Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj...

[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2011-03-17  Jeff Miller  <jeffm@apple.com>

        Use a consistent set of file patterns in the svn:ignore property for all .xcodeproj directories, specifically:
        
        *.mode*
        *.pbxuser
        *.perspective*
        project.xcworkspace
        xcuserdata

        * JavaScriptCore.xcodeproj: Modified property svn:ignore.

2011-03-17  Gavin Barraclough  <barraclough@apple.com>

        Reverting r81197, breaks JIT + INTERPRETER build.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::hasGlobalResolveInstructionAtBytecodeOffset):
        (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addPropertyAccessInstruction):
        (JSC::CodeBlock::addGlobalResolveInstruction):
        (JSC::CodeBlock::addStructureStubInfo):
        * bytecode/Opcode.h:
        * bytecode/StructureStubInfo.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitConstruct):
        (JSC::BytecodeGenerator::emitCatch):

2011-03-17  Ben Taylor  <bentaylor.solx86@gmail.com>

        Reviewed by Alexey Proskuryakov.

        Add a COMPILER(SUNCC) define for Sun Studio 12. 
        https://bugs.webkit.org/show_bug.cgi?56444
        derived from patch 1 of 16 originally from https://bugs.webkit.org/show_bug.cgi?id=24932

        * wtf/Platform.h:

2011-03-17  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by David Levin.

        Adding a contains method to Vector.
        https://bugs.webkit.org/show_bug.cgi?id=55859

        * wtf/Vector.h:
        (WTF::::operator):
        (WTF::::contains):

2011-03-17  Patrick Gansterer  <paroga@webkit.org>

        Fix the interpreter build.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute): Added globalData to inheritorID().

2011-03-16  Sam Weinig  <sam@webkit.org>

        Fix the interpreter build.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::resolve):
        (JSC::Interpreter::resolveSkip):
        (JSC::Interpreter::resolveGlobal):
        (JSC::Interpreter::resolveGlobalDynamic):
        (JSC::Interpreter::resolveBaseAndProperty):
        (JSC::Interpreter::privateExecute):
        Remove .get()s.

2011-03-16  Adam Barth  <abarth@webkit.org>

        Reviewed by James Robinson.

        Remove USE(BUILTIN_UTF8_CODEC)
        https://bugs.webkit.org/show_bug.cgi?id=56508

        We added this recently when we were unsure about the stability of the
        built-in UTF-8 codec.  However, the codec seems to be stable, so we
        don't need the macro.

        * wtf/Platform.h:

2011-03-16  Daniel Bates  <dbates@rim.com>

        Reviewed by Darin Adler.

        Make JIT build for ARM Thumb-2 with RVCT
        https://bugs.webkit.org/show_bug.cgi?id=56440

        Derived from a patch by Dave Tapuska.

        Also, modify the RVCT stub template to indicate that it preserves 8 byte stack alignment.

        * jit/JITStubs.cpp:

2011-03-16  Chao-ying Fu  <fu@mips.com>

        Reviewed by Darin Adler.

        Fix MIPS build with const *void
        https://bugs.webkit.org/show_bug.cgi?id=56513

        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::load32):
        (JSC::MacroAssemblerMIPS::store32):

2011-03-16  Oliver Hunt  <oliver@apple.com>

        Reviewed by Darin Adler.

        Remove unnecessary caller tracking shenanigans from CodeBlock
        https://bugs.webkit.org/show_bug.cgi?id=56483

        This removes some leftover cruft from when we made CodeBlock
        mark its callees.  Removing it gives us a 0.7% progression,
        reducing the overall regression to ~1.3%.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::shrinkToFit):
        * bytecode/CodeBlock.h:
        (JSC::CallLinkInfo::CallLinkInfo):
        * jit/JIT.cpp:
        (JSC::JIT::linkCall):
        (JSC::JIT::linkConstruct):

2011-03-15  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make Structure creation require a JSGlobalData
        https://bugs.webkit.org/show_bug.cgi?id=56438

        Mechanical change to make Structure::create require JSGlobalData&, and
        require all users to provide the globalData.

        * API/JSCallbackConstructor.h:
        (JSC::JSCallbackConstructor::createStructure):
        * API/JSCallbackFunction.h:
        (JSC::JSCallbackFunction::createStructure):
        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::createStructure):
        * API/JSContextRef.cpp:
        * JavaScriptCore.exp:
        * debugger/DebuggerActivation.cpp:
        (JSC::DebuggerActivation::DebuggerActivation):
        * debugger/DebuggerActivation.h:
        (JSC::DebuggerActivation::createStructure):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jsc.cpp:
        (GlobalObject::GlobalObject):
        (functionRun):
        (jscmain):
        * runtime/Arguments.h:
        (JSC::Arguments::createStructure):
        * runtime/ArrayPrototype.h:
        (JSC::ArrayPrototype::createStructure):
        * runtime/BooleanObject.h:
        (JSC::BooleanObject::createStructure):
        * runtime/DateInstance.h:
        (JSC::DateInstance::createStructure):
        * runtime/DatePrototype.h:
        (JSC::DatePrototype::createStructure):
        * runtime/ErrorInstance.h:
        (JSC::ErrorInstance::createStructure):
        * runtime/Executable.h:
        (JSC::ExecutableBase::createStructure):
        (JSC::EvalExecutable::createStructure):
        (JSC::ProgramExecutable::createStructure):
        (JSC::FunctionExecutable::createStructure):
        * runtime/FunctionPrototype.h:
        (JSC::FunctionPrototype::createStructure):
        * runtime/GetterSetter.h:
        (JSC::GetterSetter::createStructure):
        * runtime/InternalFunction.h:
        (JSC::InternalFunction::createStructure):
        * runtime/JSAPIValueWrapper.h:
        (JSC::JSAPIValueWrapper::createStructure):
        * runtime/JSActivation.h:
        (JSC::JSActivation::createStructure):
        * runtime/JSArray.cpp:
        (JSC::JSArray::JSArray):
        * runtime/JSArray.h:
        (JSC::JSArray::createStructure):
        * runtime/JSByteArray.cpp:
        (JSC::JSByteArray::createStructure):
        * runtime/JSByteArray.h:
        (JSC::JSByteArray::JSByteArray):
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::createDummyStructure):
        * runtime/JSFunction.h:
        (JSC::JSFunction::createStructure):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::storeVPtrs):
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObject):
        (JSC::JSGlobalObject::createStructure):
        * runtime/JSNotAnObject.h:
        (JSC::JSNotAnObject::createStructure):
        * runtime/JSONObject.h:
        (JSC::JSONObject::createStructure):
        * runtime/JSObject.cpp:
        (JSC::JSObject::createInheritorID):
        * runtime/JSObject.h:
        (JSC::JSObject::createStructure):
        (JSC::JSNonFinalObject::createStructure):
        (JSC::JSFinalObject::createStructure):
        (JSC::createEmptyObjectStructure):
        (JSC::JSObject::inheritorID):
        * runtime/JSObjectWithGlobalObject.h:
        (JSC::JSObjectWithGlobalObject::createStructure):
        * runtime/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::createStructure):
        * runtime/JSStaticScopeObject.h:
        (JSC::JSStaticScopeObject::createStructure):
        * runtime/JSString.h:
        (JSC::RopeBuilder::createStructure):
        * runtime/JSVariableObject.h:
        (JSC::JSVariableObject::createStructure):
        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::createStructure):
        * runtime/JSZombie.h:
        (JSC::JSZombie::createStructure):
        * runtime/MathObject.h:
        (JSC::MathObject::createStructure):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * runtime/NativeErrorConstructor.h:
        (JSC::NativeErrorConstructor::createStructure):
        * runtime/NumberConstructor.h:
        (JSC::NumberConstructor::createStructure):
        * runtime/NumberObject.h:
        (JSC::NumberObject::createStructure):
        * runtime/ObjectConstructor.h:
        (JSC::ObjectConstructor::createStructure):
        * runtime/RegExpConstructor.h:
        (JSC::RegExpConstructor::createStructure):
        * runtime/RegExpObject.h:
        (JSC::RegExpObject::createStructure):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::createStructure):
        * runtime/StringObject.h:
        (JSC::StringObject::createStructure):
        * runtime/StringObjectThatMasqueradesAsUndefined.h:
        (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
        * runtime/StringPrototype.h:
        (JSC::StringPrototype::createStructure):
        * runtime/Structure.h:
        (JSC::Structure::create):

2011-03-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Some conservative root gathering cleanup
        https://bugs.webkit.org/show_bug.cgi?id=56447
        
        SunSpider says 0.5% - 1.8% faster.

        * interpreter/RegisterFile.cpp:
        (JSC::RegisterFile::gatherConservativeRoots):
        * interpreter/RegisterFile.h: New helper function for doing the
        conservative gathering of the register file. It's still conservative,
        since the register file may contain uninitialized values, but it's
        moving-safe, because it only visits values tagged as pointers, so there's
        no risk of mistaking an integer for a pointer and accidentally changing it.

        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeRoots::add):
        * runtime/ConservativeSet.h: Added a single-value add function, used above.

        * runtime/Heap.cpp:
        (JSC::Heap::markRoots): Separated machine stack conservative roots from
        register file conservative roots because machine stack roots must be
        pinned, but register file roots need not be pinned.
        
        Adopted new interface for passing the current stack extent to the machine
        stack root gathering routine. This allows us to exclude marking-related
        data structures on the stack, and thus avoid double-marking the set of
        machine roots.

        * runtime/MachineStackMarker.cpp:
        (JSC::MachineThreads::gatherFromCurrentThread):
        (JSC::MachineThreads::gatherConservativeRoots):
        * runtime/MachineStackMarker.h: Added new interface, described above.

        * runtime/MarkedBlock.h:
        (JSC::MarkedBlock::firstAtom):
        * wtf/StdLibExtras.h:
        (WTF::roundUpToMultipleOf): Moved roundUpToMultipleOf so it could be used
        by MachineStacks.

2011-03-16  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        A little bit of MarkStack cleanup
        https://bugs.webkit.org/show_bug.cgi?id=56443
        
        Moved MarkStack functions into MarkStack.h/.cpp.
        
        SunSpider reports no change.

        * runtime/JSArray.h:
        * runtime/JSCell.h: Moved from here...
        * runtime/MarkStack.cpp:
        (JSC::MarkStack::markChildren):
        (JSC::MarkStack::drain): ...to here. Also, no need to inline drain. It's
        a huge function, and not called many times.

        * runtime/MarkStack.h:
        (JSC::MarkStack::~MarkStack): Moved near constructor, per style guide.
        (JSC::MarkStack::append):
        (JSC::MarkStack::deprecatedAppend):
        (JSC::MarkStack::internalAppend): Moved to here.

2011-03-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed another deprecatedAppend
        https://bugs.webkit.org/show_bug.cgi?id=56429

        * collector/handles/HandleHeap.cpp:
        (JSC::HandleHeap::markStrongHandles):
        * collector/handles/HandleHeap.h: Use HeapRootMarker, since handles are
        marked directly by the Heap.

        * runtime/Heap.cpp:
        (JSC::Heap::markRoots): Ditto.

2011-03-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed some more deprecated / unsafe append
        https://bugs.webkit.org/show_bug.cgi?id=56428

        * collector/handles/HandleStack.cpp:
        (JSC::HandleStack::mark):
        * collector/handles/HandleStack.h: Mark the handle stack using a HeapRoot
        marker, since it's a heap root.
        
        * runtime/ArgList.cpp:
        (JSC::MarkedArgumentBuffer::markLists):
        (JSC::MarkedArgumentBuffer::slowAppend):
        * runtime/ArgList.h: Ditto.

        * runtime/Heap.cpp:
        (JSC::Heap::markRoots): Added a mark call for marking the handle stack.
        It seems like Oliver forgot this in his last patch. (!)

        * runtime/MarkStack.h: Removed appendSlots, since it would allow an
        object to embed JSValues directly instead of using WriteBarrier.

        (JSC::MarkStack::append): Added a private append for a list of values.

        (JSC::HeapRootMarker::mark): Access to the above.

2011-03-15  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed a few more deprecatedAppends, and removed HeapRoot<T>
        https://bugs.webkit.org/show_bug.cgi?id=56422
        
        Added HeapRootMarker, a privileged class for marking direct heap roots
        that are iterated during each garbage collection. This is easier to use
        and more reliable than HeapRoot<T>, so I've removed HeapRoot<T>.

        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/CallFrame.h:
        (JSC::ExecState::exception):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/Completion.cpp:
        (JSC::evaluate): exception is no longer a HeapRoot<T>, so no need to
        call .get() on it.

        * runtime/Heap.cpp:
        (JSC::Heap::markProtectedObjects):
        (JSC::Heap::markTempSortVectors):
        (JSC::Heap::markRoots):
        * runtime/Heap.h: Updated to use HeapRootMarker.

        * runtime/JSCell.h:
        (JSC::JSCell::MarkStack::append): Added private functions for
        HeapRootMarker to use.

        * runtime/JSGlobalData.h: exception is no longer a HeapRoot<T>.

        * runtime/MarkStack.h:
        (JSC::HeapRootMarker::HeapRootMarker):
        (JSC::HeapRootMarker::mark): Added private functions for
        HeapRootMarker to use.

        * runtime/SmallStrings.cpp:
        (JSC::SmallStrings::markChildren): Updated to use HeapRootMarker.

        * runtime/SmallStrings.h:
        (JSC::SmallStrings::emptyString):
        (JSC::SmallStrings::singleCharacterString):
        (JSC::SmallStrings::singleCharacterStrings): Updated to use HeapRootMarker.

        * runtime/WriteBarrier.h: Removed HeapRoot<T>.

2011-03-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Made the global object moving-GC-safe
        https://bugs.webkit.org/show_bug.cgi?id=56348
        
        SunSpider reports no change.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
        suggested we do not need to visit all our references during GC, since
        that is not true in a moving GC.

        Re-sorted data members by type, removed one duplicate, and added back
        the one missing mark I found.

        * runtime/JSGlobalObject.h: Re-sorted data members by type.

2011-03-15  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Introduce Local<T> to allow us to start moving to precise marking of locals
        https://bugs.webkit.org/show_bug.cgi?id=56394

        Introduce a new handle type, Local<T> and a scoping mechanism
        LocalScope to allow us to start moving towards precise marking
        of temporaries and local variables.

        We also start to use the new Local<> type in the JSON stringifier
        so that we can have some coverage of their behaviour in the initial
        checkin.

        * GNUmakefile.am:
        * JavaScriptCore.gypi:
        * JavaScriptCore.pro:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * collector/handles/Handle.h:
        (JSC::::asObject):
        * collector/handles/HandleStack.cpp: Added.
        (JSC::HandleStack::HandleStack):
        (JSC::HandleStack::mark):
        (JSC::HandleStack::grow):
        * collector/handles/HandleStack.h: Added.
        (JSC::HandleStack::enterScope):
        (JSC::HandleStack::zapTo):
        (JSC::HandleStack::leaveScope):
        (JSC::HandleStack::push):
        * collector/handles/Local.h: Added.
        (JSC::Local::internalSet):
        (JSC::::Local):
        (JSC::::operator):
        (JSC::LocalStack::LocalStack):
        (JSC::LocalStack::peek):
        (JSC::LocalStack::pop):
        (JSC::LocalStack::push):
        (JSC::LocalStack::isEmpty):
        (JSC::LocalStack::size):
        * collector/handles/LocalScope.h: Added.
        (JSC::LocalScope::LocalScope):
        (JSC::LocalScope::~LocalScope):
        (JSC::LocalScope::release):
        * runtime/Heap.cpp:
        (JSC::Heap::markRoots):
        * runtime/Heap.h:
        (JSC::Heap::allocateLocalHandle):
        (JSC::Heap::handleStack):
        * runtime/JSCell.h:
        (JSC::JSCell::::getString):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:
        (JSC::JSGlobalData::allocateLocalHandle):
        * runtime/JSONObject.cpp:
        (JSC::Stringifier::Stringifier):
        (JSC::Stringifier::stringify):
        (JSC::Stringifier::appendStringifiedValue):
        (JSC::Stringifier::Holder::Holder):
        (JSC::Walker::Walker):
        (JSC::Walker::walk):
        (JSC::JSONProtoFuncParse):
        (JSC::JSONProtoFuncStringify):
        (JSC::JSONStringify):
        * runtime/JSONObject.h:
        * runtime/MarkStack.h:
        (JSC::MarkStack::appendValues):
        (JSC::MarkStack::appendSlots):

2011-03-15  Gavin Barraclough  <barraclough@apple.com>

        Rubber Stamped by Sam Weinig.

        Bug 56420 - Remove ENABLE(JIT) code from ByteCompiler
        Some methods have unnecessary differences in name/arguments for interpreter/JIT.

        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        (JSC::HandlerInfo::HandlerInfo):
        (JSC::CodeBlock::addPropertyAccessInfo):
        (JSC::CodeBlock::addGlobalResolveInfo):
        (JSC::CodeBlock::addCallLinkInfo):
        (JSC::CodeBlock::globalResolveInfo):
        * bytecode/Opcode.h:
        * bytecode/StructureStubInfo.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitResolve):
        (JSC::BytecodeGenerator::emitResolveWithBase):
        (JSC::BytecodeGenerator::emitGetById):
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        (JSC::BytecodeGenerator::emitCall):
        (JSC::BytecodeGenerator::emitConstruct):
        (JSC::BytecodeGenerator::emitCatch):

2011-03-15  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Fix broken assert in new code.

        * dfg/DFGAliasTracker.h:
        (JSC::DFG::AliasTracker::recordPutByVal):
            - recordPutByVal is called for both PutByVal & PutByValAlias.

2011-03-15  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by Sam Weinig.

        Removed redundant code from BytecodeGenerator.

        * bytecompiler/BytecodeGenerator.cpp:
        * bytecompiler/BytecodeGenerator.h:
            - delete uncalled code missed when reparsing was removed.

2011-03-15  Kevin Ollivier  <kevino@theolliviers.com>

        Reviewed by Darin Adler.

        Introduce WTF_USE_EXPORT_MACROS, which will allow us to put shared library import/export
        info into the headers rather than in export symbol definition files, but disable it on 
        all platforms initially so we can deal with port build issues one port at a time.
        
        https://bugs.webkit.org/show_bug.cgi?id=27551

        * API/JSBase.h:
        * config.h:
        * wtf/Assertions.h:
        * wtf/ExportMacros.h: Added.
        * wtf/Platform.h:

2011-03-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Unreviewed build fix.

        Buildfix when JIT is not enabled after r81079
        https://bugs.webkit.org/show_bug.cgi?id=56361

        * runtime/Executable.cpp:

2011-03-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Made the global object moving-GC-safe
        https://bugs.webkit.org/show_bug.cgi?id=56348
        
        SunSpider reports no change.

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::markChildren): Removed a dubious comment that
        suggested we do not need to visit all our references during GC, since
        that is not true in a moving GC.

        Re-sorted data members by type, removed one duplicate, and added back
        the one missing mark I found.

        * runtime/JSGlobalObject.h: Re-sorted data members by type.

2011-03-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Made JSWrapperObject and subclasses moving-GC-safe
        https://bugs.webkit.org/show_bug.cgi?id=56346
        
        SunSpider reports no change.

        * runtime/BooleanObject.cpp:
        (JSC::BooleanObject::BooleanObject):
        * runtime/DateInstance.cpp:
        (JSC::DateInstance::DateInstance): No more need for JSGlobalData, since
        we don't initialize the wrapped value in our constructor.

        * runtime/DateInstance.h: Don't set the OverridesMarkChildren flag because
        we do not in fact override markChildren.

        * runtime/DatePrototype.h: Declare an anonymous slot, since wrapper object
        no longer does so for us. Also added an ASSERT to catch a latent bug,
        where DatePrototype stomped on its base class's anonymous slot. Hard-coded
        anonymous slots are a plague on our code. This doesn't cause any problems
        in our existing code since the base class never reads the anonymous slot
        it declares, but it caused crashes when I tried to start using the slot
        in an initial version of this patch.

        * runtime/JSWrapperObject.h:
        (JSC::JSWrapperObject::JSWrapperObject):
        (JSC::JSWrapperObject::internalValue):
        (JSC::JSWrapperObject::setInternalValue): Resolved a problem where
        our internal value was stored in two places: an anonymous slot, and a
        data member which was not always visited during GC. Now, we only use the
        data member, and we always visit it. (Instead of relying on certain
        subclasses to set the OverridesMarkChildren bit, we set it ourselves.)

        * runtime/NumberObject.cpp:
        (JSC::NumberObject::NumberObject): No more need for JSGlobalData, since
        we don't initialize the wrapped value in our constructor.

        * runtime/NumberObject.h: Removed meaningless declaration.

        * runtime/StringObject.cpp:
        (JSC::StringObject::StringObject): No more need for JSGlobalData, since
        we don't initialize the wrapped value in our constructor.

        * runtime/StringObject.h: Don't set the OverridesMarkChildren flag because
        we do not in fact override markChildren.

        * runtime/StringPrototype.h: Declare an anonymous slot, since wrapper object
        no longer does so for us. Also added an ASSERT to catch a latent bug,
        where DatePrototype stomped on its base class's anonymous slot. Hard-coded
        anonymous slots are a plague on our code.

2011-03-14  Michael Saboff  <msaboff@apple.com>

        Reviewed by Gavin Barraclough.

        Look-ahead assertions with back references don’t work as expected
        https://bugs.webkit.org/show_bug.cgi?id=56082

        Changed parentheses assertion processing to temporarily back out the 
        number of known characters after the assertion while processing the 
        assertion.  This was done so that assertions don't fail due to 
        checking the number of required characters as additional to the 
        rest of the express since assertions don't "consume" input.
        Added a byte code to uncheck characters to support the change.

        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::Interpreter::matchDisjunction):
        (JSC::Yarr::ByteCompiler::uncheckInput):
        (JSC::Yarr::ByteCompiler::emitDisjunction):
        * yarr/YarrInterpreter.h:
        (JSC::Yarr::ByteTerm::UncheckInput):

2011-03-14  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt] Warning that round/roundf functions are already defined when compiled with RVCT 4 on symbian.
        https://bugs.webkit.org/show_bug.cgi?id=56133

        Add condition to not compile webkit internal math round functions on RVCT compiler versions 
        from 3.0.0 because they are already defined in compiler math library.

        * wtf/MathExtras.h:

2011-03-14  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoffrey Garen & Oliver Hunt.

        Bug 56284 - Add a dataflow intermediate representation for use in JIT generation.

        The JSC JIT presently generates code directly from the bytecode used by the interpreter.
        This is not an optimal intermediate representation for JIT code generation, since it does
        not capture liveness information of values, and provides little opportunity to perform
        any static analysis for even primitive types. The JIT currently generates two code paths,
        a fast path handling common cases, and a slower path handling less common operand types.
        However the slow path jumps back into the fast path, meaning that information arising
        from the earlier type checks cannot be propagated to later operations.

        This patch adds:
            * a dataflow intermediate representation capable of describing a single basic block
              of operations,
            * a mechanism to convert a simple, single-block bytecode functions to the new IR,
            * and a JIT code generator capable of generating code from this representation.

        The JIT generates two code paths, with the slower path not reentering the fast path
        mid-block, allowing speculative optimizations to be made on the hot path, with type
        information arising from these speculative decisions able to be propagated through the
        dataflow. Code generation of both speculative and non-speculative paths exploits the type
        and liveness information represented in the dataflow graph to attempt to avoid redundant
        boxing and type-checking of values, and to remove unnecessary spills of temporary values
        to the RegisterFile.

        The dataflow JIT currently can only support a subset of bytecode operations, limited to
        arithmetic, bit-ops, and basic property access. Functions that cannot be compiled by the
        dataflow JIT will be run using the existing JIT. The coverage of the dataflow JIT will be
        expanded to include, control-flow, function calls, and then the long-tail of remaining
        bytecode instructions. The JIT presently only support JSVALUE64, and as a consequence of
        this only supports x86-64.

        The status of the dataflow JIT is currently work-in-progress. Limitations of the present
        JIT code generation may cause performance regressions, particularly:
            * the policy to only generate arithmetic code on the speculative path using integer
              instructions, never using floating point.
            * the policy to only generate arithmetic code on the non-speculative path using
              floating point instructions, never using integer.
            * always generating JSValue adds on the non-speculative path as a call out to a
              C-function, never handling this in JIT code.
            * always assuming by-Value property accesses on the speculative path to be array
              accesses.
            * generating all by-Value property accesses from the non-speculative path as a call
              out to a C-function.
            * generating all by-Indentifer property accesses as a call out to a C-function.
        Due to these regressions, the code is landed in a state where it is disabled in most
        cases by the ENABLE_DFG_JIT_RESTRICTIONS guard in Platform.h. As these regressions are
        addressed, the JIT will be allowed to trigger in more cases.

        * JavaScriptCore.xcodeproj/project.pbxproj:
            - Added new files to Xcode project.
        * dfg: Added.
            - Added directory for new code.
        * dfg/DFGByteCodeParser.cpp: Added.
        * dfg/DFGByteCodeParser.h: Added.
            - Contruct a DFG::Graph representation from a bytecode CodeBlock.
        * dfg/DFGGenerationInfo.h: Added.
            - Track type & register information for VirtualRegisters during JIT code generation.
        * dfg/DFGGraph.cpp: Added.
        * dfg/DFGGraph.h: Added.
            - Dataflow graph intermediate representation for code generation.
        * dfg/DFGJITCodeGenerator.cpp: Added.
        * dfg/DFGJITCodeGenerator.h: Added.
            - Base class for SpeculativeJIT & NonSpeculativeJIT to share common functionality.
        * dfg/DFGJITCompiler.cpp: Added.
        * dfg/DFGJITCompiler.h: Added.
            - Class responsible for driving code generation of speculativeJIT & non-speculative
              code paths from the dataflow graph.
        * dfg/DFGNonSpeculativeJIT.cpp: Added.
        * dfg/DFGNonSpeculativeJIT.h: Added.
            - Used to generate the non-speculative code path, this make no assumptions
              about operand types.
        * dfg/DFGOperations.cpp: Added.
        * dfg/DFGOperations.h: Added.
            - Helper functions called from the JIT generated code.
        * dfg/DFGRegisterBank.h: Added.
            - Used to track contents of physical registers during JIT code generation.
        * dfg/DFGSpeculativeJIT.cpp: Added.
        * dfg/DFGSpeculativeJIT.h: Added.
            - Used to generate the speculative code path, this make assumptions about
              operand types to enable optimization.
        * runtime/Executable.cpp:
            - Add code to attempt to use the DFG JIT to compile a function, with fallback
              to the existing JIT.
        * wtf/Platform.h:
            - Added compile guards to enable the DFG JIT.

2011-03-14  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed more cases of DeprecatedPtr (exception, SmallStrings)
        https://bugs.webkit.org/show_bug.cgi?id=56332

        * runtime/Identifier.cpp:
        (JSC::Identifier::add):
        (JSC::Identifier::addSlowCase): Use a variable instead of a hard-coded
        constant, to make this code less brittle.

        * runtime/JSGlobalData.h: Use HeapRoot instead of DeprecatedPtr because
        this reference is owned and managed directly by the heap.

        * runtime/JSString.cpp:
        (JSC::JSString::substringFromRope):
        * runtime/JSString.h:
        (JSC::jsSingleCharacterString):
        (JSC::jsSingleCharacterSubstring):
        (JSC::jsString):
        (JSC::jsStringWithFinalizer):
        (JSC::jsSubstring):
        (JSC::jsOwnedString): Use a variable instead of a hard-coded
        constant, to make this code less brittle.

        * runtime/SmallStrings.cpp:
        (JSC::SmallStringsStorage::rep):
        (JSC::SmallStringsStorage::SmallStringsStorage):
        (JSC::SmallStrings::SmallStrings):
        (JSC::SmallStrings::markChildren):
        (JSC::SmallStrings::clear):
        (JSC::SmallStrings::count): Use a variable instead of a hard-coded
        constant, to make this code less brittle.

        * runtime/SmallStrings.h:
        (JSC::SmallStrings::singleCharacterString): Use HeapRoot instead of
        DeprecatedPtr because these references are owned and managed directly by
        the heap.
        
        Stop using FixedArray because we only want a very limited set
        of classes to be able to use HeapRoot. (Replaced with manual ASSERTs.)

        * runtime/WriteBarrier.h:
        (JSC::operator==):
        (JSC::WriteBarrier::WriteBarrier):
        (JSC::HeapRoot::HeapRoot):
        (JSC::HeapRoot::operator=): Added HeapRoot, which is allowed to set
        without write barrier because we assume all HeapRoots are scanned during
        all GC passes.

2011-03-14  Brian Weinstein  <bweinstein@apple.com>

        Reviewed by Adam Roben and Gavin Barraclough.

        FileSystemWin.cpp needs listDirectory() implementation
        https://bugs.webkit.org/show_bug.cgi?id=56331
        <rdar://problem/9126635>
        
        Give StringConcatenate the ability to deal with const UChar*'s as a String type to append.

        * wtf/text/StringConcatenate.h:

2011-03-14  Mark Rowe  <mrowe@apple.com>

        Reviewed by Oliver Hunt.

        <http://webkit.org/b/56304> REGRESSION(r80892): 100,000+ leaks seen on the build bot

        * API/JSClassRef.cpp:
        (OpaqueJSClass::OpaqueJSClass): Don't leak any existing entry for the given name if
        the class definition contains duplicates. This also removes what look to be leaks
        of the StringImpl instances that are used as keys: the HashMap key type is a RefPtr
        which retains / releases the instances at the appropriate time, so explicitly calling
        ref is not necessary.

2011-03-14  Oliver Hunt  <oliver@apple.com>

        Fix windows build

        * jit/JSInterfaceJIT.h:
        (JSC::JSInterfaceJIT::emitLoadInt32):
        (JSC::JSInterfaceJIT::tagFor):
        (JSC::JSInterfaceJIT::payloadFor):
        (JSC::JSInterfaceJIT::intPayloadFor):
        (JSC::JSInterfaceJIT::intTagFor):
        (JSC::JSInterfaceJIT::addressFor):

2011-03-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Ensure all values are correctly tagged in the registerfile
        https://bugs.webkit.org/show_bug.cgi?id=56214

        This patch makes sure that all JSCell pointers written to
        the registerfile are correctly tagged as JSCells, and replaces
        raw int usage with the immediate representation.

        For performance, register pressure, and general saneness reasons
        I've added abstractions for reading and writing the tag
        and payload of integer registers directly for the JSVALUE64
        encoding.

        * interpreter/Register.h:
        (JSC::Register::withInt):
        (JSC::Register::withCallee):
        (JSC::Register::operator=):
        (JSC::Register::i):
        (JSC::Register::activation):
        (JSC::Register::function):
        (JSC::Register::propertyNameIterator):
        (JSC::Register::scopeChain):
        * jit/JIT.h:
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallVarargs):
        (JSC::JIT::compileOpCall):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallVarargs):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitPutToCallFrameHeader):
        (JSC::JIT::emitPutCellToCallFrameHeader):
        (JSC::JIT::emitPutIntToCallFrameHeader):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::privateCompileCTINativeCall):
        (JSC::JIT::emit_op_get_pnames):
        (JSC::JIT::emit_op_next_pname):
        (JSC::JIT::emit_op_load_varargs):
        (JSC::JIT::emitSlow_op_load_varargs):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::privateCompileCTINativeCall):
        (JSC::JIT::emit_op_get_pnames):
        (JSC::JIT::emit_op_next_pname):
        * jit/JSInterfaceJIT.h:
        (JSC::JSInterfaceJIT::intPayloadFor):
        (JSC::JSInterfaceJIT::intTagFor):
        * jit/SpecializedThunkJIT.h:
        (JSC::SpecializedThunkJIT::returnJSValue):
        (JSC::SpecializedThunkJIT::returnDouble):
        (JSC::SpecializedThunkJIT::returnInt32):
        (JSC::SpecializedThunkJIT::returnJSCell):

2011-03-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.

        A few Heap-related renames (sans file moves, which should come next)
        https://bugs.webkit.org/show_bug.cgi?id=56283
        
        ConservativeSet => ConservativeRoots. "Set" was misleading, since items
        are not uniqued. Also, "Roots" is more specific about what's in the set.
        
        MachineStackMarker => MachineThreads. "Threads" is more descriptive of
        the fact that this class maintains a set of all threads using JSC.
        "Stack" was misleading, since this class traverses stacks and registers.
        "Mark" was misleading, since this class doesn't mark anything anymore.
        
        registerThread => addCurrentThread. "Current" is more specific.
        unregisterThread => removeCurrentThread. "Current" is more specific.
        
        "currentThreadRegistrar" => threadSpecific. The only point of this data
        structure is to register a thread-specific destructor with a pointer to
        this.
        
        "mark...Conservatively" => "gather". "Mark" is not true, since these
        functions don't mark anything. "Conservatively" is redundant, since they
        take "ConservativeRoots" as an argument.

        * API/APIShims.h:
        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
        * JavaScriptCore.exp:
        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeRoots::grow):
        (JSC::ConservativeRoots::add):
        * runtime/ConservativeSet.h:
        (JSC::ConservativeRoots::ConservativeRoots):
        (JSC::ConservativeRoots::~ConservativeRoots):
        (JSC::ConservativeRoots::size):
        (JSC::ConservativeRoots::roots):
        * runtime/Heap.cpp:
        (JSC::Heap::Heap):
        (JSC::Heap::markRoots):
        * runtime/Heap.h:
        (JSC::Heap::machineThreads):
        * runtime/JSGlobalData.h:
        (JSC::JSGlobalData::makeUsableFromMultipleThreads):
        * runtime/MachineStackMarker.cpp:
        (JSC::MachineThreads::MachineThreads):
        (JSC::MachineThreads::~MachineThreads):
        (JSC::MachineThreads::makeUsableFromMultipleThreads):
        (JSC::MachineThreads::addCurrentThread):
        (JSC::MachineThreads::removeThread):
        (JSC::MachineThreads::removeCurrentThread):
        (JSC::MachineThreads::gatherFromCurrentThreadInternal):
        (JSC::MachineThreads::gatherFromCurrentThread):
        (JSC::MachineThreads::gatherFromOtherThread):
        (JSC::MachineThreads::gatherConservativeRoots):
        * runtime/MachineStackMarker.h:
        * runtime/MarkStack.h:
        (JSC::MarkStack::append):

2011-03-13  David Kilzer  <ddkilzer@apple.com>

        BUILD FIX for armv7 after r80969

        Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.
        <https://bugs.webkit.org/show_bug.cgi?id=56270>

        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::load32): Made void* address argument
        const.
        (JSC::MacroAssemblerARMv7::store32): Ditto.

2011-03-13  Geoffrey Garen  <ggaren@apple.com>

        Not reviewed.

        Try to fix the Mac build.

        * JavaScriptCore.xcodeproj/project.pbxproj: Make sure to forward
        ConervativeSet.h, since it's now visible when compiling other projects.

2011-03-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed another case of DeprecatedPtr (ConservativeSet)
        https://bugs.webkit.org/show_bug.cgi?id=56281
        
        The ConservativeSet is an internal data structure used during marking,
        so direct pointers are fine.

        * runtime/ConservativeSet.cpp:
        (JSC::ConservativeSet::grow):
        * runtime/ConservativeSet.h: Added some accessors, for use by MarkStack::append.
        (JSC::ConservativeSet::~ConservativeSet): Fixed a typo where we calculated
        the size of the set based on sizeof(DeprecatedPtr<T>*) instead of
        sizeof(DeprecatedPtr<T>). I'm not sure if this had real-world implications or not.
        (JSC::ConservativeSet::size):
        (JSC::ConservativeSet::set): Use direct pointers, as stated above. 

        * runtime/Heap.cpp:
        (JSC::Heap::markRoots):
        * runtime/MarkStack.h:
        (JSC::MarkStack::append): Created a special case of append for
        ConservativeSet. I didn't want to add back a generic "append JSCell*"
        function, since other class might start using that wrong. (In the end,
        this function might go away, since the Heap will want to do something
        slightly more interesting with the conservative set, but this is OK for
        now.)

2011-03-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed another case of DeprecatedPtr (PutPropertySlot)
        https://bugs.webkit.org/show_bug.cgi?id=56278

        * runtime/PutPropertySlot.h:
        (JSC::PutPropertySlot::setExistingProperty):
        (JSC::PutPropertySlot::setNewProperty):
        (JSC::PutPropertySlot::base): Direct pointer is fine for PutPropertySlot,
        since it's a stack-allocated temporary.

2011-03-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Removed one case of DeprecatedPtr (ScopeChainIterator)
        https://bugs.webkit.org/show_bug.cgi?id=56277

        * runtime/ScopeChain.h: Direct pointer is fine for ScopeChainIterator,
        since it's a stack-allocated temporary.

2011-03-13  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Bug 56273 - Add three operand forms to MacroAssember operations.

        Adding for X86(_64) for now, should be rolled out to other backends as necessary.
        These may allow more efficient code generation in some cases, avoiding the need
        for unnecessary register-register move instructions.

        * assembler/AbstractMacroAssembler.h:
        (JSC::AbstractMacroAssembler::Jump::link):
        (JSC::AbstractMacroAssembler::Jump::linkTo):
            - marked these methods const.
        (JSC::AbstractMacroAssembler::Jump::isSet):
            - add a method to check whether a Jump object has been set to
              reference an instruction, or is in a null, unset state. 
        * assembler/MacroAssemblerCodeRef.h:
        (JSC::FunctionPtr::FunctionPtr):
            - add non-explicit constructor, for FunctionPtr's to C/C++ functions.
        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::and32):
        (JSC::MacroAssemblerX86Common::lshift32):
        (JSC::MacroAssemblerX86Common::or32):
        (JSC::MacroAssemblerX86Common::rshift32):
        (JSC::MacroAssemblerX86Common::urshift32):
        (JSC::MacroAssemblerX86Common::xor32):
        (JSC::MacroAssemblerX86Common::moveDouble):
        (JSC::MacroAssemblerX86Common::addDouble):
        (JSC::MacroAssemblerX86Common::divDouble):
        (JSC::MacroAssemblerX86Common::subDouble):
        (JSC::MacroAssemblerX86Common::mulDouble):
        (JSC::MacroAssemblerX86Common::branchTruncateDoubleToInt32):
        (JSC::MacroAssemblerX86Common::branchTest32):
        (JSC::MacroAssemblerX86Common::branchTest8):
        (JSC::MacroAssemblerX86Common::branchAdd32):
        (JSC::MacroAssemblerX86Common::branchMul32):
        (JSC::MacroAssemblerX86Common::branchSub32):
            - add three operand forms of these instructions.
        * assembler/MacroAssemblerX86_64.h:
        (JSC::MacroAssemblerX86_64::addDouble):
        (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
        (JSC::MacroAssemblerX86_64::loadPtr):
        (JSC::MacroAssemblerX86_64::branchTestPtr):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::JmpSrc::isSet):
            - add a method to check whether a JmpSrc object has been set to
              reference an instruction, or is in a null, unset state. 
        (JSC::X86Assembler::movsd_rr):
            - added FP register-register move.
        (JSC::X86Assembler::linkJump):
            - Add an assert to check jumps aren't linked more than once.
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitLoadInt32ToDouble):
            - load integers to the FPU via regsiters on x86-64.

2011-03-13  Gavin Barraclough  <barraclough@apple.com>

        ARM build fix.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::load32):

2011-03-13  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Bug 56270 - The JIT 'friend's many classes in JSC; start unwinding this.

        The JIT need to 'friend' other classes in order to be able to calculate offsets
        of various properties, or the absolute addresses of members within specific objects,
        in order to JIT generate code that will access members within the class when run.

        Instead of using friends in these cases, switch to providing specific accessor
        methods to provide this information.  In the case of offsets, these can be static
        functions, and in the case of pointers to members within a specific object these can
        be const methods returning pointers to const values, to prevent clients from
        modifying values otherwise encapsulated within classes.

        * bytecode/SamplingTool.h:
        * interpreter/Register.h:
        * interpreter/RegisterFile.h:
        * runtime/JSArray.h:
        * runtime/JSCell.h:
        * runtime/JSTypeInfo.h:
        * runtime/JSVariableObject.h:
        * runtime/Structure.h:
        * wtf/RefCounted.h:
            - Change these classes to no longer friend the JIT, add accessors for member offsets.
        * jit/JIT.cpp:
        * jit/JITCall32_64.cpp:
        * jit/JITInlineMethods.h:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * jit/JITPropertyAccess.cpp:
        * jit/JITPropertyAccess32_64.cpp:
            - Change the JIT to use class accessors, rather than taking object ofsets directly.
        * assembler/AbstractMacroAssembler.h:
        * assembler/MacroAssemblerX86_64.h:
        * assembler/X86Assembler.h:
            - Since the accessors for objects members return const pointers to retain encapsulation,
              methods generating code with absolute addresses must be able to handle const pointers
              (the JIT doesn't write to these values, do dies treat the pointer to value as const
              from within the C++ code of the JIT, if not at runtime!).

2011-03-12  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r80919.
        http://trac.webkit.org/changeset/80919
        https://bugs.webkit.org/show_bug.cgi?id=56251

        all windows bots failed to compile this change (Requested by
        loislo on #webkit).

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/StructureStubInfo.cpp:
        * interpreter/Register.h:
        (JSC::Register::withInt):
        (JSC::Register::withCallee):
        (JSC::Register::operator=):
        (JSC::Register::i):
        (JSC::Register::activation):
        (JSC::Register::function):
        (JSC::Register::propertyNameIterator):
        (JSC::Register::scopeChain):
        * jit/JIT.h:
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallVarargs):
        (JSC::JIT::compileOpCall):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallVarargs):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitPutToCallFrameHeader):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::privateCompileCTINativeCall):
        (JSC::JIT::emit_op_get_pnames):
        (JSC::JIT::emit_op_next_pname):
        (JSC::JIT::emit_op_load_varargs):
        (JSC::JIT::emitSlow_op_load_varargs):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::privateCompileCTINativeCall):
        (JSC::JIT::emit_op_get_pnames):
        (JSC::JIT::emit_op_next_pname):
        * jit/JSInterfaceJIT.h:
        (JSC::JSInterfaceJIT::payloadFor):
        * jit/SpecializedThunkJIT.h:
        (JSC::SpecializedThunkJIT::returnJSValue):
        (JSC::SpecializedThunkJIT::returnDouble):
        (JSC::SpecializedThunkJIT::returnInt32):
        (JSC::SpecializedThunkJIT::returnJSCell):
        * runtime/ArgList.cpp:
        * runtime/DateConversion.cpp:
        * runtime/GCActivityCallbackCF.cpp:
        * runtime/Identifier.cpp:
        * runtime/JSActivation.h:
        (JSC::asActivation):
        * runtime/JSLock.cpp:
        * runtime/JSNumberCell.cpp:
        * runtime/JSObject.h:
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSValue.h:
        * runtime/JSZombie.cpp:
        * runtime/MarkedBlock.cpp:
        * runtime/MarkedSpace.cpp:
        * runtime/PropertyNameArray.cpp:
        * runtime/ScopeChain.h:
        (JSC::ExecState::globalThisValue):
        * wtf/DateMath.cpp:

2011-03-11  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Ensure all values are correctly tagged in the registerfile
        https://bugs.webkit.org/show_bug.cgi?id=56214

        This patch makes sure that all JSCell pointers written to
        the registerfile are correctly tagged as JSCells, and replaces
        raw int usage with the immediate representation.

        For performance, register pressure, and general saneness reasons
        I've added abstractions for reading and writing the tag
        and payload of integer registers directly for the JSVALUE64
        encoding.

        * interpreter/Register.h:
        (JSC::Register::withInt):
        (JSC::Register::withCallee):
        (JSC::Register::operator=):
        (JSC::Register::i):
        (JSC::Register::activation):
        (JSC::Register::function):
        (JSC::Register::propertyNameIterator):
        (JSC::Register::scopeChain):
        * jit/JIT.h:
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallVarargs):
        (JSC::JIT::compileOpCall):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCallVarargs):
        (JSC::JIT::compileOpCall):
        (JSC::JIT::compileOpCallSlowCase):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitPutToCallFrameHeader):
        (JSC::JIT::emitPutCellToCallFrameHeader):
        (JSC::JIT::emitPutIntToCallFrameHeader):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::privateCompileCTINativeCall):
        (JSC::JIT::emit_op_get_pnames):
        (JSC::JIT::emit_op_next_pname):
        (JSC::JIT::emit_op_load_varargs):
        (JSC::JIT::emitSlow_op_load_varargs):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::privateCompileCTINativeCall):
        (JSC::JIT::emit_op_get_pnames):
        (JSC::JIT::emit_op_next_pname):
        * jit/JSInterfaceJIT.h:
        (JSC::JSInterfaceJIT::intPayloadFor):
        (JSC::JSInterfaceJIT::intTagFor):
        * jit/SpecializedThunkJIT.h:
        (JSC::SpecializedThunkJIT::returnJSValue):
        (JSC::SpecializedThunkJIT::returnDouble):
        (JSC::SpecializedThunkJIT::returnInt32):
        (JSC::SpecializedThunkJIT::returnJSCell):

2011-03-11  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Eric Seidel.

        Introduce project_dir variable and make paths a whole lot saner. Ok, a little bit saner.
        https://bugs.webkit.org/show_bug.cgi?id=56231

        * JavaScriptCore.gypi: Added project_dir variable.
        * gyp/JavaScriptCore.gyp: Changed to use project_dir, rather than DEPTH/JavaScriptCore.
        * gyp/generate-dtrace-header.sh: Changed to use project_dir.

2011-03-11  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Adam Barth.

        Start using derived sources correctly and link minidom with JavaScriptCore gyp project.
        https://bugs.webkit.org/show_bug.cgi?id=56217

        * gyp/JavaScriptCore.gyp: Added derived source files and passing of shared directory
            to the scripts.
        * gyp/generate-derived-sources.sh: Changed to use passed directory.
        * gyp/generate-dtrace-header.sh: Ditto.

2011-03-11  Eric Carlson  <eric.carlson@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/8955589> Adopt AVFoundation media back end on Lion.

        No new tests, existing media tests cover this.

        * JavaScriptCore.exp: Export cancelCallOnMainThread
        * wtf/Platform.h: Define WTF_USE_AVFOUNDATION.

2011-03-11  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Adam Barth.

        Tweak dylib paths and add dtrace header generation action to JavaScriptCore gyp project.
        https://bugs.webkit.org/show_bug.cgi?id=56207

        * JavaScriptCore.gypi: Added Tracing.d to the sources.
        * gyp/generate-dtrace-header.sh: Added.
        * gyp/JavaScriptCore.gyp: Updated dylib paths (now the project can see them),
            and added DTrace header generating step.

2011-03-10  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Fix allocation of native function with a cached thunk
        https://bugs.webkit.org/show_bug.cgi?id=56127

        Fix this race condition found while fixing zombies.

        * collector/handles/HandleHeap.cpp:
        (JSC::HandleHeap::clearWeakPointers):
        * runtime/Heap.cpp:
        (JSC::Heap::reset):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::markChildren):
        * runtime/JSValue.h:
        (JSC::JSValue::decode):
        * runtime/JSZombie.cpp:
        (JSC::JSZombie::leakedZombieStructure):
        * runtime/JSZombie.h:
        (JSC::JSZombie::createStructure):
        * runtime/MarkedBlock.cpp:

2011-03-10  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by Andreas Kling.

        [Qt] fast/workers/stress-js-execution.html is crashing on Qt bot (intermittently)
        https://bugs.webkit.org/show_bug.cgi?id=33008

        Defining WTF_USE_PTHREAD_BASED_QT=1 for platforms where QThread uses pthread internally.
        Symbian is excluded because pthread_kill does not work on it. Mac is excluded because
        it has its own ways to do JSC threading.

        Defining WTF_USE_PTHREADS inside MachineStackMarker.cpp if USE(PTHREAD_BASED_QT) is true.

        * runtime/MachineStackMarker.cpp:
        * wtf/Platform.h:

2011-03-10  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Bug 56077 - ES5 conformance issues with RegExp.prototype

        There are three issues causing test failures in sputnik.

        (1) lastIndex should be converted at the point it is used, not the point it is set (this is visible if valueOf is overridden).
        (2) The 'length' property of the test/exec functions should be 1.
        (3) If no input is specified, the input to test()/exec() is "undefined" (i.e. ToString(undefined)) - not RegExp.input.

        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::markChildren):
            - Added to mark lastIndex
        (JSC::regExpObjectLastIndex):
        (JSC::setRegExpObjectLastIndex):
            - lastIndex is now stored as a JSValue.
        (JSC::RegExpObject::match):
            - Use accessor methods to get/set lastIndex, add fast case for isUInt32 (don't convert to double).
        * runtime/RegExpObject.h:
        (JSC::RegExpObject::setLastIndex):
        (JSC::RegExpObject::setLastIndex):
            - Set lastIndex, either from a size_t or a JSValue.
        (JSC::RegExpObject::getLastIndex):
            - Get lastIndex.
        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
            - Initialize as a JSValue.
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
            - Add test/exec properties with length 1.
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
            - Do not read RegExp.input if none is provided.
        * tests/mozilla/js1_2/regexp/RegExp_input.js:
        * tests/mozilla/js1_2/regexp/RegExp_input_as_array.js:
            - Update these tests (they relied on non-ES5 behaviour).

2011-03-10  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Rolled back in 80277 and 80280 with event handler layout test failures fixed.
        https://bugs.webkit.org/show_bug.cgi?id=55653        

        The failures were caused by a last minute typo: assigning to currentEvent
        instead of m_currentEvent.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecompiler/BytecodeGenerator.cpp:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * runtime/Arguments.h:
        * runtime/JSActivation.cpp:
        * runtime/JSActivation.h:
        * runtime/JSCell.h:
        * runtime/JSGlobalObject.cpp:
        * runtime/JSGlobalObject.h:
        * runtime/JSObject.cpp:
        * runtime/JSStaticScopeObject.cpp:
        * runtime/JSStaticScopeObject.h:
        * runtime/JSVariableObject.h:
        * runtime/MarkedSpace.cpp:
        * runtime/MarkedSpace.h:

2011-03-09  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        jquery/manipulation.html fails after r80598
        https://bugs.webkit.org/show_bug.cgi?id=56019

        When linking a call, codeblock now takes ownership of the linked function
        This removes the need for unlinking, and thus the incorrectness that was
        showing up in these tests.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::~CodeBlock):
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CallLinkInfo::CallLinkInfo):
        (JSC::CallLinkInfo::setUnlinked):
        (JSC::CodeBlock::addCaller):
        * jit/JIT.cpp:
        (JSC::JIT::privateCompile):
        (JSC::JIT::linkCall):
        (JSC::JIT::linkConstruct):
        * jit/JIT.h:
        * runtime/Executable.cpp:
        * runtime/Executable.h:

2011-03-09  Daniel Bates  <dbates@rim.com>

        Attempt to fix the WinCE build after changeset 80684 <http://trac.webkit.org/changeset/80684>
        (Bug #56041<https://bugs.webkit.org/show_bug.cgi?id=56041>).

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute): Substitute variable callFrame for exec in call to createSyntaxError().

2011-03-09  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Bug 56041 - RexExp constructor should only accept flags "gim"
        Fix for issues introduced in r80667.

        Invalid flags to a RegExp literal are a late syntax error!

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::addRegExp):
            - Pass a PassRefPtr<RegExp>
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::addRegExp):
        (JSC::BytecodeGenerator::emitNewRegExp):
        * bytecompiler/BytecodeGenerator.h:
            - Pass a PassRefPtr<RegExp>
        * bytecompiler/NodesCodegen.cpp:
        (JSC::RegExpNode::emitBytecode):
            - Should not be ASSERTing that the flags are valid - this is a late(er) error.
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
            - Need to check for error from RegExp constructor.
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
            - Need to check for error from RegExp constructor.
        * runtime/RegExp.h:
        (JSC::RegExp::isValid):
            - Make isValid check that the regexp was created with valid flags.
        * runtime/RegExpKey.h:
            - Since we'll not create RegExp objects with invalid flags, separate out the deleted value.

2011-03-09  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix part 2.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-03-09  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix part 1.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-03-09  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Darin Adler.

        Bug 56041 - RexExp constructor should only accept flags "gim"
        We also should be passing the flags around as a bitfield rather than a string,
        and should not have redundant, incompatible code for converting the string to a bitfield!

        * JavaScriptCore.exp:
        * bytecompiler/NodesCodegen.cpp:
        (JSC::RegExpNode::emitBytecode):
            - Need to parse flags string to enum.
        * runtime/RegExp.cpp:
        (JSC::regExpFlags):
        (JSC::RegExp::RegExp):
        (JSC::RegExp::create):
            - Add method to parse flags string to enum, change constructor/create args to take enum.
        * runtime/RegExp.h:
        (JSC::RegExp::global):
        (JSC::RegExp::ignoreCase):
        (JSC::RegExp::multiline):
            - Change to use new enum values.
        * runtime/RegExpCache.cpp:
        (JSC::RegExpCache::lookupOrCreate):
        (JSC::RegExpCache::create):
        * runtime/RegExpCache.h:
            - Changed to use regExpFlags enum instead of int/const UString&.
        * runtime/RegExpConstructor.cpp:
        (JSC::constructRegExp):
            - Add use new enum parsing, check for error.
        * runtime/RegExpKey.h:
        (JSC::RegExpKey::RegExpKey):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::RegExpPrototype):
            - Pass NoFlags value instead of empty string.
        (JSC::regExpProtoFuncCompile):
            - Add use new enum parsing, check for error.
        * runtime/StringPrototype.cpp:
        (JSC::stringProtoFuncMatch):
        (JSC::stringProtoFuncSearch):
            - Pass NoFlags value instead of empty string.

2011-03-08  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig

        Bug 55994 - Functions on Array.prototype should check length first.
        These methods are designed to work on generic objects too, and if 'length'
        is a getter that throws an exception, ensure this is correctly thrown
        (even if other exceptions would be thrown, too).

        Make the length check the first thing we do.
        This change shows a progression on SunSpider on my machine, but this is likely bogus.

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncToString):
        (JSC::arrayProtoFuncToLocaleString):
        (JSC::arrayProtoFuncJoin):
        (JSC::arrayProtoFuncPop):
        (JSC::arrayProtoFuncPush):
        (JSC::arrayProtoFuncReverse):
        (JSC::arrayProtoFuncShift):
        (JSC::arrayProtoFuncSlice):
        (JSC::arrayProtoFuncSort):
        (JSC::arrayProtoFuncSplice):
        (JSC::arrayProtoFuncUnShift):
        (JSC::arrayProtoFuncFilter):
        (JSC::arrayProtoFuncMap):
        (JSC::arrayProtoFuncEvery):
        (JSC::arrayProtoFuncForEach):
        (JSC::arrayProtoFuncSome):
        (JSC::arrayProtoFuncReduce):
        (JSC::arrayProtoFuncReduceRight):
        (JSC::arrayProtoFuncIndexOf):
        (JSC::arrayProtoFuncLastIndexOf):

2011-03-07  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Make CodeBlock GC write barrier safe
        https://bugs.webkit.org/show_bug.cgi?id=55910

        In order to make CodeBlock WriteBarrier safe it was necessary
        to make it have a single GC owner, and for that reason I have
        made ExecutableBase a GC allocated object.  This required
        updating their creation routines as well as all sites that hold
        a reference to them.  GC objects that held Executable's have been
        converted to WriteBarriers, and all other sites now use Global<>.

        As an added benefit this gets rid of JSGlobalData's list of
        GlobalCodeBlocks.

        Perf testing shows a 0.5% progression on v8, vs. a 0.3% regression
        on SunSpider.  Given none of the tests that show regressions
        demonstrate a regression on their own, and sampling shows up nothing.
        I suspect we're just getting one or two additional gc passes at
        the end of the run.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        (JSC::CodeBlock::CodeBlock):
        (JSC::EvalCodeCache::markAggregate):
        (JSC::CodeBlock::markAggregate):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::ownerExecutable):
        (JSC::CodeBlock::addConstant):
        (JSC::CodeBlock::constantRegister):
        (JSC::CodeBlock::getConstant):
        (JSC::CodeBlock::addFunctionDecl):
        (JSC::CodeBlock::addFunctionExpr):
        (JSC::GlobalCodeBlock::GlobalCodeBlock):
        (JSC::ExecState::r):
        * bytecode/EvalCodeCache.h:
        (JSC::EvalCodeCache::get):
        * bytecode/SamplingTool.h:
        (JSC::ScriptSampleRecord::ScriptSampleRecord):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::addConstantValue):
        (JSC::BytecodeGenerator::emitEqualityOp):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::makeFunction):
        * debugger/Debugger.cpp:
        (JSC::evaluateInGlobalCallFrame):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::callEval):
        * jit/JITInlineMethods.h:
        (JSC::JIT::emitLoadDouble):
        (JSC::JIT::emitLoadInt32ToDouble):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::JITThunks):
        (JSC::JITThunks::hostFunctionStub):
        (JSC::JITThunks::clearHostFunctionStubs):
        * jit/JITStubs.h:
        * runtime/Completion.cpp:
        (JSC::checkSyntax):
        (JSC::evaluate):
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::EvalExecutable):
        (JSC::ProgramExecutable::ProgramExecutable):
        (JSC::FunctionExecutable::FunctionExecutable):
        (JSC::FunctionExecutable::~FunctionExecutable):
        (JSC::EvalExecutable::markChildren):
        (JSC::ProgramExecutable::markChildren):
        (JSC::FunctionExecutable::markChildren):
        (JSC::FunctionExecutable::fromGlobalCode):
        * runtime/Executable.h:
        (JSC::ExecutableBase::ExecutableBase):
        (JSC::ExecutableBase::createStructure):
        (JSC::NativeExecutable::create):
        (JSC::NativeExecutable::NativeExecutable):
        (JSC::VPtrHackExecutable::VPtrHackExecutable):
        (JSC::ScriptExecutable::ScriptExecutable):
        (JSC::EvalExecutable::create):
        (JSC::EvalExecutable::createStructure):
        (JSC::ProgramExecutable::create):
        (JSC::ProgramExecutable::createStructure):
        (JSC::FunctionExecutable::create):
        (JSC::FunctionExecutable::createStructure):
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * runtime/Heap.cpp:
        (JSC::Heap::destroy):
        (JSC::Heap::markRoots):
        * runtime/Heap.h:
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::JSActivation):
        (JSC::JSActivation::markChildren):
        * runtime/JSActivation.h:
        (JSC::JSActivation::JSActivationData::JSActivationData):
        * runtime/JSCell.h:
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::~JSFunction):
        (JSC::JSFunction::markChildren):
        * runtime/JSFunction.h:
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::storeVPtrs):
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::getHostFunction):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * runtime/JSObject.cpp:
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::markChildren):
        * runtime/JSStaticScopeObject.h:
        (JSC::JSStaticScopeObject::JSStaticScopeObjectData::JSStaticScopeObjectData):
        (JSC::JSStaticScopeObject::JSStaticScopeObject):
        * runtime/JSZombie.cpp:
        (JSC::JSZombie::leakedZombieStructure):
        * runtime/JSZombie.h:
        (JSC::JSZombie::createStructure):
        * runtime/MarkedSpace.h:

2011-03-07  Andy Estes  <aestes@apple.com>

        Reviewed by Dan Bernstein.

        REGRESSION (r79060): Timestamp is missing from tweets in twitter.
        https://bugs.webkit.org/show_bug.cgi?id=55228

        A change to the date parser to handle the case where the year is
        specified before the time zone inadvertently started accepting strings
        such as '+0000' as valid years. Those strings actually represent time
        zones in an offset of hours and minutes from UTC, not years.

        * wtf/DateMath.cpp:
        (WTF::parseDateFromNullTerminatedCharacters): If the current character
        in dateString is '+' or '-', do not try to parse the next token as a
        year.

2011-03-06  Yuta Kitamura  <yutak@chromium.org>

        Reviewed by Kent Tamura.

        Add SHA-1 for new WebSocket protocol
        https://bugs.webkit.org/show_bug.cgi?id=55039

        The code is based on Chromium's portable SHA-1 implementation
        (src/base/sha1_portable.cc). Modifications were made in order
        to make the code comply with WebKit coding style.

        * GNUmakefile.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.vcproj/WTF/WTF.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * wtf/CMakeLists.txt:
        * wtf/MD5.cpp:
        (WTF::MD5::MD5):
        * wtf/SHA1.cpp: Added.
        (WTF::testSHA1): This function will be run the first time SHA1
        constructor is called. This function computes a few hash values
        and checks the results in debug builds. However, constructor is
        probably not a good place to run these tests, so we need to find
        a good place for it (bug 55853).
        (WTF::expectSHA1):
        (WTF::f):
        (WTF::k):
        (WTF::rotateLeft):
        (WTF::SHA1::SHA1):
        (WTF::SHA1::addBytes):
        (WTF::SHA1::computeHash):
        (WTF::SHA1::finalize):
        (WTF::SHA1::processBlock):
        (WTF::SHA1::reset):
        * wtf/SHA1.h: Added.
        (WTF::SHA1::addBytes):
        * wtf/wtf.pri:

2011-03-05  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Add Derived Sources to WebCore GYP build
        https://bugs.webkit.org/show_bug.cgi?id=55813

        Rename the action to be friendlier.

        * gyp/JavaScriptCore.gyp:

2011-03-04  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt] Need symbian version of cryptographicallyRandomValuesFromOS
        https://bugs.webkit.org/show_bug.cgi?id=55782

        Implement Symbian version of cryptographicallyRandomValuesFromOS

        * wtf/OSRandomSource.cpp:
        (WTF::cryptographicallyRandomValuesFromOS):

2011-03-04  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Bug 55815 - Should throw an exception from JSObject::defineOwnProperty if !isExtensible().

        * runtime/JSObject.cpp:
        (JSC::JSObject::defineOwnProperty):
            Add missing check.

2011-03-04  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by olliej.

        Bug 54945 - The web page hangs towards the end of page load in Interpreter enabled javascript code in the latest webkit trunk.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
            (1) don't infinite loop.
            (2) goto 1.

2011-03-04  Gavin Barraclough  <barraclough@apple.com>

        cmake build fix.

        * CMakeLists.txt:

2011-03-04  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Add Copy Files step to JavaScriptCore GYP build for apitest and minidom
        https://bugs.webkit.org/show_bug.cgi?id=55798

        * JavaScriptCore.gypi:
        * gyp/JavaScriptCore.gyp:

2011-03-04  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Remove unneeded round-trips through ../Source in the Chromium GYP build
        https://bugs.webkit.org/show_bug.cgi?id=55795

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2011-03-04  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Use target_defaults to reduce boilerplate in GYP build system
        https://bugs.webkit.org/show_bug.cgi?id=55790

        Instead of setting up the configuration in each target, just defer to
        target_defaults.  Also, removed a define that was redundant with the
        xcconfig.

        * gyp/JavaScriptCore.gyp:

2011-03-03  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        Bug 55736 - Implement seal/freeze/preventExtensions for normal object types.
        Provide basic functionallity from section 15.2.4 of ECMA-262.
        This support will need expanding to cover arrays, too.

        Shows a 0.5% progression on SunSpidey, this seems to be due to changing
        ObjectConstructor to use a static table.

        * DerivedSources.make:
        * JavaScriptCore.exp:
        * interpreter/CallFrame.h:
        (JSC::ExecState::objectConstructorTable):
            Add a static table for ObjectConstructor.
        * runtime/CommonIdentifiers.h:
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::~JSGlobalData):
            Add a static table for ObjectConstructor.
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
            Add a static table for ObjectConstructor.
        * runtime/JSObject.cpp:
        (JSC::JSObject::seal):
        (JSC::JSObject::freeze):
        (JSC::JSObject::preventExtensions):
            Transition the object's structure.
        (JSC::JSObject::defineOwnProperty):
            Check isExtensible.
        * runtime/JSObject.h:
        (JSC::JSObject::isSealed):
        (JSC::JSObject::isFrozen):
        (JSC::JSObject::isExtensible):
            These wrap method on structure.
        (JSC::JSObject::putDirectInternal):
            Check isExtensible.
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        (JSC::ObjectConstructor::getOwnPropertySlot):
        (JSC::ObjectConstructor::getOwnPropertyDescriptor):
            Change ObjectConstructor to use a static table.
        (JSC::objectConstructorSeal):
        (JSC::objectConstructorFreeze):
        (JSC::objectConstructorPreventExtensions):
        (JSC::objectConstructorIsSealed):
        (JSC::objectConstructorIsFrozen):
        (JSC::objectConstructorIsExtensible):
            Add new methods on Object.
        * runtime/ObjectConstructor.h:
        (JSC::ObjectConstructor::createStructure):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
            init/propagate  m_preventExtensions
        (JSC::Structure::sealTransition):
        (JSC::Structure::freezeTransition):
        (JSC::Structure::preventExtensionsTransition):
            transition the structure, materializing the property map, setting m_preventExtensions & changing attributes.
        (JSC::Structure::isSealed):
        (JSC::Structure::isFrozen):
            check attributes to detect if object is sealed/frozen.
        * runtime/Structure.h:
        (JSC::Structure::isExtensible):
            checks the m_preventExtensions flag.

2011-03-04  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Jon Honeycutt.

        Adopt VersionStamper tool for Windows WebKit DLLs
        https://bugs.webkit.org/show_bug.cgi?id=55784
        <rdar://problem/9021273>
        
        We now use a tool to stamp the version number onto the Apple WebKit DLLs
        during the post-build step.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.rc: Removed.
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePostBuild.cmd:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCorePreBuild.cmd:

2011-03-04  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        JavaScriptCore GYP build should use a header map
        https://bugs.webkit.org/show_bug.cgi?id=55712

        This patch moves the os-win32 files into their own variable so that we
        can use a header map in the Apple Mac Xcode build.  The problem is that
        the header map searches the whole project rather than just the files
        included in a given target.  Another solution to this problem is to
        make GYP smarter about filtering out what files are added to the
        project file.

        * JavaScriptCore.gypi:
        * gyp/JavaScriptCore.gyp:

2011-03-03  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Remove LOOSE_PASS_OWN_ARRAY_PTR from PassOwnArrayPtr.h
        https://bugs.webkit.org/show_bug.cgi?id=55554

        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::copyGlobalsTo): Pass nullptr instead of 0.
        (JSC::JSGlobalObject::resizeRegisters): Ditto; also use OwnArrayPtr instead of a raw pointer.
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::addStaticGlobals): Ditto.
        * wtf/PassOwnArrayPtr.h: Removed #define LOOSE_PASS_OWN_ARRAY_PTR
        (WTF::PassOwnArrayPtr::PassOwnArrayPtr): Added a constructor that takes nullptr_t.

2011-03-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Add jsc to JavaScriptCore GYP build
        https://bugs.webkit.org/show_bug.cgi?id=55711

        * JavaScriptCore.gypi:
            - Move jsc.cpp into jsc_files because it's really part of the jsc
              target.
        * JavaScriptCore.xcodeproj/project.pbxproj:
            - Remove extraneous files from the normal jsc build.  I probably
              added these by mistake at some point.
        * gyp/JavaScriptCore.gyp:
            - Add the jsc target to the GYP file.

2011-03-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Add testapi to JavaScriptCore GYP build
        https://bugs.webkit.org/show_bug.cgi?id=55707

        The new testapi target is slightly incomplete.  There's a resource
        copying step that we don't quite have yet.

        This patch also cleans up some of the configuration issues in
        JavaScriptCore.xcodeproj.  It seems kind of wordy to repeat these for
        each target.  I suspect there's a more compact way of defining the
        configurations, but this removes the "Default" configuration, which is
        progress.

        * JavaScriptCore.gypi:
        * gyp/JavaScriptCore.gyp:

2011-03-03  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Teach JavaScriptCore GYP build about private headers
        https://bugs.webkit.org/show_bug.cgi?id=55532

        This patch distinguishes between public and private framework headers
        so that public headers are copied into the Headers directory and
        private headers are copied into the PrivateHeaders directory.

        * gyp/JavaScriptCore.gyp:

2011-03-03  Geoffrey Garen  <ggaren@apple.com>

        Rolled out 80277 and 80280 because they caused event handler layout test
        failures.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecompiler/BytecodeGenerator.cpp:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * runtime/Arguments.h:
        * runtime/JSActivation.cpp:
        * runtime/JSActivation.h:
        * runtime/JSCell.h:
        * runtime/JSGlobalObject.cpp:
        * runtime/JSGlobalObject.h:
        * runtime/JSObject.cpp:
        * runtime/JSStaticScopeObject.cpp:
        * runtime/JSStaticScopeObject.h:
        * runtime/JSVariableObject.h:
        * runtime/MarkedSpace.cpp:
        * runtime/MarkedSpace.h:

2011-03-03  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Build fix. Alter order of headers included to make sure windows.h
        is configured by wx, and skip Posix implementation file we don't use on Win.

        * wscript:
        * wtf/wx/StringWx.cpp:

2011-03-03  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        JSVariableObject needs to use WriteBarrier for symboltable property storage
        https://bugs.webkit.org/show_bug.cgi?id=55698

        Replace the direct usage of Register in JSVariableObject (and descendents)
        with WriteBarrier.  This requires updating the Arguments object to use
        WriteBarrier as well.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::unwindCallFrame):
        (JSC::Interpreter::privateExecute):
        (JSC::Interpreter::retrieveArguments):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * runtime/ArgList.h:
        (JSC::MarkedArgumentBuffer::initialize):
        * runtime/Arguments.cpp:
        (JSC::Arguments::markChildren):
        (JSC::Arguments::copyToRegisters):
        (JSC::Arguments::fillArgList):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::getOwnPropertyDescriptor):
        (JSC::Arguments::put):
        * runtime/Arguments.h:
        (JSC::Arguments::setActivation):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::copyRegisters):
        (JSC::JSActivation::copyRegisters):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::markChildren):
        (JSC::JSActivation::symbolTableGet):
        (JSC::JSActivation::symbolTablePut):
        (JSC::JSActivation::symbolTablePutWithAttributes):
        (JSC::JSActivation::put):
        (JSC::JSActivation::putWithAttributes):
        (JSC::JSActivation::argumentsGetter):
        * runtime/JSActivation.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::put):
        (JSC::JSGlobalObject::putWithAttributes):
        (JSC::JSGlobalObject::markChildren):
        (JSC::JSGlobalObject::copyGlobalsFrom):
        (JSC::JSGlobalObject::copyGlobalsTo):
        (JSC::JSGlobalObject::resizeRegisters):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::setRegisters):
        (JSC::JSGlobalObject::addStaticGlobals):
        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::put):
        (JSC::JSStaticScopeObject::putWithAttributes):
        * runtime/JSVariableObject.cpp:
        (JSC::JSVariableObject::symbolTableGet):
        * runtime/JSVariableObject.h:
        (JSC::JSVariableObject::registerAt):
        (JSC::JSVariableObject::JSVariableObjectData::JSVariableObjectData):
        (JSC::JSVariableObject::symbolTableGet):
        (JSC::JSVariableObject::symbolTablePut):
        (JSC::JSVariableObject::symbolTablePutWithAttributes):
        (JSC::JSVariableObject::copyRegisterArray):
        (JSC::JSVariableObject::setRegisters):

2011-03-03  Geoffrey Garen  <ggaren@apple.com>

        Try to fix Windows build.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed obsolete symbol.

        * runtime/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::getOwnPropertySlot): Don't mark this function
        inline -- it's virtual.

2011-03-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Moved all variable object storage inline -- upping the object size limit to 1K
        https://bugs.webkit.org/show_bug.cgi?id=55653

        * JavaScriptCore.exp:
        * bytecompiler/BytecodeGenerator.cpp:
        * jit/JITOpcodes.cpp:
        * runtime/Arguments.h:
        * runtime/JSActivation.h: Removed out-of-line storage. Changed d-> to m_.

        * runtime/JSCell.h:
        (JSC::JSCell::MarkedSpace::sizeClassFor): Added an imprecise size class
        to accomodate objects up to 1K.

        * runtime/JSGlobalObject.cpp:
        * runtime/JSGlobalObject.h: Removed out-of-line storage. Changed d-> to m_.

        * runtime/JSObject.cpp: Don't ASSERT that JSFinalObject fills the maximum
        object size, since it doesn't anymore.

        * runtime/JSStaticScopeObject.cpp:
        * runtime/JSStaticScopeObject.h:
        * runtime/JSVariableObject.h: Removed out-of-line storage. Changed d-> to m_.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::reset):
        * runtime/MarkedSpace.h: Added an imprecise size class to accomodate objects up to 1K.

2011-03-03  Timothy Hatcher  <timothy@apple.com>

        Make APIShims usable from WebCore.

        Reviewed by Oliver Hunt.

        * ForwardingHeaders/JavaScriptCore/APIShims.h: Added.
        * GNUmakefile.am:
        * JavaScriptCore.exp:
        * JavaScriptCore.gypi:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-03-03  Peter Varga  <pvarga@webkit.org>

        Reviewed by Oliver Hunt.

        Begin Characters Optimization Causes YARR Interpreter Errors
        https://bugs.webkit.org/show_bug.cgi?id=55479

        The addBeginTerm function is removed because it doesn't correctly handle those
        cases when an "invalid" term has been
        collected (e.g. CharacterClass). Move the removed function to the
        setupAlternativeBeginTerms method's switch-case
        where the non-allowed cases are correctly handled.

        Reenable the Beginning Character Optimization in the YARR Interpreter again.

        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPatternConstructor::setupAlternativeBeginTerms):
        (JSC::Yarr::YarrPattern::compile):

2011-03-02  Jessie Berlin  <jberlin@apple.com>

        Reviewed by Adam Roben.

        WebKit2: Use CFNetwork Sessions API.
        https://bugs.webkit.org/show_bug.cgi?id=55435

        Add the ability to create a Private Browsing storage session.

        * wtf/Platform.h:
        Add a new #define for using CF Storage Sessions.

2011-03-02  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Remove "register slot" concept from PropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=55621

        PropertySlot had already stopped storing Register "slots"
        so this patch is simply removing that api entirely.
        This exposed a problem in the ProgramNode constructor for
        BytecodeGenerator where it reads from the registerfile
        before it has initialised it.

        This bug wasn't a problem before as we were merely testing
        for property existence rather than the actual value, and
        used to work because setRegisterSlot didn't check that the
        provided slot contained an initialised value.

        To get around this issue we now use symbolTableHasProperty
        to do the symbol table check without trying to read the
        RegisterFile.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * runtime/Arguments.cpp:
        (JSC::Arguments::getOwnPropertySlot):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::symbolTableGet):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::symbolTableHasProperty):
        * runtime/JSVariableObject.h:
        (JSC::JSVariableObject::symbolTableGet):
        * runtime/PropertySlot.h:

2011-03-02  Daniel Cheng  <dcheng@chromium.org>

        Reviewed by David Levin.

        Add feature define for data transfer items
        https://bugs.webkit.org/show_bug.cgi?id=55510

        * Configurations/FeatureDefines.xcconfig:
        * wtf/Platform.h:

2011-03-02  Adam Roben  <aroben@apple.com>

        Delete old .res files whenever any .vsprops file changes

        Prospective fix for <http://webkit.org/b/55599> r80079 caused incremental Windows builds to
        fail

        Reviewed by Tony Chang.

        * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py:
        (main): Restructured code to loop over a set of file extensions, deleting any old files that
        have that extension. Now deletes .res files, too. (We previously deleted any file matching
        *.manifest*, but that turned out to just be the union of *.manifest and *.res.)

2011-03-02  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Teach JavaScriptCore GYP build how to build minidom
        https://bugs.webkit.org/show_bug.cgi?id=55536

        * JavaScriptCore.gypi:
        * gyp/JavaScriptCore.gyp:

2011-03-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        JavaScriptCore GYP build should copy some headers into the target framework
        https://bugs.webkit.org/show_bug.cgi?id=55524

        After this patch, all the framework headers are exported as public
        headers.  We need to teach GYP how to handle private headers.

        I struggled to determine how to store the information about whether a
        header was public, private, or project (i.e., not exported).
        Generally, the GYPI should just list the files, but it seemed siliy to
        have an almost duplicated list of files in the GYP file itself.  If
        this design doesn't scale, we might have to revisit it in the future.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:
        * JavaScriptCore.gypi:
        * gyp/JavaScriptCore.gyp:

2011-03-01  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r80079.
        http://trac.webkit.org/changeset/80079
        https://bugs.webkit.org/show_bug.cgi?id=55547

        "Broke the Win debug build?" (Requested by dcheng on #webkit).

        * wtf/Platform.h:

2011-03-01  Daniel Cheng  <dcheng@chromium.org>

        Reviewed by David Levin.

        Add feature define for data transfer items
        https://bugs.webkit.org/show_bug.cgi?id=55510

        * wtf/Platform.h:

2011-03-01  Oliver Hunt  <oliver@apple.com>

        Reviewed by Joseph Pecoraro.

        Misaligned memory access in CloneDeserializer on all ARM arch.
        https://bugs.webkit.org/show_bug.cgi?id=48742

        Add a CPU class for architectures that need aligned addresses
        for memory access.

        * wtf/Platform.h:

2011-03-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Add pre- and post-build actions for JavaScriptCore GYP build
        https://bugs.webkit.org/show_bug.cgi?id=55507

        After this patch, we have all the steps for building the main
        JavaScriptCore framework except the "copy headers" step, which I'll do
        next.

        * gyp/JavaScriptCore.gyp:

2011-03-01  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.

        Rolled back in r79627 now that the underlying cause for it crashing is fixed.
        https://bugs.webkit.org/show_bug.cgi?id=55159

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * runtime/Heap.cpp:
        (JSC::Heap::allocateSlowCase):
        * runtime/Heap.h:
        * runtime/JSCell.h:
        (JSC::JSCell::MarkedSpace::sizeClassFor):
        (JSC::JSCell::Heap::allocate):
        (JSC::JSCell::JSCell::operator new):
        * runtime/MarkedBlock.h:
        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::allocateBlock):
        (JSC::MarkedSpace::reset):
        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::SizeClass::SizeClass):

2011-03-01  Mark Rowe  <mrowe@apple.com>

        Reviewed by Sam Weinig.

        Replace two script phases that do nothing but copy files with copy files build phases.

        This speeds up the build by a few seconds on high-end Mac Pros.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2011-03-01  David Kilzer  <ddkilzer@apple.com>

        Spring cleaning!

        Rubber-stamped by Mark Rowe.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        (Copy Into Framework): Remove "set -x" and its comment.

2011-03-01  Michael Saboff  <msaboff@apple.com>

        Reviewed by Darin Adler.

        TinyMCE not working in nightlies
        https://bugs.webkit.org/show_bug.cgi?id=54978

        Disabling setupBeginChars() to temporarily work arround the test 
        failure.  Filed https://bugs.webkit.org/show_bug.cgi?id=55479
        to track fixing the issue.

        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPattern::compile):

2011-02-23  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Kenneth Rohde Christiansen.

        Viewport parsing no longer accepts "1.0;" value as valid.
        https://bugs.webkit.org/show_bug.cgi?id=53705

        Include a didReadNumber parameter to String -> float / double
        conversion functions. This way, if the "ok" boolean out
        parameter is false, you can check to see if there in fact
        was a valid number parsed with garbage at the end. Examples
        of that would be parsing "123x456" would have ok = false,
        but didReadNumber = true.

        * JavaScriptCore.exp:
        * wtf/text/StringImpl.cpp:
        (WTF::StringImpl::toDouble):
        (WTF::StringImpl::toFloat):
        * wtf/text/StringImpl.h:
        * wtf/text/WTFString.cpp:
        (WTF::String::toDouble):
        (WTF::String::toFloat):
        (WTF::charactersToDouble):
        (WTF::charactersToFloat):
        * wtf/text/WTFString.h:

2011-02-28  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Gavin Barraclough.

        Past-the-end writes in VM exceptions (caused crashes in r79627)
        https://bugs.webkit.org/show_bug.cgi?id=55448
        
        Some exceptions had the wrong structures, so they misoverestimated their
        inline storage sizes.

        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Use the right structure.

        * runtime/JSObject.h:
        (JSC::JSNonFinalObject::JSNonFinalObject):
        (JSC::JSFinalObject::JSFinalObject): ASSERT that our structure capacity
        is correct to verify this doesn't happen again.

2011-03-01  Andras Becsi  <abecsi@webkit.org>

        Reviewed by Csaba Osztrogonác.

        [Qt] Clean up the project files and move common options to WebKit.pri.

        * JavaScriptCore.pri: Move options also needed in WebCore into WebKit.pri.
        * JavaScriptCore.pro: Deduplicate options.
        * jsc.pro: Ditto.

2011-03-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Teach JavaScriptCore GYP build about DEPTH
        https://bugs.webkit.org/show_bug.cgi?id=55425

        In addition to teaching the JavaScriptCore GYP build about DEPTH, this
        change overrides the GCC warning configuration to disable a warning
        that's causing probems in Assertions.cpp.  With that warning disabled,
        JavaScriptCore builds again.

        * gyp/JavaScriptCore.gyp:

2011-02-28  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-02-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r79948.
        http://trac.webkit.org/changeset/79948
        https://bugs.webkit.org/show_bug.cgi?id=55439

        "caused crashes on the SL release bot" (Requested by ggaren on
        #webkit).

        * runtime/JSGlobalData.h:
        * runtime/WriteBarrier.h:

2011-02-28  Gavin Barraclough  <barraclough@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:

2011-02-28  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig & Darin Adler.

        Bug 55423 - Clean up property tables in Structure

        Encapsulate, reduce duplication of table search code,
        and reduce the size of the tables (remove the index,
        just maintain the tables in the correct order).

        Shows a 0.5% - 1% progression on sunspider.

        * JavaScriptCore.exp:
        * runtime/PropertyMapHashTable.h:
        (JSC::isPowerOf2):
        (JSC::nextPowerOf2):
            bit ops used to calculate table size.
        (JSC::PropertyMapEntry::PropertyMapEntry):
        (JSC::PropertyTable::ordered_iterator::operator++):
        (JSC::PropertyTable::ordered_iterator::operator==):
        (JSC::PropertyTable::ordered_iterator::operator!=):
        (JSC::PropertyTable::ordered_iterator::operator*):
        (JSC::PropertyTable::ordered_iterator::operator->):
        (JSC::PropertyTable::ordered_iterator::ordered_iterator):
            implementation of the iterator types
        (JSC::PropertyTable::PropertyTable):
        (JSC::PropertyTable::~PropertyTable):
            constructors take an initial capacity for the table,
            a table to copy, or both.
        (JSC::PropertyTable::begin):
        (JSC::PropertyTable::end):
            create in-order iterators.
        (JSC::PropertyTable::find):
            search the hash table
        (JSC::PropertyTable::add):
            add a value to the hash table
        (JSC::PropertyTable::remove):
            remove a value from the hash table
        (JSC::PropertyTable::size):
        (JSC::PropertyTable::isEmpty):
            accessors.
        (JSC::PropertyTable::propertyStorageSize):
        (JSC::PropertyTable::clearDeletedOffsets):
        (JSC::PropertyTable::hasDeletedOffset):
        (JSC::PropertyTable::getDeletedOffset):
        (JSC::PropertyTable::addDeletedOffset):
            cache deleted (available) offsets in the property storage array.
        (JSC::PropertyTable::copy):
            take a copy of the PropertyTable, potentially expanding the capacity.
        (JSC::PropertyTable::sizeInMemory):
            used for DEBUG build statistics
        (JSC::PropertyTable::reinsert):
        (JSC::PropertyTable::rehash):
        (JSC::PropertyTable::tableCapacity):
        (JSC::PropertyTable::deletedEntryIndex):
        (JSC::PropertyTable::skipDeletedEntries):
        (JSC::PropertyTable::table):
        (JSC::PropertyTable::usedCount):
        (JSC::PropertyTable::dataSize):
        (JSC::PropertyTable::sizeForCapacity):
        (JSC::PropertyTable::canInsert):
            these methods provide internal implementation.
        * runtime/Structure.cpp:
        (JSC::Structure::dumpStatistics):
        (JSC::Structure::~Structure):
        (JSC::Structure::materializePropertyMap):
        (JSC::Structure::despecifyDictionaryFunction):
        (JSC::Structure::addPropertyTransition):
        (JSC::Structure::flattenDictionaryStructure):
        (JSC::Structure::copyPropertyTable):
        (JSC::Structure::get):
        (JSC::Structure::despecifyFunction):
        (JSC::Structure::despecifyAllFunctions):
        (JSC::Structure::put):
        (JSC::Structure::remove):
        (JSC::Structure::createPropertyMap):
        (JSC::Structure::getPropertyNames):
        (JSC::PropertyTable::checkConsistency):
        (JSC::Structure::checkConsistency):
            factored out code to PropertyMapHashTable.h
        * runtime/Structure.h:
        (JSC::Structure::propertyStorageSize):
        (JSC::Structure::isEmpty):
        (JSC::Structure::get):
            factored out code to PropertyMapHashTable.h

2011-02-28  Xan Lopez  <xlopez@igalia.com>

        Another fix build :(

        Fix typo.

        * runtime/MachineStackMarker.cpp:
        (JSC::freePlatformThreadRegisters):

2011-02-28  Xan Lopez  <xlopez@igalia.com>

        Unreviewed build fix for Snow Leopard.

        * runtime/MachineStackMarker.cpp:
        (JSC::freePlatformThreadRegisters):

2011-02-28  Alejandro G. Castro  <alex@igalia.com>

        Unreviewed, fix SnowLeopard compilation after r79952.

        * runtime/MachineStackMarker.cpp:
        (JSC::freePlatformThreadRegisters):

2011-02-28  Mark Rowe  <mrowe@apple.com>

        Reviewed by Darin Adler.

        <http://webkit.org/b/55430> OwnArrayPtr.h's LOOSE_OWN_ARRAY_PTR results in link errors.

        * wtf/OwnArrayPtr.h:
        (WTF::::set): Implement OwnArrayPtr::set.

2011-02-28  Martin Zoubek  <martin.zoubek@acision.com> and Alejandro G. Castro  <alex@igalia.com>

        Reviewed by Martin Robinson.

        Multithread support for JSC on UNIX
        https://bugs.webkit.org/show_bug.cgi?id=26838

        Implement suspendThread() and resumeThread() for systems with
        pthread.h using thread signal handler.

        * runtime/MachineStackMarker.cpp:
        (JSC::pthreadSignalHandlerSuspendResume):
        (JSC::MachineStackMarker::Thread::Thread):
        (JSC::getCurrentPlatformThread):
        (JSC::suspendThread):
        (JSC::resumeThread):
        (JSC::getPlatformThreadRegisters):
        (JSC::otherThreadStackPointer):
        (JSC::freePlatformThreadRegisters):
        (JSC::MachineStackMarker::markOtherThreadConservatively):
        * wtf/Platform.h: Added Gtk port to use
        ENABLE_JSC_MULTIPLE_THREADS.

2011-02-28  Oliver Hunt  <oliver@apple.com>

        Reviewed by Darin Adler.

        Stop using DeprecatedPtr for the global exception slot
        https://bugs.webkit.org/show_bug.cgi?id=55424

        Create GCRootPtr to signify that the exception slot is
        a gcroot, and so is exempt from the usual writebarrier
        restrictions.

        * runtime/JSGlobalData.h:
        * runtime/WriteBarrier.h:
        (JSC::GCRootPtr::GCRootPtr):
        (JSC::GCRootPtr::operator=):

2011-02-28  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        Use more xcconfig files in JavaScriptCore gyp build
        https://bugs.webkit.org/show_bug.cgi?id=55391

        The GYP experts tell me that we have have a total of two xcconfig
        files: one for the xcodeproj as a whole and one for each target.  This
        patch uses that technique to re-use the existing xcconfig files and
        eliminate the duplication.

        Technically, this patch introduces some build errors because the
        xcconfig files assume that the xcodeproj file is one level higher in
        the directory hierarchy.  Specifically, the xcodeproj file can no
        longer find the Info.plist or the prefix header.  I plan to fix that in
        a subsequent patch.

        Also, this patch introduces the Release and Production configurations,
        which should work correctly now.

        * gyp/JavaScriptCore.gyp:

2011-02-28  Jon Honeycutt  <jhoneycutt@apple.com>

        Windows build fix.

        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        Add symbol to export.

2011-02-28  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Make ScopeChainNode GC allocated
        https://bugs.webkit.org/show_bug.cgi?id=55283

        Simplify lifetime and other issues with the scopechain
        by making it gc allocated.  This allows us to simplify
        function exit and unwinding, as well as making the
        current iterative refcounting go away.

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::createActivation):
        * bytecode/StructureStubInfo.cpp:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate):
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
        (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
        * bytecompiler/BytecodeGenerator.h:
        * debugger/Debugger.cpp:
        (JSC::Recompiler::operator()):
        * debugger/DebuggerCallFrame.h:
        (JSC::DebuggerCallFrame::scopeChain):
        * interpreter/CachedCall.h:
        (JSC::CachedCall::CachedCall):
        * interpreter/CallFrame.h:
        * interpreter/Interpreter.cpp:
        (JSC::depth):
        (JSC::Interpreter::unwindCallFrame):
        (JSC::Interpreter::throwException):
        (JSC::Interpreter::execute):
        (JSC::Interpreter::executeCall):
        (JSC::Interpreter::executeConstruct):
        (JSC::Interpreter::privateExecute):
        * jit/JITCall.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::compileOpCall):
        * jit/JITCall32_64.cpp:
        (JSC::JIT::compileOpCallInitializeCallFrame):
        (JSC::JIT::emit_op_ret):
        (JSC::JIT::emit_op_ret_object_or_this):
        (JSC::JIT::compileOpCall):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_end):
        (JSC::JIT::emit_op_ret):
        (JSC::JIT::emit_op_ret_object_or_this):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_end):
        * jit/JITStubs.cpp:
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITStubs.h:
        * runtime/ArgList.cpp:
        * runtime/Completion.cpp:
        (JSC::evaluate):
        * runtime/Completion.h:
        * runtime/DateConversion.cpp:
        * runtime/Executable.cpp:
        (JSC::EvalExecutable::compileInternal):
        (JSC::ProgramExecutable::compileInternal):
        (JSC::FunctionExecutable::compileForCallInternal):
        (JSC::FunctionExecutable::compileForConstructInternal):
        * runtime/FunctionConstructor.cpp:
        (JSC::constructFunction):
        * runtime/GCActivityCallbackCF.cpp:
        * runtime/Identifier.cpp:
        * runtime/JSCell.h:
        * runtime/JSChunk.cpp: Added.
        * runtime/JSChunk.h: Added.
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        (JSC::JSFunction::markChildren):
        (JSC::JSFunction::getCallData):
        (JSC::JSFunction::getOwnPropertySlot):
        (JSC::JSFunction::getConstructData):
        * runtime/JSFunction.h:
        (JSC::JSFunction::scope):
        (JSC::JSFunction::setScope):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
        (JSC::JSGlobalObject::markChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
        (JSC::JSGlobalObject::globalScopeChain):
        * runtime/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval):
        * runtime/JSLock.cpp:
        * runtime/JSNumberCell.cpp:
        * runtime/JSZombie.cpp:
        * runtime/MarkedBlock.cpp:
        * runtime/MarkedSpace.cpp:
        * runtime/PropertyNameArray.cpp:
        * runtime/ScopeChain.cpp:
        (JSC::ScopeChainNode::print):
        (JSC::ScopeChainNode::localDepth):
        (JSC::ScopeChainNode::markChildren):
        * runtime/ScopeChain.h:
        (JSC::ScopeChainNode::ScopeChainNode):
        (JSC::ScopeChainNode::createStructure):
        (JSC::ScopeChainNode::push):
        (JSC::ScopeChainNode::pop):
        (JSC::ScopeChainIterator::ScopeChainIterator):
        (JSC::ScopeChainIterator::operator*):
        (JSC::ScopeChainIterator::operator->):
        (JSC::ScopeChainIterator::operator++):
        (JSC::ScopeChainNode::begin):
        (JSC::ScopeChainNode::end):
        (JSC::ExecState::globalData):
        (JSC::ExecState::lexicalGlobalObject):
        (JSC::ExecState::globalThisValue):
        * runtime/ScopeChainMark.h:
        * wtf/DateMath.cpp:

2011-02-27  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement WTF::randomNumber in terms of WTF::cryptographicallyRandomNumber when possible
        https://bugs.webkit.org/show_bug.cgi?id=55326

        Currently, randomNumber does a bunch of platform-specific work that to
        get a cryptographic randomness when available.  Instead, we should use
        cryptographicallyRandomNumber, which abstracts this work.
        Unfortunately, we can't remove all of the WTF::randomNumber
        implementation because not every port has access to cryptographically
        random numbers.

        * wtf/RandomNumber.cpp:
        (WTF::randomNumber):

2011-02-27  Benjamin Poulain  <ikipou@gmail.com>

        Reviewed by Darin Adler.

        Eliminate DeprecatedPtrList from RenderBlock
        https://bugs.webkit.org/show_bug.cgi?id=54972

        Add methods find() and contains() using an adaptor to ListHashSet.
        Those method are like the one of HashSet, they allow to find objects
        based on a different key than the one used to define the set.

        Add convenience methods for direct access to the head and tail of the list.
        Those methods are providing similar API/behavior as Vector.

        * wtf/ListHashSet.h:
        (WTF::::first):
        (WTF::::last):
        (WTF::::removeLast):
        (WTF::ListHashSetTranslatorAdapter::hash):
        (WTF::ListHashSetTranslatorAdapter::equal):
        (WTF::::find):
        (WTF::::contains):

2011-02-26  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Andreas Kling.

        Add support for DragonFly BSD
        https://bugs.webkit.org/show_bug.cgi?id=54407

        DragonFly BSD is based on FreeBSD, so handle it like FreeBSD.

        * wtf/Platform.h:

2011-02-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Dimitri Glazkov.

        JavaScriptCore should use the xcconfig file instead of importing that information into GYP
        https://bugs.webkit.org/show_bug.cgi?id=55282

        Technically, this breaks the build because I had removed one of the
        warnings in this config file, but this change seems like an
        improvement.

        * gyp/JavaScriptCore.gyp:

2011-02-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>

        Reviewed by Nikolas Zimmermann.

        SH4 JIT SUPPORT
        https://bugs.webkit.org/show_bug.cgi?id=44329

        Provide an ExecutableAllocater::cacheFlush() implementation for
        Linux/SH4.

        * jit/ExecutableAllocator.h:
        (JSC::ExecutableAllocator::cacheFlush):

2011-02-25  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r79627.
        http://trac.webkit.org/changeset/79627
        https://bugs.webkit.org/show_bug.cgi?id=55274

        broke worker tests (Requested by olliej on #webkit).

        * JavaScriptCore.exp:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
        * runtime/Heap.cpp:
        (JSC::Heap::allocate):
        * runtime/Heap.h:
        * runtime/JSCell.h:
        (JSC::JSCell::JSCell::operator new):
        (JSC::JSCell::MarkedSpace::sizeClassFor):
        (JSC::JSCell::MarkedSpace::allocate):
        * runtime/MarkedBlock.h:
        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::allocateBlock):
        (JSC::MarkedSpace::reset):
        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::SizeClass::SizeClass):

2011-02-25  Michael Saboff  <msaboff@apple.com>

        Reviewed by Darin Adler.

        Leak in JSParser::Scope of ScopeLabelInfo Vector
        https://bugs.webkit.org/show_bug.cgi?id=55249

        Changed m_labels to be an OwnPtr<>.  Added VectorTraits
        and Scope copy constructor to support this change.

        * parser/JSParser.cpp:
        (JSC::JSParser::Scope::~Scope):

2011-02-25  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Adam Barth.

        WebSocket uses insecure random numbers
        https://bugs.webkit.org/show_bug.cgi?id=54714

        * JavaScriptCore.exp: Export WTF::cryptographicallyRandomNumber()

2011-02-25  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Adam Roben.

        Move timeBeginPeriod into OS(WINDOWS) section
        https://bugs.webkit.org/show_bug.cgi?id=55247

        * jsc.cpp:
        (main): timeBeginPeriod is available on all Windows versions and not compiler specific.

2011-02-25  Patrick Gansterer  <paroga@webkit.org>

        Unreviewed WinCE build fix for r79695.

        * jsc.cpp:
        (main): SetErrorMode isn't available on WinCE.

2011-02-25  Adam Roben  <aroben@apple.com>

        Work around Cygwin's crash-suppression behavior

        Cygwin calls ::SetErrorMode(SEM_FAILCRITICALERRORS), which any processes it launches will
        inherit. This is bad for testing/debugging, as it causes the post-mortem debugger not to be
        invoked. (Cygwin does this because it makes crashes more UNIX-y.) We reset the error mode
        when our test apps launch to work around Cygwin's behavior.

        Fixes <http://webkit.org/b/55222> Test apps crash silently (without invoking post-mortem
        debugger) when launched from Cygwin 1.7

        Reviewed by Darin Adler.

        * API/tests/testapi.c: Added a now-needed #include.
        (main):
        * jsc.cpp:
        (main):
        Call ::SetErrorMode(0) to undo Cygwin's folly.

        * JavaScriptCore.vcproj/testapi/testapiCommon.vsprops: Define NOMINMAX like many of our
        other projects do so that windows.h won't define min/max macros that interfere with
        std::numeric_limits<T>::min/max.

2011-02-24  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add GYP project for JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=55027

        Again, this GYP files is very rough, but it succeeds in building
        JavaScriptCore.  There's a lot more work to do here, especially in the
        area of sharing with JavaScriptGlue.gyp.  This patch is more of a
        checkpoint so that other folks can help out if they wish.

        * gyp: Added.
        * gyp/JavaScriptCore.gyp: Added.
        * gyp/generate-derived-sources.sh: Added.

2011-02-24  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add missing files to JavaScriptCore.gypi
        https://bugs.webkit.org/show_bug.cgi?id=55193

        I forgot to add mm files in my previous patch.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:
        * JavaScriptCore.gypi:

2011-02-24  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Remove unused parameter name in GCActivityCallback.cpp
        https://bugs.webkit.org/show_bug.cgi?id=55194

        This change is not strictly required for the GYP-based build system,
        but I noticed this error when working on the new build system.

        * runtime/GCActivityCallback.cpp:
        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):

2011-02-24  James Robinson  <jamesr@chromium.org>

        Reviewed by Darin Fisher.

        Add a USE() macro to control use of the built-in UTF8 codec
        https://bugs.webkit.org/show_bug.cgi?id=55189

        Defaults USE(BUILTIN_UTF8_CODEC) to true for all platforms except chromium, which controls the flag via features.gypi.

        * wtf/Platform.h:

2011-02-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Variable-sized allocation (but still capped at 64 bytes)
        https://bugs.webkit.org/show_bug.cgi?id=55159
        
        SunSpider reports no change.

        * JavaScriptCore.exp: Some day, I hope not to have to edit this file.

        * runtime/Heap.cpp:
        (JSC::Heap::allocateSlowCase): Split allocation into a fast and slow
        case, so the fast case can inline size class selection and turn it into
        a compile-time constant.
        
        Changed the collect-on-every allocation debugging switch to collect only
        on every slow allocation, so you can still flip the switch without
        recompiling the world. This may also be preferable for debugging purposes,
        since collecting after every single allocation can be unusably slow,
        and can mask problems by running destructors early.

        * runtime/Heap.h: Ditto.

        * runtime/JSCell.h:
        (JSC::JSCell::MarkedSpace::sizeClassFor):
        (JSC::JSCell::Heap::allocate):
        (JSC::JSCell::JSCell::operator new): The inlining mentioned above.

        * runtime/MarkedBlock.h: Dropped the block size from 256KB to 16KB. With
        multiple size classes, allocating a full 256KB for the first allocation
        in a given class can be pathologically wasteful. (8KB, or 4KB Mac and
        8KB Windows, would be even better, but that seems to be a peformance
        regression for now.)
        
        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::allocateBlock):
        (JSC::MarkedSpace::reset): There's more than one size class now, and its
        cell size is not constant.

        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::SizeClass::SizeClass): Ditto.

2011-02-23  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoffrey Garen.

        Make WeakGCMap use new handle infrastructure
        https://bugs.webkit.org/show_bug.cgi?id=55100

        Remove old WeakGCMap implementation and move over to new handle
        based logic.

        This has a number of benefits, most notably it makes a WeakGCMap
        always reflect the true state of the world by as all entries are
        removed at the first gc cycle that makes them dead.  This allows
        us to get rid of code in a wide variety of objects where the only
        purpose was to remove themselves from maps.

        It also means that we no longer need to have special "unchecked"
        versions of any functions on WeakGCMap.  Alas in order to maintain
        compatibility with the JSWeakObjectMapClear API it is still
        necessary to have an api that resembles uncheckedRemove, this is
        now deprecatedRemove and will be dealt with in a later patch.

        In order to get correct semantics in WeakGCMap we need more
        contextual information in the finalizer, so we've added an
        abstract class based finaliser and a context parameter to the
        calls.

        The new an improved WeakGCMap also results in sigificantly more
        churn in the weak handle lists so exposed some potential problems
        during the post mark phase which have been rectified as well.

        * API/JSWeakObjectMapRefPrivate.cpp:
        * API/JSWeakObjectMapRefPrivate.h:
        * runtime/Heap.cpp:
        (JSC::Heap::globalObjectCount):
        (JSC::Heap::protectedGlobalObjectCount):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSGlobalData.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::~JSGlobalObject):
        (JSC::JSGlobalObject::init):
        * runtime/WeakGCMap.h:
        (JSC::WeakGCMap::iterator::iterator):
        (JSC::WeakGCMap::iterator::get):
        (JSC::WeakGCMap::iterator::getSlot):
        (JSC::WeakGCMap::iterator::operator++):
        (JSC::WeakGCMap::iterator::operator==):
        (JSC::WeakGCMap::iterator::operator!=):
        (JSC::WeakGCMap::WeakGCMap):
        (JSC::WeakGCMap::isEmpty):
        (JSC::WeakGCMap::clear):
        (JSC::WeakGCMap::get):
        (JSC::WeakGCMap::getSlot):
        (JSC::WeakGCMap::set):
        (JSC::WeakGCMap::take):
        (JSC::WeakGCMap::size):
        (JSC::WeakGCMap::deprecatedRemove):
        (JSC::WeakGCMap::begin):
        (JSC::WeakGCMap::end):
        (JSC::WeakGCMap::~WeakGCMap):
        (JSC::WeakGCMap::finalize):
        * runtime/WeakGCPtr.h:
        (JSC::WeakGCPtr::WeakGCPtr):
        (JSC::WeakGCPtr::set):

2011-02-24  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Make weaklist processing deal with weak handles being removed during the iteration
        https://bugs.webkit.org/show_bug.cgi?id=55105

        It is possible for the handle heap to end up in a broken state if
        a handle's finalizer removes either the current or next handle
        to be visited during the post-gc cleanup.  This patch removes that
        problem by allowing the deallocate(Node*) routine to update the
        iterator if it is called during finalization.

        * collector/handles/HandleHeap.cpp:
        (JSC::HandleHeap::HandleHeap):
        (JSC::HandleHeap::updateAfterMark):
        (JSC::HandleHeap::clearWeakPointers):
        (JSC::HandleHeap::writeBarrier):
        (JSC::HandleHeap::protectedGlobalObjectCount):
        * collector/handles/HandleHeap.h:
        (JSC::Finalizer::~Finalizer):
        (JSC::HandleHeap::getFinalizer):
        (JSC::HandleHeap::deallocate):
        (JSC::HandleHeap::makeWeak):
        (JSC::HandleHeap::makeSelfDestroying):
        (JSC::HandleHeap::Node::Node):
        (JSC::HandleHeap::Node::setFinalizer):
        (JSC::HandleHeap::Node::finalizer):
        (JSC::HandleHeap::Node::finalizerContext):
        * interpreter/RegisterFile.cpp:
        (JSC::RegisterFile::setGlobalObject):
        (JSC::GlobalObjectNotifier::finalize):
        (JSC::RegisterFile::globalObjectCollectedNotifier):
        * interpreter/RegisterFile.h:
        (JSC::RegisterFile::RegisterFile):
        * runtime/Heap.cpp:
        (JSC::Heap::destroy):
        * runtime/WeakGCPtr.h:
        (JSC::WeakGCPtr::WeakGCPtr):
        (JSC::WeakGCPtr::set):

2011-02-24  Michael Saboff  <msaboff@apple.com>

        Reviewed by Oliver Hunt.

        PatternAlternative leaked in YarrPatternConstructor::atomParenthesesEnd()
        https://bugs.webkit.org/show_bug.cgi?id=55156

        Added code to delete unneeded PatternAlternative after it is removed
        from m_alternatives Vector.

        * yarr/YarrPattern.cpp:
        (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):

2011-02-24  Eric Seidel  <eric@webkit.org>

        Reviewed by Anders Carlsson.

        VectorBuffer should not call malloc(0)
        https://bugs.webkit.org/show_bug.cgi?id=55091

        Turns out the malloc() call which was so hot in:
        https://bugs.webkit.org/show_bug.cgi?id=55005
        was actually just malloc(0).

        We shouldn't be calling malloc(0) anyway, since there is no need to
        and it might actually do work on some systems.
        I believe on Mac it ends up taking the standard spinlocks (expensive)
        and the code on Brew actually does a malloc(1) instead.  Neither is desirable.

        * wtf/Vector.h:
        (WTF::VectorBufferBase::allocateBuffer):
        (WTF::VectorBufferBase::tryAllocateBuffer):

2011-02-24  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Darin Adler.

        Remove obsolete PLATFORM(CI)
        https://bugs.webkit.org/show_bug.cgi?id=55082

        * wtf/Platform.h:

2011-02-24  Martin Robinson  <mrobinson@igalia.com>

        Reviewed by Xan Lopez.

        [GTK] Remove the GFile GOwnPtr specialization
        https://bugs.webkit.org/show_bug.cgi?id=55154

        Remove the GFile specialization of GOwnPtr. It's sufficient to use GRefPtr
        to track GFiles since they are just regular reference-counted GObjects.

        * wtf/gobject/GOwnPtr.cpp: Remove GFile specialization.
        * wtf/gobject/GOwnPtr.h: Ditto.

2011-02-24  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Eric Seidel.

        Rename PLATFORM(SKIA) to USE(SKIA)
        https://bugs.webkit.org/show_bug.cgi?id=55090

        * wtf/Platform.h:

2011-02-24  Patrick Gansterer  <paroga@webkit.org>

        Reviewed by Alexey Proskuryakov.

        Remove pthreads dependecy for JSLock
        https://bugs.webkit.org/show_bug.cgi?id=54832

        JSLock is only needed to support an obsolete execution model where JavaScriptCore
        automatically protected against concurrent access from multiple threads.
        So it's safe to disable it on non-mac platforms where we don't have native pthreads.

        * runtime/JSLock.cpp:

2011-02-24  Chao-ying Fu  <fu@mips.com>

        Reviewed by Eric Seidel.

        Fix MIPS build with new patchOffsetPut/GetByIdPropertyMapOffset1/2 values
        https://bugs.webkit.org/show_bug.cgi?id=54997

        * jit/JIT.h:
        * jit/JITStubs.cpp:
        (JSC::JITThunks::JITThunks):

2011-02-24  Andras Becsi  <abecsi@webkit.org>

        Reviewed by Laszlo Gombos.

        [Qt] MinGW build fails to link
        https://bugs.webkit.org/show_bug.cgi?id=55050

        Prepend the libraries of subcomponents instead of appending them
        to fix the library order according to the dependency of the libraries

        * JavaScriptCore.pri: rename addJavaScriptCore to prependJavaScriptCore
        * jsc.pro: ditto

2011-02-24  Eric Seidel  <eric@webkit.org>

        Reviewed by Adam Barth.

        Deque<T> should support inline capacity
        https://bugs.webkit.org/show_bug.cgi?id=55032

        The title says it all.  There are currently no places
        which use this code yet, however it's been tested in conjunction
        with code for bug 55005.

        This also adds an ASSERT that capacity is never 1.  If you were able
        to set the capacity equal to 1, the Deque would just get confused
        and happily append your item but still think it had size 0.

        * wtf/Deque.h:
        (WTF::DequeIterator::DequeIterator):
        (WTF::DequeConstIterator::DequeConstIterator):
        (WTF::DequeReverseIterator::DequeReverseIterator):
        (WTF::DequeConstReverseIterator::DequeConstReverseIterator):
        (WTF::::checkValidity):
        (WTF::::checkIndexValidity):
        (WTF::::invalidateIterators):
        (WTF::::Deque):
        (WTF::deleteAllValues):
        (WTF::::operator):
        (WTF::::destroyAll):
        (WTF::::~Deque):
        (WTF::::swap):
        (WTF::::clear):
        (WTF::::findIf):
        (WTF::::expandCapacityIfNeeded):
        (WTF::::expandCapacity):
        (WTF::::takeFirst):
        (WTF::::append):
        (WTF::::prepend):
        (WTF::::removeFirst):
        (WTF::::remove):
        (WTF::::addToIteratorsList):
        (WTF::::removeFromIteratorsList):
        (WTF::::DequeIteratorBase):
        (WTF::::~DequeIteratorBase):
        (WTF::::isEqual):
        (WTF::::increment):
        (WTF::::decrement):
        (WTF::::after):
        (WTF::::before):
        * wtf/Vector.h:

2011-02-22  Adam Barth  <abarth@webkit.org>

        Reviewed by Ojan Vafai. 

        Add missing files to JavaScriptCore.gypi 
        https://bugs.webkit.org/show_bug.cgi?id=55020 

        gypi files are supposed to list every file under the sun.  This patch 
        adds some missing files and sorts the rest. 

        * JavaScriptCore.gypi: 

2011-02-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        Refactored MarkedSpace to operate in terms of size classes
        https://bugs.webkit.org/show_bug.cgi?id=55106
        
        SunSpider reports no change.

        * runtime/JSCell.h:
        (JSC::JSCell::MarkedSpace::sizeClassFor):
        (JSC::JSCell::MarkedSpace::allocate): Delegate allocation based on size
        class. Since these functions are inline, the compiler can constant fold
        them.

        * runtime/MarkedBlock.h:
        (JSC::MarkedBlock::cellSize):
        (JSC::MarkedBlock::size): Factored out a cellSize() helper.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::allocateBlock):
        (JSC::MarkedSpace::allocateFromSizeClass):
        (JSC::MarkedSpace::shrink):
        (JSC::MarkedSpace::reset):
        * runtime/MarkedSpace.h:
        (JSC::MarkedSpace::SizeClass::SizeClass):
        (JSC::MarkedSpace::SizeClass::reset): Changed to operate in terms of
        abstract SizeClass objects, which are independent linked lists of blocks
        of a certain size class, instead of a single m_heap object.

2011-02-23  Adam Barth  <abarth@webkit.org>

        Reviewed by James Robinson.

        [Chromium] Use WebKitClient for OSRandomSource instead of trying to talk to the file system in the sandbox
        https://bugs.webkit.org/show_bug.cgi?id=55093

        Exclude OSRandomSource.cpp from the Chromium build.  This function is
        implemented in WebKit/chromium/src instead.

        * JavaScriptCore.gyp/JavaScriptCore.gyp:

2011-02-23  Oliver Hunt  <oliver@apple.com>

        Roll out r64156 as it introduces incorrect behaviour.

        * runtime/JSByteArray.h:
        (JSC::JSByteArray::setIndex):

2011-02-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
        https://bugs.webkit.org/show_bug.cgi?id=55079
        
        SunSpider reports no change.

        * runtime/Heap.cpp:
        (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
        since we want Heap to logically control MarkedSpace. MarkedSpace should
        never choose to sweep itself.

        * runtime/JSCell.h:
        (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
        member of MarkedBlock. No need to reset nextAtom to firstAtom() when
        we reach the end of a block, since there's now an explicit reset pass
        during GC.

        * runtime/MarkedBlock.cpp:
        (JSC::MarkedBlock::MarkedBlock):
        * runtime/MarkedBlock.h:
        (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
        some data members to improve cache locality.

        * runtime/MarkedSpace.cpp:
        (JSC::MarkedSpace::MarkedSpace):
        (JSC::MarkedSpace::allocate):
        (JSC::MarkedSpace::reset):
        * runtime/MarkedSpace.h:
        (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
        explicit reset pass.

2011-02-23  James Robinson  <jamesr@chromium.org>

        Unreviewed, rolling out r79428.
        http://trac.webkit.org/changeset/79428
        https://bugs.webkit.org/show_bug.cgi?id=54714

        Does not work in the Chromium sandbox

        * JavaScriptCore.exp:

2011-02-23  Adam Roben  <aroben@apple.com>

        Fix an off-by-one error in JSC::appendSourceToError

        Looks like this bug has been around since the code was first added in r35245.

        Fixes <http://webkit.org/b/55052> <rdar://problem/9043512> Crash in JSC::appendSourceToError
        when running fast/dom/objc-big-method-name.html on Windows with full page heap enabled

        Reviewed by Darin Adler.

        * interpreter/Interpreter.cpp:
        (JSC::appendSourceToError): When trimming whitespace off the end of the string, examine the
        character at stop-1 rather than at stop. At this point in the code, stop represents the
        index just past the end of the characters we care about, and can even be just past the end
        of the entire data buffer.

2011-02-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Rolled back in r79367 with SnowLeopard Release bot crash fixed.
        https://bugs.webkit.org/show_bug.cgi?id=54999
        
        The crash was caused by failure to update the "nextBlock" pointer when
        removing a block from the list while shrinking. The fix is to update the
        "nextBlock" pointer.
        
        This crash was very rare because it only happened in cases where the very
        first block in the h