Fix indentation of StructureStubInfo.h
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-02-18  Filip Pizlo  <fpizlo@apple.com>
2
3         Fix indentation of StructureStubInfo.h
4
5         Rubber stamped by Mark Hahnenberg.
6
7         * bytecode/StructureStubInfo.h:
8
9 2013-02-18  Filip Pizlo  <fpizlo@apple.com>
10
11         Fix indentation of JSGlobalObject.h and JSGlobalObjectFunctions.h
12
13         Rubber stamped by Mark Hahnenberg.
14
15         * runtime/JSGlobalObject.h:
16         * runtime/JSGlobalObjectFunctions.h:
17
18 2013-02-18  Filip Pizlo  <fpizlo@apple.com>
19
20         Fix indention of Operations.h
21
22         Rubber stamped by Mark Hahnenberg.
23
24         * runtime/Operations.h:
25
26 2013-02-18  Filip Pizlo  <fpizlo@apple.com>
27
28         Remove DFG::SpeculativeJIT::isKnownNumeric(), since it's not called from anywhere.
29
30         Rubber stamped by Andy Estes.
31
32         * dfg/DFGSpeculativeJIT.cpp:
33         (DFG):
34         * dfg/DFGSpeculativeJIT.h:
35         (SpeculativeJIT):
36
37 2013-02-18  Filip Pizlo  <fpizlo@apple.com>
38
39         Remove DFG::SpeculativeJIT::isStrictInt32(), since it's not called from anywhere.
40
41         Rubber stampted by Andy Estes.
42
43         * dfg/DFGSpeculativeJIT.cpp:
44         (DFG):
45         * dfg/DFGSpeculativeJIT.h:
46         (SpeculativeJIT):
47
48 2013-02-18  Filip Pizlo  <fpizlo@apple.com>
49
50         Remove dead code for ValueToNumber from the DFG.
51
52         Rubber stamped by Andy Estes.
53         
54         We killed ValueToNumber at some point, but forgot to kill all of the backend support
55         for it.
56
57         * dfg/DFGByteCodeParser.cpp:
58         (JSC::DFG::ByteCodeParser::handleMinMax):
59         * dfg/DFGOperations.cpp:
60         * dfg/DFGOperations.h:
61         * dfg/DFGSpeculativeJIT.h:
62         (SpeculativeJIT):
63         * dfg/DFGSpeculativeJIT32_64.cpp:
64         * dfg/DFGSpeculativeJIT64.cpp:
65
66 2013-02-17  Csaba Osztrogon√°c  <ossy@webkit.org>
67
68         Unreviewed buildfix for JSVALUE32_64 builds after r143147.
69
70         * jit/JIT.h:
71
72 2013-02-17  Filip Pizlo  <fpizlo@apple.com>
73
74         Move all Structure out-of-line inline methods to StructureInlines.h
75         https://bugs.webkit.org/show_bug.cgi?id=110024
76
77         Rubber stamped by Mark Hahnenberg and Sam Weinig.
78         
79         This was supposed to be easy.
80         
81         But, initially, there was a Structure inline method in CodeBlock.h, and moving that
82         into StructureInlines.h meant that Operations.h included CodeBlock.h. This would
83         cause WebCore build failures, because CodeBlock.h transitively included the JSC
84         parser (via many, many paths), and the JSC parser defines tokens using enumeration
85         elements that CSSGrammar.cpp (generated by bison) would #define. For example,
86         bison would give CSSGrammar.cpp a #define FUNCTION 123, and would do so before
87         including anything interesting. The JSC parser would have an enum that included
88         FUNCTION as an element. Hence the JSC parser included into CSSGrammar.cpp would have
89         a token element called FUNCTION declared in an enumeration, but FUNCTION was
90         #define'd to 123, leading to a parser error.
91         
92         Wow.
93         
94         So I removed all transitive include paths from CodeBlock.h to the JSC Parser. I
95         believe I was able to do so without out-of-lining anything interesting or performance
96         critical. This is probably a purely good thing to have done: it will be nice to be
97         able to make changes to the parser without having to compile the universe.
98         
99         Of course, doing this caused a bunch of other things to not compile, since a bunch of
100         headers relied on things being implicitly included for them when they transitively
101         included the parser. I fixed a lot of that.
102         
103         Finally, I ended up removing the method that depended on CodeBlock.h from
104         StructureInlines.h, and putting it in Structure.cpp. That might seem like all of this
105         was a waste of time, except that I suspect it was a worthwhile forcing function for
106         cleaning up a bunch of cruft.
107         
108         * API/JSCallbackFunction.cpp:
109         * CMakeLists.txt:
110         * GNUmakefile.list.am:
111         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
112         * JavaScriptCore.xcodeproj/project.pbxproj:
113         * Target.pri:
114         * bytecode/CodeBlock.h:
115         (JSC):
116         * bytecode/EvalCodeCache.h:
117         * bytecode/SamplingTool.h:
118         * bytecode/UnlinkedCodeBlock.cpp:
119         (JSC::UnlinkedFunctionExecutable::parameterCount):
120         (JSC):
121         * bytecode/UnlinkedCodeBlock.h:
122         (UnlinkedFunctionExecutable):
123         * bytecompiler/BytecodeGenerator.h:
124         * bytecompiler/Label.h:
125         (JSC):
126         * dfg/DFGByteCodeParser.cpp:
127         * dfg/DFGByteCodeParser.h:
128         * dfg/DFGFPRInfo.h:
129         * dfg/DFGRegisterBank.h:
130         * heap/HandleStack.cpp:
131         * jit/JITWriteBarrier.h:
132         * parser/Nodes.h:
133         (JSC):
134         * parser/Parser.h:
135         * parser/ParserError.h: Added.
136         (JSC):
137         (JSC::ParserError::ParserError):
138         (ParserError):
139         (JSC::ParserError::toErrorObject):
140         * parser/ParserModes.h:
141         * parser/SourceProvider.cpp: Added.
142         (JSC):
143         (JSC::SourceProvider::SourceProvider):
144         (JSC::SourceProvider::~SourceProvider):
145         * parser/SourceProvider.h:
146         (JSC):
147         (SourceProvider):
148         * runtime/ArrayPrototype.cpp:
149         * runtime/DatePrototype.cpp:
150         * runtime/Executable.h:
151         * runtime/JSGlobalObject.cpp:
152         * runtime/JSGlobalObject.h:
153         (JSC):
154         * runtime/Operations.h:
155         * runtime/Structure.cpp:
156         (JSC::Structure::prototypeForLookup):
157         (JSC):
158         * runtime/Structure.h:
159         (JSC):
160         * runtime/StructureInlines.h: Added.
161         (JSC):
162         (JSC::Structure::create):
163         (JSC::Structure::createStructure):
164         (JSC::Structure::get):
165         (JSC::Structure::masqueradesAsUndefined):
166         (JSC::SlotVisitor::internalAppend):
167         (JSC::Structure::transitivelyTransitionedFrom):
168         (JSC::Structure::setEnumerationCache):
169         (JSC::Structure::enumerationCache):
170         (JSC::Structure::prototypeForLookup):
171         (JSC::Structure::prototypeChain):
172         (JSC::Structure::isValid):
173         * runtime/StructureRareData.cpp:
174
175 2013-02-17  Roger Fong  <roger_fong@apple.com>
176
177         Unreviewed. Windows build fix.
178
179         * runtime/CodeCache.h:
180         (CodeCacheMap):
181
182 2013-02-16  Geoffrey Garen  <ggaren@apple.com>
183
184         Code cache should be explicit about what it caches
185         https://bugs.webkit.org/show_bug.cgi?id=110039
186
187         Reviewed by Oliver Hunt.
188
189         This patch makes the code cache more explicit in two ways:
190
191         (1) The cache caches top-level scripts. Any sub-functions executed as a
192         part of a script are cached with it and evicted with it.
193
194         This simplifies things by eliminating out-of-band sub-function tracking,
195         and fixes pathological cases where functions for live scripts would be
196         evicted in favor of functions for dead scripts, and/or high probability
197         functions executed early in script lifetime would be evicted in favor of
198         low probability functions executed late in script lifetime, due to LRU.
199
200         Statistical data from general browsing and PLT confirms that caching
201         functions independently of scripts is not profitable.
202
203         (2) The cache tracks script size, not script count.
204
205         This reduces the worst-case cache size by a factor of infinity.
206
207         Script size is a reasonable first-order estimate of in-memory footprint 
208         for a cached script because there are no syntactic constructs that have
209         super-linear memory footprint.
210
211         * bytecode/UnlinkedCodeBlock.cpp:
212         (JSC::generateFunctionCodeBlock): Moved this function out of the cache
213         because it does not consult the cache, and is not managed by it.
214
215         (JSC::UnlinkedFunctionExecutable::visitChildren): Visit our code blocks
216         because they are strong references now, rather than weak, a la (1).
217
218         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Updated for interface changes.
219
220         * bytecode/UnlinkedCodeBlock.h:
221         (UnlinkedFunctionExecutable):
222         (UnlinkedFunctionCodeBlock): Strong now, not weak, a la (1).
223
224         * runtime/CodeCache.cpp:
225         (JSC::CodeCache::CodeCache):
226         * runtime/CodeCache.h:
227         (JSC::SourceCodeKey::length):
228         (SourceCodeKey):
229         (CodeCacheMap):
230         (JSC::CodeCacheMap::CodeCacheMap):
231         (JSC::CodeCacheMap::find):
232         (JSC::CodeCacheMap::set):
233         (JSC::CodeCacheMap::clear):
234         (CodeCache):
235         (JSC::CodeCache::clear): Removed individual function tracking, due to (1).
236         Added explicit character counting, for (2).
237
238         You might think 16000000 characters is a lot. It is. But this patch
239         didn't establish that limit -- it just took the existing limit and
240         made it more visible. I intend to reduce the size of the cache in a
241         future patch.
242
243 2013-02-16  Filip Pizlo  <fpizlo@apple.com>
244
245         Remove support for bytecode comments, since it doesn't build, and hasn't been used in a while.
246         https://bugs.webkit.org/show_bug.cgi?id=110035
247
248         Rubber stamped by Andreas Kling.
249         
250         There are other ways of achieving the same effect, like adding print statements to the bytecode generator.
251         The fact that this feature doesn't build and nobody noticed implies that it's probably not a popular
252         feature. As well, the amount of wiring that was required for it was quite big considering its relatively
253         modest utility.
254
255         * GNUmakefile.list.am:
256         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
257         * JavaScriptCore.xcodeproj/project.pbxproj:
258         * bytecode/CodeBlock.cpp:
259         (JSC):
260         (JSC::CodeBlock::dumpBytecode):
261         (JSC::CodeBlock::CodeBlock):
262         * bytecode/CodeBlock.h:
263         (CodeBlock):
264         * bytecode/Comment.h: Removed.
265         * bytecompiler/BytecodeGenerator.cpp:
266         (JSC::BytecodeGenerator::BytecodeGenerator):
267         (JSC::BytecodeGenerator::emitOpcode):
268         (JSC):
269         * bytecompiler/BytecodeGenerator.h:
270         (BytecodeGenerator):
271         (JSC::BytecodeGenerator::symbolTable):
272
273 2013-02-16  Brent Fulgham  <bfulgham@webkit.org>
274
275         [Windows] Unreviewed Visual Studio 2010 build fix after r143117
276
277         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: Reference new path to property sheets.
278         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
279         Build correction after new operator == added.
280
281 2013-02-16  Filip Pizlo  <fpizlo@apple.com>
282
283         Fix indentation of Structure.h
284
285         Rubber stamped by Mark Hahnenberg.
286
287         * runtime/Structure.h:
288
289 2013-02-16  Christophe Dumez  <ch.dumez@sisa.samsung.com>
290
291         Unreviewed build fix.
292
293         Export symbol for new CString operator== operator to fix Windows build.
294
295         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
296
297 2013-02-15  Filip Pizlo  <fpizlo@apple.com>
298
299         Structure should be more methodical about the relationship between m_offset and m_propertyTable
300         https://bugs.webkit.org/show_bug.cgi?id=109978
301
302         Reviewed by Mark Hahnenberg.
303         
304         Allegedly, the previous relationship was that either m_propertyTable or m_offset
305         would be set, and if m_propertyTable was not set you could rebuild it.  In reality,
306         we would sometimes "reset" both: some transitions wouldn't set m_offset, and other
307         transitions would clear the previous structure's m_propertyTable.  So, in a
308         structure transition chain of A->B->C you could have:
309
310         A transitions to B: B doesn't copy m_offset but does copy m_propertyTable, because
311             that seemed like a good idea at the time (this was a common idiom in the code).
312         B transitions to C: C steals B's m_propertyTable, leaving B with neither a
313             m_propertyTable nor a m_offset.
314
315         Then we would ask for the size of the property storage of B and get the answer
316         "none".  That's not good.
317
318         Now, there is a new relationship, which, hopefully, should fix things: m_offset is
319         always set and always refers to the maximum offset ever used by the property table.
320         From this, you can infer both the inline and out-of-line property size, and
321         capacity.  This is accomplished by having PropertyTable::add() take a
322         PropertyOffset reference, which must be Structure::m_offset.  It will update this
323         offset.  As well, all transitions now copy m_offset.  And we frequently assert
324         (using RELEASE_ASSERT) that the m_offset matches what m_propertyTable would tell
325         you.  Hence if you ever modify the m_propertyTable, you'll also update the offset.
326         If you ever copy the property table, you'll also copy the offset.  Life should be
327         good, I think.
328
329         * runtime/PropertyMapHashTable.h:
330         (JSC::PropertyTable::add):
331         * runtime/Structure.cpp:
332         (JSC::Structure::materializePropertyMap):
333         (JSC::Structure::addPropertyTransition):
334         (JSC::Structure::removePropertyTransition):
335         (JSC::Structure::changePrototypeTransition):
336         (JSC::Structure::despecifyFunctionTransition):
337         (JSC::Structure::attributeChangeTransition):
338         (JSC::Structure::toDictionaryTransition):
339         (JSC::Structure::sealTransition):
340         (JSC::Structure::freezeTransition):
341         (JSC::Structure::preventExtensionsTransition):
342         (JSC::Structure::nonPropertyTransition):
343         (JSC::Structure::flattenDictionaryStructure):
344         (JSC::Structure::checkConsistency):
345         (JSC::Structure::putSpecificValue):
346         (JSC::Structure::createPropertyMap):
347         (JSC::PropertyTable::checkConsistency):
348         * runtime/Structure.h:
349         (JSC):
350         (JSC::Structure::putWillGrowOutOfLineStorage):
351         (JSC::Structure::outOfLineCapacity):
352         (JSC::Structure::outOfLineSize):
353         (JSC::Structure::isEmpty):
354         (JSC::Structure::materializePropertyMapIfNecessary):
355         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
356         (Structure):
357         (JSC::Structure::checkOffsetConsistency):
358
359 2013-02-15  Martin Robinson  <mrobinson@igalia.com>
360
361         [GTK] Spread the gyp build files throughout the tree
362         https://bugs.webkit.org/show_bug.cgi?id=109960
363
364         Reviewed by Dirk Pranke.
365
366         * JavaScriptCore.gyp/JavaScriptCoreGTK.gyp: Renamed from Source/WebKit/gtk/gyp/JavaScriptCore.gyp.
367         * JavaScriptCore.gyp/generate-derived-sources.sh: Renamed from Source/WebKit/gtk/gyp/generate-derived-sources.sh.
368
369 2013-02-15  Filip Pizlo  <fpizlo@apple.com>
370
371         DFG SpeculativeJIT64 should be more precise about when it's dealing with a cell (even though it probably doesn't matter)
372         https://bugs.webkit.org/show_bug.cgi?id=109625
373
374         Reviewed by Mark Hahnenberg.
375
376         * dfg/DFGSpeculativeJIT64.cpp:
377         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
378         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
379         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
380         (JSC::DFG::SpeculativeJIT::compile):
381
382 2013-02-15  Geoffrey Garen  <ggaren@apple.com>
383
384         Merged the global function cache into the source code cache
385         https://bugs.webkit.org/show_bug.cgi?id=108660
386
387         Reviewed by Sam Weinig.
388
389         Responding to review comments by Darin Adler.
390
391         * runtime/CodeCache.h:
392         (JSC::SourceCodeKey::SourceCodeKey): Don't initialize m_name and m_flags
393         in the hash table deleted value because they're meaningless.
394
395 2013-02-14  Filip Pizlo  <fpizlo@apple.com>
396
397         DFG AbstractState should filter operands to NewArray more precisely
398         https://bugs.webkit.org/show_bug.cgi?id=109900
399
400         Reviewed by Mark Hahnenberg.
401         
402         NewArray for primitive indexing types speculates that the inputs are the appropriate
403         primitives. Now, the CFA filters the abstract state accordingly, as well.
404
405         * dfg/DFGAbstractState.cpp:
406         (JSC::DFG::AbstractState::execute):
407
408 2013-02-15  Andreas Kling  <akling@apple.com>
409
410         Yarr: Use OwnPtr to make pattern/disjunction/character-class ownership clearer.
411         <http://webkit.org/b/109218>
412
413         Reviewed by Benjamin Poulain.
414
415         - Let classes that manage lifetime of other objects hold on to them with OwnPtr instead of raw pointers.
416         - Placed some strategic Vector::shrinkToFit(), ::reserveInitialCapacity() and ::swap().
417
418         668 kB progression on Membuster3.
419
420         * yarr/YarrInterpreter.cpp:
421         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
422         (JSC::Yarr::ByteCompiler::emitDisjunction):
423         (ByteCompiler):
424         * yarr/YarrInterpreter.h:
425         (JSC::Yarr::BytecodePattern::BytecodePattern):
426         (BytecodePattern):
427         * yarr/YarrJIT.cpp:
428         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
429         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
430         (JSC::Yarr::YarrGenerator::opCompileBody):
431         * yarr/YarrPattern.cpp:
432         (JSC::Yarr::CharacterClassConstructor::charClass):
433         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
434         (JSC::Yarr::YarrPatternConstructor::reset):
435         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
436         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
437         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
438         (JSC::Yarr::YarrPatternConstructor::setupDisjunctionOffsets):
439         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
440         (JSC::Yarr::YarrPatternConstructor::optimizeBOL):
441         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
442         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
443         * yarr/YarrPattern.h:
444         (JSC::Yarr::PatternDisjunction::addNewAlternative):
445         (PatternDisjunction):
446         (YarrPattern):
447         (JSC::Yarr::YarrPattern::reset):
448         (JSC::Yarr::YarrPattern::newlineCharacterClass):
449         (JSC::Yarr::YarrPattern::digitsCharacterClass):
450         (JSC::Yarr::YarrPattern::spacesCharacterClass):
451         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
452         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
453         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
454         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
455
456 2013-02-14  Geoffrey Garen  <ggaren@apple.com>
457
458         Merged the global function cache into the source code cache
459         https://bugs.webkit.org/show_bug.cgi?id=108660
460
461         Reviewed by Sam Weinig.
462
463         This has a few benefits:
464
465             (*) Saves a few kB by removing a second cache data structure.
466
467             (*) Reduces the worst case memory usage of the cache by 1.75X. (Heavy
468             use of 'new Function' and other techniques could cause us to fill
469             both root caches, and they didn't trade off against each other.)
470
471             (*) Paves the way for future improvements based on a non-trivial
472             cache key (for example, shrinkable pointer to the key string, and
473             more precise cache size accounting).
474
475         Also cleaned up the cache implementation and simplified it a bit.
476
477         * heap/Handle.h:
478         (HandleBase):
479         * heap/Strong.h:
480         (Strong): Build!
481
482         * runtime/CodeCache.cpp:
483         (JSC):
484         (JSC::CodeCache::getCodeBlock):
485         (JSC::CodeCache::generateFunctionCodeBlock):
486         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
487         (JSC::CodeCache::usedFunctionCode): Updated for three interface changes:
488
489             (*) SourceCodeKey is a class, not a pair.
490
491             (*) Table values are abstract pointers, since they can be executables
492             or code blocks. (In a future patch, I'd like to change this so we
493             always store only code blocks. But that's too much for one patch.)
494
495             (*) The cache function is named "set" because it always overwrites
496             unconditionally.
497
498         * runtime/CodeCache.h:
499         (CacheMap):
500         (JSC::CacheMap::find):
501         (JSC::CacheMap::set):
502         (JSC::CacheMap::clear): Added support for specifying hash traits, so we
503         can use a SourceCodeKey.
504
505         Removed side table and random number generator to save space and reduce
506         complexity. Hash tables are already random, so we don't need another source
507         of randomness.
508
509         (SourceCodeKey):
510         (JSC::SourceCodeKey::SourceCodeKey):
511         (JSC::SourceCodeKey::isHashTableDeletedValue):
512         (JSC::SourceCodeKey::hash):
513         (JSC::SourceCodeKey::isNull):
514         (JSC::SourceCodeKey::operator==):
515         (JSC::SourceCodeKeyHash::hash):
516         (JSC::SourceCodeKeyHash::equal):
517         (SourceCodeKeyHash):
518         (SourceCodeKeyHashTraits):
519         (JSC::SourceCodeKeyHashTraits::isEmptyValue): A SourceCodeKey is just a
520         fancy triplet: source code string; function name (or null, for non-functions);
521         and flags. Flags and function name distinguish between functions and programs
522         with identical code, so they can live in the same cache.
523
524         I chose to use the source code string as the primary hashing reference
525         because it's likely to be unique. We can use profiling to choose another
526         technique in future, if collisions between functions and programs prove
527         to be hot. I suspect they won't.
528
529         (JSC::CodeCache::clear):
530         (CodeCache): Removed the second cache.
531
532         * heap/Handle.h:
533         (HandleBase):
534         * heap/Strong.h:
535         (Strong):
536         * runtime/CodeCache.cpp:
537         (JSC):
538         (JSC::CodeCache::getCodeBlock):
539         (JSC::CodeCache::generateFunctionCodeBlock):
540         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
541         (JSC::CodeCache::usedFunctionCode):
542         * runtime/CodeCache.h:
543         (JSC):
544         (CacheMap):
545         (JSC::CacheMap::find):
546         (JSC::CacheMap::set):
547         (JSC::CacheMap::clear):
548         (SourceCodeKey):
549         (JSC::SourceCodeKey::SourceCodeKey):
550         (JSC::SourceCodeKey::isHashTableDeletedValue):
551         (JSC::SourceCodeKey::hash):
552         (JSC::SourceCodeKey::isNull):
553         (JSC::SourceCodeKey::operator==):
554         (JSC::SourceCodeKeyHash::hash):
555         (JSC::SourceCodeKeyHash::equal):
556         (SourceCodeKeyHash):
557         (SourceCodeKeyHashTraits):
558         (JSC::SourceCodeKeyHashTraits::isEmptyValue):
559         (JSC::CodeCache::clear):
560         (CodeCache):
561
562 2013-02-14  Tony Chang  <tony@chromium.org>
563
564         Unreviewed, set svn:eol-style native for .sln, .vcproj, and .vsprops files.
565         https://bugs.webkit.org/show_bug.cgi?id=96934
566
567         * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
568         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
569         * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added property svn:eol-style.
570         * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added property svn:eol-style.
571         * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added property svn:eol-style.
572         * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added property svn:eol-style.
573         * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added property svn:eol-style.
574         * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added property svn:eol-style.
575         * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added property svn:eol-style.
576         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added property svn:eol-style.
577
578 2013-02-14  Tony Chang  <tony@chromium.org>
579
580         Unreviewed, set svn:eol-style CRLF for .sln files.
581
582         * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
583         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
584
585 2013-02-14  David Kilzer  <ddkilzer@apple.com>
586
587         [Mac] Clean up WARNING_CFLAGS
588         <http://webkit.org/b/109747>
589         <rdar://problem/13208373>
590
591         Reviewed by Mark Rowe.
592
593         * Configurations/Base.xcconfig: Use
594         GCC_WARN_64_TO_32_BIT_CONVERSION to enable and disable
595         -Wshorten-64-to-32 rather than WARNING_CFLAGS.
596
597         * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
598         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
599
600 2013-02-13  Anders Carlsson  <andersca@apple.com>
601
602         Better build fix.
603
604         * API/tests/testapi.c:
605         (assertEqualsAsNumber):
606         (main):
607
608 2013-02-13  Roger Fong  <roger_fong@apple.com>
609
610         Unreviewed. Build fix.
611
612         * API/tests/testapi.c:
613         (assertEqualsAsNumber):
614         (main):
615
616 2013-02-13  Oliver Hunt  <oliver@apple.com>
617
618         Yet another build fix
619
620         * bytecode/CodeBlock.cpp:
621         (JSC::CodeBlock::CodeBlock):
622
623 2013-02-13  Zan Dobersek  <zdobersek@igalia.com>
624
625         The 'global isinf/isnan' compiler quirk required when using clang with libstdc++
626         https://bugs.webkit.org/show_bug.cgi?id=109325
627
628         Reviewed by Anders Carlsson.
629
630         Prefix calls to the isinf and isnan methods with std::, declaring we want to use the
631         two methods as they're provided by the C++ standard library being used.
632
633         * API/JSValueRef.cpp:
634         (JSValueMakeNumber):
635         * JSCTypedArrayStubs.h:
636         (JSC):
637         * bytecompiler/BytecodeGenerator.cpp:
638         (JSC::BytecodeGenerator::emitLoad):
639         * dfg/DFGByteCodeParser.cpp:
640         (JSC::DFG::ByteCodeParser::constantNaN):
641         * offlineasm/cloop.rb:
642         * runtime/DateConstructor.cpp:
643         (JSC::dateUTC): Also include an opportunistic style fix.
644         * runtime/DateInstance.cpp:
645         (JSC::DateInstance::calculateGregorianDateTime):
646         (JSC::DateInstance::calculateGregorianDateTimeUTC):
647         * runtime/DatePrototype.cpp:
648         (JSC::dateProtoFuncGetMilliSeconds):
649         (JSC::dateProtoFuncGetUTCMilliseconds):
650         (JSC::setNewValueFromTimeArgs):
651         (JSC::setNewValueFromDateArgs):
652         (JSC::dateProtoFuncSetYear):
653         * runtime/JSCJSValue.cpp:
654         (JSC::JSValue::toInteger):
655         * runtime/JSDateMath.cpp:
656         (JSC::getUTCOffset):
657         (JSC::parseDateFromNullTerminatedCharacters):
658         (JSC::parseDate):
659         * runtime/JSGlobalObjectFunctions.cpp:
660         (JSC::globalFuncIsNaN):
661         * runtime/MathObject.cpp:
662         (JSC::mathProtoFuncMax):
663         (JSC::mathProtoFuncMin):
664         (JSC::mathProtoFuncPow):
665         * runtime/PropertyDescriptor.cpp:
666         (JSC::sameValue):
667
668 2013-02-13  Filip Pizlo  <fpizlo@apple.com>
669
670         Change another use of (SpecCell & ~SpecString) to SpecObject.
671
672         Reviewed by Mark Hahnenberg.
673
674         * dfg/DFGAbstractState.cpp:
675         (JSC::DFG::AbstractState::execute):
676
677 2013-02-13  Filip Pizlo  <fpizlo@apple.com>
678
679         ForwardInt32ToDouble is not in DFG::MinifiedNode's list of relevant node types
680         https://bugs.webkit.org/show_bug.cgi?id=109726
681
682         Reviewed by Mark Hahnenberg.
683         
684         If you add it to the list of relevant node types, you also need to make sure
685         it's listed as either hasChild or one of the other kinds. Otherwise you get
686         an assertion. This is causing test failures in run-javascriptcore-tests.
687
688         * dfg/DFGMinifiedNode.h:
689         (JSC::DFG::MinifiedNode::hasChild):
690
691 2013-02-13  Oliver Hunt  <oliver@apple.com>
692
693         Build fix.
694
695         Rearranged the code somewhat to reduce the number of
696         DFG related ifdefs.
697
698         * bytecode/CodeBlock.cpp:
699         (JSC::CodeBlock::CodeBlock):
700
701 2013-02-13  Filip Pizlo  <fpizlo@apple.com>
702
703         ForwardInt32ToDouble is not in DFG::MinifiedNode's list of relevant node types
704         https://bugs.webkit.org/show_bug.cgi?id=109726
705
706         Reviewed by Gavin Barraclough.
707         
708         This is asymptomatic because ForwardInt32ToDouble is only used in SetLocals, in
709         which case the value is already stored to the stack.  Still, we should fix this.
710
711         * dfg/DFGMinifiedNode.h:
712         (JSC::DFG::belongsInMinifiedGraph):
713
714 2013-02-12  Filip Pizlo  <fpizlo@apple.com>
715
716         DFG LogicalNot/Branch peephole removal and inversion ignores the possibility of things exiting
717         https://bugs.webkit.org/show_bug.cgi?id=109489
718
719         Reviewed by Mark Hahnenberg.
720         
721         If things can exit between the LogicalNot and the Branch then don't peephole.
722
723         * dfg/DFGFixupPhase.cpp:
724         (JSC::DFG::FixupPhase::fixupNode):
725
726 2013-02-13  Oliver Hunt  <oliver@apple.com>
727
728         Remove unnecessary indirection to non-local variable access operations
729         https://bugs.webkit.org/show_bug.cgi?id=109724
730
731         Reviewed by Filip Pizlo.
732
733         Linked bytecode now stores a direct pointer to the resolve operation
734         vectors, so the interpreter no longer needs a bunch of indirection to
735         to perform non-local lookup.
736
737         * bytecode/CodeBlock.cpp:
738         (JSC::CodeBlock::CodeBlock):
739         * bytecode/CodeBlock.h:
740         (CodeBlock):
741         * bytecode/Instruction.h:
742         * dfg/DFGByteCodeParser.cpp:
743         (ByteCodeParser):
744         (InlineStackEntry):
745         (JSC::DFG::ByteCodeParser::parseResolveOperations):
746         (JSC::DFG::ByteCodeParser::parseBlock):
747         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
748         * dfg/DFGCapabilities.h:
749         (JSC::DFG::canInlineOpcode):
750         * dfg/DFGGraph.h:
751         (ResolveGlobalData):
752         (ResolveOperationData):
753         (PutToBaseOperationData):
754         * dfg/DFGSpeculativeJIT.h:
755         * dfg/DFGSpeculativeJIT32_64.cpp:
756         (JSC::DFG::SpeculativeJIT::compile):
757         * dfg/DFGSpeculativeJIT64.cpp:
758         (JSC::DFG::SpeculativeJIT::compile):
759         * jit/JITOpcodes.cpp:
760         (JSC::JIT::emit_op_put_to_base):
761         (JSC::JIT::emit_op_resolve):
762         (JSC::JIT::emitSlow_op_resolve):
763         (JSC::JIT::emit_op_resolve_base):
764         (JSC::JIT::emitSlow_op_resolve_base):
765         (JSC::JIT::emit_op_resolve_with_base):
766         (JSC::JIT::emitSlow_op_resolve_with_base):
767         (JSC::JIT::emit_op_resolve_with_this):
768         (JSC::JIT::emitSlow_op_resolve_with_this):
769         (JSC::JIT::emitSlow_op_put_to_base):
770         * jit/JITOpcodes32_64.cpp:
771         (JSC::JIT::emit_op_put_to_base):
772         * llint/LLIntSlowPaths.cpp:
773         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
774         * llint/LowLevelInterpreter.asm:
775
776 2013-02-13  Zoltan Herczeg  <zherczeg@webkit.org>
777
778         replaceWithJump should not decrease the offset by 1 on ARM traditional.
779         https://bugs.webkit.org/show_bug.cgi?id=109689
780
781         Reviewed by Oliver Hunt.
782
783         * assembler/ARMAssembler.h:
784         (JSC::ARMAssembler::replaceWithJump):
785
786 2013-02-12  Joseph Pecoraro  <pecoraro@apple.com>
787
788         [iOS] Enable PAGE_VISIBILITY_API
789         https://bugs.webkit.org/show_bug.cgi?id=109399
790
791         Reviewed by David Kilzer.
792
793         * Configurations/FeatureDefines.xcconfig:
794
795 2013-02-12  Filip Pizlo  <fpizlo@apple.com>
796
797         Renamed SpecObjectMask to SpecObject.
798
799         Rubber stamped by Mark Hahnenberg.
800         
801         "SpecObjectMask" is a weird name considering that a bunch of the other speculated
802         types are also masks, but don't have "Mask" in the name.
803
804         * bytecode/SpeculatedType.h:
805         (JSC):
806         (JSC::isObjectSpeculation):
807         (JSC::isObjectOrOtherSpeculation):
808         * dfg/DFGAbstractState.cpp:
809         (JSC::DFG::AbstractState::execute):
810         * dfg/DFGPredictionPropagationPhase.cpp:
811         (JSC::DFG::PredictionPropagationPhase::propagate):
812         * dfg/DFGSpeculativeJIT.cpp:
813         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
814         * dfg/DFGSpeculativeJIT32_64.cpp:
815         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
816         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
817         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
818         * dfg/DFGSpeculativeJIT64.cpp:
819         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
820         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
821         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
822
823 2013-02-12  Filip Pizlo  <fpizlo@apple.com>
824
825         DFG CFA doesn't filter precisely enough for CompareStrictEq
826         https://bugs.webkit.org/show_bug.cgi?id=109618
827
828         Reviewed by Mark Hahnenberg.
829         
830         The backend speculates object for this case, but the CFA was filtering on
831         (SpecCell & ~SpecString) | SpecOther.
832
833         * dfg/DFGAbstractState.cpp:
834         (JSC::DFG::AbstractState::execute):
835
836 2013-02-12  Martin Robinson  <mrobinson@igalia.com>
837
838         Fix the gyp build of JavaScriptCore.
839
840         * JavaScriptCore.gypi: Added some missing DFG files to the source list.
841
842 2013-02-12  Sheriff Bot  <webkit.review.bot@gmail.com>
843
844         Unreviewed, rolling out r142387.
845         http://trac.webkit.org/changeset/142387
846         https://bugs.webkit.org/show_bug.cgi?id=109601
847
848         caused all layout and jscore tests on windows to fail
849         (Requested by kling on #webkit).
850
851         * bytecode/UnlinkedCodeBlock.cpp:
852         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
853         * bytecode/UnlinkedCodeBlock.h:
854         (UnlinkedCodeBlock):
855
856 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
857
858         DFG CompareEq optimization should be retuned
859         https://bugs.webkit.org/show_bug.cgi?id=109545
860
861         Reviewed by Mark Hahnenberg.
862         
863         - Made the object-to-object equality case work again by hoisting the if statement
864           for it. Previously, object-to-object equality would be compiled as
865           object-to-object-or-other.
866         
867         - Added AbstractState guards for most of the type checks that the object equality
868           code uses.
869         
870         Looks like a hint of a speed-up on all of the things.
871
872         * dfg/DFGAbstractState.cpp:
873         (JSC::DFG::AbstractState::execute):
874         * dfg/DFGSpeculativeJIT.cpp:
875         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
876         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
877         (JSC::DFG::SpeculativeJIT::compare):
878         * dfg/DFGSpeculativeJIT32_64.cpp:
879         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
880         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
881         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
882         * dfg/DFGSpeculativeJIT64.cpp:
883         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
884         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
885         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
886
887 2013-02-12  Gabor Rapcsanyi  <rgabor@webkit.org>
888
889         JSC asserting with long parameter list functions in debug mode on ARM traditional
890         https://bugs.webkit.org/show_bug.cgi?id=109565
891
892         Reviewed by Zoltan Herczeg.
893
894         Increase the value of sequenceGetByIdSlowCaseInstructionSpace to 80.
895
896         * jit/JIT.h:
897
898 2013-02-11  Oliver Hunt  <oliver@apple.com>
899
900         Make JSC API more NULL tolerant
901         https://bugs.webkit.org/show_bug.cgi?id=109515
902
903         Reviewed by Mark Hahnenberg.
904
905         We do so much marshalling for the C API these days anyway that a single null
906         check isn't a performance issue.  Yet the existing "null is unsafe" behaviour
907         leads to crashes in embedding applications whenever there's an untested code
908         path, so it seems having defined behaviour is superior.
909
910         * API/APICast.h:
911         (toJS):
912         (toJSForGC):
913         * API/JSObjectRef.cpp:
914         (JSObjectIsFunction):
915         (JSObjectCallAsFunction):
916         (JSObjectIsConstructor):
917         (JSObjectCallAsConstructor):
918         * API/tests/testapi.c:
919         (main):
920
921 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
922
923         Unreviewed, adding a FIXME to remind ourselves of a bug.
924         https://bugs.webkit.org/show_bug.cgi?id=109487
925
926         * dfg/DFGSpeculativeJIT.cpp:
927         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
928
929 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
930
931         Strange bug in DFG OSR in JSC
932         https://bugs.webkit.org/show_bug.cgi?id=109491
933
934         Reviewed by Mark Hahnenberg.
935         
936         Int32ToDouble was being injected after a side-effecting operation and before a SetLocal. Anytime we
937         inject something just before a SetLocal we should be aware that the previous operation may have been
938         a side-effect associated with the current code origin. Hence, we should use a forward exit.
939         Int32ToDouble does not do forward exits by default.
940         
941         This patch adds a forward-exiting form of Int32ToDouble, for use in SetLocal Int32ToDouble injections.
942         Changed the CSE and other things to treat these nodes identically, but for the exit strategy to be
943         distinct (Int32ToDouble -> backward, ForwardInt32ToDouble -> forward). The use of the NodeType for
944         signaling exit direction is not "great" but it's what we use in other places already (like
945         ForwardCheckStructure).
946
947         * dfg/DFGAbstractState.cpp:
948         (JSC::DFG::AbstractState::execute):
949         * dfg/DFGCSEPhase.cpp:
950         (JSC::DFG::CSEPhase::int32ToDoubleCSE):
951         (CSEPhase):
952         (JSC::DFG::CSEPhase::performNodeCSE):
953         * dfg/DFGCommon.h:
954         * dfg/DFGFixupPhase.cpp:
955         (JSC::DFG::FixupPhase::fixupNode):
956         (JSC::DFG::FixupPhase::fixDoubleEdge):
957         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
958         * dfg/DFGNode.h:
959         (JSC::DFG::Node::willHaveCodeGenOrOSR):
960         * dfg/DFGNodeType.h:
961         (DFG):
962         * dfg/DFGPredictionPropagationPhase.cpp:
963         (JSC::DFG::PredictionPropagationPhase::propagate):
964         * dfg/DFGSpeculativeJIT.cpp:
965         (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
966         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
967         * dfg/DFGSpeculativeJIT.h:
968         * dfg/DFGSpeculativeJIT32_64.cpp:
969         (JSC::DFG::SpeculativeJIT::compile):
970         * dfg/DFGSpeculativeJIT64.cpp:
971         (JSC::DFG::SpeculativeJIT::compile):
972         * dfg/DFGVariableEventStream.cpp:
973         (JSC::DFG::VariableEventStream::reconstruct):
974
975 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
976
977         NonStringCell and Object are practically the same thing for the purpose of speculation
978         https://bugs.webkit.org/show_bug.cgi?id=109492
979
980         Reviewed by Mark Hahnenberg.
981         
982         Removed isNonStringCellSpeculation, and made all callers use isObjectSpeculation.
983         
984         Changed isNonStringCellOrOtherSpeculation to be isObjectOrOtherSpeculation.
985         
986         I believe this is correct because even weird object types like JSNotAnObject end up
987         being "objects" from the standpoint of our typesystem. Anyway, the assumption that
988         "is cell but not a string" equates to "object" is an assumption that is already made
989         in other places in the system so there's little value in being paranoid about it.
990
991         * bytecode/SpeculatedType.h:
992         (JSC::isObjectSpeculation):
993         (JSC::isObjectOrOtherSpeculation):
994         * dfg/DFGAbstractState.cpp:
995         (JSC::DFG::AbstractState::execute):
996         * dfg/DFGNode.h:
997         (Node):
998         (JSC::DFG::Node::shouldSpeculateObjectOrOther):
999         * dfg/DFGSpeculativeJIT.cpp:
1000         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1001         (JSC::DFG::SpeculativeJIT::compare):
1002         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1003         * dfg/DFGSpeculativeJIT.h:
1004         (SpeculativeJIT):
1005         * dfg/DFGSpeculativeJIT32_64.cpp:
1006         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1007         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1008         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1009         (JSC::DFG::SpeculativeJIT::emitBranch):
1010         (JSC::DFG::SpeculativeJIT::compile):
1011         * dfg/DFGSpeculativeJIT64.cpp:
1012         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1013         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1014         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1015         (JSC::DFG::SpeculativeJIT::emitBranch):
1016         (JSC::DFG::SpeculativeJIT::compile):
1017
1018 2013-02-10  Filip Pizlo  <fpizlo@apple.com>
1019
1020         DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
1021         https://bugs.webkit.org/show_bug.cgi?id=109387
1022
1023         Reviewed by Oliver Hunt and Mark Hahnenberg.
1024         
1025         Lock in the decision to use a non-speculative constant comparison as early as possible
1026         and don't let the CFA change it by folding constants. This might be a performance
1027         penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
1028         the other hand it completely side-steps the unsoundness that the bug speaks of.
1029         
1030         Rolling back in after adding 32-bit path.
1031
1032         * dfg/DFGAbstractState.cpp:
1033         (JSC::DFG::AbstractState::execute):
1034         * dfg/DFGByteCodeParser.cpp:
1035         (JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
1036         (ByteCodeParser):
1037         (JSC::DFG::ByteCodeParser::parseBlock):
1038         * dfg/DFGCSEPhase.cpp:
1039         (JSC::DFG::CSEPhase::performNodeCSE):
1040         * dfg/DFGNodeType.h:
1041         (DFG):
1042         * dfg/DFGPredictionPropagationPhase.cpp:
1043         (JSC::DFG::PredictionPropagationPhase::propagate):
1044         * dfg/DFGSpeculativeJIT.cpp:
1045         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1046         * dfg/DFGSpeculativeJIT32_64.cpp:
1047         (JSC::DFG::SpeculativeJIT::compile):
1048         * dfg/DFGSpeculativeJIT64.cpp:
1049         (JSC::DFG::SpeculativeJIT::compile):
1050
1051 2013-02-10  Filip Pizlo  <fpizlo@apple.com>
1052
1053         DFG TypeOf implementation should have its backend code aligned to what the CFA does
1054         https://bugs.webkit.org/show_bug.cgi?id=109385
1055
1056         Reviewed by Sam Weinig.
1057         
1058         The problem was that if we ended up trying to constant fold, but didn't succeed
1059         because of prediction mismatches, then we would also fail to do filtration.
1060         
1061         Rearranged the control flow in the CFA to fix that.
1062         
1063         As far as I know, this is asymptomatic - it's sort of OK for the CFA to prove less
1064         things, which is what the bug was.
1065
1066         * dfg/DFGAbstractState.cpp:
1067         (JSC::DFG::AbstractState::execute):
1068
1069 2013-02-11  Sheriff Bot  <webkit.review.bot@gmail.com>
1070
1071         Unreviewed, rolling out r142491.
1072         http://trac.webkit.org/changeset/142491
1073         https://bugs.webkit.org/show_bug.cgi?id=109470
1074
1075         broke the 32 bit build (Requested by jessieberlin on #webkit).
1076
1077         * dfg/DFGAbstractState.cpp:
1078         (JSC::DFG::AbstractState::execute):
1079         * dfg/DFGByteCodeParser.cpp:
1080         (JSC::DFG::ByteCodeParser::parseBlock):
1081         * dfg/DFGCSEPhase.cpp:
1082         (JSC::DFG::CSEPhase::performNodeCSE):
1083         * dfg/DFGNodeType.h:
1084         (DFG):
1085         * dfg/DFGPredictionPropagationPhase.cpp:
1086         (JSC::DFG::PredictionPropagationPhase::propagate):
1087         * dfg/DFGSpeculativeJIT.cpp:
1088         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1089         * dfg/DFGSpeculativeJIT64.cpp:
1090         (JSC::DFG::SpeculativeJIT::compile):
1091
1092 2013-02-10  Filip Pizlo  <fpizlo@apple.com>
1093
1094         DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
1095         https://bugs.webkit.org/show_bug.cgi?id=109387
1096
1097         Reviewed by Oliver Hunt.
1098         
1099         Lock in the decision to use a non-speculative constant comparison as early as possible
1100         and don't let the CFA change it by folding constants. This might be a performance
1101         penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
1102         the other hand it completely side-steps the unsoundness that the bug speaks of.
1103
1104         * dfg/DFGAbstractState.cpp:
1105         (JSC::DFG::AbstractState::execute):
1106         * dfg/DFGByteCodeParser.cpp:
1107         (JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
1108         (ByteCodeParser):
1109         (JSC::DFG::ByteCodeParser::parseBlock):
1110         * dfg/DFGCSEPhase.cpp:
1111         (JSC::DFG::CSEPhase::performNodeCSE):
1112         * dfg/DFGNodeType.h:
1113         (DFG):
1114         * dfg/DFGPredictionPropagationPhase.cpp:
1115         (JSC::DFG::PredictionPropagationPhase::propagate):
1116         * dfg/DFGSpeculativeJIT.cpp:
1117         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1118         * dfg/DFGSpeculativeJIT64.cpp:
1119         (JSC::DFG::SpeculativeJIT::compile):
1120
1121 2013-02-11  Csaba Osztrogon√°c  <ossy@webkit.org>
1122
1123         Unreviewed fix after r13954 for !ENABLE(JIT) builds.
1124
1125         * llint/LowLevelInterpreter.cpp:
1126
1127 2013-02-11  Gabor Rapcsanyi  <rgabor@webkit.org>
1128
1129         JSC build failing with verbose debug mode
1130         https://bugs.webkit.org/show_bug.cgi?id=109441
1131
1132         Reviewed by Darin Adler.
1133
1134         Fixing some verbose messages which caused build errors.
1135
1136         * dfg/DFGAbstractState.cpp:
1137         (JSC::DFG::AbstractState::mergeToSuccessors):
1138         * dfg/DFGCFAPhase.cpp:
1139         (JSC::DFG::CFAPhase::performBlockCFA):
1140         * dfg/DFGCSEPhase.cpp:
1141         (JSC::DFG::CSEPhase::setReplacement):
1142         (JSC::DFG::CSEPhase::eliminate):
1143         * dfg/DFGPredictionInjectionPhase.cpp:
1144         (JSC::DFG::PredictionInjectionPhase::run):
1145
1146 2013-02-10  Martin Robinson  <mrobinson@igalia.com>
1147
1148         Fix the GTK+ gyp build
1149
1150         * JavaScriptCore.gypi: Update the source list to accurately
1151         reflect what's in the repository and remove the offsets extractor
1152         from the list of JavaScriptCore files. It's only used to build
1153         the extractor binary.
1154
1155 2013-02-09  Andreas Kling  <akling@apple.com>
1156
1157         Shrink-wrap UnlinkedCodeBlock members.
1158         <http://webkit.org/b/109368>
1159
1160         Reviewed by Oliver Hunt.
1161
1162         Rearrange the members of UnlinkedCodeBlock to avoid unnecessary padding on 64-bit.
1163         Knocks ~600 KB off of the Membuster3 peak.
1164
1165         * bytecode/UnlinkedCodeBlock.cpp:
1166         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1167         * bytecode/UnlinkedCodeBlock.h:
1168         (UnlinkedCodeBlock):
1169
1170 2013-02-08  Filip Pizlo  <fpizlo@apple.com>
1171
1172         DFG should allow phases to break Phi's and then have one phase to rebuild them
1173         https://bugs.webkit.org/show_bug.cgi?id=108414
1174
1175         Reviewed by Mark Hahnenberg.
1176         
1177         Introduces two new DFG forms: LoadStore and ThreadedCPS. These are described in
1178         detail in DFGCommon.h.
1179         
1180         Consequently, DFG phases no longer have to worry about preserving data flow
1181         links between basic blocks. It is generally always safe to request that the
1182         graph be dethreaded (Graph::dethread), which brings it into LoadStore form, where
1183         the data flow is implicit. In this form, only liveness-at-head needs to be
1184         preserved.
1185         
1186         All of the machinery for "threading" the graph to introduce data flow between
1187         blocks is now moved out of the bytecode parser and into the CPSRethreadingPhase.
1188         All phases that previously did this maintenance themselves now just rely on
1189         being able to dethread the graph. The one exception is the structure check
1190         hoising phase, which operates over a threaded graph and preserves it, for the
1191         sake of performance.
1192         
1193         Also moved two other things into their own phases: unification (previously found
1194         in the parser) and prediction injection (previously found in various places).
1195
1196         * CMakeLists.txt:
1197         * GNUmakefile.list.am:
1198         * JavaScriptCore.xcodeproj/project.pbxproj:
1199         * Target.pri:
1200         * bytecode/Operands.h:
1201         (Operands):
1202         (JSC::Operands::sizeFor):
1203         (JSC::Operands::atFor):
1204         * dfg/DFGAbstractState.cpp:
1205         (JSC::DFG::AbstractState::execute):
1206         (JSC::DFG::AbstractState::mergeStateAtTail):
1207         * dfg/DFGAllocator.h:
1208         (JSC::DFG::::allocateSlow):
1209         * dfg/DFGArgumentsSimplificationPhase.cpp:
1210         (JSC::DFG::ArgumentsSimplificationPhase::run):
1211         * dfg/DFGBasicBlockInlines.h:
1212         (DFG):
1213         * dfg/DFGByteCodeParser.cpp:
1214         (JSC::DFG::ByteCodeParser::getLocal):
1215         (JSC::DFG::ByteCodeParser::getArgument):
1216         (JSC::DFG::ByteCodeParser::flushDirect):
1217         (JSC::DFG::ByteCodeParser::parseBlock):
1218         (DFG):
1219         (JSC::DFG::ByteCodeParser::parse):
1220         * dfg/DFGCFGSimplificationPhase.cpp:
1221         (JSC::DFG::CFGSimplificationPhase::run):
1222         (JSC::DFG::CFGSimplificationPhase::killUnreachable):
1223         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
1224         (CFGSimplificationPhase):
1225         (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
1226         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1227         * dfg/DFGCPSRethreadingPhase.cpp: Added.
1228         (DFG):
1229         (CPSRethreadingPhase):
1230         (JSC::DFG::CPSRethreadingPhase::CPSRethreadingPhase):
1231         (JSC::DFG::CPSRethreadingPhase::run):
1232         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
1233         (JSC::DFG::CPSRethreadingPhase::clearVariablesAtHeadAndTail):
1234         (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
1235         (JSC::DFG::CPSRethreadingPhase::addPhi):
1236         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
1237         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
1238         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetLocal):
1239         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
1240         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
1241         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
1242         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
1243         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
1244         (JSC::DFG::CPSRethreadingPhase::propagatePhis):
1245         (JSC::DFG::CPSRethreadingPhase::PhiStackEntry::PhiStackEntry):
1246         (PhiStackEntry):
1247         (JSC::DFG::CPSRethreadingPhase::phiStackFor):
1248         (JSC::DFG::performCPSRethreading):
1249         * dfg/DFGCPSRethreadingPhase.h: Added.
1250         (DFG):
1251         * dfg/DFGCSEPhase.cpp:
1252         (CSEPhase):
1253         (JSC::DFG::CSEPhase::performNodeCSE):
1254         * dfg/DFGCommon.cpp:
1255         (WTF):
1256         (WTF::printInternal):
1257         * dfg/DFGCommon.h:
1258         (JSC::DFG::logCompilationChanges):
1259         (DFG):
1260         (WTF):
1261         * dfg/DFGConstantFoldingPhase.cpp:
1262         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1263         * dfg/DFGDriver.cpp:
1264         (JSC::DFG::compile):
1265         * dfg/DFGGraph.cpp:
1266         (JSC::DFG::Graph::Graph):
1267         (JSC::DFG::Graph::dump):
1268         (JSC::DFG::Graph::dethread):
1269         (JSC::DFG::Graph::collectGarbage):
1270         * dfg/DFGGraph.h:
1271         (JSC::DFG::Graph::performSubstitution):
1272         (Graph):
1273         (JSC::DFG::Graph::performSubstitutionForEdge):
1274         (JSC::DFG::Graph::convertToConstant):
1275         * dfg/DFGNode.h:
1276         (JSC::DFG::Node::convertToPhantomLocal):
1277         (Node):
1278         (JSC::DFG::Node::convertToGetLocal):
1279         (JSC::DFG::Node::hasVariableAccessData):
1280         * dfg/DFGNodeType.h:
1281         (DFG):
1282         * dfg/DFGPhase.cpp:
1283         (JSC::DFG::Phase::beginPhase):
1284         * dfg/DFGPhase.h:
1285         (JSC::DFG::runAndLog):
1286         * dfg/DFGPredictionInjectionPhase.cpp: Added.
1287         (DFG):
1288         (PredictionInjectionPhase):
1289         (JSC::DFG::PredictionInjectionPhase::PredictionInjectionPhase):
1290         (JSC::DFG::PredictionInjectionPhase::run):
1291         (JSC::DFG::performPredictionInjection):
1292         * dfg/DFGPredictionInjectionPhase.h: Added.
1293         (DFG):
1294         * dfg/DFGPredictionPropagationPhase.cpp:
1295         (JSC::DFG::PredictionPropagationPhase::run):
1296         (JSC::DFG::PredictionPropagationPhase::propagate):
1297         * dfg/DFGSpeculativeJIT32_64.cpp:
1298         (JSC::DFG::SpeculativeJIT::compile):
1299         * dfg/DFGSpeculativeJIT64.cpp:
1300         (JSC::DFG::SpeculativeJIT::compile):
1301         * dfg/DFGStructureCheckHoistingPhase.cpp:
1302         (JSC::DFG::StructureCheckHoistingPhase::run):
1303         * dfg/DFGUnificationPhase.cpp: Added.
1304         (DFG):
1305         (UnificationPhase):
1306         (JSC::DFG::UnificationPhase::UnificationPhase):
1307         (JSC::DFG::UnificationPhase::run):
1308         (JSC::DFG::performUnification):
1309         * dfg/DFGUnificationPhase.h: Added.
1310         (DFG):
1311         * dfg/DFGValidate.cpp:
1312         (JSC::DFG::Validate::validate):
1313         (JSC::DFG::Validate::dumpGraphIfAppropriate):
1314         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1315         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1316         * llint/LLIntSlowPaths.cpp:
1317         (JSC::LLInt::setUpCall):
1318         * runtime/JSCJSValue.cpp:
1319         (JSC::JSValue::dump):
1320         * runtime/JSString.h:
1321         (JSString):
1322         * runtime/Options.h:
1323         (JSC):
1324
1325 2013-02-08  Jer Noble  <jer.noble@apple.com>
1326
1327         Bring WebKit up to speed with latest Encrypted Media spec.
1328         https://bugs.webkit.org/show_bug.cgi?id=97037
1329
1330         Reviewed by Eric Carlson.
1331
1332         Define the ENABLE_ENCRYPTED_MEDIA_V2 setting.
1333
1334         * Configurations/FeatureDefines.xcconfig:
1335
1336 2013-02-08  Gavin Barraclough  <barraclough@apple.com>
1337
1338         Objective-C API for JavaScriptCore
1339         https://bugs.webkit.org/show_bug.cgi?id=105889
1340
1341         Reviewed by Joseph Pecoraro
1342
1343         Following up on review comments, mostly typos.
1344
1345         * API/JSBlockAdaptor.h:
1346         * API/JSBlockAdaptor.mm:
1347         (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
1348         * API/JSContext.h:
1349         * API/JSExport.h:
1350         * API/JSValue.h:
1351         * API/JSValue.mm:
1352         * API/JSWrapperMap.mm:
1353         (selectorToPropertyName):
1354         (-[JSWrapperMap classInfoForClass:]):
1355         (-[JSWrapperMap wrapperForObject:]):
1356
1357 2013-02-08  Martin Robinson  <mrobinson@igalia.com>
1358
1359         [GTK] Add an experimental gyp build
1360         https://bugs.webkit.org/show_bug.cgi?id=109003
1361
1362         Reviewed by Gustavo Noronha Silva.
1363
1364         * JavaScriptCore.gypi: Update the list of source files to include those
1365         necessary for the GTK+ build.
1366
1367 2013-02-08  Andreas Kling  <akling@apple.com>
1368
1369         JSC: Lower minimum PropertyTable size.
1370         <http://webkit.org/b/109247>
1371
1372         Reviewed by Darin Adler.
1373
1374         Lower the minimum table size for PropertyTable from 16 to 8.
1375         3.32 MB progression on Membuster3 (a ~13% reduction in memory used by PropertyTables.)
1376
1377         * runtime/PropertyMapHashTable.h:
1378         (PropertyTable):
1379         (JSC::PropertyTable::sizeForCapacity):
1380
1381 2013-02-07  Roger Fong  <roger_fong@apple.com>
1382
1383         Unreviewed. More VS2010 WebKit solution touchups.
1384         Make JavaScriptCoreExports.def.in be treated as a custom build file so that changes to it cause the exports to be rebuilt.
1385
1386         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
1387         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
1388         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
1389
1390 2013-02-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1391
1392         Objective-C API: testapi.mm should use ARC
1393         https://bugs.webkit.org/show_bug.cgi?id=107838
1394
1395         Reviewed by Mark Rowe.
1396
1397         Removing the changes to the Xcode project file and moving the equivalent flags into 
1398         the ToolExecutable xcconfig file.
1399
1400         * Configurations/ToolExecutable.xcconfig:
1401         * JavaScriptCore.xcodeproj/project.pbxproj:
1402
1403 2013-02-07  Brent Fulgham  <bfulgham@webkit.org>
1404
1405         [Windows] Unreviewed Visual Studio 2010 build fixes after r142179.
1406
1407         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Correct changed symbols
1408         * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Removed autogenerated file.
1409
1410 2013-02-05  Filip Pizlo  <fpizlo@apple.com>
1411
1412         DFG::ByteCodeParser should do surgical constant folding to reduce load on the optimization fixpoint
1413         https://bugs.webkit.org/show_bug.cgi?id=109000
1414
1415         Reviewed by Oliver Hunt.
1416         
1417         Previously our source parser's ASTBuilder did some surgical constant folding, but it
1418         didn't cover some cases.  It was particularly incapable of doing constant folding for
1419         cases where we do some minimal loop peeling in the bytecode generator - since it
1420         didn't "see" those constants prior to the peeling.  Example:
1421
1422         for (var i = 0; i < 4; ++i)
1423             things;
1424
1425         This will get peeled just a bit by the bytecode generator, so that the "i < 4" is
1426         duplicated both at the top of the loop and the bottom.  This means that we have a
1427         constant comparison: "0 < 4", which the bytecode generator emits without any further
1428         thought.
1429
1430         The DFG optimization fixpoint of course folds this and simplifies the CFG 
1431         accordingly, but this incurs a compile-time cost.  The purpose of this change is to
1432         do some surgical constant folding in the DFG's bytecode parser, so that such
1433         constructs reduce load on the CFG simplifier and the optimization fixpoint.  The goal
1434         is not to cover all cases, since the DFG CFA and CFG simplifier have a powerful
1435         sparse conditional constant propagation that we can always fall back on. Instead the
1436         goal is to cover enough cases that for common small functions we don't have to
1437         perform such transformations, thereby reducing compile times.
1438         
1439         This also refactors m_inlineStackEntry->m_inlineCallFrame to be a handy method call
1440         and also adds the notion of a TriState-based JSValue::pureToBoolean(). Both of these
1441         things are used by the folder.
1442         
1443         As well, care has been taken to make sure that the bytecode parser only does folding
1444         that is statically provable, and that doesn't arise out of speculation. This means
1445         we cannot fold on data flow that crosses inlining boundaries. On the other hand, the
1446         folding that the bytecode parser uses doesn't require phantoming anything. Such is
1447         the trade-off: for anything that we do need phantoming, we defer it to the
1448         optimization fixpoint.
1449         
1450         Slight SunSpider speed-up.
1451
1452         * dfg/DFGByteCodeParser.cpp:
1453         (JSC::DFG::ByteCodeParser::get):
1454         (JSC::DFG::ByteCodeParser::getLocal):
1455         (JSC::DFG::ByteCodeParser::setLocal):
1456         (JSC::DFG::ByteCodeParser::flushDirect):
1457         (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
1458         (JSC::DFG::ByteCodeParser::toInt32):
1459         (ByteCodeParser):
1460         (JSC::DFG::ByteCodeParser::inlineCallFrame):
1461         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
1462         (JSC::DFG::ByteCodeParser::canFold):
1463         (JSC::DFG::ByteCodeParser::handleInlining):
1464         (JSC::DFG::ByteCodeParser::getScope):
1465         (JSC::DFG::ByteCodeParser::parseResolveOperations):
1466         (JSC::DFG::ByteCodeParser::parseBlock):
1467         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1468         * dfg/DFGNode.h:
1469         (JSC::DFG::Node::isStronglyProvedConstantIn):
1470         (Node):
1471         * runtime/JSCJSValue.h:
1472         * runtime/JSCJSValueInlines.h:
1473         (JSC::JSValue::pureToBoolean):
1474         (JSC):
1475
1476 2013-02-07  Zoltan Herczeg  <zherczeg@webkit.org>
1477
1478         Invalid code is generated for storing constants with baseindex addressing modes on ARM traditional.
1479         https://bugs.webkit.org/show_bug.cgi?id=109050
1480
1481         Reviewed by Oliver Hunt.
1482
1483         The S! scratch register is reused, but it should contain the constant value.
1484
1485         * assembler/ARMAssembler.cpp:
1486         (JSC::ARMAssembler::baseIndexTransfer32):
1487         (JSC::ARMAssembler::baseIndexTransfer16):
1488
1489 2013-02-07  Andras Becsi  <andras.becsi@digia.com>
1490
1491         [Qt] Use GNU ar's thin archive format for intermediate static libs
1492         https://bugs.webkit.org/show_bug.cgi?id=109052
1493
1494         Reviewed by Jocelyn Turcotte.
1495
1496         Adjust project files that used activeBuildConfig()
1497         to use targetSubDir().
1498
1499         * JavaScriptCore.pri:
1500         * LLIntOffsetsExtractor.pro:
1501         * Target.pri:
1502
1503 2013-02-06  Roger Fong  <roger_fong@apple.com>
1504
1505         Unreviewed. Touchups to VS2010 WebKit solution.
1506         Fix an export generator script, modify some property sheets, add resouce file.
1507
1508         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
1509         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
1510         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
1511         * JavaScriptCore.vcxproj/resource.h: Added.
1512
1513 2013-02-06  Ilya Tikhonovsky  <loislo@chromium.org>
1514
1515         Web Inspector: Native Memory Instrumentation: assign class name to the heap graph node automatically
1516         https://bugs.webkit.org/show_bug.cgi?id=107262
1517
1518         Reviewed by Yury Semikhatsky.
1519
1520         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1521
1522 2013-02-06  Mike West  <mkwst@chromium.org>
1523
1524         Add an ENABLE_NOSNIFF feature flag.
1525         https://bugs.webkit.org/show_bug.cgi?id=109029
1526
1527         Reviewed by Jochen Eisinger.
1528
1529         This new flag will control the behavior of 'X-Content-Type-Options: nosniff'
1530         when processing script and other resource types.
1531
1532         * Configurations/FeatureDefines.xcconfig:
1533
1534 2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
1535
1536         put_to_base should emit a Phantom for "value" across the ForceOSRExit
1537         https://bugs.webkit.org/show_bug.cgi?id=108998
1538
1539         Reviewed by Oliver Hunt.
1540
1541         Otherwise, the OSR exit compiler could clobber it, which would lead to badness.
1542
1543         * bytecode/CodeBlock.cpp:
1544         (JSC::CodeBlock::tallyFrequentExitSites): Build fixes for when DFG debug logging is enabled.
1545         * dfg/DFGByteCodeParser.cpp:
1546         (JSC::DFG::ByteCodeParser::parseBlock): Added extra Phantoms for the "value" field where needed.
1547         * dfg/DFGSpeculativeJIT.cpp:
1548         (JSC::DFG::SpeculativeJIT::compile): Ditto.
1549
1550 2013-02-05  Michael Saboff  <msaboff@apple.com>
1551
1552         Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled
1553         https://bugs.webkit.org/show_bug.cgi?id=108991
1554
1555         Reviewed by Oliver Hunt.
1556
1557         Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location
1558         may step on calleeGPR is it happen to be nonArgGPR2.
1559
1560         * dfg/DFGRepatch.cpp:
1561         (JSC::DFG::dfgLinkClosureCall):
1562
1563 2013-02-05  Roger Fong  <roger_fong@apple.com>
1564
1565         Add a JavaScriptCore Export Generator project.
1566         https://bugs.webkit.org/show_bug.cgi?id=108971.
1567
1568         Reviewed by Brent Fulgham.
1569
1570         * JavaScriptCore.vcxproj/JavaScriptCore.sln:
1571         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1572         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1573         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1574         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Added.
1575         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Added.
1576         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Added.
1577         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.user: Added.
1578         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Added.
1579         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Added.
1580         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Added.
1581         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Added.
1582         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Added.
1583         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Added.
1584         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Added.
1585
1586 2013-02-04  Filip Pizlo  <fpizlo@apple.com>
1587
1588         DFG should have a precise view of jump targets
1589         https://bugs.webkit.org/show_bug.cgi?id=108868
1590
1591         Reviewed by Oliver Hunt.
1592         
1593         Previously, the DFG relied entirely on the CodeBlock's jump targets list for
1594         determining when to break basic blocks. This worked great, except sometimes it
1595         would be too conservative since the CodeBlock just says where the bytecode
1596         generator inserted labels.
1597         
1598         This change keeps the old jump target list in CodeBlock since it is still
1599         valuable to the baseline JIT, but switches the DFG to use its own jump target
1600         calculator. This ought to reduce pressure on the DFG simplifier, which would
1601         previously do a lot of work to try to merge redundantly created basic blocks.
1602         It appears to be a 1% progression on SunSpider.
1603
1604         * CMakeLists.txt:
1605         * GNUmakefile.list.am:
1606         * JavaScriptCore.xcodeproj/project.pbxproj:
1607         * Target.pri:
1608         * bytecode/PreciseJumpTargets.cpp: Added.
1609         (JSC):
1610         (JSC::addSimpleSwitchTargets):
1611         (JSC::computePreciseJumpTargets):
1612         * bytecode/PreciseJumpTargets.h: Added.
1613         (JSC):
1614         * dfg/DFGByteCodeParser.cpp:
1615         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1616
1617 2013-02-01  Roger Fong  <roger_fong@apple.com>
1618
1619         Make ConfigurationBuildDir include directories precede WebKitLibraries in JSC.
1620         https://bugs.webkit.org/show_bug.cgi?id=108693.
1621
1622         Rubberstamped by Timothy Horton.
1623
1624         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1625
1626 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1627
1628         Structure::m_outOfLineCapacity is unnecessary
1629         https://bugs.webkit.org/show_bug.cgi?id=108206
1630
1631         Reviewed by Darin Adler.
1632
1633         Simplifying the utility functions that we use since we don't need a 
1634         bunch of fancy templates for this one specific call site.
1635
1636         * runtime/Structure.h:
1637         (JSC::Structure::outOfLineCapacity):
1638
1639 2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
1640
1641         Objective-C API: testapi.mm should use ARC
1642         https://bugs.webkit.org/show_bug.cgi?id=107838
1643
1644         Reviewed by Oliver Hunt.
1645
1646         In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs.
1647         We should enable ARC, since that is what most of our clients will be using. We use Xcode project 
1648         settings to make sure we don't try to compile ARC on 32-bit.
1649
1650         * API/tests/testapi.mm:
1651         (+[TestObject testObject]):
1652         (testObjectiveCAPI):
1653         * JavaScriptCore.xcodeproj/project.pbxproj:
1654
1655 2013-02-05  Brent Fulgham  <bfulgham@webkit.org>
1656
1657         [Windows] Unreviewed VS2010 Build Correction after r141651
1658
1659         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing
1660         StructureRareData.h and StructureRareData.cpp files.
1661         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
1662
1663 2013-02-05  Michael Saboff  <msaboff@apple.com>
1664
1665         r141788 won't build due to not having all changes needed by Node* change
1666         https://bugs.webkit.org/show_bug.cgi?id=108944
1667
1668         Reviewed by David Kilzer.
1669
1670         Fixed three instances of integerResult(..., m_compileIndex) to be integerResult(..., node).
1671
1672         * dfg/DFGSpeculativeJIT.cpp:
1673         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1674         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1675
1676 2013-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
1677
1678         Unreviewed, rolling out r141809.
1679         http://trac.webkit.org/changeset/141809
1680         https://bugs.webkit.org/show_bug.cgi?id=108860
1681
1682         ARC isn't supported on 32-bit. (Requested by mhahnenberg on
1683         #webkit).
1684
1685         * API/tests/testapi.mm:
1686         (+[TestObject testObject]):
1687         (testObjectiveCAPI):
1688         * JavaScriptCore.xcodeproj/project.pbxproj:
1689
1690 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1691
1692         Objective-C API: testapi.mm should use ARC
1693         https://bugs.webkit.org/show_bug.cgi?id=107838
1694
1695         Reviewed by Oliver Hunt.
1696
1697         In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs. 
1698         We should enable ARC, since that is what most of our clients will be using.
1699
1700         * API/tests/testapi.mm:
1701         (-[TestObject init]):
1702         (-[TestObject dealloc]):
1703         (+[TestObject testObject]):
1704         (testObjectiveCAPI):
1705         * JavaScriptCore.xcodeproj/project.pbxproj:
1706
1707 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1708
1709         Objective-C API: ObjCCallbackFunction should retain the target of its NSInvocation
1710         https://bugs.webkit.org/show_bug.cgi?id=108843
1711
1712         Reviewed by Darin Adler.
1713
1714         Currently, ObjCCallbackFunction doesn't retain the target of its NSInvocation. It needs to do 
1715         this to prevent crashes when trying to invoke a callback later on.
1716
1717         * API/ObjCCallbackFunction.mm:
1718         (ObjCCallbackFunction::ObjCCallbackFunction):
1719         (ObjCCallbackFunction::~ObjCCallbackFunction):
1720
1721 2013-02-04  Martin Robinson  <mrobinson@igalia.com>
1722
1723         Fix GTK+ 'make dist' in preparation for the 1.11.5 release.
1724
1725         * GNUmakefile.list.am: Update the source lists.
1726
1727 2013-02-04  Michael Saboff  <msaboff@apple.com>
1728
1729         For ARMv7s use integer divide instruction for divide and modulo when possible
1730         https://bugs.webkit.org/show_bug.cgi?id=108840
1731
1732         Reviewed in person by Filip Pizlo.
1733
1734         Added ARMv7s integer divide path for ArithDiv and ArithMod where operands and results are integer.
1735         This is patterned after the similar code for X86.  Also added modulo power of 2 optimization
1736         that uses logical and.  Added sdiv and udiv to the ARMv7 disassembler.  Put all the changes
1737         behind #if CPU(APPLE_ARMV7S). 
1738
1739         * assembler/ARMv7Assembler.h:
1740         (ARMv7Assembler):
1741         (JSC::ARMv7Assembler::sdiv):
1742         (JSC::ARMv7Assembler::udiv):
1743         * dfg/DFGCommon.h:
1744         (JSC::DFG::isARMv7s):
1745         * dfg/DFGFixupPhase.cpp:
1746         (JSC::DFG::FixupPhase::fixupNode):
1747         * dfg/DFGSpeculativeJIT.cpp:
1748         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1749         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1750         * dfg/DFGSpeculativeJIT.h:
1751         (SpeculativeJIT):
1752         * dfg/DFGSpeculativeJIT32_64.cpp:
1753         (JSC::DFG::SpeculativeJIT::compile):
1754
1755 2013-02-04  David Kilzer  <ddkilzer@apple.com>
1756
1757         Check PrivateHeaders/JSBasePrivate.h for inappropriate macros
1758         <http://webkit.org/b/108749>
1759
1760         Reviewed by Joseph Pecoraro.
1761
1762         * JavaScriptCore.xcodeproj/project.pbxproj: Add
1763         PrivateHeaders/JSBasePrivate.h to list of headers to check in
1764         "Check for Inappropriate Macros in External Headers" build phase
1765         script.
1766
1767 2013-02-04  David Kilzer  <ddkilzer@apple.com>
1768
1769         Remove duplicate entries from JavaScriptCore Xcode project
1770
1771             $ uniq Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | diff -u - Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | patch -p0 -R
1772             patching file Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
1773
1774         * JavaScriptCore.xcodeproj/project.pbxproj: Remove duplicates.
1775
1776 2013-02-04  David Kilzer  <ddkilzer@apple.com>
1777
1778         Sort JavaScriptCore Xcode project file
1779
1780         * JavaScriptCore.xcodeproj/project.pbxproj:
1781
1782 2013-02-03  David Kilzer  <ddkilzer@apple.com>
1783
1784         Upstream ENABLE_PDFKIT_PLUGIN settting
1785         <http://webkit.org/b/108792>
1786
1787         Reviewed by Tim Horton.
1788
1789         * Configurations/FeatureDefines.xcconfig: Disable PDFKIT_PLUGIN
1790         on iOS since PDFKit is a Mac-only framework.
1791
1792 2013-02-02  Andreas Kling  <akling@apple.com>
1793
1794         Vector should consult allocator about ideal size when choosing capacity.
1795         <http://webkit.org/b/108410>
1796         <rdar://problem/13124002>
1797
1798         Reviewed by Benjamin Poulain.
1799
1800         Remove assertion about Vector capacity that won't hold anymore since capacity()
1801         may not be what you passed to reserveCapacity().
1802         Also export WTF::fastMallocGoodSize() for Windows builds.
1803
1804         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1805         * bytecode/CodeBlock.cpp:
1806         (JSC::CodeBlock::CodeBlock):
1807
1808 2013-02-02  Patrick Gansterer  <paroga@webkit.org>
1809
1810         [CMake] Adopt the WinCE port to new CMake
1811         https://bugs.webkit.org/show_bug.cgi?id=108754
1812
1813         Reviewed by Laszlo Gombos.
1814
1815         * os-win32/WinMain.cpp: Removed.
1816         * shell/PlatformWinCE.cmake: Removed.
1817
1818 2013-02-02  Mark Rowe  <mrowe@apple.com>
1819
1820         <http://webkit.org/b/108745> WTF shouldn't use a script build phase to detect the presence of headers when the compiler can do it for us
1821
1822         Reviewed by Sam Weinig.
1823
1824         * DerivedSources.make: Remove an obsolete Makefile rule. This should have been removed when the use
1825         of the generated file moved to WTF.
1826
1827 2013-02-02  David Kilzer  <ddkilzer@apple.com>
1828
1829         Upstream iOS FeatureDefines
1830         <http://webkit.org/b/108753>
1831
1832         Reviewed by Anders Carlsson.
1833
1834         * Configurations/FeatureDefines.xcconfig:
1835         - ENABLE_DEVICE_ORIENTATION: Add iOS configurations.
1836         - ENABLE_PLUGIN_PROXY_FOR_VIDEO: Ditto.
1837         - FEATURE_DEFINES: Add ENABLE_PLUGIN_PROXY_FOR_VIDEO.  Add
1838           PLATFORM_NAME variant to reduce future merge conflicts. 
1839
1840 2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1841
1842         Structure::m_enumerationCache should be moved to StructureRareData
1843         https://bugs.webkit.org/show_bug.cgi?id=108723
1844
1845         Reviewed by Oliver Hunt.
1846
1847         m_enumerationCache is only used by objects whose properties are iterated over, so not every Structure needs this 
1848         field and it can therefore be moved safely to StructureRareData to help with memory savings.
1849
1850         * runtime/JSPropertyNameIterator.h:
1851         (JSPropertyNameIterator):
1852         (JSC::Register::propertyNameIterator):
1853         (JSC::StructureRareData::enumerationCache): Add to JSPropertyNameIterator.h so that it can see the correct type.
1854         (JSC::StructureRareData::setEnumerationCache): Ditto.
1855         * runtime/Structure.cpp:
1856         (JSC::Structure::addPropertyWithoutTransition): Use the enumerationCache() getter rather than accessing the field.
1857         (JSC::Structure::removePropertyWithoutTransition): Ditto.
1858         (JSC::Structure::visitChildren): We no longer have to worry about marking the m_enumerationCache field.
1859         * runtime/Structure.h: 
1860         (JSC::Structure::setEnumerationCache): Move the old accessors back since we don't have to have any knowledge of 
1861         the JSPropertyNameIterator type.
1862         (JSC::Structure::enumerationCache): Ditto.
1863         * runtime/StructureRareData.cpp:
1864         (JSC::StructureRareData::visitChildren): Mark the new m_enumerationCache field.
1865         * runtime/StructureRareData.h: Add new functions/fields.
1866         (StructureRareData):
1867
1868 2013-02-01  Roger Fong  <roger_fong@apple.com>
1869
1870         Unreviewed. JavaScriptCore VS2010 project cleanup.
1871
1872         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1873         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1874         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1875         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1876
1877 2013-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1878
1879         Unreviewed, rolling out r141662.
1880         http://trac.webkit.org/changeset/141662
1881         https://bugs.webkit.org/show_bug.cgi?id=108738
1882
1883         it's an incorrect change since processPhiStack will
1884         dereference dangling BasicBlock pointers (Requested by pizlo
1885         on #webkit).
1886
1887         * dfg/DFGByteCodeParser.cpp:
1888         (JSC::DFG::ByteCodeParser::parse):
1889
1890 2013-02-01  Filip Pizlo  <fpizlo@apple.com>
1891
1892         Eliminate dead blocks sooner in the DFG::ByteCodeParser to make clear that you don't need to hold onto them during Phi construction
1893         https://bugs.webkit.org/show_bug.cgi?id=108717
1894
1895         Reviewed by Mark Hahnenberg.
1896         
1897         I think this makes the code clearer. It doesn't change behavior.
1898
1899         * dfg/DFGByteCodeParser.cpp:
1900         (JSC::DFG::ByteCodeParser::parse):
1901
1902 2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1903
1904         Structure should have a StructureRareData field to save space
1905         https://bugs.webkit.org/show_bug.cgi?id=108659
1906
1907         Reviewed by Oliver Hunt.
1908
1909         Many of the fields in Structure are used in a subset of all total Structures; however, all Structures must 
1910         pay the memory cost of those fields, regardless of whether they use them or not. Since we can have potentially 
1911         many Structures on a single page (e.g. bing.com creates ~1500 Structures), it would be profitable to 
1912         refactor Structure so that not every Structure has to pay the memory costs for these infrequently used fields.
1913
1914         To accomplish this, we can create a new StructureRareData class to house these seldom used fields which we 
1915         can allocate on demand whenever a Structure requires it. This StructureRareData can itself be a JSCell, and 
1916         can do all the marking of the fields for the Structure. The StructureRareData field will be part of a union 
1917         with m_previous to minimize overhead. We'll add a new field to JSTypeInfo to indicate that the Structure has 
1918         a StructureRareData field. During transitions, a Structure will clone its previous Structure's StructureRareData 
1919         if it has one. There could be some potential for optimizing this process, but the initial implementation will 
1920         be dumb since we'd be paying these overhead costs for each Structure anyways.
1921
1922         Initially we'll only put two fields in the StructureRareData to avoid a memory regression. Over time we'll 
1923         continue to move fields from Structure to StructureRareData. Optimistically, this could potentially reduce our 
1924         Structure memory footprint by up to around 75%. It could also clear the way for removing destructors from 
1925         Structures (and into StructureRareData).
1926
1927         * CMakeLists.txt:
1928         * GNUmakefile.list.am:
1929         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1930         * JavaScriptCore.xcodeproj/project.pbxproj:
1931         * Target.pri:
1932         * dfg/DFGRepatch.cpp: Includes for linking purposes.
1933         * jit/JITStubs.cpp:
1934         * jsc.cpp:
1935         * llint/LLIntSlowPaths.cpp:
1936         * runtime/JSCellInlines.h: Added ifdef guards.
1937         * runtime/JSGlobalData.cpp: New Structure for StructureRareData class.
1938         (JSC::JSGlobalData::JSGlobalData):
1939         * runtime/JSGlobalData.h:
1940         (JSGlobalData):
1941         * runtime/JSGlobalObject.h:
1942         * runtime/JSTypeInfo.h: New flag to indicate whether or not a Structure has a StructureRareData field.
1943         (JSC::TypeInfo::flags):
1944         (JSC::TypeInfo::structureHasRareData):
1945         * runtime/ObjectPrototype.cpp:
1946         * runtime/Structure.cpp: We use a combined WriteBarrier<JSCell> field m_previousOrRareData to avoid compiler issues.
1947         (JSC::Structure::dumpStatistics):
1948         (JSC::Structure::Structure): 
1949         (JSC::Structure::materializePropertyMap):
1950         (JSC::Structure::addPropertyTransition):
1951         (JSC::Structure::nonPropertyTransition):
1952         (JSC::Structure::pin):
1953         (JSC::Structure::allocateRareData): Handles allocating a brand new StructureRareData field.
1954         (JSC::Structure::cloneRareDataFrom): Handles cloning a StructureRareData field from another. Used during Structure 
1955         transitions.
1956         (JSC::Structure::visitChildren): We no longer have to worry about marking m_objectToStringValue.
1957         * runtime/Structure.h:
1958         (JSC::Structure::previousID): Checks the structureHasRareData flag to see where it should get the previous Structure.
1959         (JSC::Structure::objectToStringValue): Reads the value from the StructureRareData. If it doesn't exist, returns 0.
1960         (JSC::Structure::setObjectToStringValue): Ensures that we have a StructureRareData field, then forwards the function 
1961         call to it.
1962         (JSC::Structure::materializePropertyMapIfNecessary):
1963         (JSC::Structure::setPreviousID): Checks for StructureRareData and forwards if necessary.
1964         (Structure):
1965         (JSC::Structure::clearPreviousID): Ditto.
1966         (JSC::Structure::create):
1967         * runtime/StructureRareData.cpp: Added. All of the basic functionality of a JSCell with the fields that we've moved 
1968         from Structure and the functions required to access/modify those fields as Structure would have done.
1969         (JSC):
1970         (JSC::StructureRareData::createStructure):
1971         (JSC::StructureRareData::create):
1972         (JSC::StructureRareData::clone):
1973         (JSC::StructureRareData::StructureRareData):
1974         (JSC::StructureRareData::visitChildren):
1975         * runtime/StructureRareData.h: Added.
1976         (JSC):
1977         (StructureRareData):
1978         * runtime/StructureRareDataInlines.h: Added.
1979         (JSC):
1980         (JSC::StructureRareData::previousID):
1981         (JSC::StructureRareData::setPreviousID):
1982         (JSC::StructureRareData::clearPreviousID):
1983         (JSC::Structure::previous): Handles the ugly casting to get the value of the right type of m_previousOrRareData.
1984         (JSC::Structure::rareData): Ditto.
1985         (JSC::StructureRareData::objectToStringValue):
1986         (JSC::StructureRareData::setObjectToStringValue):
1987
1988         * CMakeLists.txt:
1989         * GNUmakefile.list.am:
1990         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1991         * JavaScriptCore.xcodeproj/project.pbxproj:
1992         * Target.pri:
1993         * dfg/DFGRepatch.cpp:
1994         * jit/JITStubs.cpp:
1995         * jsc.cpp:
1996         * llint/LLIntSlowPaths.cpp:
1997         * runtime/JSCellInlines.h:
1998         * runtime/JSGlobalData.cpp:
1999         (JSC::JSGlobalData::JSGlobalData):
2000         * runtime/JSGlobalData.h:
2001         (JSGlobalData):
2002         * runtime/JSGlobalObject.h:
2003         * runtime/JSTypeInfo.h:
2004         (JSC):
2005         (JSC::TypeInfo::flags):
2006         (JSC::TypeInfo::structureHasRareData):
2007         * runtime/ObjectPrototype.cpp:
2008         * runtime/Structure.cpp:
2009         (JSC::Structure::dumpStatistics):
2010         (JSC::Structure::Structure):
2011         (JSC::Structure::materializePropertyMap):
2012         (JSC::Structure::addPropertyTransition):
2013         (JSC::Structure::nonPropertyTransition):
2014         (JSC::Structure::pin):
2015         (JSC::Structure::allocateRareData):
2016         (JSC):
2017         (JSC::Structure::cloneRareDataFrom):
2018         (JSC::Structure::visitChildren):
2019         * runtime/Structure.h:
2020         (JSC::Structure::previousID):
2021         (JSC::Structure::objectToStringValue):
2022         (JSC::Structure::setObjectToStringValue):
2023         (JSC::Structure::materializePropertyMapIfNecessary):
2024         (JSC::Structure::setPreviousID):
2025         (Structure):
2026         (JSC::Structure::clearPreviousID):
2027         (JSC::Structure::previous):
2028         (JSC::Structure::rareData):
2029         (JSC::Structure::create):
2030         * runtime/StructureRareData.cpp: Added.
2031         (JSC):
2032         (JSC::StructureRareData::createStructure):
2033         (JSC::StructureRareData::create):
2034         (JSC::StructureRareData::clone):
2035         (JSC::StructureRareData::StructureRareData):
2036         (JSC::StructureRareData::visitChildren):
2037         * runtime/StructureRareData.h: Added.
2038         (JSC):
2039         (StructureRareData):
2040         * runtime/StructureRareDataInlines.h: Added.
2041         (JSC):
2042         (JSC::StructureRareData::previousID):
2043         (JSC::StructureRareData::setPreviousID):
2044         (JSC::StructureRareData::clearPreviousID):
2045         (JSC::StructureRareData::objectToStringValue):
2046         (JSC::StructureRareData::setObjectToStringValue):
2047
2048 2013-02-01  Balazs Kilvady  <kilvadyb@homejinni.com>
2049
2050         offlineasm BaseIndex handling is broken on ARM due to MIPS changes
2051         https://bugs.webkit.org/show_bug.cgi?id=108261
2052
2053         Reviewed by Filip Pizlo.
2054
2055         offlineasm BaseIndex handling fix on MIPS.
2056
2057         * offlineasm/mips.rb:
2058         * offlineasm/risc.rb:
2059
2060 2013-02-01  Geoffrey Garen  <ggaren@apple.com>
2061
2062         Removed an unused function: JSGlobalObject::createFunctionExecutableFromGlobalCode
2063         https://bugs.webkit.org/show_bug.cgi?id=108657
2064
2065         Reviewed by Anders Carlsson.
2066
2067         * runtime/JSGlobalObject.cpp:
2068         (JSC):
2069         * runtime/JSGlobalObject.h:
2070         (JSGlobalObject):
2071
2072 2013-02-01  Geoffrey Garen  <ggaren@apple.com>
2073
2074         Added TriState to WTF and started using it in one place
2075         https://bugs.webkit.org/show_bug.cgi?id=108628
2076
2077         Reviewed by Beth Dakin.
2078
2079         * runtime/PrototypeMap.h:
2080         (JSC::PrototypeMap::isPrototype): Use TriState instead of boolean. In
2081         response to review feedback, this is an attempt to clarify that our
2082         'true' condition is actually just a 'maybe'.
2083
2084         * runtime/PrototypeMap.h:
2085         (PrototypeMap):
2086         (JSC::PrototypeMap::isPrototype):
2087
2088 2013-02-01  Alexis Menard  <alexis@webkit.org>
2089
2090         Enable unprefixed CSS transitions by default.
2091         https://bugs.webkit.org/show_bug.cgi?id=108216
2092
2093         Reviewed by Dean Jackson.
2094
2095         Rename the flag CSS_TRANSFORMS_ANIMATIONS_TRANSITIONS_UNPREFIXED
2096         to CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED which will be used later to 
2097         guard the unprefixing work for CSS Transforms and animations.
2098
2099         * Configurations/FeatureDefines.xcconfig:
2100
2101 2013-01-31  Filip Pizlo  <fpizlo@apple.com>
2102
2103         DFG::CFGSimplificationPhase::keepOperandAlive() conflates liveness and availability
2104         https://bugs.webkit.org/show_bug.cgi?id=108580
2105
2106         Reviewed by Oliver Hunt.
2107         
2108         This is a harmless bug in that it only results in us keeping a bit too many things
2109         for OSR.  But it's worth fixing so that the code is consistent.
2110
2111         keepOperandAlive() is called when block A has a branch to blocks B and C, but the
2112         A->B edge is proven to never be taken and we want to optimize the code to have A
2113         unconditionally jump to C.  In that case, for the purposes of OSR, we need to
2114         preserve the knowledge that the state that B expected to be live incoming from A
2115         ought still to be live up to the point of where the A->B,C branch used to be.  The
2116         way we keep things alive is by using the variablesAtTail of A (i.e., we use the
2117         knowledge of in what manner A made state available to B and C).  The way we choose
2118         which state should be kept alive ought to be chosen by the variablesAtHead of B
2119         (i.e. the things B says it needs from its predecessors, including A), except that
2120         keepOperandAlive() was previously just using variablesAtTail of A for this
2121         purpose.
2122         
2123         The fix is to have keepOperandAlive() use both liveness and availability in its
2124         logic. It should use liveness (i.e. B->variablesAtHead) to decide what to keep
2125         alive, and it should use availability (i.e. A->variablesAtTail) to decide how to
2126         keep it alive.
2127         
2128         This might be a microscopic win on some programs, but it's mainly intended to be
2129         a code clean-up so that I don't end up scratching my head in confusion the next
2130         time I look at this code.
2131
2132         * dfg/DFGCFGSimplificationPhase.cpp:
2133         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
2134         (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
2135         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2136
2137 2013-01-31  Geoffrey Garen  <ggaren@apple.com>
2138
2139         REGRESSION (r141192): Crash beneath cti_op_get_by_id_generic @ discussions.apple.com
2140         https://bugs.webkit.org/show_bug.cgi?id=108576
2141
2142         Reviewed by Filip Pizlo.
2143
2144         This was a long-standing bug. The DFG would destructively reuse a register
2145         in op_convert_this, but:
2146
2147             * The bug only presented during speculation failure for type Other
2148
2149             * The bug presented by removing the low bits of a pointer, which
2150             used to be harmless, since all objects were so aligned anyway.
2151
2152         * dfg/DFGSpeculativeJIT64.cpp:
2153         (JSC::DFG::SpeculativeJIT::compile): Don't reuse our this register as
2154         our scratch register. The whole point of our scratch register is to
2155         avoid destructively modifying our this register. I'm pretty sure this
2156         was a copy-paste error.
2157
2158 2013-01-31  Roger Fong  <roger_fong@apple.com>
2159
2160         Unreviewed. Windows build fix.
2161
2162         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
2163
2164 2013-01-31  Jessie Berlin  <jberlin@apple.com>
2165
2166         Rolling out r141407 because it is causing crashes under
2167         WTF::TCMalloc_Central_FreeList::FetchFromSpans() in Release builds.
2168
2169         * bytecode/CodeBlock.cpp:
2170         (JSC::CodeBlock::CodeBlock):
2171
2172 2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
2173
2174         Objective-C API: JSContext exception property causes reference cycle
2175         https://bugs.webkit.org/show_bug.cgi?id=107778
2176
2177         Reviewed by Darin Adler.
2178
2179         JSContext has a (retain) JSValue * exception property which, when non-null, creates a 
2180         reference cycle (since the JSValue * holds a strong reference back to the JSContext *).
2181
2182         * API/JSContext.mm: Instead of JSValue *, we now use a plain JSValueRef, which eliminates the reference cycle.
2183         (-[JSContext initWithVirtualMachine:]):
2184         (-[JSContext setException:]):
2185         (-[JSContext exception]):
2186
2187 2013-01-31  Roger Fong  <roger_fong@apple.com>
2188
2189         Unreviewed build fix. Win7 port.
2190
2191         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
2192
2193 2013-01-31  Joseph Pecoraro  <pecoraro@apple.com>
2194
2195         Disable ENABLE_FULLSCREEN_API on iOS
2196         https://bugs.webkit.org/show_bug.cgi?id=108250
2197
2198         Reviewed by Benjamin Poulain.
2199
2200         * Configurations/FeatureDefines.xcconfig:
2201
2202 2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
2203
2204         Objective-C API: Fix insertion of values greater than the max index allowed by the spec
2205         https://bugs.webkit.org/show_bug.cgi?id=108264
2206
2207         Reviewed by Oliver Hunt.
2208
2209         Fixed a bug, added a test to the API tests, cleaned up some code.
2210
2211         * API/JSValue.h: Changed some of the documentation on setValue:atIndex: to indicate that 
2212         setting values at indices greater than UINT_MAX - 1 wont' affect the length of JS arrays.
2213         * API/JSValue.mm:
2214         (-[JSValue valueAtIndex:]): We weren't returning when we should have been.
2215         (-[JSValue setValue:atIndex:]): Added a comment about why we do the early check for being larger than UINT_MAX.
2216         (objectToValueWithoutCopy): Removed two redundant cases that were already checked previously.
2217         * API/tests/testapi.mm:
2218
2219 2013-01-30  Andreas Kling  <akling@apple.com>
2220
2221         Vector should consult allocator about ideal size when choosing capacity.
2222         <http://webkit.org/b/108410>
2223         <rdar://problem/13124002>
2224
2225         Reviewed by Benjamin Poulain.
2226
2227         Remove assertion about Vector capacity that won't hold anymore since capacity()
2228         may not be what you passed to reserveCapacity().
2229
2230         * bytecode/CodeBlock.cpp:
2231         (JSC::CodeBlock::CodeBlock):
2232
2233 2013-01-30  Filip Pizlo  <fpizlo@apple.com>
2234
2235         DFG bytecode parser should have more assertions about the status of local accesses
2236         https://bugs.webkit.org/show_bug.cgi?id=108417
2237
2238         Reviewed by Mark Hahnenberg.
2239         
2240         Assert some things that we already know to be true, just to reassure ourselves that they are true.
2241         This is meant as a prerequisite for https://bugs.webkit.org/show_bug.cgi?id=108414, which will
2242         make these rules even stricter.
2243
2244         * dfg/DFGByteCodeParser.cpp:
2245         (JSC::DFG::ByteCodeParser::getLocal):
2246         (JSC::DFG::ByteCodeParser::getArgument):
2247
2248 2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
2249
2250         Objective-C API: JSContext's dealloc causes ASSERT due to ordering of releases
2251         https://bugs.webkit.org/show_bug.cgi?id=107978
2252
2253         Reviewed by Filip Pizlo.
2254
2255         We need to add the Identifier table save/restore in JSContextGroupRelease so that we 
2256         have the correct table if we end up destroying the JSGlobalData/Heap.
2257
2258         * API/JSContextRef.cpp:
2259         (JSContextGroupRelease):
2260
2261 2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
2262
2263         Objective-C API: exceptionHandler needs to be released in JSContext dealloc
2264         https://bugs.webkit.org/show_bug.cgi?id=108378
2265
2266         Reviewed by Filip Pizlo.
2267
2268         JSContext has a (copy) exceptionHandler property that it doesn't release in dealloc. 
2269         That sounds like the potential for a leak. It should be released.
2270
2271         * API/JSContext.mm:
2272         (-[JSContext dealloc]):
2273
2274 2013-01-30  Filip Pizlo  <fpizlo@apple.com>
2275
2276         REGRESSION(140504): pure CSE no longer matches things, 10% regression on Kraken
2277         https://bugs.webkit.org/show_bug.cgi?id=108366
2278
2279         Reviewed by Geoffrey Garen and Mark Hahnenberg.
2280         
2281         This was a longstanding bug that was revealed by http://trac.webkit.org/changeset/140504.
2282         Pure CSE requires that the Node::flags() that may affect the behavior of a node match,
2283         when comparing a possibly redundant node to its possible replacement. It was doing this
2284         by comparing Node::arithNodeFlags(), which as the name might appear to suggest, returns
2285         just those flag bits that correspond to actual node behavior and not auxiliary things.
2286         Unfortunately, Node::arithNodeFlags() wasn't actually masking off the irrelevant bits.
2287         This worked prior to r140504 because CSE itself didn't mutate the flags, so there was a
2288         very high probability that matching nodes would also have completely identical flag bits
2289         (even the ones that aren't relevant to arithmetic behavior, like NodeDoesNotExit). But
2290         r140504 moved one of CSE's side-tables (m_relevantToOSR) into a flag bit for quicker
2291         access. These bits would be mutated as the CSE ran over a basic block, in such a way that
2292         there was a very high probability that the possible replacement would already have the
2293         bit set, while the redundant node did not have the bit set. Since Node::arithNodeFlags()
2294         returned all of the bits, this would cause CSEPhase::pureCSE() to reject the match
2295         almost every time.
2296         
2297         The solution is to make Node::arithNodeFlags() do as its name suggests: only return those
2298         flags that are relevant to arithmetic behavior. This patch introduces a new mask that
2299         represents those bits, and includes NodeBehaviorMask and NodeBackPropMask, which are both
2300         used for queries on Node::arithNodeFlags(), and both affect arithmetic code gen. None of
2301         the other flags are relevant to Node::arithNodeFlags() since they either correspond to
2302         information already conveyed by the opcode (like NodeResultMask, NodeMustGenerate,
2303         NodeHasVarArgs, NodeClobbersWorld, NodeMightClobber) or information that doesn't affect
2304         the result that the node will produce or any of the queries performed on the result of
2305         Node::arithNodeFlags (NodeDoesNotExit and of course NodeRelevantToOSR).
2306         
2307         This is a 10% speed-up on Kraken, undoing the regression from r140504.
2308
2309         * dfg/DFGNode.h:
2310         (JSC::DFG::Node::arithNodeFlags):
2311         * dfg/DFGNodeFlags.h:
2312         (DFG):
2313
2314 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
2315
2316         Structure::m_outOfLineCapacity is unnecessary
2317         https://bugs.webkit.org/show_bug.cgi?id=108206
2318
2319         Reviewed by Geoffrey Garen.
2320
2321         We can calculate our out of line capacity by using the outOfLineSize and our knowledge about our resize policy.
2322         According to GDB, this knocks Structures down from 136 bytes to 128 bytes (I'm guessing the extra bytes are from
2323         better alignment of object fields), which puts Structures in a smaller size class. Woohoo! Looks neutral on our 
2324         benchmarks.
2325
2326         * runtime/Structure.cpp:
2327         (JSC::Structure::Structure):
2328         (JSC):
2329         (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
2330         (JSC::Structure::addPropertyTransition):
2331         (JSC::Structure::addPropertyWithoutTransition):
2332         * runtime/Structure.h:
2333         (Structure):
2334         (JSC::Structure::outOfLineCapacity):
2335         (JSC::Structure::totalStorageCapacity):
2336
2337 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
2338
2339         Be a little more conservative about emitting table-based switches
2340         https://bugs.webkit.org/show_bug.cgi?id=108292
2341
2342         Reviewed by Filip Pizlo.
2343
2344         Profiling shows we're using op_switch in cases where it's a regression.
2345
2346         * bytecompiler/NodesCodegen.cpp:
2347         (JSC):
2348         (JSC::length):
2349         (JSC::CaseBlockNode::tryTableSwitch):
2350         (JSC::CaseBlockNode::emitBytecodeForBlock):
2351         * parser/Nodes.h:
2352         (CaseBlockNode):
2353
2354 2013-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>
2355
2356         Unreviewed, rolling out r140983.
2357         http://trac.webkit.org/changeset/140983
2358         https://bugs.webkit.org/show_bug.cgi?id=108277
2359
2360         Unfortunately, this API has one last client (Requested by
2361         abarth on #webkit).
2362
2363         * Configurations/FeatureDefines.xcconfig:
2364
2365 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
2366
2367         Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
2368         https://bugs.webkit.org/show_bug.cgi?id=107839
2369
2370         Reviewed by Geoffrey Garen.
2371
2372         Fixing several ASSERTs that were incorrect along with some of the reallocation of m_prototype and 
2373         m_constructor that they were based on.
2374
2375         * API/JSWrapperMap.mm:
2376         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We now only allocate those
2377         fields that are null (i.e. have been collected or have never been allocated to begin with).
2378         (-[JSObjCClassInfo reallocateConstructorAndOrPrototype]): Renamed to better indicate that we're 
2379         reallocating one or both of the prototype/constructor combo.
2380         (-[JSObjCClassInfo wrapperForObject:]): Call new reallocate function.
2381         (-[JSObjCClassInfo constructor]): Ditto.
2382
2383 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
2384
2385         Make precise size classes more precise
2386         https://bugs.webkit.org/show_bug.cgi?id=108270
2387
2388         Reviewed by Mark Hahnenberg.
2389
2390         Size inference makes this profitable.
2391
2392         I chose 8 byte increments because JSString is 24 bytes. Otherwise, 16
2393         byte increments might be better.
2394
2395         * heap/Heap.h:
2396         (Heap): Removed firstAllocatorWithoutDestructors because it's unused now.
2397
2398         * heap/MarkedBlock.h:
2399         (MarkedBlock): Updated constants.
2400
2401         * heap/MarkedSpace.h:
2402         (MarkedSpace):
2403         (JSC): Also reduced the maximum precise size class because my testing
2404         has shown that the smaller size classes are much more common. This
2405         offsets some of the size class explosion caused by reducing the precise
2406         increment.
2407
2408         * llint/LLIntData.cpp:
2409         (JSC::LLInt::Data::performAssertions): No need for this ASSERT anymore
2410         because we don't rely on firstAllocatorWithoutDestructors anymore, since
2411         we pick size classes dynamically now.
2412
2413 2013-01-29  Oliver Hunt  <oliver@apple.com>
2414
2415         Add some hardening to methodTable()
2416         https://bugs.webkit.org/show_bug.cgi?id=108253
2417
2418         Reviewed by Mark Hahnenberg.
2419
2420         When accessing methodTable() we now always make sure that our
2421         structure _could_ be valid.  Added a separate method to get a
2422         classes methodTable during destruction as it's not possible to
2423         validate the structure at that point.  This separation might
2424         also make it possible to improve the performance of methodTable
2425         access more generally in future.
2426
2427         * heap/MarkedBlock.cpp:
2428         (JSC::MarkedBlock::callDestructor):
2429         * runtime/JSCell.h:
2430         (JSCell):
2431         * runtime/JSCellInlines.h:
2432         (JSC::JSCell::methodTableForDestruction):
2433         (JSC):
2434         (JSC::JSCell::methodTable):
2435
2436 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
2437
2438         offlineasm BaseIndex handling is broken on ARM due to MIPS changes
2439         https://bugs.webkit.org/show_bug.cgi?id=108261
2440
2441         Reviewed by Oliver Hunt.
2442         
2443         Backends shouldn't override each other's methods. That's not cool.
2444
2445         * offlineasm/mips.rb:
2446
2447 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
2448
2449         cloop.rb shouldn't use a method called 'dump' for code generation
2450         https://bugs.webkit.org/show_bug.cgi?id=108251
2451
2452         Reviewed by Mark Hahnenberg.
2453         
2454         Revert http://trac.webkit.org/changeset/141178 and rename 'dump' to 'clDump'.
2455         
2456         Also made trivial build fixes for !ENABLE(JIT).
2457
2458         * offlineasm/cloop.rb:
2459         * runtime/Executable.h:
2460         (ExecutableBase):
2461         (JSC::ExecutableBase::intrinsicFor):
2462         * runtime/JSGlobalData.h:
2463
2464 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
2465
2466         Removed GGC because it has been disabled for a long time
2467         https://bugs.webkit.org/show_bug.cgi?id=108245
2468
2469         Reviewed by Filip Pizlo.
2470
2471         * GNUmakefile.list.am:
2472         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2473         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2474         * JavaScriptCore.xcodeproj/project.pbxproj:
2475         * dfg/DFGRepatch.cpp:
2476         (JSC::DFG::emitPutReplaceStub):
2477         (JSC::DFG::emitPutTransitionStub):
2478         * dfg/DFGSpeculativeJIT.cpp:
2479         (JSC::DFG::SpeculativeJIT::writeBarrier):
2480         * dfg/DFGSpeculativeJIT.h:
2481         (SpeculativeJIT):
2482         * dfg/DFGSpeculativeJIT32_64.cpp:
2483         (JSC::DFG::SpeculativeJIT::compile):
2484         * dfg/DFGSpeculativeJIT64.cpp:
2485         (JSC::DFG::SpeculativeJIT::compile):
2486         * heap/CardSet.h: Removed.
2487         * heap/Heap.cpp:
2488         (JSC::Heap::markRoots):
2489         (JSC::Heap::collect):
2490         * heap/Heap.h:
2491         (Heap):
2492         (JSC::Heap::shouldCollect):
2493         (JSC::Heap::isWriteBarrierEnabled):
2494         (JSC):
2495         (JSC::Heap::writeBarrier):
2496         * heap/MarkedBlock.h:
2497         (MarkedBlock):
2498         (JSC):
2499         * heap/MarkedSpace.cpp:
2500         (JSC):
2501         * jit/JITPropertyAccess.cpp:
2502         (JSC::JIT::emitWriteBarrier):
2503
2504 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
2505
2506         Remove redundant AST dump method from cloop.rb, since they are already defined in ast.rb
2507         https://bugs.webkit.org/show_bug.cgi?id=108247
2508
2509         Reviewed by Oliver Hunt.
2510         
2511         Makes offlineasm dumping easier to read and less likely to cause assertion failures.
2512         Also fixes the strange situation where cloop.rb and ast.rb both defined dump methods,
2513         but cloop.rb was winning.
2514
2515         * offlineasm/cloop.rb:
2516
2517 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
2518
2519         Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
2520         https://bugs.webkit.org/show_bug.cgi?id=107839
2521
2522         Reviewed by Oliver Hunt.
2523
2524         JSContext has a JSWrapperMap, which has an NSMutableDictionary m_classMap, which has values that 
2525         are JSObjCClassInfo objects, which have strong references to two JSValue *'s, m_prototype and 
2526         m_constructor, which in turn have strong references to the JSContext, creating a reference cycle. 
2527         We should make m_prototype and m_constructor Weak<JSObject>. This gets rid of the strong reference 
2528         to the JSContext and also prevents clients from accidentally creating reference cycles by assigning 
2529         to the prototype of the constructor. If Weak<JSObject> fields are ever garbage collected, we will 
2530         reallocate them.
2531
2532         * API/JSContext.mm:
2533         (-[JSContext wrapperMap]):
2534         * API/JSContextInternal.h:
2535         * API/JSWrapperMap.mm:
2536         (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
2537         (-[JSObjCClassInfo dealloc]):
2538         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
2539         (-[JSObjCClassInfo allocateConstructorAndPrototype]):
2540         (-[JSObjCClassInfo wrapperForObject:]):
2541         (-[JSObjCClassInfo constructor]):
2542
2543 2013-01-29  Oliver Hunt  <oliver@apple.com>
2544
2545         REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
2546         https://bugs.webkit.org/show_bug.cgi?id=108097
2547
2548         Reviewed by Geoffrey Garen.
2549
2550         LiteralParser was accepting a bogus 'var a.b = c' statement
2551
2552         * runtime/LiteralParser.cpp:
2553         (JSC::::tryJSONPParse):
2554
2555 2013-01-29  Oliver Hunt  <oliver@apple.com>
2556
2557         Force debug builds to do bounds checks on contiguous property storage
2558         https://bugs.webkit.org/show_bug.cgi?id=108212
2559
2560         Reviewed by Mark Hahnenberg.
2561
2562         Add a ContiguousData type that we use to represent contiguous property
2563         storage.  In release builds it is simply a pointer to the correct type,
2564         but in debug builds it also carries the data length and performs bounds
2565         checks.  This means we don't have to add as many manual bounds assertions
2566         when performing operations over contiguous data.
2567
2568         * dfg/DFGOperations.cpp:
2569         * runtime/ArrayStorage.h:
2570         (ArrayStorage):
2571         (JSC::ArrayStorage::vector):
2572         * runtime/Butterfly.h:
2573         (JSC::ContiguousData::ContiguousData):
2574         (ContiguousData):
2575         (JSC::ContiguousData::operator[]):
2576         (JSC::ContiguousData::data):
2577         (JSC::ContiguousData::length):
2578         (JSC):
2579         (JSC::Butterfly::contiguousInt32):
2580         (Butterfly):
2581         (JSC::Butterfly::contiguousDouble):
2582         (JSC::Butterfly::contiguous):
2583         * runtime/JSArray.cpp:
2584         (JSC::JSArray::sortNumericVector):
2585         (ContiguousTypeAccessor):
2586         (JSC::ContiguousTypeAccessor::getAsValue):
2587         (JSC::ContiguousTypeAccessor::setWithValue):
2588         (JSC::ContiguousTypeAccessor::replaceDataReference):
2589         (JSC):
2590         (JSC::JSArray::sortCompactedVector):
2591         (JSC::JSArray::sort):
2592         (JSC::JSArray::fillArgList):
2593         (JSC::JSArray::copyToArguments):
2594         * runtime/JSArray.h:
2595         (JSArray):
2596         * runtime/JSObject.cpp:
2597         (JSC::JSObject::copyButterfly):
2598         (JSC::JSObject::visitButterfly):
2599         (JSC::JSObject::createInitialInt32):
2600         (JSC::JSObject::createInitialDouble):
2601         (JSC::JSObject::createInitialContiguous):
2602         (JSC::JSObject::convertUndecidedToInt32):
2603         (JSC::JSObject::convertUndecidedToDouble):
2604         (JSC::JSObject::convertUndecidedToContiguous):
2605         (JSC::JSObject::convertInt32ToDouble):
2606         (JSC::JSObject::convertInt32ToContiguous):
2607         (JSC::JSObject::genericConvertDoubleToContiguous):
2608         (JSC::JSObject::convertDoubleToContiguous):
2609         (JSC::JSObject::rageConvertDoubleToContiguous):
2610         (JSC::JSObject::ensureInt32Slow):
2611         (JSC::JSObject::ensureDoubleSlow):
2612         (JSC::JSObject::ensureContiguousSlow):
2613         (JSC::JSObject::rageEnsureContiguousSlow):
2614         (JSC::JSObject::ensureLengthSlow):
2615         * runtime/JSObject.h:
2616         (JSC::JSObject::ensureInt32):
2617         (JSC::JSObject::ensureDouble):
2618         (JSC::JSObject::ensureContiguous):
2619         (JSC::JSObject::rageEnsureContiguous):
2620         (JSObject):
2621         (JSC::JSObject::indexingData):
2622         (JSC::JSObject::currentIndexingData):
2623
2624 2013-01-29  Brent Fulgham  <bfulgham@webkit.org>
2625
2626         [Windows, WinCairo] Unreviewed build fix after r141050
2627
2628         * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Update symbols
2629         to match JavaScriptCore.vcproj version.
2630
2631 2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2632
2633         [Qt] Implement GCActivityCallback
2634         https://bugs.webkit.org/show_bug.cgi?id=103998
2635
2636         Reviewed by Simon Hausmann.
2637
2638         Implements the activity triggered garbage collector.
2639
2640         * runtime/GCActivityCallback.cpp:
2641         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2642         (JSC::DefaultGCActivityCallback::scheduleTimer):
2643         (JSC::DefaultGCActivityCallback::cancelTimer):
2644         * runtime/GCActivityCallback.h:
2645         (GCActivityCallback):
2646         (DefaultGCActivityCallback):
2647
2648 2013-01-29  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
2649
2650         Compilation warning in JSC
2651         https://bugs.webkit.org/show_bug.cgi?id=108178
2652
2653         Reviewed by Kentaro Hara.
2654
2655         Fixed 'comparison between signed and unsigned integer' warning in JSC::Structure constructor.
2656
2657         * runtime/Structure.cpp:
2658         (JSC::Structure::Structure):
2659
2660 2013-01-29  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
2661
2662         [Qt] Fix the JSC build on Mac
2663
2664         Unreviewed, build fix.
2665
2666         * heap/HeapTimer.h:
2667         Qt on Mac has USE(CF) true, and should use the CF HeapTimer in that case.
2668
2669 2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2670
2671         [Qt] Implement IncrementalSweeper and HeapTimer
2672         https://bugs.webkit.org/show_bug.cgi?id=103996
2673
2674         Reviewed by Simon Hausmann.
2675
2676         Implements the incremental sweeping garbage collection for the Qt platform.
2677
2678         * heap/HeapTimer.cpp:
2679         (JSC::HeapTimer::HeapTimer):
2680         (JSC::HeapTimer::~HeapTimer):
2681         (JSC::HeapTimer::timerEvent):
2682         (JSC::HeapTimer::synchronize):
2683         (JSC::HeapTimer::invalidate):
2684         (JSC::HeapTimer::didStartVMShutdown):
2685         * heap/HeapTimer.h:
2686         (HeapTimer):
2687         * heap/IncrementalSweeper.cpp:
2688         (JSC::IncrementalSweeper::IncrementalSweeper):
2689         (JSC::IncrementalSweeper::scheduleTimer):
2690         * heap/IncrementalSweeper.h:
2691         (IncrementalSweeper):
2692
2693 2013-01-28  Filip Pizlo  <fpizlo@apple.com>
2694
2695         DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
2696         https://bugs.webkit.org/show_bug.cgi?id=106868
2697
2698         Reviewed by Oliver Hunt.
2699         
2700         This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
2701         uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
2702         for debugging (Node::index(), which is not guaranteed to be O(1)).
2703         
2704         1% speed-up on SunSpider, presumably because this improves compile times.
2705
2706         * CMakeLists.txt:
2707         * GNUmakefile.list.am:
2708         * JavaScriptCore.xcodeproj/project.pbxproj:
2709         * Target.pri:
2710         * bytecode/DataFormat.h:
2711         (JSC::dataFormatToString):
2712         * dfg/DFGAbstractState.cpp:
2713         (JSC::DFG::AbstractState::initialize):
2714         (JSC::DFG::AbstractState::booleanResult):
2715         (JSC::DFG::AbstractState::execute):
2716         (JSC::DFG::AbstractState::mergeStateAtTail):
2717         (JSC::DFG::AbstractState::mergeToSuccessors):
2718         (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
2719         (JSC::DFG::AbstractState::dump):
2720         * dfg/DFGAbstractState.h:
2721         (DFG):
2722         (JSC::DFG::AbstractState::forNode):
2723         (AbstractState):
2724         (JSC::DFG::AbstractState::speculateInt32Unary):
2725         (JSC::DFG::AbstractState::speculateNumberUnary):
2726         (JSC::DFG::AbstractState::speculateBooleanUnary):
2727         (JSC::DFG::AbstractState::speculateInt32Binary):
2728         (JSC::DFG::AbstractState::speculateNumberBinary):
2729         (JSC::DFG::AbstractState::trySetConstant):
2730         * dfg/DFGAbstractValue.h:
2731         (AbstractValue):
2732         * dfg/DFGAdjacencyList.h:
2733         (JSC::DFG::AdjacencyList::AdjacencyList):
2734         (JSC::DFG::AdjacencyList::initialize):
2735         * dfg/DFGAllocator.h: Added.
2736         (DFG):
2737         (Allocator):
2738         (JSC::DFG::Allocator::Region::size):
2739         (JSC::DFG::Allocator::Region::headerSize):
2740         (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
2741         (JSC::DFG::Allocator::Region::data):
2742         (JSC::DFG::Allocator::Region::isInThisRegion):
2743         (JSC::DFG::Allocator::Region::regionFor):
2744         (Region):
2745         (JSC::DFG::::Allocator):
2746         (JSC::DFG::::~Allocator):
2747         (JSC::DFG::::allocate):
2748         (JSC::DFG::::free):
2749         (JSC::DFG::::freeAll):
2750         (JSC::DFG::::reset):
2751         (JSC::DFG::::indexOf):
2752         (JSC::DFG::::allocatorOf):
2753         (JSC::DFG::::bumpAllocate):
2754         (JSC::DFG::::freeListAllocate):
2755         (JSC::DFG::::allocateSlow):
2756         (JSC::DFG::::freeRegionsStartingAt):
2757         (JSC::DFG::::startBumpingIn):
2758         * dfg/DFGArgumentsSimplificationPhase.cpp:
2759         (JSC::DFG::ArgumentsSimplificationPhase::run):
2760         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2761         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
2762         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2763         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2764         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2765         * dfg/DFGArrayMode.cpp:
2766         (JSC::DFG::ArrayMode::originalArrayStructure):
2767         (JSC::DFG::ArrayMode::alreadyChecked):
2768         * dfg/DFGArrayMode.h:
2769         (ArrayMode):
2770         * dfg/DFGArrayifySlowPathGenerator.h:
2771         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
2772         * dfg/DFGBasicBlock.h:
2773         (JSC::DFG::BasicBlock::node):
2774         (JSC::DFG::BasicBlock::isInPhis):
2775         (JSC::DFG::BasicBlock::isInBlock):
2776         (BasicBlock):
2777         * dfg/DFGBasicBlockInlines.h:
2778         (DFG):
2779         * dfg/DFGByteCodeParser.cpp:
2780         (ByteCodeParser):
2781         (JSC::DFG::ByteCodeParser::getDirect):
2782         (JSC::DFG::ByteCodeParser::get):
2783         (JSC::DFG::ByteCodeParser::setDirect):
2784         (JSC::DFG::ByteCodeParser::set):
2785         (JSC::DFG::ByteCodeParser::setPair):
2786         (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
2787         (JSC::DFG::ByteCodeParser::getLocal):
2788         (JSC::DFG::ByteCodeParser::setLocal):
2789         (JSC::DFG::ByteCodeParser::getArgument):
2790         (JSC::DFG::ByteCodeParser::setArgument):
2791         (JSC::DFG::ByteCodeParser::flushDirect):
2792         (JSC::DFG::ByteCodeParser::getToInt32):
2793         (JSC::DFG::ByteCodeParser::toInt32):
2794         (JSC::DFG::ByteCodeParser::getJSConstantForValue):
2795         (JSC::DFG::ByteCodeParser::getJSConstant):
2796         (JSC::DFG::ByteCodeParser::getCallee):
2797         (JSC::DFG::ByteCodeParser::getThis):
2798         (JSC::DFG::ByteCodeParser::setThis):
2799         (JSC::DFG::ByteCodeParser::isJSConstant):
2800         (JSC::DFG::ByteCodeParser::isInt32Constant):
2801         (JSC::DFG::ByteCodeParser::valueOfJSConstant):
2802         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2803         (JSC::DFG::ByteCodeParser::constantUndefined):
2804         (JSC::DFG::ByteCodeParser::constantNull):
2805         (JSC::DFG::ByteCodeParser::one):
2806         (JSC::DFG::ByteCodeParser::constantNaN):
2807         (JSC::DFG::ByteCodeParser::cellConstant):
2808         (JSC::DFG::ByteCodeParser::addToGraph):
2809         (JSC::DFG::ByteCodeParser::insertPhiNode):
2810         (JSC::DFG::ByteCodeParser::addVarArgChild):
2811         (JSC::DFG::ByteCodeParser::addCall):
2812         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
2813         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2814         (JSC::DFG::ByteCodeParser::getPrediction):
2815         (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
2816         (JSC::DFG::ByteCodeParser::makeSafe):
2817         (JSC::DFG::ByteCodeParser::makeDivSafe):
2818         (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
2819         (ConstantRecord):
2820         (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
2821         (PhiStackEntry):
2822         (JSC::DFG::ByteCodeParser::handleCall):
2823         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
2824         (JSC::DFG::ByteCodeParser::handleInlining):
2825         (JSC::DFG::ByteCodeParser::setIntrinsicResult):
2826         (JSC::DFG::ByteCodeParser::handleMinMax):
2827         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2828         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2829         (JSC::DFG::ByteCodeParser::handleGetById):
2830         (JSC::DFG::ByteCodeParser::getScope):
2831         (JSC::DFG::ByteCodeParser::parseResolveOperations):
2832         (JSC::DFG::ByteCodeParser::parseBlock):
2833         (JSC::DFG::ByteCodeParser::processPhiStack):
2834         (JSC::DFG::ByteCodeParser::linkBlock):
2835         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2836         (JSC::DFG::ByteCodeParser::parse):
2837         * dfg/DFGCFAPhase.cpp:
2838         (JSC::DFG::CFAPhase::performBlockCFA):
2839         * dfg/DFGCFGSimplificationPhase.cpp:
2840         (JSC::DFG::CFGSimplificationPhase::run):
2841         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
2842         (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
2843         (JSC::DFG::CFGSimplificationPhase::fixPhis):
2844         (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
2845         (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
2846         (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
2847         (OperandSubstitution):
2848         (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
2849         (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
2850         (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
2851         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2852         * dfg/DFGCSEPhase.cpp:
2853         (JSC::DFG::CSEPhase::canonicalize):
2854         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2855         (JSC::DFG::CSEPhase::pureCSE):
2856         (JSC::DFG::CSEPhase::constantCSE):
2857         (JSC::DFG::CSEPhase::weakConstantCSE):
2858         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
2859         (JSC::DFG::CSEPhase::getArrayLengthElimination):
2860         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2861         (JSC::DFG::CSEPhase::scopedVarLoadElimination):
2862         (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
2863         (JSC::DFG::CSEPhase::globalVarStoreElimination):
2864         (JSC::DFG::CSEPhase::scopedVarStoreElimination):
2865         (JSC::DFG::CSEPhase::getByValLoadElimination):
2866         (JSC::DFG::CSEPhase::checkFunctionElimination):
2867         (JSC::DFG::CSEPhase::checkExecutableElimination):
2868         (JSC::DFG::CSEPhase::checkStructureElimination):
2869         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
2870         (JSC::DFG::CSEPhase::putStructureStoreElimination):
2871         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2872         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
2873         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2874         (JSC::DFG::CSEPhase::checkArrayElimination):
2875         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2876         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
2877         (JSC::DFG::CSEPhase::getLocalLoadElimination):
2878         (JSC::DFG::CSEPhase::setLocalStoreElimination):
2879         (JSC::DFG::CSEPhase::performSubstitution):
2880         (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
2881         (JSC::DFG::CSEPhase::setReplacement):
2882         (JSC::DFG::CSEPhase::eliminate):
2883         (JSC::DFG::CSEPhase::performNodeCSE):
2884         (JSC::DFG::CSEPhase::performBlockCSE):
2885         (CSEPhase):
2886         * dfg/DFGCommon.cpp: Added.
2887         (DFG):
2888         (JSC::DFG::NodePointerTraits::dump):
2889         * dfg/DFGCommon.h:
2890         (DFG):
2891         (JSC::DFG::NodePointerTraits::defaultValue):
2892         (NodePointerTraits):
2893         (JSC::DFG::verboseCompilationEnabled):
2894         (JSC::DFG::shouldDumpGraphAtEachPhase):
2895         (JSC::DFG::validationEnabled):
2896         * dfg/DFGConstantFoldingPhase.cpp:
2897         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2898         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
2899         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2900         (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
2901         * dfg/DFGDisassembler.cpp:
2902         (JSC::DFG::Disassembler::Disassembler):
2903         (JSC::DFG::Disassembler::createDumpList):
2904         (JSC::DFG::Disassembler::dumpDisassembly):
2905         * dfg/DFGDisassembler.h:
2906         (JSC::DFG::Disassembler::setForNode):
2907         (Disassembler):
2908         * dfg/DFGDriver.cpp:
2909         (JSC::DFG::compile):
2910         * dfg/DFGEdge.cpp: Added.
2911         (DFG):
2912         (JSC::DFG::Edge::dump):
2913         * dfg/DFGEdge.h:
2914         (JSC::DFG::Edge::Edge):
2915         (JSC::DFG::Edge::node):
2916         (JSC::DFG::Edge::operator*):
2917         (JSC::DFG::Edge::operator->):
2918         (Edge):
2919         (JSC::DFG::Edge::setNode):
2920         (JSC::DFG::Edge::useKind):
2921         (JSC::DFG::Edge::setUseKind):
2922         (JSC::DFG::Edge::isSet):
2923         (JSC::DFG::Edge::shift):
2924         (JSC::DFG::Edge::makeWord):
2925         (JSC::DFG::operator==):
2926         (JSC::DFG::operator!=):
2927         * dfg/DFGFixupPhase.cpp:
2928         (JSC::DFG::FixupPhase::fixupBlock):
2929         (JSC::DFG::FixupPhase::fixupNode):
2930         (JSC::DFG::FixupPhase::checkArray):
2931         (JSC::DFG::FixupPhase::blessArrayOperation):
2932         (JSC::DFG::FixupPhase::fixIntEdge):
2933         (JSC::DFG::FixupPhase::fixDoubleEdge):
2934         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2935         (FixupPhase):
2936         * dfg/DFGGenerationInfo.h:
2937         (JSC::DFG::GenerationInfo::GenerationInfo):
2938         (JSC::DFG::GenerationInfo::initConstant):
2939         (JSC::DFG::GenerationInfo::initInteger):
2940         (JSC::DFG::GenerationInfo::initJSValue):
2941         (JSC::DFG::GenerationInfo::initCell):
2942         (JSC::DFG::GenerationInfo::initBoolean):
2943         (JSC::DFG::GenerationInfo::initDouble):
2944         (JSC::DFG::GenerationInfo::initStorage):
2945         (GenerationInfo):
2946         (JSC::DFG::GenerationInfo::node):
2947         (JSC::DFG::GenerationInfo::noticeOSRBirth):
2948         (JSC::DFG::GenerationInfo::use):
2949         (JSC::DFG::GenerationInfo::appendFill):
2950         (JSC::DFG::GenerationInfo::appendSpill):
2951         * dfg/DFGGraph.cpp:
2952         (JSC::DFG::Graph::Graph):
2953         (JSC::DFG::Graph::~Graph):
2954         (DFG):
2955         (JSC::DFG::Graph::dumpCodeOrigin):
2956         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
2957         (JSC::DFG::Graph::printNodeWhiteSpace):
2958         (JSC::DFG::Graph::dump):
2959         (JSC::DFG::Graph::dumpBlockHeader):
2960         (JSC::DFG::Graph::refChildren):
2961         (JSC::DFG::Graph::derefChildren):
2962         (JSC::DFG::Graph::predictArgumentTypes):
2963         (JSC::DFG::Graph::collectGarbage):
2964         (JSC::DFG::Graph::determineReachability):
2965         (JSC::DFG::Graph::resetExitStates):
2966         * dfg/DFGGraph.h:
2967         (Graph):
2968         (JSC::DFG::Graph::ref):
2969         (JSC::DFG::Graph::deref):
2970         (JSC::DFG::Graph::changeChild):
2971         (JSC::DFG::Graph::compareAndSwap):
2972         (JSC::DFG::Graph::clearAndDerefChild):
2973         (JSC::DFG::Graph::clearAndDerefChild1):
2974         (JSC::DFG::Graph::clearAndDerefChild2):
2975         (JSC::DFG::Graph::clearAndDerefChild3):
2976         (JSC::DFG::Graph::convertToConstant):
2977         (JSC::DFG::Graph::getJSConstantSpeculation):
2978         (JSC::DFG::Graph::addSpeculationMode):
2979         (JSC::DFG::Graph::valueAddSpeculationMode):
2980         (JSC::DFG::Graph::arithAddSpeculationMode):
2981         (JSC::DFG::Graph::addShouldSpeculateInteger):
2982         (JSC::DFG::Graph::mulShouldSpeculateInteger):
2983         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2984         (JSC::DFG::Graph::isConstant):
2985         (JSC::DFG::Graph::isJSConstant):
2986         (JSC::DFG::Graph::isInt32Constant):
2987         (JSC::DFG::Graph::isDoubleConstant):
2988         (JSC::DFG::Graph::isNumberConstant):
2989         (JSC::DFG::Graph::isBooleanConstant):
2990         (JSC::DFG::Graph::isCellConstant):
2991         (JSC::DFG::Graph::isFunctionConstant):
2992         (JSC::DFG::Graph::isInternalFunctionConstant):
2993         (JSC::DFG::Graph::valueOfJSConstant):
2994         (JSC::DFG::Graph::valueOfInt32Constant):
2995         (JSC::DFG::Graph::valueOfNumberConstant):
2996         (JSC::DFG::Graph::valueOfBooleanConstant):
2997         (JSC::DFG::Graph::valueOfFunctionConstant):
2998         (JSC::DFG::Graph::valueProfileFor):
2999         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
3000         (JSC::DFG::Graph::numSuccessors):
3001         (JSC::DFG::Graph::successor):
3002         (JSC::DFG::Graph::successorForCondition):
3003         (JSC::DFG::Graph::isPredictedNumerical):
3004         (JSC::DFG::Graph::byValIsPure):
3005         (JSC::DFG::Graph::clobbersWorld):
3006         (JSC::DFG::Graph::varArgNumChildren):
3007         (JSC::DFG::Graph::numChildren):
3008         (JSC::DFG::Graph::varArgChild):
3009         (JSC::DFG::Graph::child):
3010         (JSC::DFG::Graph::voteNode):
3011         (JSC::DFG::Graph::voteChildren):
3012         (JSC::DFG::Graph::substitute):
3013         (JSC::DFG::Graph::substituteGetLocal):
3014         (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
3015         (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
3016         * dfg/DFGInsertionSet.h:
3017         (JSC::DFG::Insertion::Insertion):
3018         (JSC::DFG::Insertion::element):
3019         (Insertion):
3020         (JSC::DFG::InsertionSet::insert):
3021         (InsertionSet):
3022         * dfg/DFGJITCompiler.cpp:
3023         * dfg/DFGJITCompiler.h:
3024         (JSC::DFG::JITCompiler::setForNode):
3025         (JSC::DFG::JITCompiler::addressOfDoubleConstant):
3026         (JSC::DFG::JITCompiler::noticeOSREntry):
3027         * dfg/DFGLongLivedState.cpp: Added.
3028         (DFG):
3029         (JSC::DFG::LongLivedState::LongLivedState):
3030         (JSC::DFG::LongLivedState::~LongLivedState):
3031         (JSC::DFG::LongLivedState::shrinkToFit):
3032         * dfg/DFGLongLivedState.h: Added.
3033         (DFG):
3034         (LongLivedState):
3035         * dfg/DFGMinifiedID.h:
3036         (JSC::DFG::MinifiedID::MinifiedID):
3037         (JSC::DFG::MinifiedID::node):
3038         * dfg/DFGMinifiedNode.cpp:
3039         (JSC::DFG::MinifiedNode::fromNode):
3040         * dfg/DFGMinifiedNode.h:
3041         (MinifiedNode):
3042         * dfg/DFGNode.cpp: Added.
3043         (DFG):
3044         (JSC::DFG::Node::index):
3045         (WTF):
3046         (WTF::printInternal):
3047         * dfg/DFGNode.h:
3048         (DFG):
3049         (JSC::DFG::Node::Node):
3050         (Node):
3051         (JSC::DFG::Node::convertToGetByOffset):
3052         (JSC::DFG::Node::convertToPutByOffset):
3053         (JSC::DFG::Node::ref):
3054         (JSC::DFG::Node::shouldSpeculateInteger):
3055         (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
3056         (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
3057         (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
3058         (JSC::DFG::Node::shouldSpeculateNumber):
3059         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
3060         (JSC::DFG::Node::shouldSpeculateFinalObject):
3061         (JSC::DFG::Node::shouldSpeculateArray):
3062         (JSC::DFG::Node::dumpChildren):
3063         (WTF):
3064         * dfg/DFGNodeAllocator.h: Added.
3065         (DFG):
3066         (operator new ):
3067         * dfg/DFGOSRExit.cpp:
3068         (JSC::DFG::OSRExit::OSRExit):
3069         * dfg/DFGOSRExit.h:
3070         (OSRExit):
3071         (SpeculationFailureDebugInfo):
3072         * dfg/DFGOSRExitCompiler.cpp:
3073         * dfg/DFGOSRExitCompiler32_64.cpp:
3074         (JSC::DFG::OSRExitCompiler::compileExit):
3075         * dfg/DFGOSRExitCompiler64.cpp:
3076         (JSC::DFG::OSRExitCompiler::compileExit):
3077         * dfg/DFGOperations.cpp:
3078         * dfg/DFGPhase.cpp:
3079         (DFG):
3080         (JSC::DFG::Phase::beginPhase):
3081         (JSC::DFG::Phase::endPhase):
3082         * dfg/DFGPhase.h:
3083         (Phase):
3084         (JSC::DFG::runAndLog):
3085         * dfg/DFGPredictionPropagationPhase.cpp:
3086         (JSC::DFG::PredictionPropagationPhase::setPrediction):
3087         (JSC::DFG::PredictionPropagationPhase::mergePrediction):
3088         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
3089         (JSC::DFG::PredictionPropagationPhase::isNotZero):
3090         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
3091         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
3092         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
3093         (JSC::DFG::PredictionPropagationPhase::propagate):
3094         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
3095         (JSC::DFG::PredictionPropagationPhase::propagateForward):
3096         (JSC::DFG::PredictionPropagationPhase::propagateBackward):
3097         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3098         (PredictionPropagationPhase):
3099         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
3100         * dfg/DFGScoreBoard.h:
3101         (JSC::DFG::ScoreBoard::ScoreBoard):
3102         (JSC::DFG::ScoreBoard::use):
3103         (JSC::DFG::ScoreBoard::useIfHasResult):
3104         (ScoreBoard):
3105         * dfg/DFGSilentRegisterSavePlan.h:
3106         (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
3107         (JSC::DFG::SilentRegisterSavePlan::node):
3108         (SilentRegisterSavePlan):
3109         * dfg/DFGSlowPathGenerator.h:
3110         (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
3111         (JSC::DFG::SlowPathGenerator::generate):
3112         (SlowPathGenerator):
3113         * dfg/DFGSpeculativeJIT.cpp:
3114         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
3115         (JSC::DFG::SpeculativeJIT::speculationCheck):
3116         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
3117         (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
3118         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
3119         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
3120         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3121         (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
3122         (JSC::DFG::SpeculativeJIT::silentSpill):
3123         (JSC::DFG::SpeculativeJIT::silentFill):
3124         (JSC::DFG::SpeculativeJIT::checkArray):
3125         (JSC::DFG::SpeculativeJIT::arrayify):
3126         (JSC::DFG::SpeculativeJIT::fillStorage):
3127         (JSC::DFG::SpeculativeJIT::useChildren):
3128         (JSC::DFG::SpeculativeJIT::isStrictInt32):
3129         (JSC::DFG::SpeculativeJIT::isKnownInteger):
3130         (JSC::DFG::SpeculativeJIT::isKnownNumeric):
3131         (JSC::DFG::SpeculativeJIT::isKnownCell):
3132         (JSC::DFG::SpeculativeJIT::isKnownNotCell):
3133         (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
3134         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
3135         (JSC::DFG::SpeculativeJIT::writeBarrier):
3136         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
3137         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
3138         (JSC::DFG::GPRTemporary::GPRTemporary):
3139         (JSC::DFG::FPRTemporary::FPRTemporary):
3140         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
3141         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
3142         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
3143         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
3144         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
3145         (JSC::DFG::SpeculativeJIT::compileMovHint):
3146         (JSC::DFG::SpeculativeJIT::compile):
3147         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3148         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
3149         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3150         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
3151         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
3152         (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
3153         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3154         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
3155         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
3156         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3157         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3158         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
3159         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
3160         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
3161         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
3162         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
3163         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
3164         (JSC::DFG::SpeculativeJIT::compileAdd):
3165         (JSC::DFG::SpeculativeJIT::compileArithSub):
3166         (JSC::DFG::SpeculativeJIT::compileArithNegate):
3167         (JSC::DFG::SpeculativeJIT::compileArithMul):
3168         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
3169         (JSC::DFG::SpeculativeJIT::compileArithMod):
3170         (JSC::DFG::SpeculativeJIT::compare):
3171         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
3172         (JSC::DFG::SpeculativeJIT::compileStrictEq):
3173         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
3174         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
3175         (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
3176         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
3177         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
3178         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
3179         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
3180         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
3181         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3182         * dfg/DFGSpeculativeJIT.h:
3183         (SpeculativeJIT):
3184         (JSC::DFG::SpeculativeJIT::canReuse):
3185         (JSC::DFG::SpeculativeJIT::isFilled):
3186         (JSC::DFG::SpeculativeJIT::isFilledDouble):
3187         (JSC::DFG::SpeculativeJIT::use):
3188         (JSC::DFG::SpeculativeJIT::isConstant):
3189         (JSC::DFG::SpeculativeJIT::isJSConstant):
3190         (JSC::DFG::SpeculativeJIT::isInt32Constant):
3191         (JSC::DFG::SpeculativeJIT::isDoubleConstant):
3192         (JSC::DFG::SpeculativeJIT::isNumberConstant):
3193         (JSC::DFG::SpeculativeJIT::isBooleanConstant):
3194         (JSC::DFG::SpeculativeJIT::isFunctionConstant):
3195         (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
3196         (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
3197         (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
3198         (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
3199         (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
3200         (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
3201         (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
3202         (JSC::DFG::SpeculativeJIT::isNullConstant):
3203         (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
3204         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3205         (JSC::DFG::SpeculativeJIT::integerResult):
3206         (JSC::DFG::SpeculativeJIT::noResult):
3207         (JSC::DFG::SpeculativeJIT::cellResult):
3208         (JSC::DFG::SpeculativeJIT::booleanResult):
3209         (JSC::DFG::SpeculativeJIT::jsValueResult):
3210         (JSC::DFG::SpeculativeJIT::storageResult):
3211         (JSC::DFG::SpeculativeJIT::doubleResult):
3212         (JSC::DFG::SpeculativeJIT::initConstantInfo):
3213         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
3214         (JSC::DFG::SpeculativeJIT::isInteger):
3215         (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
3216         (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
3217         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
3218         (JSC::DFG::IntegerOperand::IntegerOperand):
3219         (JSC::DFG::IntegerOperand::node):
3220         (JSC::DFG::IntegerOperand::gpr):
3221         (JSC::DFG::IntegerOperand::use):
3222         (IntegerOperand):
3223         (JSC::DFG::DoubleOperand::DoubleOperand):
3224         (JSC::DFG::DoubleOperand::node):
3225         (JSC::DFG::DoubleOperand::fpr):
3226         (JSC::DFG::DoubleOperand::use):
3227         (DoubleOperand):
3228         (JSC::DFG::JSValueOperand::JSValueOperand):
3229         (JSC::DFG::JSValueOperand::node):
3230         (JSC::DFG::JSValueOperand::gpr):
3231         (JSC::DFG::JSValueOperand::fill):
3232         (JSC::DFG::JSValueOperand::use):
3233         (JSValueOperand):
3234         (JSC::DFG::StorageOperand::StorageOperand):
3235         (JSC::DFG::StorageOperand::node):
3236         (JSC::DFG::StorageOperand::gpr):
3237         (JSC::DFG::StorageOperand::use):
3238         (StorageOperand):
3239         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
3240         (JSC::DFG::SpeculateIntegerOperand::node):
3241         (JSC::DFG::SpeculateIntegerOperand::gpr):
3242         (JSC::DFG::SpeculateIntegerOperand::use):
3243         (SpeculateIntegerOperand):
3244         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
3245         (JSC::DFG::SpeculateStrictInt32Operand::node):
3246         (JSC::DFG::SpeculateStrictInt32Operand::gpr):
3247         (JSC::DFG::SpeculateStrictInt32Operand::use):
3248         (SpeculateStrictInt32Operand):
3249         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
3250         (JSC::DFG::SpeculateDoubleOperand::node):
3251         (JSC::DFG::SpeculateDoubleOperand::fpr):
3252         (JSC::DFG::SpeculateDoubleOperand::use):
3253         (SpeculateDoubleOperand):
3254         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
3255         (JSC::DFG::SpeculateCellOperand::node):
3256         (JSC::DFG::SpeculateCellOperand::gpr):
3257         (JSC::DFG::SpeculateCellOperand::use):
3258         (SpeculateCellOperand):
3259         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
3260         (JSC::DFG::SpeculateBooleanOperand::node):
3261         (JSC::DFG::SpeculateBooleanOperand::gpr):
3262         (JSC::DFG::SpeculateBooleanOperand::use):
3263         (SpeculateBooleanOperand):
3264         * dfg/DFGSpeculativeJIT32_64.cpp:
3265         (JSC::DFG::SpeculativeJIT::fillInteger):
3266         (JSC::DFG::SpeculativeJIT::fillDouble):
3267         (JSC::DFG::SpeculativeJIT::fillJSValue):
3268         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
3269         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
3270         (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
3271         (JSC::DFG::SpeculativeJIT::cachedPutById):
3272         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
3273         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
3274         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
3275         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
3276         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
3277         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
3278         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
3279         (JSC::DFG::SpeculativeJIT::emitCall):
3280         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3281         (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
3282         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
3283         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3284         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3285         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3286         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3287         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
3288         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
3289         (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
3290         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3291         (JSC::DFG::SpeculativeJIT::compileValueAdd):
3292         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
3293         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3294         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
3295         (JSC::DFG::SpeculativeJIT::emitBranch):
3296         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
3297         (JSC::DFG::SpeculativeJIT::compile):
3298         * dfg/DFGSpeculativeJIT64.cpp:
3299         (JSC::DFG::SpeculativeJIT::fillInteger):
3300         (JSC::DFG::SpeculativeJIT::fillDouble):
3301         (JSC::DFG::SpeculativeJIT::fillJSValue):
3302         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
3303         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
3304         (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
3305         (JSC::DFG::SpeculativeJIT::cachedPutById):
3306         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
3307         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
3308         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
3309         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
3310         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
3311         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
3312         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
3313         (JSC::DFG::SpeculativeJIT::emitCall):
3314         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3315         (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
3316         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
3317         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3318         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3319         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3320         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
3321         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
3322         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
3323         (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
3324         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
3325         (JSC::DFG::SpeculativeJIT::compileValueAdd):
3326         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
3327         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3328         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
3329         (JSC::DFG::SpeculativeJIT::emitBranch):
3330         (JSC::DFG::SpeculativeJIT::compile):
3331         * dfg/DFGStructureAbstractValue.h:
3332         (StructureAbstractValue):
3333         * dfg/DFGStructureCheckHoistingPhase.cpp:
3334         (JSC::DFG::StructureCheckHoistingPhase::run):
3335         * dfg/DFGValidate.cpp:
3336         (DFG):
3337         (Validate):
3338         (JSC::DFG::Validate::validate):
3339         (JSC::DFG::Validate::reportValidationContext):
3340         * dfg/DFGValidate.h:
3341         * dfg/DFGValueSource.cpp:
3342         (JSC::DFG::ValueSource::dump):
3343         * dfg/DFGValueSource.h:
3344         (JSC::DFG::ValueSource::ValueSource):
3345         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3346         (JSC::DFG::VirtualRegisterAllocationPhase::run):
3347         * runtime/FunctionExecutableDump.cpp: Added.
3348         (JSC):
3349         (JSC::FunctionExecutableDump::dump):
3350         * runtime/FunctionExecutableDump.h: Added.
3351         (JSC):
3352         (FunctionExecutableDump):
3353         (JSC::FunctionExecutableDump::FunctionExecutableDump):
3354         * runtime/JSGlobalData.cpp:
3355         (JSC::JSGlobalData::JSGlobalData):
3356         * runtime/JSGlobalData.h:
3357         (JSC):
3358         (DFG):
3359         (JSGlobalData):
3360         * runtime/Options.h:
3361         (JSC):
3362
3363 2013-01-28  Laszlo Gombos  <l.gombos@samsung.com>
3364
3365         Collapse testing for a list of PLATFORM() into OS() and USE() tests
3366         https://bugs.webkit.org/show_bug.cgi?id=108018
3367
3368         Reviewed by Eric Seidel.
3369
3370         No functional change as "OS(DARWIN) && USE(CF)" equals to the
3371         following platforms: MAC, WX, QT and CHROMIUM. CHROMIUM
3372         is not using JavaScriptCore. 
3373
3374         * runtime/DatePrototype.cpp:
3375         (JSC):
3376
3377 2013-01-28  Geoffrey Garen  <ggaren@apple.com>
3378
3379         Static size inference for JavaScript objects
3380         https://bugs.webkit.org/show_bug.cgi?id=108093
3381
3382         Reviewed by Phil Pizlo.
3383
3384         * API/JSObjectRef.cpp:
3385         * JavaScriptCore.order:
3386         * JavaScriptCore.xcodeproj/project.pbxproj: Pay the tax man.
3387
3388         * bytecode/CodeBlock.cpp:
3389         (JSC::CodeBlock::dumpBytecode): op_new_object and op_create_this now
3390         have an extra inferredInlineCapacity argument. This is the statically
3391         inferred inline capacity, just from analyzing source text. op_new_object
3392         also gets a pointer to an allocation profile. (For op_create_this, the
3393         profile is in the construtor function.)
3394
3395         (JSC::CodeBlock::CodeBlock): Link op_new_object.
3396
3397         (JSC::CodeBlock::stronglyVisitStrongReferences): Mark our profiles.
3398
3399         * bytecode/CodeBlock.h:
3400         (CodeBlock): Removed some dead code. Added object&nb