
3338
3339 2011-10-13  Xianzhu Wang  <wangxianzhu@chromium.org>
3340
3341         Use realloc() to expand/shrink StringBuilder buffer
3342         https://bugs.webkit.org/show_bug.cgi?id=69913
3343
3344         Reviewed by Darin Adler.
3345
3346         * wtf/text/StringBuilder.cpp:
3347         (WTF::StringBuilder::reserveCapacity):
3348         (WTF::StringBuilder::reallocateBuffer):
3349         (WTF::StringBuilder::appendUninitialized):
3350         (WTF::StringBuilder::shrinkToFit):
3351         * wtf/text/StringBuilder.h:
3352         * wtf/text/StringImpl.cpp:
3353         (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
3354         * wtf/text/StringImpl.h:
3355
3356 2011-10-12  Filip Pizlo  <fpizlo@apple.com>
3357
3358         If an Arguments object is being used to copy the arguments, then
3359         make this explicit
3360         https://bugs.webkit.org/show_bug.cgi?id=69995
3361
3362         Reviewed by Sam Weinig.
3363
3364         * interpreter/Interpreter.cpp:
3365         (JSC::Interpreter::retrieveArguments):
3366         * runtime/Arguments.h:
3367         (JSC::Arguments::createAndCopyRegisters):
3368         (JSC::Arguments::finishCreationButDontCopyRegisters):
3369         (JSC::Arguments::finishCreation):
3370         (JSC::Arguments::finishCreationAndCopyRegisters):
3371
3372 2011-10-12  Filip Pizlo  <fpizlo@apple.com>
3373
3374         DFG CFA does not filter structures aggressively enough.
3375         https://bugs.webkit.org/show_bug.cgi?id=69989
3376
3377         Reviewed by Oliver Hunt.
3378
3379         * dfg/DFGAbstractValue.h:
3380         (JSC::DFG::AbstractValue::clear):
3381         (JSC::DFG::AbstractValue::makeTop):
3382         (JSC::DFG::AbstractValue::clobberStructures):
3383         (JSC::DFG::AbstractValue::set):
3384         (JSC::DFG::AbstractValue::merge):
3385         (JSC::DFG::AbstractValue::filter):
3386         (JSC::DFG::AbstractValue::checkConsistency):
3387
3388 2011-10-12  Adam Barth  <abarth@webkit.org>
3389
3390         Remove ENABLE(XHTMLMP) and associated code
3391         https://bugs.webkit.org/show_bug.cgi?id=69729
3392
3393         Reviewed by David Levin.
3394
3395         * Configurations/FeatureDefines.xcconfig:
3396
3397 2011-10-12  Gavin Barraclough  <baraclough@apple.com>
3398
3399         MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
3400         https://bugs.webkit.org/show_bug.cgi?id=69978
3401
3402         Reviewed by Filip Pizlo.
3403
3404         Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
3405
3406         compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
3407         a couple of xchg instructions.
3408
3409         branchTest8 with a register argument is also affected. In all cases this is currently used
3410         this is testing a value that is correct to 32 or more bits, so we can simply switch these
3411         to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
3412         32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
3413
3414         This fixes the remaining fast/js failures with the DFG JIT 32_64.
3415
3416         * assembler/MacroAssemblerARMv7.h
3417             - removed branchTest8.
3418         * assembler/MacroAssemblerX86Common.h:
3419         (JSC::MacroAssemblerX86Common::compare32):
3420         (JSC::MacroAssemblerX86Common::test8):
3421         (JSC::MacroAssemblerX86Common::test32):
3422         (JSC::MacroAssemblerX86Common::set32):
3423             - added set32 helper that is 'h' register safe.
3424             - removed branchTest8.
3425         * dfg/DFGJITCodeGenerator32_64.cpp:
3426         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
3427         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
3428             - switch uses of branchTest8 to branchTest32.
3429         * dfg/DFGJITCodeGenerator64.cpp:
3430         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
3431         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
3432             - switch uses of branchTest8 to branchTest32.
3433         * dfg/DFGSpeculativeJIT32_64.cpp:
3434         (JSC::DFG::SpeculativeJIT::emitBranch):
3435             - switch uses of branchTest8 to branchTest32.
3436         * dfg/DFGSpeculativeJIT64.cpp:
3437         (JSC::DFG::SpeculativeJIT::emitBranch):
3438             - switch uses of branchTest8 to branchTest32.
3439
3440 2011-10-12  Gavin Barraclough  <baraclough@apple.com>
3441
3442         Errrk, revert accidental commit!
3443
3444         * wtf/Platform.h:
3445
3446 2011-10-12  Gavin Barraclough  <baraclough@apple.com>
3447