ValueRecovery should be moved out of the DFG JIT
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
2
3         ValueRecovery should be moved out of the DFG JIT
4         https://bugs.webkit.org/show_bug.cgi?id=71439
5
6         Reviewed by Oliver Hunt.
7
8         * JavaScriptCore.xcodeproj/project.pbxproj:
9         * bytecode/DataFormat.h: Added.
10         (JSC::dataFormatToString):
11         (JSC::needDataFormatConversion):
12         (JSC::isJSFormat):
13         (JSC::isJSInteger):
14         (JSC::isJSDouble):
15         (JSC::isJSCell):
16         (JSC::isJSBoolean):
17         * bytecode/ValueRecovery.h: Added.
18         (JSC::ValueRecovery::ValueRecovery):
19         (JSC::ValueRecovery::alreadyInRegisterFile):
20         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
21         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
22         (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
23         (JSC::ValueRecovery::inGPR):
24         (JSC::ValueRecovery::inPair):
25         (JSC::ValueRecovery::inFPR):
26         (JSC::ValueRecovery::displacedInRegisterFile):
27         (JSC::ValueRecovery::constant):
28         (JSC::ValueRecovery::technique):
29         (JSC::ValueRecovery::isInRegisters):
30         (JSC::ValueRecovery::gpr):
31         (JSC::ValueRecovery::tagGPR):
32         (JSC::ValueRecovery::payloadGPR):
33         (JSC::ValueRecovery::fpr):
34         (JSC::ValueRecovery::virtualRegister):
35         (JSC::ValueRecovery::dump):
36         * bytecode/VirtualRegister.h: Added.
37         * dfg/DFGGenerationInfo.h:
38         (JSC::DFG::GenerationInfo::isJSFormat):
39         * dfg/DFGSpeculativeJIT.cpp:
40         (JSC::DFG::ValueSource::dump):
41         * dfg/DFGSpeculativeJIT.h:
42         * dfg/DFGVariableAccessData.h:
43
44 2011-11-02  Sam Weinig  <sam@webkit.org>
45
46         Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
47         https://bugs.webkit.org/show_bug.cgi?id=71333
48
49         Reviewed by Gavin Barraclough.
50
51         Tested by fast/dom/getter-on-window-object2.html
52
53         * runtime/PropertyDescriptor.cpp:
54         (JSC::PropertyDescriptor::setDescriptor):
55         The attributes returned from Structure::get do not include Getter or Setter, so
56         instead check if the value is a GetterSetter like we do elsewhere. If it is, update
57         the descriptor's attributes accordingly.
58
59 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
60
61         FunctionPtr should accept FASTCALL functions on X86
62         https://bugs.webkit.org/show_bug.cgi?id=71434
63
64         Reviewed by Filip Pizlo.
65
66         On X86 we sometimes use FASTCALL convention functions, for example the
67         cti functions, and we may need the pointers to such functions, e.g.,
68         in current DFG register file check and arity check, though long term
69         we may avoid such usage of cti calls in DFG.
70
71         * assembler/MacroAssemblerCodeRef.h:
72         (JSC::FunctionPtr::FunctionPtr):
73
74 2011-11-02  Filip Pizlo  <fpizlo@apple.com>
75
76         Inlined uses of the global object should use the right global object
77         https://bugs.webkit.org/show_bug.cgi?id=71427
78
79         Reviewed by Oliver Hunt.
80
81         * dfg/DFGJITCompiler.h:
82         (JSC::DFG::JITCompiler::globalObjectFor):
83         * dfg/DFGSpeculativeJIT64.cpp:
84         (JSC::DFG::SpeculativeJIT::compile):
85
86 2011-11-02  Yuqiang Xian  <yuqiang.xian@intel.com>
87
88         Remove some unnecessary loads/stores in DFG JIT 32_64
89         https://bugs.webkit.org/show_bug.cgi?id=71090
90
91         Reviewed by Filip Pizlo.
92
93         In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
94         be eliminated.
95
96         * dfg/DFGJITCompiler32_64.cpp:
97         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
98         * dfg/DFGSpeculativeJIT32_64.cpp:
99         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
100
101 2011-11-02  Adam Klein  <adamk@chromium.org>
102
103         Replace usage of StringImpl with String where possible in CharacterData and Text
104         https://bugs.webkit.org/show_bug.cgi?id=71383
105
106         Reviewed by Darin Adler.
107
108         * wtf/text/WTFString.h:
109         (WTF::String::containsOnlyWhitespace): Added new method.
110
111 2011-11-02  Mark Hahnenberg  <mhahnenberg@apple.com>
112
113         De-virtualize JSObject::getOwnPropertyNames
114         https://bugs.webkit.org/show_bug.cgi?id=71307
115
116         Reviewed by Darin Adler.
117
118         Added getOwnPropertyNames to the MethodTable, changed all the virtual 
119         implementations of getOwnPropertyNames to static ones, and replaced 
120         all call sites with corresponding lookups in the MethodTable.
121
122         * API/JSCallbackObject.h:
123         * API/JSCallbackObjectFunctions.h:
124         (JSC::::getOwnPropertyNames):
125         * JavaScriptCore.exp:
126         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
127         * debugger/DebuggerActivation.cpp:
128         (JSC::DebuggerActivation::getOwnPropertyNames):
129         * debugger/DebuggerActivation.h:
130         * runtime/Arguments.cpp:
131         (JSC::Arguments::getOwnPropertyNames):
132         * runtime/Arguments.h:
133         * runtime/ClassInfo.h:
134         * runtime/JSActivation.cpp:
135         (JSC::JSActivation::getOwnPropertyNames):
136         * runtime/JSActivation.h:
137         * runtime/JSArray.cpp:
138         (JSC::JSArray::getOwnPropertyNames):
139         * runtime/JSArray.h:
140         * runtime/JSByteArray.cpp:
141         (JSC::JSByteArray::getOwnPropertyNames):
142         * runtime/JSByteArray.h:
143         * runtime/JSCell.cpp:
144         (JSC::JSCell::getOwnPropertyNames):
145         * runtime/JSCell.h:
146         * runtime/JSFunction.cpp:
147         (JSC::JSFunction::getOwnPropertyNames):
148         * runtime/JSFunction.h:
149         * runtime/JSNotAnObject.cpp:
150         (JSC::JSNotAnObject::getOwnPropertyNames):
151         * runtime/JSNotAnObject.h:
152         * runtime/JSONObject.cpp:
153         (JSC::Stringifier::Holder::appendNextProperty):
154         (JSC::Walker::walk):
155         * runtime/JSObject.cpp:
156         (JSC::JSObject::getPropertyNames):
157         (JSC::JSObject::getOwnPropertyNames):
158         * runtime/JSObject.h:
159         * runtime/JSVariableObject.cpp:
160         (JSC::JSVariableObject::~JSVariableObject):
161         (JSC::JSVariableObject::getOwnPropertyNames):
162         * runtime/JSVariableObject.h:
163         * runtime/ObjectConstructor.cpp:
164         (JSC::objectConstructorGetOwnPropertyNames):
165         (JSC::objectConstructorKeys):
166         (JSC::defineProperties):
167         * runtime/RegExpMatchesArray.h:
168         (JSC::RegExpMatchesArray::getOwnPropertyNames):
169         * runtime/StringObject.cpp:
170         (JSC::StringObject::getOwnPropertyNames):
171         * runtime/StringObject.h:
172         * runtime/Structure.h:
173
174 2011-11-02  Dean Jackson  <dino@apple.com>
175
176         Add ENABLE_CSS_SHADERS flag
177         https://bugs.webkit.org/show_bug.cgi?id=71394
178
179         Reviewed by Sam Weinig.
180
181         * Configurations/FeatureDefines.xcconfig:
182
183 2011-11-02  Alexey Shabalin  <a.shabalin@gmail.com>
184
185         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
186         https://bugs.webkit.org/show_bug.cgi?id=70610
187
188         Reviewed by Martin Robinson.
189
190         Properly annotate ASM on BSD and Linux x86 systems.
191
192         * dfg/DFGOperations.cpp: Add annotation for X86.
193         * jit/JITStubs.cpp: Ditto.
194         * jit/ThunkGenerators.cpp: Ditto.
195
196 2011-11-02  Xianzhu Wang  <wangxianzhu@chromium.org>
197
198         Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
199         https://bugs.webkit.org/show_bug.cgi?id=71347
200
201         Reviewed by Geoffrey Garen.
202
203         * wtf/text/StringImpl.cpp:
204         (WTF::StringImpl::reallocate):
205
206 2011-11-01  Darin Adler  <darin@apple.com>
207
208         Cut down on malloc/free a bit in the parser arena
209         https://bugs.webkit.org/show_bug.cgi?id=71343
210
211         Reviewed by Oliver Hunt.
212
213         * parser/ParserArena.cpp:
214         (JSC::ParserArena::deallocateObjects): Call the destructors of
215         the deletable objects before freeing the pools. Don't call
216         fastFree on the deletable objects any more.
217
218         * parser/ParserArena.h:
219         (JSC::ParserArena::allocateDeletable): Use allocateFreeable
220         instead of fastMalloc here.
221
222 2011-11-01  Sam Weinig  <sam@webkit.org>
223
224         Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
225         https://bugs.webkit.org/show_bug.cgi?id=71336
226
227         Reviewed by Darin Adler.
228
229         * debugger/DebuggerActivation.cpp:
230         * debugger/DebuggerActivation.h:
231         Remove overrides of lookupGetter/lookupSetter, which are no longer needed
232         due to implementing getPropertyDescriptor.
233
234         * runtime/JSObject.cpp:
235         (JSC::JSObject::lookupGetter):
236         (JSC::JSObject::lookupSetter):
237         * runtime/JSObject.h:
238         De-virtualize lookupGetter/lookupSetter, and implement them in terms of
239         getPropertyDescriptor.
240
241 2011-11-01  Mark Hahnenberg  <mhahnenberg@apple.com>
242
243         De-virtualize JSObject::defineSetter
244         https://bugs.webkit.org/show_bug.cgi?id=71303
245
246         Reviewed by Darin Adler.
247
248         Added defineSetter to the MethodTable, changed all the virtual 
249         implementations of defineSetter to static ones, and replaced 
250         all call sites with corresponding lookups in the MethodTable.
251
252         * JavaScriptCore.exp:
253         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
254         * debugger/DebuggerActivation.cpp:
255         (JSC::DebuggerActivation::defineSetter):
256         * debugger/DebuggerActivation.h:
257         * interpreter/Interpreter.cpp:
258         (JSC::Interpreter::privateExecute):
259         * jit/JITStubs.cpp:
260         (JSC::DEFINE_STUB_FUNCTION):
261         * runtime/ClassInfo.h:
262         * runtime/JSCell.cpp:
263         (JSC::JSCell::defineSetter):
264         * runtime/JSCell.h:
265         * runtime/JSGlobalObject.cpp:
266         (JSC::JSGlobalObject::defineSetter):
267         * runtime/JSGlobalObject.h:
268         * runtime/JSObject.cpp:
269         (JSC::JSObject::defineSetter):
270         (JSC::putDescriptor):
271         * runtime/JSObject.h:
272         * runtime/ObjectPrototype.cpp:
273         (JSC::objectProtoFuncDefineSetter):
274
275 2011-11-01  Filip Pizlo  <fpizlo@apple.com>
276
277         DFG inlining breaks function.arguments
278         https://bugs.webkit.org/show_bug.cgi?id=71329
279
280         Reviewed by Oliver Hunt.
281         
282         The DFG was forgetting to store code origin mappings for inlined
283         call sites. Some of the fast-path optimizations for
284         CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
285         was wrong.
286         
287         I also took the opportunity to decrease code duplication between
288         DFG64 and DFG32_64, because I didn't feel like writing the same
289         code twice.
290
291         * bytecode/CodeBlock.h:
292         (JSC::ExecState::isInlineCallFrame):
293         * dfg/DFGJITCompiler.cpp:
294         (JSC::DFG::JITCompiler::compileEntry):
295         (JSC::DFG::JITCompiler::compileBody):
296         (JSC::DFG::JITCompiler::link):
297         (JSC::DFG::JITCompiler::compile):
298         (JSC::DFG::JITCompiler::compileFunction):
299         * dfg/DFGJITCompiler32_64.cpp:
300         * dfg/DFGNode.h:
301         * interpreter/CallFrame.cpp:
302         (JSC::CallFrame::trueCallerFrame):
303         * interpreter/CallFrame.h:
304         * runtime/Arguments.h:
305         (JSC::Arguments::getArgumentsData):
306
307 2011-11-01  Xianzhu Wang  <wangxianzhu@chromium.org>
308
309         StringImpl::reallocate() should have a 8-bit version
310         https://bugs.webkit.org/show_bug.cgi?id=71210
311
312         Reviewed by Geoffrey Garen.
313
314         * wtf/text/StringImpl.cpp:
315         (WTF::StringImpl::reallocate):
316         * wtf/text/StringImpl.h:
317
318 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
319
320         The GC should be parallel
321         https://bugs.webkit.org/show_bug.cgi?id=70995
322
323         Reviewed by Geoff Garen.
324         
325         Added parallel tracing to the GC. This works by having local mark
326         stacks per thread, and a global shared one. Threads sometimes
327         donate cells from the mark stack to the global one if the heuristics
328         tell them that it's affordable to do so. Threads that have depleted
329         their local mark stacks try to steal some from the shared one.
330
331         Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
332         
333         This is a 23% speed-up on V8-splay when I use 4 marking threads,
334         leading to a 3.5% speed-up on V8.
335         
336         It also appears that this reduces GC pause times on real websites by
337         more than half.
338
339         * JavaScriptCore.exp:
340         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
341         * heap/Heap.cpp:
342         (JSC::Heap::Heap):
343         (JSC::Heap::~Heap):
344         (JSC::Heap::markRoots):
345         * heap/Heap.h:
346         * heap/MarkStack.cpp:
347         (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
348         (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
349         (JSC::MarkStackSegmentAllocator::allocate):
350         (JSC::MarkStackSegmentAllocator::release):
351         (JSC::MarkStackSegmentAllocator::shrinkReserve):
352         (JSC::MarkStackArray::MarkStackArray):
353         (JSC::MarkStackArray::~MarkStackArray):
354         (JSC::MarkStackArray::expand):
355         (JSC::MarkStackArray::refill):
356         (JSC::MarkStackArray::donateSomeCellsTo):
357         (JSC::MarkStackArray::stealSomeCellsFrom):
358         (JSC::MarkStackThreadSharedData::markingThreadMain):
359         (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
360         (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
361         (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
362         (JSC::MarkStackThreadSharedData::reset):
363         (JSC::MarkStack::reset):
364         (JSC::SlotVisitor::donateSlow):
365         (JSC::SlotVisitor::drain):
366         (JSC::SlotVisitor::drainFromShared):
367         (JSC::MarkStack::mergeOpaqueRoots):
368         (JSC::SlotVisitor::harvestWeakReferences):
369         * heap/MarkStack.h:
370         (JSC::MarkStackSegment::data):
371         (JSC::MarkStackSegment::capacityFromSize):
372         (JSC::MarkStackSegment::sizeFromCapacity):
373         (JSC::MarkStackArray::postIncTop):
374         (JSC::MarkStackArray::preDecTop):
375         (JSC::MarkStackArray::setTopForFullSegment):
376         (JSC::MarkStackArray::setTopForEmptySegment):
377         (JSC::MarkStackArray::top):
378         (JSC::MarkStackArray::validatePrevious):
379         (JSC::MarkStack::addWeakReferenceHarvester):
380         (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
381         (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
382         (JSC::MarkStack::MarkStack):
383         (JSC::MarkStack::addOpaqueRoot):
384         (JSC::MarkStack::containsOpaqueRoot):
385         (JSC::MarkStack::opaqueRootCount):
386         (JSC::MarkStackArray::append):
387         (JSC::MarkStackArray::canRemoveLast):
388         (JSC::MarkStackArray::removeLast):
389         (JSC::MarkStackArray::isEmpty):
390         (JSC::MarkStackArray::canDonateSomeCells):
391         (JSC::MarkStackArray::size):
392         (JSC::ParallelModeEnabler::ParallelModeEnabler):
393         (JSC::ParallelModeEnabler::~ParallelModeEnabler):
394         * heap/MarkedBlock.h:
395         (JSC::MarkedBlock::testAndSetMarked):
396         * heap/SlotVisitor.h:
397         (JSC::SlotVisitor::donate):
398         (JSC::SlotVisitor::donateAndDrain):
399         (JSC::SlotVisitor::donateKnownParallel):
400         (JSC::SlotVisitor::SlotVisitor):
401         * heap/WeakReferenceHarvester.h:
402         * runtime/Heuristics.cpp:
403         (JSC::Heuristics::initializeHeuristics):
404         * runtime/Heuristics.h:
405         * wtf/Atomics.h:
406         (WTF::weakCompareAndSwap):
407         * wtf/Bitmap.h:
408         (WTF::::Bitmap):
409         (WTF::::get):
410         (WTF::::set):
411         (WTF::::testAndSet):
412         (WTF::::testAndClear):
413         (WTF::::concurrentTestAndSet):
414         (WTF::::concurrentTestAndClear):
415         (WTF::::clear):
416         (WTF::::clearAll):
417         (WTF::::nextPossiblyUnset):
418         (WTF::::findRunOfZeros):
419         (WTF::::count):
420         (WTF::::isEmpty):
421         (WTF::::isFull):
422         * wtf/MainThread.h:
423         (WTF::isMainThreadOrGCThread):
424         * wtf/Platform.h:
425         * wtf/ThreadSpecific.h:
426         (WTF::::isSet):
427         * wtf/mac/MainThreadMac.mm:
428         (WTF::initializeGCThreads):
429         (WTF::initializeMainThreadPlatform):
430         (WTF::initializeMainThreadToProcessMainThreadPlatform):
431         (WTF::registerGCThread):
432         (WTF::isMainThreadOrGCThread):
433
434 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
435
436         De-virtualize JSObject::defaultValue
437         https://bugs.webkit.org/show_bug.cgi?id=71146
438
439         Reviewed by Sam Weinig.
440
441         Added defaultValue to the MethodTable.  Replaced all virtual versions of 
442         defaultValue with static versions.  Replaced all call sites with lookups in the 
443         MethodTable.
444
445         * JavaScriptCore.exp:
446         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
447         * runtime/ClassInfo.h:
448         * runtime/ExceptionHelpers.cpp:
449         (JSC::InterruptedExecutionError::defaultValue):
450         (JSC::TerminatedExecutionError::defaultValue):
451         * runtime/ExceptionHelpers.h:
452         * runtime/JSCell.cpp:
453         (JSC::JSCell::defaultValue):
454         * runtime/JSCell.h:
455         * runtime/JSNotAnObject.cpp:
456         (JSC::JSNotAnObject::defaultValue):
457         * runtime/JSNotAnObject.h:
458         * runtime/JSObject.cpp:
459         (JSC::JSObject::getPrimitiveNumber):
460         (JSC::JSObject::defaultValue):
461         * runtime/JSObject.h:
462         (JSC::JSObject::toPrimitive):
463
464 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
465
466         Interpreter build fix
467
468         Unreviewed build fix
469
470         * interpreter/Interpreter.cpp:
471         (JSC::Interpreter::privateExecute):
472         * runtime/Executable.cpp:
473         (JSC::FunctionExecutable::compileForCallInternal):
474         (JSC::FunctionExecutable::compileForConstructInternal):
475
476 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
477
478         DFG OSR exits should add to value profiles
479         https://bugs.webkit.org/show_bug.cgi?id=71202
480
481         Reviewed by Oliver Hunt.
482         
483         Value profiles now have an extra special slot not used by the old JIT's
484         profiling, which is reserved for OSR exits.
485         
486         The DFG's OSR exit code now knows which register, node index, and value
487         profiling site was responsible for the (possibly flawed) information that
488         led to the OSR failure. This is somewhat opportunistic and imperfect;
489         if there's a lot of control flow between the value profiling site and the
490         OSR failure point, then this mechanism simply gives up. It also gives up
491         if the OSR failure is caused by either known deficiencies in the DFG
492         (like that we always assume that the index in a strict charCodeAt access
493         is within bounds) or where the OSR failure would be catalogues and
494         profiled through other means (like slow case counters).
495         
496         This patch also adds the notion of a JSValueRegs, which is either a
497         single register in JSVALUE64 or a pair in JSVALUE32_64. We should
498         probably move the 32_64 DFG towards using this, since it often makes it
499         easier to share code between 64 and 32_64.
500         
501         Also fixed a number of pathologies that this uncovered. op_method_check 
502         didn't have a value profiling site on the slow path. GetById should not
503         always force OSR exit if it never executed in the old JIT; we may be
504         able to infer its type if it's a array or string length get. Finally,
505         these changes benefit from a slight tweak to optimization delay
506         heuristics (profile fullness is now 0.35 instead of 0.25).
507         
508         3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
509         and imaging-darkroom.
510
511         * bytecode/ValueProfile.cpp:
512         (JSC::ValueProfile::computeStatistics):
513         (JSC::ValueProfile::computeUpdatedPrediction):
514         * bytecode/ValueProfile.h:
515         (JSC::ValueProfile::ValueProfile):
516         (JSC::ValueProfile::specFailBucket):
517         (JSC::ValueProfile::numberOfSamples):
518         (JSC::ValueProfile::isLive):
519         (JSC::ValueProfile::numberOfInt32s):
520         (JSC::ValueProfile::numberOfDoubles):
521         (JSC::ValueProfile::numberOfCells):
522         (JSC::ValueProfile::numberOfObjects):
523         (JSC::ValueProfile::numberOfFinalObjects):
524         (JSC::ValueProfile::numberOfStrings):
525         (JSC::ValueProfile::numberOfArrays):
526         (JSC::ValueProfile::numberOfBooleans):
527         (JSC::ValueProfile::dump):
528         * dfg/DFGAbstractState.cpp:
529         (JSC::DFG::AbstractState::execute):
530         * dfg/DFGByteCodeParser.cpp:
531         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
532         (JSC::DFG::ByteCodeParser::getPrediction):
533         (JSC::DFG::ByteCodeParser::parseBlock):
534         * dfg/DFGGPRInfo.h:
535         (JSC::DFG::JSValueRegs::JSValueRegs):
536         (JSC::DFG::JSValueRegs::operator!):
537         (JSC::DFG::JSValueRegs::gpr):
538         (JSC::DFG::JSValueSource::JSValueSource):
539         (JSC::DFG::JSValueSource::unboxedCell):
540         (JSC::DFG::JSValueSource::operator!):
541         (JSC::DFG::JSValueSource::isAddress):
542         (JSC::DFG::JSValueSource::offset):
543         (JSC::DFG::JSValueSource::base):
544         (JSC::DFG::JSValueSource::gpr):
545         (JSC::DFG::JSValueSource::asAddress):
546         (JSC::DFG::JSValueSource::notAddress):
547         (JSC::DFG::JSValueRegs::tagGPR):
548         (JSC::DFG::JSValueRegs::payloadGPR):
549         (JSC::DFG::JSValueSource::tagGPR):
550         (JSC::DFG::JSValueSource::payloadGPR):
551         (JSC::DFG::JSValueSource::hasKnownTag):
552         (JSC::DFG::JSValueSource::tag):
553         * dfg/DFGGenerationInfo.h:
554         (JSC::DFG::GenerationInfo::jsValueRegs):
555         * dfg/DFGGraph.h:
556         (JSC::DFG::Graph::valueProfileFor):
557         * dfg/DFGJITCodeGenerator.h:
558         (JSC::JSValueOperand::jsValueRegs):
559         * dfg/DFGJITCompiler.cpp:
560         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
561         * dfg/DFGJITCompiler.h:
562         (JSC::DFG::JITCompiler::valueProfileFor):
563         * dfg/DFGJITCompiler32_64.cpp:
564         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
565         * dfg/DFGPropagator.cpp:
566         (JSC::DFG::Propagator::propagateNodePredictions):
567         * dfg/DFGSpeculativeJIT.cpp:
568         (JSC::DFG::OSRExit::OSRExit):
569         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
570         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
571         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
572         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
573         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
574         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
575         * dfg/DFGSpeculativeJIT.h:
576         (JSC::DFG::SpeculativeJIT::speculationCheck):
577         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
578         * dfg/DFGSpeculativeJIT32_64.cpp:
579         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
580         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
581         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
582         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
583         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
584         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
585         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
586         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
587         (JSC::DFG::SpeculativeJIT::compile):
588         * dfg/DFGSpeculativeJIT64.cpp:
589         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
590         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
591         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
592         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
593         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
594         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
595         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
596         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
597         (JSC::DFG::SpeculativeJIT::emitBranch):
598         (JSC::DFG::SpeculativeJIT::compile):
599         * jit/JITPropertyAccess.cpp:
600         (JSC::JIT::emitSlow_op_method_check):
601         * jit/JITPropertyAccess32_64.cpp:
602         (JSC::JIT::emitSlow_op_method_check):
603         * runtime/Heuristics.cpp:
604         (JSC::Heuristics::initializeHeuristics):
605         * runtime/JSValue.h:
606
607 2011-10-31  Sam Weinig  <sam@webkit.org>
608
609         Remove need for virtual JSObject::unwrappedObject
610         https://bugs.webkit.org/show_bug.cgi?id=71034
611
612         Reviewed by Geoffrey Garen.
613
614         * JavaScriptCore.exp:
615         Update exports.
616
617         * CMakeLists.txt:
618         * GNUmakefile.list.am:
619         * JavaScriptCore.exp:
620         * JavaScriptCore.gypi:
621         * JavaScriptCore.pro:
622         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
623         * JavaScriptCore.xcodeproj/project.pbxproj:
624         Add JSGlobalThis.cpp.
625
626         * runtime/JSGlobalThis.cpp: Added.
627         (JSC::JSGlobalThis::visitChildren):
628         (JSC::JSGlobalThis::unwrappedObject):
629         * runtime/JSGlobalThis.h:
630         (JSC::JSGlobalThis::createStructure):
631         Move underlying object from JSDOMWindowShell down to JSGlobalThis
632         and corresponding visitChildren method.
633
634         * runtime/JSObject.cpp:
635         (JSC::JSObject::unwrappedObject):
636         Change unwrappedObject from virtual, to just needing an if check.
637
638         * runtime/JSObject.h:
639         (JSC::JSObject::isGlobalThis):
640         * runtime/JSType.h:
641         Add isGlobalThis predicate and type.
642
643 2011-10-31  Xianzhu Wang  <wangxianzhu@chromium.org>
644
645         WTF::StringImpl::create(const char*, unsigned) calls itself
646         https://bugs.webkit.org/show_bug.cgi?id=71206
647
648         The original implementation just calls itself, causing infinite recursion.
649         Cast the first parameter to const LChar* to fix that.
650
651         Reviewed by Ryosuke Niwa.
652
653         * wtf/text/StringImpl.h:
654         (WTF::StringImpl::create):
655
656 2011-10-31  Andy Wingo  <wingo@igalia.com>
657
658         Fix DFG JIT compilation on Linux targets.
659         https://bugs.webkit.org/show_bug.cgi?id=70904
660
661         Reviewed by Darin Adler.
662
663         * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
664         macro.
665
666         * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
667         simplified definition from jit/JITStubs.cpp.
668         (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
669         Use the macro to access trampoline targets through the PLT on PIC
670         systems, instead of introducing a text relocation.  Otherwise, the
671         library fails to link.
672
673 2011-10-31  Mark Hahnenberg  <mhahnenberg@apple.com>
674
675         De-virtualize JSObject::defineGetter
676         https://bugs.webkit.org/show_bug.cgi?id=71134
677
678         Reviewed by Darin Adler.
679
680         Added defineGetter to the MethodTable.  Replaced all virtual versions of defineGetter
681         with static versions.  Replaced all call sites with lookups in the MethodTable.
682
683         * JavaScriptCore.exp:
684         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
685         * debugger/DebuggerActivation.cpp:
686         (JSC::DebuggerActivation::defineGetter):
687         * debugger/DebuggerActivation.h:
688         * interpreter/Interpreter.cpp:
689         (JSC::Interpreter::privateExecute):
690         * jit/JITStubs.cpp:
691         (JSC::DEFINE_STUB_FUNCTION):
692         * runtime/ClassInfo.h:
693         * runtime/JSCell.cpp:
694         (JSC::JSCell::defineGetter):
695         * runtime/JSCell.h:
696         * runtime/JSGlobalObject.cpp:
697         (JSC::JSGlobalObject::defineGetter):
698         * runtime/JSGlobalObject.h:
699         * runtime/JSObject.cpp:
700         (JSC::JSObject::defineGetter):
701         (JSC::putDescriptor):
702         * runtime/JSObject.h:
703         * runtime/ObjectPrototype.cpp:
704         (JSC::objectProtoFuncDefineGetter):
705
706 2011-10-31  Michael Saboff  <msaboff@apple.com>
707
708         Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
709         https://bugs.webkit.org/show_bug.cgi?id=71138
710
711         Restructure and movement of Lexer and Parser code.
712         Moved Lexer and Parser objects out of JSGlobalData.
713         Added a new ParserTokens class and instance to JSGlobalData that
714         have JavaScript token related definitions.
715         Replaced JSGlobalData arguments to Node classes with lineNumber,
716         as that was the only use of the JSGlobalData.
717         Combined JSParser and Parser classes into one class,
718         eliminating JSParser.h and .cpp.
719         Various supporting #include changes.
720
721         These mostly mechanical changes are done in preparation to
722         making the Lexer and Parser template classes.
723
724         Reviewed by Darin Adler.
725
726         * CMakeLists.txt:
727         * GNUmakefile.list.am:
728         * JavaScriptCore.gypi:
729         * JavaScriptCore.pro:
730         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
731         * JavaScriptCore.xcodeproj/project.pbxproj:
732         * bytecompiler/NodesCodegen.cpp:
733         (JSC::ArrayNode::toArgumentList):
734         (JSC::ApplyFunctionCallDotNode::emitBytecode):
735         * parser/ASTBuilder.h:
736         (JSC::ASTBuilder::ASTBuilder):
737         (JSC::ASTBuilder::createSourceElements):
738         (JSC::ASTBuilder::createCommaExpr):
739         (JSC::ASTBuilder::createLogicalNot):
740         (JSC::ASTBuilder::createUnaryPlus):
741         (JSC::ASTBuilder::createVoid):
742         (JSC::ASTBuilder::thisExpr):
743         (JSC::ASTBuilder::createResolve):
744         (JSC::ASTBuilder::createObjectLiteral):
745         (JSC::ASTBuilder::createArray):
746         (JSC::ASTBuilder::createNumberExpr):
747         (JSC::ASTBuilder::createString):
748         (JSC::ASTBuilder::createBoolean):
749         (JSC::ASTBuilder::createNull):
750         (JSC::ASTBuilder::createBracketAccess):
751         (JSC::ASTBuilder::createDotAccess):
752         (JSC::ASTBuilder::createRegExp):
753         (JSC::ASTBuilder::createNewExpr):
754         (JSC::ASTBuilder::createConditionalExpr):
755         (JSC::ASTBuilder::createAssignResolve):
756         (JSC::ASTBuilder::createFunctionExpr):
757         (JSC::ASTBuilder::createFunctionBody):
758         (JSC::ASTBuilder::createGetterOrSetterProperty):
759         (JSC::ASTBuilder::createArguments):
760         (JSC::ASTBuilder::createArgumentsList):
761         (JSC::ASTBuilder::createPropertyList):
762         (JSC::ASTBuilder::createElementList):
763         (JSC::ASTBuilder::createFormalParameterList):
764         (JSC::ASTBuilder::createClause):
765         (JSC::ASTBuilder::createClauseList):
766         (JSC::ASTBuilder::createFuncDeclStatement):
767         (JSC::ASTBuilder::createBlockStatement):
768         (JSC::ASTBuilder::createExprStatement):
769         (JSC::ASTBuilder::createIfStatement):
770         (JSC::ASTBuilder::createForLoop):
771         (JSC::ASTBuilder::createForInLoop):
772         (JSC::ASTBuilder::createEmptyStatement):
773         (JSC::ASTBuilder::createVarStatement):
774         (JSC::ASTBuilder::createReturnStatement):
775         (JSC::ASTBuilder::createBreakStatement):
776         (JSC::ASTBuilder::createContinueStatement):
777         (JSC::ASTBuilder::createTryStatement):
778         (JSC::ASTBuilder::createSwitchStatement):
779         (JSC::ASTBuilder::createWhileStatement):
780         (JSC::ASTBuilder::createDoWhileStatement):
781         (JSC::ASTBuilder::createLabelStatement):
782         (JSC::ASTBuilder::createWithStatement):
783         (JSC::ASTBuilder::createThrowStatement):
784         (JSC::ASTBuilder::createDebugger):
785         (JSC::ASTBuilder::createConstStatement):
786         (JSC::ASTBuilder::appendConstDecl):
787         (JSC::ASTBuilder::combineCommaNodes):
788         (JSC::ASTBuilder::appendBinaryOperation):
789         (JSC::ASTBuilder::createAssignment):
790         (JSC::ASTBuilder::createNumber):
791         (JSC::ASTBuilder::makeTypeOfNode):
792         (JSC::ASTBuilder::makeDeleteNode):
793         (JSC::ASTBuilder::makeNegateNode):
794         (JSC::ASTBuilder::makeBitwiseNotNode):
795         (JSC::ASTBuilder::makeMultNode):
796         (JSC::ASTBuilder::makeDivNode):
797         (JSC::ASTBuilder::makeModNode):
798         (JSC::ASTBuilder::makeAddNode):
799         (JSC::ASTBuilder::makeSubNode):
800         (JSC::ASTBuilder::makeLeftShiftNode):
801         (JSC::ASTBuilder::makeRightShiftNode):
802         (JSC::ASTBuilder::makeURightShiftNode):
803         (JSC::ASTBuilder::makeBitOrNode):
804         (JSC::ASTBuilder::makeBitAndNode):
805         (JSC::ASTBuilder::makeBitXOrNode):
806         (JSC::ASTBuilder::makeFunctionCallNode):
807         (JSC::ASTBuilder::makeBinaryNode):
808         (JSC::ASTBuilder::makeAssignNode):
809         (JSC::ASTBuilder::makePrefixNode):
810         (JSC::ASTBuilder::makePostfixNode):
811         * parser/JSParser.cpp: Removed.
812         * parser/JSParser.h: Removed.
813         * parser/Lexer.cpp:
814         (JSC::Keywords::Keywords):
815         (JSC::Lexer::Lexer):
816         (JSC::Lexer::~Lexer):
817         (JSC::Lexer::setCode):
818         (JSC::Lexer::parseIdentifier):
819         * parser/Lexer.h:
820         (JSC::Keywords::isKeyword):
821         (JSC::Keywords::getKeyword):
822         (JSC::Keywords::~Keywords):
823         (JSC::Lexer::setIsReparsing):
824         (JSC::Lexer::isReparsing):
825         (JSC::Lexer::lineNumber):
826         (JSC::Lexer::setLastLineNumber):
827         (JSC::Lexer::lastLineNumber):
828         (JSC::Lexer::prevTerminator):
829         (JSC::Lexer::sawError):
830         (JSC::Lexer::getErrorMessage):
831         (JSC::Lexer::currentOffset):
832         (JSC::Lexer::setOffset):
833         (JSC::Lexer::setLineNumber):
834         (JSC::Lexer::sourceProvider):
835         (JSC::Lexer::isWhiteSpace):
836         (JSC::Lexer::isLineTerminator):
837         (JSC::Lexer::convertHex):
838         (JSC::Lexer::convertUnicode):
839         (JSC::Lexer::makeIdentifier):
840         (JSC::Lexer::lexExpectIdentifier):
841         * parser/NodeConstructors.h:
842         (JSC::ParserArenaFreeable::operator new):
843         (JSC::ParserArenaDeletable::operator new):
844         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
845         (JSC::Node::Node):
846         (JSC::ExpressionNode::ExpressionNode):
847         (JSC::StatementNode::StatementNode):
848         (JSC::NullNode::NullNode):
849         (JSC::BooleanNode::BooleanNode):
850         (JSC::NumberNode::NumberNode):
851         (JSC::StringNode::StringNode):
852         (JSC::RegExpNode::RegExpNode):
853         (JSC::ThisNode::ThisNode):
854         (JSC::ResolveNode::ResolveNode):
855         (JSC::ElementNode::ElementNode):
856         (JSC::ArrayNode::ArrayNode):
857         (JSC::PropertyNode::PropertyNode):
858         (JSC::PropertyListNode::PropertyListNode):
859         (JSC::ObjectLiteralNode::ObjectLiteralNode):
860         (JSC::BracketAccessorNode::BracketAccessorNode):
861         (JSC::DotAccessorNode::DotAccessorNode):
862         (JSC::ArgumentListNode::ArgumentListNode):
863         (JSC::ArgumentsNode::ArgumentsNode):
864         (JSC::NewExprNode::NewExprNode):
865         (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
866         (JSC::FunctionCallValueNode::FunctionCallValueNode):
867         (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
868         (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
869         (JSC::FunctionCallDotNode::FunctionCallDotNode):
870         (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
871         (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
872         (JSC::PrePostResolveNode::PrePostResolveNode):
873         (JSC::PostfixResolveNode::PostfixResolveNode):
874         (JSC::PostfixBracketNode::PostfixBracketNode):
875         (JSC::PostfixDotNode::PostfixDotNode):
876         (JSC::PostfixErrorNode::PostfixErrorNode):
877         (JSC::DeleteResolveNode::DeleteResolveNode):
878         (JSC::DeleteBracketNode::DeleteBracketNode):
879         (JSC::DeleteDotNode::DeleteDotNode):
880         (JSC::DeleteValueNode::DeleteValueNode):
881         (JSC::VoidNode::VoidNode):
882         (JSC::TypeOfResolveNode::TypeOfResolveNode):
883         (JSC::TypeOfValueNode::TypeOfValueNode):
884         (JSC::PrefixResolveNode::PrefixResolveNode):
885         (JSC::PrefixBracketNode::PrefixBracketNode):
886         (JSC::PrefixDotNode::PrefixDotNode):
887         (JSC::PrefixErrorNode::PrefixErrorNode):
888         (JSC::UnaryOpNode::UnaryOpNode):
889         (JSC::UnaryPlusNode::UnaryPlusNode):
890         (JSC::NegateNode::NegateNode):
891         (JSC::BitwiseNotNode::BitwiseNotNode):
892         (JSC::LogicalNotNode::LogicalNotNode):
893         (JSC::BinaryOpNode::BinaryOpNode):
894         (JSC::MultNode::MultNode):
895         (JSC::DivNode::DivNode):
896         (JSC::ModNode::ModNode):
897         (JSC::AddNode::AddNode):
898         (JSC::SubNode::SubNode):
899         (JSC::LeftShiftNode::LeftShiftNode):
900         (JSC::RightShiftNode::RightShiftNode):
901         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
902         (JSC::LessNode::LessNode):
903         (JSC::GreaterNode::GreaterNode):
904         (JSC::LessEqNode::LessEqNode):
905         (JSC::GreaterEqNode::GreaterEqNode):
906         (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
907         (JSC::InstanceOfNode::InstanceOfNode):
908         (JSC::InNode::InNode):
909         (JSC::EqualNode::EqualNode):
910         (JSC::NotEqualNode::NotEqualNode):
911         (JSC::StrictEqualNode::StrictEqualNode):
912         (JSC::NotStrictEqualNode::NotStrictEqualNode):
913         (JSC::BitAndNode::BitAndNode):
914         (JSC::BitOrNode::BitOrNode):
915         (JSC::BitXOrNode::BitXOrNode):
916         (JSC::LogicalOpNode::LogicalOpNode):
917         (JSC::ConditionalNode::ConditionalNode):
918         (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
919         (JSC::AssignResolveNode::AssignResolveNode):
920         (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
921         (JSC::AssignBracketNode::AssignBracketNode):
922         (JSC::AssignDotNode::AssignDotNode):
923         (JSC::ReadModifyDotNode::ReadModifyDotNode):
924         (JSC::AssignErrorNode::AssignErrorNode):
925         (JSC::CommaNode::CommaNode):
926         (JSC::ConstStatementNode::ConstStatementNode):
927         (JSC::SourceElements::SourceElements):
928         (JSC::EmptyStatementNode::EmptyStatementNode):
929         (JSC::DebuggerStatementNode::DebuggerStatementNode):
930         (JSC::ExprStatementNode::ExprStatementNode):
931         (JSC::VarStatementNode::VarStatementNode):
932         (JSC::IfNode::IfNode):
933         (JSC::IfElseNode::IfElseNode):
934         (JSC::DoWhileNode::DoWhileNode):
935         (JSC::WhileNode::WhileNode):
936         (JSC::ForNode::ForNode):
937         (JSC::ContinueNode::ContinueNode):
938         (JSC::BreakNode::BreakNode):
939         (JSC::ReturnNode::ReturnNode):
940         (JSC::WithNode::WithNode):
941         (JSC::LabelNode::LabelNode):
942         (JSC::ThrowNode::ThrowNode):
943         (JSC::TryNode::TryNode):
944         (JSC::ParameterNode::ParameterNode):
945         (JSC::FuncExprNode::FuncExprNode):
946         (JSC::FuncDeclNode::FuncDeclNode):
947         (JSC::CaseClauseNode::CaseClauseNode):
948         (JSC::ClauseListNode::ClauseListNode):
949         (JSC::CaseBlockNode::CaseBlockNode):
950         (JSC::SwitchNode::SwitchNode):
951         (JSC::ConstDeclNode::ConstDeclNode):
952         (JSC::BlockNode::BlockNode):
953         (JSC::ForInNode::ForInNode):
954         * parser/NodeInfo.h:
955         * parser/Nodes.cpp:
956         (JSC::StatementNode::setLoc):
957         (JSC::ScopeNode::ScopeNode):
958         (JSC::ProgramNode::ProgramNode):
959         (JSC::ProgramNode::create):
960         (JSC::EvalNode::EvalNode):
961         (JSC::EvalNode::create):
962         (JSC::FunctionBodyNode::FunctionBodyNode):
963         (JSC::FunctionBodyNode::create):
964         * parser/Nodes.h:
965         (JSC::Node::lineNo):
966         * parser/Parser.cpp:
967         (JSC::Parser::Parser):
968         (JSC::Parser::~Parser):
969         (JSC::Parser::parseInner):
970         (JSC::Parser::allowAutomaticSemicolon):
971         (JSC::Parser::parseSourceElements):
972         (JSC::Parser::parseVarDeclaration):
973         (JSC::Parser::parseConstDeclaration):
974         (JSC::Parser::parseDoWhileStatement):
975         (JSC::Parser::parseWhileStatement):
976         (JSC::Parser::parseVarDeclarationList):
977         (JSC::Parser::parseConstDeclarationList):
978         (JSC::Parser::parseForStatement):
979         (JSC::Parser::parseBreakStatement):
980         (JSC::Parser::parseContinueStatement):
981         (JSC::Parser::parseReturnStatement):
982         (JSC::Parser::parseThrowStatement):
983         (JSC::Parser::parseWithStatement):
984         (JSC::Parser::parseSwitchStatement):
985         (JSC::Parser::parseSwitchClauses):
986         (JSC::Parser::parseSwitchDefaultClause):
987         (JSC::Parser::parseTryStatement):
988         (JSC::Parser::parseDebuggerStatement):
989         (JSC::Parser::parseBlockStatement):
990         (JSC::Parser::parseStatement):
991         (JSC::Parser::parseFormalParameters):
992         (JSC::Parser::parseFunctionBody):
993         (JSC::Parser::parseFunctionInfo):
994         (JSC::Parser::parseFunctionDeclaration):
995         (JSC::LabelInfo::LabelInfo):
996         (JSC::Parser::parseExpressionOrLabelStatement):
997         (JSC::Parser::parseExpressionStatement):
998         (JSC::Parser::parseIfStatement):
999         (JSC::Parser::parseExpression):
1000         (JSC::Parser::parseAssignmentExpression):
1001         (JSC::Parser::parseConditionalExpression):
1002         (JSC::isUnaryOp):
1003         (JSC::Parser::isBinaryOperator):
1004         (JSC::Parser::parseBinaryExpression):
1005         (JSC::Parser::parseProperty):
1006         (JSC::Parser::parseObjectLiteral):
1007         (JSC::Parser::parseStrictObjectLiteral):
1008         (JSC::Parser::parseArrayLiteral):
1009         (JSC::Parser::parsePrimaryExpression):
1010         (JSC::Parser::parseArguments):
1011         (JSC::Parser::parseMemberExpression):
1012         (JSC::Parser::parseUnaryExpression):
1013         * parser/Parser.h:
1014         (JSC::isEvalNode):
1015         (JSC::EvalNode):
1016         (JSC::DepthManager::DepthManager):
1017         (JSC::DepthManager::~DepthManager):
1018         (JSC::ScopeLabelInfo::ScopeLabelInfo):
1019         (JSC::Scope::Scope):
1020         (JSC::Scope::startSwitch):
1021         (JSC::Scope::endSwitch):
1022         (JSC::Scope::startLoop):
1023         (JSC::Scope::endLoop):
1024         (JSC::Scope::inLoop):
1025         (JSC::Scope::breakIsValid):
1026         (JSC::Scope::continueIsValid):
1027         (JSC::Scope::pushLabel):
1028         (JSC::Scope::popLabel):
1029         (JSC::Scope::getLabel):
1030         (JSC::Scope::setIsFunction):
1031         (JSC::Scope::isFunction):
1032         (JSC::Scope::isFunctionBoundary):
1033         (JSC::Scope::declareVariable):
1034         (JSC::Scope::declareWrite):
1035         (JSC::Scope::preventNewDecls):
1036         (JSC::Scope::allowsNewDecls):
1037         (JSC::Scope::declareParameter):
1038         (JSC::Scope::useVariable):
1039         (JSC::Scope::setNeedsFullActivation):
1040         (JSC::Scope::collectFreeVariables):
1041         (JSC::Scope::getUncapturedWrittenVariables):
1042         (JSC::Scope::getCapturedVariables):
1043         (JSC::Scope::setStrictMode):
1044         (JSC::Scope::strictMode):
1045         (JSC::Scope::isValidStrictMode):
1046         (JSC::Scope::shadowsArguments):
1047         (JSC::Scope::copyCapturedVariablesToVector):
1048         (JSC::Scope::saveFunctionInfo):
1049         (JSC::Scope::restoreFunctionInfo):
1050         (JSC::ScopeRef::ScopeRef):
1051         (JSC::ScopeRef::operator->):
1052         (JSC::ScopeRef::index):
1053         (JSC::ScopeRef::hasContainingScope):
1054         (JSC::ScopeRef::containingScope):
1055         (JSC::Parser::AllowInOverride::AllowInOverride):
1056         (JSC::Parser::AllowInOverride::~AllowInOverride):
1057         (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
1058         (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
1059         (JSC::Parser::AutoPopScopeRef::setPopped):
1060         (JSC::Parser::currentScope):
1061         (JSC::Parser::pushScope):
1062         (JSC::Parser::popScopeInternal):
1063         (JSC::Parser::popScope):
1064         (JSC::Parser::declareVariable):
1065         (JSC::Parser::declareWrite):
1066         (JSC::Parser::findCachedFunctionInfo):
1067         (JSC::Parser::isFunctionBodyNode):
1068         (JSC::Parser::next):
1069         (JSC::Parser::nextExpectIdentifier):
1070         (JSC::Parser::nextTokenIsColon):
1071         (JSC::Parser::consume):
1072         (JSC::Parser::getToken):
1073         (JSC::Parser::match):
1074         (JSC::Parser::tokenStart):
1075         (JSC::Parser::tokenLine):
1076         (JSC::Parser::tokenEnd):
1077         (JSC::Parser::getTokenName):
1078         (JSC::Parser::updateErrorMessageSpecialCase):
1079         (JSC::Parser::updateErrorMessage):
1080         (JSC::Parser::updateErrorWithNameAndMessage):
1081         (JSC::Parser::startLoop):
1082         (JSC::Parser::endLoop):
1083         (JSC::Parser::startSwitch):
1084         (JSC::Parser::endSwitch):
1085         (JSC::Parser::setStrictMode):
1086         (JSC::Parser::strictMode):
1087         (JSC::Parser::isValidStrictMode):
1088         (JSC::Parser::declareParameter):
1089         (JSC::Parser::breakIsValid):
1090         (JSC::Parser::continueIsValid):
1091         (JSC::Parser::pushLabel):
1092         (JSC::Parser::popLabel):
1093         (JSC::Parser::getLabel):
1094         (JSC::Parser::autoSemiColon):
1095         (JSC::Parser::canRecurse):
1096         (JSC::Parser::lastTokenEnd):
1097         (JSC::Parser::DepthManager::DepthManager):
1098         (JSC::Parser::DepthManager::~DepthManager):
1099         (JSC::Parser::parse):
1100         (JSC::parse):
1101         * parser/ParserTokens.h: Added.
1102         (JSC::JSTokenInfo::JSTokenInfo):
1103         * parser/SourceCode.h:
1104         (JSC::SourceCode::subExpression):
1105         * parser/SourceProviderCacheItem.h:
1106         * parser/SyntaxChecker.h:
1107         (JSC::SyntaxChecker::SyntaxChecker):
1108         (JSC::SyntaxChecker::makeFunctionCallNode):
1109         (JSC::SyntaxChecker::createCommaExpr):
1110         (JSC::SyntaxChecker::makeAssignNode):
1111         (JSC::SyntaxChecker::makePrefixNode):
1112         (JSC::SyntaxChecker::makePostfixNode):
1113         (JSC::SyntaxChecker::makeTypeOfNode):
1114         (JSC::SyntaxChecker::makeDeleteNode):
1115         (JSC::SyntaxChecker::makeNegateNode):
1116         (JSC::SyntaxChecker::makeBitwiseNotNode):
1117         (JSC::SyntaxChecker::createLogicalNot):
1118         (JSC::SyntaxChecker::createUnaryPlus):
1119         (JSC::SyntaxChecker::createVoid):
1120         (JSC::SyntaxChecker::thisExpr):
1121         (JSC::SyntaxChecker::createResolve):
1122         (JSC::SyntaxChecker::createObjectLiteral):
1123         (JSC::SyntaxChecker::createArray):
1124         (JSC::SyntaxChecker::createNumberExpr):
1125         (JSC::SyntaxChecker::createString):
1126         (JSC::SyntaxChecker::createBoolean):
1127         (JSC::SyntaxChecker::createNull):
1128         (JSC::SyntaxChecker::createBracketAccess):
1129         (JSC::SyntaxChecker::createDotAccess):
1130         (JSC::SyntaxChecker::createRegExp):
1131         (JSC::SyntaxChecker::createNewExpr):
1132         (JSC::SyntaxChecker::createConditionalExpr):
1133         (JSC::SyntaxChecker::createAssignResolve):
1134         (JSC::SyntaxChecker::createFunctionExpr):
1135         (JSC::SyntaxChecker::createFunctionBody):
1136         (JSC::SyntaxChecker::createArguments):
1137         (JSC::SyntaxChecker::createArgumentsList):
1138         (JSC::SyntaxChecker::createProperty):
1139         (JSC::SyntaxChecker::createPropertyList):
1140         (JSC::SyntaxChecker::createFuncDeclStatement):
1141         (JSC::SyntaxChecker::createBlockStatement):
1142         (JSC::SyntaxChecker::createExprStatement):
1143         (JSC::SyntaxChecker::createIfStatement):
1144         (JSC::SyntaxChecker::createForLoop):
1145         (JSC::SyntaxChecker::createForInLoop):
1146         (JSC::SyntaxChecker::createEmptyStatement):
1147         (JSC::SyntaxChecker::createVarStatement):
1148         (JSC::SyntaxChecker::createReturnStatement):
1149         (JSC::SyntaxChecker::createBreakStatement):
1150         (JSC::SyntaxChecker::createContinueStatement):
1151         (JSC::SyntaxChecker::createTryStatement):
1152         (JSC::SyntaxChecker::createSwitchStatement):
1153         (JSC::SyntaxChecker::createWhileStatement):
1154         (JSC::SyntaxChecker::createWithStatement):
1155         (JSC::SyntaxChecker::createDoWhileStatement):
1156         (JSC::SyntaxChecker::createLabelStatement):
1157         (JSC::SyntaxChecker::createThrowStatement):
1158         (JSC::SyntaxChecker::createDebugger):
1159         (JSC::SyntaxChecker::createConstStatement):
1160         (JSC::SyntaxChecker::appendConstDecl):
1161         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1162         (JSC::SyntaxChecker::combineCommaNodes):
1163         (JSC::SyntaxChecker::operatorStackPop):
1164         * runtime/Executable.cpp:
1165         (JSC::EvalExecutable::compileInternal):
1166         (JSC::ProgramExecutable::checkSyntax):
1167         (JSC::ProgramExecutable::compileInternal):
1168         (JSC::FunctionExecutable::produceCodeBlockFor):
1169         (JSC::FunctionExecutable::fromGlobalCode):
1170         * runtime/JSGlobalData.cpp:
1171         (JSC::JSGlobalData::JSGlobalData):
1172         (JSC::JSGlobalData::~JSGlobalData):
1173         * runtime/JSGlobalData.h:
1174         * runtime/LiteralParser.cpp:
1175         (JSC::LiteralParser::tryJSONPParse):
1176
1177 2011-10-31  Filip Pizlo  <fpizlo@apple.com>
1178
1179         REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
1180         https://bugs.webkit.org/show_bug.cgi?id=71227
1181
1182         Reviewed by Oliver Hunt.
1183         
1184         No new tests, since while I can see exactly where the DFG went wrong on the
1185         site in question from looking at the generated machine code, and while I can
1186         certainly believe that such a scenario would happen, I cannot visualize how
1187         to make it happen reproducibly. It requires an odd combination of double
1188         values getting spilled and then refilled, but then reboxed at just the right
1189         time so that the spilled value is an unboxed double while the in-register
1190         value is a boxed double.
1191
1192         * dfg/DFGJITCodeGenerator.h:
1193         (JSC::DFG::JITCodeGenerator::silentFillGPR):
1194
1195 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
1196
1197         JSParser::parsePrimaryExpression should have an overflow check
1198         https://bugs.webkit.org/show_bug.cgi?id=71197
1199
1200         Reviewed by Geoff Garen.
1201
1202         * parser/JSParser.cpp:
1203         (JSC::JSParser::parsePrimaryExpression):
1204
1205 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
1206
1207         DFG ValueAdd(string, int) should not fail speculation
1208         https://bugs.webkit.org/show_bug.cgi?id=71195
1209
1210         Reviewed by Geoff Garen.
1211         
1212         1% speed-up on V8.
1213
1214         * dfg/DFGNode.h:
1215         (JSC::DFG::Node::shouldNotSpeculateInteger):
1216         (JSC::DFG::Node::shouldSpeculateInteger):
1217
1218 2011-10-30  Filip Pizlo  <fpizlo@apple.com>
1219
1220         The DFG inliner should not flush the callee
1221         https://bugs.webkit.org/show_bug.cgi?id=71191
1222
1223         Reviewed by Oliver Hunt.
1224         
1225         0.6% speed-up on V8.
1226
1227         * bytecode/CodeBlock.cpp:
1228         (JSC::CodeBlock::visitAggregate):
1229         * bytecode/CodeOrigin.h:
1230         * dfg/DFGByteCodeParser.cpp:
1231         (JSC::DFG::ByteCodeParser::flush):
1232         (JSC::DFG::ByteCodeParser::handleInlining):
1233         (JSC::DFG::ByteCodeParser::parseBlock):
1234         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1235         (JSC::DFG::ByteCodeParser::parse):
1236         * dfg/DFGJITCompiler.cpp:
1237         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1238         * dfg/DFGJITCompiler32_64.cpp:
1239         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
1240         * interpreter/CallFrame.cpp:
1241         (JSC::CallFrame::trueCallerFrameSlow):
1242
1243 2011-10-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1244
1245         De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
1246         https://bugs.webkit.org/show_bug.cgi?id=70968
1247
1248         Reviewed by Geoffrey Garen.
1249
1250         * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
1251         TypeInfo.  Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that 
1252         needed it because Windows wouldn't build without it.
1253         (JSC::::createStructure):
1254         * API/JSCallbackObject.h:
1255         * JavaScriptCore.exp:
1256         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1257         * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure. 
1258         (JSC::ErrorInstance::createStructure):
1259         * runtime/ErrorPrototype.h: Ditto
1260         (JSC::ErrorPrototype::createStructure):
1261         * runtime/JSActivation.h: Ditto
1262         (JSC::JSActivation::createStructure):
1263         * runtime/JSGlobalObject.h: Ditto
1264         (JSC::JSGlobalObject::createStructure):
1265         * runtime/JSObject.h: De-virtualized functions.  They now check the JSType of the object for the corresponding type.
1266         (JSC::JSObject::isGlobalObject):
1267         (JSC::JSObject::isVariableObject):
1268         (JSC::JSObject::isActivationObject):
1269         (JSC::JSObject::isErrorInstance):
1270         * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
1271         * runtime/JSVariableObject.cpp: Removed virtual function.
1272         * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
1273         (JSC::JSVariableObject::createStructure):
1274
1275 2011-10-28  Pavel Feldman  <pfeldman@google.com>
1276
1277         Reset line numbers for scripts generated with document.write.
1278         https://bugs.webkit.org/show_bug.cgi?id=71099
1279
1280         Reviewed by Yury Semikhatsky.
1281
1282         * wtf/text/TextPosition.h:
1283         (WTF::OrdinalNumber::OrdinalNumber):
1284
1285 2011-10-27  Daniel Bates  <dbates@rim.com>
1286
1287         CMake: Add support to optionally install the built JavaScript shell
1288         https://bugs.webkit.org/show_bug.cgi?id=71062
1289
1290         Reviewed by Antonio Gomes.
1291
1292         Generate an installation rule for installing the JavaScript shell in
1293         /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
1294         is defined.
1295
1296         * shell/CMakeLists.txt:
1297
1298 2011-10-27  Kentaro Hara  <haraken@chromium.org>
1299
1300         Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
1301         https://bugs.webkit.org/show_bug.cgi?id=70215
1302
1303         Reviewed by Adam Barth.
1304
1305         Added a method that judges if a given JSValue is empty.
1306
1307         Tests: transforms/svg-vs-css.xhtml
1308                transforms/cssmatrix-2d-interface.xhtml
1309                transforms/cssmatrix-3d-interface.xhtml
1310
1311         * runtime/JSValue.h:
1312         * runtime/JSValueInlineMethods.h:
1313         (JSC::JSValue::isEmpty):
1314
1315 2011-10-27  Michael Saboff  <msaboff@apple.com>
1316
1317         ENH: Add 8 bit string support to JSC JIT
1318         https://bugs.webkit.org/show_bug.cgi?id=71073
1319
1320         Changed the JIT String character access generation to create code
1321         to check the character size and load8() or load16() as approriate.
1322
1323         Reviewed by Gavin Barraclough.
1324
1325         * assembler/MacroAssemblerX86Common.h:
1326         (JSC::MacroAssemblerX86Common::load8):
1327         * assembler/X86Assembler.h:
1328         (JSC::X86Assembler::movzbl_mr):
1329         * dfg/DFGSpeculativeJIT.cpp:
1330         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1331         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1332         * jit/JITInlineMethods.h:
1333         (JSC::JIT::emitLoadCharacterString):
1334         * jit/JITPropertyAccess.cpp:
1335         (JSC::JIT::stringGetByValStubGenerator):
1336         * jit/JITPropertyAccess32_64.cpp:
1337         (JSC::JIT::stringGetByValStubGenerator):
1338         * jit/JSInterfaceJIT.h:
1339         (JSC::ThunkHelpers::stringImplFlagsOffset):
1340         (JSC::ThunkHelpers::stringImpl8BitFlag):
1341         * jit/ThunkGenerators.cpp:
1342         (JSC::stringCharLoad):
1343
1344 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
1345
1346         If the bytecode generator emits code after the return in the first basic block,
1347         DFG's inliner crashes
1348         https://bugs.webkit.org/show_bug.cgi?id=71071
1349
1350         Reviewed by Gavin Barraclough.
1351         
1352         Removed some cruft dealing with parsing failures due to unsupported functionality
1353         (that's never reached anymore due to it being caught in DFGCapabilities). This
1354         allowed me to repurpose the bool return from parseBlock() to mean: true if we
1355         should continue to parse, or false if we've already parsed all live code.
1356
1357         * dfg/DFGByteCodeParser.cpp:
1358         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1359         (JSC::DFG::ByteCodeParser::parseBlock):
1360         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1361
1362 2011-10-27  Joseph Pecoraro  <pecoraro@apple.com>
1363
1364         Reviewed by David Kilzer.
1365
1366         Make FeatureDefines Identical Across OS X Projects
1367         https://bugs.webkit.org/show_bug.cgi?id=71051
1368
1369         * Configurations/FeatureDefines.xcconfig:
1370
1371 2011-10-27  Filip Pizlo  <fpizlo@apple.com>
1372
1373         Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
1374         https://bugs.webkit.org/show_bug.cgi?id=71045
1375
1376         Reviewed by Geoff Garen.
1377         
1378         Make sure that if a structure is pinned, it also has a property map.
1379
1380         * runtime/Structure.cpp:
1381         (JSC::Structure::changePrototypeTransition):
1382         (JSC::Structure::despecifyFunctionTransition):
1383         (JSC::Structure::getterSetterTransition):
1384         (JSC::Structure::toDictionaryTransition):
1385         (JSC::Structure::preventExtensionsTransition):
1386         (JSC::Structure::addPropertyWithoutTransition):
1387         (JSC::Structure::removePropertyWithoutTransition):
1388         (JSC::Structure::pin):
1389         (JSC::Structure::copyPropertyTableForPinning):
1390         * runtime/Structure.h:
1391         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1392
1393 2011-10-27  Michael Saboff  <msaboff@apple.com>
1394
1395         32bit build failure after r98624
1396         https://bugs.webkit.org/show_bug.cgi?id=71064
1397
1398         Disambiguated operator overload with unsigned index (0u).
1399
1400         Reviewed by Sam Weinig.
1401
1402         * runtime/UString.h:
1403         (JSC::operator==):
1404
1405 2011-10-27  Gustavo Noronha Silva  <gns@gnome.org>
1406
1407         Fix building on GNU/kFreeBSD
1408         https://bugs.webkit.org/show_bug.cgi?id=71005
1409
1410         Reviewed by Darin Adler.
1411
1412         * config.h:
1413         * wtf/Platform.h:
1414
1415 2011-10-27  Michael Saboff  <msaboff@apple.com>
1416
1417         Investigate storing strings in 8-bit buffers when possible
1418         https://bugs.webkit.org/show_bug.cgi?id=66161
1419
1420         Investigate storing strings in 8-bit buffers when possible
1421         https://bugs.webkit.org/show_bug.cgi?id=66161
1422
1423         Added support for 8 bit string data in StringImpl.  Changed
1424         (UChar*) m_data to m_data16.  Added char* m_data8 as a union
1425         with m_data16.  Added UChar* m_copyData16 to the other union
1426         to store a 16 bit copy of an 8 bit string when needed.
1427         Added characters8() and characters16() accessor methods
1428         that assume the caller has checked the underlying string type
1429         via the new is8Bit() method. The characters() method will
1430         return a UChar* of the string, materializing a 16 bit copy if the
1431         string is an 8 bit string.  Added two flags, one for 8 bit buffer
1432         and a second for a 16 bit copy for an 8 bit string.
1433
1434         Fixed method name typo (StringHasher::defaultCoverter()).
1435
1436         Over time the goal is to eliminate calls to characters() and
1437         us the character8() and characters16() accessors.
1438
1439         This patch does not include changes that actually create 8 bit
1440         strings. This is the first of at least 8 patches.  Subsequent
1441         patches will be submitted for JIT changes, making the JSC lexer,
1442         parser and literal parser, JavaScript string changes and
1443         then changes in webcore to take advantage of the 8 bit strings.
1444
1445         This change is performance neutral for SunSpider and V8 when
1446         run from the command line with "jsc".
1447
1448         Reviewed by Geoffrey Garen.
1449
1450         * JavaScriptCore.exp:
1451         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
1452         * interpreter/Interpreter.cpp:
1453         (JSC::Interpreter::callEval):
1454         * parser/SourceProvider.h:
1455         (JSC::UStringSourceProvider::data):
1456         (JSC::UStringSourceProvider::UStringSourceProvider):
1457         * runtime/Identifier.cpp:
1458         (JSC::IdentifierCStringTranslator::hash):
1459         (JSC::IdentifierCStringTranslator::equal):
1460         (JSC::IdentifierCStringTranslator::translate):
1461         (JSC::Identifier::add):
1462         (JSC::Identifier::toUInt32):
1463         * runtime/Identifier.h:
1464         (JSC::Identifier::equal):
1465         (JSC::operator==):
1466         (JSC::operator!=):
1467         * runtime/JSString.cpp:
1468         (JSC::JSString::resolveRope):
1469         (JSC::JSString::resolveRopeSlowCase):
1470         * runtime/RegExp.cpp:
1471         (JSC::RegExp::match):
1472         * runtime/StringPrototype.cpp:
1473         (JSC::jsSpliceSubstringsWithSeparators):
1474         * runtime/UString.cpp:
1475         (JSC::UString::UString):
1476         (JSC::equalSlowCase):
1477         (JSC::UString::utf8):
1478         * runtime/UString.h:
1479         (JSC::UString::characters):
1480         (JSC::UString::characters8):
1481         (JSC::UString::characters16):
1482         (JSC::UString::is8Bit):
1483         (JSC::UString::operator[]):
1484         (JSC::UString::find):
1485         (JSC::operator==):
1486         * wtf/StringHasher.h:
1487         (WTF::StringHasher::computeHash):
1488         (WTF::StringHasher::defaultConverter):
1489         * wtf/text/AtomicString.cpp:
1490         (WTF::CStringTranslator::hash):
1491         (WTF::CStringTranslator::equal):
1492         (WTF::CStringTranslator::translate):
1493         (WTF::AtomicString::add):
1494         * wtf/text/AtomicString.h:
1495         (WTF::AtomicString::AtomicString):
1496         (WTF::AtomicString::contains):
1497         (WTF::AtomicString::find):
1498         (WTF::AtomicString::add):
1499         (WTF::operator==):
1500         (WTF::operator!=):
1501         (WTF::equalIgnoringCase):
1502         * wtf/text/StringConcatenate.h:
1503         * wtf/text/StringHash.h:
1504         (WTF::StringHash::equal):
1505         (WTF::CaseFoldingHash::hash):
1506         * wtf/text/StringImpl.cpp:
1507         (WTF::StringImpl::~StringImpl):
1508         (WTF::StringImpl::createUninitialized):
1509         (WTF::StringImpl::create):
1510         (WTF::StringImpl::getData16SlowCase):
1511         (WTF::StringImpl::containsOnlyWhitespace):
1512         (WTF::StringImpl::substring):
1513         (WTF::StringImpl::characterStartingAt):
1514         (WTF::StringImpl::lower):
1515         (WTF::StringImpl::upper):
1516         (WTF::StringImpl::fill):
1517         (WTF::StringImpl::foldCase):
1518         (WTF::StringImpl::stripMatchedCharacters):
1519         (WTF::StringImpl::removeCharacters):
1520         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
1521         (WTF::StringImpl::toIntStrict):
1522         (WTF::StringImpl::toUIntStrict):
1523         (WTF::StringImpl::toInt64Strict):
1524         (WTF::StringImpl::toUInt64Strict):
1525         (WTF::StringImpl::toIntPtrStrict):
1526         (WTF::StringImpl::toInt):
1527         (WTF::StringImpl::toUInt):
1528         (WTF::StringImpl::toInt64):
1529         (WTF::StringImpl::toUInt64):
1530         (WTF::StringImpl::toIntPtr):
1531         (WTF::StringImpl::toDouble):
1532         (WTF::StringImpl::toFloat):
1533         (WTF::equal):
1534         (WTF::equalIgnoringCase):
1535         (WTF::StringImpl::find):
1536         (WTF::StringImpl::findIgnoringCase):
1537         (WTF::StringImpl::reverseFind):
1538         (WTF::StringImpl::replace):
1539         (WTF::StringImpl::defaultWritingDirection):
1540         (WTF::StringImpl::adopt):
1541         (WTF::StringImpl::createWithTerminatingNullCharacter):
1542         * wtf/text/StringImpl.h:
1543         (WTF::StringImpl::StringImpl):
1544         (WTF::StringImpl::create):
1545         (WTF::StringImpl::create8):
1546         (WTF::StringImpl::tryCreateUninitialized):
1547         (WTF::StringImpl::flagsOffset):
1548         (WTF::StringImpl::flagIs8Bit):
1549         (WTF::StringImpl::dataOffset):
1550         (WTF::StringImpl::is8Bit):
1551         (WTF::StringImpl::characters8):
1552         (WTF::StringImpl::characters16):
1553         (WTF::StringImpl::characters):
1554         (WTF::StringImpl::has16BitShadow):
1555         (WTF::StringImpl::setHash):
1556         (WTF::StringImpl::hash):
1557         (WTF::StringImpl::copyChars):
1558         (WTF::StringImpl::operator[]):
1559         (WTF::StringImpl::find):
1560         (WTF::StringImpl::findIgnoringCase):
1561         (WTF::equal):
1562         (WTF::equalIgnoringCase):
1563         (WTF::StringImpl::isolatedCopy):
1564         * wtf/text/WTFString.cpp:
1565         (WTF::String::String):
1566         (WTF::String::append):
1567         (WTF::String::format):
1568         (WTF::String::fromUTF8):
1569         (WTF::String::fromUTF8WithLatin1Fallback):
1570         * wtf/text/WTFString.h:
1571         (WTF::String::find):
1572         (WTF::String::findIgnoringCase):
1573         (WTF::String::contains):
1574         (WTF::String::append):
1575         (WTF::String::fromUTF8):
1576         (WTF::String::fromUTF8WithLatin1Fallback):
1577         (WTF::operator==):
1578         (WTF::operator!=):
1579         (WTF::equalIgnoringCase):
1580         * wtf/unicode/Unicode.h:
1581         * yarr/YarrJIT.cpp:
1582         (JSC::Yarr::execute):
1583         * yarr/YarrJIT.h:
1584         (JSC::Yarr::YarrCodeBlock::execute):
1585         * yarr/YarrParser.h:
1586         (JSC::Yarr::Parser::Parser):
1587
1588 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1589
1590         Fixing windows build
1591
1592         Unreviewed build fix
1593
1594         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1595
1596 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1597
1598         Add ability to check for presence of static members at compile time
1599         https://bugs.webkit.org/show_bug.cgi?id=70986
1600
1601         Reviewed by Geoffrey Garen.
1602
1603         Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the 
1604         HAS_MEMBER_NAMED macro to use that template to check if the specified class 
1605         does indeed have a method with that name.  This mechanism is not currently 
1606         used anywhere, but will be in the future when adding virtual methods from 
1607         JSObject to the MethodTable.
1608
1609         * runtime/ClassInfo.h:
1610
1611 2011-10-27  Mark Hahnenberg  <mhahnenberg@apple.com>
1612
1613         De-virtualize JSCell::toThisObject
1614         https://bugs.webkit.org/show_bug.cgi?id=70958
1615
1616         Reviewed by Geoffrey Garen.
1617
1618         Converted all instances of toThisObject to static functions, 
1619         added toThisObject to the MethodTable, and replaced all call sites
1620         with a corresponding lookup in the MethodTable.
1621
1622         * API/JSContextRef.cpp:
1623         * JavaScriptCore.exp:
1624         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1625         * runtime/ClassInfo.h:
1626         * runtime/JSActivation.cpp:
1627         (JSC::JSActivation::toThisObject):
1628         * runtime/JSActivation.h:
1629         * runtime/JSCell.cpp:
1630         (JSC::JSCell::toThisObject):
1631         * runtime/JSCell.h:
1632         * runtime/JSObject.cpp:
1633         (JSC::JSObject::put):
1634         (JSC::JSObject::toThisObject):
1635         * runtime/JSObject.h:
1636         (JSC::JSValue::toThisObject):
1637         * runtime/JSStaticScopeObject.cpp:
1638         (JSC::JSStaticScopeObject::toThisObject):
1639         * runtime/JSStaticScopeObject.h:
1640         * runtime/JSString.cpp:
1641         (JSC::JSString::toThisObject):
1642         * runtime/JSString.h:
1643         * runtime/StrictEvalActivation.cpp:
1644         (JSC::StrictEvalActivation::toThisObject):
1645         * runtime/StrictEvalActivation.h:
1646
1647 2011-10-27  Yuqiang Xian  <yuqiang.xian@intel.com>
1648
1649         Fix a small bug in callOperation after r98431
1650         https://bugs.webkit.org/show_bug.cgi?id=70984
1651
1652         Reviewed by Geoffrey Garen.
1653
1654         TrustedImmPtr is not expecting "int" type parameters.
1655
1656         * dfg/DFGJITCodeGenerator.h:
1657         (JSC::DFG::callOperation):
1658
1659 2011-10-26  Oliver Hunt  <oliver@apple.com>
1660
1661         Restore structure-clearing behaviour of allocateCell<>
1662         https://bugs.webkit.org/show_bug.cgi?id=70976
1663
1664         Reviewed by Geoffrey Garen.
1665
1666         This restores the logic that allows the markstack to filter
1667         live objects that have not yet been initialised.
1668
1669         * runtime/JSCell.h:
1670         (JSC::JSCell::clearStructure):
1671            Validation-safe method to clear a cell's structure.
1672         (JSC::allocateCell):
1673            Call the above method.
1674         * runtime/Structure.h:
1675         (JSC::MarkStack::internalAppend):
1676            Don't visit cells that haven't been initialised.
1677
1678 2011-10-26  Filip Pizlo  <fpizlo@apple.com>
1679
1680         REGRESSION (r97030): Cannot log in to progressive.com
1681         https://bugs.webkit.org/show_bug.cgi?id=70094
1682
1683         Reviewed by Oliver Hunt.
1684
1685         * dfg/DFGByteCodeParser.cpp:
1686         (JSC::DFG::ByteCodeParser::handleCall):
1687
1688 2011-10-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1689
1690         Remove getOwnPropertySlotVirtual
1691         https://bugs.webkit.org/show_bug.cgi?id=70741
1692
1693         Reviewed by Geoffrey Garen.
1694
1695         Removed all declarations and definitions of getOwnPropertySlotVirtual.
1696         Also replaced all call sites to getOwnPropertyVirtualVirtual with a 
1697         corresponding lookup in the MethodTable.
1698
1699         * API/JSCallbackObject.h:
1700         * API/JSCallbackObjectFunctions.h:
1701         (JSC::::getOwnPropertyDescriptor):
1702         * JavaScriptCore.exp:
1703         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1704         * debugger/DebuggerActivation.cpp:
1705         (JSC::DebuggerActivation::getOwnPropertySlot):
1706         * debugger/DebuggerActivation.h:
1707         * runtime/Arguments.cpp:
1708         * runtime/Arguments.h:
1709         * runtime/ArrayConstructor.cpp:
1710         * runtime/ArrayConstructor.h:
1711         * runtime/ArrayPrototype.cpp:
1712         * runtime/ArrayPrototype.h:
1713         * runtime/BooleanPrototype.cpp:
1714         * runtime/BooleanPrototype.h:
1715         * runtime/DateConstructor.cpp:
1716         * runtime/DateConstructor.h:
1717         * runtime/DatePrototype.cpp:
1718         * runtime/DatePrototype.h:
1719         (JSC::DatePrototype::create):
1720         * runtime/ErrorPrototype.cpp:
1721         * runtime/ErrorPrototype.h:
1722         * runtime/JSActivation.cpp:
1723         * runtime/JSActivation.h:
1724         * runtime/JSArray.cpp:
1725         (JSC::JSArray::getOwnPropertySlotByIndex):
1726         * runtime/JSArray.h:
1727         * runtime/JSByteArray.cpp:
1728         * runtime/JSByteArray.h:
1729         * runtime/JSCell.cpp:
1730         * runtime/JSCell.h:
1731         * runtime/JSFunction.cpp:
1732         (JSC::JSFunction::getOwnPropertyDescriptor):
1733         (JSC::JSFunction::getOwnPropertyNames):
1734         (JSC::JSFunction::put):
1735         * runtime/JSFunction.h:
1736         * runtime/JSGlobalObject.cpp:
1737         * runtime/JSGlobalObject.h:
1738         * runtime/JSNotAnObject.cpp:
1739         * runtime/JSNotAnObject.h:
1740         * runtime/JSONObject.cpp:
1741         (JSC::Stringifier::Holder::appendNextProperty):
1742         (JSC::Walker::walk):
1743         * runtime/JSONObject.h:
1744         * runtime/JSObject.cpp:
1745         (JSC::JSObject::getOwnPropertySlotByIndex):
1746         (JSC::JSObject::hasOwnProperty):
1747         * runtime/JSObject.h:
1748         (JSC::JSCell::fastGetOwnPropertySlot):
1749         (JSC::JSObject::getPropertySlot):
1750         (JSC::JSValue::get):
1751         * runtime/JSStaticScopeObject.cpp:
1752         * runtime/JSStaticScopeObject.h:
1753         * runtime/JSString.cpp:
1754         (JSC::JSString::getOwnPropertySlot):
1755         * runtime/JSString.h:
1756         * runtime/MathObject.cpp:
1757         * runtime/MathObject.h:
1758         (JSC::MathObject::create):
1759         * runtime/NumberConstructor.cpp:
1760         * runtime/NumberConstructor.h:
1761         * runtime/NumberPrototype.cpp:
1762         * runtime/NumberPrototype.h:
1763         * runtime/ObjectConstructor.cpp:
1764         * runtime/ObjectConstructor.h:
1765         * runtime/ObjectPrototype.cpp:
1766         * runtime/ObjectPrototype.h:
1767         * runtime/RegExpConstructor.cpp:
1768         * runtime/RegExpConstructor.h:
1769         * runtime/RegExpMatchesArray.h:
1770         (JSC::RegExpMatchesArray::createStructure):
1771         * runtime/RegExpObject.cpp:
1772         * runtime/RegExpObject.h:
1773         * runtime/RegExpPrototype.cpp:
1774         * runtime/RegExpPrototype.h:
1775         * runtime/StringConstructor.cpp:
1776         * runtime/StringConstructor.h:
1777         * runtime/StringObject.cpp:
1778         * runtime/StringObject.h:
1779         * runtime/StringPrototype.cpp:
1780         * runtime/StringPrototype.h:
1781
1782 2011-10-26  Alejandro G. Castro  <alex@igalia.com>
1783
1784         [GTK] [WK2] Add WebKit2 distcheck support
1785         https://bugs.webkit.org/show_bug.cgi?id=70933
1786
1787         Reviewed by Martin Robinson.
1788
1789         * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
1790
1791 2011-10-26  Michael Saboff  <msaboff@apple.com>
1792
1793         Increase StringImpl Flag Bits for 8 bit Strings
1794         https://bugs.webkit.org/show_bug.cgi?id=70937
1795
1796         Increased the number of bits used for flags in StringImpl
1797         from 6 to 8 bits. This frees up 2 flag bits that will be
1798         used for 8-bit string support. Updated hash methods accordingly.
1799         Changed hash value masking from the low bits to the high
1800         bits.
1801
1802         Reviewed by Darin Adler.
1803
1804         * create_hash_table:
1805         * wtf/StringHasher.h:
1806         (WTF::StringHasher::hash):
1807         * wtf/text/StringImpl.h:
1808
1809 2011-10-26  Dan Bernstein  <mitz@apple.com>
1810
1811         Build fix.
1812
1813         Reverted r98488, which caused the scripts’ status messages to be included in the generated
1814         files.
1815
1816         * create_hash_table:
1817         * create_jit_stubs:
1818
1819 2011-10-26  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>
1820
1821         Don't print regular output to STDERR when generating hashtables and JIT stubs
1822
1823         Reviewed by Simon Hausmann.
1824
1825         * create_hash_table:
1826         * create_jit_stubs:
1827
1828 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
1829
1830         Split DFGJITCodeGenerator::callOperation methods
1831         https://bugs.webkit.org/show_bug.cgi?id=70870
1832
1833         Reviewed by Filip Pizlo.
1834
1835         The DFGJITCodeGenerator currently contains two sets of callOperation methods.
1836         One set works with the JSVALUE64 value representation and passes arguments in
1837         registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
1838         value representation and passes arguments in memory  (suitable for use on x86).
1839         By refactoring out the representation and calling convention specific aspects
1840         of the code we can also configure the DFG JIT to operator on platforms that use
1841         the JSVALUE32_64 value representation but pass arguments in registers.
1842
1843         On platforms supported by the JIT, the payload precedes the tag of a value in
1844         argument/result ordering, as such, in order to make the setupResults method
1845         generally applicable to return the results of a function that are returned in
1846         two registers, the ordering of arguments to this function has been reversed -
1847         as is the ordering of augments passed to setupArguments methods, with respect
1848         to the ordering with which they are passed in to callOperation.
1849         This inconsistency will be resolved in a later change when we combine the pairs
1850         of arguments passed into callOperation, such that the function signatures can
1851         be made consistent across the two value representations (the callOperation
1852         methods will be passed a reference to a struct representing the JSValue
1853         temporary, this will consist of two gprs on 32_64 and one on 64).
1854
1855         * dfg/DFGJITCodeGenerator.h:
1856         (JSC::DFG::resetCallArguments):
1857         (JSC::DFG::addCallArgument):
1858             - moved, removed tag,payload version of this method.
1859         (JSC::DFG::setupArguments):
1860         (JSC::DFG::setupArgumentsExecState):
1861         (JSC::DFG::setupArgumentsWithExecState):
1862             - Calling convention specific portion of callOperation refactored out into these methods.
1863         (JSC::DFG::callOperation):
1864             - updated these methods to use setupArguments* methods.
1865         (JSC::DFG::setupResults):
1866             - setupResults is now passed payload,tag.
1867         (JSC::DFG::appendCallWithExceptionCheckSetResult):
1868             - Added fpr versions of this function.
1869         (JSC::DFG::appendCallSetResult):
1870             - Added versions of this function without exception check.
1871         * dfg/DFGJITCodeGenerator32_64.cpp:
1872         (JSC::DFG::JITCodeGenerator::emitCall):
1873             - setupResults is now passed payload,tag.
1874
1875 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1876
1877         Remove deletePropertyVirtual
1878         https://bugs.webkit.org/show_bug.cgi?id=70738
1879
1880         Reviewed by Geoffrey Garen.
1881
1882         Removed all declarations and definitions of deletePropertyVirtual.
1883         Also replaced all call sites to deletePropertyVirtual with a 
1884         corresponding lookup in the MethodTable.
1885
1886         * API/JSCallbackObject.h:
1887         * API/JSCallbackObjectFunctions.h:
1888         (JSC::::deletePropertyByIndex):
1889         * API/JSObjectRef.cpp:
1890         (JSObjectDeleteProperty):
1891         * JavaScriptCore.exp:
1892         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1893         * debugger/DebuggerActivation.cpp:
1894         (JSC::DebuggerActivation::deleteProperty):
1895         * debugger/DebuggerActivation.h:
1896         * interpreter/Interpreter.cpp:
1897         (JSC::Interpreter::privateExecute):
1898         * jit/JITStubs.cpp:
1899         (JSC::DEFINE_STUB_FUNCTION):
1900         * runtime/Arguments.cpp:
1901         * runtime/Arguments.h:
1902         * runtime/ArrayPrototype.cpp:
1903         (JSC::arrayProtoFuncPop):
1904         (JSC::arrayProtoFuncReverse):
1905         (JSC::arrayProtoFuncShift):
1906         (JSC::arrayProtoFuncSplice):
1907         (JSC::arrayProtoFuncUnShift):
1908         * runtime/JSActivation.cpp:
1909         * runtime/JSActivation.h:
1910         * runtime/JSArray.cpp:
1911         (JSC::JSArray::deleteProperty):
1912         (JSC::JSArray::deletePropertyByIndex):
1913         * runtime/JSArray.h:
1914         * runtime/JSCell.cpp:
1915         (JSC::JSCell::deleteProperty):
1916         (JSC::JSCell::deletePropertyByIndex):
1917         * runtime/JSCell.h:
1918         * runtime/JSFunction.cpp:
1919         * runtime/JSFunction.h:
1920         * runtime/JSNotAnObject.cpp:
1921         * runtime/JSNotAnObject.h:
1922         * runtime/JSONObject.cpp:
1923         (JSC::Walker::walk):
1924         * runtime/JSObject.cpp:
1925         (JSC::JSObject::deletePropertyByIndex):
1926         (JSC::JSObject::defineOwnProperty):
1927         * runtime/JSObject.h:
1928         * runtime/JSVariableObject.cpp:
1929         * runtime/JSVariableObject.h:
1930         * runtime/RegExpMatchesArray.h:
1931         * runtime/StrictEvalActivation.cpp:
1932         * runtime/StrictEvalActivation.h:
1933         * runtime/StringObject.cpp:
1934         * runtime/StringObject.h:
1935
1936 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
1937
1938         Remove putVirtual
1939         https://bugs.webkit.org/show_bug.cgi?id=70740
1940
1941         Reviewed by Geoffrey Garen.
1942
1943         Removed all declarations and definitions of putVirtual.
1944         Also replaced all call sites to putVirtual with a 
1945         corresponding lookup in the MethodTable.
1946
1947         * API/JSCallbackObject.h:
1948         * API/JSCallbackObjectFunctions.h:
1949         * API/JSObjectRef.cpp:
1950         (JSObjectSetProperty):
1951         (JSObjectSetPropertyAtIndex):
1952         * JavaScriptCore.exp:
1953         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1954         * debugger/DebuggerActivation.cpp:
1955         (JSC::DebuggerActivation::put):
1956         * debugger/DebuggerActivation.h:
1957         * dfg/DFGOperations.cpp:
1958         * interpreter/Interpreter.cpp:
1959         (JSC::Interpreter::execute):
1960         (JSC::Interpreter::privateExecute):
1961         * jsc.cpp:
1962         (GlobalObject::finishCreation):
1963         * runtime/Arguments.cpp:
1964         * runtime/Arguments.h:
1965         * runtime/ArrayPrototype.cpp:
1966         (JSC::putProperty):
1967         (JSC::arrayProtoFuncConcat):
1968         (JSC::arrayProtoFuncPush):
1969         (JSC::arrayProtoFuncReverse):
1970         (JSC::arrayProtoFuncShift):
1971         (JSC::arrayProtoFuncSlice):
1972         (JSC::arrayProtoFuncSort):
1973         (JSC::arrayProtoFuncSplice):
1974         (JSC::arrayProtoFuncUnShift):
1975         (JSC::arrayProtoFuncFilter):
1976         (JSC::arrayProtoFuncMap):
1977         * runtime/JSActivation.cpp:
1978         * runtime/JSActivation.h:
1979         * runtime/JSArray.cpp:
1980         (JSC::JSArray::putSlowCase):
1981         (JSC::JSArray::push):
1982         (JSC::JSArray::shiftCount):
1983         (JSC::JSArray::unshiftCount):
1984         * runtime/JSArray.h:
1985         * runtime/JSByteArray.cpp:
1986         * runtime/JSByteArray.h:
1987         * runtime/JSCell.cpp:
1988         (JSC::JSCell::put):
1989         (JSC::JSCell::putByIndex):
1990         * runtime/JSCell.h:
1991         * runtime/JSFunction.cpp:
1992         * runtime/JSFunction.h:
1993         * runtime/JSGlobalObject.cpp:
1994         * runtime/JSGlobalObject.h:
1995         * runtime/JSNotAnObject.cpp:
1996         * runtime/JSNotAnObject.h:
1997         * runtime/JSONObject.cpp:
1998         (JSC::Walker::walk):
1999         * runtime/JSObject.cpp:
2000         (JSC::JSObject::putByIndex):
2001         (JSC::JSObject::defineOwnProperty):
2002         * runtime/JSObject.h:
2003         (JSC::JSValue::put):
2004         * runtime/JSStaticScopeObject.cpp:
2005         * runtime/JSStaticScopeObject.h:
2006         * runtime/ObjectPrototype.cpp:
2007         * runtime/ObjectPrototype.h:
2008         * runtime/RegExpConstructor.cpp:
2009         * runtime/RegExpConstructor.h:
2010         * runtime/RegExpMatchesArray.h:
2011         * runtime/RegExpObject.cpp:
2012         * runtime/RegExpObject.h:
2013         * runtime/StringObject.cpp:
2014         * runtime/StringObject.h:
2015         * runtime/StringPrototype.cpp:
2016         (JSC::stringProtoFuncSplit):
2017
2018 2011-10-25  Gavin Barraclough  <barraclough@apple.com>
2019
2020         Separate out function linking & exception check data structures.
2021         https://bugs.webkit.org/show_bug.cgi?id=70858
2022
2023         Reviewed by Oliver Hunt.
2024
2025         This will make it easier to refactor the callOperation methods to spilt the value
2026         representation specific handling from the cpu/calling-convention implementation.
2027
2028         * dfg/DFGJITCodeGenerator.h:
2029         (JSC::DFG::appendCallWithExceptionCheck):
2030         * dfg/DFGJITCodeGenerator32_64.cpp:
2031         (JSC::DFG::JITCodeGenerator::emitCall):
2032         * dfg/DFGJITCodeGenerator64.cpp:
2033         (JSC::DFG::JITCodeGenerator::emitCall):
2034         * dfg/DFGJITCompiler.cpp:
2035         (JSC::DFG::JITCompiler::compileBody):
2036         (JSC::DFG::JITCompiler::link):
2037         * dfg/DFGJITCompiler.h:
2038         (JSC::DFG::CallLinkRecord::CallLinkRecord):
2039         (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
2040         (JSC::DFG::JITCompiler::JITCompiler):
2041         (JSC::DFG::JITCompiler::notifyCall):
2042         (JSC::DFG::JITCompiler::appendCall):
2043         (JSC::DFG::JITCompiler::addExceptionCheck):
2044         (JSC::DFG::JITCompiler::addFastExceptionCheck):
2045         * dfg/DFGJITCompiler32_64.cpp:
2046         (JSC::DFG::JITCompiler::compileBody):
2047         (JSC::DFG::JITCompiler::link):
2048
2049 2011-10-25  Filip Pizlo  <fpizlo@apple.com>
2050
2051         Tiered compilation may introduce dangling pointers in constant buffers
2052         https://bugs.webkit.org/show_bug.cgi?id=70854
2053
2054         Reviewed by Oliver Hunt.
2055         
2056         Tiered compilation now copies constant buffers, which fixes the regression in
2057         https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
2058         regression relies on a subtle interleaving of optimized compilation and garbage
2059         collection, and cannot be reproduced in a simple test.
2060         
2061         This also adds some new debug support, which was used to fix this bug and is
2062         likely to be useful in the future.
2063
2064         * bytecode/CodeBlock.cpp:
2065         (JSC::CodeBlock::copyDataFrom):
2066         (JSC::CodeBlock::usesOpcode):
2067         * bytecode/CodeBlock.h:
2068         * dfg/DFGGraph.cpp:
2069         (JSC::DFG::Graph::dump):
2070
2071 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2072
2073         Fixing Windows build after r98367
2074
2075         Unreviewed build fix
2076
2077         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2078
2079 2011-10-25  Yuqiang Xian  <yuqiang.xian@intel.com>
2080
2081         Add missing DFG file entries to the make lists for GTK and Qt ports
2082         https://bugs.webkit.org/show_bug.cgi?id=70806
2083
2084         Reviewed by Darin Adler.
2085
2086         * GNUmakefile.list.am:
2087         * JavaScriptCore.pro:
2088
2089 2011-10-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2090
2091         Add getOwnPropertySlot to MethodTable
2092         https://bugs.webkit.org/show_bug.cgi?id=69807
2093
2094         Reviewed by Oliver Hunt.
2095
2096         * JavaScriptCore.exp:
2097         * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
2098         * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can 
2099         reference it in their MethodTables.
2100
2101 2011-10-25  Oliver Hunt  <oliver@apple.com>
2102
2103         Need to support marking of multiple nested codeblocks when compiling
2104         https://bugs.webkit.org/show_bug.cgi?id=70832
2105
2106         Reviewed by Gavin Barraclough.
2107
2108         When inlining a function we end up with multiple codeblocks being
2109         compiled at the same time, so we need to support a list of live
2110         codeblocks.
2111
2112         * heap/Heap.cpp:
2113         (JSC::Heap::markRoots):
2114         * runtime/JSGlobalData.cpp:
2115         (JSC::JSGlobalData::JSGlobalData):
2116         * runtime/JSGlobalData.h:
2117         (JSC::JSGlobalData::startedCompiling):
2118         (JSC::JSGlobalData::finishedCompiling):
2119
2120 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
2121
2122         DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
2123         https://bugs.webkit.org/show_bug.cgi?id=70798
2124
2125         Reviewed by Filip Pizlo.
2126
2127         When filling an integer for a known integer node (not speculated), it
2128         should accept DataFormatJSInteger as well.
2129
2130         * dfg/DFGJITCodeGenerator32_64.cpp:
2131         (JSC::DFG::JITCodeGenerator::fillInteger):
2132
2133 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
2134
2135         Build fix: removed some cases of threadsafeCopy() that I missed in
2136         my previous patch.
2137
2138         * JavaScriptCore.order:
2139
2140 2011-10-24  Geoffrey Garen  <ggaren@apple.com>
2141
2142         Removed SharedUChar and tightened language around its previous uses
2143         https://bugs.webkit.org/show_bug.cgi?id=70698
2144
2145         Reviewed by David Levin.
2146
2147         - Removed SharedUChar because most of its functionality has moved into
2148         other abstraction layers, and we want remaining clients to choose their
2149         abstractions explicitly instead of relying on StringImpl to provide this
2150         behavior implicitly, since we think they can sometimes make more efficient
2151         choices.
2152
2153         - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
2154         the former names could give the impression that the resulting object was
2155         thread-safe, but actually it's just an isolated copy, which is not
2156         thread-safe by itself, but can be used to implement a thread-safe
2157         algorithm through isolation.
2158
2159         * wtf/CrossThreadRefCounted.h: Removed.
2160
2161         * JavaScriptCore.exp: Export!
2162
2163         * wtf/text/StringImpl.cpp:
2164         (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
2165
2166         * wtf/text/StringImpl.h:
2167         (WTF::StringImpl::length): Ditto.
2168
2169         (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
2170
2171         * wtf/text/WTFString.cpp:
2172         (WTF::String::isolatedCopy):
2173         * wtf/text/WTFString.h: Updated for StringImpl changes.
2174
2175         * API/OpaqueJSString.h:
2176         * GNUmakefile.list.am:
2177         * JavaScriptCore.exp:
2178         * JavaScriptCore.gypi:
2179         * JavaScriptCore.order:
2180         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2181         * JavaScriptCore.xcodeproj/project.pbxproj:
2182         * wtf/CMakeLists.txt:
2183         * wtf/OwnFastMallocPtr.h:
2184         * wtf/RefCounted.h:
2185         * wtf/SizeLimits.cpp:
2186         * wtf/ThreadSafeRefCounted.h:
2187         * wtf/wtf.pri:
2188         * yarr/YarrPattern.h: Updated these files to accomodate removal of
2189         CrossThreadRefCounted.h.
2190
2191 2011-10-24  Oliver Hunt  <oliver@apple.com>
2192
2193         Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
2194         https://bugs.webkit.org/show_bug.cgi?id=70689
2195
2196         Reviewed by Filip Pizlo.
2197
2198         While performing codegen we need to make the GlobalData explicitly
2199         aware of the codeblock being compiled, as compilation may trigger GC
2200         and CodeBlock holds GC values, but has not yet been assigned to its
2201         owner executable.
2202
2203         * bytecompiler/BytecodeGenerator.cpp:
2204         (JSC::BytecodeGenerator::BytecodeGenerator):
2205         (JSC::BytecodeGenerator::~BytecodeGenerator):
2206         * bytecompiler/BytecodeGenerator.h:
2207         * heap/AllocationSpace.cpp:
2208         (JSC::AllocationSpace::allocateSlowCase):
2209         * heap/Heap.cpp:
2210         (JSC::Heap::markRoots):
2211         * runtime/JSGlobalData.cpp:
2212         (JSC::JSGlobalData::JSGlobalData):
2213         * runtime/JSGlobalData.h:
2214         (JSC::JSGlobalData::startedCompiling):
2215         (JSC::JSGlobalData::finishedCompiling):
2216
2217 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
2218
2219         Object-or-other branch speculation may corrupt the state for OSR if the child of the
2220         branch is an integer
2221         https://bugs.webkit.org/show_bug.cgi?id=70777
2222
2223         Reviewed by Oliver Hunt.
2224
2225         * dfg/DFGSpeculativeJIT64.cpp:
2226         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2227
2228 2011-10-24  Filip Pizlo  <fpizlo@apple.com>
2229
2230         op_new_array_buffer is not inlined correctly
2231         https://bugs.webkit.org/show_bug.cgi?id=70770
2232
2233         Reviewed by Oliver Hunt.
2234         
2235         Disabled inlining of op_new_array_buffer, for now.
2236
2237         * dfg/DFGCapabilities.h:
2238         (JSC::DFG::canInlineOpcode):
2239
2240 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
2241
2242         Add boolean speculations to DFG JIT 32_64
2243         https://bugs.webkit.org/show_bug.cgi?id=70706
2244
2245         Reviewed by Filip Pizlo.
2246
2247         Different from the boolean speculations in DFG 64, the boolean
2248         speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
2249         boolean instead of a JSBoolean. This choice is not only for
2250         performance, but also to save a register as we're short of registers on
2251         X86.
2252         To accomplish this we make use of DataFormatBoolean, allow a value to
2253         be represented as a primitive boolean and converted from/to a
2254         JSBoolean.
2255         This patch also fixes SpillOrder in 32_64, which should be different
2256         from 64, and fixes needDataFormatConversion logic in 32_64.
2257
2258         * assembler/MacroAssemblerX86Common.h:
2259         (JSC::MacroAssemblerX86Common::branchTest32):
2260             We don't expect byte test actually as it doesn't work for registers
2261             esp..edi on X86.
2262         * dfg/DFGGenerationInfo.h:
2263         (JSC::DFG::needDataFormatConversion):
2264         (JSC::DFG::GenerationInfo::initBoolean):
2265         (JSC::DFG::GenerationInfo::gpr):
2266         (JSC::DFG::GenerationInfo::fillInteger):
2267         (JSC::DFG::GenerationInfo::fillBoolean):
2268         * dfg/DFGJITCodeGenerator.cpp:
2269         (JSC::DFG::JITCodeGenerator::checkConsistency):
2270         * dfg/DFGJITCodeGenerator.h:
2271         (JSC::DFG::JITCodeGenerator::use):
2272         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
2273         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2274         (JSC::DFG::JITCodeGenerator::spill):
2275         (JSC::DFG::cellResult):
2276         (JSC::DFG::booleanResult):
2277         * dfg/DFGJITCodeGenerator32_64.cpp:
2278         (JSC::DFG::JITCodeGenerator::fillJSValue):
2279         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
2280         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
2281         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
2282         * dfg/DFGJITCompiler32_64.cpp:
2283         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2284         * dfg/DFGSpeculativeJIT.cpp:
2285         (JSC::DFG::ValueSource::dump):
2286         (JSC::DFG::ValueRecovery::dump):
2287         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2288         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2289         * dfg/DFGSpeculativeJIT.h:
2290         (JSC::DFG::ValueSource::forPrediction):
2291         (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
2292         (JSC::DFG::ValueRecovery::inGPR):
2293         (JSC::DFG::ValueRecovery::gpr):
2294         * dfg/DFGSpeculativeJIT32_64.cpp:
2295         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2296         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2297         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2298         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2299         (JSC::DFG::SpeculativeJIT::compare):
2300         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2301         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2302         (JSC::DFG::SpeculativeJIT::emitBranch):
2303         (JSC::DFG::SpeculativeJIT::compile):
2304
2305 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
2306
2307         Fixing Windows build
2308
2309         Unreviewed build fix
2310
2311         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2312
2313 2011-10-24  Yuqiang Xian  <yuqiang.xian@intel.com>
2314
2315         BitVector isInline check could fail
2316         https://bugs.webkit.org/show_bug.cgi?id=70691
2317
2318         Reviewed by Geoffrey Garen.
2319
2320         Current BitVector uses the highest bit of m_bitsOrPointer to indicate
2321         whether it's an inlined bit set or a pointer to an outOfLine bit set.
2322         This check may fail in case the pointer also has the highest bit set,
2323         which is surely possible on IA32 (Linux).
2324         In this case the check failure can result in unexpected behaviors,
2325         for example if the BitVector is incorrectly determined as having an
2326         inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
2327         modify the memory adjacent to the BitVector object.
2328         This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
2329         or outofline, based on the assumption that the pointer to OutOfLineBits
2330         should be 4 or 8 byte aligned.
2331         We could mark the lowest bit (bit 0) with 1 for inlined bit set,
2332         and bits 1~bitsInPointer are used for bit set/test.
2333         In this case we need do one bit more shift for bit set/test.
2334
2335         * wtf/BitVector.cpp:
2336         (WTF::BitVector::resizeOutOfLine):
2337         * wtf/BitVector.h:
2338         (WTF::BitVector::quickGet):
2339         (WTF::BitVector::quickSet):
2340         (WTF::BitVector::quickClear):
2341         (WTF::BitVector::makeInlineBits):
2342         (WTF::BitVector::isInline):
2343
2344 2011-10-24  Mark Hahnenberg  <mhahnenberg@apple.com>
2345
2346         Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
2347         https://bugs.webkit.org/show_bug.cgi?id=70271
2348
2349         Reviewed by Darin Adler.
2350
2351         Renaming versions of getOwnPropertySlot that use an unsigned as the property
2352         name to "getOwnPropertySlotByIndex" in preparation for adding them to the 
2353         MethodTable, which requires unique names for each method.
2354
2355         * JavaScriptCore.exp:
2356         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2357         * runtime/Arguments.cpp:
2358         (JSC::Arguments::getOwnPropertySlotVirtual):
2359         (JSC::Arguments::getOwnPropertySlotByIndex):
2360         * runtime/Arguments.h:
2361         * runtime/JSArray.cpp:
2362         (JSC::JSArray::getOwnPropertySlotVirtual):
2363         (JSC::JSArray::getOwnPropertySlotByIndex):
2364         (JSC::JSArray::getOwnPropertySlot):
2365         * runtime/JSArray.h:
2366         * runtime/JSByteArray.cpp:
2367         (JSC::JSByteArray::getOwnPropertySlotVirtual):
2368         (JSC::JSByteArray::getOwnPropertySlotByIndex):
2369         * runtime/JSByteArray.h:
2370         * runtime/JSCell.cpp:
2371         (JSC::JSCell::getOwnPropertySlotVirtual):
2372         (JSC::JSCell::getOwnPropertySlotByIndex):
2373         * runtime/JSCell.h:
2374         * runtime/JSNotAnObject.cpp:
2375         (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
2376         (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
2377         * runtime/JSNotAnObject.h:
2378         * runtime/JSObject.cpp:
2379         (JSC::JSObject::getOwnPropertySlotVirtual):
2380         (JSC::JSObject::getOwnPropertySlotByIndex):
2381         * runtime/JSObject.h:
2382         * runtime/JSString.cpp:
2383         (JSC::JSString::getOwnPropertySlotVirtual):
2384         (JSC::JSString::getOwnPropertySlotByIndex):
2385         * runtime/JSString.h:
2386         * runtime/ObjectPrototype.cpp:
2387         (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
2388         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
2389         * runtime/ObjectPrototype.h:
2390         * runtime/RegExpMatchesArray.h:
2391         (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
2392         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
2393         * runtime/StringObject.cpp:
2394         (JSC::StringObject::getOwnPropertySlotVirtual):
2395         (JSC::StringObject::getOwnPropertySlotByIndex):
2396         * runtime/StringObject.h:
2397
2398 2011-10-24  Patrick Gansterer  <paroga@webkit.org>
2399
2400         Interpreter build fix after r98179.
2401
2402         * bytecode/CodeBlock.h:
2403         Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
2404         since it is only used there.
2405
2406 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2407
2408         Fixed a typo Darin spotted.
2409
2410         * wtf/StringHasher.h:
2411         (WTF::StringHasher::hash): Expelliarmus!
2412
2413 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2414
2415         Removed StringImpl::createStrippingNullCharacters
2416         https://bugs.webkit.org/show_bug.cgi?id=70700
2417
2418         Reviewed by David Levin.
2419         
2420         It was unused.
2421
2422         * JavaScriptCore.exp:
2423         * wtf/text/StringImpl.cpp:
2424         * wtf/text/StringImpl.h:
2425
2426 2011-10-22  Filip Pizlo  <fpizlo@apple.com>
2427
2428         DFG should inline constructors
2429         https://bugs.webkit.org/show_bug.cgi?id=70675
2430
2431         Reviewed by Oliver Hunt.
2432         
2433         Adds support for inlining constructors. Also fixes two pathologies
2434         uncovered along the way: CheckMethod claimed that it never returned a
2435         result (causing CheckMethod -> SetLocal -> GetLocal sequences to
2436         result in the GetLocal doing OSR exit), and get_by_id parsing never
2437         checked if it was hot in slow path. Also fiddled with inlining
2438         heuristics; it appears that for now, the more inlining, the happier
2439         V8 is. Finally, a bug was uncovered where a silent spill of a boxed
2440         integer that had previously been spilled unboxed causes the silent
2441         fill to forget to unbox.
2442         
2443         This appears to be a 4% speed-up on V8 in their harness, or a 1%
2444         speed-up in my harness. The difference is due to warm-up: in my
2445         harness we see significant amounts of time spent in compilation, but
2446         in V8's harness compilation gets amortizes. Profiling indicates that
2447         we have the potential for a 5% win from basic optimizations like
2448         generating OSR exits lazily and holding onto bytecode longer.
2449
2450         * dfg/DFGAbstractState.cpp:
2451         (JSC::DFG::AbstractState::execute):
2452         * dfg/DFGByteCodeParser.cpp:
2453         (JSC::DFG::ByteCodeParser::handleCall):
2454         (JSC::DFG::ByteCodeParser::handleInlining):
2455         (JSC::DFG::ByteCodeParser::handleMinMax):
2456         (JSC::DFG::ByteCodeParser::parseBlock):
2457         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2458         (JSC::DFG::ByteCodeParser::parse):
2459         * dfg/DFGCapabilities.h:
2460         (JSC::DFG::mightInlineFunctionForConstruct):
2461         (JSC::DFG::canInlineOpcode):
2462         (JSC::DFG::mightInlineFunctionFor):
2463         (JSC::DFG::canInlineFunctionFor):
2464         * dfg/DFGJITCodeGenerator.h:
2465         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2466         * runtime/Executable.h:
2467         (JSC::isCall):
2468         (JSC::ExecutableBase::intrinsicFor):
2469         * runtime/Heuristics.cpp:
2470         (JSC::Heuristics::initializeHeuristics):
2471         * runtime/Heuristics.h:
2472
2473 2011-10-23  Noel Gordon  <noel.gordon@gmail.com>
2474
2475         [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
2476         https://bugs.webkit.org/show_bug.cgi?id=70703
2477
2478         Reviewed by Kent Tamura.
2479
2480         runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
2481         to these files from the gyp project files.
2482
2483         * JavaScriptCore.gypi:
2484
2485 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2486
2487         Add deleteProperty to the MethodTable
2488         https://bugs.webkit.org/show_bug.cgi?id=70162
2489
2490         Reviewed by Sam Weinig.
2491
2492         * JavaScriptCore.exp:
2493         * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
2494         * runtime/JSFunction.h: Changed JSFunction::deleteProperty to 
2495         be protected rather than private for subclasses who don't provide their own
2496         implementation.
2497
2498 2011-10-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2499
2500         Remove getConstructDataVirtual
2501         https://bugs.webkit.org/show_bug.cgi?id=70638
2502
2503         Reviewed by Darin Adler.
2504
2505         Removed all declarations and definitions of getConstructDataVirtual.
2506         Also replaced all call sites to getConstructDataVirtual with a 
2507         corresponding lookup in the MethodTable.
2508
2509         * API/JSCallbackConstructor.cpp:
2510         * API/JSCallbackConstructor.h:
2511         * API/JSCallbackObject.h:
2512         * API/JSCallbackObjectFunctions.h:
2513         * API/JSObjectRef.cpp:
2514         (JSObjectIsConstructor):
2515         (JSObjectCallAsConstructor):
2516         * JavaScriptCore.exp:
2517         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2518         * dfg/DFGOperations.cpp:
2519         * interpreter/Interpreter.cpp:
2520         (JSC::Interpreter::privateExecute):
2521         * jit/JITStubs.cpp:
2522         (JSC::DEFINE_STUB_FUNCTION):
2523         * runtime/ArrayConstructor.cpp:
2524         * runtime/ArrayConstructor.h:
2525         * runtime/BooleanConstructor.cpp:
2526         * runtime/BooleanConstructor.h:
2527         * runtime/DateConstructor.cpp:
2528         * runtime/DateConstructor.h:
2529         * runtime/Error.h:
2530         (JSC::StrictModeTypeErrorFunction::getConstructData):
2531         * runtime/ErrorConstructor.cpp:
2532         * runtime/ErrorConstructor.h:
2533         * runtime/FunctionConstructor.cpp:
2534         * runtime/FunctionConstructor.h:
2535         * runtime/JSCell.cpp:
2536         * runtime/JSCell.h:
2537         * runtime/JSFunction.cpp:
2538         * runtime/JSFunction.h:
2539         * runtime/JSObject.h:
2540         (JSC::getConstructData):
2541         * runtime/NativeErrorConstructor.cpp:
2542         * runtime/NativeErrorConstructor.h:
2543         * runtime/NumberConstructor.cpp:
2544         * runtime/NumberConstructor.h:
2545         * runtime/ObjectConstructor.cpp:
2546         * runtime/ObjectConstructor.h:
2547         * runtime/RegExpConstructor.cpp:
2548         * runtime/RegExpConstructor.h:
2549         * runtime/StringConstructor.cpp:
2550         * runtime/StringConstructor.h:
2551
2552 2011-10-23  Geoffrey Garen  <ggaren@apple.com>
2553
2554         Try to fix the SL build.
2555
2556         * dfg/DFGByteCodeParser.cpp:
2557         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
2558         away int vs unisgned warning.
2559
2560 2011-10-21  Geoffrey Garen  <ggaren@apple.com>
2561
2562         Separated string lifetime bits from character buffer state bits
2563         https://bugs.webkit.org/show_bug.cgi?id=70673
2564
2565         Reviewed by Anders Carlsson.
2566         
2567         Moved the static/immortal bit into the bottom bit of the refcount, and
2568         moved all other bits into the high bits of the hash code.
2569         
2570         This is the first step toward a new Characters/PassString class, and it
2571         makes ref/deref slightly more efficient.
2572
2573         * create_hash_table:
2574         * wtf/StringHasher.h:
2575         (WTF::StringHasher::hash): Tweaked the string hashing function to leave
2576         the top bits clear, so they can be used as flags.
2577         
2578         Fixed some small differences between the PERL copy of this function and
2579         the C++ copy of this function, which could have in theory caused subtle
2580         crashes.
2581
2582         * wtf/text/StringImpl.cpp:
2583         (WTF::StringImpl::sharedBuffer):
2584         (WTF::StringImpl::createWithTerminatingNullCharacter):
2585         * wtf/text/StringImpl.h:
2586         (WTF::StringImpl::StringImpl):
2587         (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
2588         s_didReportExtraCost, since the original name was both self-contradictory
2589         and used as a double-negative.
2590
2591         (WTF::StringImpl::isIdentifier):
2592         (WTF::StringImpl::setIsIdentifier):
2593         (WTF::StringImpl::hasTerminatingNullCharacter):
2594         (WTF::StringImpl::isAtomic):
2595         (WTF::StringImpl::setIsAtomic):
2596         (WTF::StringImpl::setHash):
2597         (WTF::StringImpl::rawHash):
2598         (WTF::StringImpl::hasHash):
2599         (WTF::StringImpl::existingHash):
2600         (WTF::StringImpl::hash):
2601         (WTF::StringImpl::hasOneRef):
2602         (WTF::StringImpl::ref):
2603         (WTF::StringImpl::deref):
2604         (WTF::StringImpl::bufferOwnership):
2605         (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
2606         bit of the refcount. Now, all lifetime information lives in the refcount
2607         field. Moved the other bits into the hash code field.
2608
2609 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
2610
2611         DFG inlining sometimes fails to reset constant references
2612         https://bugs.webkit.org/show_bug.cgi?id=70668
2613
2614         Reviewed by Anders Carlsson.
2615         
2616         Reset constant references when we need to (new block created) and not
2617         when we don't (change of inlining depth).
2618
2619         * dfg/DFGByteCodeParser.cpp:
2620         (JSC::DFG::ByteCodeParser::handleInlining):
2621         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
2622         (JSC::DFG::ByteCodeParser::parseBlock):
2623         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2624
2625 2011-10-21  Filip Pizlo  <fpizlo@apple.com>
2626
2627         DFG should have inlining
2628         https://bugs.webkit.org/show_bug.cgi?id=69996
2629
2630         Reviewed by Oliver Hunt.
2631         
2632         Implements inlining that's hooked into the bytecode parser. Only
2633         works for calls, for now, though nothing fundamentally prevents us
2634         from inlining constructor calls. 2% overall speed-up on all
2635         benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
2636         richards respectively), neutral on Kraken and SunSpider. 
2637         
2638         * bytecode/CodeBlock.cpp:
2639         (JSC::CodeBlock::visitAggregate):
2640         * bytecode/CodeBlock.h:
2641         (JSC::CodeBlock::baselineVersion):
2642         (JSC::CodeBlock::setInstructionCount):
2643         (JSC::CodeBlock::likelyToTakeSlowCase):
2644         (JSC::CodeBlock::couldTakeSlowCase):
2645         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
2646         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
2647         (JSC::CodeBlock::likelyToTakeAnySlowCase):
2648         * bytecode/CodeOrigin.h:
2649         (JSC::CodeOrigin::inlineDepthForCallFrame):
2650         (JSC::CodeOrigin::inlineDepth):
2651         (JSC::CodeOrigin::operator==):
2652         (JSC::CodeOrigin::inlineStack):
2653         * bytecompiler/BytecodeGenerator.cpp:
2654         (JSC::BytecodeGenerator::generate):
2655         * dfg/DFGAbstractState.cpp:
2656         (JSC::DFG::AbstractState::beginBasicBlock):
2657         (JSC::DFG::AbstractState::execute):
2658         (JSC::DFG::AbstractState::mergeStateAtTail):
2659         * dfg/DFGBasicBlock.h:
2660         (JSC::DFG::BasicBlock::BasicBlock):
2661         (JSC::DFG::BasicBlock::ensureLocals):
2662         (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
2663         * dfg/DFGByteCodeParser.cpp:
2664         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2665         (JSC::DFG::ByteCodeParser::getDirect):
2666         (JSC::DFG::ByteCodeParser::get):
2667         (JSC::DFG::ByteCodeParser::setDirect):
2668         (JSC::DFG::ByteCodeParser::set):
2669         (JSC::DFG::ByteCodeParser::getLocal):
2670         (JSC::DFG::ByteCodeParser::getArgument):
2671         (JSC::DFG::ByteCodeParser::flush):
2672         (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
2673         (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
2674         (JSC::DFG::ByteCodeParser::handleInlining):
2675         (JSC::DFG::ByteCodeParser::parseBlock):
2676         (JSC::DFG::ByteCodeParser::processPhiStack):
2677         (JSC::DFG::ByteCodeParser::linkBlock):
2678         (JSC::DFG::ByteCodeParser::linkBlocks):
2679         (JSC::DFG::ByteCodeParser::handleSuccessor):
2680         (JSC::DFG::ByteCodeParser::determineReachability):
2681         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2682         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2683         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2684         (JSC::DFG::ByteCodeParser::parse):
2685         * dfg/DFGCapabilities.cpp:
2686         (JSC::DFG::canHandleOpcodes):
2687         (JSC::DFG::canCompileOpcodes):
2688         (JSC::DFG::canInlineOpcodes):
2689         * dfg/DFGCapabilities.h:
2690         (JSC::DFG::mightCompileEval):
2691         (JSC::DFG::mightCompileProgram):
2692         (JSC::DFG::mightCompileFunctionForCall):
2693         (JSC::DFG::mightCompileFunctionForConstruct):
2694         (JSC::DFG::mightInlineFunctionForCall):
2695         (JSC::DFG::mightInlineFunctionForConstruct):
2696         (JSC::DFG::canInlineOpcode):
2697         (JSC::DFG::canInlineOpcodes):
2698         (JSC::DFG::canInlineFunctionForCall):
2699         (JSC::DFG::canInlineFunctionForConstruct):
2700         * dfg/DFGGraph.cpp:
2701         (JSC::DFG::printWhiteSpace):
2702         (JSC::DFG::Graph::dumpCodeOrigin):
2703         (JSC::DFG::Graph::dump):
2704         * dfg/DFGGraph.h:
2705         (JSC::DFG::GetBytecodeBeginForBlock::operator()):
2706         (JSC::DFG::Graph::blockIndexForBytecodeOffset):
2707         * dfg/DFGJITCompiler.cpp:
2708         (JSC::DFG::JITCompiler::decodedCodeMapFor):
2709         (JSC::DFG::JITCompiler::linkOSRExits):
2710         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2711         * dfg/DFGJITCompiler.h:
2712         (JSC::DFG::JITCompiler::debugCall):
2713         (JSC::DFG::JITCompiler::baselineCodeBlockFor):
2714         * dfg/DFGJITCompiler32_64.cpp:
2715         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
2716         * dfg/DFGNode.h:
2717         (JSC::DFG::Node::hasVariableAccessData):
2718         (JSC::DFG::Node::shouldGenerate):
2719         * dfg/DFGOperands.h:
2720         (JSC::DFG::Operands::ensureLocals):
2721         (JSC::DFG::Operands::setLocal):
2722         (JSC::DFG::Operands::getLocal):
2723         * dfg/DFGPropagator.cpp:
2724         (JSC::DFG::Propagator::propagateNodePredictions):
2725         * dfg/DFGSpeculativeJIT.cpp:
2726         (JSC::DFG::OSRExit::OSRExit):
2727         (JSC::DFG::SpeculativeJIT::compile):
2728         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2729         * dfg/DFGSpeculativeJIT.h:
2730         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
2731         * dfg/DFGSpeculativeJIT32_64.cpp:
2732         (JSC::DFG::SpeculativeJIT::compile):
2733         * dfg/DFGSpeculativeJIT64.cpp:
2734         (JSC::DFG::SpeculativeJIT::compile):
2735         * interpreter/CallFrame.cpp:
2736         (JSC::CallFrame::trueCallerFrameSlow):
2737         * jit/JITCall.cpp:
2738         (JSC::JIT::compileOpCallSlowCase):
2739         * jit/JITStubs.cpp:
2740         (JSC::DEFINE_STUB_FUNCTION):
2741         * runtime/Executable.cpp:
2742         (JSC::FunctionExecutable::baselineCodeBlockFor):
2743         (JSC::FunctionExecutable::produceCodeBlockFor):
2744         (JSC::FunctionExecutable::compileForCallInternal):
2745         (JSC::FunctionExecutable::compileForConstructInternal):
2746         * runtime/Executable.h:
2747         (JSC::FunctionExecutable::profiledCodeBlockFor):
2748         (JSC::FunctionExecutable::parameterCount):
2749         * runtime/Heuristics.cpp:
2750         (JSC::Heuristics::initializeHeuristics):
2751         * runtime/Heuristics.h:
2752         * runtime/JSFunction.h:
2753
2754 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2755
2756         Add put to the MethodTable
2757         https://bugs.webkit.org/show_bug.cgi?id=70439
2758
2759         Reviewed by Oliver Hunt.
2760
2761         * JavaScriptCore.exp:
2762         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2763         * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
2764         * runtime/JSFunction.h: Changed access modifier for put to protected since some
2765         subclasses of JSFunction need to reference it in their MethodTables.
2766
2767 2011-10-21  Mark Hahnenberg  <mhahnenberg@apple.com>
2768
2769         Add finalizer to JSObject
2770         https://bugs.webkit.org/show_bug.cgi?id=70336
2771
2772         Reviewed by Darin Adler.
2773
2774         * heap/MarkedBlock.cpp:
2775         (JSC::MarkedBlock::callDestructor): Skip the call to the destructor 
2776         if we're a JSFinalObject, since the finalizer takes care of things.
2777         * runtime/JSCell.h:
2778         (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with 
2779         future changes and the fact that we no longer always call the destructor, making 
2780         the information provided less useful.
2781         * runtime/JSObject.cpp:
2782         (JSC::JSObject::finalize): Add finalizer for JSObject.
2783         (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
2784         property storage, we add a finalizer to ourself.
2785         * runtime/JSObject.h:
2786
2787 2011-10-21  Simon Hausmann  <simon.hausmann@nokia.com>
2788
2789         Remove QtScript source code from WebKit.
2790         https://bugs.webkit.org/show_bug.cgi?id=64088
2791
2792         Reviewed by Tor Arne Vestbø.
2793
2794         Removed dead code that isn't developed anymore.
2795
2796         * JavaScriptCore.gypi:
2797         * JavaScriptCore.pri:
2798         * qt/api/QtScript.pro: Removed.
2799         * qt/api/qscriptconverter_p.h: Removed.
2800         * qt/api/qscriptengine.cpp: Removed.
2801         * qt/api/qscriptengine.h: Removed.
2802         * qt/api/qscriptengine_p.cpp: Removed.
2803         * qt/api/qscriptengine_p.h: Removed.
2804         * qt/api/qscriptfunction.cpp: Removed.
2805         * qt/api/qscriptfunction_p.h: Removed.
2806         * qt/api/qscriptoriginalglobalobject_p.h: Removed.
2807         * qt/api/qscriptprogram.cpp: Removed.
2808         * qt/api/qscriptprogram.h: Removed.
2809         * qt/api/qscriptprogram_p.h: Removed.
2810         * qt/api/qscriptstring.cpp: Removed.
2811         * qt/api/qscriptstring.h: Removed.
2812         * qt/api/qscriptstring_p.h: Removed.
2813         * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
2814         * qt/api/qscriptsyntaxcheckresult.h: Removed.
2815         * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
2816         * qt/api/qscriptvalue.cpp: Removed.
2817         * qt/api/qscriptvalue.h: Removed.
2818         * qt/api/qscriptvalue_p.h: Removed.
2819         * qt/api/qscriptvalueiterator.cpp: Removed.
2820         * qt/api/qscriptvalueiterator.h: Removed.
2821         * qt/api/qscriptvalueiterator_p.h: Removed.
2822         * qt/api/qtscriptglobal.h: Removed.
2823         * qt/benchmarks/benchmarks.pri: Removed.
2824         * qt/benchmarks/benchmarks.pro: Removed.
2825         * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
2826         * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
2827         * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
2828         * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
2829         * qt/tests/qscriptengine/qscriptengine.pro: Removed.
2830         * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
2831         * qt/tests/qscriptstring/qscriptstring.pro: Removed.
2832         * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
2833         * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
2834         * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
2835         * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
2836         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
2837         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
2838         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
2839         * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
2840         * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
2841         * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
2842         * qt/tests/tests.pri: Removed.
2843         * qt/tests/tests.pro: Removed.
2844
2845 2011-10-21  Zheng Liu  <zheng.z.liu@intel.com>
2846
2847         bytecompiler sometimes generates incorrect bytecode for put_by_id
2848         https://bugs.webkit.org/show_bug.cgi?id=70403
2849
2850         Reviewed by Filip Pizlo.
2851
2852         * bytecompiler/NodesCodegen.cpp:
2853         (JSC::AssignDotNode::emitBytecode):
2854         (JSC::AssignBracketNode::emitBytecode):
2855
2856 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2857
2858         DFG should not try to predict argument types by looking at the values of
2859         argument registers at the time of compilation
2860         https://bugs.webkit.org/show_bug.cgi?id=70578
2861
2862         Reviewed by Oliver Hunt.
2863
2864         * bytecode/CodeBlock.cpp:
2865         * dfg/DFGDriver.cpp:
2866         (JSC::DFG::compile):
2867         (JSC::DFG::tryCompile):
2868         (JSC::DFG::tryCompileFunction):
2869         * dfg/DFGDriver.h:
2870         (JSC::DFG::tryCompileFunction):
2871         * dfg/DFGGraph.cpp:
2872         (JSC::DFG::Graph::predictArgumentTypes):
2873         * dfg/DFGGraph.h:
2874         * runtime/Executable.cpp:
2875         (JSC::FunctionExecutable::compileOptimizedForCall):
2876         (JSC::FunctionExecutable::compileOptimizedForConstruct):
2877         (JSC::FunctionExecutable::compileForCallInternal):
2878         (JSC::FunctionExecutable::compileForConstructInternal):
2879         * runtime/Executable.h:
2880         (JSC::FunctionExecutable::compileForCall):
2881         (JSC::FunctionExecutable::compileForConstruct):
2882         (JSC::FunctionExecutable::compileFor):
2883         (JSC::FunctionExecutable::compileOptimizedFor):
2884
2885 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2886
2887         DFG call optimization handling will fail if the call had been unlinked due
2888         to the callee being optimized
2889         https://bugs.webkit.org/show_bug.cgi?id=70468
2890
2891         Reviewed by Geoff Garen.
2892         
2893         If a call had ever been linked, we remember this fact as well as the function
2894         to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
2895         called.
2896
2897         * bytecode/CodeBlock.cpp:
2898         (JSC::CodeBlock::visitAggregate):
2899         * bytecode/CodeBlock.h:
2900         * dfg/DFGByteCodeParser.cpp:
2901         (JSC::DFG::ByteCodeParser::parseBlock):
2902         * dfg/DFGRepatch.cpp:
2903         (JSC::DFG::dfgLinkFor):
2904         * jit/JIT.cpp:
2905         (JSC::JIT::linkFor):
2906
2907 2011-10-20  Yuqiang Xian  <yuqiang.xian@intel.com>
2908
2909         DFG JIT 32_64 - Fix ByteArray speculation
2910         https://bugs.webkit.org/show_bug.cgi?id=70571
2911
2912         Reviewed by Filip Pizlo.
2913
2914         * dfg/DFGSpeculativeJIT.h:
2915         (JSC::DFG::ValueSource::forPrediction):
2916         * dfg/DFGSpeculativeJIT32_64.cpp:
2917         (JSC::DFG::SpeculativeJIT::compile):
2918
2919 2011-10-20  Vincent Scheib  <scheib@chromium.org>
2920
2921         MouseLock compile and run time flags.
2922         https://bugs.webkit.org/show_bug.cgi?id=70530
2923
2924         Reviewed by Darin Fisher.
2925
2926         * wtf/Platform.h:
2927
2928 2011-10-20  Mark Hahnenberg  <mhahnenberg@apple.com>
2929
2930         Rename static deleteProperty to deletePropertyByIndex
2931         https://bugs.webkit.org/show_bug.cgi?id=70257
2932
2933         Reviewed by Geoffrey Garen.
2934
2935         Renaming versions of deleteProperty that use an unsigned as the property
2936         name to "deletePropertyByIndex" in preparation for adding them to the 
2937         MethodTable, which requires unique names for each method.
2938
2939         * API/JSCallbackObject.h:
2940         * API/JSCallbackObjectFunctions.h:
2941         (JSC::::deletePropertyVirtual):
2942         (JSC::::deletePropertyByIndex):
2943         * runtime/Arguments.cpp:
2944         (JSC::Arguments::deletePropertyVirtual):
2945         (JSC::Arguments::deletePropertyByIndex):
2946         * runtime/Arguments.h:
2947         * runtime/JSArray.cpp:
2948         (JSC::JSArray::deletePropertyVirtual):
2949         (JSC::JSArray::deletePropertyByIndex):
2950         * runtime/JSArray.h:
2951         * runtime/JSCell.cpp:
2952         (JSC::JSCell::deletePropertyVirtual):
2953         (JSC::JSCell::deletePropertyByIndex):
2954         * runtime/JSCell.h:
2955         * runtime/JSNotAnObject.cpp:
2956         (JSC::JSNotAnObject::deletePropertyVirtual):
2957         (JSC::JSNotAnObject::deletePropertyByIndex):
2958         * runtime/JSNotAnObject.h:
2959         * runtime/JSObject.cpp:
2960         (JSC::JSObject::deletePropertyVirtual):
2961         (JSC::JSObject::deletePropertyByIndex):
2962         * runtime/JSObject.h:
2963         * runtime/RegExpMatchesArray.h:
2964         (JSC::RegExpMatchesArray::deletePropertyVirtual):
2965         (JSC::RegExpMatchesArray::deletePropertyByIndex):
2966
2967 2011-10-20  Filip Pizlo  <fpizlo@apple.com>
2968
2969         https://bugs.webkit.org/show_bug.cgi?id=70482
2970         DFG-related stubs in the old JIT should not be built if the DFG is disabled
2971
2972         Reviewed by Zoltan Herczeg.
2973         
2974         Aiming for a slight code size/build time reduction if the DFG is not in
2975         play. This should also make further DFG development slightly easier since
2976         the bodies of these JIT stubs can now safely refer to things that are only
2977         declared when the DFG is enabled.
2978
2979         * jit/JITStubs.cpp:
2980         * jit/JITStubs.h:
2981
2982 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
2983
2984         DFG ConvertThis emits slow code when the source node is known to be,
2985         but not predicted to be, a final object
2986         https://bugs.webkit.org/show_bug.cgi?id=70466
2987
2988         Reviewed by Oliver Hunt.
2989         
2990         Added a new case in ConvertThis compilation.
2991
2992         * dfg/DFGSpeculativeJIT32_64.cpp:
2993         (JSC::DFG::SpeculativeJIT::compile):
2994         * dfg/DFGSpeculativeJIT64.cpp:
2995         (JSC::DFG::SpeculativeJIT::compile):
2996
2997 2011-10-19  Filip Pizlo  <fpizlo@apple.com>
2998
2999         Optimization triggers in the old JIT may sometimes fire repeatedly even
3000         though there is no optimization to be done
3001         https://bugs.webkit.org/show_bug.cgi?id=70467
3002
3003         Reviewed by Oliver Hunt.
3004         
3005         If optimize_from_ret does nothing, it delays the next optimization trigger.
3006         This is performance-neutral.
3007
3008         * jit/JITStubs.cpp:
3009         (JSC::DEFINE_STUB_FUNCTION):
3010         * runtime/Heuristics.cpp:
3011         (JSC::Heuristics::initializeHeuristics):
3012
3013 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
3014
3015         DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
3016         https://bugs.webkit.org/show_bug.cgi?id=70460
3017
3018         Reviewed by Filip Pizlo.
3019
3020         As pointed out by Gavin in bug #70418, when a value is already in memory
3021         we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
3022         This gives 9% improvement on Kraken if without the change in bug #70418,
3023         and 1% if based on the code with bug #70418 change.
3024         Performance is neutral in V8 and SunSpider.
3025
3026         * dfg/DFGJITCodeGenerator32_64.cpp:
3027         (JSC::DFG::JITCodeGenerator::fillDouble):
3028         * dfg/DFGSpeculativeJIT32_64.cpp:
3029         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3030
3031 2011-10-19  Gavin Barraclough  <barraclough@apple.com>
3032
3033         Poisoning of strict caller,arguments inappropriately poisoning "in"
3034         https://bugs.webkit.org/show_bug.cgi?id=63398
3035
3036         Reviewed by Oliver Hunt.
3037
3038         This fixes the problem by correctly implementing the spec -
3039         the error should actually be being thrown from a standard JS getter/setter.
3040         This implements spec correct behaviour for strict mode JS functions & bound
3041         functions, I'll follow up with a patch to do the same for arguments.
3042
3043         * runtime/JSBoundFunction.cpp:
3044         (JSC::JSBoundFunction::finishCreation):
3045             - Add the poisoned caller/arguments properties.
3046         * runtime/JSBoundFunction.h:
3047         * runtime/JSFunction.cpp:
3048         (JSC::JSFunction::finishCreation):
3049         (JSC::JSFunction::getOwnPropertySlot):
3050         (JSC::JSFunction::getOwnPropertyDescriptor):
3051         (JSC::JSFunction::put):
3052             - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
3053         * runtime/JSFunction.h:
3054         * runtime/JSGlobalObject.cpp:
3055         (JSC::JSGlobalObject::createThrowTypeError):
3056         (JSC::JSGlobalObject::visitChildren):
3057         * runtime/JSGlobalObject.h:
3058         (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
3059             - Add a ThrowTypeError type, per ES5 13.2.3.
3060         * runtime/JSGlobalObjectFunctions.cpp:
3061         (JSC::globalFuncThrowTypeError):
3062         * runtime/JSGlobalObjectFunctions.h:
3063             - Implementation of ThrowTypeError.
3064         * runtime/JSObject.cpp:
3065         (JSC::JSObject::initializeGetterSetterProperty):
3066         * runtime/JSObject.h:
3067             - This function adds a new property (must not exist already) that is an initialized getter/setter.
3068
3069 2011-10-19  Yuqiang Xian  <yuqiang.xian@intel.com>
3070
3071         DFG JIT 32_64 - improve double boxing/unboxing
3072         https://bugs.webkit.org/show_bug.cgi?id=70418
3073
3074         Reviewed by Gavin Barraclough.
3075
3076         Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
3077         which tries to exchange data through memory.
3078         On X86 some SSE instructions can help us on such operations with better performance.
3079         This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
3080         and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
3081
3082         * assembler/MacroAssemblerX86Common.h:
3083         (JSC::MacroAssemblerX86Common::lshiftPacked):
3084         (JSC::MacroAssemblerX86Common::rshiftPacked):
3085         (JSC::MacroAssemblerX86Common::orPacked):
3086         (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
3087         (JSC::MacroAssemblerX86Common::movePackedToInt32):
3088         * assembler/X86Assembler.h:
3089         (JSC::X86Assembler::movd_rr):
3090         (JSC::X86Assembler::psllq_i8r):
3091         (JSC::X86Assembler::psrlq_i8r):
3092         (JSC::X86Assembler::por_rr):
3093         * dfg/DFGJITCodeGenerator.h:
3094         (JSC::DFG::JITCodeGenerator::boxDouble):
3095         (JSC::DFG::JITCodeGenerator::unboxDouble):
3096         * dfg/DFGJITCodeGenerator32_64.cpp:
3097         (JSC::DFG::JITCodeGenerator::fillDouble):
3098         (JSC::DFG::JITCodeGenerator::fillJSValue):
3099         (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
3100         (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
3101         (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
3102         (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
3103         * dfg/DFGJITCompiler.h:
3104         (JSC::DFG::JITCompiler::boxDouble):
3105         (JSC::DFG::JITCompiler::unboxDouble):
3106         * dfg/DFGSpeculativeJIT32_64.cpp:
3107         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3108         (JSC::DFG::SpeculativeJIT::convertToDouble):
3109         (JSC::DFG::SpeculativeJIT::compile):
3110
3111 2011-10-19  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3112
3113         [EFL] Fix DSO linkage of wtf_efl.
3114
3115         Unreviewed build fix.
3116
3117         Need to add -ldl to jsc_efl (requested by dladdr).
3118
3119         * wtf/CMakeListsEfl.txt:
3120
3121 2011-10-19  Geoffrey Garen  <ggaren@apple.com>
3122
3123         Removed StringImplBase, fusing it into StringImpl
3124         https://bugs.webkit.org/show_bug.cgi?id=70443
3125
3126         Reviewed by Gavin Barraclough.
3127
3128         * GNUmakefile.list.am:
3129         * JavaScriptCore.gypi:
3130         * JavaScriptCore.order:
3131         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3132         * JavaScriptCore.xcodeproj/project.pbxproj:
3133         * wtf/CMakeLists.txt:
3134         * wtf/text/StringImpl.h:
3135         (WTF::StringImpl::StringImpl):
3136         (WTF::StringImpl::ref):
3137         (WTF::StringImpl::length):
3138         * wtf/text/StringImplBase.h: Removed.
3139         * wtf/wtf.pri: Removed!
3140
3141 2011-10-19  Mark Hahnenberg  <mhahnenberg@apple.com>
3142
3143         Add getConstructData to the MethodTable
3144         https://bugs.webkit.org/show_bug.cgi?id=70163
3145
3146         Reviewed by Geoffrey Garen.
3147
3148         Adding getConstructData to the MethodTable in order to be able to 
3149         remove all calls to getConstructDataVirtual soon.  Part of the process 
3150         of de-virtualizing JSCell.
3151
3152         * JavaScriptCore.exp:
3153         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3154         * runtime/ClassInfo.h:
3155
3156 2011-10-18  Oliver Hunt  <oliver@apple.com>
3157
3158         Support CanvasPixelArray in the DFG
3159         https://bugs.webkit.org/show_bug.cgi?id=70384
3160
3161         Reviewed by Filip Pizlo.
3162
3163         Add support for the old CanvasPixelArray optimisations to the
3164         DFG.  This removes the regression seen in the DFG when using
3165         a CPA.
3166
3167         * assembler/MacroAssemblerX86Common.h:
3168         (JSC::MacroAssemblerX86Common::store8):
3169         (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
3170         * assembler/X86Assembler.h:
3171         (JSC::X86Assembler::movb_rm):
3172         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
3173         * bytecode/PredictedType.cpp:
3174         (JSC::predictionToString):
3175         (JSC::predictionFromClassInfo):
3176         * bytecode/PredictedType.h:
3177         (JSC::isByteArrayPrediction):
3178         * dfg/DFGAbstractState.cpp:
3179         (JSC::DFG::AbstractState::initialize):
3180         (JSC::DFG::AbstractState::execute):
3181         * dfg/DFGNode.h:
3182         (JSC::DFG::Node::shouldSpeculateByteArray):
3183         * dfg/DFGPropagator.cpp:
3184         (JSC::DFG::Propagator::propagateNodePredictions):
3185         (JSC::DFG::Propagator::fixupNode):
3186         (JSC::DFG::Propagator::performNodeCSE):
3187         * dfg/DFGSpeculativeJIT.cpp:
3188         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3189         (JSC::DFG::compileClampDoubleToByte):
3190         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
3191         (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
3192         * dfg/DFGSpeculativeJIT.h:
3193         * dfg/DFGSpeculativeJIT32_64.cpp:
3194         (JSC::DFG::SpeculativeJIT::compile):
3195         * dfg/DFGSpeculativeJIT64.cpp:
3196         (JSC::DFG::SpeculativeJIT::compile):
3197         * runtime/JSByteArray.h:
3198         (JSC::JSByteArray::offsetOfStorage):
3199         * wtf/ByteArray.cpp:
3200         * wtf/ByteArray.h:
3201         (WTF::ByteArray::offsetOfSize):
3202         (WTF::ByteArray::offsetOfData):
3203
3204 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3205
3206         Some rope cleanup following r97827
3207         https://bugs.webkit.org/show_bug.cgi?id=70398
3208
3209         Reviewed by Oliver Hunt.
3210
3211         9% speedup on date-format-xparb, neutral overall.
3212         
3213         - Removed RopeImpl*.
3214         - Removed JSString::m_fiberCount, since this can be deduced from other data.
3215         - Renamed a jsString() variant to jsStringFromArguments for clarity.
3216
3217         * CMakeLists.txt:
3218         * GNUmakefile.list.am:
3219         * JavaScriptCore.order:
3220         * JavaScriptCore.pro:
3221         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3222         * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
3223
3224         * dfg/DFGSpeculativeJIT.cpp:
3225         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
3226         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
3227         * jit/JITInlineMethods.h:
3228         (JSC::JIT::emitLoadCharacterString):
3229         * jit/JITPropertyAccess.cpp:
3230         (JSC::JIT::stringGetByValStubGenerator):
3231         * jit/JITPropertyAccess32_64.cpp:
3232         (JSC::JIT::stringGetByValStubGenerator):
3233         * jit/SpecializedThunkJIT.h:
3234         (JSC::SpecializedThunkJIT::loadJSStringArgument):
3235         * jit/ThunkGenerators.cpp:
3236         (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
3237         of testing m_fiberCount, since m_fiberCount is gone now.
3238
3239         * runtime/JSString.cpp:
3240         (JSC::JSString::RopeBuilder::expand):
3241         (JSC::JSString::visitChildren):
3242         (JSC::JSString::resolveRope):
3243         (JSC::JSString::resolveRopeSlowCase):
3244         (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
3245         in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
3246
3247         * runtime/JSString.h:
3248         (JSC::RopeBuilder::JSString):
3249         (JSC::RopeBuilder::finishCreation):
3250         (JSC::RopeBuilder::offsetOfLength):
3251         (JSC::RopeBuilder::isRope):
3252         (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
3253         jsString => jsStringFromArguments for clarity.
3254
3255         * runtime/Operations.h:
3256         (JSC::jsStringFromArguments): Renamed.
3257
3258         * runtime/RopeImpl.cpp: Removed.
3259         * runtime/RopeImpl.h: Removed.
3260
3261         * runtime/SmallStrings.cpp:
3262         (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
3263         which is slightly faster.
3264
3265         * runtime/StringPrototype.cpp:
3266         (JSC::stringProtoFuncConcat): Updated for rename.
3267
3268         * wtf/text/StringImplBase.h:
3269         (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
3270         StringImpl, since this was only used by RopeImpl, which is now gone.
3271
3272 2011-10-19  Rafael Antognolli  <antognolli@profusion.mobi>
3273
3274         [EFL] Fix DSO linkage of jsc_efl.
3275         https://bugs.webkit.org/show_bug.cgi?id=70412
3276
3277         Unreviewed build fix.
3278
3279         Need to add -ldl to jsc_efl (requested by dladdr).
3280
3281         * shell/CMakeListsEfl.txt:
3282
3283 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3284
3285         Rolled out last Windows build fix because it was wrong.
3286
3287 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3288
3289         Rolled out last Windows build fix because it was wrong.
3290
3291 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3292
3293         Try to fix part of the Windows build.
3294         
3295         Export!
3296
3297 2011-10-18  Geoffrey Garen  <ggaren@apple.com>
3298
3299         Switched ropes from malloc memory to GC memory
3300         https://bugs.webkit.org/show_bug.cgi?id=70364
3301
3302         Reviewed by Gavin Barraclough.
3303
3304         ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
3305         having C++ destructors.
3306
3307         * heap/MarkStack.cpp:
3308         (JSC::visitChildren): Call the JSString visitChildren function now,
3309         since it's no longer a no-op.
3310
3311         * runtime/JSString.cpp:
3312         (JSC::JSString::~JSString): Moved this destructor out of line because
3313         it's called virtually, so there's no value to inlining.
3314
3315         (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
3316         initializing wrapper around JSString. JSString now represents ropes
3317         directly, rather than relying on an underlying malloc object.
3318
3319         (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
3320         objects now.
3321
3322         (JSC::JSString::resolveRope):
3323         (JSC::JSString::resolveRopeSlowCase):
3324         (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
3325         of malloc objects.
3326
3327         (JSC::JSString::replaceCharacter): Removed optimizations for substringing
3328         ropes and replacing subsections of ropes. We want to reimplement versions
3329         of these optimizations in the future, but this patch already has good
3330         performance without them.
3331
3332         * runtime/JSString.h:
3333         (JSC::RopeBuilder::JSString):
3334         (JSC::RopeBuilder::finishCreation):
3335         (JSC::RopeBuilder::createNull):
3336         (JSC::RopeBuilder::create):
3337         (JSC::RopeBuilder::createHasOtherOwner):
3338         (JSC::jsSingleCharacterString):
3339         (JSC::jsSingleCharacterSubstring):
3340         (JSC::jsNontrivialString):
3341         (JSC::jsString):
3342         (JSC::jsSubstring):
3343         (JSC::jsOwnedString): Lots of mechanical changes here. The two important
3344         things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
3345         malloc objects; (2) I simplified the JSString constructor interface to
3346         only accept PassRefPtr<StringImpl>, instead of variations on that like
3347         UString, reducing refcount churn.
3348
3349         * runtime/JSValue.h:
3350         * runtime/JSValue.cpp:
3351         (JSC::JSValue::toPrimitiveString): Updated this function to return a
3352         JSString instead of a UString, since that's what clients want now.
3353
3354         * runtime/Operations.cpp:
3355         (JSC::jsAddSlowCase):
3356         * runtime/Operations.h:
3357         (JSC::jsString):
3358         * runtime/SmallStrings.cpp:
3359         (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
3360
3361         * runtime/StringConstructor.cpp:
3362         (JSC::constructWithStringConstructor):
3363         * runtime/StringObject.h:
3364         (JSC::StringObject::create): Don't create a new JSString if we already
3365         have a JSString.
3366
3367         * runtime/StringPrototype.cpp:
3368         (JSC::stringProtoFuncConcat): Updated for interface changes above.
3369
3370 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3371
3372         Errrk, fix partial commit of r97825!
3373
3374         * runtime/DatePrototype.cpp:
3375         (JSC::dateProtoFuncToISOString):
3376
3377 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3378
3379         Date.prototype.toISOString fails to throw exception
3380         https://bugs.webkit.org/show_bug.cgi?id=70394
3381
3382         Reviewed by Sam Weinig.
3383
3384         * runtime/DatePrototype.cpp:
3385         (JSC::dateProtoFuncToISOString):
3386             - Should throw a range error if the internal value is not finite.
3387
3388 2011-10-18  Mark Hahnenberg  <mhahnenberg@apple.com>
3389
3390         Rename static put to putByIndex
3391         https://bugs.webkit.org/show_bug.cgi?id=70281
3392
3393         Reviewed by Geoffrey Garen.
3394
3395         Renaming versions of deleteProperty that use an unsigned as the property
3396         name to "deletePropertyByIndex" in preparation for adding them to the 
3397         MethodTable, which requires unique names for each method.
3398
3399         * dfg/DFGOperations.cpp:
3400         (JSC::DFG::putByVal):
3401         * jit/JITStubs.cpp:
3402         (JSC::DEFINE_STUB_FUNCTION):
3403         * runtime/Arguments.cpp:
3404         (JSC::Arguments::putVirtual):
3405         (JSC::Arguments::putByIndex):
3406         * runtime/Arguments.h:
3407         * runtime/ArrayPrototype.cpp:
3408         (JSC::arrayProtoFuncMap):
3409         * runtime/JSArray.cpp:
3410         (JSC::JSArray::put):
3411         (JSC::JSArray::putVirtual):
3412         (JSC::JSArray::putByIndex):
3413         * runtime/JSArray.h:
3414         * runtime/JSByteArray.cpp:
3415         (JSC::JSByteArray::putVirtual):
3416         (JSC::JSByteArray::putByIndex):
3417         * runtime/JSByteArray.h:
3418         * runtime/JSCell.cpp:
3419         (JSC::JSCell::putVirtual):
3420         (JSC::JSCell::putByIndex):
3421         * runtime/JSCell.h:
3422         * runtime/JSNotAnObject.cpp:
3423         (JSC::JSNotAnObject::putVirtual):
3424         (JSC::JSNotAnObject::putByIndex):
3425         * runtime/JSNotAnObject.h:
3426         * runtime/JSObject.cpp:
3427         (JSC::JSObject::putVirtual):
3428         (JSC::JSObject::putByIndex):
3429         * runtime/JSObject.h:
3430         * runtime/RegExpConstructor.cpp:
3431         (JSC::RegExpMatchesArray::fillArrayInstance):
3432         * runtime/RegExpMatchesArray.h:
3433         (JSC::RegExpMatchesArray::putVirtual):
3434         (JSC::RegExpMatchesArray::putByIndex):
3435
3436 2011-10-18  Gavin Barraclough  <barraclough@apple.com>
3437
3438         Array.prototype methods missing exception checks
3439         https://bugs.webkit.org/show_bug.cgi?id=70360
3440
3441         Reviewed by Geoff Garen.
3442<