Standardize WinCairo conditionalized code under PLATFORM macro.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
2
3         Standardize WinCairo conditionalized code under PLATFORM macro.
4         https://bugs.webkit.org/show_bug.cgi?id=64377
5
6         Reviewed by Maciej Stachowiak.
7
8         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
9
10 2011-07-13  David Levin  <levin@chromium.org>
11
12         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
13         https://bugs.webkit.org/show_bug.cgi?id=64465
14
15         Reviewed by Dmitry Titov.
16
17         There isn't a good way to test this as it is very highly unlikely to occur.
18
19         * wtf/ThreadIdentifierDataPthreads.cpp:
20         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
21         isn't thread-safe, change the initialization to be global.
22
23 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
24
25         https://bugs.webkit.org/show_bug.cgi?id=64424
26         Our direct eval behaviour deviates slightly from the spec.
27
28         Reviewed by Oliver Hunt.
29
30         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
31         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
32         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
33         may be introduced into the caller's environment.
34
35         ES5 direct calls are any call where the callee function is provided by a reference, a base
36         of that Reference is an EnvironmentRecord (this corresponds to all productions
37         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
38         of the reference is "eval". This means any expression of the form "eval(...)", and that
39         calls the standard built in eval method from on the Global Object, is considered to be
40         direct.
41
42         In JavaScriptCore we are currently overly restrictive. We also check that the
43         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
44         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
45         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
46         not emanate from the spec, and is incorrect.
47
48         * interpreter/Interpreter.cpp:
49         (JSC::Interpreter::privateExecute):
50             - Fixed direct eval check in op_call_eval.
51         * jit/JITStubs.cpp:
52         (JSC::DEFINE_STUB_FUNCTION):
53             - Fixed direct eval check in op_call_eval.
54         * runtime/Executable.h:
55         (JSC::isHostFunction):
56             - Added check for host function with specific NativeFunction.
57
58 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
59
60         Reviewed by Andreas Kling.
61
62         Broken build on QNX
63         https://bugs.webkit.org/show_bug.cgi?id=63717
64
65         QNX doesn't support pthread's SA_RESTART (required by
66         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
67         few minor compilation errors here and there.
68
69         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
70         tested by him on QNX v6.5 (x86)
71
72         * wtf/DateMath.cpp: fix usage of abs/labs
73         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
74         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
75
76 2011-07-12  Anders Carlsson  <andersca@apple.com>
77
78         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
79         https://bugs.webkit.org/show_bug.cgi?id=64429
80
81         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
82
83         * wtf/NullPtr.h:
84
85 2011-07-13  MORITA Hajime  <morrita@google.com>
86
87         Refactoring: Ignored ExceptionCode value should be less annoying.
88         https://bugs.webkit.org/show_bug.cgi?id=63688
89
90         Added ASSERT_AT macro.
91
92         Reviewed by Darin Adler.
93
94         * wtf/Assertions.h:
95
96 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
97
98         DFG JIT does not implement op_construct.
99         https://bugs.webkit.org/show_bug.cgi?id=64066
100
101         Reviewed by Gavin Barraclough.
102         
103         This is a fixed implementation of op_construct.  Constructor calls are implemented
104         by reusing almost all of the code for Call, with care taken to make sure that
105         where the are differences (like selecting different code blocks), those differences
106         are respected.  The two fixes over the last patch are: (1) make sure the
107         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
108         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
109         (either CodeForCall or CodeForConstruct) when invoking the compiler.
110
111         * dfg/DFGAliasTracker.h:
112         (JSC::DFG::AliasTracker::recordConstruct):
113         * dfg/DFGByteCodeParser.cpp:
114         (JSC::DFG::ByteCodeParser::addCall):
115         (JSC::DFG::ByteCodeParser::parseBlock):
116         * dfg/DFGJITCodeGenerator.cpp:
117         (JSC::DFG::JITCodeGenerator::emitCall):
118         * dfg/DFGNode.h:
119         * dfg/DFGNonSpeculativeJIT.cpp:
120         (JSC::DFG::NonSpeculativeJIT::compile):
121         * dfg/DFGOperations.cpp:
122         * dfg/DFGOperations.h:
123         * dfg/DFGRepatch.cpp:
124         (JSC::DFG::dfgLinkFor):
125         * dfg/DFGRepatch.h:
126         * dfg/DFGSpeculativeJIT.cpp:
127         (JSC::DFG::SpeculativeJIT::compile):
128         * runtime/CodeBlock.cpp:
129         (JSC::CodeBlock::unlinkCalls):
130
131 2011-07-12  Oliver Hunt  <oliver@apple.com>
132
133         Overzealous type validation in method_check
134         https://bugs.webkit.org/show_bug.cgi?id=64415
135
136         Reviewed by Gavin Barraclough.
137
138         method_check is essentially just a value look up
139         optimisation, but it internally stores the value
140         as a JSFunction, even though it never relies on
141         this fact.  Under GC validation however we end up
142         trying to enforce that assumption.  The fix is
143         simply to store the value as a correct supertype.
144
145         * bytecode/CodeBlock.h:
146         * dfg/DFGRepatch.cpp:
147         (JSC::DFG::dfgRepatchGetMethodFast):
148         (JSC::DFG::tryCacheGetMethod):
149         * jit/JIT.h:
150         * jit/JITPropertyAccess.cpp:
151         (JSC::JIT::patchMethodCallProto):
152         * jit/JITStubs.cpp:
153         (JSC::DEFINE_STUB_FUNCTION):
154
155 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
156
157         COLLECT_ON_EVERY_ALLOCATION no longer works.
158         https://bugs.webkit.org/show_bug.cgi?id=64388
159
160         Reviewed by Oliver Hunt.
161         
162         Added a flag to Heap that determines if it's safe to collect (which for now means that
163         JSGlobalObject has actually been initialized, but it should work for other things, too).
164         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
165         GCing it just grows the heap, if necessary.
166         
167         Then changed Heap::allocate() to not recurse ad infinitum when
168         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
169         resilient against bugs; this change allowed me to put in handy assertions, such as that
170         an allocation must succeed after either a collection or after a new block was added.
171
172         * heap/Heap.cpp:
173         (JSC::Heap::Heap):
174         (JSC::Heap::tryAllocate):
175         (JSC::Heap::allocate):
176         (JSC::Heap::collectAllGarbage):
177         (JSC::Heap::collect):
178         * heap/Heap.h:
179         (JSC::Heap::notifyIsSafeToCollect):
180         * runtime/JSGlobalData.cpp:
181         (JSC::JSGlobalData::JSGlobalData):
182
183 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
184
185         DFG JIT put_by_id transition caching does not inform the GC about the structure and
186         prototype chain that it is referencing.
187         https://bugs.webkit.org/show_bug.cgi?id=64387
188
189         Reviewed by Gavin Barraclough.
190         
191         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
192
193         * dfg/DFGRepatch.cpp:
194         (JSC::DFG::tryCachePutByID):
195
196 2011-07-12  Adam Roben  <aroben@apple.com>
197
198         Ensure no intermediate WTF::Strings are created when concatenating with string literals
199
200         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
201         operator+ is suboptimal
202
203         Reviewed by Darin Adler.
204
205         * wtf/text/StringConcatenate.h:
206         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
207         many WTF::Strings get copied while evaluating an operator+ expression.
208
209         * wtf/text/StringOperators.h:
210         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
211         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
212         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
213         multiple calls to operator+. Added some more overloads for that take a left-hand side of
214         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
215         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
216         literals don't first have to be converted to a WTF::String in operator+ expressions.
217
218 2011-07-12  Adam Roben  <aroben@apple.com>
219
220         Unreviewed, rolling out r90811.
221         http://trac.webkit.org/changeset/90811
222         https://bugs.webkit.org/show_bug.cgi?id=61025
223
224         Several svg tests failing assertions beneath
225         SVGSMILElement::findInstanceTime
226
227         * wtf/StdLibExtras.h:
228         (WTF::binarySearch):
229
230 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
231
232         Reviewed by Nikolas Zimmermann.
233
234         Speed up SVGSMILElement::findInstanceTime.
235         https://bugs.webkit.org/show_bug.cgi?id=61025
236
237         Add a new parameter to StdlibExtras.h::binarySerarch function
238         to also handle cases when the array does not contain the key value.
239         This is needed for an svg function.
240
241         * wtf/StdLibExtras.h:
242         (WTF::binarySearch):
243
244 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
245
246         DFG speculative JIT does not guard itself against floating point speculation
247         failures on non-floating-point constants.
248         https://bugs.webkit.org/show_bug.cgi?id=64330
249
250         Reviewed by Gavin Barraclough.
251         
252         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
253         soon as it notices that it's speculating on something that is a non-numeric
254         JSConstant.
255
256         * dfg/DFGSpeculativeJIT.cpp:
257         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
258
259 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
260
261         DFG Speculative JIT does not always insert speculation checks when speculating
262         arrays.
263         https://bugs.webkit.org/show_bug.cgi?id=64254
264
265         Reviewed by Gavin Barraclough.
266         
267         Changed the SetLocal instruction to always validate that the value being stored
268         into the local variable is an array, if that variable was marked PredictArray.
269         This is necessary since uses of arrays assume that if a PredictArray value is
270         in a local variable then the speculation check validating that the value is an
271         array was already performed.
272
273         * dfg/DFGSpeculativeJIT.cpp:
274         (JSC::DFG::SpeculativeJIT::compile):
275
276 2011-07-11  Gabor Loki  <loki@webkit.org>
277
278         Fix the condition of the optimized code in doubleTransfer
279         https://bugs.webkit.org/show_bug.cgi?id=64261
280
281         Reviewed by Zoltan Herczeg.
282
283         The condition of the optimized code in doubleTransfer is wrong. The
284         data transfer should be executed with four bytes aligned address.
285         VFP cannot perform unaligned memory access.
286
287         Reported by Jacob Bramley.
288
289         * assembler/ARMAssembler.cpp:
290         (JSC::ARMAssembler::doubleTransfer):
291
292 2011-07-11  Gabor Loki  <loki@webkit.org>
293
294         Signed arithmetic bug in dataTransfer32.
295         https://bugs.webkit.org/show_bug.cgi?id=64257
296
297         Reviewed by Zoltan Herczeg.
298
299         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
300         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
301         a load instruction is emitted with a wrong zero offset.
302
303         Inspired by Jacob Bramley's patch from JaegerMonkey.
304
305         * assembler/ARMAssembler.cpp:
306         (JSC::ARMAssembler::dataTransfer32):
307
308 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
309
310         Fix unaligned userspace access for SH4 platforms. 
311         https://bugs.webkit.org/show_bug.cgi?id=62993
312
313         * wtf/Platform.h:
314
315 2011-07-09  Chao-ying Fu  <fu@mips.com>
316
317         Fix MIPS build due to readInt32 and readPointer
318         https://bugs.webkit.org/show_bug.cgi?id=63962
319
320         * assembler/MIPSAssembler.h:
321         (JSC::MIPSAssembler::readInt32):
322         (JSC::MIPSAssembler::readPointer):
323         * assembler/MacroAssemblerMIPS.h:
324         (JSC::MacroAssemblerMIPS::rshift32):
325
326 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
327
328         https://bugs.webkit.org/show_bug.cgi?id=64181
329         REGRESSION (r90602): Gmail doesn't load
330
331         Rolling out r90601, r90602.
332
333         * dfg/DFGAliasTracker.h:
334         * dfg/DFGByteCodeParser.cpp:
335         (JSC::DFG::ByteCodeParser::addVarArgChild):
336         (JSC::DFG::ByteCodeParser::parseBlock):
337         * dfg/DFGJITCodeGenerator.cpp:
338         (JSC::DFG::JITCodeGenerator::emitCall):
339         * dfg/DFGNode.h:
340         * dfg/DFGNonSpeculativeJIT.cpp:
341         (JSC::DFG::NonSpeculativeJIT::compile):
342         * dfg/DFGOperations.cpp:
343         * dfg/DFGOperations.h:
344         * dfg/DFGRepatch.cpp:
345         (JSC::DFG::tryCacheGetByID):
346         (JSC::DFG::dfgLinkCall):
347         * dfg/DFGRepatch.h:
348         * dfg/DFGSpeculativeJIT.cpp:
349         (JSC::DFG::SpeculativeJIT::compile):
350         * runtime/JSObject.h:
351         (JSC::JSObject::isUsingInlineStorage):
352
353 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
354
355         Reviewed by Adam Roben.
356
357         Add missing _WIN32_WINNT and WINVER definitions
358         https://bugs.webkit.org/show_bug.cgi?id=59702
359
360         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
361         available for all source files.
362
363         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
364         DeleteTimerQueueTimer which are both guarded by
365         #if (_WIN32_WINNT >= 0x0500)
366         in MinGW headers.
367
368         * config.h:
369         * wtf/Assertions.cpp:
370
371 2011-07-08  Chang Shu  <cshu@webkit.org>
372
373         Rename "makeSecure" to "fill" and remove the support for displaying last character
374         to avoid layering violatation.
375         https://bugs.webkit.org/show_bug.cgi?id=59114
376
377         Reviewed by Alexey Proskuryakov.
378
379         * JavaScriptCore.exp:
380         * JavaScriptCore.order:
381         * wtf/text/StringImpl.cpp:
382         (WTF::StringImpl::fill):
383         * wtf/text/StringImpl.h:
384         * wtf/text/WTFString.h:
385         (WTF::String::fill):
386
387 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
388
389         [WK2] Do not forward touch events to the web process when it does not need them
390         https://bugs.webkit.org/show_bug.cgi?id=64164
391
392         Reviewed by Kenneth Rohde Christiansen.
393
394         Add a convenience function to obtain a reference to the last element of a Deque.
395
396         * wtf/Deque.h:
397         (WTF::Deque::last):
398
399 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
400
401         DFG JIT does not implement op_construct.
402         https://bugs.webkit.org/show_bug.cgi?id=64066
403
404         Reviewed by Gavin Barraclough.
405
406         * dfg/DFGAliasTracker.h:
407         (JSC::DFG::AliasTracker::recordConstruct):
408         * dfg/DFGByteCodeParser.cpp:
409         (JSC::DFG::ByteCodeParser::addCall):
410         (JSC::DFG::ByteCodeParser::parseBlock):
411         * dfg/DFGJITCodeGenerator.cpp:
412         (JSC::DFG::JITCodeGenerator::emitCall):
413         * dfg/DFGNode.h:
414         * dfg/DFGNonSpeculativeJIT.cpp:
415         (JSC::DFG::NonSpeculativeJIT::compile):
416         * dfg/DFGOperations.cpp:
417         * dfg/DFGOperations.h:
418         * dfg/DFGRepatch.cpp:
419         (JSC::DFG::dfgLinkFor):
420         * dfg/DFGRepatch.h:
421         * dfg/DFGSpeculativeJIT.cpp:
422         (JSC::DFG::SpeculativeJIT::compile):
423
424 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
425
426         DFG JIT does not implement get_by_id prototype caching.
427         https://bugs.webkit.org/show_bug.cgi?id=64077
428
429         Reviewed by Gavin Barraclough.
430
431         * dfg/DFGRepatch.cpp:
432         (JSC::DFG::emitRestoreScratch):
433         (JSC::DFG::linkRestoreScratch):
434         (JSC::DFG::tryCacheGetByID):
435         * runtime/JSObject.h:
436         (JSC::JSObject::addressOfPropertyAtOffset):
437
438 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
439
440         DFG JIT method_check implementation does not link to optimized get_by_id
441         slow path.
442         https://bugs.webkit.org/show_bug.cgi?id=64073
443
444         Reviewed by Gavin Barraclough.
445
446         * dfg/DFGRepatch.cpp:
447         (JSC::DFG::dfgRepatchGetMethodFast):
448
449 2011-07-07  Oliver Hunt  <oliver@apple.com>
450
451         Encode jump and link sizes into the appropriate enums
452         https://bugs.webkit.org/show_bug.cgi?id=64123
453
454         Reviewed by Sam Weinig.
455
456         Finally kill off the out of line jump and link size arrays, 
457         so we can avoid icky loads and constant fold the linking arithmetic.
458
459         * assembler/ARMv7Assembler.cpp:
460         * assembler/ARMv7Assembler.h:
461         (JSC::ARMv7Assembler::jumpSizeDelta):
462         (JSC::ARMv7Assembler::computeJumpType):
463
464 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
465
466         ASSERT_NOT_REACHED running test 262
467         https://bugs.webkit.org/show_bug.cgi?id=63951
468         
469         Added a case to the switch statement where the code was failing. Fixed
470         some logic as well that gave faulty error messages.
471
472         Reviewed by Gavin Barraclough.
473
474         * parser/JSParser.cpp:
475         (JSC::JSParser::getTokenName):
476         (JSC::JSParser::updateErrorMessageSpecialCase):
477         (JSC::JSParser::updateErrorMessage):
478
479 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
480
481         DFG JIT implementation of op_call results in regressions on sunspider
482         controlflow-recursive.
483         https://bugs.webkit.org/show_bug.cgi?id=64039
484
485         Reviewed by Gavin Barraclough.
486
487         * dfg/DFGByteCodeParser.cpp:
488         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
489         (JSC::DFG::ByteCodeParser::parseBlock):
490         * dfg/DFGSpeculativeJIT.h:
491         (JSC::DFG::SpeculativeJIT::isInteger):
492
493 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
494
495         DFG JIT does not support method_check
496         https://bugs.webkit.org/show_bug.cgi?id=63972
497
498         Reviewed by Gavin Barraclough.
499
500         * assembler/CodeLocation.h:
501         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
502         * bytecode/CodeBlock.cpp:
503         (JSC::CodeBlock::visitAggregate):
504         * bytecode/CodeBlock.h:
505         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
506         (JSC::MethodCallLinkInfo::seenOnce):
507         (JSC::MethodCallLinkInfo::setSeen):
508         * dfg/DFGAliasTracker.h:
509         (JSC::DFG::AliasTracker::recordGetMethod):
510         * dfg/DFGByteCodeParser.cpp:
511         (JSC::DFG::ByteCodeParser::parseBlock):
512         * dfg/DFGJITCodeGenerator.cpp:
513         (JSC::DFG::JITCodeGenerator::cachedGetById):
514         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
515         * dfg/DFGJITCodeGenerator.h:
516         * dfg/DFGJITCompiler.cpp:
517         (JSC::DFG::JITCompiler::compileFunction):
518         * dfg/DFGJITCompiler.h:
519         (JSC::DFG::JITCompiler::addMethodGet):
520         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
521         * dfg/DFGNode.h:
522         (JSC::DFG::Node::hasIdentifier):
523         * dfg/DFGNonSpeculativeJIT.cpp:
524         (JSC::DFG::NonSpeculativeJIT::compile):
525         * dfg/DFGOperations.cpp:
526         * dfg/DFGOperations.h:
527         * dfg/DFGRepatch.cpp:
528         (JSC::DFG::dfgRepatchGetMethodFast):
529         (JSC::DFG::tryCacheGetMethod):
530         (JSC::DFG::dfgRepatchGetMethod):
531         * dfg/DFGRepatch.h:
532         * dfg/DFGSpeculativeJIT.cpp:
533         (JSC::DFG::SpeculativeJIT::compile):
534         * jit/JITWriteBarrier.h:
535         (JSC::JITWriteBarrier::set):
536
537 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
538
539         DFG JIT op_call implementation will flush registers even when those registers are dead
540         https://bugs.webkit.org/show_bug.cgi?id=64023
541
542         Reviewed by Gavin Barraclough.
543
544         * dfg/DFGJITCodeGenerator.cpp:
545         (JSC::DFG::JITCodeGenerator::emitCall):
546         * dfg/DFGJITCodeGenerator.h:
547         (JSC::DFG::JITCodeGenerator::integerResult):
548         (JSC::DFG::JITCodeGenerator::noResult):
549         (JSC::DFG::JITCodeGenerator::cellResult):
550         (JSC::DFG::JITCodeGenerator::jsValueResult):
551         (JSC::DFG::JITCodeGenerator::doubleResult):
552         * dfg/DFGNonSpeculativeJIT.cpp:
553         (JSC::DFG::NonSpeculativeJIT::compile):
554         * dfg/DFGSpeculativeJIT.cpp:
555         (JSC::DFG::SpeculativeJIT::compile):
556
557 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
558
559         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
560         https://bugs.webkit.org/show_bug.cgi?id=64017
561
562         Reviewed by Gavin Barraclough.
563
564         * dfg/DFGSpeculativeJIT.cpp:
565         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
566         (JSC::DFG::SpeculativeJIT::compile):
567
568 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
569
570         Reviewed by David Levin.
571
572         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
573         https://bugs.webkit.org/show_bug.cgi?id=62443
574
575         * wtf/DynamicAnnotations.cpp:
576         (WTFAnnotateBenignRaceSized):
577         (WTFAnnotateHappensBefore):
578         (WTFAnnotateHappensAfter):
579
580 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
581
582         Calls on 32 bit machines are failed after r90423
583         https://bugs.webkit.org/show_bug.cgi?id=63980
584
585         Reviewed by Gavin Barraclough.
586
587         Copy the necessary lines from JITCall.cpp.
588
589         * jit/JITCall32_64.cpp:
590         (JSC::JIT::compileOpCall):
591
592 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
593
594         DFG JIT virtual call implementation is inefficient.
595         https://bugs.webkit.org/show_bug.cgi?id=63974
596
597         Reviewed by Gavin Barraclough.
598
599         * dfg/DFGOperations.cpp:
600         * runtime/Executable.h:
601         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
602         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
603         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
604         (JSC::ExecutableBase::hasJITCodeForCall):
605         (JSC::ExecutableBase::hasJITCodeForConstruct):
606         (JSC::ExecutableBase::hasJITCodeFor):
607         * runtime/JSFunction.h:
608         (JSC::JSFunction::scopeUnchecked):
609
610 2011-07-05  Oliver Hunt  <oliver@apple.com>
611
612         Force inlining of simple functions that show up as not being inlined
613         https://bugs.webkit.org/show_bug.cgi?id=63964
614
615         Reviewed by Gavin Barraclough.
616
617         Looking at profile data indicates the gcc is failing to inline a
618         number of trivial functions.  This patch hits the ones that show
619         up in profiles with the ALWAYS_INLINE hammer.
620
621         We also replace the memcpy() call in linking with a manual loop.
622         Apparently memcpy() is almost never faster than an inlined loop.
623
624         * assembler/ARMv7Assembler.h:
625         (JSC::ARMv7Assembler::add):
626         (JSC::ARMv7Assembler::add_S):
627         (JSC::ARMv7Assembler::ARM_and):
628         (JSC::ARMv7Assembler::asr):
629         (JSC::ARMv7Assembler::b):
630         (JSC::ARMv7Assembler::blx):
631         (JSC::ARMv7Assembler::bx):
632         (JSC::ARMv7Assembler::clz):
633         (JSC::ARMv7Assembler::cmn):
634         (JSC::ARMv7Assembler::cmp):
635         (JSC::ARMv7Assembler::eor):
636         (JSC::ARMv7Assembler::it):
637         (JSC::ARMv7Assembler::ldr):
638         (JSC::ARMv7Assembler::ldrCompact):
639         (JSC::ARMv7Assembler::ldrh):
640         (JSC::ARMv7Assembler::ldrb):
641         (JSC::ARMv7Assembler::lsl):
642         (JSC::ARMv7Assembler::lsr):
643         (JSC::ARMv7Assembler::movT3):
644         (JSC::ARMv7Assembler::mov):
645         (JSC::ARMv7Assembler::movt):
646         (JSC::ARMv7Assembler::mvn):
647         (JSC::ARMv7Assembler::neg):
648         (JSC::ARMv7Assembler::orr):
649         (JSC::ARMv7Assembler::orr_S):
650         (JSC::ARMv7Assembler::ror):
651         (JSC::ARMv7Assembler::smull):
652         (JSC::ARMv7Assembler::str):
653         (JSC::ARMv7Assembler::sub):
654         (JSC::ARMv7Assembler::sub_S):
655         (JSC::ARMv7Assembler::tst):
656         (JSC::ARMv7Assembler::linkRecordSourceComparator):
657         (JSC::ARMv7Assembler::link):
658         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
659         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
660         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
661         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
662         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
663         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
664         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
665         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
666         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
667         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
668         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
669         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
670         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
671         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
672         * assembler/LinkBuffer.h:
673         (JSC::LinkBuffer::linkCode):
674         * assembler/MacroAssemblerARMv7.h:
675         (JSC::MacroAssemblerARMv7::nearCall):
676         (JSC::MacroAssemblerARMv7::call):
677         (JSC::MacroAssemblerARMv7::ret):
678         (JSC::MacroAssemblerARMv7::moveWithPatch):
679         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
680         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
681         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
682         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
683         (JSC::MacroAssemblerARMv7::jump):
684         (JSC::MacroAssemblerARMv7::makeBranch):
685
686 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
687
688         Make "Add optimised paths for a few maths functions" work on Qt
689         https://bugs.webkit.org/show_bug.cgi?id=63893
690
691         Reviewed by Oliver Hunt.
692
693         Move the generated code to the .text section instead of .data section.
694         Fix alignment for the 32 bit thunk code.
695
696         * jit/ThunkGenerators.cpp:
697
698 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
699
700         DFG JIT does not implement op_call.
701         https://bugs.webkit.org/show_bug.cgi?id=63858
702
703         Reviewed by Gavin Barraclough.
704
705         * bytecode/CodeBlock.cpp:
706         (JSC::CodeBlock::unlinkCalls):
707         * bytecode/CodeBlock.h:
708         (JSC::CodeBlock::setNumberOfCallLinkInfos):
709         (JSC::CodeBlock::numberOfCallLinkInfos):
710         * bytecompiler/BytecodeGenerator.cpp:
711         (JSC::BytecodeGenerator::emitCall):
712         (JSC::BytecodeGenerator::emitConstruct):
713         * dfg/DFGAliasTracker.h:
714         (JSC::DFG::AliasTracker::lookupGetByVal):
715         (JSC::DFG::AliasTracker::recordCall):
716         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
717         * dfg/DFGByteCodeParser.cpp:
718         (JSC::DFG::ByteCodeParser::ByteCodeParser):
719         (JSC::DFG::ByteCodeParser::getLocal):
720         (JSC::DFG::ByteCodeParser::getArgument):
721         (JSC::DFG::ByteCodeParser::toInt32):
722         (JSC::DFG::ByteCodeParser::addToGraph):
723         (JSC::DFG::ByteCodeParser::addVarArgChild):
724         (JSC::DFG::ByteCodeParser::predictInt32):
725         (JSC::DFG::ByteCodeParser::parseBlock):
726         (JSC::DFG::ByteCodeParser::processPhiStack):
727         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
728         * dfg/DFGGraph.cpp:
729         (JSC::DFG::Graph::opName):
730         (JSC::DFG::Graph::dump):
731         (JSC::DFG::Graph::refChildren):
732         * dfg/DFGGraph.h:
733         * dfg/DFGJITCodeGenerator.cpp:
734         (JSC::DFG::JITCodeGenerator::useChildren):
735         (JSC::DFG::JITCodeGenerator::emitCall):
736         * dfg/DFGJITCodeGenerator.h:
737         (JSC::DFG::JITCodeGenerator::addressOfCallData):
738         * dfg/DFGJITCompiler.cpp:
739         (JSC::DFG::JITCompiler::compileFunction):
740         * dfg/DFGJITCompiler.h:
741         (JSC::DFG::CallRecord::CallRecord):
742         (JSC::DFG::JITCompiler::notifyCall):
743         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
744         (JSC::DFG::JITCompiler::addJSCall):
745         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
746         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
747         * dfg/DFGNode.h:
748         (JSC::DFG::Node::Node):
749         (JSC::DFG::Node::child1):
750         (JSC::DFG::Node::child2):
751         (JSC::DFG::Node::child3):
752         (JSC::DFG::Node::firstChild):
753         (JSC::DFG::Node::numChildren):
754         * dfg/DFGNonSpeculativeJIT.cpp:
755         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
756         (JSC::DFG::NonSpeculativeJIT::compare):
757         (JSC::DFG::NonSpeculativeJIT::compile):
758         * dfg/DFGOperations.cpp:
759         * dfg/DFGOperations.h:
760         * dfg/DFGRepatch.cpp:
761         (JSC::DFG::dfgLinkCall):
762         * dfg/DFGRepatch.h:
763         * dfg/DFGSpeculativeJIT.cpp:
764         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
765         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
766         (JSC::DFG::SpeculativeJIT::compile):
767         * dfg/DFGSpeculativeJIT.h:
768         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
769         * interpreter/CallFrame.h:
770         (JSC::ExecState::calleeAsValue):
771         * jit/JIT.cpp:
772         (JSC::JIT::JIT):
773         (JSC::JIT::privateCompileMainPass):
774         (JSC::JIT::privateCompileSlowCases):
775         (JSC::JIT::privateCompile):
776         (JSC::JIT::linkCall):
777         (JSC::JIT::linkConstruct):
778         * jit/JITCall.cpp:
779         (JSC::JIT::compileOpCall):
780         * jit/JITCode.h:
781         (JSC::JITCode::JITCode):
782         (JSC::JITCode::jitType):
783         (JSC::JITCode::HostFunction):
784         * runtime/JSFunction.h:
785         * runtime/JSGlobalData.h:
786
787 2011-07-05  Oliver Hunt  <oliver@apple.com>
788
789         Initialize new MarkStack member
790
791         * heap/MarkStack.h:
792         (JSC::MarkStack::MarkStack):
793
794 2011-07-05  Oliver Hunt  <oliver@apple.com>
795
796         Don't throw out compiled code repeatedly
797         https://bugs.webkit.org/show_bug.cgi?id=63960
798
799         Reviewed by Gavin Barraclough.
800
801         Stop throwing away all compiled code every time
802         we're told to do a full GC.  Instead unlink all
803         callsites during such GC passes to maximise the
804         number of collectable functions, but otherwise
805         leave compiled functions alone.
806
807         * API/JSBase.cpp:
808         (JSGarbageCollect):
809         * bytecode/CodeBlock.cpp:
810         (JSC::CodeBlock::visitAggregate):
811         * heap/Heap.cpp:
812         (JSC::Heap::collectAllGarbage):
813         * heap/MarkStack.h:
814         (JSC::MarkStack::shouldUnlinkCalls):
815         (JSC::MarkStack::setShouldUnlinkCalls):
816         * runtime/JSGlobalData.cpp:
817         (JSC::JSGlobalData::recompileAllJSFunctions):
818         (JSC::JSGlobalData::releaseExecutableMemory):
819         * runtime/RegExp.cpp:
820         (JSC::RegExp::compile):
821         (JSC::RegExp::invalidateCode):
822         * runtime/RegExp.h:
823
824 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
825
826         JSC JIT has code duplication for the handling of call and construct
827         https://bugs.webkit.org/show_bug.cgi?id=63957
828
829         Reviewed by Gavin Barraclough.
830
831         * jit/JIT.cpp:
832         (JSC::JIT::linkFor):
833         * jit/JIT.h:
834         * jit/JITStubs.cpp:
835         (JSC::jitCompileFor):
836         (JSC::DEFINE_STUB_FUNCTION):
837         (JSC::arityCheckFor):
838         (JSC::lazyLinkFor):
839         * runtime/Executable.h:
840         (JSC::ExecutableBase::generatedJITCodeFor):
841         (JSC::FunctionExecutable::compileFor):
842         (JSC::FunctionExecutable::isGeneratedFor):
843         (JSC::FunctionExecutable::generatedBytecodeFor):
844         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
845
846 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
847
848         Build fix following last patch.
849
850         * runtime/JSFunction.cpp:
851         (JSC::createPrototypeProperty):
852
853 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
854
855         https://bugs.webkit.org/show_bug.cgi?id=63947
856         ASSERT running Object.preventExtensions(Math.sin)
857
858         Reviewed by Oliver Hunt.
859
860         This is due to calling scope() on a hostFunction as a part of
861         calling createPrototypeProperty to reify the prototype property.
862         But host functions don't have a prototype property anyway!
863
864         Prevent callling createPrototypeProperty on a host function.
865
866         * runtime/JSFunction.cpp:
867         (JSC::JSFunction::createPrototypeProperty):
868         (JSC::JSFunction::preventExtensions):
869
870 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
871
872         https://bugs.webkit.org/show_bug.cgi?id=63880
873         Evaluation order of conversions of operands to >, >= incorrect.
874
875         Reviewed by Sam Weinig.
876
877         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
878         spec. This allows these methods to be reused to perform >, >= relational compares
879         with correct ordering of type conversions.
880
881         * dfg/DFGOperations.cpp:
882         * interpreter/Interpreter.cpp:
883         (JSC::Interpreter::privateExecute):
884         * jit/JITStubs.cpp:
885         (JSC::DEFINE_STUB_FUNCTION):
886         * runtime/Operations.h:
887         (JSC::jsLess):
888         (JSC::jsLessEq):
889
890 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
891
892         Reviewed by Sam Weinig.
893
894         https://bugs.webkit.org/show_bug.cgi?id=16652
895         Firefox and JavaScriptCore differ in Number.toString(integer)
896
897         Our arbitrary radix (2..36) toString conversion is inaccurate.
898         This is partly because it uses doubles to perform math that requires
899         higher accuracy, and partly becasue it does not attempt to correctly
900         detect where to terminate, instead relying on a simple 'epsilon'.
901
902         * runtime/NumberPrototype.cpp:
903         (JSC::decomposeDouble):
904             - helper function to extract sign, exponent, mantissa from IEEE doubles.
905         (JSC::Uint16WithFraction::Uint16WithFraction):
906             - helper class, u16int with infinite precision fraction, used to convert
907               the fractional part of the number to a string.
908         (JSC::Uint16WithFraction::operator*=):
909             - Multiply by a uint16.
910         (JSC::Uint16WithFraction::operator<):
911             - Compare two Uint16WithFractions.
912         (JSC::Uint16WithFraction::floorAndSubtract):
913             - Extract the integer portion of the number, and subtract it (clears the integer portion).
914         (JSC::Uint16WithFraction::comparePoint5):
915             - Compare to 0.5.
916         (JSC::Uint16WithFraction::sumGreaterThanOne):
917             - Passed a second Uint16WithFraction, returns true if the result of adding
918               the two values would be greater than one.
919         (JSC::Uint16WithFraction::isNormalized):
920             - Used by ASSERTs to consistency check internal representation.
921         (JSC::BigInteger::BigInteger):
922             - helper class, unbounded integer value, used to convert the integer part
923               of the number to a string.
924         (JSC::BigInteger::divide):
925             - Divide this value through by a uint32.
926         (JSC::BigInteger::operator!):
927             - test for zero.
928         (JSC::toStringWithRadix):
929             - Performs number to string conversion, with the given radix (2..36).
930         (JSC::numberProtoFuncToString):
931             - Changed to use toStringWithRadix.
932
933 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
934
935         https://bugs.webkit.org/show_bug.cgi?id=63881
936         Need separate bytecodes for handling >, >= comparisons.
937
938         Reviewed by Oliver Hunt.
939
940         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
941         as being using the corresponding op_less, etc opcodes.  This is incorrect with
942         respect to evaluation ordering of the implicit conversions performed on operands -
943         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
944         but instead convert RHS then LHS.
945
946         This patch adds opcodes for greater-than comparisons mirroring existing ones used
947         for less-than.
948
949         * bytecode/CodeBlock.cpp:
950         (JSC::CodeBlock::dump):
951         * bytecode/Opcode.h:
952         * bytecompiler/BytecodeGenerator.cpp:
953         (JSC::BytecodeGenerator::emitJumpIfTrue):
954         (JSC::BytecodeGenerator::emitJumpIfFalse):
955         * bytecompiler/NodesCodegen.cpp:
956         * dfg/DFGByteCodeParser.cpp:
957         (JSC::DFG::ByteCodeParser::parseBlock):
958         * dfg/DFGNode.h:
959         * dfg/DFGNonSpeculativeJIT.cpp:
960         (JSC::DFG::NonSpeculativeJIT::compare):
961         (JSC::DFG::NonSpeculativeJIT::compile):
962         * dfg/DFGNonSpeculativeJIT.h:
963         * dfg/DFGOperations.cpp:
964         * dfg/DFGOperations.h:
965         * dfg/DFGSpeculativeJIT.cpp:
966         (JSC::DFG::SpeculativeJIT::compare):
967         (JSC::DFG::SpeculativeJIT::compile):
968         * dfg/DFGSpeculativeJIT.h:
969         * interpreter/Interpreter.cpp:
970         (JSC::Interpreter::privateExecute):
971         * jit/JIT.cpp:
972         (JSC::JIT::privateCompileMainPass):
973         (JSC::JIT::privateCompileSlowCases):
974         * jit/JIT.h:
975         (JSC::JIT::emit_op_loop_if_greater):
976         (JSC::JIT::emitSlow_op_loop_if_greater):
977         (JSC::JIT::emit_op_loop_if_greatereq):
978         (JSC::JIT::emitSlow_op_loop_if_greatereq):
979         * jit/JITArithmetic.cpp:
980         (JSC::JIT::emit_op_jgreater):
981         (JSC::JIT::emit_op_jgreatereq):
982         (JSC::JIT::emit_op_jngreater):
983         (JSC::JIT::emit_op_jngreatereq):
984         (JSC::JIT::emitSlow_op_jgreater):
985         (JSC::JIT::emitSlow_op_jgreatereq):
986         (JSC::JIT::emitSlow_op_jngreater):
987         (JSC::JIT::emitSlow_op_jngreatereq):
988         (JSC::JIT::emit_compareAndJumpSlow):
989         * jit/JITArithmetic32_64.cpp:
990         (JSC::JIT::emitBinaryDoubleOp):
991         * jit/JITStubs.cpp:
992         (JSC::DEFINE_STUB_FUNCTION):
993         * jit/JITStubs.h:
994         * parser/NodeConstructors.h:
995         (JSC::GreaterNode::GreaterNode):
996         (JSC::GreaterEqNode::GreaterEqNode):
997         * parser/Nodes.h:
998
999 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
1000
1001         https://bugs.webkit.org/show_bug.cgi?id=63879
1002         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
1003
1004         Reviewed by Sam Weinig.
1005         
1006         There is a lot of copy & paste code here; we can reduce duplication by making
1007         a shared implementation.
1008
1009         * assembler/MacroAssembler.h:
1010         (JSC::MacroAssembler::branch32):
1011         (JSC::MacroAssembler::commute):
1012             - Make these function platform agnostic.
1013         * assembler/MacroAssemblerX86Common.h:
1014             - Moved branch32/commute up to MacroAssembler.
1015         * jit/JIT.h:
1016         (JSC::JIT::emit_op_loop_if_lesseq):
1017         (JSC::JIT::emitSlow_op_loop_if_lesseq):
1018             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
1019         * jit/JITArithmetic.cpp:
1020         (JSC::JIT::emit_op_jless):
1021         (JSC::JIT::emit_op_jlesseq):
1022         (JSC::JIT::emit_op_jnless):
1023         (JSC::JIT::emit_op_jnlesseq):
1024         (JSC::JIT::emitSlow_op_jless):
1025         (JSC::JIT::emitSlow_op_jlesseq):
1026         (JSC::JIT::emitSlow_op_jnless):
1027         (JSC::JIT::emitSlow_op_jnlesseq):
1028             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
1029         (JSC::JIT::emit_compareAndJump):
1030         (JSC::JIT::emit_compareAndJumpSlow):
1031             - Internal implmementation of jless etc for JSVALUE64.
1032         * jit/JITArithmetic32_64.cpp:
1033         (JSC::JIT::emit_compareAndJump):
1034         (JSC::JIT::emit_compareAndJumpSlow):
1035             - Internal implmementation of jless etc for JSVALUE32_64.
1036         * jit/JITOpcodes.cpp:
1037         * jit/JITOpcodes32_64.cpp:
1038         * jit/JITStubs.cpp:
1039         * jit/JITStubs.h:
1040             - Remove old implementation of emit_op_loop_if_lesseq.
1041
1042 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
1043
1044         Unreviewed, rolling out r90347.
1045         http://trac.webkit.org/changeset/90347
1046         https://bugs.webkit.org/show_bug.cgi?id=63886
1047
1048         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
1049         (Requested by tkent on #webkit).
1050
1051         * JavaScriptCore.xcodeproj/project.pbxproj:
1052         * runtime/BigInteger.h: Removed.
1053         * runtime/NumberPrototype.cpp:
1054         (JSC::numberProtoFuncToPrecision):
1055         (JSC::numberProtoFuncToString):
1056         * runtime/Uint16WithFraction.h: Removed.
1057         * wtf/MathExtras.h:
1058
1059 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
1060
1061         Reviewed by Sam Weinig.
1062
1063         https://bugs.webkit.org/show_bug.cgi?id=16652
1064         Firefox and JavaScriptCore differ in Number.toString(integer)
1065
1066         Our arbitrary radix (2..36) toString conversion is inaccurate.
1067         This is partly because it uses doubles to perform math that requires
1068         higher accuracy, and partly becasue it does not attempt to correctly
1069         detect where to terminate, instead relying on a simple 'epsilon'.
1070
1071         * runtime/NumberPrototype.cpp:
1072         (JSC::decomposeDouble):
1073             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1074         (JSC::Uint16WithFraction::Uint16WithFraction):
1075             - helper class, u16int with infinite precision fraction, used to convert
1076               the fractional part of the number to a string.
1077         (JSC::Uint16WithFraction::operator*=):
1078             - Multiply by a uint16.
1079         (JSC::Uint16WithFraction::operator<):
1080             - Compare two Uint16WithFractions.
1081         (JSC::Uint16WithFraction::floorAndSubtract):
1082             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1083         (JSC::Uint16WithFraction::comparePoint5):
1084             - Compare to 0.5.
1085         (JSC::Uint16WithFraction::sumGreaterThanOne):
1086             - Passed a second Uint16WithFraction, returns true if the result of adding
1087               the two values would be greater than one.
1088         (JSC::Uint16WithFraction::isNormalized):
1089             - Used by ASSERTs to consistency check internal representation.
1090         (JSC::BigInteger::BigInteger):
1091             - helper class, unbounded integer value, used to convert the integer part
1092               of the number to a string.
1093         (JSC::BigInteger::divide):
1094             - Divide this value through by a uint32.
1095         (JSC::BigInteger::operator!):
1096             - test for zero.
1097         (JSC::toStringWithRadix):
1098             - Performs number to string conversion, with the given radix (2..36).
1099         (JSC::numberProtoFuncToString):
1100             - Changed to use toStringWithRadix.
1101
1102 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
1103
1104         https://bugs.webkit.org/show_bug.cgi?id=63866
1105         DFG JIT - implement instanceof
1106
1107         Reviewed by Sam Weinig.
1108
1109         Add ops CheckHasInstance & InstanceOf to implement bytecodes
1110         op_check_has_instance & op_instanceof. This is an initial
1111         functional implementation, performance is a wash. We can
1112         follow up with changes to fuse the InstanceOf node with
1113         a subsequant branch, as we do with other comparisons.
1114
1115         * dfg/DFGByteCodeParser.cpp:
1116         (JSC::DFG::ByteCodeParser::parseBlock):
1117         * dfg/DFGJITCompiler.cpp:
1118         (JSC::DFG::JITCompiler::jitAssertIsCell):
1119         * dfg/DFGJITCompiler.h:
1120         (JSC::DFG::JITCompiler::jitAssertIsCell):
1121         * dfg/DFGNode.h:
1122         * dfg/DFGNonSpeculativeJIT.cpp:
1123         (JSC::DFG::NonSpeculativeJIT::compile):
1124         * dfg/DFGOperations.cpp:
1125         * dfg/DFGOperations.h:
1126         * dfg/DFGSpeculativeJIT.cpp:
1127         (JSC::DFG::SpeculativeJIT::compile):
1128
1129 2011-07-01  Oliver Hunt  <oliver@apple.com>
1130
1131         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
1132         https://bugs.webkit.org/show_bug.cgi?id=63732
1133
1134         Reviewed by Gavin Barraclough.
1135
1136         Initialise the memory at the head of the new storage so that
1137         GC is safe if triggered by reportExtraMemoryCost.
1138
1139         * runtime/JSArray.cpp:
1140         (JSC::JSArray::increaseVectorPrefixLength):
1141
1142 2011-07-01  Oliver Hunt  <oliver@apple.com>
1143
1144         GC sweep can occur before an object is completely initialised
1145         https://bugs.webkit.org/show_bug.cgi?id=63836
1146
1147         Reviewed by Gavin Barraclough.
1148
1149         In rare cases it's possible for a GC sweep to occur while a
1150         live, but not completely initialised object is on the stack.
1151         In such a case we may incorrectly choose to mark it, even
1152         though it has no children that need marking.
1153
1154         We resolve this by always zeroing out the structure of any
1155         value returned from JSCell::operator new(), and making the
1156         markstack tolerant of a null structure. 
1157
1158         * runtime/JSCell.h:
1159         (JSC::JSCell::JSCell::~JSCell):
1160         (JSC::JSCell::JSCell::operator new):
1161         * runtime/Structure.h:
1162         (JSC::MarkStack::internalAppend):
1163
1164 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
1165
1166         Reviewed by Gavin Barraclough.
1167
1168         DFG non-speculative JIT always performs slow C calls for div and mod.
1169         https://bugs.webkit.org/show_bug.cgi?id=63684
1170
1171         * dfg/DFGNonSpeculativeJIT.cpp:
1172         (JSC::DFG::NonSpeculativeJIT::compile):
1173
1174 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
1175
1176         Reviewed by Oliver Hunt.
1177
1178         Lexer error messages are currently appalling
1179         https://bugs.webkit.org/show_bug.cgi?id=63340
1180
1181         Added error messages for the Lexer. These messages will be displayed
1182         instead of the lexer error messages from the parser that are currently
1183         shown.
1184
1185         * parser/Lexer.cpp:
1186         (JSC::Lexer::getInvalidCharMessage):
1187         (JSC::Lexer::setCode):
1188         (JSC::Lexer::parseString):
1189         (JSC::Lexer::lex):
1190         (JSC::Lexer::clear):
1191         * parser/Lexer.h:
1192         (JSC::Lexer::getErrorMessage):
1193         (JSC::Lexer::setOffset):
1194         * parser/Parser.cpp:
1195         (JSC::Parser::parse):
1196
1197 2011-07-01  Jungshik Shin  <jshin@chromium.org>
1198
1199         Reviewed by Alexey Proskuryakov.
1200
1201         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1202         build files for ports not using ICU.
1203         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1204         ICU 3.6 (the version used on Mac OS 10.5)
1205
1206         http://bugs.webkit.org/show_bug.cgi?id=20797
1207
1208         * GNUmakefile.list.am:
1209         * JavaScriptCore.gypi:
1210         * icu/unicode/uscript.h: Added for UScriptCode enum.
1211         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1212         * wtf/unicode/icu/UnicodeIcu.h:
1213         * wtf/unicode/brew/UnicodeBrew.h:
1214         * wtf/unicode/glib/UnicodeGLib.h:
1215         * wtf/unicode/qt4/UnicodeQt4.h:
1216         * wtf/unicode/wince/UnicodeWinCE.h:
1217
1218 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
1219
1220         Reviewed by Sam Weinig.
1221
1222         https://bugs.webkit.org/show_bug.cgi?id=63819
1223         Escaping of forwardslashes in strings incorrect if multiple exist.
1224
1225         The bug is in the parameters passed to a substring - should be
1226         start & length, but we're passing start & end indices!
1227
1228         * runtime/RegExpObject.cpp:
1229         (JSC::regExpObjectSource):
1230
1231 2011-07-01  Adam Roben  <aroben@apple.com>
1232
1233         Roll out r90194
1234         http://trac.webkit.org/changeset/90194
1235         https://bugs.webkit.org/show_bug.cgi?id=63778
1236
1237         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
1238         assertions in WriteBarrierBase<JSC::Structure>::get
1239
1240         * runtime/JSCell.h:
1241         (JSC::JSCell::JSCell::~JSCell):
1242
1243 2011-06-30  Oliver Hunt  <oliver@apple.com>
1244
1245         Reviewed by Gavin Barraclough.
1246
1247         Add optimised paths for a few maths functions
1248         https://bugs.webkit.org/show_bug.cgi?id=63757
1249
1250         Relanding as a Mac only patch.
1251
1252         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1253         Math.floor, Math.log, and Math.exp as they are apparently more
1254         important in real web content than we thought, which is somewhat
1255         mind-boggling.  On average doubles the performance of the common
1256         cases (eg. actually passing numbers in).  They're not as efficient
1257         as they could be, but this way gives them the most portability.
1258
1259         * assembler/MacroAssemblerARM.h:
1260         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1261         (JSC::MacroAssemblerARM::andnotDouble):
1262         * assembler/MacroAssemblerARMv7.h:
1263         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1264         (JSC::MacroAssemblerARMv7::andnotDouble):
1265         * assembler/MacroAssemblerMIPS.h:
1266         (JSC::MacroAssemblerMIPS::andnotDouble):
1267         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1268         * assembler/MacroAssemblerSH4.h:
1269         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1270         (JSC::MacroAssemblerSH4::andnotDouble):
1271         * assembler/MacroAssemblerX86.h:
1272         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1273         * assembler/MacroAssemblerX86Common.h:
1274         (JSC::MacroAssemblerX86Common::andnotDouble):
1275         * assembler/MacroAssemblerX86_64.h:
1276         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1277         * assembler/X86Assembler.h:
1278         (JSC::X86Assembler::andnpd_rr):
1279         * create_hash_table:
1280         * jit/SpecializedThunkJIT.h:
1281         (JSC::SpecializedThunkJIT::finalize):
1282         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1283         * jit/ThunkGenerators.cpp:
1284         (JSC::floorThunkGenerator):
1285         (JSC::ceilThunkGenerator):
1286         (JSC::roundThunkGenerator):
1287         (JSC::expThunkGenerator):
1288         (JSC::logThunkGenerator):
1289         (JSC::absThunkGenerator):
1290         * jit/ThunkGenerators.h:
1291
1292 2011-07-01  David Kilzer  <ddkilzer@apple.com>
1293
1294         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
1295
1296         Fixes the following build error in clang:
1297
1298             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
1299                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1300                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
1301             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
1302                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1303                                                 ^
1304                      (                         )
1305             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
1306             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
1307             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
1308                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1309                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1310             1 error generated.
1311
1312         * jit/JITOpcodes32_64.cpp:
1313         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
1314         tertiary expression evaluate first.
1315
1316 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1317
1318         Unreviewed, rolling out r90177 and r90179.
1319         http://trac.webkit.org/changeset/90177
1320         http://trac.webkit.org/changeset/90179
1321         https://bugs.webkit.org/show_bug.cgi?id=63790
1322
1323         It caused crashes on Qt in debug mode (Requested by Ossy on
1324         #webkit).
1325
1326         * assembler/MacroAssemblerARM.h:
1327         (JSC::MacroAssemblerARM::rshift32):
1328         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
1329         (JSC::MacroAssemblerARM::sqrtDouble):
1330         * assembler/MacroAssemblerARMv7.h:
1331         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
1332         (JSC::MacroAssemblerARMv7::sqrtDouble):
1333         * assembler/MacroAssemblerMIPS.h:
1334         (JSC::MacroAssemblerMIPS::sqrtDouble):
1335         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
1336         * assembler/MacroAssemblerSH4.h:
1337         (JSC::MacroAssemblerSH4::sqrtDouble):
1338         * assembler/MacroAssemblerX86.h:
1339         * assembler/MacroAssemblerX86Common.h:
1340         * assembler/MacroAssemblerX86_64.h:
1341         * assembler/X86Assembler.h:
1342         * create_hash_table:
1343         * jit/JSInterfaceJIT.h:
1344         (JSC::JSInterfaceJIT::emitLoadDouble):
1345         * jit/SpecializedThunkJIT.h:
1346         (JSC::SpecializedThunkJIT::finalize):
1347         * jit/ThunkGenerators.cpp:
1348         * jit/ThunkGenerators.h:
1349
1350 2011-06-30  Oliver Hunt  <oliver@apple.com>
1351
1352         Reviewed by Beth Dakin.
1353
1354         Make GC validation clear cell structure on destruction
1355         https://bugs.webkit.org/show_bug.cgi?id=63778
1356
1357         * runtime/JSCell.h:
1358         (JSC::JSCell::JSCell::~JSCell):
1359
1360 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1361
1362         Reviewed by Gavin Barraclough.
1363
1364         Added write barrier that was missing from put_by_id_transition
1365         https://bugs.webkit.org/show_bug.cgi?id=63775
1366
1367         * dfg/DFGJITCodeGenerator.cpp:
1368         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
1369         MacroAssembler& argument so our patching functions could use it.
1370
1371         (JSC::DFG::JITCodeGenerator::cachedPutById):
1372         * dfg/DFGJITCodeGenerator.h:
1373         * dfg/DFGNonSpeculativeJIT.cpp:
1374         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
1375
1376         * dfg/DFGRepatch.cpp:
1377         (JSC::DFG::tryCachePutByID): Missing barrier!
1378
1379         * dfg/DFGSpeculativeJIT.cpp:
1380         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
1381
1382         * jit/JITPropertyAccess.cpp:
1383         (JSC::JIT::privateCompilePutByIdTransition):
1384         * jit/JITPropertyAccess32_64.cpp:
1385         (JSC::JIT::privateCompilePutByIdTransition):
1386         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
1387         because its meaning isn't clear -- maybe in the future we'll have a
1388         clear way to pass all stores through a common function that guarantees
1389         a write barrier, but that's not the case right now.
1390
1391 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1392
1393         Reviewed by Gavin Barraclough.
1394
1395         DFG non-speculative JIT does not reuse registers when compiling comparisons.
1396         https://bugs.webkit.org/show_bug.cgi?id=63565
1397
1398         * dfg/DFGNonSpeculativeJIT.cpp:
1399         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1400         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1401         (JSC::DFG::NonSpeculativeJIT::compare):
1402
1403 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1404
1405         Reviewed by Gavin Barraclough.
1406
1407         Added empty write barrier stubs in all the right places in the DFG JIT
1408         https://bugs.webkit.org/show_bug.cgi?id=63764
1409         
1410         SunSpider thinks this might be a 0.5% speedup. Meh.
1411
1412         * dfg/DFGJITCodeGenerator.cpp:
1413         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
1414
1415         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
1416         for the case where base == scratch, since we now require base and scratch
1417         to be not equal, for the sake of the write barrier.
1418
1419         * dfg/DFGJITCodeGenerator.h: Le stub.
1420
1421         * dfg/DFGNonSpeculativeJIT.cpp:
1422         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
1423         as the scratch register, since that's incompatible with the write barrier,
1424         which needs a distinct base and scratch.
1425         
1426         Do put the global object into a register before loading its var storage,
1427         since it needs to be in a register for the write barrier to operate on it.
1428
1429         * dfg/DFGSpeculativeJIT.cpp:
1430         (JSC::DFG::SpeculativeJIT::compile):
1431         * jit/JITPropertyAccess.cpp:
1432         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
1433
1434         * jit/JITPropertyAccess.cpp:
1435         (JSC::JIT::emit_op_get_scoped_var):
1436         (JSC::JIT::emit_op_put_scoped_var):
1437         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1438         places.
1439
1440         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1441         is a little more than meaningless.
1442
1443         * jit/JITPropertyAccess32_64.cpp:
1444         (JSC::JIT::emit_op_get_scoped_var):
1445         (JSC::JIT::emit_op_put_scoped_var):
1446         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1447         places.
1448
1449         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1450         is a little more than meaningless.
1451
1452         * runtime/JSVariableObject.h:
1453         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1454         we put the global object in a register and only then load its var storage
1455         by offset.
1456
1457         (JSC::JIT::emitWriteBarrier):
1458
1459 2011-06-30  Oliver Hunt  <oliver@apple.com>
1460
1461         Fix ARMv6 build
1462
1463         * assembler/MacroAssemblerARM.h:
1464         (JSC::MacroAssemblerARM::rshift32):
1465
1466 2011-06-30  Oliver Hunt  <oliver@apple.com>
1467
1468         Reviewed by Gavin Barraclough.
1469
1470         Add optimised paths for a few maths functions
1471         https://bugs.webkit.org/show_bug.cgi?id=63757
1472
1473         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1474         Math.floor, Math.log, and Math.exp as they are apparently more
1475         important in real web content than we thought, which is somewhat
1476         mind-boggling.  On average doubles the performance of the common
1477         cases (eg. actually passing numbers in).  They're not as efficient
1478         as they could be, but this way gives them the most portability.
1479
1480         * assembler/MacroAssemblerARM.h:
1481         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1482         (JSC::MacroAssemblerARM::andnotDouble):
1483         * assembler/MacroAssemblerARMv7.h:
1484         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1485         (JSC::MacroAssemblerARMv7::andnotDouble):
1486         * assembler/MacroAssemblerMIPS.h:
1487         (JSC::MacroAssemblerMIPS::andnotDouble):
1488         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1489         * assembler/MacroAssemblerSH4.h:
1490         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1491         (JSC::MacroAssemblerSH4::andnotDouble):
1492         * assembler/MacroAssemblerX86.h:
1493         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1494         * assembler/MacroAssemblerX86Common.h:
1495         (JSC::MacroAssemblerX86Common::andnotDouble):
1496         * assembler/MacroAssemblerX86_64.h:
1497         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1498         * assembler/X86Assembler.h:
1499         (JSC::X86Assembler::andnpd_rr):
1500         * create_hash_table:
1501         * jit/SpecializedThunkJIT.h:
1502         (JSC::SpecializedThunkJIT::finalize):
1503         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1504         * jit/ThunkGenerators.cpp:
1505         (JSC::floorThunkGenerator):
1506         (JSC::ceilThunkGenerator):
1507         (JSC::roundThunkGenerator):
1508         (JSC::expThunkGenerator):
1509         (JSC::logThunkGenerator):
1510         (JSC::absThunkGenerator):
1511         * jit/ThunkGenerators.h:
1512
1513 2011-06-30  Cary Clark  <caryclark@google.com>
1514
1515         Reviewed by James Robinson.
1516
1517         Use Skia if Skia on Mac Chrome is enabled
1518         https://bugs.webkit.org/show_bug.cgi?id=62999
1519
1520         * wtf/Platform.h:
1521         Add switch to use Skia if, externally,
1522         Skia has been enabled by a gyp define.
1523
1524 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1525
1526         Reviewed by Geoffrey Garen.
1527
1528         Web Inspector fails to display source for eval with syntax error
1529         https://bugs.webkit.org/show_bug.cgi?id=63583
1530
1531         Web Inspector now displays a link to an eval statement that contains
1532         a syntax error.
1533
1534         * parser/Parser.h:
1535         (JSC::isEvalNode):
1536         (JSC::EvalNode):
1537         (JSC::Parser::parse):
1538
1539 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1540
1541         Reviewed by Gavin Barraclough.
1542
1543         X86Assembler does not encode byte registers in 64-bit mode correctly.
1544         https://bugs.webkit.org/show_bug.cgi?id=63665
1545
1546         * assembler/X86Assembler.h:
1547         (JSC::X86Assembler::testb_rr):
1548         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1549
1550 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1551
1552         Unreviewed, rolling out r90102.
1553         http://trac.webkit.org/changeset/90102
1554         https://bugs.webkit.org/show_bug.cgi?id=63714
1555
1556         Lots of tests asserting beneath
1557         SVGSMILElement::findInstanceTime (Requested by aroben on
1558         #webkit).
1559
1560         * wtf/StdLibExtras.h:
1561         (WTF::binarySearch):
1562
1563 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1564
1565         Reviewed by Nikolas Zimmermann.
1566
1567         Speed up SVGSMILElement::findInstanceTime.
1568         https://bugs.webkit.org/show_bug.cgi?id=61025
1569
1570         Add a new parameter to StdlibExtras.h::binarySerarch function
1571         to also handle cases when the array does not contain the key value.
1572         This is needed for an svg function.
1573
1574         * wtf/StdLibExtras.h:
1575         (WTF::binarySearch):
1576
1577 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1578
1579         Reviewed by Geoff Garen.
1580
1581         https://bugs.webkit.org/show_bug.cgi?id=63669
1582         DFG JIT - fix spectral-norm regression
1583
1584         The problem is a mis-speculation leading to us falling off the speculative path.
1585         Make the speculation logic slightly smarter, don't predict int if one of the
1586         operands is already loaded as a double (we use this logic already for compares).
1587
1588         * dfg/DFGSpeculativeJIT.cpp:
1589         (JSC::DFG::SpeculativeJIT::compile):
1590         * dfg/DFGSpeculativeJIT.h:
1591         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1592
1593 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1594
1595         Reviewed by Gavin Barraclough.
1596
1597         DFG JIT does not do put_by_id transition caching.
1598         https://bugs.webkit.org/show_bug.cgi?id=63662
1599
1600         * dfg/DFGJITCodeGenerator.cpp:
1601         (JSC::DFG::JITCodeGenerator::cachedPutById):
1602         * dfg/DFGJITCompiler.h:
1603         (JSC::DFG::JITCompiler::addPropertyAccess):
1604         * dfg/DFGRepatch.cpp:
1605         (JSC::DFG::testPrototype):
1606         (JSC::DFG::tryCachePutByID):
1607
1608 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1609
1610         Reviewed by Oliver Hunt.
1611
1612         Added a dummy write barrier emitting function in all the right places in the old JIT
1613         https://bugs.webkit.org/show_bug.cgi?id=63667
1614         
1615         SunSpider reports no change.
1616
1617         * jit/JIT.h:
1618         * jit/JITPropertyAccess.cpp:
1619         (JSC::JIT::emit_op_put_by_id):
1620         (JSC::JIT::emit_op_put_scoped_var): Do it.
1621
1622         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1623         for the sake of the write barrier.
1624
1625         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1626
1627         * jit/JITPropertyAccess32_64.cpp:
1628         (JSC::JIT::emit_op_put_by_val):
1629         (JSC::JIT::emit_op_put_by_id):
1630         (JSC::JIT::emit_op_put_scoped_var): Do it.
1631
1632         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1633         for the sake of the write barrier.
1634
1635         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1636
1637 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1638
1639         Reviewed by Gavin Barraclough.
1640
1641         DFG JIT does not perform get_by_id self list caching.
1642         https://bugs.webkit.org/show_bug.cgi?id=63605
1643
1644         * bytecode/StructureStubInfo.h:
1645         * dfg/DFGJITCompiler.cpp:
1646         (JSC::DFG::JITCompiler::compileFunction):
1647         * dfg/DFGOperations.cpp:
1648         * dfg/DFGOperations.h:
1649         * dfg/DFGRepatch.cpp:
1650         (JSC::DFG::tryCacheGetByID):
1651         (JSC::DFG::tryBuildGetByIDList):
1652         (JSC::DFG::dfgBuildGetByIDList):
1653         * dfg/DFGRepatch.h:
1654
1655 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1656
1657         Reviewed by Gavin Barraclough.
1658
1659         DFG JIT lacks array.length caching.
1660         https://bugs.webkit.org/show_bug.cgi?id=63505
1661
1662         * bytecode/StructureStubInfo.h:
1663         * dfg/DFGJITCodeGenerator.cpp:
1664         (JSC::DFG::JITCodeGenerator::cachedGetById):
1665         (JSC::DFG::JITCodeGenerator::cachedPutById):
1666         * dfg/DFGJITCodeGenerator.h:
1667         (JSC::DFG::JITCodeGenerator::tryAllocate):
1668         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1669         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1670         * dfg/DFGJITCompiler.cpp:
1671         (JSC::DFG::JITCompiler::compileFunction):
1672         * dfg/DFGJITCompiler.h:
1673         (JSC::DFG::JITCompiler::addPropertyAccess):
1674         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1675         * dfg/DFGRegisterBank.h:
1676         (JSC::DFG::RegisterBank::tryAllocate):
1677         * dfg/DFGRepatch.cpp:
1678         (JSC::DFG::tryCacheGetByID):
1679
1680 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1681
1682         Reviewed by Eric Seidel.
1683
1684         Warnings in JSC's JIT on 32 bit
1685         https://bugs.webkit.org/show_bug.cgi?id=63259
1686
1687         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1688
1689         * jit/JITPropertyAccess32_64.cpp:
1690         (JSC::JIT::emit_op_method_check):
1691         (JSC::JIT::compileGetByIdHotPath):
1692         (JSC::JIT::emit_op_put_by_id):
1693
1694 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1695
1696         Unreviewed, rolling out r89968.
1697         http://trac.webkit.org/changeset/89968
1698         https://bugs.webkit.org/show_bug.cgi?id=63581
1699
1700         Broke chromium windows compile (Requested by jamesr on
1701         #webkit).
1702
1703         * wtf/Platform.h:
1704
1705 2011-06-28  Oliver Hunt  <oliver@apple.com>
1706
1707         Reviewed by Gavin Barraclough.
1708
1709         Fix sampling build
1710         https://bugs.webkit.org/show_bug.cgi?id=63579
1711
1712         Gets opcode sampling building again, doesn't seem to work alas
1713
1714         * bytecode/SamplingTool.cpp:
1715         (JSC::SamplingTool::notifyOfScope):
1716         * bytecode/SamplingTool.h:
1717         (JSC::SamplingTool::SamplingTool):
1718         * interpreter/Interpreter.cpp:
1719         (JSC::Interpreter::enableSampler):
1720         * runtime/Executable.h:
1721         (JSC::ScriptExecutable::ScriptExecutable):
1722
1723 2011-06-28  Cary Clark  <caryclark@google.com>
1724
1725         Reviewed by James Robinson.
1726
1727         Use Skia if Skia on Mac Chrome is enabled
1728         https://bugs.webkit.org/show_bug.cgi?id=62999
1729
1730         * wtf/Platform.h:
1731         Add switch to use Skia if, externally,
1732         Skia has been enabled by a gyp define.
1733
1734 2011-06-28  Oliver Hunt  <oliver@apple.com>
1735
1736         Reviewed by Gavin Barraclough.
1737
1738         ASSERT when launching debug builds with interpreter and jit enabled
1739         https://bugs.webkit.org/show_bug.cgi?id=63566
1740
1741         Add appropriate guards to the various Executable's memory reporting
1742         logic.
1743
1744         * runtime/Executable.cpp:
1745         (JSC::EvalExecutable::compileInternal):
1746         (JSC::ProgramExecutable::compileInternal):
1747         (JSC::FunctionExecutable::compileForCallInternal):
1748         (JSC::FunctionExecutable::compileForConstructInternal):
1749
1750 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1751
1752         Reviewed by Oliver Hunt.
1753
1754         https://bugs.webkit.org/show_bug.cgi?id=63563
1755         DFG JIT - add support for double arith to speculative path
1756
1757         Add integer support for div & mod, add double support for div, mod,
1758         add, sub & mul, dynamically selecting based on operand types.
1759
1760         * dfg/DFGJITCodeGenerator.cpp:
1761         (JSC::DFG::FPRTemporary::FPRTemporary):
1762         * dfg/DFGJITCodeGenerator.h:
1763         * dfg/DFGJITCompiler.h:
1764         (JSC::DFG::JITCompiler::assembler):
1765         * dfg/DFGSpeculativeJIT.cpp:
1766         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
1767         (JSC::DFG::SpeculativeJIT::compile):
1768         * dfg/DFGSpeculativeJIT.h:
1769         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1770         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
1771         (JSC::DFG::SpeculateDoubleOperand::index):
1772         (JSC::DFG::SpeculateDoubleOperand::fpr):
1773
1774 2011-06-28  Oliver Hunt  <oliver@apple.com>
1775
1776         Fix interpreter build.
1777
1778         * interpreter/Interpreter.cpp:
1779         (JSC::Interpreter::privateExecute):
1780
1781 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1782
1783         Reviewed by Oliver Hunt.
1784
1785         https://bugs.webkit.org/show_bug.cgi?id=63561
1786         DFG JIT - don't always assume integer in relational compare
1787
1788         If neither operand is known integer, or either is in double representation,
1789         then at least use a function call (don't bail off the speculative path).
1790
1791         * dfg/DFGSpeculativeJIT.cpp:
1792         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1793         (JSC::DFG::SpeculativeJIT::compile):
1794         * dfg/DFGSpeculativeJIT.h:
1795         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
1796         (JSC::DFG::SpeculativeJIT::compareIsInteger):
1797
1798 2011-06-28  Oliver Hunt  <oliver@apple.com>
1799
1800         Reviewed by Gavin Barraclough.
1801
1802         Make constant array optimisation less strict about what constitutes a constant
1803         https://bugs.webkit.org/show_bug.cgi?id=63554
1804
1805         Now allow string constants in array literals to actually be considered constant,
1806         and so avoid codegen in array literals with strings in them.
1807
1808         * bytecode/CodeBlock.h:
1809         (JSC::CodeBlock::addConstantBuffer):
1810         (JSC::CodeBlock::constantBuffer):
1811         * bytecompiler/BytecodeGenerator.cpp:
1812         (JSC::BytecodeGenerator::addConstantBuffer):
1813         (JSC::BytecodeGenerator::addStringConstant):
1814         (JSC::BytecodeGenerator::emitNewArray):
1815         * bytecompiler/BytecodeGenerator.h:
1816         * interpreter/Interpreter.cpp:
1817         (JSC::Interpreter::privateExecute):
1818         * jit/JITStubs.cpp:
1819         (JSC::DEFINE_STUB_FUNCTION):
1820
1821 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1822
1823         Reviewed by Oliver Hunt.
1824
1825         https://bugs.webkit.org/show_bug.cgi?id=63560
1826         DFG_JIT allow allocation of specific machine registers
1827
1828         This allow us to allocate the registers necessary to perform x86
1829         idiv instructions for div/mod, and may be useful for shifts, too.
1830
1831         * dfg/DFGJITCodeGenerator.cpp:
1832         (JSC::DFG::GPRTemporary::GPRTemporary):
1833         * dfg/DFGJITCodeGenerator.h:
1834         (JSC::DFG::JITCodeGenerator::allocate):
1835         (JSC::DFG::GPRResult::GPRResult):
1836         * dfg/DFGRegisterBank.h:
1837         (JSC::DFG::RegisterBank::allocateSpecific):
1838         * dfg/DFGSpeculativeJIT.h:
1839         (JSC::DFG::SpeculativeJIT::isInteger):
1840
1841 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
1842
1843         Reviewed by Oliver Hunt.
1844
1845         https://bugs.webkit.org/show_bug.cgi?id=55040
1846         RegExp constructor returns the argument regexp instead of a new object
1847
1848         Per 15.10.3.1, our current behaviour is correct if called as a function,
1849         but incorrect when called as a constructor.
1850
1851         * runtime/RegExpConstructor.cpp:
1852         (JSC::constructRegExp):
1853         (JSC::constructWithRegExpConstructor):
1854         * runtime/RegExpConstructor.h:
1855
1856 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
1857
1858         Reviewed by Darin Adler.
1859
1860         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
1861         https://bugs.webkit.org/show_bug.cgi?id=63469
1862
1863         * wtf/MathExtras.h:
1864         (defaultMinimumForClamp):
1865         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
1866         (defaultMaximumForClamp):
1867         Symmetric alias for std::numeric_limits::max()
1868         (clampTo):
1869         New templated clamping function that supports arbitrary output types.
1870         (clampToInteger):
1871         Use new clampTo template.
1872         (clampToFloat):
1873         Use new clampTo template.
1874         (clampToPositiveInteger):
1875         Use new clampTo template.
1876
1877 2011-06-28  Adam Roben  <aroben@apple.com>
1878
1879         Windows Debug build fix after r89885
1880
1881         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
1882         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
1883
1884 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
1885
1886         Reviewed by Kent Tamura.
1887
1888         Add const to show() method in WTFString and AtomicString.
1889         https://bugs.webkit.org/show_bug.cgi?id=63515
1890
1891         The lack of const in show() method is painful when
1892         doing something like printf-debug.
1893
1894         * wtf/text/AtomicString.cpp:
1895         (WTF::AtomicString::show):
1896         * wtf/text/AtomicString.h:
1897         * wtf/text/WTFString.cpp:
1898         (String::show):
1899         * wtf/text/WTFString.h:
1900
1901 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
1902
1903         Build fix attempt after r89885.
1904
1905         * JavaScriptCore.exp:
1906         * jsc.cpp:
1907
1908 2011-06-27  Oliver Hunt  <oliver@apple.com>
1909
1910         Reviewed by Geoffrey Garen.
1911
1912         Support throwing away non-running code even while other code is running
1913         https://bugs.webkit.org/show_bug.cgi?id=63485
1914
1915         Add a function to CodeBlock to support unlinking direct linked callsites,
1916         and then with that in place add logic to discard code from any function
1917         that is not currently on the stack.
1918
1919         The unlinking completely reverts any optimized call sites, such that they
1920         may be relinked again in future.
1921
1922         * JavaScriptCore.exp:
1923         * bytecode/CodeBlock.cpp:
1924         (JSC::CodeBlock::unlinkCalls):
1925         (JSC::CodeBlock::clearEvalCache):
1926         * bytecode/CodeBlock.h:
1927         (JSC::CallLinkInfo::CallLinkInfo):
1928         (JSC::CallLinkInfo::unlink):
1929         * bytecode/EvalCodeCache.h:
1930         (JSC::EvalCodeCache::clear):
1931         * heap/Heap.cpp:
1932         (JSC::Heap::getConservativeRegisterRoots):
1933         * heap/Heap.h:
1934         * jit/JIT.cpp:
1935         (JSC::JIT::privateCompile):
1936         * jit/JIT.h:
1937         * jit/JITCall.cpp:
1938         (JSC::JIT::compileOpCall):
1939         * jit/JITWriteBarrier.h:
1940         (JSC::JITWriteBarrierBase::clear):
1941         * jsc.cpp:
1942         (GlobalObject::GlobalObject):
1943         (functionReleaseExecutableMemory):
1944         * runtime/Executable.cpp:
1945         (JSC::EvalExecutable::unlinkCalls):
1946         (JSC::ProgramExecutable::unlinkCalls):
1947         (JSC::FunctionExecutable::discardCode):
1948         (JSC::FunctionExecutable::unlinkCalls):
1949         * runtime/Executable.h:
1950         * runtime/JSGlobalData.cpp:
1951         (JSC::SafeRecompiler::returnValue):
1952         (JSC::SafeRecompiler::operator()):
1953         (JSC::JSGlobalData::releaseExecutableMemory):
1954
1955 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1956
1957         Reviewed by Darin Adler & Oliver Hunt.
1958
1959         https://bugs.webkit.org/show_bug.cgi?id=50554
1960         RegExp.prototype.toString does not escape slashes
1961
1962         The problem here is that we don't escape forwards slashes when converting
1963         a RegExp to a string. This means that RegExp("/").toString() is "///",
1964         which is not a valid RegExp literal. Also, we return an invalid literal
1965         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
1966
1967         From ES5:
1968         "NOTE: The returned String has the form of a RegularExpressionLiteral that
1969         evaluates to another RegExp object with the same behaviour as this object."
1970
1971         * runtime/RegExpObject.cpp:
1972         (JSC::regExpObjectSource):
1973             - Escape forward slashes when getting the source of a RegExp.
1974         * runtime/RegExpPrototype.cpp:
1975         (JSC::regExpProtoFuncToString):
1976             - Remove unnecessary and erroneous hack to return "//" as the string
1977             representation of RegExp.prototype. This is not a valid RegExp literal
1978             (it is an empty single-line comment).
1979
1980 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
1981
1982         Reviewed by Oliver Hunt.
1983
1984         https://bugs.webkit.org/show_bug.cgi?id=63497
1985         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
1986
1987         * dfg/DFGByteCodeParser.cpp:
1988         (JSC::DFG::ByteCodeParser::parseBlock):
1989         * dfg/DFGNode.h:
1990         * dfg/DFGNonSpeculativeJIT.cpp:
1991         (JSC::DFG::NonSpeculativeJIT::compile):
1992         * dfg/DFGSpeculativeJIT.cpp:
1993         (JSC::DFG::SpeculativeJIT::compile):
1994
1995 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
1996
1997         Reviewed by Mark Rowe.
1998
1999         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
2000         https://bugs.webkit.org/show_bug.cgi?id=63392
2001         
2002         When both TextPosition.h and XPathGrammar.h are included a compile-error
2003         is caused, since XPathGrammar.h defines a macro called NUMBER and 
2004         TextPosition has a typedef named NUMBER.
2005
2006         * wtf/text/TextPosition.h:
2007         (WTF::TextPosition::TextPosition):
2008         (WTF::TextPosition::minimumPosition):
2009         (WTF::TextPosition::belowRangePosition):
2010
2011 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
2012
2013         Reviewed by Gavin Barraclough.
2014
2015         DFG JIT does not perform put_by_id caching.
2016         https://bugs.webkit.org/show_bug.cgi?id=63409
2017
2018         * bytecode/StructureStubInfo.h:
2019         * dfg/DFGJITCodeGenerator.cpp:
2020         (JSC::DFG::JITCodeGenerator::cachedPutById):
2021         * dfg/DFGJITCodeGenerator.h:
2022         * dfg/DFGJITCompiler.cpp:
2023         (JSC::DFG::JITCompiler::compileFunction):
2024         * dfg/DFGJITCompiler.h:
2025         (JSC::DFG::JITCompiler::addPropertyAccess):
2026         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2027         * dfg/DFGNonSpeculativeJIT.cpp:
2028         (JSC::DFG::NonSpeculativeJIT::compile):
2029         * dfg/DFGOperations.cpp:
2030         * dfg/DFGOperations.h:
2031         * dfg/DFGRepatch.cpp:
2032         (JSC::DFG::dfgRepatchByIdSelfAccess):
2033         (JSC::DFG::tryCacheGetByID):
2034         (JSC::DFG::appropriatePutByIdFunction):
2035         (JSC::DFG::tryCachePutByID):
2036         (JSC::DFG::dfgRepatchPutByID):
2037         * dfg/DFGRepatch.h:
2038         * dfg/DFGSpeculativeJIT.cpp:
2039         (JSC::DFG::SpeculativeJIT::compile):
2040
2041 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
2042
2043         Unreviewed build fix. One more filed missing during distcheck, for
2044         the MIPS build.
2045
2046         * GNUmakefile.list.am:
2047
2048 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
2049
2050         Reviewed by Gavin Barraclough.
2051
2052         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
2053         https://bugs.webkit.org/show_bug.cgi?id=63347
2054
2055         * dfg/DFGNonSpeculativeJIT.cpp:
2056             - Changed arithmetic operations to speculate in favor of integers.
2057         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2058         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
2059         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2060         (JSC::DFG::NonSpeculativeJIT::compile):
2061         * dfg/DFGNonSpeculativeJIT.h:
2062         * dfg/DFGOperations.cpp:
2063             - Added slow-path routines for arithmetic that perform no speculation; the
2064               non-speculative JIT will generate calls to these in cases where its
2065               speculation fails.
2066         * dfg/DFGOperations.h:
2067
2068 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
2069
2070         Reviewed by Rob Buis.
2071
2072         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2073         https://bugs.webkit.org/show_bug.cgi?id=59085
2074
2075         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2076
2077 2011-06-24  Michael Saboff  <msaboff@apple.com>
2078
2079         Reviewed by Gavin Barraclough.
2080
2081         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
2082         https://bugs.webkit.org/show_bug.cgi?id=63345
2083
2084         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
2085         return 9 and 10 bit quantities, therefore changed their return type from
2086         uint8_t to uint16_t.  Also casted the places where they are used as they
2087         are currently shifted and used as 7 or 8 bit values.
2088
2089         These methods are currently used for literals for stack offsets, 
2090         including creating and destroying stack frames.  The prior truncation of
2091         the upper bits caused stack frames to be too small, thus allowing a
2092         JIT'ed function to access and overwrite stack space outside of the
2093         incorrectly sized stack frame.
2094
2095         * assembler/ARMv7Assembler.h:
2096         (JSC::ARMThumbImmediate::getUInt9):
2097         (JSC::ARMThumbImmediate::getUInt10):
2098         (JSC::ARMv7Assembler::add):
2099         (JSC::ARMv7Assembler::ldr):
2100         (JSC::ARMv7Assembler::str):
2101         (JSC::ARMv7Assembler::sub):
2102         (JSC::ARMv7Assembler::sub_S):
2103
2104 2011-06-24  Michael Saboff  <msaboff@apple.com>
2105
2106         Reviewed by Geoffrey Garen.
2107
2108         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
2109         https://bugs.webkit.org/show_bug.cgi?id=63015
2110
2111         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
2112         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
2113         adjustments are a bug.  These need to reflect the pages that are released
2114         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
2115         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
2116         Check() and helper method CheckList() to check the number of actual free pages
2117         with free_committed_pages_.
2118
2119         The symptom of the problem of the existing code is that the scavenger may
2120         run unneccesarily without any real work to do, i.e. pages on the free lists.
2121         The scanvenger would also end up freeing too many pages, that is going below 
2122         the current 528 target free pages.
2123
2124         Note that the style of the changes was kept consistent with the
2125         existing style.
2126
2127         * wtf/FastMalloc.cpp:
2128         (WTF::TCMalloc_PageHeap::Check):
2129         (WTF::TCMalloc_PageHeap::CheckList):
2130         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
2131
2132 2011-06-24  Abhishek Arya  <inferno@chromium.org>
2133
2134         Reviewed by Darin Adler.
2135
2136         Match other clampTo* functions in style with clampToInteger(float)
2137         function.
2138         https://bugs.webkit.org/show_bug.cgi?id=53449
2139
2140         * wtf/MathExtras.h:
2141         (clampToInteger):
2142         (clampToFloat):
2143         (clampToPositiveInteger):
2144
2145 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
2146
2147         Unreviewed, rolling out r89594.
2148         http://trac.webkit.org/changeset/89594
2149         https://bugs.webkit.org/show_bug.cgi?id=63316
2150
2151         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
2152         #webkit).
2153
2154         * GNUmakefile.list.am:
2155         * JavaScriptCore.gypi:
2156         * icu/unicode/uscript.h: Removed.
2157         * wtf/unicode/ScriptCodesFromICU.h: Removed.
2158         * wtf/unicode/brew/UnicodeBrew.h:
2159         * wtf/unicode/glib/UnicodeGLib.h:
2160         * wtf/unicode/icu/UnicodeIcu.h:
2161         * wtf/unicode/qt4/UnicodeQt4.h:
2162         * wtf/unicode/wince/UnicodeWinCE.h:
2163
2164 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
2165
2166         Reviewed by Gavin Barraclough.
2167
2168         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
2169         https://bugs.webkit.org/show_bug.cgi?id=63173
2170
2171         * dfg/DFGJITCodeGenerator.cpp:
2172         (JSC::DFG::JITCodeGenerator::cachedGetById):
2173         * dfg/DFGJITCodeGenerator.h:
2174         * dfg/DFGNonSpeculativeJIT.cpp:
2175         (JSC::DFG::NonSpeculativeJIT::compile):
2176         * dfg/DFGSpeculativeJIT.cpp:
2177         (JSC::DFG::SpeculativeJIT::compile):
2178
2179 2011-06-23  Oliver Hunt  <oliver@apple.com>
2180
2181         Fix Qt again.
2182
2183         * assembler/ARMAssembler.h:
2184         (JSC::ARMAssembler::readPointer):
2185
2186 2011-06-23  Oliver Hunt  <oliver@apple.com>
2187
2188         Fix Qt Build
2189
2190         * assembler/ARMAssembler.h:
2191         (JSC::ARMAssembler::readPointer):
2192
2193 2011-06-23  Stephanie Lewis  <slewis@apple.com>
2194
2195         Reviewed by Darin Adler.
2196
2197         https://bugs.webkit.org/show_bug.cgi?id=63298
2198         Replace Malloc with FastMalloc to match the rest of wtf.
2199
2200         * wtf/BlockStack.h:
2201         (WTF::::~BlockStack):
2202         (WTF::::grow):
2203         (WTF::::shrink):
2204
2205 2011-06-23  Oliver Hunt  <oliver@apple.com>
2206
2207         Reviewed by Gavin Barraclough.
2208
2209         Add the ability to dynamically modify linked call sites
2210         https://bugs.webkit.org/show_bug.cgi?id=63291
2211
2212         Add JITWriteBarrier as a writebarrier class that allows
2213         reading and writing directly into the code stream.
2214
2215         This required adding logic to all the assemblers to allow
2216         us to read values back out of the instruction stream.
2217
2218         * JavaScriptCore.xcodeproj/project.pbxproj:
2219         * assembler/ARMAssembler.h:
2220         (JSC::ARMAssembler::readPointer):
2221         * assembler/ARMv7Assembler.h:
2222         (JSC::ARMv7Assembler::readPointer):
2223         (JSC::ARMv7Assembler::readInt32):
2224         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
2225         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
2226         * assembler/AbstractMacroAssembler.h:
2227         (JSC::AbstractMacroAssembler::readPointer):
2228         * assembler/MIPSAssembler.h:
2229         (JSC::MIPSAssembler::readInt32):
2230         (JSC::MIPSAssembler::readPointer):
2231         * assembler/MacroAssemblerCodeRef.h:
2232         (JSC::MacroAssemblerCodePtr::operator!):
2233         * assembler/SH4Assembler.h:
2234         (JSC::SH4Assembler::readPCrelativeAddress):
2235         (JSC::SH4Assembler::readPointer):
2236         (JSC::SH4Assembler::readInt32):
2237         * assembler/X86Assembler.h:
2238         (JSC::X86Assembler::readPointer):
2239         * bytecode/CodeBlock.cpp:
2240         (JSC::CodeBlock::visitAggregate):
2241         * bytecode/CodeBlock.h:
2242         (JSC::MethodCallLinkInfo::seenOnce):
2243         (JSC::MethodCallLinkInfo::setSeen):
2244         * heap/MarkStack.h:
2245         * jit/JIT.cpp:
2246         (JSC::JIT::privateCompile):
2247         (JSC::JIT::linkCall):
2248         (JSC::JIT::linkConstruct):
2249         * jit/JITPropertyAccess.cpp:
2250         (JSC::JIT::patchMethodCallProto):
2251         * jit/JITPropertyAccess32_64.cpp:
2252         * jit/JITWriteBarrier.h: Added.
2253         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
2254         (JSC::JITWriteBarrierBase::operator!):
2255         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
2256         (JSC::JITWriteBarrierBase::isFlagged):
2257         (JSC::JITWriteBarrierBase::setLocation):
2258         (JSC::JITWriteBarrierBase::location):
2259         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
2260         (JSC::JITWriteBarrierBase::set):
2261         (JSC::JITWriteBarrierBase::get):
2262         (JSC::JITWriteBarrier::JITWriteBarrier):
2263         (JSC::JITWriteBarrier::set):
2264         (JSC::JITWriteBarrier::get):
2265         (JSC::MarkStack::append):
2266
2267 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
2268
2269         Reviewed by Oliver Hunt.
2270
2271         https://bugs.webkit.org/show_bug.cgi?id=61585
2272         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
2273
2274         This is due to use of int instead of unsigned, bad math around
2275         the 2^31 boundary.
2276
2277         * yarr/YarrInterpreter.cpp:
2278         (JSC::Yarr::ByteCompiler::emitDisjunction):
2279             - Change some uses of int to unsigned, refactor compare logic to
2280               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
2281         * yarr/YarrJIT.cpp:
2282         (JSC::Yarr::YarrGenerator::generate):
2283         (JSC::Yarr::YarrGenerator::backtrack):
2284             - Ditto.
2285
2286 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
2287
2288         Reviewed by Sam Weinig.
2289
2290         https://bugs.webkit.org/show_bug.cgi?id=63218
2291         DFG JIT - remove machine type guarantees from graph
2292
2293         The DFG JIT currently makes assumptions about the types of machine registers
2294         that certain nodes will be loaded into. This will be broken as we generate
2295         nodes to produce both integer and double code paths. Remove int<->double
2296         conversions nodes. This design decision also gave rise to multiple types of
2297         constant nodes, requiring separate handling for each type. Merge these back
2298         into JSConstant.
2299
2300         * dfg/DFGAliasTracker.h:
2301         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
2302         * dfg/DFGByteCodeParser.cpp:
2303         (JSC::DFG::ByteCodeParser::getToInt32):
2304         (JSC::DFG::ByteCodeParser::getToNumber):
2305         (JSC::DFG::ByteCodeParser::toInt32):
2306         (JSC::DFG::ByteCodeParser::toNumber):
2307         (JSC::DFG::ByteCodeParser::isInt32Constant):
2308         (JSC::DFG::ByteCodeParser::isDoubleConstant):
2309         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2310         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
2311         (JSC::DFG::ByteCodeParser::one):
2312         (JSC::DFG::ByteCodeParser::predictInt32):
2313         * dfg/DFGGraph.cpp:
2314         (JSC::DFG::Graph::dump):
2315         * dfg/DFGJITCodeGenerator.h:
2316         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2317         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2318         (JSC::DFG::JITCodeGenerator::isJSConstant):
2319         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
2320         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
2321         * dfg/DFGJITCompiler.cpp:
2322         (JSC::DFG::JITCompiler::fillNumericToDouble):
2323         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2324         * dfg/DFGJITCompiler.h:
2325         (JSC::DFG::JITCompiler::isJSConstant):
2326         (JSC::DFG::JITCompiler::isInt32Constant):
2327         (JSC::DFG::JITCompiler::isDoubleConstant):
2328         (JSC::DFG::JITCompiler::valueOfJSConstant):
2329         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2330         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2331         * dfg/DFGNode.h:
2332         (JSC::DFG::Node::Node):
2333         (JSC::DFG::Node::isConstant):
2334         (JSC::DFG::Node::notTakenBytecodeOffset):
2335         * dfg/DFGNonSpeculativeJIT.cpp:
2336         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
2337         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
2338         (JSC::DFG::NonSpeculativeJIT::compile):
2339         * dfg/DFGSpeculativeJIT.cpp:
2340         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2341         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2342         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2343         (JSC::DFG::SpeculativeJIT::compile):
2344
2345 2011-06-23  Jungshik Shin  <jshin@chromium.org>
2346
2347         Reviewed by Alexey Proskuryakov.
2348
2349         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
2350         build files for ports not using ICU.
2351         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
2352         ICU 3.6 (the version used on Mac OS 10.5)
2353
2354         http://bugs.webkit.org/show_bug.cgi?id=20797
2355
2356         * GNUmakefile.list.am:
2357         * JavaScriptCore.gypi:
2358         * icu/unicode/uscript.h: Added for UScriptCode enum.
2359         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
2360         * wtf/unicode/icu/UnicodeIcu.h:
2361         * wtf/unicode/brew/UnicodeBrew.h:
2362         * wtf/unicode/glib/UnicodeGLib.h:
2363         * wtf/unicode/qt4/UnicodeQt4.h:
2364         * wtf/unicode/wince/UnicodeWinCE.h:
2365
2366 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
2367
2368         Reviewed by Andreas Kling.
2369
2370         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
2371         https://bugs.webkit.org/show_bug.cgi?id=63228
2372
2373         * wtf/Platform.h: Add PLATFORM(EFL) guard.
2374
2375 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2376
2377         Unreviewed, rolling out r89547.
2378         http://trac.webkit.org/changeset/89547
2379         https://bugs.webkit.org/show_bug.cgi?id=63252
2380
2381         "Chrmium crash on start" (Requested by yurys on #webkit).
2382
2383         * wtf/DynamicAnnotations.cpp:
2384         (WTFAnnotateBenignRaceSized):
2385         (WTFAnnotateHappensBefore):
2386         (WTFAnnotateHappensAfter):
2387         * wtf/DynamicAnnotations.h:
2388
2389 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
2390
2391         Reviewed by David Levin.
2392
2393         Make dynamic annotations weak symbols and prevent identical code folding by the linker
2394         https://bugs.webkit.org/show_bug.cgi?id=62443
2395
2396         * wtf/DynamicAnnotations.cpp:
2397         (WTFAnnotateBenignRaceSized):
2398         (WTFAnnotateHappensBefore):
2399         (WTFAnnotateHappensAfter):
2400         * wtf/DynamicAnnotations.h:
2401
2402 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
2403
2404         Reviewed by Andreas Kling.
2405
2406         [Qt] Add a build flag for building with libxml2 and libxslt.
2407         https://bugs.webkit.org/show_bug.cgi?id=63113
2408
2409         * wtf/Platform.h:
2410
2411 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2412
2413         Unreviewed, rolling out r89489.
2414         http://trac.webkit.org/changeset/89489
2415         https://bugs.webkit.org/show_bug.cgi?id=63203
2416
2417         Broke chromium mac build on build.webkit.org (Requested by
2418         abarth on #webkit).
2419
2420         * wtf/Platform.h:
2421
2422 2011-06-22  Cary Clark  <caryclark@google.com>
2423
2424         Reviewed by Darin Fisher.
2425
2426         Use Skia if Skia on Mac Chrome is enabled
2427         https://bugs.webkit.org/show_bug.cgi?id=62999
2428
2429         * wtf/Platform.h:
2430         Add switch to use Skia if, externally,
2431         Skia has been enabled by a gyp define.
2432
2433 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2434
2435         Reviewed by Oliver Hunt.
2436
2437         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2438
2439 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2440
2441         Reviewed by Oliver Hunt.
2442
2443         Removed the conceit that global variables are local variables when running global code
2444         https://bugs.webkit.org/show_bug.cgi?id=63106
2445         
2446         This is required for write barrier correctness.
2447         
2448         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2449         I was able to reduce the regression with a tiny peephole optimization in
2450         the bytecompiler, but not eliminate it. I'm committing this assuming
2451         that turning on generational GC will win back at least 0.5%.
2452
2453         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2454         the global object's var storage. I considered doing the same kind of
2455         optimization in the existing JIT, but it seemed like moving in the wrong
2456         direction.)
2457
2458         * bytecompiler/BytecodeGenerator.cpp:
2459         (JSC::BytecodeGenerator::addGlobalVar):
2460         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2461         negative indices, since they're no longer negatively offset from the
2462         current stack frame.
2463         
2464         Do give global variables monotonically increasing positive indices, since
2465         that's much easier to work with.
2466         
2467         Don't limit the number of optimizable global variables, since it's no
2468         longer limited by the register file, since they're no longer stored in
2469         the register file.
2470
2471         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2472         registers because a var in global code is actually a property of the
2473         global object.
2474
2475         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2476
2477         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2478         propagation and dead code elimination to speed up our compiles and
2479         reduce WTFs / minute.
2480
2481         * bytecompiler/BytecodeGenerator.h:
2482         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2483
2484         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2485         global code, since there are none.
2486
2487         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2488         in global code (i.e., global vars), since there are some.
2489
2490         * interpreter/Interpreter.cpp:
2491         (JSC::Interpreter::callEval):
2492         (JSC::Interpreter::Interpreter):
2493         (JSC::Interpreter::dumpRegisters):
2494         (JSC::Interpreter::execute):
2495         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2496
2497         * interpreter/RegisterFile.cpp:
2498         (JSC::RegisterFile::gatherConservativeRoots):
2499         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2500         data members.
2501
2502         * interpreter/RegisterFile.h:
2503         (JSC::RegisterFile::begin):
2504         (JSC::RegisterFile::size):
2505         (JSC::RegisterFile::RegisterFile):
2506         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2507         global variables stored in the register file.
2508
2509         (JSC::RegisterFile::grow): Updated for same.
2510         
2511         Also, a slight correctness fix: Test the VM commit end, and not just the
2512         in-use end, when checking for stack overflow. In theory, it's invalid to
2513         commit past the end of your allocation, even if you never touch that
2514         memory. This makes the usable size of the stack slightly smaller. No test
2515         because we don't know of any case in practice where this crashes.
2516
2517         * runtime/JSGlobalData.cpp:
2518         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2519
2520         * runtime/JSGlobalObject.cpp:
2521         (JSC::JSGlobalObject::resizeRegisters):
2522         (JSC::JSGlobalObject::addStaticGlobals):
2523         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2524         increasing indexes, always located in our external storage.
2525
2526 2011-06-21  MORITA Hajime  <morrita@google.com>
2527
2528         Unreviewed, rolling out r89401 and r89403.
2529         http://trac.webkit.org/changeset/89401
2530         http://trac.webkit.org/changeset/89403
2531         https://bugs.webkit.org/show_bug.cgi?id=62970
2532
2533         Breaks mac build and mistakenly enables the spellcheck API
2534
2535         * Configurations/FeatureDefines.xcconfig:
2536         * JavaScriptCore.xcodeproj/project.pbxproj:
2537
2538 2011-06-21  Kent Tamura  <tkent@chromium.org>
2539
2540         [Mac] Sort Xcode project files.
2541
2542         * JavaScriptCore.xcodeproj/project.pbxproj:
2543
2544 2011-06-20  MORITA Hajime  <morrita@google.com>
2545
2546         Reviewed by Kent Tamura.
2547
2548         Spellcheck API should be build-able.
2549         https://bugs.webkit.org/show_bug.cgi?id=62970
2550
2551         No new tests, changing only build related files
2552         
2553         * Configurations/FeatureDefines.xcconfig:
2554
2555 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2556
2557         Reviewed by Oliver Hunt.
2558
2559         Moved 'const' off the global-variable-as-local-variable crack pipe
2560         https://bugs.webkit.org/show_bug.cgi?id=63105
2561         
2562         This is necessary for moving the rest of the code off of same.
2563         
2564         Many problems remain in our handling of const. I have fixed none of them.
2565
2566         * bytecompiler/BytecodeGenerator.h:
2567         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2568         const to directly implement its unique scoping rules.
2569
2570         * bytecompiler/NodesCodegen.cpp:
2571         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2572         for writing, so we don't overwrite const variables.
2573
2574         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2575         variables are available as local variables, since this won't be the case
2576         once global variables are not available as local variables. Instead, use
2577         put_scoped_var in the case where there is no local variable. Like a local
2578         variable, put_scoped_var succeeds even though const properties are
2579         read-only, since put_scoped_var skips read-only checks. (Yay?)
2580
2581 2011-06-21  Oliver Hunt  <oliver@apple.com>
2582
2583         Reviewed by Alexey Proskuryakov.
2584
2585         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2586         https://bugs.webkit.org/show_bug.cgi?id=63052
2587
2588         Release mode only failure, the stack overflow guards were getting there error
2589         handling inlined, so that they were essentially causing their own demise.
2590
2591         * parser/JSParser.cpp:
2592         (JSC::JSParser::updateErrorMessage):
2593         (JSC::JSParser::updateErrorWithNameAndMessage):
2594
2595 2011-06-20  Kenneth Russell  <kbr@google.com>
2596
2597         Unreviewed.
2598
2599         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2600         https://bugs.webkit.org/show_bug.cgi?id=63022
2601
2602         * wtf/Platform.h:
2603
2604 2011-06-18  Anders Carlsson  <andersca@apple.com>
2605
2606         Reviewed by Darin Adler.
2607
2608         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2609         https://bugs.webkit.org/show_bug.cgi?id=62940
2610
2611         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2612
2613         * wtf/PassOwnArrayPtr.h:
2614         (WTF::PassOwnArrayPtr::operator=):
2615         * wtf/PassOwnPtr.h:
2616         (WTF::PassOwnPtr::operator=):
2617         * wtf/PassRefPtr.h:
2618         (WTF::PassRefPtr::operator=):
2619         (WTF::NonNullPassRefPtr::operator=):
2620
2621 2011-06-20  Oliver Hunt  <oliver@apple.com>
2622
2623         Reviewed by Darin Adler.
2624
2625         REGRESSION (r79060): Searching for a flight at united.com fails
2626         https://bugs.webkit.org/show_bug.cgi?id=63003
2627
2628         This original change also broke Twitter, and we attempted to refine the fix to 
2629         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2630         we need to revert the change until we understand the problem better.
2631
2632         * wtf/DateMath.cpp:
2633         (WTF::parseDateFromNullTerminatedCharacters):
2634
2635 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2636
2637         Reviewed by Oliver Hunt.
2638
2639         No context for javascript parse errors.
2640         https://bugs.webkit.org/show_bug.cgi?id=62613
2641         
2642         Parse errors now show more details like:
2643         "Unexpected token: ]"
2644         or
2645         "Expected token: while"
2646         
2647         For reserved names, numbers, indentifiers, strings, lexer errors, 
2648         and EOFs, the following error messages are printed:
2649         
2650         "Use of reserved word: super"
2651         "Unexpected number: 42"
2652         "Unexpected identifier: "
2653         "Unexpected string: "foobar""
2654         "Invalid token character sequence: \u4023"
2655         "Unexpected EOF"
2656
2657         * parser/JSParser.cpp:
2658         (JSC::JSParser::consume):
2659         (JSC::JSParser::getToken):
2660         (JSC::JSParser::getTokenName):
2661         (JSC::JSParser::updateErrorMessageSpecialCase):
2662         (JSC::JSParser::updateErrorMessage):
2663         (JSC::JSParser::updateErrorWithNameAndMessage):
2664         (JSC::jsParse):
2665         (JSC::JSParser::JSParser):
2666         (JSC::JSParser::parseProgram):
2667         (JSC::JSParser::parseVarDeclarationList):
2668         (JSC::JSParser::parseForStatement):
2669         (JSC::JSParser::parseBreakStatement):
2670         (JSC::JSParser::parseContinueStatement):
2671         (JSC::JSParser::parseWithStatement):
2672         (JSC::JSParser::parseTryStatement):
2673         (JSC::JSParser::parseStatement):
2674         (JSC::JSParser::parseFormalParameters):
2675         (JSC::JSParser::parseFunctionInfo):
2676         (JSC::JSParser::parseAssignmentExpression):
2677         (JSC::JSParser::parsePrimaryExpression):
2678         (JSC::JSParser::parseMemberExpression):
2679         (JSC::JSParser::parseUnaryExpression):
2680         * parser/JSParser.h:
2681         * parser/Lexer.cpp:
2682         (JSC::Lexer::lex):
2683         * parser/Parser.cpp:
2684         (JSC::Parser::parse):
2685
2686 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2687
2688         Reviewed by Rob Buis.
2689
2690         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2691         https://bugs.webkit.org/show_bug.cgi?id=59085
2692
2693         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2694
2695 2011-06-19  Oliver Hunt  <oliver@apple.com>
2696
2697         Reviewed by Sam Weinig.
2698
2699         Correct logic for putting errors on the correct line when handling JSONP
2700         https://bugs.webkit.org/show_bug.cgi?id=62962
2701
2702         Minor fix for the minor fix.  *sigh*
2703
2704         * interpreter/Interpreter.cpp:
2705         (JSC::Interpreter::execute):
2706
2707 2011-06-19  Oliver Hunt  <oliver@apple.com>
2708
2709         Minor fix to correct layout test results.
2710
2711         * interpreter/Interpreter.cpp:
2712         (JSC::Interpreter::execute):
2713
2714 2011-06-17  Oliver Hunt  <oliver@apple.com>
2715
2716         Reviewed by Gavin Barraclough.
2717
2718         JSONP is unnecessarily slow
2719         https://bugs.webkit.org/show_bug.cgi?id=62920
2720
2721         JSONP has unfortunately become a fairly common idiom online, yet
2722         it triggers very poor performance in JSC as we end up doing codegen
2723         for a large number of property accesses that will
2724            * only be run once, so the vast amount of logic we dump to handle
2725              caching of accesses is unnecessary.
2726            * We are doing codegen that is directly proportional to just
2727              creating the object in the first place.
2728
2729         This patch extends the use of the literal parser to JSONP-like structures
2730         in global code, handling a number of different forms I have seen online.
2731         In an extreme case this improves performance of JSONP by more than 2x
2732         due to removal of code generation and execution time, and a few optimisations
2733         that I made to the parser itself.
2734
2735         * API/JSValueRef.cpp:
2736         (JSValueMakeFromJSONString):
2737         * interpreter/Interpreter.cpp:
2738         (JSC::Interpreter::callEval):
2739         (JSC::Interpreter::execute):
2740         * parser/Lexer.cpp:
2741         (JSC::Lexer::isKeyword):
2742         * parser/Lexer.h:
2743         * runtime/JSGlobalObjectFunctions.cpp:
2744         (JSC::globalFuncEval):
2745         * runtime/JSONObject.cpp:
2746         (JSC::JSONProtoFuncParse):
2747         * runtime/LiteralParser.cpp:
2748         (JSC::LiteralParser::tryJSONPParse):
2749         (JSC::LiteralParser::makeIdentifier):
2750         (JSC::LiteralParser::Lexer::lex):
2751         (JSC::LiteralParser::Lexer::next):
2752         (JSC::isSafeStringCharacter):
2753         (JSC::LiteralParser::Lexer::lexString):
2754         (JSC::LiteralParser::Lexer::lexNumber):
2755         (JSC::LiteralParser::parse):
2756         * runtime/LiteralParser.h:
2757         (JSC::LiteralParser::LiteralParser):
2758         (JSC::LiteralParser::tryLiteralParse):
2759         (JSC::LiteralParser::Lexer::Lexer):
2760
2761 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
2762
2763         Unreviewed, rolling out r89184.
2764         http://trac.webkit.org/changeset/89184
2765         https://bugs.webkit.org/show_bug.cgi?id=62927
2766
2767         It broke 22 tests on all bot (Requested by Ossy_weekend on
2768         #webkit).
2769
2770         * API/JSValueRef.cpp:
2771         (JSValueMakeFromJSONString):
2772         * interpreter/Interpreter.cpp:
2773         (JSC::Interpreter::callEval):
2774         (JSC::Interpreter::execute):
2775         * parser/Lexer.cpp:
2776         * parser/Lexer.h:
2777         * runtime/JSGlobalObjectFunctions.cpp:
2778         (JSC::globalFuncEval):
2779         * runtime/JSONObject.cpp:
2780         (JSC::JSONProtoFuncParse):
2781         * runtime/LiteralParser.cpp:
2782         (JSC::LiteralParser::Lexer::lex):
2783         (JSC::isSafeStringCharacter):
2784         (JSC::LiteralParser::Lexer::lexString):
2785         (JSC::LiteralParser::Lexer::lexNumber):
2786         (JSC::LiteralParser::parse):
2787         * runtime/LiteralParser.h:
2788         (JSC::LiteralParser::LiteralParser):
2789         (JSC::LiteralParser::tryLiteralParse):
2790         (JSC::LiteralParser::Lexer::Lexer):
2791         (JSC::LiteralParser::Lexer::next):
2792
2793 2011-06-17  Oliver Hunt  <oliver@apple.com>
2794
2795         Reviewed by Gavin Barraclough.
2796
2797         JSONP is unnecessarily slow
2798         https://bugs.webkit.org/show_bug.cgi?id=62920
2799
2800         JSONP has unfortunately become a fairly common idiom online, yet
2801         it triggers very poor performance in JSC as we end up doing codegen
2802         for a large number of property accesses that will
2803            * only be run once, so the vast amount of logic we dump to handle
2804              caching of accesses is unnecessary.
2805            * We are doing codegen that is directly proportional to just
2806              creating the object in the first place.
2807
2808         This patch extends the use of the literal parser to JSONP-like structures
2809         in global code, handling a number of different forms I have seen online.
2810         In an extreme case this improves performance of JSONP by more than 2x
2811         due to removal of code generation and execution time, and a few optimisations
2812         that I made to the parser itself.
2813
2814         * API/JSValueRef.cpp:
2815         (JSValueMakeFromJSONString):
2816         * interpreter/Interpreter.cpp:
2817         (JSC::Interpreter::callEval):
2818         (JSC::Interpreter::execute):
2819         * parser/Lexer.cpp:
2820         (JSC::Lexer::isKeyword):
2821         * parser/Lexer.h:
2822         * runtime/JSGlobalObjectFunctions.cpp:
2823         (JSC::globalFuncEval):
2824         * runtime/JSONObject.cpp:
2825         (JSC::JSONProtoFuncParse):
2826         * runtime/LiteralParser.cpp:
2827         (JSC::LiteralParser::tryJSONPParse):
2828         (JSC::LiteralParser::makeIdentifier):
2829         (JSC::LiteralParser::Lexer::lex):
2830         (JSC::LiteralParser::Lexer::next):
2831         (JSC::isSafeStringCharacter):
2832         (JSC::LiteralParser::Lexer::lexString):
2833         (JSC::LiteralParser::Lexer::lexNumber):
2834         (JSC::LiteralParser::parse):
2835         * runtime/LiteralParser.h:
2836         (JSC::LiteralParser::LiteralParser):
2837         (JSC::LiteralParser::tryLiteralParse):
2838         (JSC::LiteralParser::Lexer::Lexer):
2839
2840 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2841
2842         Reviewed by Oliver Hunt.
2843
2844         Moved some property access JIT code into property access JIT files
2845         https://bugs.webkit.org/show_bug.cgi?id=62906
2846
2847         * jit/JITOpcodes.cpp:
2848         * jit/JITOpcodes32_64.cpp:
2849         * jit/JITPropertyAccess.cpp:
2850         (JSC::JIT::emitSlow_op_put_by_val):
2851         (JSC::JIT::emit_op_get_scoped_var):
2852         (JSC::JIT::emit_op_put_scoped_var):
2853         (JSC::JIT::emit_op_get_global_var):
2854         (JSC::JIT::emit_op_put_global_var):
2855         * jit/JITPropertyAccess32_64.cpp:
2856         (JSC::JIT::emit_op_get_scoped_var):
2857         (JSC::JIT::emit_op_put_scoped_var):
2858         (JSC::JIT::emit_op_get_global_var):
2859         (JSC::JIT::emit_op_put_global_var):
2860
2861 2011-06-17  Anders Carlsson  <andersca@apple.com>
2862
2863         Build fix.
2864
2865         * JavaScriptCore.xcodeproj/project.pbxproj:
2866
2867 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
2868
2869         Try to fix the Leopard build?
2870
2871         * JavaScriptCore.xcodeproj/project.pbxproj:
2872
2873 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2874
2875         Reviewed by Oliver Hunt.
2876
2877         Added some write barrier action, compiled out by default
2878         https://bugs.webkit.org/show_bug.cgi?id=62844
2879
2880         * JavaScriptCore.exp: Build!
2881
2882         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
2883         issue with Heap.cpp.
2884
2885         * heap/Heap.cpp:
2886         (JSC::Heap::writeBarrierSlowCase):
2887         * heap/Heap.h:
2888         (JSC::Heap::writeBarrier):
2889         * heap/MarkedBlock.h:
2890         (JSC::MarkedBlock::isAtomAligned):
2891         (JSC::MarkedBlock::blockFor):
2892         (JSC::MarkedBlock::atomNumber):
2893         (JSC::MarkedBlock::ownerSetNumber):
2894         (JSC::MarkedBlock::addOldSpaceOwner):
2895         (JSC::MarkedBlock::OwnerSet::OwnerSet):
2896         (JSC::MarkedBlock::OwnerSet::add):
2897         (JSC::MarkedBlock::OwnerSet::clear):
2898         (JSC::MarkedBlock::OwnerSet::size):
2899         (JSC::MarkedBlock::OwnerSet::didOverflow):
2900         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
2901         tracks owners for regions within blocks. Currently unused.
2902
2903 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
2904
2905         Reviewed by Eric Seidel.
2906
2907         [EFL] Add some OwnPtr specializations for EFL types.
2908         For now there are specializations for Ecore_Evas and Evas_Object.
2909         https://bugs.webkit.org/show_bug.cgi?id=62877
2910
2911         * wtf/CMakeListsEfl.txt:
2912         * wtf/OwnPtrCommon.h:
2913         * wtf/efl/OwnPtrEfl.cpp: Added.
2914         (WTF::deleteOwnedPtr):
2915
2916 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
2917
2918         Reviewed by Martin Robinson.
2919
2920         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
2921         https://bugs.webkit.org/show_bug.cgi?id=60687
2922
2923         Replace GdkRectangle by cairo_rectangle_int_t.
2924
2925         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
2926
2927 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2928
2929         Reviewed by Oliver Hunt.
2930
2931         https://bugs.webkit.org/show_bug.cgi?id=53014
2932         ES5 strict mode keyword restrictions aren't implemented
2933
2934         The following are future restricted words is strict mode code:
2935             implements, interface, let, package, private, protected, public, static, yield
2936
2937         * parser/JSParser.h:
2938             - Add RESERVED_IF_STRICT token.
2939         * parser/Keywords.table:
2940             - Add new future restricted words.
2941         * parser/Lexer.cpp:
2942         (JSC::Lexer::parseIdentifier):
2943             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
2944         (JSC::Lexer::lex):
2945             - Pass strictMode flag to parseIdentifier.
2946         * parser/Lexer.h:
2947             - parseIdentifier needs a strictMode flag.
2948         * runtime/CommonIdentifiers.h:
2949             - Add identifiers for new reserved words.
2950
2951 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2952
2953         Reviewed by Oliver Hunt.
2954
2955         https://bugs.webkit.org/show_bug.cgi?id=23611
2956         Multiline Javascript comments cause incorrect parsing of following script.
2957
2958         From the spec:
2959         "A MultiLineComment [is] simply discarded if it contains no line terminator,
2960         but if a MultiLineComment contains one or more line terminators, then it is
2961         replaced with a single line terminator, which becomes part of the stream of
2962         inputs for the syntactic grammar." 
2963
2964         This may result in behavioural changes, due to automatic semicolon insertion.
2965
2966         * parser/Lexer.cpp:
2967         (JSC::Lexer::parseMultilineComment):
2968             - Set m_terminator is we see a line terminator in a multiline comment.
2969
2970 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
2971
2972         Reviewed by Sam Weinig.
2973
2974         https://bugs.webkit.org/show_bug.cgi?id=62824
2975         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
2976
2977         CompareEq of non-integer values is the most common cause of speculation failure.
2978
2979         * dfg/DFGSpeculativeJIT.cpp:
2980         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2981             - Support Equals.
2982         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
2983             - new! - peephole optimized Eq of JSValues.
2984         (JSC::DFG::SpeculativeJIT::compile):
2985             - Add peephole optimization for CompareEq.
2986         * dfg/DFGSpeculativeJIT.h:
2987         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2988             - Add support for dead nodes between compare & branch.
2989         (JSC::DFG::SpeculativeJIT::isInteger):
2990             - Added to determine which form of peephole to do in CompareEq.
2991
2992 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
2993
2994         Try to fix the Windows build.
2995
2996         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
2997         symbol.
2998
2999         * bytecode/EvalCodeCache.h:
3000         * heap/HandleHeap.h:
3001         * heap/HeapRootVisitor.h:
3002         * heap/NewSpace.h:
3003         * runtime/ArgList.h:
3004         * runtime/ScopeChain.h:
3005         * runtime/SmallStrings.h:
3006         * runtime/Structure.h: Stop forward-declaring things that don't really
3007         exist anymore.
3008
3009 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3010
3011         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
3012         project while crossing my fingers and facing west.
3013
3014         * JavaScriptCore.xcodeproj/project.pbxproj:
3015
3016 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3017
3018         Build fix: Removed an incorrect symbol on Windows.
3019
3020         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3021
3022 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3023
3024         Build fix: Removed an accidental commit from the future.
3025
3026         * CMakeLists.txt:
3027
3028 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3029
3030         Reviewed by Oliver Hunt.
3031
3032         Introduced SlotVisitor into the project
3033         https://bugs.webkit.org/show_bug.cgi?id=62820
3034         
3035         This resolves a class vs typedef forward declaration issue, and gives all
3036         exported symbols the correct names.
3037
3038         * CMakeLists.txt:
3039         * GNUmakefile.list.am:
3040         * JavaScriptCore.exp:
3041         * JavaScriptCore.gypi:
3042         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3043         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3044
3045         * bytecode/EvalCodeCache.h:
3046         * heap/HandleHeap.h:
3047         * heap/Heap.cpp:
3048         (JSC::Heap::Heap):
3049         (JSC::Heap::markRoots):
3050         * heap/Heap.h:
3051         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
3052         clients operate on a MarkStack.
3053
3054         * heap/MarkStack.cpp:
3055         (JSC::SlotVisitor::visitChildren):
3056         (JSC::SlotVisitor::drain):
3057         * heap/SlotVisitor.h: Added.
3058         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
3059         inheritance to give SlotVisitor all the attributes of MarkStack without
3060         making this change giant. Over time, we will move more behavior into
3061         SlotVisitor and its subclasses.
3062
3063         * heap/MarkStack.h:
3064         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
3065         clients operate on a MarkStack.
3066
3067         * runtime/ArgList.h:
3068         * runtime/JSCell.h:
3069         * runtime/JSObject.h:
3070         * runtime/ScopeChain.h:
3071         * runtime/SmallStrings.h:
3072         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
3073         clients operate on a MarkStack.
3074
3075 2011-06-15  Oliver Hunt  <oliver@apple.com>
3076
3077         Reviewed by Geoffrey Garen.
3078
3079         Reduce memory usage of resolve_global
3080         https://bugs.webkit.org/show_bug.cgi?id=62765
3081
3082         If we have a large number of resolve_globals in a single
3083         block start planting plain resolve instructions instead 
3084         whenever we aren't in a loop.  This allows us to reduce
3085         the code size for extremely large functions without
3086         losing the performance benefits of op_resolve_global.
3087
3088         * bytecode/CodeBlock.h:
3089         (JSC::CodeBlock::globalResolveInfoCount):
3090         * bytecompiler/BytecodeGenerator.cpp:
3091         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
3092         (JSC::BytecodeGenerator::emitResolve):
3093         (JSC::BytecodeGenerator::emitResolveWithBase):
3094         * bytecompiler/BytecodeGenerator.h:
3095
3096 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
3097
3098         Reviewed by Laszlo Gombos.
3099
3100         [Qt] Fix building with CONFIG(use_system_icu)
3101         https://bugs.webkit.org/show_bug.cgi?id=62744
3102
3103         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
3104
3105         * wtf/Platform.h:
3106
3107 2011-06-15  Darin Adler  <darin@apple.com>
3108
3109         Reviewed by Adam Barth.
3110
3111         Remove obsolete LOOSE_OWN_PTR code
3112         https://bugs.webkit.org/show_bug.cgi?id=59909
3113
3114         The internal Apple dependency on this is gone now.
3115
3116         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
3117         set function that takes a raw pointer.
3118
3119         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
3120         set functino that takes a raw pointer.
3121
3122         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
3123         and assignment operator that takes a nullptr unconditional.
3124         Made constructor that takes a raw pointer private and explicit,
3125         and removed assignment operator that takes a raw pointer.
3126
3127         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
3128         unconditional. Made constructor that takes a raw pointer private
3129         and explicit, and removed assignment operator that takes a raw pointer.
3130
3131 2011-06-15  Sam Weinig  <sam@webkit.org>
3132
3133         Reviewed by Geoffrey Garen and Gavin Barraclough.
3134
3135         Make access-nseive ~9x faster on the non-speculative path by
3136         adding special casing for doubles that can lossless-ly be converted
3137         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
3138         and the hash lookup.  Long term, we should try and get property of a getByVal
3139         and putByVal to be an integer immediate even in the non-speculative path.
3140
3141         * dfg/DFGOperations.cpp:
3142         (JSC::DFG::putByVal):
3143         (JSC::DFG::operationPutByValInternal):
3144
3145 2011-06-15  Oliver Hunt  <oliver@apple.com>
3146
3147         Reviewed by Darin Adler.
3148
3149         REGRESSION (r88719): 5by5.tv schedule is not visible
3150         https://bugs.webkit.org/show_bug.cgi?id=62720
3151
3152         Problem here is that the lexer wasn't considering '$' to be
3153         a valid character in an identifier.
3154
3155         * parser/Lexer.h:
3156         (JSC::Lexer::lexExpectIdentifier):
3157
3158 2011-06-15  Oliver Hunt  <oliver@apple.com>
3159
3160         Reviewed by Sam Weinig.
3161
3162         Reduce the size of global_resolve
3163         https://bugs.webkit.org/show_bug.cgi?id=62738
3164
3165         Reduce the code size of global_resolve in the JIT by replacing
3166         multiple pointer loads with a single pointer move + two offset
3167         loads.
3168
3169         * jit/JITOpcodes.cpp:
3170         (JSC::JIT::emit_op_resolve_global):
3171         * jit/JITOpcodes32_64.cpp:
3172         (JSC::JIT::emit_op_resolve_global):
3173
3174 2011-06-14  Geoffrey Garen  <ggaren@apple.com>
3175
3176         Reviewed by Dan Bernstein.
3177
3178         Fixed an inavlid ASSERT I found while investigating
3179         <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
3180         https://bugs.webkit.org/show_bug.cgi?id=62699        
3181
3182         No test since we don't know of a way to get WebCore to deallocate the
3183         next-to-finalize handle, which is also the last handle in the list,
3184         while finalizing the second-to-last handle in the list.
3185
3186         * heap/HandleHeap.h:
3187         (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
3188         non-0 next() after updating it, since it is valid to update m_nextToFinalize
3189         to point to the tail sentinel.
3190         
3191         Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
3192         since it is not valid to update m_nextToFinalize to point past the tail
3193         sentinel.
3194         
3195         Also, use m_nextToFinalize consistently for clarity.
3196
3197 2011-06-14  Gavin Barraclough  <barraclough@apple.com>
3198
3199         Reviewed by Sam Weinig.
3200
3201         https://bugs.webkit.org/show_bug.cgi?id=43841
3202         SegmentedVector::operator== typo
3203
3204         * wtf/SegmentedVector.h:
3205         (WTF::SegmentedVectorIterator::operator==):
3206         (WTF::SegmentedVectorIterator::operator!=):
3207
3208 2011-06-14  Oliver Hunt  <oliver@apple.com>
3209
3210         Reviewed by Gavin Barraclough.
3211
3212         Constant array literals result in unnecessarily large amounts of code
3213         https://bugs.webkit.org/show_bug.cgi?id=62658
3214
3215         Add a new version of op_new_array that simply copies values from a buffer
3216         we hang off of the CodeBlock, rather than generating code to place each
3217         entry into the registerfile, and then copying it from the registerfile into
3218         the array.  This is a slight improvement on some sunspider tests, but no
3219         measurable overall change.  That's okay though as our goal was to reduce
3220         code size without hurting performance.
3221
3222         * bytecode/CodeBlock.cpp:
3223         (JSC::CodeBlock::dump):
3224         * bytecode/CodeBlock.h:
3225         (JSC::CodeBlock::addImmediateBuffer):
3226         (JSC::CodeBlock::immediateBuffer):
3227         * bytecode/Opcode.h:
3228         * bytecompiler/BytecodeGenerator.cpp:
3229         (JSC::BytecodeGenerator::addImmediateBuffer):
3230         (JSC::BytecodeGenerator::emitNewArray):
3231         * bytecompiler/BytecodeGenerator.h:
3232         * bytecompiler/NodesCodegen.cpp:
3233         (JSC::ArrayNode::emitBytecode):
3234         * interpreter/Interpreter.cpp:
3235         (JSC::Interpreter::privateExecute):
3236         * jit/JIT.cpp:
3237         (JSC::JIT::privateCompileMainPass):
3238         * jit/JIT.h:
3239         * jit/JITOpcodes.cpp:
3240         (JSC::JIT::emit_op_new_array):
3241         (JSC::JIT::emit_op_new_array_buffer):
3242         * jit/JITOpcodes32_64.cpp:
3243         * jit/JITStubs.cpp:
3244         (JSC::DEFINE_STUB_FUNCTION):
3245         * jit/JITStubs.h:
3246
3247 2011-06-14  Sheriff Bot  <webkit.review.bot@gmail.com>
3248
3249         Unreviewed, rolling out r88841.
3250         http://trac.webkit.org/changeset/88841
3251         https://bugs.webkit.org/show_bug.cgi?id=62672
3252
3253         Caused many tests to crash (Requested by rniwa on #webkit).
3254
3255         * bytecode/CodeBlock.cpp:
3256         (JSC::CodeBlock::dump):
3257         * bytecode/CodeBlock.h:
3258         * bytecode/Opcode.h:
3259         * bytecompiler/BytecodeGenerator.cpp:
3260         (JSC::BytecodeGenerator::emitNewArray):
3261         * bytecompiler/BytecodeGenerator.h:
3262         * bytecompiler/NodesCodegen.cpp:
3263         (JSC::ArrayNode::emitBytecode):
3264         * interpreter/Interpreter.cpp:
3265         (JSC::Interpreter::privateExecute):
3266         * jit/JIT.cpp:
3267         (JSC::JIT::privateCompileMainPass):
3268         * jit/JIT.h:
3269         * jit/JITOpcodes.cpp:
3270         (JSC::JIT::emit_op_new_array):
3271         * jit/JITOpcodes32_64.cpp:
3272         (JSC::JIT::emit_op_new_array):
3273         * jit/JITStubs.cpp:
3274         * jit/JITStubs.h:
3275
3276 2011-06-14  Oliver Hunt  <oliver@apple.com>
3277
3278         Reviewed by Gavin Barraclough.
3279
3280         Constant array literals result in unnecessarily large amounts of code
3281         https://bugs.webkit.org/show_bug.cgi?id=62658
3282
3283         Add a new version of op_new_array that simply copies values from a buffer
3284         we hang off of the CodeBlock, rather than generating code to place each
3285         entry into the registerfile, and then copying it from the registerfile into
3286         the array.  This is a slight improvement on some sunspider tests, but no
3287         measurable overall change.  That's okay though as our goal was to reduce
3288         code size without hurting performance.
3289
3290         * bytecode/CodeBlock.cpp:
3291         (JSC::CodeBlock::dump):
3292         * bytecode/CodeBlock.h:
3293         (JSC::CodeBlock::addImmediateBuffer):
3294         (JSC::CodeBlock::immediateBuffer):
3295         * bytecode/Opcode.h:
3296         * bytecompiler/BytecodeGenerator.cpp:
3297         (JSC::BytecodeGenerator::addImmediateBuffer):
3298         (JSC::BytecodeGenerator::emitNewArray):
3299         * bytecompiler/BytecodeGenerator.h:
3300         * bytecompiler/NodesCodegen.cpp:
3301         (JSC::ArrayNode::emitBytecode):
3302         * interpreter/Interpreter.cpp:
3303         (JSC::Interpreter::privateExecute):
3304         * jit/JIT.cpp:
3305         (JSC::JIT::privateCompileMainPass):
3306         * jit/JIT.h:
3307         * jit/JITOpcodes.cpp:
3308         (JSC::JIT::emit_op_new_array):
3309         (JSC::JIT::emit_op_new_array_buffer):
3310         * jit/JITOpcodes32_64.cpp:
3311         * jit/JITStubs.cpp:
3312         (JSC::DEFINE_STUB_FUNCTION):
3313         * jit/JITStubs.h:
3314
3315 2011-06-14  Stephanie Lewis  <slewis@apple.com>
3316
3317         Rubber stamped by Oliver Hunt.
3318
3319         <rdar://problem/9511169>
3320         Update order files.
3321
3322         * JavaScriptCore.order:
3323
3324 2011-06-14  Sam Weinig  <sam@webkit.org>
3325
3326         Reviewed by Geoffrey Garen.
3327
3328         Fix dumping of constants to have the correct constant number.
3329
3330         * bytecode/CodeBlock.cpp:
3331         (JSC::CodeBlock::dump):
3332
3333 2011-06-14  Benjamin Poulain  <benjamin@webkit.org>
3334
3335         Reviewed by Eric Seidel.
3336
3337         KeywordLookupGenerator's Trie does not work with Python 3
3338         https://bugs.webkit.org/show_bug.cgi?id=62635
3339
3340         With Python 3, dict.items() return an iterator. Since the iterator
3341         protocol changed between Python 2 and 3, the easiest way to get the
3342         values is to have something that use the iterator implicitely, like a
3343         for() loop.
3344
3345         * KeywordLookupGenerator.py:
3346
3347 2011-06-13  Oliver Hunt  <oliver@apple.com>
3348
3349         Reviewed by Gavin Barraclough.
3350
3351         Fix llocp and lvalp names in the lexer to something more meaningful
3352         https://bugs.webkit.org/show_bug.cgi?id=62605
3353
3354         A simple rename
3355
3356         * parser/Lexer.cpp:
3357         (JSC::Lexer::parseIdentifier):
3358         (JSC::Lexer::parseString):
3359         (JSC::Lexer::lex):
3360         * parser/Lexer.h:
3361         (JSC::Lexer::lexExpectIdentifier):
3362
3363 2011-06-13  Oliver Hunt  <oliver@apple.com>
3364
3365         Reviewed by Gavin Barraclough.
3366
3367         Make it possible to inline the common case of identifier lexing
3368         https://bugs.webkit.org/show_bug.cgi?id=62600
3369
3370         Add a lexing function that expects to lex an "normal" alpha numeric
3371         identifier (that ignores keywords) so it's possible to inline the
3372         common parsing cases.  This comes out as a reasonable parsing speed
3373         boost.
3374
3375         * parser/JSParser.cpp:
3376         (JSC::JSParser::nextExpectIdentifier):
3377         (JSC::JSParser::parseProperty):
3378         (JSC::JSParser::parseMemberExpression):
3379         * parser/Lexer.cpp:
3380         * parser/Lexer.h:
3381         (JSC::Lexer::makeIdentifier):
3382         (JSC::Lexer::lexExpectIdentifier):
3383
3384 2011-06-13  Xan Lopez  <xlopez@igalia.com>
3385
3386         Reviewed by Martin Robinson.
3387
3388         Distcheck fixes.
3389
3390         * GNUmakefile.am:
3391         * GNUmakefile.list.am:
3392
3393 2011-06-13  Oliver Hunt  <oliver@apple.com>
3394
3395         Reviewed by Simon Fraser.
3396
3397         Make it possible to inline Identifier::equal
3398         https://bugs.webkit.org/show_bug.cgi?id=62584
3399
3400         Move Identifier::equal to the Identifier header file.
3401
3402         * runtime/Identifier.cpp:
3403         * runtime/Identifier.h:
3404         (JSC::Identifier::equal):
3405
3406 2011-06-13  Tony Chang  <tony@chromium.org>
3407
3408         Reviewed by Dimitri Glazkov.
3409
3410         rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
3411         https://bugs.webkit.org/show_bug.cgi?id=62578
3412
3413         * Configurations/FeatureDefines.xcconfig:
3414
3415 2011-06-13  Tony Chang  <tony@chromium.org>
3416
3417         Reviewed by Adam Barth.
3418
3419         rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
3420         https://bugs.webkit.org/show_bug.cgi?id=62545
3421
3422         * Configurations/FeatureDefines.xcconfig:
3423
3424 2011-06-12  Patrick Gansterer  <paroga@webkit.org>
3425
3426         Unreviewed. Build fix for !ENABLE(JIT) after r88604.
3427
3428         * bytecode/CodeBlock.cpp:
3429         (JSC::CodeBlock::visitAggregate):
3430
3431 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3432
3433         Reviewed by Darin Adler.
3434
3435         https://bugs.webkit.org/show_bug.cgi?id=16777
3436
3437         Remove #define NaN per Darin's comments.
3438
3439         * runtime/JSGlobalObjectFunctions.cpp:
3440         (JSC::parseIntOverflow):
3441         (JSC::parseInt):
3442         (JSC::jsStrDecimalLiteral):
3443         (JSC::jsToNumber):
3444         (JSC::parseFloat):
3445         * wtf/DateMath.cpp:
3446         (WTF::equivalentYearForDST):
3447         (WTF::parseES5DateFromNullTerminatedCharacters):
3448         (WTF::parseDateFromNullTerminatedCharacters):
3449         (WTF::timeClip):
3450         (JSC::parseDateFromNullTerminatedCharacters):
3451
3452 2011-06-11  Gavin Barraclough  <barraclough@apple.com>
3453
3454         Rubber stamped by Geoff Garen.
3455
3456         https://bugs.webkit.org/show_bug.cgi?id=62503
3457         Remove JIT_OPTIMIZE_* switches
3458
3459         The alternative code paths are untested, and not well maintained.
3460         These were useful when there was more churn in the JIT, but now
3461         are a maintenance overhead. Time to move on, removing.
3462
3463         * bytecode/CodeBlock.cpp:
3464         (JSC::CodeBlock::visitAggregate):
3465         * jit/JIT.cpp:
3466         (JSC::JIT::privateCompileSlowCases):
3467         (JSC::JIT::privateCompile):