Unreviewed, rolling out r91082, r91087, and r91089.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-15  Sheriff Bot  <webkit.review.bot@gmail.com>
2
3         Unreviewed, rolling out r91082, r91087, and r91089.
4         http://trac.webkit.org/changeset/91082
5         http://trac.webkit.org/changeset/91087
6         http://trac.webkit.org/changeset/91089
7         https://bugs.webkit.org/show_bug.cgi?id=64616
8
9         gtk tests are failing a lot after this change. (Requested by
10         dave_levin on #webkit).
11
12         * wtf/ThreadIdentifierDataPthreads.cpp:
13         (WTF::ThreadIdentifierData::identifier):
14         (WTF::ThreadIdentifierData::initialize):
15         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
16         (WTF::ThreadIdentifierData::initializeKeyOnce):
17         * wtf/ThreadIdentifierDataPthreads.h:
18         * wtf/ThreadingPthreads.cpp:
19         (WTF::initializeThreading):
20
21 2011-07-15  David Levin  <levin@chromium.org>
22
23         Another attempted build fix.
24
25         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
26         up the definition of PTHREAD_KEYS_MAX.
27
28 2011-07-15  David Levin  <levin@chromium.org>
29
30         Chromium build fix.
31
32         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
33         up the definition of PTHREAD_KEYS_MAX.
34
35 2011-07-14  David Levin  <levin@chromium.org>
36
37         currentThread is too slow!
38         https://bugs.webkit.org/show_bug.cgi?id=64577
39
40         Reviewed by Darin Adler and Dmitry Titov.
41
42         The problem is that currentThread results in a pthread_once call which always takes a lock.
43         With this change, currentThread is 10% faster than isMainThread in release mode and only
44         5% slower than isMainThread in debug.
45
46         * wtf/ThreadIdentifierDataPthreads.cpp:
47         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
48         which is no longer needed because this is called from initializeThreading().
49         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
50         intialization of the pthread key should already be done.
51         (WTF::ThreadIdentifierData::initialize): Ditto.
52         * wtf/ThreadIdentifierDataPthreads.h:
53         * wtf/ThreadingPthreads.cpp:
54         (WTF::initializeThreading): Acquire the pthread key here.
55
56 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
57
58         DFG JIT does not optimize Branch as well as it could.
59         https://bugs.webkit.org/show_bug.cgi?id=64574
60
61         Reviewed by Gavin Barraclough.
62         
63         This creates a common code path for emitting unfused branches, which does
64         no speculation, and only performs a slow call if absolutely necessary.
65
66         * dfg/DFGJITCodeGenerator.cpp:
67         (JSC::DFG::JITCodeGenerator::emitBranch):
68         * dfg/DFGJITCodeGenerator.h:
69         * dfg/DFGNonSpeculativeJIT.cpp:
70         (JSC::DFG::NonSpeculativeJIT::compile):
71         * dfg/DFGSpeculativeJIT.cpp:
72         (JSC::DFG::SpeculativeJIT::compile):
73
74 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
75
76         GC allocation fast path has too many operations.
77         https://bugs.webkit.org/show_bug.cgi?id=64493
78
79         Reviewed by Darin Adler.
80         
81         Changed the timing of the lazy sweep so that it occurs when we land on
82         a previously-unsweeped block, rather than whenever we land on an unsweeped
83         cell.  After the per-block lazy sweep occurs, the block is turned into a
84         singly linked list of free cells.  The allocation fast path is now just a
85         load-branch-store to remove a cell from the head of the list.
86         
87         Additionally, this changes the way new blocks are allocated.  Previously,
88         they would be populated with dummy cells.  With this patch, they are
89         turned into a free list, which means that there will never be destructor
90         calls for allocations in fresh blocks.
91         
92         These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
93         SunSpider.  There are no observed statistically significant slow-downs
94         on any individual benchmark.
95
96         * JavaScriptCore.exp:
97         * heap/Heap.cpp:
98         (JSC::Heap::allocateSlowCase):
99         (JSC::Heap::collect):
100         (JSC::Heap::canonicalizeBlocks):
101         (JSC::Heap::resetAllocator):
102         * heap/Heap.h:
103         (JSC::Heap::forEachProtectedCell):
104         (JSC::Heap::forEachCell):
105         (JSC::Heap::forEachBlock):
106         (JSC::Heap::allocate):
107         * heap/MarkedBlock.cpp:
108         (JSC::MarkedBlock::MarkedBlock):
109         (JSC::MarkedBlock::lazySweep):
110         (JSC::MarkedBlock::blessNewBlockForFastPath):
111         (JSC::MarkedBlock::blessNewBlockForSlowPath):
112         (JSC::MarkedBlock::canonicalizeBlock):
113         * heap/MarkedBlock.h:
114         * heap/NewSpace.cpp:
115         (JSC::NewSpace::addBlock):
116         (JSC::NewSpace::canonicalizeBlocks):
117         * heap/NewSpace.h:
118         (JSC::NewSpace::allocate):
119         (JSC::NewSpace::SizeClass::SizeClass):
120         (JSC::NewSpace::SizeClass::canonicalizeBlock):
121         * heap/OldSpace.cpp:
122         (JSC::OldSpace::addBlock):
123
124 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
125
126         DFG JIT crashes on host constructor calls in debug mode.
127         https://bugs.webkit.org/show_bug.cgi?id=64562
128         
129         Reviewed by Gavin Barraclough.
130         
131         Fixed the relevant ASSERT.
132
133         * dfg/DFGOperations.cpp:
134
135 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
136
137         DFG speculative JIT contains a FIXME for rewinding speculative code generation that
138         has already been fixed.
139         https://bugs.webkit.org/show_bug.cgi?id=64022
140
141         Reviewed by Gavin Barraclough.
142
143         * dfg/DFGSpeculativeJIT.h:
144         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
145
146 2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
147
148         [EFL] Add OwnPtr specialization for Ecore_Pipe.
149         https://bugs.webkit.org/show_bug.cgi?id=64515
150
151         Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
152
153         Reviewed by Xan Lopez.
154
155         * wtf/OwnPtrCommon.h:
156         * wtf/efl/OwnPtrEfl.cpp:
157         (WTF::deleteOwnedPtr):
158
159 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
160
161         DFG JIT unnecessarily boxes and unboxes values during silent spilling.
162         https://bugs.webkit.org/show_bug.cgi?id=64068
163
164         Reviewed by Gavin Barraclough.
165         
166         Silent spilling and filling of registers is done during slow-path C
167         function calls.  The silent spill/fill logic does not affect register
168         allocation on paths that don't involve the C function call.
169         
170         This changes the silent spilling code to spill in unboxed form.  The
171         silent fill will refill in whatever form the register was spilled in.
172         For example, the silent spill code may choose not to spill the register
173         because it was already spilled previously, which would imply that it
174         was spilled in boxed form.  The filling code detects this and either
175         unboxes, or not, depending on what is appropriate.
176         
177         This change also results in a simplification of the silent spill/fill
178         API: silent spilling no longer needs to know about the set of registers
179         that cannot be trampled, since it never does boxing and hence does not
180         need a temporary register.
181
182         * dfg/DFGJITCodeGenerator.cpp:
183         (JSC::DFG::JITCodeGenerator::cachedGetById):
184         (JSC::DFG::JITCodeGenerator::cachedPutById):
185         * dfg/DFGJITCodeGenerator.h:
186         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
187         (JSC::DFG::JITCodeGenerator::silentSpillFPR):
188         (JSC::DFG::JITCodeGenerator::silentFillFPR):
189         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
190         * dfg/DFGNonSpeculativeJIT.cpp:
191         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
192         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
193         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
194         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
195         (JSC::DFG::NonSpeculativeJIT::compare):
196         (JSC::DFG::NonSpeculativeJIT::compile):
197         * dfg/DFGSpeculativeJIT.cpp:
198         (JSC::DFG::SpeculativeJIT::compile):
199
200 2011-07-13  Michael Saboff  <msaboff@apple.com>
201
202         https://bugs.webkit.org/show_bug.cgi?id=64202
203         Enh: Improve handling of RegExp in the form of /.*blah.*/
204
205         Reviewed by Gavin Barraclough.
206
207         Added code to both the Yarr interpreter and JIT to handle
208         these expressions a little differently.  First off, the terms
209         in between the leading and trailing .*'s cannot capture and
210         also this enhancement is limited to single alternative expressions.
211         If an expression is of the right form with the aforementioned
212         restrictions, we process the inner terms and then look for the
213         beginning of the string and end of the string.  There is handling 
214         for multiline expressions to allow the beginning and end to be 
215         right after and right before newlines.
216
217         This enhancement speeds up expressions of this type 12x on
218         a MacBookPro.
219
220         Cleaned up 'case' statement indentation.
221
222         A new set of tests was added as LayoutTests/fast/regex/dotstar.html
223
224         * yarr/YarrInterpreter.cpp:
225         (JSC::Yarr::Interpreter::InputStream::end):
226         (JSC::Yarr::Interpreter::matchDotStarEnclosure):
227         (JSC::Yarr::Interpreter::matchDisjunction):
228         (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
229         (JSC::Yarr::ByteCompiler::emitDisjunction):
230         * yarr/YarrInterpreter.h:
231         (JSC::Yarr::ByteTerm::DotStarEnclosure):
232         * yarr/YarrJIT.cpp:
233         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
234         (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
235         (JSC::Yarr::YarrGenerator::generateTerm):
236         (JSC::Yarr::YarrGenerator::backtrackTerm):
237         * yarr/YarrPattern.cpp:
238         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
239         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
240         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
241         (JSC::Yarr::YarrPattern::compile):
242         * yarr/YarrPattern.h:
243         (JSC::Yarr::PatternTerm::PatternTerm):
244
245 2011-07-13  Xan Lopez  <xlopez@igalia.com>
246
247         [GTK] Fix distcheck
248
249         Reviewed by Martin Robinson.
250
251         * GNUmakefile.list.am: add missing files.
252
253 2011-07-13  Filip Pizlo  <fpizlo@apple.com>
254
255         DFG JIT does not implement prototype chain or list caching for get_by_id.
256         https://bugs.webkit.org/show_bug.cgi?id=64147
257
258         Reviewed by Gavin Barraclough.
259         
260         This implements unified support for prototype caching, prototype chain
261         caching, and polymorphic (i.e. list) prototype and prototype chain
262         caching.  This is done by creating common code for emitting prototype
263         or chain access stubs, and having it factored out into
264         generateProtoChainAccessStub().  This function is called by
265         tryCacheGetByID once the latter determines that some form of prototype
266         access caching is necessary (i.e. the slot being accessed is not on the
267         base value but on some other object).
268         
269         Direct prototype list, and prototype chain list, caching is implemented by
270         linking the slow path to operationGetByIdProtoBuildList(), which uses the
271         same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
272         
273         This change required ensuring that the value in the scratchGPR field in
274         StructureStubInfo is preserved even after the stub info is in the
275         chain, or proto_list, states.  Hence scratchGPR was moved out of the union
276         and into the top-level of StructureStubInfo.
277         
278         * bytecode/StructureStubInfo.h:
279         * dfg/DFGJITCompiler.cpp:
280         (JSC::DFG::JITCompiler::compileFunction):
281         * dfg/DFGOperations.cpp:
282         * dfg/DFGOperations.h:
283         * dfg/DFGRepatch.cpp:
284         (JSC::DFG::emitRestoreScratch):
285         (JSC::DFG::linkRestoreScratch):
286         (JSC::DFG::generateProtoChainAccessStub):
287         (JSC::DFG::tryCacheGetByID):
288         (JSC::DFG::tryBuildGetByIDProtoList):
289         (JSC::DFG::dfgBuildGetByIDProtoList):
290         (JSC::DFG::tryCachePutByID):
291         * dfg/DFGRepatch.h:
292
293 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
294
295         Standardize WinCairo conditionalized code under PLATFORM macro.
296         https://bugs.webkit.org/show_bug.cgi?id=64377
297
298         Reviewed by Maciej Stachowiak.
299
300         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
301
302 2011-07-13  David Levin  <levin@chromium.org>
303
304         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
305         https://bugs.webkit.org/show_bug.cgi?id=64465
306
307         Reviewed by Dmitry Titov.
308
309         There isn't a good way to test this as it is very highly unlikely to occur.
310
311         * wtf/ThreadIdentifierDataPthreads.cpp:
312         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
313         isn't thread-safe, change the initialization to be global.
314
315 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
316
317         https://bugs.webkit.org/show_bug.cgi?id=64424
318         Our direct eval behaviour deviates slightly from the spec.
319
320         Reviewed by Oliver Hunt.
321
322         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
323         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
324         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
325         may be introduced into the caller's environment.
326
327         ES5 direct calls are any call where the callee function is provided by a reference, a base
328         of that Reference is an EnvironmentRecord (this corresponds to all productions
329         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
330         of the reference is "eval". This means any expression of the form "eval(...)", and that
331         calls the standard built in eval method from on the Global Object, is considered to be
332         direct.
333
334         In JavaScriptCore we are currently overly restrictive. We also check that the
335         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
336         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
337         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
338         not emanate from the spec, and is incorrect.
339
340         * interpreter/Interpreter.cpp:
341         (JSC::Interpreter::privateExecute):
342             - Fixed direct eval check in op_call_eval.
343         * jit/JITStubs.cpp:
344         (JSC::DEFINE_STUB_FUNCTION):
345             - Fixed direct eval check in op_call_eval.
346         * runtime/Executable.h:
347         (JSC::isHostFunction):
348             - Added check for host function with specific NativeFunction.
349
350 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
351
352         Reviewed by Andreas Kling.
353
354         Broken build on QNX
355         https://bugs.webkit.org/show_bug.cgi?id=63717
356
357         QNX doesn't support pthread's SA_RESTART (required by
358         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
359         few minor compilation errors here and there.
360
361         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
362         tested by him on QNX v6.5 (x86)
363
364         * wtf/DateMath.cpp: fix usage of abs/labs
365         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
366         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
367
368 2011-07-12  Anders Carlsson  <andersca@apple.com>
369
370         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
371         https://bugs.webkit.org/show_bug.cgi?id=64429
372
373         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
374
375         * wtf/NullPtr.h:
376
377 2011-07-13  MORITA Hajime  <morrita@google.com>
378
379         Refactoring: Ignored ExceptionCode value should be less annoying.
380         https://bugs.webkit.org/show_bug.cgi?id=63688
381
382         Added ASSERT_AT macro.
383
384         Reviewed by Darin Adler.
385
386         * wtf/Assertions.h:
387
388 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
389
390         DFG JIT does not implement op_construct.
391         https://bugs.webkit.org/show_bug.cgi?id=64066
392
393         Reviewed by Gavin Barraclough.
394         
395         This is a fixed implementation of op_construct.  Constructor calls are implemented
396         by reusing almost all of the code for Call, with care taken to make sure that
397         where the are differences (like selecting different code blocks), those differences
398         are respected.  The two fixes over the last patch are: (1) make sure the
399         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
400         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
401         (either CodeForCall or CodeForConstruct) when invoking the compiler.
402
403         * dfg/DFGAliasTracker.h:
404         (JSC::DFG::AliasTracker::recordConstruct):
405         * dfg/DFGByteCodeParser.cpp:
406         (JSC::DFG::ByteCodeParser::addCall):
407         (JSC::DFG::ByteCodeParser::parseBlock):
408         * dfg/DFGJITCodeGenerator.cpp:
409         (JSC::DFG::JITCodeGenerator::emitCall):
410         * dfg/DFGNode.h:
411         * dfg/DFGNonSpeculativeJIT.cpp:
412         (JSC::DFG::NonSpeculativeJIT::compile):
413         * dfg/DFGOperations.cpp:
414         * dfg/DFGOperations.h:
415         * dfg/DFGRepatch.cpp:
416         (JSC::DFG::dfgLinkFor):
417         * dfg/DFGRepatch.h:
418         * dfg/DFGSpeculativeJIT.cpp:
419         (JSC::DFG::SpeculativeJIT::compile):
420         * runtime/CodeBlock.cpp:
421         (JSC::CodeBlock::unlinkCalls):
422
423 2011-07-12  Oliver Hunt  <oliver@apple.com>
424
425         Overzealous type validation in method_check
426         https://bugs.webkit.org/show_bug.cgi?id=64415
427
428         Reviewed by Gavin Barraclough.
429
430         method_check is essentially just a value look up
431         optimisation, but it internally stores the value
432         as a JSFunction, even though it never relies on
433         this fact.  Under GC validation however we end up
434         trying to enforce that assumption.  The fix is
435         simply to store the value as a correct supertype.
436
437         * bytecode/CodeBlock.h:
438         * dfg/DFGRepatch.cpp:
439         (JSC::DFG::dfgRepatchGetMethodFast):
440         (JSC::DFG::tryCacheGetMethod):
441         * jit/JIT.h:
442         * jit/JITPropertyAccess.cpp:
443         (JSC::JIT::patchMethodCallProto):
444         * jit/JITStubs.cpp:
445         (JSC::DEFINE_STUB_FUNCTION):
446
447 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
448
449         COLLECT_ON_EVERY_ALLOCATION no longer works.
450         https://bugs.webkit.org/show_bug.cgi?id=64388
451
452         Reviewed by Oliver Hunt.
453         
454         Added a flag to Heap that determines if it's safe to collect (which for now means that
455         JSGlobalObject has actually been initialized, but it should work for other things, too).
456         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
457         GCing it just grows the heap, if necessary.
458         
459         Then changed Heap::allocate() to not recurse ad infinitum when
460         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
461         resilient against bugs; this change allowed me to put in handy assertions, such as that
462         an allocation must succeed after either a collection or after a new block was added.
463
464         * heap/Heap.cpp:
465         (JSC::Heap::Heap):
466         (JSC::Heap::tryAllocate):
467         (JSC::Heap::allocate):
468         (JSC::Heap::collectAllGarbage):
469         (JSC::Heap::collect):
470         * heap/Heap.h:
471         (JSC::Heap::notifyIsSafeToCollect):
472         * runtime/JSGlobalData.cpp:
473         (JSC::JSGlobalData::JSGlobalData):
474
475 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
476
477         DFG JIT put_by_id transition caching does not inform the GC about the structure and
478         prototype chain that it is referencing.
479         https://bugs.webkit.org/show_bug.cgi?id=64387
480
481         Reviewed by Gavin Barraclough.
482         
483         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
484
485         * dfg/DFGRepatch.cpp:
486         (JSC::DFG::tryCachePutByID):
487
488 2011-07-12  Adam Roben  <aroben@apple.com>
489
490         Ensure no intermediate WTF::Strings are created when concatenating with string literals
491
492         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
493         operator+ is suboptimal
494
495         Reviewed by Darin Adler.
496
497         * wtf/text/StringConcatenate.h:
498         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
499         many WTF::Strings get copied while evaluating an operator+ expression.
500
501         * wtf/text/StringOperators.h:
502         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
503         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
504         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
505         multiple calls to operator+. Added some more overloads for that take a left-hand side of
506         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
507         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
508         literals don't first have to be converted to a WTF::String in operator+ expressions.
509
510 2011-07-12  Adam Roben  <aroben@apple.com>
511
512         Unreviewed, rolling out r90811.
513         http://trac.webkit.org/changeset/90811
514         https://bugs.webkit.org/show_bug.cgi?id=61025
515
516         Several svg tests failing assertions beneath
517         SVGSMILElement::findInstanceTime
518
519         * wtf/StdLibExtras.h:
520         (WTF::binarySearch):
521
522 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
523
524         Reviewed by Nikolas Zimmermann.
525
526         Speed up SVGSMILElement::findInstanceTime.
527         https://bugs.webkit.org/show_bug.cgi?id=61025
528
529         Add a new parameter to StdlibExtras.h::binarySerarch function
530         to also handle cases when the array does not contain the key value.
531         This is needed for an svg function.
532
533         * wtf/StdLibExtras.h:
534         (WTF::binarySearch):
535
536 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
537
538         DFG speculative JIT does not guard itself against floating point speculation
539         failures on non-floating-point constants.
540         https://bugs.webkit.org/show_bug.cgi?id=64330
541
542         Reviewed by Gavin Barraclough.
543         
544         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
545         soon as it notices that it's speculating on something that is a non-numeric
546         JSConstant.
547
548         * dfg/DFGSpeculativeJIT.cpp:
549         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
550
551 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
552
553         DFG Speculative JIT does not always insert speculation checks when speculating
554         arrays.
555         https://bugs.webkit.org/show_bug.cgi?id=64254
556
557         Reviewed by Gavin Barraclough.
558         
559         Changed the SetLocal instruction to always validate that the value being stored
560         into the local variable is an array, if that variable was marked PredictArray.
561         This is necessary since uses of arrays assume that if a PredictArray value is
562         in a local variable then the speculation check validating that the value is an
563         array was already performed.
564
565         * dfg/DFGSpeculativeJIT.cpp:
566         (JSC::DFG::SpeculativeJIT::compile):
567
568 2011-07-11  Gabor Loki  <loki@webkit.org>
569
570         Fix the condition of the optimized code in doubleTransfer
571         https://bugs.webkit.org/show_bug.cgi?id=64261
572
573         Reviewed by Zoltan Herczeg.
574
575         The condition of the optimized code in doubleTransfer is wrong. The
576         data transfer should be executed with four bytes aligned address.
577         VFP cannot perform unaligned memory access.
578
579         Reported by Jacob Bramley.
580
581         * assembler/ARMAssembler.cpp:
582         (JSC::ARMAssembler::doubleTransfer):
583
584 2011-07-11  Gabor Loki  <loki@webkit.org>
585
586         Signed arithmetic bug in dataTransfer32.
587         https://bugs.webkit.org/show_bug.cgi?id=64257
588
589         Reviewed by Zoltan Herczeg.
590
591         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
592         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
593         a load instruction is emitted with a wrong zero offset.
594
595         Inspired by Jacob Bramley's patch from JaegerMonkey.
596
597         * assembler/ARMAssembler.cpp:
598         (JSC::ARMAssembler::dataTransfer32):
599
600 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
601
602         Fix unaligned userspace access for SH4 platforms. 
603         https://bugs.webkit.org/show_bug.cgi?id=62993
604
605         * wtf/Platform.h:
606
607 2011-07-09  Chao-ying Fu  <fu@mips.com>
608
609         Fix MIPS build due to readInt32 and readPointer
610         https://bugs.webkit.org/show_bug.cgi?id=63962
611
612         * assembler/MIPSAssembler.h:
613         (JSC::MIPSAssembler::readInt32):
614         (JSC::MIPSAssembler::readPointer):
615         * assembler/MacroAssemblerMIPS.h:
616         (JSC::MacroAssemblerMIPS::rshift32):
617
618 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
619
620         https://bugs.webkit.org/show_bug.cgi?id=64181
621         REGRESSION (r90602): Gmail doesn't load
622
623         Rolling out r90601, r90602.
624
625         * dfg/DFGAliasTracker.h:
626         * dfg/DFGByteCodeParser.cpp:
627         (JSC::DFG::ByteCodeParser::addVarArgChild):
628         (JSC::DFG::ByteCodeParser::parseBlock):
629         * dfg/DFGJITCodeGenerator.cpp:
630         (JSC::DFG::JITCodeGenerator::emitCall):
631         * dfg/DFGNode.h:
632         * dfg/DFGNonSpeculativeJIT.cpp:
633         (JSC::DFG::NonSpeculativeJIT::compile):
634         * dfg/DFGOperations.cpp:
635         * dfg/DFGOperations.h:
636         * dfg/DFGRepatch.cpp:
637         (JSC::DFG::tryCacheGetByID):
638         (JSC::DFG::dfgLinkCall):
639         * dfg/DFGRepatch.h:
640         * dfg/DFGSpeculativeJIT.cpp:
641         (JSC::DFG::SpeculativeJIT::compile):
642         * runtime/JSObject.h:
643         (JSC::JSObject::isUsingInlineStorage):
644
645 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
646
647         Reviewed by Adam Roben.
648
649         Add missing _WIN32_WINNT and WINVER definitions
650         https://bugs.webkit.org/show_bug.cgi?id=59702
651
652         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
653         available for all source files.
654
655         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
656         DeleteTimerQueueTimer which are both guarded by
657         #if (_WIN32_WINNT >= 0x0500)
658         in MinGW headers.
659
660         * config.h:
661         * wtf/Assertions.cpp:
662
663 2011-07-08  Chang Shu  <cshu@webkit.org>
664
665         Rename "makeSecure" to "fill" and remove the support for displaying last character
666         to avoid layering violatation.
667         https://bugs.webkit.org/show_bug.cgi?id=59114
668
669         Reviewed by Alexey Proskuryakov.
670
671         * JavaScriptCore.exp:
672         * JavaScriptCore.order:
673         * wtf/text/StringImpl.cpp:
674         (WTF::StringImpl::fill):
675         * wtf/text/StringImpl.h:
676         * wtf/text/WTFString.h:
677         (WTF::String::fill):
678
679 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
680
681         [WK2] Do not forward touch events to the web process when it does not need them
682         https://bugs.webkit.org/show_bug.cgi?id=64164
683
684         Reviewed by Kenneth Rohde Christiansen.
685
686         Add a convenience function to obtain a reference to the last element of a Deque.
687
688         * wtf/Deque.h:
689         (WTF::Deque::last):
690
691 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
692
693         DFG JIT does not implement op_construct.
694         https://bugs.webkit.org/show_bug.cgi?id=64066
695
696         Reviewed by Gavin Barraclough.
697
698         * dfg/DFGAliasTracker.h:
699         (JSC::DFG::AliasTracker::recordConstruct):
700         * dfg/DFGByteCodeParser.cpp:
701         (JSC::DFG::ByteCodeParser::addCall):
702         (JSC::DFG::ByteCodeParser::parseBlock):
703         * dfg/DFGJITCodeGenerator.cpp:
704         (JSC::DFG::JITCodeGenerator::emitCall):
705         * dfg/DFGNode.h:
706         * dfg/DFGNonSpeculativeJIT.cpp:
707         (JSC::DFG::NonSpeculativeJIT::compile):
708         * dfg/DFGOperations.cpp:
709         * dfg/DFGOperations.h:
710         * dfg/DFGRepatch.cpp:
711         (JSC::DFG::dfgLinkFor):
712         * dfg/DFGRepatch.h:
713         * dfg/DFGSpeculativeJIT.cpp:
714         (JSC::DFG::SpeculativeJIT::compile):
715
716 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
717
718         DFG JIT does not implement get_by_id prototype caching.
719         https://bugs.webkit.org/show_bug.cgi?id=64077
720
721         Reviewed by Gavin Barraclough.
722
723         * dfg/DFGRepatch.cpp:
724         (JSC::DFG::emitRestoreScratch):
725         (JSC::DFG::linkRestoreScratch):
726         (JSC::DFG::tryCacheGetByID):
727         * runtime/JSObject.h:
728         (JSC::JSObject::addressOfPropertyAtOffset):
729
730 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
731
732         DFG JIT method_check implementation does not link to optimized get_by_id
733         slow path.
734         https://bugs.webkit.org/show_bug.cgi?id=64073
735
736         Reviewed by Gavin Barraclough.
737
738         * dfg/DFGRepatch.cpp:
739         (JSC::DFG::dfgRepatchGetMethodFast):
740
741 2011-07-07  Oliver Hunt  <oliver@apple.com>
742
743         Encode jump and link sizes into the appropriate enums
744         https://bugs.webkit.org/show_bug.cgi?id=64123
745
746         Reviewed by Sam Weinig.
747
748         Finally kill off the out of line jump and link size arrays, 
749         so we can avoid icky loads and constant fold the linking arithmetic.
750
751         * assembler/ARMv7Assembler.cpp:
752         * assembler/ARMv7Assembler.h:
753         (JSC::ARMv7Assembler::jumpSizeDelta):
754         (JSC::ARMv7Assembler::computeJumpType):
755
756 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
757
758         ASSERT_NOT_REACHED running test 262
759         https://bugs.webkit.org/show_bug.cgi?id=63951
760         
761         Added a case to the switch statement where the code was failing. Fixed
762         some logic as well that gave faulty error messages.
763
764         Reviewed by Gavin Barraclough.
765
766         * parser/JSParser.cpp:
767         (JSC::JSParser::getTokenName):
768         (JSC::JSParser::updateErrorMessageSpecialCase):
769         (JSC::JSParser::updateErrorMessage):
770
771 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
772
773         DFG JIT implementation of op_call results in regressions on sunspider
774         controlflow-recursive.
775         https://bugs.webkit.org/show_bug.cgi?id=64039
776
777         Reviewed by Gavin Barraclough.
778
779         * dfg/DFGByteCodeParser.cpp:
780         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
781         (JSC::DFG::ByteCodeParser::parseBlock):
782         * dfg/DFGSpeculativeJIT.h:
783         (JSC::DFG::SpeculativeJIT::isInteger):
784
785 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
786
787         DFG JIT does not support method_check
788         https://bugs.webkit.org/show_bug.cgi?id=63972
789
790         Reviewed by Gavin Barraclough.
791
792         * assembler/CodeLocation.h:
793         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
794         * bytecode/CodeBlock.cpp:
795         (JSC::CodeBlock::visitAggregate):
796         * bytecode/CodeBlock.h:
797         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
798         (JSC::MethodCallLinkInfo::seenOnce):
799         (JSC::MethodCallLinkInfo::setSeen):
800         * dfg/DFGAliasTracker.h:
801         (JSC::DFG::AliasTracker::recordGetMethod):
802         * dfg/DFGByteCodeParser.cpp:
803         (JSC::DFG::ByteCodeParser::parseBlock):
804         * dfg/DFGJITCodeGenerator.cpp:
805         (JSC::DFG::JITCodeGenerator::cachedGetById):
806         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
807         * dfg/DFGJITCodeGenerator.h:
808         * dfg/DFGJITCompiler.cpp:
809         (JSC::DFG::JITCompiler::compileFunction):
810         * dfg/DFGJITCompiler.h:
811         (JSC::DFG::JITCompiler::addMethodGet):
812         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
813         * dfg/DFGNode.h:
814         (JSC::DFG::Node::hasIdentifier):
815         * dfg/DFGNonSpeculativeJIT.cpp:
816         (JSC::DFG::NonSpeculativeJIT::compile):
817         * dfg/DFGOperations.cpp:
818         * dfg/DFGOperations.h:
819         * dfg/DFGRepatch.cpp:
820         (JSC::DFG::dfgRepatchGetMethodFast):
821         (JSC::DFG::tryCacheGetMethod):
822         (JSC::DFG::dfgRepatchGetMethod):
823         * dfg/DFGRepatch.h:
824         * dfg/DFGSpeculativeJIT.cpp:
825         (JSC::DFG::SpeculativeJIT::compile):
826         * jit/JITWriteBarrier.h:
827         (JSC::JITWriteBarrier::set):
828
829 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
830
831         DFG JIT op_call implementation will flush registers even when those registers are dead
832         https://bugs.webkit.org/show_bug.cgi?id=64023
833
834         Reviewed by Gavin Barraclough.
835
836         * dfg/DFGJITCodeGenerator.cpp:
837         (JSC::DFG::JITCodeGenerator::emitCall):
838         * dfg/DFGJITCodeGenerator.h:
839         (JSC::DFG::JITCodeGenerator::integerResult):
840         (JSC::DFG::JITCodeGenerator::noResult):
841         (JSC::DFG::JITCodeGenerator::cellResult):
842         (JSC::DFG::JITCodeGenerator::jsValueResult):
843         (JSC::DFG::JITCodeGenerator::doubleResult):
844         * dfg/DFGNonSpeculativeJIT.cpp:
845         (JSC::DFG::NonSpeculativeJIT::compile):
846         * dfg/DFGSpeculativeJIT.cpp:
847         (JSC::DFG::SpeculativeJIT::compile):
848
849 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
850
851         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
852         https://bugs.webkit.org/show_bug.cgi?id=64017
853
854         Reviewed by Gavin Barraclough.
855
856         * dfg/DFGSpeculativeJIT.cpp:
857         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
858         (JSC::DFG::SpeculativeJIT::compile):
859
860 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
861
862         Reviewed by David Levin.
863
864         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
865         https://bugs.webkit.org/show_bug.cgi?id=62443
866
867         * wtf/DynamicAnnotations.cpp:
868         (WTFAnnotateBenignRaceSized):
869         (WTFAnnotateHappensBefore):
870         (WTFAnnotateHappensAfter):
871
872 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
873
874         Calls on 32 bit machines are failed after r90423
875         https://bugs.webkit.org/show_bug.cgi?id=63980
876
877         Reviewed by Gavin Barraclough.
878
879         Copy the necessary lines from JITCall.cpp.
880
881         * jit/JITCall32_64.cpp:
882         (JSC::JIT::compileOpCall):
883
884 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
885
886         DFG JIT virtual call implementation is inefficient.
887         https://bugs.webkit.org/show_bug.cgi?id=63974
888
889         Reviewed by Gavin Barraclough.
890
891         * dfg/DFGOperations.cpp:
892         * runtime/Executable.h:
893         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
894         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
895         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
896         (JSC::ExecutableBase::hasJITCodeForCall):
897         (JSC::ExecutableBase::hasJITCodeForConstruct):
898         (JSC::ExecutableBase::hasJITCodeFor):
899         * runtime/JSFunction.h:
900         (JSC::JSFunction::scopeUnchecked):
901
902 2011-07-05  Oliver Hunt  <oliver@apple.com>
903
904         Force inlining of simple functions that show up as not being inlined
905         https://bugs.webkit.org/show_bug.cgi?id=63964
906
907         Reviewed by Gavin Barraclough.
908
909         Looking at profile data indicates the gcc is failing to inline a
910         number of trivial functions.  This patch hits the ones that show
911         up in profiles with the ALWAYS_INLINE hammer.
912
913         We also replace the memcpy() call in linking with a manual loop.
914         Apparently memcpy() is almost never faster than an inlined loop.
915
916         * assembler/ARMv7Assembler.h:
917         (JSC::ARMv7Assembler::add):
918         (JSC::ARMv7Assembler::add_S):
919         (JSC::ARMv7Assembler::ARM_and):
920         (JSC::ARMv7Assembler::asr):
921         (JSC::ARMv7Assembler::b):
922         (JSC::ARMv7Assembler::blx):
923         (JSC::ARMv7Assembler::bx):
924         (JSC::ARMv7Assembler::clz):
925         (JSC::ARMv7Assembler::cmn):
926         (JSC::ARMv7Assembler::cmp):
927         (JSC::ARMv7Assembler::eor):
928         (JSC::ARMv7Assembler::it):
929         (JSC::ARMv7Assembler::ldr):
930         (JSC::ARMv7Assembler::ldrCompact):
931         (JSC::ARMv7Assembler::ldrh):
932         (JSC::ARMv7Assembler::ldrb):
933         (JSC::ARMv7Assembler::lsl):
934         (JSC::ARMv7Assembler::lsr):
935         (JSC::ARMv7Assembler::movT3):
936         (JSC::ARMv7Assembler::mov):
937         (JSC::ARMv7Assembler::movt):
938         (JSC::ARMv7Assembler::mvn):
939         (JSC::ARMv7Assembler::neg):
940         (JSC::ARMv7Assembler::orr):
941         (JSC::ARMv7Assembler::orr_S):
942         (JSC::ARMv7Assembler::ror):
943         (JSC::ARMv7Assembler::smull):
944         (JSC::ARMv7Assembler::str):
945         (JSC::ARMv7Assembler::sub):
946         (JSC::ARMv7Assembler::sub_S):
947         (JSC::ARMv7Assembler::tst):
948         (JSC::ARMv7Assembler::linkRecordSourceComparator):
949         (JSC::ARMv7Assembler::link):
950         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
951         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
952         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
953         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
954         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
955         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
956         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
957         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
958         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
959         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
960         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
961         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
962         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
963         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
964         * assembler/LinkBuffer.h:
965         (JSC::LinkBuffer::linkCode):
966         * assembler/MacroAssemblerARMv7.h:
967         (JSC::MacroAssemblerARMv7::nearCall):
968         (JSC::MacroAssemblerARMv7::call):
969         (JSC::MacroAssemblerARMv7::ret):
970         (JSC::MacroAssemblerARMv7::moveWithPatch):
971         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
972         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
973         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
974         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
975         (JSC::MacroAssemblerARMv7::jump):
976         (JSC::MacroAssemblerARMv7::makeBranch):
977
978 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
979
980         Make "Add optimised paths for a few maths functions" work on Qt
981         https://bugs.webkit.org/show_bug.cgi?id=63893
982
983         Reviewed by Oliver Hunt.
984
985         Move the generated code to the .text section instead of .data section.
986         Fix alignment for the 32 bit thunk code.
987
988         * jit/ThunkGenerators.cpp:
989
990 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
991
992         DFG JIT does not implement op_call.
993         https://bugs.webkit.org/show_bug.cgi?id=63858
994
995         Reviewed by Gavin Barraclough.
996
997         * bytecode/CodeBlock.cpp:
998         (JSC::CodeBlock::unlinkCalls):
999         * bytecode/CodeBlock.h:
1000         (JSC::CodeBlock::setNumberOfCallLinkInfos):
1001         (JSC::CodeBlock::numberOfCallLinkInfos):
1002         * bytecompiler/BytecodeGenerator.cpp:
1003         (JSC::BytecodeGenerator::emitCall):
1004         (JSC::BytecodeGenerator::emitConstruct):
1005         * dfg/DFGAliasTracker.h:
1006         (JSC::DFG::AliasTracker::lookupGetByVal):
1007         (JSC::DFG::AliasTracker::recordCall):
1008         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
1009         * dfg/DFGByteCodeParser.cpp:
1010         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1011         (JSC::DFG::ByteCodeParser::getLocal):
1012         (JSC::DFG::ByteCodeParser::getArgument):
1013         (JSC::DFG::ByteCodeParser::toInt32):
1014         (JSC::DFG::ByteCodeParser::addToGraph):
1015         (JSC::DFG::ByteCodeParser::addVarArgChild):
1016         (JSC::DFG::ByteCodeParser::predictInt32):
1017         (JSC::DFG::ByteCodeParser::parseBlock):
1018         (JSC::DFG::ByteCodeParser::processPhiStack):
1019         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
1020         * dfg/DFGGraph.cpp:
1021         (JSC::DFG::Graph::opName):
1022         (JSC::DFG::Graph::dump):
1023         (JSC::DFG::Graph::refChildren):
1024         * dfg/DFGGraph.h:
1025         * dfg/DFGJITCodeGenerator.cpp:
1026         (JSC::DFG::JITCodeGenerator::useChildren):
1027         (JSC::DFG::JITCodeGenerator::emitCall):
1028         * dfg/DFGJITCodeGenerator.h:
1029         (JSC::DFG::JITCodeGenerator::addressOfCallData):
1030         * dfg/DFGJITCompiler.cpp:
1031         (JSC::DFG::JITCompiler::compileFunction):
1032         * dfg/DFGJITCompiler.h:
1033         (JSC::DFG::CallRecord::CallRecord):
1034         (JSC::DFG::JITCompiler::notifyCall):
1035         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
1036         (JSC::DFG::JITCompiler::addJSCall):
1037         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1038         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
1039         * dfg/DFGNode.h:
1040         (JSC::DFG::Node::Node):
1041         (JSC::DFG::Node::child1):
1042         (JSC::DFG::Node::child2):
1043         (JSC::DFG::Node::child3):
1044         (JSC::DFG::Node::firstChild):
1045         (JSC::DFG::Node::numChildren):
1046         * dfg/DFGNonSpeculativeJIT.cpp:
1047         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1048         (JSC::DFG::NonSpeculativeJIT::compare):
1049         (JSC::DFG::NonSpeculativeJIT::compile):
1050         * dfg/DFGOperations.cpp:
1051         * dfg/DFGOperations.h:
1052         * dfg/DFGRepatch.cpp:
1053         (JSC::DFG::dfgLinkCall):
1054         * dfg/DFGRepatch.h:
1055         * dfg/DFGSpeculativeJIT.cpp:
1056         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1057         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
1058         (JSC::DFG::SpeculativeJIT::compile):
1059         * dfg/DFGSpeculativeJIT.h:
1060         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1061         * interpreter/CallFrame.h:
1062         (JSC::ExecState::calleeAsValue):
1063         * jit/JIT.cpp:
1064         (JSC::JIT::JIT):
1065         (JSC::JIT::privateCompileMainPass):
1066         (JSC::JIT::privateCompileSlowCases):
1067         (JSC::JIT::privateCompile):
1068         (JSC::JIT::linkCall):
1069         (JSC::JIT::linkConstruct):
1070         * jit/JITCall.cpp:
1071         (JSC::JIT::compileOpCall):
1072         * jit/JITCode.h:
1073         (JSC::JITCode::JITCode):
1074         (JSC::JITCode::jitType):
1075         (JSC::JITCode::HostFunction):
1076         * runtime/JSFunction.h:
1077         * runtime/JSGlobalData.h:
1078
1079 2011-07-05  Oliver Hunt  <oliver@apple.com>
1080
1081         Initialize new MarkStack member
1082
1083         * heap/MarkStack.h:
1084         (JSC::MarkStack::MarkStack):
1085
1086 2011-07-05  Oliver Hunt  <oliver@apple.com>
1087
1088         Don't throw out compiled code repeatedly
1089         https://bugs.webkit.org/show_bug.cgi?id=63960
1090
1091         Reviewed by Gavin Barraclough.
1092
1093         Stop throwing away all compiled code every time
1094         we're told to do a full GC.  Instead unlink all
1095         callsites during such GC passes to maximise the
1096         number of collectable functions, but otherwise
1097         leave compiled functions alone.
1098
1099         * API/JSBase.cpp:
1100         (JSGarbageCollect):
1101         * bytecode/CodeBlock.cpp:
1102         (JSC::CodeBlock::visitAggregate):
1103         * heap/Heap.cpp:
1104         (JSC::Heap::collectAllGarbage):
1105         * heap/MarkStack.h:
1106         (JSC::MarkStack::shouldUnlinkCalls):
1107         (JSC::MarkStack::setShouldUnlinkCalls):
1108         * runtime/JSGlobalData.cpp:
1109         (JSC::JSGlobalData::recompileAllJSFunctions):
1110         (JSC::JSGlobalData::releaseExecutableMemory):
1111         * runtime/RegExp.cpp:
1112         (JSC::RegExp::compile):
1113         (JSC::RegExp::invalidateCode):
1114         * runtime/RegExp.h:
1115
1116 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
1117
1118         JSC JIT has code duplication for the handling of call and construct
1119         https://bugs.webkit.org/show_bug.cgi?id=63957
1120
1121         Reviewed by Gavin Barraclough.
1122
1123         * jit/JIT.cpp:
1124         (JSC::JIT::linkFor):
1125         * jit/JIT.h:
1126         * jit/JITStubs.cpp:
1127         (JSC::jitCompileFor):
1128         (JSC::DEFINE_STUB_FUNCTION):
1129         (JSC::arityCheckFor):
1130         (JSC::lazyLinkFor):
1131         * runtime/Executable.h:
1132         (JSC::ExecutableBase::generatedJITCodeFor):
1133         (JSC::FunctionExecutable::compileFor):
1134         (JSC::FunctionExecutable::isGeneratedFor):
1135         (JSC::FunctionExecutable::generatedBytecodeFor):
1136         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
1137
1138 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
1139
1140         Build fix following last patch.
1141
1142         * runtime/JSFunction.cpp:
1143         (JSC::createPrototypeProperty):
1144
1145 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
1146
1147         https://bugs.webkit.org/show_bug.cgi?id=63947
1148         ASSERT running Object.preventExtensions(Math.sin)
1149
1150         Reviewed by Oliver Hunt.
1151
1152         This is due to calling scope() on a hostFunction as a part of
1153         calling createPrototypeProperty to reify the prototype property.
1154         But host functions don't have a prototype property anyway!
1155
1156         Prevent callling createPrototypeProperty on a host function.
1157
1158         * runtime/JSFunction.cpp:
1159         (JSC::JSFunction::createPrototypeProperty):
1160         (JSC::JSFunction::preventExtensions):
1161
1162 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1163
1164         https://bugs.webkit.org/show_bug.cgi?id=63880
1165         Evaluation order of conversions of operands to >, >= incorrect.
1166
1167         Reviewed by Sam Weinig.
1168
1169         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
1170         spec. This allows these methods to be reused to perform >, >= relational compares
1171         with correct ordering of type conversions.
1172
1173         * dfg/DFGOperations.cpp:
1174         * interpreter/Interpreter.cpp:
1175         (JSC::Interpreter::privateExecute):
1176         * jit/JITStubs.cpp:
1177         (JSC::DEFINE_STUB_FUNCTION):
1178         * runtime/Operations.h:
1179         (JSC::jsLess):
1180         (JSC::jsLessEq):
1181
1182 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1183
1184         Reviewed by Sam Weinig.
1185
1186         https://bugs.webkit.org/show_bug.cgi?id=16652
1187         Firefox and JavaScriptCore differ in Number.toString(integer)
1188
1189         Our arbitrary radix (2..36) toString conversion is inaccurate.
1190         This is partly because it uses doubles to perform math that requires
1191         higher accuracy, and partly becasue it does not attempt to correctly
1192         detect where to terminate, instead relying on a simple 'epsilon'.
1193
1194         * runtime/NumberPrototype.cpp:
1195         (JSC::decomposeDouble):
1196             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1197         (JSC::Uint16WithFraction::Uint16WithFraction):
1198             - helper class, u16int with infinite precision fraction, used to convert
1199               the fractional part of the number to a string.
1200         (JSC::Uint16WithFraction::operator*=):
1201             - Multiply by a uint16.
1202         (JSC::Uint16WithFraction::operator<):
1203             - Compare two Uint16WithFractions.
1204         (JSC::Uint16WithFraction::floorAndSubtract):
1205             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1206         (JSC::Uint16WithFraction::comparePoint5):
1207             - Compare to 0.5.
1208         (JSC::Uint16WithFraction::sumGreaterThanOne):
1209             - Passed a second Uint16WithFraction, returns true if the result of adding
1210               the two values would be greater than one.
1211         (JSC::Uint16WithFraction::isNormalized):
1212             - Used by ASSERTs to consistency check internal representation.
1213         (JSC::BigInteger::BigInteger):
1214             - helper class, unbounded integer value, used to convert the integer part
1215               of the number to a string.
1216         (JSC::BigInteger::divide):
1217             - Divide this value through by a uint32.
1218         (JSC::BigInteger::operator!):
1219             - test for zero.
1220         (JSC::toStringWithRadix):
1221             - Performs number to string conversion, with the given radix (2..36).
1222         (JSC::numberProtoFuncToString):
1223             - Changed to use toStringWithRadix.
1224
1225 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
1226
1227         https://bugs.webkit.org/show_bug.cgi?id=63881
1228         Need separate bytecodes for handling >, >= comparisons.
1229
1230         Reviewed by Oliver Hunt.
1231
1232         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
1233         as being using the corresponding op_less, etc opcodes.  This is incorrect with
1234         respect to evaluation ordering of the implicit conversions performed on operands -
1235         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
1236         but instead convert RHS then LHS.
1237
1238         This patch adds opcodes for greater-than comparisons mirroring existing ones used
1239         for less-than.
1240
1241         * bytecode/CodeBlock.cpp:
1242         (JSC::CodeBlock::dump):
1243         * bytecode/Opcode.h:
1244         * bytecompiler/BytecodeGenerator.cpp:
1245         (JSC::BytecodeGenerator::emitJumpIfTrue):
1246         (JSC::BytecodeGenerator::emitJumpIfFalse):
1247         * bytecompiler/NodesCodegen.cpp:
1248         * dfg/DFGByteCodeParser.cpp:
1249         (JSC::DFG::ByteCodeParser::parseBlock):
1250         * dfg/DFGNode.h:
1251         * dfg/DFGNonSpeculativeJIT.cpp:
1252         (JSC::DFG::NonSpeculativeJIT::compare):
1253         (JSC::DFG::NonSpeculativeJIT::compile):
1254         * dfg/DFGNonSpeculativeJIT.h:
1255         * dfg/DFGOperations.cpp:
1256         * dfg/DFGOperations.h:
1257         * dfg/DFGSpeculativeJIT.cpp:
1258         (JSC::DFG::SpeculativeJIT::compare):
1259         (JSC::DFG::SpeculativeJIT::compile):
1260         * dfg/DFGSpeculativeJIT.h:
1261         * interpreter/Interpreter.cpp:
1262         (JSC::Interpreter::privateExecute):
1263         * jit/JIT.cpp:
1264         (JSC::JIT::privateCompileMainPass):
1265         (JSC::JIT::privateCompileSlowCases):
1266         * jit/JIT.h:
1267         (JSC::JIT::emit_op_loop_if_greater):
1268         (JSC::JIT::emitSlow_op_loop_if_greater):
1269         (JSC::JIT::emit_op_loop_if_greatereq):
1270         (JSC::JIT::emitSlow_op_loop_if_greatereq):
1271         * jit/JITArithmetic.cpp:
1272         (JSC::JIT::emit_op_jgreater):
1273         (JSC::JIT::emit_op_jgreatereq):
1274         (JSC::JIT::emit_op_jngreater):
1275         (JSC::JIT::emit_op_jngreatereq):
1276         (JSC::JIT::emitSlow_op_jgreater):
1277         (JSC::JIT::emitSlow_op_jgreatereq):
1278         (JSC::JIT::emitSlow_op_jngreater):
1279         (JSC::JIT::emitSlow_op_jngreatereq):
1280         (JSC::JIT::emit_compareAndJumpSlow):
1281         * jit/JITArithmetic32_64.cpp:
1282         (JSC::JIT::emitBinaryDoubleOp):
1283         * jit/JITStubs.cpp:
1284         (JSC::DEFINE_STUB_FUNCTION):
1285         * jit/JITStubs.h:
1286         * parser/NodeConstructors.h:
1287         (JSC::GreaterNode::GreaterNode):
1288         (JSC::GreaterEqNode::GreaterEqNode):
1289         * parser/Nodes.h:
1290
1291 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
1292
1293         https://bugs.webkit.org/show_bug.cgi?id=63879
1294         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
1295
1296         Reviewed by Sam Weinig.
1297         
1298         There is a lot of copy & paste code here; we can reduce duplication by making
1299         a shared implementation.
1300
1301         * assembler/MacroAssembler.h:
1302         (JSC::MacroAssembler::branch32):
1303         (JSC::MacroAssembler::commute):
1304             - Make these function platform agnostic.
1305         * assembler/MacroAssemblerX86Common.h:
1306             - Moved branch32/commute up to MacroAssembler.
1307         * jit/JIT.h:
1308         (JSC::JIT::emit_op_loop_if_lesseq):
1309         (JSC::JIT::emitSlow_op_loop_if_lesseq):
1310             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
1311         * jit/JITArithmetic.cpp:
1312         (JSC::JIT::emit_op_jless):
1313         (JSC::JIT::emit_op_jlesseq):
1314         (JSC::JIT::emit_op_jnless):
1315         (JSC::JIT::emit_op_jnlesseq):
1316         (JSC::JIT::emitSlow_op_jless):
1317         (JSC::JIT::emitSlow_op_jlesseq):
1318         (JSC::JIT::emitSlow_op_jnless):
1319         (JSC::JIT::emitSlow_op_jnlesseq):
1320             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
1321         (JSC::JIT::emit_compareAndJump):
1322         (JSC::JIT::emit_compareAndJumpSlow):
1323             - Internal implmementation of jless etc for JSVALUE64.
1324         * jit/JITArithmetic32_64.cpp:
1325         (JSC::JIT::emit_compareAndJump):
1326         (JSC::JIT::emit_compareAndJumpSlow):
1327             - Internal implmementation of jless etc for JSVALUE32_64.
1328         * jit/JITOpcodes.cpp:
1329         * jit/JITOpcodes32_64.cpp:
1330         * jit/JITStubs.cpp:
1331         * jit/JITStubs.h:
1332             - Remove old implementation of emit_op_loop_if_lesseq.
1333
1334 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
1335
1336         Unreviewed, rolling out r90347.
1337         http://trac.webkit.org/changeset/90347
1338         https://bugs.webkit.org/show_bug.cgi?id=63886
1339
1340         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
1341         (Requested by tkent on #webkit).
1342
1343         * JavaScriptCore.xcodeproj/project.pbxproj:
1344         * runtime/BigInteger.h: Removed.
1345         * runtime/NumberPrototype.cpp:
1346         (JSC::numberProtoFuncToPrecision):
1347         (JSC::numberProtoFuncToString):
1348         * runtime/Uint16WithFraction.h: Removed.
1349         * wtf/MathExtras.h:
1350
1351 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
1352
1353         Reviewed by Sam Weinig.
1354
1355         https://bugs.webkit.org/show_bug.cgi?id=16652
1356         Firefox and JavaScriptCore differ in Number.toString(integer)
1357
1358         Our arbitrary radix (2..36) toString conversion is inaccurate.
1359         This is partly because it uses doubles to perform math that requires
1360         higher accuracy, and partly becasue it does not attempt to correctly
1361         detect where to terminate, instead relying on a simple 'epsilon'.
1362
1363         * runtime/NumberPrototype.cpp:
1364         (JSC::decomposeDouble):
1365             - helper function to extract sign, exponent, mantissa from IEEE doubles.
1366         (JSC::Uint16WithFraction::Uint16WithFraction):
1367             - helper class, u16int with infinite precision fraction, used to convert
1368               the fractional part of the number to a string.
1369         (JSC::Uint16WithFraction::operator*=):
1370             - Multiply by a uint16.
1371         (JSC::Uint16WithFraction::operator<):
1372             - Compare two Uint16WithFractions.
1373         (JSC::Uint16WithFraction::floorAndSubtract):
1374             - Extract the integer portion of the number, and subtract it (clears the integer portion).
1375         (JSC::Uint16WithFraction::comparePoint5):
1376             - Compare to 0.5.
1377         (JSC::Uint16WithFraction::sumGreaterThanOne):
1378             - Passed a second Uint16WithFraction, returns true if the result of adding
1379               the two values would be greater than one.
1380         (JSC::Uint16WithFraction::isNormalized):
1381             - Used by ASSERTs to consistency check internal representation.
1382         (JSC::BigInteger::BigInteger):
1383             - helper class, unbounded integer value, used to convert the integer part
1384               of the number to a string.
1385         (JSC::BigInteger::divide):
1386             - Divide this value through by a uint32.
1387         (JSC::BigInteger::operator!):
1388             - test for zero.
1389         (JSC::toStringWithRadix):
1390             - Performs number to string conversion, with the given radix (2..36).
1391         (JSC::numberProtoFuncToString):
1392             - Changed to use toStringWithRadix.
1393
1394 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
1395
1396         https://bugs.webkit.org/show_bug.cgi?id=63866
1397         DFG JIT - implement instanceof
1398
1399         Reviewed by Sam Weinig.
1400
1401         Add ops CheckHasInstance & InstanceOf to implement bytecodes
1402         op_check_has_instance & op_instanceof. This is an initial
1403         functional implementation, performance is a wash. We can
1404         follow up with changes to fuse the InstanceOf node with
1405         a subsequant branch, as we do with other comparisons.
1406
1407         * dfg/DFGByteCodeParser.cpp:
1408         (JSC::DFG::ByteCodeParser::parseBlock):
1409         * dfg/DFGJITCompiler.cpp:
1410         (JSC::DFG::JITCompiler::jitAssertIsCell):
1411         * dfg/DFGJITCompiler.h:
1412         (JSC::DFG::JITCompiler::jitAssertIsCell):
1413         * dfg/DFGNode.h:
1414         * dfg/DFGNonSpeculativeJIT.cpp:
1415         (JSC::DFG::NonSpeculativeJIT::compile):
1416         * dfg/DFGOperations.cpp:
1417         * dfg/DFGOperations.h:
1418         * dfg/DFGSpeculativeJIT.cpp:
1419         (JSC::DFG::SpeculativeJIT::compile):
1420
1421 2011-07-01  Oliver Hunt  <oliver@apple.com>
1422
1423         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
1424         https://bugs.webkit.org/show_bug.cgi?id=63732
1425
1426         Reviewed by Gavin Barraclough.
1427
1428         Initialise the memory at the head of the new storage so that
1429         GC is safe if triggered by reportExtraMemoryCost.
1430
1431         * runtime/JSArray.cpp:
1432         (JSC::JSArray::increaseVectorPrefixLength):
1433
1434 2011-07-01  Oliver Hunt  <oliver@apple.com>
1435
1436         GC sweep can occur before an object is completely initialised
1437         https://bugs.webkit.org/show_bug.cgi?id=63836
1438
1439         Reviewed by Gavin Barraclough.
1440
1441         In rare cases it's possible for a GC sweep to occur while a
1442         live, but not completely initialised object is on the stack.
1443         In such a case we may incorrectly choose to mark it, even
1444         though it has no children that need marking.
1445
1446         We resolve this by always zeroing out the structure of any
1447         value returned from JSCell::operator new(), and making the
1448         markstack tolerant of a null structure. 
1449
1450         * runtime/JSCell.h:
1451         (JSC::JSCell::JSCell::~JSCell):
1452         (JSC::JSCell::JSCell::operator new):
1453         * runtime/Structure.h:
1454         (JSC::MarkStack::internalAppend):
1455
1456 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
1457
1458         Reviewed by Gavin Barraclough.
1459
1460         DFG non-speculative JIT always performs slow C calls for div and mod.
1461         https://bugs.webkit.org/show_bug.cgi?id=63684
1462
1463         * dfg/DFGNonSpeculativeJIT.cpp:
1464         (JSC::DFG::NonSpeculativeJIT::compile):
1465
1466 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
1467
1468         Reviewed by Oliver Hunt.
1469
1470         Lexer error messages are currently appalling
1471         https://bugs.webkit.org/show_bug.cgi?id=63340
1472
1473         Added error messages for the Lexer. These messages will be displayed
1474         instead of the lexer error messages from the parser that are currently
1475         shown.
1476
1477         * parser/Lexer.cpp:
1478         (JSC::Lexer::getInvalidCharMessage):
1479         (JSC::Lexer::setCode):
1480         (JSC::Lexer::parseString):
1481         (JSC::Lexer::lex):
1482         (JSC::Lexer::clear):
1483         * parser/Lexer.h:
1484         (JSC::Lexer::getErrorMessage):
1485         (JSC::Lexer::setOffset):
1486         * parser/Parser.cpp:
1487         (JSC::Parser::parse):
1488
1489 2011-07-01  Jungshik Shin  <jshin@chromium.org>
1490
1491         Reviewed by Alexey Proskuryakov.
1492
1493         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
1494         build files for ports not using ICU.
1495         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
1496         ICU 3.6 (the version used on Mac OS 10.5)
1497
1498         http://bugs.webkit.org/show_bug.cgi?id=20797
1499
1500         * GNUmakefile.list.am:
1501         * JavaScriptCore.gypi:
1502         * icu/unicode/uscript.h: Added for UScriptCode enum.
1503         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
1504         * wtf/unicode/icu/UnicodeIcu.h:
1505         * wtf/unicode/brew/UnicodeBrew.h:
1506         * wtf/unicode/glib/UnicodeGLib.h:
1507         * wtf/unicode/qt4/UnicodeQt4.h:
1508         * wtf/unicode/wince/UnicodeWinCE.h:
1509
1510 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
1511
1512         Reviewed by Sam Weinig.
1513
1514         https://bugs.webkit.org/show_bug.cgi?id=63819
1515         Escaping of forwardslashes in strings incorrect if multiple exist.
1516
1517         The bug is in the parameters passed to a substring - should be
1518         start & length, but we're passing start & end indices!
1519
1520         * runtime/RegExpObject.cpp:
1521         (JSC::regExpObjectSource):
1522
1523 2011-07-01  Adam Roben  <aroben@apple.com>
1524
1525         Roll out r90194
1526         http://trac.webkit.org/changeset/90194
1527         https://bugs.webkit.org/show_bug.cgi?id=63778
1528
1529         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
1530         assertions in WriteBarrierBase<JSC::Structure>::get
1531
1532         * runtime/JSCell.h:
1533         (JSC::JSCell::JSCell::~JSCell):
1534
1535 2011-06-30  Oliver Hunt  <oliver@apple.com>
1536
1537         Reviewed by Gavin Barraclough.
1538
1539         Add optimised paths for a few maths functions
1540         https://bugs.webkit.org/show_bug.cgi?id=63757
1541
1542         Relanding as a Mac only patch.
1543
1544         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1545         Math.floor, Math.log, and Math.exp as they are apparently more
1546         important in real web content than we thought, which is somewhat
1547         mind-boggling.  On average doubles the performance of the common
1548         cases (eg. actually passing numbers in).  They're not as efficient
1549         as they could be, but this way gives them the most portability.
1550
1551         * assembler/MacroAssemblerARM.h:
1552         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1553         (JSC::MacroAssemblerARM::andnotDouble):
1554         * assembler/MacroAssemblerARMv7.h:
1555         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1556         (JSC::MacroAssemblerARMv7::andnotDouble):
1557         * assembler/MacroAssemblerMIPS.h:
1558         (JSC::MacroAssemblerMIPS::andnotDouble):
1559         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1560         * assembler/MacroAssemblerSH4.h:
1561         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1562         (JSC::MacroAssemblerSH4::andnotDouble):
1563         * assembler/MacroAssemblerX86.h:
1564         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1565         * assembler/MacroAssemblerX86Common.h:
1566         (JSC::MacroAssemblerX86Common::andnotDouble):
1567         * assembler/MacroAssemblerX86_64.h:
1568         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1569         * assembler/X86Assembler.h:
1570         (JSC::X86Assembler::andnpd_rr):
1571         * create_hash_table:
1572         * jit/SpecializedThunkJIT.h:
1573         (JSC::SpecializedThunkJIT::finalize):
1574         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1575         * jit/ThunkGenerators.cpp:
1576         (JSC::floorThunkGenerator):
1577         (JSC::ceilThunkGenerator):
1578         (JSC::roundThunkGenerator):
1579         (JSC::expThunkGenerator):
1580         (JSC::logThunkGenerator):
1581         (JSC::absThunkGenerator):
1582         * jit/ThunkGenerators.h:
1583
1584 2011-07-01  David Kilzer  <ddkilzer@apple.com>
1585
1586         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
1587
1588         Fixes the following build error in clang:
1589
1590             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
1591                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1592                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
1593             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
1594                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1595                                                 ^
1596                      (                         )
1597             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
1598             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
1599             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
1600                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
1601                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1602             1 error generated.
1603
1604         * jit/JITOpcodes32_64.cpp:
1605         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
1606         tertiary expression evaluate first.
1607
1608 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1609
1610         Unreviewed, rolling out r90177 and r90179.
1611         http://trac.webkit.org/changeset/90177
1612         http://trac.webkit.org/changeset/90179
1613         https://bugs.webkit.org/show_bug.cgi?id=63790
1614
1615         It caused crashes on Qt in debug mode (Requested by Ossy on
1616         #webkit).
1617
1618         * assembler/MacroAssemblerARM.h:
1619         (JSC::MacroAssemblerARM::rshift32):
1620         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
1621         (JSC::MacroAssemblerARM::sqrtDouble):
1622         * assembler/MacroAssemblerARMv7.h:
1623         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
1624         (JSC::MacroAssemblerARMv7::sqrtDouble):
1625         * assembler/MacroAssemblerMIPS.h:
1626         (JSC::MacroAssemblerMIPS::sqrtDouble):
1627         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
1628         * assembler/MacroAssemblerSH4.h:
1629         (JSC::MacroAssemblerSH4::sqrtDouble):
1630         * assembler/MacroAssemblerX86.h:
1631         * assembler/MacroAssemblerX86Common.h:
1632         * assembler/MacroAssemblerX86_64.h:
1633         * assembler/X86Assembler.h:
1634         * create_hash_table:
1635         * jit/JSInterfaceJIT.h:
1636         (JSC::JSInterfaceJIT::emitLoadDouble):
1637         * jit/SpecializedThunkJIT.h:
1638         (JSC::SpecializedThunkJIT::finalize):
1639         * jit/ThunkGenerators.cpp:
1640         * jit/ThunkGenerators.h:
1641
1642 2011-06-30  Oliver Hunt  <oliver@apple.com>
1643
1644         Reviewed by Beth Dakin.
1645
1646         Make GC validation clear cell structure on destruction
1647         https://bugs.webkit.org/show_bug.cgi?id=63778
1648
1649         * runtime/JSCell.h:
1650         (JSC::JSCell::JSCell::~JSCell):
1651
1652 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1653
1654         Reviewed by Gavin Barraclough.
1655
1656         Added write barrier that was missing from put_by_id_transition
1657         https://bugs.webkit.org/show_bug.cgi?id=63775
1658
1659         * dfg/DFGJITCodeGenerator.cpp:
1660         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
1661         MacroAssembler& argument so our patching functions could use it.
1662
1663         (JSC::DFG::JITCodeGenerator::cachedPutById):
1664         * dfg/DFGJITCodeGenerator.h:
1665         * dfg/DFGNonSpeculativeJIT.cpp:
1666         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
1667
1668         * dfg/DFGRepatch.cpp:
1669         (JSC::DFG::tryCachePutByID): Missing barrier!
1670
1671         * dfg/DFGSpeculativeJIT.cpp:
1672         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
1673
1674         * jit/JITPropertyAccess.cpp:
1675         (JSC::JIT::privateCompilePutByIdTransition):
1676         * jit/JITPropertyAccess32_64.cpp:
1677         (JSC::JIT::privateCompilePutByIdTransition):
1678         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
1679         because its meaning isn't clear -- maybe in the future we'll have a
1680         clear way to pass all stores through a common function that guarantees
1681         a write barrier, but that's not the case right now.
1682
1683 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1684
1685         Reviewed by Gavin Barraclough.
1686
1687         DFG non-speculative JIT does not reuse registers when compiling comparisons.
1688         https://bugs.webkit.org/show_bug.cgi?id=63565
1689
1690         * dfg/DFGNonSpeculativeJIT.cpp:
1691         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1692         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1693         (JSC::DFG::NonSpeculativeJIT::compare):
1694
1695 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
1696
1697         Reviewed by Gavin Barraclough.
1698
1699         Added empty write barrier stubs in all the right places in the DFG JIT
1700         https://bugs.webkit.org/show_bug.cgi?id=63764
1701         
1702         SunSpider thinks this might be a 0.5% speedup. Meh.
1703
1704         * dfg/DFGJITCodeGenerator.cpp:
1705         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
1706
1707         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
1708         for the case where base == scratch, since we now require base and scratch
1709         to be not equal, for the sake of the write barrier.
1710
1711         * dfg/DFGJITCodeGenerator.h: Le stub.
1712
1713         * dfg/DFGNonSpeculativeJIT.cpp:
1714         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
1715         as the scratch register, since that's incompatible with the write barrier,
1716         which needs a distinct base and scratch.
1717         
1718         Do put the global object into a register before loading its var storage,
1719         since it needs to be in a register for the write barrier to operate on it.
1720
1721         * dfg/DFGSpeculativeJIT.cpp:
1722         (JSC::DFG::SpeculativeJIT::compile):
1723         * jit/JITPropertyAccess.cpp:
1724         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
1725
1726         * jit/JITPropertyAccess.cpp:
1727         (JSC::JIT::emit_op_get_scoped_var):
1728         (JSC::JIT::emit_op_put_scoped_var):
1729         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1730         places.
1731
1732         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1733         is a little more than meaningless.
1734
1735         * jit/JITPropertyAccess32_64.cpp:
1736         (JSC::JIT::emit_op_get_scoped_var):
1737         (JSC::JIT::emit_op_put_scoped_var):
1738         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
1739         places.
1740
1741         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
1742         is a little more than meaningless.
1743
1744         * runtime/JSVariableObject.h:
1745         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
1746         we put the global object in a register and only then load its var storage
1747         by offset.
1748
1749         (JSC::JIT::emitWriteBarrier):
1750
1751 2011-06-30  Oliver Hunt  <oliver@apple.com>
1752
1753         Fix ARMv6 build
1754
1755         * assembler/MacroAssemblerARM.h:
1756         (JSC::MacroAssemblerARM::rshift32):
1757
1758 2011-06-30  Oliver Hunt  <oliver@apple.com>
1759
1760         Reviewed by Gavin Barraclough.
1761
1762         Add optimised paths for a few maths functions
1763         https://bugs.webkit.org/show_bug.cgi?id=63757
1764
1765         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
1766         Math.floor, Math.log, and Math.exp as they are apparently more
1767         important in real web content than we thought, which is somewhat
1768         mind-boggling.  On average doubles the performance of the common
1769         cases (eg. actually passing numbers in).  They're not as efficient
1770         as they could be, but this way gives them the most portability.
1771
1772         * assembler/MacroAssemblerARM.h:
1773         (JSC::MacroAssemblerARM::supportsDoubleBitops):
1774         (JSC::MacroAssemblerARM::andnotDouble):
1775         * assembler/MacroAssemblerARMv7.h:
1776         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
1777         (JSC::MacroAssemblerARMv7::andnotDouble):
1778         * assembler/MacroAssemblerMIPS.h:
1779         (JSC::MacroAssemblerMIPS::andnotDouble):
1780         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
1781         * assembler/MacroAssemblerSH4.h:
1782         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
1783         (JSC::MacroAssemblerSH4::andnotDouble):
1784         * assembler/MacroAssemblerX86.h:
1785         (JSC::MacroAssemblerX86::supportsDoubleBitops):
1786         * assembler/MacroAssemblerX86Common.h:
1787         (JSC::MacroAssemblerX86Common::andnotDouble):
1788         * assembler/MacroAssemblerX86_64.h:
1789         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
1790         * assembler/X86Assembler.h:
1791         (JSC::X86Assembler::andnpd_rr):
1792         * create_hash_table:
1793         * jit/SpecializedThunkJIT.h:
1794         (JSC::SpecializedThunkJIT::finalize):
1795         (JSC::SpecializedThunkJIT::callDoubleToDouble):
1796         * jit/ThunkGenerators.cpp:
1797         (JSC::floorThunkGenerator):
1798         (JSC::ceilThunkGenerator):
1799         (JSC::roundThunkGenerator):
1800         (JSC::expThunkGenerator):
1801         (JSC::logThunkGenerator):
1802         (JSC::absThunkGenerator):
1803         * jit/ThunkGenerators.h:
1804
1805 2011-06-30  Cary Clark  <caryclark@google.com>
1806
1807         Reviewed by James Robinson.
1808
1809         Use Skia if Skia on Mac Chrome is enabled
1810         https://bugs.webkit.org/show_bug.cgi?id=62999
1811
1812         * wtf/Platform.h:
1813         Add switch to use Skia if, externally,
1814         Skia has been enabled by a gyp define.
1815
1816 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
1817
1818         Reviewed by Geoffrey Garen.
1819
1820         Web Inspector fails to display source for eval with syntax error
1821         https://bugs.webkit.org/show_bug.cgi?id=63583
1822
1823         Web Inspector now displays a link to an eval statement that contains
1824         a syntax error.
1825
1826         * parser/Parser.h:
1827         (JSC::isEvalNode):
1828         (JSC::EvalNode):
1829         (JSC::Parser::parse):
1830
1831 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
1832
1833         Reviewed by Gavin Barraclough.
1834
1835         X86Assembler does not encode byte registers in 64-bit mode correctly.
1836         https://bugs.webkit.org/show_bug.cgi?id=63665
1837
1838         * assembler/X86Assembler.h:
1839         (JSC::X86Assembler::testb_rr):
1840         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
1841
1842 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1843
1844         Unreviewed, rolling out r90102.
1845         http://trac.webkit.org/changeset/90102
1846         https://bugs.webkit.org/show_bug.cgi?id=63714
1847
1848         Lots of tests asserting beneath
1849         SVGSMILElement::findInstanceTime (Requested by aroben on
1850         #webkit).
1851
1852         * wtf/StdLibExtras.h:
1853         (WTF::binarySearch):
1854
1855 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
1856
1857         Reviewed by Nikolas Zimmermann.
1858
1859         Speed up SVGSMILElement::findInstanceTime.
1860         https://bugs.webkit.org/show_bug.cgi?id=61025
1861
1862         Add a new parameter to StdlibExtras.h::binarySerarch function
1863         to also handle cases when the array does not contain the key value.
1864         This is needed for an svg function.
1865
1866         * wtf/StdLibExtras.h:
1867         (WTF::binarySearch):
1868
1869 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
1870
1871         Reviewed by Geoff Garen.
1872
1873         https://bugs.webkit.org/show_bug.cgi?id=63669
1874         DFG JIT - fix spectral-norm regression
1875
1876         The problem is a mis-speculation leading to us falling off the speculative path.
1877         Make the speculation logic slightly smarter, don't predict int if one of the
1878         operands is already loaded as a double (we use this logic already for compares).
1879
1880         * dfg/DFGSpeculativeJIT.cpp:
1881         (JSC::DFG::SpeculativeJIT::compile):
1882         * dfg/DFGSpeculativeJIT.h:
1883         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
1884
1885 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1886
1887         Reviewed by Gavin Barraclough.
1888
1889         DFG JIT does not do put_by_id transition caching.
1890         https://bugs.webkit.org/show_bug.cgi?id=63662
1891
1892         * dfg/DFGJITCodeGenerator.cpp:
1893         (JSC::DFG::JITCodeGenerator::cachedPutById):
1894         * dfg/DFGJITCompiler.h:
1895         (JSC::DFG::JITCompiler::addPropertyAccess):
1896         * dfg/DFGRepatch.cpp:
1897         (JSC::DFG::testPrototype):
1898         (JSC::DFG::tryCachePutByID):
1899
1900 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
1901
1902         Reviewed by Oliver Hunt.
1903
1904         Added a dummy write barrier emitting function in all the right places in the old JIT
1905         https://bugs.webkit.org/show_bug.cgi?id=63667
1906         
1907         SunSpider reports no change.
1908
1909         * jit/JIT.h:
1910         * jit/JITPropertyAccess.cpp:
1911         (JSC::JIT::emit_op_put_by_id):
1912         (JSC::JIT::emit_op_put_scoped_var): Do it.
1913
1914         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1915         for the sake of the write barrier.
1916
1917         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1918
1919         * jit/JITPropertyAccess32_64.cpp:
1920         (JSC::JIT::emit_op_put_by_val):
1921         (JSC::JIT::emit_op_put_by_id):
1922         (JSC::JIT::emit_op_put_scoped_var): Do it.
1923
1924         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
1925         for the sake of the write barrier.
1926
1927         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
1928
1929 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
1930
1931         Reviewed by Gavin Barraclough.
1932
1933         DFG JIT does not perform get_by_id self list caching.
1934         https://bugs.webkit.org/show_bug.cgi?id=63605
1935
1936         * bytecode/StructureStubInfo.h:
1937         * dfg/DFGJITCompiler.cpp:
1938         (JSC::DFG::JITCompiler::compileFunction):
1939         * dfg/DFGOperations.cpp:
1940         * dfg/DFGOperations.h:
1941         * dfg/DFGRepatch.cpp:
1942         (JSC::DFG::tryCacheGetByID):
1943         (JSC::DFG::tryBuildGetByIDList):
1944         (JSC::DFG::dfgBuildGetByIDList):
1945         * dfg/DFGRepatch.h:
1946
1947 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
1948
1949         Reviewed by Gavin Barraclough.
1950
1951         DFG JIT lacks array.length caching.
1952         https://bugs.webkit.org/show_bug.cgi?id=63505
1953
1954         * bytecode/StructureStubInfo.h:
1955         * dfg/DFGJITCodeGenerator.cpp:
1956         (JSC::DFG::JITCodeGenerator::cachedGetById):
1957         (JSC::DFG::JITCodeGenerator::cachedPutById):
1958         * dfg/DFGJITCodeGenerator.h:
1959         (JSC::DFG::JITCodeGenerator::tryAllocate):
1960         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
1961         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1962         * dfg/DFGJITCompiler.cpp:
1963         (JSC::DFG::JITCompiler::compileFunction):
1964         * dfg/DFGJITCompiler.h:
1965         (JSC::DFG::JITCompiler::addPropertyAccess):
1966         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
1967         * dfg/DFGRegisterBank.h:
1968         (JSC::DFG::RegisterBank::tryAllocate):
1969         * dfg/DFGRepatch.cpp:
1970         (JSC::DFG::tryCacheGetByID):
1971
1972 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
1973
1974         Reviewed by Eric Seidel.
1975
1976         Warnings in JSC's JIT on 32 bit
1977         https://bugs.webkit.org/show_bug.cgi?id=63259
1978
1979         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
1980
1981         * jit/JITPropertyAccess32_64.cpp:
1982         (JSC::JIT::emit_op_method_check):
1983         (JSC::JIT::compileGetByIdHotPath):
1984         (JSC::JIT::emit_op_put_by_id):
1985
1986 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
1987
1988         Unreviewed, rolling out r89968.
1989         http://trac.webkit.org/changeset/89968
1990         https://bugs.webkit.org/show_bug.cgi?id=63581
1991
1992         Broke chromium windows compile (Requested by jamesr on
1993         #webkit).
1994
1995         * wtf/Platform.h:
1996
1997 2011-06-28  Oliver Hunt  <oliver@apple.com>
1998
1999         Reviewed by Gavin Barraclough.
2000
2001         Fix sampling build
2002         https://bugs.webkit.org/show_bug.cgi?id=63579
2003
2004         Gets opcode sampling building again, doesn't seem to work alas
2005
2006         * bytecode/SamplingTool.cpp:
2007         (JSC::SamplingTool::notifyOfScope):
2008         * bytecode/SamplingTool.h:
2009         (JSC::SamplingTool::SamplingTool):
2010         * interpreter/Interpreter.cpp:
2011         (JSC::Interpreter::enableSampler):
2012         * runtime/Executable.h:
2013         (JSC::ScriptExecutable::ScriptExecutable):
2014
2015 2011-06-28  Cary Clark  <caryclark@google.com>
2016
2017         Reviewed by James Robinson.
2018
2019         Use Skia if Skia on Mac Chrome is enabled
2020         https://bugs.webkit.org/show_bug.cgi?id=62999
2021
2022         * wtf/Platform.h:
2023         Add switch to use Skia if, externally,
2024         Skia has been enabled by a gyp define.
2025
2026 2011-06-28  Oliver Hunt  <oliver@apple.com>
2027
2028         Reviewed by Gavin Barraclough.
2029
2030         ASSERT when launching debug builds with interpreter and jit enabled
2031         https://bugs.webkit.org/show_bug.cgi?id=63566
2032
2033         Add appropriate guards to the various Executable's memory reporting
2034         logic.
2035
2036         * runtime/Executable.cpp:
2037         (JSC::EvalExecutable::compileInternal):
2038         (JSC::ProgramExecutable::compileInternal):
2039         (JSC::FunctionExecutable::compileForCallInternal):
2040         (JSC::FunctionExecutable::compileForConstructInternal):
2041
2042 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2043
2044         Reviewed by Oliver Hunt.
2045
2046         https://bugs.webkit.org/show_bug.cgi?id=63563
2047         DFG JIT - add support for double arith to speculative path
2048
2049         Add integer support for div & mod, add double support for div, mod,
2050         add, sub & mul, dynamically selecting based on operand types.
2051
2052         * dfg/DFGJITCodeGenerator.cpp:
2053         (JSC::DFG::FPRTemporary::FPRTemporary):
2054         * dfg/DFGJITCodeGenerator.h:
2055         * dfg/DFGJITCompiler.h:
2056         (JSC::DFG::JITCompiler::assembler):
2057         * dfg/DFGSpeculativeJIT.cpp:
2058         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2059         (JSC::DFG::SpeculativeJIT::compile):
2060         * dfg/DFGSpeculativeJIT.h:
2061         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
2062         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
2063         (JSC::DFG::SpeculateDoubleOperand::index):
2064         (JSC::DFG::SpeculateDoubleOperand::fpr):
2065
2066 2011-06-28  Oliver Hunt  <oliver@apple.com>
2067
2068         Fix interpreter build.
2069
2070         * interpreter/Interpreter.cpp:
2071         (JSC::Interpreter::privateExecute):
2072
2073 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2074
2075         Reviewed by Oliver Hunt.
2076
2077         https://bugs.webkit.org/show_bug.cgi?id=63561
2078         DFG JIT - don't always assume integer in relational compare
2079
2080         If neither operand is known integer, or either is in double representation,
2081         then at least use a function call (don't bail off the speculative path).
2082
2083         * dfg/DFGSpeculativeJIT.cpp:
2084         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
2085         (JSC::DFG::SpeculativeJIT::compile):
2086         * dfg/DFGSpeculativeJIT.h:
2087         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
2088         (JSC::DFG::SpeculativeJIT::compareIsInteger):
2089
2090 2011-06-28  Oliver Hunt  <oliver@apple.com>
2091
2092         Reviewed by Gavin Barraclough.
2093
2094         Make constant array optimisation less strict about what constitutes a constant
2095         https://bugs.webkit.org/show_bug.cgi?id=63554
2096
2097         Now allow string constants in array literals to actually be considered constant,
2098         and so avoid codegen in array literals with strings in them.
2099
2100         * bytecode/CodeBlock.h:
2101         (JSC::CodeBlock::addConstantBuffer):
2102         (JSC::CodeBlock::constantBuffer):
2103         * bytecompiler/BytecodeGenerator.cpp:
2104         (JSC::BytecodeGenerator::addConstantBuffer):
2105         (JSC::BytecodeGenerator::addStringConstant):
2106         (JSC::BytecodeGenerator::emitNewArray):
2107         * bytecompiler/BytecodeGenerator.h:
2108         * interpreter/Interpreter.cpp:
2109         (JSC::Interpreter::privateExecute):
2110         * jit/JITStubs.cpp:
2111         (JSC::DEFINE_STUB_FUNCTION):
2112
2113 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2114
2115         Reviewed by Oliver Hunt.
2116
2117         https://bugs.webkit.org/show_bug.cgi?id=63560
2118         DFG_JIT allow allocation of specific machine registers
2119
2120         This allow us to allocate the registers necessary to perform x86
2121         idiv instructions for div/mod, and may be useful for shifts, too.
2122
2123         * dfg/DFGJITCodeGenerator.cpp:
2124         (JSC::DFG::GPRTemporary::GPRTemporary):
2125         * dfg/DFGJITCodeGenerator.h:
2126         (JSC::DFG::JITCodeGenerator::allocate):
2127         (JSC::DFG::GPRResult::GPRResult):
2128         * dfg/DFGRegisterBank.h:
2129         (JSC::DFG::RegisterBank::allocateSpecific):
2130         * dfg/DFGSpeculativeJIT.h:
2131         (JSC::DFG::SpeculativeJIT::isInteger):
2132
2133 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
2134
2135         Reviewed by Oliver Hunt.
2136
2137         https://bugs.webkit.org/show_bug.cgi?id=55040
2138         RegExp constructor returns the argument regexp instead of a new object
2139
2140         Per 15.10.3.1, our current behaviour is correct if called as a function,
2141         but incorrect when called as a constructor.
2142
2143         * runtime/RegExpConstructor.cpp:
2144         (JSC::constructRegExp):
2145         (JSC::constructWithRegExpConstructor):
2146         * runtime/RegExpConstructor.h:
2147
2148 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
2149
2150         Reviewed by Darin Adler.
2151
2152         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
2153         https://bugs.webkit.org/show_bug.cgi?id=63469
2154
2155         * wtf/MathExtras.h:
2156         (defaultMinimumForClamp):
2157         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
2158         (defaultMaximumForClamp):
2159         Symmetric alias for std::numeric_limits::max()
2160         (clampTo):
2161         New templated clamping function that supports arbitrary output types.
2162         (clampToInteger):
2163         Use new clampTo template.
2164         (clampToFloat):
2165         Use new clampTo template.
2166         (clampToPositiveInteger):
2167         Use new clampTo template.
2168
2169 2011-06-28  Adam Roben  <aroben@apple.com>
2170
2171         Windows Debug build fix after r89885
2172
2173         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
2174         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
2175
2176 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
2177
2178         Reviewed by Kent Tamura.
2179
2180         Add const to show() method in WTFString and AtomicString.
2181         https://bugs.webkit.org/show_bug.cgi?id=63515
2182
2183         The lack of const in show() method is painful when
2184         doing something like printf-debug.
2185
2186         * wtf/text/AtomicString.cpp:
2187         (WTF::AtomicString::show):
2188         * wtf/text/AtomicString.h:
2189         * wtf/text/WTFString.cpp:
2190         (String::show):
2191         * wtf/text/WTFString.h:
2192
2193 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
2194
2195         Build fix attempt after r89885.
2196
2197         * JavaScriptCore.exp:
2198         * jsc.cpp:
2199
2200 2011-06-27  Oliver Hunt  <oliver@apple.com>
2201
2202         Reviewed by Geoffrey Garen.
2203
2204         Support throwing away non-running code even while other code is running
2205         https://bugs.webkit.org/show_bug.cgi?id=63485
2206
2207         Add a function to CodeBlock to support unlinking direct linked callsites,
2208         and then with that in place add logic to discard code from any function
2209         that is not currently on the stack.
2210
2211         The unlinking completely reverts any optimized call sites, such that they
2212         may be relinked again in future.
2213
2214         * JavaScriptCore.exp:
2215         * bytecode/CodeBlock.cpp:
2216         (JSC::CodeBlock::unlinkCalls):
2217         (JSC::CodeBlock::clearEvalCache):
2218         * bytecode/CodeBlock.h:
2219         (JSC::CallLinkInfo::CallLinkInfo):
2220         (JSC::CallLinkInfo::unlink):
2221         * bytecode/EvalCodeCache.h:
2222         (JSC::EvalCodeCache::clear):
2223         * heap/Heap.cpp:
2224         (JSC::Heap::getConservativeRegisterRoots):
2225         * heap/Heap.h:
2226         * jit/JIT.cpp:
2227         (JSC::JIT::privateCompile):
2228         * jit/JIT.h:
2229         * jit/JITCall.cpp:
2230         (JSC::JIT::compileOpCall):
2231         * jit/JITWriteBarrier.h:
2232         (JSC::JITWriteBarrierBase::clear):
2233         * jsc.cpp:
2234         (GlobalObject::GlobalObject):
2235         (functionReleaseExecutableMemory):
2236         * runtime/Executable.cpp:
2237         (JSC::EvalExecutable::unlinkCalls):
2238         (JSC::ProgramExecutable::unlinkCalls):
2239         (JSC::FunctionExecutable::discardCode):
2240         (JSC::FunctionExecutable::unlinkCalls):
2241         * runtime/Executable.h:
2242         * runtime/JSGlobalData.cpp:
2243         (JSC::SafeRecompiler::returnValue):
2244         (JSC::SafeRecompiler::operator()):
2245         (JSC::JSGlobalData::releaseExecutableMemory):
2246
2247 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
2248
2249         Reviewed by Darin Adler & Oliver Hunt.
2250
2251         https://bugs.webkit.org/show_bug.cgi?id=50554
2252         RegExp.prototype.toString does not escape slashes
2253
2254         The problem here is that we don't escape forwards slashes when converting
2255         a RegExp to a string. This means that RegExp("/").toString() is "///",
2256         which is not a valid RegExp literal. Also, we return an invalid literal
2257         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
2258
2259         From ES5:
2260         "NOTE: The returned String has the form of a RegularExpressionLiteral that
2261         evaluates to another RegExp object with the same behaviour as this object."
2262
2263         * runtime/RegExpObject.cpp:
2264         (JSC::regExpObjectSource):
2265             - Escape forward slashes when getting the source of a RegExp.
2266         * runtime/RegExpPrototype.cpp:
2267         (JSC::regExpProtoFuncToString):
2268             - Remove unnecessary and erroneous hack to return "//" as the string
2269             representation of RegExp.prototype. This is not a valid RegExp literal
2270             (it is an empty single-line comment).
2271
2272 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
2273
2274         Reviewed by Oliver Hunt.
2275
2276         https://bugs.webkit.org/show_bug.cgi?id=63497
2277         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
2278
2279         * dfg/DFGByteCodeParser.cpp:
2280         (JSC::DFG::ByteCodeParser::parseBlock):
2281         * dfg/DFGNode.h:
2282         * dfg/DFGNonSpeculativeJIT.cpp:
2283         (JSC::DFG::NonSpeculativeJIT::compile):
2284         * dfg/DFGSpeculativeJIT.cpp:
2285         (JSC::DFG::SpeculativeJIT::compile):
2286
2287 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
2288
2289         Reviewed by Mark Rowe.
2290
2291         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
2292         https://bugs.webkit.org/show_bug.cgi?id=63392
2293         
2294         When both TextPosition.h and XPathGrammar.h are included a compile-error
2295         is caused, since XPathGrammar.h defines a macro called NUMBER and 
2296         TextPosition has a typedef named NUMBER.
2297
2298         * wtf/text/TextPosition.h:
2299         (WTF::TextPosition::TextPosition):
2300         (WTF::TextPosition::minimumPosition):
2301         (WTF::TextPosition::belowRangePosition):
2302
2303 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
2304
2305         Reviewed by Gavin Barraclough.
2306
2307         DFG JIT does not perform put_by_id caching.
2308         https://bugs.webkit.org/show_bug.cgi?id=63409
2309
2310         * bytecode/StructureStubInfo.h:
2311         * dfg/DFGJITCodeGenerator.cpp:
2312         (JSC::DFG::JITCodeGenerator::cachedPutById):
2313         * dfg/DFGJITCodeGenerator.h:
2314         * dfg/DFGJITCompiler.cpp:
2315         (JSC::DFG::JITCompiler::compileFunction):
2316         * dfg/DFGJITCompiler.h:
2317         (JSC::DFG::JITCompiler::addPropertyAccess):
2318         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2319         * dfg/DFGNonSpeculativeJIT.cpp:
2320         (JSC::DFG::NonSpeculativeJIT::compile):
2321         * dfg/DFGOperations.cpp:
2322         * dfg/DFGOperations.h:
2323         * dfg/DFGRepatch.cpp:
2324         (JSC::DFG::dfgRepatchByIdSelfAccess):
2325         (JSC::DFG::tryCacheGetByID):
2326         (JSC::DFG::appropriatePutByIdFunction):
2327         (JSC::DFG::tryCachePutByID):
2328         (JSC::DFG::dfgRepatchPutByID):
2329         * dfg/DFGRepatch.h:
2330         * dfg/DFGSpeculativeJIT.cpp:
2331         (JSC::DFG::SpeculativeJIT::compile):
2332
2333 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
2334
2335         Unreviewed build fix. One more filed missing during distcheck, for
2336         the MIPS build.
2337
2338         * GNUmakefile.list.am:
2339
2340 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
2341
2342         Reviewed by Gavin Barraclough.
2343
2344         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
2345         https://bugs.webkit.org/show_bug.cgi?id=63347
2346
2347         * dfg/DFGNonSpeculativeJIT.cpp:
2348             - Changed arithmetic operations to speculate in favor of integers.
2349         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
2350         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
2351         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2352         (JSC::DFG::NonSpeculativeJIT::compile):
2353         * dfg/DFGNonSpeculativeJIT.h:
2354         * dfg/DFGOperations.cpp:
2355             - Added slow-path routines for arithmetic that perform no speculation; the
2356               non-speculative JIT will generate calls to these in cases where its
2357               speculation fails.
2358         * dfg/DFGOperations.h:
2359
2360 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
2361
2362         Reviewed by Rob Buis.
2363
2364         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2365         https://bugs.webkit.org/show_bug.cgi?id=59085
2366
2367         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2368
2369 2011-06-24  Michael Saboff  <msaboff@apple.com>
2370
2371         Reviewed by Gavin Barraclough.
2372
2373         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
2374         https://bugs.webkit.org/show_bug.cgi?id=63345
2375
2376         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
2377         return 9 and 10 bit quantities, therefore changed their return type from
2378         uint8_t to uint16_t.  Also casted the places where they are used as they
2379         are currently shifted and used as 7 or 8 bit values.
2380
2381         These methods are currently used for literals for stack offsets, 
2382         including creating and destroying stack frames.  The prior truncation of
2383         the upper bits caused stack frames to be too small, thus allowing a
2384         JIT'ed function to access and overwrite stack space outside of the
2385         incorrectly sized stack frame.
2386
2387         * assembler/ARMv7Assembler.h:
2388         (JSC::ARMThumbImmediate::getUInt9):
2389         (JSC::ARMThumbImmediate::getUInt10):
2390         (JSC::ARMv7Assembler::add):
2391         (JSC::ARMv7Assembler::ldr):
2392         (JSC::ARMv7Assembler::str):
2393         (JSC::ARMv7Assembler::sub):
2394         (JSC::ARMv7Assembler::sub_S):
2395
2396 2011-06-24  Michael Saboff  <msaboff@apple.com>
2397
2398         Reviewed by Geoffrey Garen.
2399
2400         releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
2401         https://bugs.webkit.org/show_bug.cgi?id=63015
2402
2403         Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
2404         min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList().  These 
2405         adjustments are a bug.  These need to reflect the pages that are released
2406         in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
2407         Made ReleaseFreeList a member of TCMalloc_PageHeap in the process.  Updated
2408         Check() and helper method CheckList() to check the number of actual free pages
2409         with free_committed_pages_.
2410
2411         The symptom of the problem of the existing code is that the scavenger may
2412         run unneccesarily without any real work to do, i.e. pages on the free lists.
2413         The scanvenger would also end up freeing too many pages, that is going below 
2414         the current 528 target free pages.
2415
2416         Note that the style of the changes was kept consistent with the
2417         existing style.
2418
2419         * wtf/FastMalloc.cpp:
2420         (WTF::TCMalloc_PageHeap::Check):
2421         (WTF::TCMalloc_PageHeap::CheckList):
2422         (WTF::TCMalloc_PageHeap::ReleaseFreeList):
2423
2424 2011-06-24  Abhishek Arya  <inferno@chromium.org>
2425
2426         Reviewed by Darin Adler.
2427
2428         Match other clampTo* functions in style with clampToInteger(float)
2429         function.
2430         https://bugs.webkit.org/show_bug.cgi?id=53449
2431
2432         * wtf/MathExtras.h:
2433         (clampToInteger):
2434         (clampToFloat):
2435         (clampToPositiveInteger):
2436
2437 2011-06-24  Sheriff Bot  <webkit.review.bot@gmail.com>
2438
2439         Unreviewed, rolling out r89594.
2440         http://trac.webkit.org/changeset/89594
2441         https://bugs.webkit.org/show_bug.cgi?id=63316
2442
2443         It broke 5 tests on the Qt bot (Requested by Ossy_DC on
2444         #webkit).
2445
2446         * GNUmakefile.list.am:
2447         * JavaScriptCore.gypi:
2448         * icu/unicode/uscript.h: Removed.
2449         * wtf/unicode/ScriptCodesFromICU.h: Removed.
2450         * wtf/unicode/brew/UnicodeBrew.h:
2451         * wtf/unicode/glib/UnicodeGLib.h:
2452         * wtf/unicode/icu/UnicodeIcu.h:
2453         * wtf/unicode/qt4/UnicodeQt4.h:
2454         * wtf/unicode/wince/UnicodeWinCE.h:
2455
2456 2011-06-23  Filip Pizlo  <fpizlo@apple.com>
2457
2458         Reviewed by Gavin Barraclough.
2459
2460         DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
2461         https://bugs.webkit.org/show_bug.cgi?id=63173
2462
2463         * dfg/DFGJITCodeGenerator.cpp:
2464         (JSC::DFG::JITCodeGenerator::cachedGetById):
2465         * dfg/DFGJITCodeGenerator.h:
2466         * dfg/DFGNonSpeculativeJIT.cpp:
2467         (JSC::DFG::NonSpeculativeJIT::compile):
2468         * dfg/DFGSpeculativeJIT.cpp:
2469         (JSC::DFG::SpeculativeJIT::compile):
2470
2471 2011-06-23  Oliver Hunt  <oliver@apple.com>
2472
2473         Fix Qt again.
2474
2475         * assembler/ARMAssembler.h:
2476         (JSC::ARMAssembler::readPointer):
2477
2478 2011-06-23  Oliver Hunt  <oliver@apple.com>
2479
2480         Fix Qt Build
2481
2482         * assembler/ARMAssembler.h:
2483         (JSC::ARMAssembler::readPointer):
2484
2485 2011-06-23  Stephanie Lewis  <slewis@apple.com>
2486
2487         Reviewed by Darin Adler.
2488
2489         https://bugs.webkit.org/show_bug.cgi?id=63298
2490         Replace Malloc with FastMalloc to match the rest of wtf.
2491
2492         * wtf/BlockStack.h:
2493         (WTF::::~BlockStack):
2494         (WTF::::grow):
2495         (WTF::::shrink):
2496
2497 2011-06-23  Oliver Hunt  <oliver@apple.com>
2498
2499         Reviewed by Gavin Barraclough.
2500
2501         Add the ability to dynamically modify linked call sites
2502         https://bugs.webkit.org/show_bug.cgi?id=63291
2503
2504         Add JITWriteBarrier as a writebarrier class that allows
2505         reading and writing directly into the code stream.
2506
2507         This required adding logic to all the assemblers to allow
2508         us to read values back out of the instruction stream.
2509
2510         * JavaScriptCore.xcodeproj/project.pbxproj:
2511         * assembler/ARMAssembler.h:
2512         (JSC::ARMAssembler::readPointer):
2513         * assembler/ARMv7Assembler.h:
2514         (JSC::ARMv7Assembler::readPointer):
2515         (JSC::ARMv7Assembler::readInt32):
2516         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
2517         (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
2518         * assembler/AbstractMacroAssembler.h:
2519         (JSC::AbstractMacroAssembler::readPointer):
2520         * assembler/MIPSAssembler.h:
2521         (JSC::MIPSAssembler::readInt32):
2522         (JSC::MIPSAssembler::readPointer):
2523         * assembler/MacroAssemblerCodeRef.h:
2524         (JSC::MacroAssemblerCodePtr::operator!):
2525         * assembler/SH4Assembler.h:
2526         (JSC::SH4Assembler::readPCrelativeAddress):
2527         (JSC::SH4Assembler::readPointer):
2528         (JSC::SH4Assembler::readInt32):
2529         * assembler/X86Assembler.h:
2530         (JSC::X86Assembler::readPointer):
2531         * bytecode/CodeBlock.cpp:
2532         (JSC::CodeBlock::visitAggregate):
2533         * bytecode/CodeBlock.h:
2534         (JSC::MethodCallLinkInfo::seenOnce):
2535         (JSC::MethodCallLinkInfo::setSeen):
2536         * heap/MarkStack.h:
2537         * jit/JIT.cpp:
2538         (JSC::JIT::privateCompile):
2539         (JSC::JIT::linkCall):
2540         (JSC::JIT::linkConstruct):
2541         * jit/JITPropertyAccess.cpp:
2542         (JSC::JIT::patchMethodCallProto):
2543         * jit/JITPropertyAccess32_64.cpp:
2544         * jit/JITWriteBarrier.h: Added.
2545         (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
2546         (JSC::JITWriteBarrierBase::operator!):
2547         (JSC::JITWriteBarrierBase::setFlagOnBarrier):
2548         (JSC::JITWriteBarrierBase::isFlagged):
2549         (JSC::JITWriteBarrierBase::setLocation):
2550         (JSC::JITWriteBarrierBase::location):
2551         (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
2552         (JSC::JITWriteBarrierBase::set):
2553         (JSC::JITWriteBarrierBase::get):
2554         (JSC::JITWriteBarrier::JITWriteBarrier):
2555         (JSC::JITWriteBarrier::set):
2556         (JSC::JITWriteBarrier::get):
2557         (JSC::MarkStack::append):
2558
2559 2011-06-23  Gavin Barraclough  <barraclough@apple.com>
2560
2561         Reviewed by Oliver Hunt.
2562
2563         https://bugs.webkit.org/show_bug.cgi?id=61585
2564         Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
2565
2566         This is due to use of int instead of unsigned, bad math around
2567         the 2^31 boundary.
2568
2569         * yarr/YarrInterpreter.cpp:
2570         (JSC::Yarr::ByteCompiler::emitDisjunction):
2571             - Change some uses of int to unsigned, refactor compare logic to
2572               restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
2573         * yarr/YarrJIT.cpp:
2574         (JSC::Yarr::YarrGenerator::generate):
2575         (JSC::Yarr::YarrGenerator::backtrack):
2576             - Ditto.
2577
2578 2011-06-22  Gavin Barraclough  <barraclough@apple.com>
2579
2580         Reviewed by Sam Weinig.
2581
2582         https://bugs.webkit.org/show_bug.cgi?id=63218
2583         DFG JIT - remove machine type guarantees from graph
2584
2585         The DFG JIT currently makes assumptions about the types of machine registers
2586         that certain nodes will be loaded into. This will be broken as we generate
2587         nodes to produce both integer and double code paths. Remove int<->double
2588         conversions nodes. This design decision also gave rise to multiple types of
2589         constant nodes, requiring separate handling for each type. Merge these back
2590         into JSConstant.
2591
2592         * dfg/DFGAliasTracker.h:
2593         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
2594         * dfg/DFGByteCodeParser.cpp:
2595         (JSC::DFG::ByteCodeParser::getToInt32):
2596         (JSC::DFG::ByteCodeParser::getToNumber):
2597         (JSC::DFG::ByteCodeParser::toInt32):
2598         (JSC::DFG::ByteCodeParser::toNumber):
2599         (JSC::DFG::ByteCodeParser::isInt32Constant):
2600         (JSC::DFG::ByteCodeParser::isDoubleConstant):
2601         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2602         (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
2603         (JSC::DFG::ByteCodeParser::one):
2604         (JSC::DFG::ByteCodeParser::predictInt32):
2605         * dfg/DFGGraph.cpp:
2606         (JSC::DFG::Graph::dump):
2607         * dfg/DFGJITCodeGenerator.h:
2608         (JSC::DFG::JITCodeGenerator::silentFillGPR):
2609         (JSC::DFG::JITCodeGenerator::silentFillFPR):
2610         (JSC::DFG::JITCodeGenerator::isJSConstant):
2611         (JSC::DFG::JITCodeGenerator::isDoubleConstant):
2612         (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
2613         * dfg/DFGJITCompiler.cpp:
2614         (JSC::DFG::JITCompiler::fillNumericToDouble):
2615         (JSC::DFG::JITCompiler::fillInt32ToInteger):
2616         * dfg/DFGJITCompiler.h:
2617         (JSC::DFG::JITCompiler::isJSConstant):
2618         (JSC::DFG::JITCompiler::isInt32Constant):
2619         (JSC::DFG::JITCompiler::isDoubleConstant):
2620         (JSC::DFG::JITCompiler::valueOfJSConstant):
2621         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2622         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2623         * dfg/DFGNode.h:
2624         (JSC::DFG::Node::Node):
2625         (JSC::DFG::Node::isConstant):
2626         (JSC::DFG::Node::notTakenBytecodeOffset):
2627         * dfg/DFGNonSpeculativeJIT.cpp:
2628         (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
2629         (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
2630         (JSC::DFG::NonSpeculativeJIT::compile):
2631         * dfg/DFGSpeculativeJIT.cpp:
2632         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2633         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2634         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2635         (JSC::DFG::SpeculativeJIT::compile):
2636
2637 2011-06-23  Jungshik Shin  <jshin@chromium.org>
2638
2639         Reviewed by Alexey Proskuryakov.
2640
2641         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
2642         build files for ports not using ICU.
2643         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
2644         ICU 3.6 (the version used on Mac OS 10.5)
2645
2646         http://bugs.webkit.org/show_bug.cgi?id=20797
2647
2648         * GNUmakefile.list.am:
2649         * JavaScriptCore.gypi:
2650         * icu/unicode/uscript.h: Added for UScriptCode enum.
2651         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
2652         * wtf/unicode/icu/UnicodeIcu.h:
2653         * wtf/unicode/brew/UnicodeBrew.h:
2654         * wtf/unicode/glib/UnicodeGLib.h:
2655         * wtf/unicode/qt4/UnicodeQt4.h:
2656         * wtf/unicode/wince/UnicodeWinCE.h:
2657
2658 2011-06-23  Ryuan Choi  <ryuan.choi@samsung.com>
2659
2660         Reviewed by Andreas Kling.
2661
2662         [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
2663         https://bugs.webkit.org/show_bug.cgi?id=63228
2664
2665         * wtf/Platform.h: Add PLATFORM(EFL) guard.
2666
2667 2011-06-23  Sheriff Bot  <webkit.review.bot@gmail.com>
2668
2669         Unreviewed, rolling out r89547.
2670         http://trac.webkit.org/changeset/89547
2671         https://bugs.webkit.org/show_bug.cgi?id=63252
2672
2673         "Chrmium crash on start" (Requested by yurys on #webkit).
2674
2675         * wtf/DynamicAnnotations.cpp:
2676         (WTFAnnotateBenignRaceSized):
2677         (WTFAnnotateHappensBefore):
2678         (WTFAnnotateHappensAfter):
2679         * wtf/DynamicAnnotations.h:
2680
2681 2011-06-23  Timur Iskhodzhanov  <timurrrr@google.com>
2682
2683         Reviewed by David Levin.
2684
2685         Make dynamic annotations weak symbols and prevent identical code folding by the linker
2686         https://bugs.webkit.org/show_bug.cgi?id=62443
2687
2688         * wtf/DynamicAnnotations.cpp:
2689         (WTFAnnotateBenignRaceSized):
2690         (WTFAnnotateHappensBefore):
2691         (WTFAnnotateHappensAfter):
2692         * wtf/DynamicAnnotations.h:
2693
2694 2011-06-22  Yael Aharon  <yael.aharon@nokia.com>
2695
2696         Reviewed by Andreas Kling.
2697
2698         [Qt] Add a build flag for building with libxml2 and libxslt.
2699         https://bugs.webkit.org/show_bug.cgi?id=63113
2700
2701         * wtf/Platform.h:
2702
2703 2011-06-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2704
2705         Unreviewed, rolling out r89489.
2706         http://trac.webkit.org/changeset/89489
2707         https://bugs.webkit.org/show_bug.cgi?id=63203
2708
2709         Broke chromium mac build on build.webkit.org (Requested by
2710         abarth on #webkit).
2711
2712         * wtf/Platform.h:
2713
2714 2011-06-22  Cary Clark  <caryclark@google.com>
2715
2716         Reviewed by Darin Fisher.
2717
2718         Use Skia if Skia on Mac Chrome is enabled
2719         https://bugs.webkit.org/show_bug.cgi?id=62999
2720
2721         * wtf/Platform.h:
2722         Add switch to use Skia if, externally,
2723         Skia has been enabled by a gyp define.
2724
2725 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2726
2727         Reviewed by Oliver Hunt.
2728
2729         * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
2730
2731 2011-06-22  Geoffrey Garen  <ggaren@apple.com>
2732
2733         Reviewed by Oliver Hunt.
2734
2735         Removed the conceit that global variables are local variables when running global code
2736         https://bugs.webkit.org/show_bug.cgi?id=63106
2737         
2738         This is required for write barrier correctness.
2739         
2740         SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
2741         I was able to reduce the regression with a tiny peephole optimization in
2742         the bytecompiler, but not eliminate it. I'm committing this assuming
2743         that turning on generational GC will win back at least 0.5%.
2744
2745         (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
2746         the global object's var storage. I considered doing the same kind of
2747         optimization in the existing JIT, but it seemed like moving in the wrong
2748         direction.)
2749
2750         * bytecompiler/BytecodeGenerator.cpp:
2751         (JSC::BytecodeGenerator::addGlobalVar):
2752         (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
2753         negative indices, since they're no longer negatively offset from the
2754         current stack frame.
2755         
2756         Do give global variables monotonically increasing positive indices, since
2757         that's much easier to work with.
2758         
2759         Don't limit the number of optimizable global variables, since it's no
2760         longer limited by the register file, since they're no longer stored in
2761         the register file.
2762
2763         (JSC::BytecodeGenerator::registerFor): Global code never has any local
2764         registers because a var in global code is actually a property of the
2765         global object.
2766
2767         (JSC::BytecodeGenerator::constRegisterFor): Ditto.
2768
2769         (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
2770         propagation and dead code elimination to speed up our compiles and
2771         reduce WTFs / minute.
2772
2773         * bytecompiler/BytecodeGenerator.h:
2774         (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
2775
2776         (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
2777         global code, since there are none.
2778
2779         (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
2780         in global code (i.e., global vars), since there are some.
2781
2782         * interpreter/Interpreter.cpp:
2783         (JSC::Interpreter::callEval):
2784         (JSC::Interpreter::Interpreter):
2785         (JSC::Interpreter::dumpRegisters):
2786         (JSC::Interpreter::execute):
2787         * interpreter/Interpreter.h: Updated for deleted / renamed code.
2788
2789         * interpreter/RegisterFile.cpp:
2790         (JSC::RegisterFile::gatherConservativeRoots):
2791         (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
2792         data members.
2793
2794         * interpreter/RegisterFile.h:
2795         (JSC::RegisterFile::begin):
2796         (JSC::RegisterFile::size):
2797         (JSC::RegisterFile::RegisterFile):
2798         (JSC::RegisterFile::shrink): Removed all code and comments dealing with
2799         global variables stored in the register file.
2800
2801         (JSC::RegisterFile::grow): Updated for same.
2802         
2803         Also, a slight correctness fix: Test the VM commit end, and not just the
2804         in-use end, when checking for stack overflow. In theory, it's invalid to
2805         commit past the end of your allocation, even if you never touch that
2806         memory. This makes the usable size of the stack slightly smaller. No test
2807         because we don't know of any case in practice where this crashes.
2808
2809         * runtime/JSGlobalData.cpp:
2810         (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
2811
2812         * runtime/JSGlobalObject.cpp:
2813         (JSC::JSGlobalObject::resizeRegisters):
2814         (JSC::JSGlobalObject::addStaticGlobals):
2815         * runtime/JSGlobalObject.h: Simplified globals to have monotonically 
2816         increasing indexes, always located in our external storage.
2817
2818 2011-06-21  MORITA Hajime  <morrita@google.com>
2819
2820         Unreviewed, rolling out r89401 and r89403.
2821         http://trac.webkit.org/changeset/89401
2822         http://trac.webkit.org/changeset/89403
2823         https://bugs.webkit.org/show_bug.cgi?id=62970
2824
2825         Breaks mac build and mistakenly enables the spellcheck API
2826
2827         * Configurations/FeatureDefines.xcconfig:
2828         * JavaScriptCore.xcodeproj/project.pbxproj:
2829
2830 2011-06-21  Kent Tamura  <tkent@chromium.org>
2831
2832         [Mac] Sort Xcode project files.
2833
2834         * JavaScriptCore.xcodeproj/project.pbxproj:
2835
2836 2011-06-20  MORITA Hajime  <morrita@google.com>
2837
2838         Reviewed by Kent Tamura.
2839
2840         Spellcheck API should be build-able.
2841         https://bugs.webkit.org/show_bug.cgi?id=62970
2842
2843         No new tests, changing only build related files
2844         
2845         * Configurations/FeatureDefines.xcconfig:
2846
2847 2011-06-21  Geoffrey Garen  <ggaren@apple.com>
2848
2849         Reviewed by Oliver Hunt.
2850
2851         Moved 'const' off the global-variable-as-local-variable crack pipe
2852         https://bugs.webkit.org/show_bug.cgi?id=63105
2853         
2854         This is necessary for moving the rest of the code off of same.
2855         
2856         Many problems remain in our handling of const. I have fixed none of them.
2857
2858         * bytecompiler/BytecodeGenerator.h:
2859         (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
2860         const to directly implement its unique scoping rules.
2861
2862         * bytecompiler/NodesCodegen.cpp:
2863         (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
2864         for writing, so we don't overwrite const variables.
2865
2866         (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
2867         variables are available as local variables, since this won't be the case
2868         once global variables are not available as local variables. Instead, use
2869         put_scoped_var in the case where there is no local variable. Like a local
2870         variable, put_scoped_var succeeds even though const properties are
2871         read-only, since put_scoped_var skips read-only checks. (Yay?)
2872
2873 2011-06-21  Oliver Hunt  <oliver@apple.com>
2874
2875         Reviewed by Alexey Proskuryakov.
2876
2877         REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
2878         https://bugs.webkit.org/show_bug.cgi?id=63052
2879
2880         Release mode only failure, the stack overflow guards were getting there error
2881         handling inlined, so that they were essentially causing their own demise.
2882
2883         * parser/JSParser.cpp:
2884         (JSC::JSParser::updateErrorMessage):
2885         (JSC::JSParser::updateErrorWithNameAndMessage):
2886
2887 2011-06-20  Kenneth Russell  <kbr@google.com>
2888
2889         Unreviewed.
2890
2891         Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
2892         https://bugs.webkit.org/show_bug.cgi?id=63022
2893
2894         * wtf/Platform.h:
2895
2896 2011-06-18  Anders Carlsson  <andersca@apple.com>
2897
2898         Reviewed by Darin Adler.
2899
2900         Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
2901         https://bugs.webkit.org/show_bug.cgi?id=62940
2902
2903         Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
2904
2905         * wtf/PassOwnArrayPtr.h:
2906         (WTF::PassOwnArrayPtr::operator=):
2907         * wtf/PassOwnPtr.h:
2908         (WTF::PassOwnPtr::operator=):
2909         * wtf/PassRefPtr.h:
2910         (WTF::PassRefPtr::operator=):
2911         (WTF::NonNullPassRefPtr::operator=):
2912
2913 2011-06-20  Oliver Hunt  <oliver@apple.com>
2914
2915         Reviewed by Darin Adler.
2916
2917         REGRESSION (r79060): Searching for a flight at united.com fails
2918         https://bugs.webkit.org/show_bug.cgi?id=63003
2919
2920         This original change also broke Twitter, and we attempted to refine the fix to 
2921         address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
2922         we need to revert the change until we understand the problem better.
2923
2924         * wtf/DateMath.cpp:
2925         (WTF::parseDateFromNullTerminatedCharacters):
2926
2927 2011-06-20  Juan C. Montemayor  <jmont@apple.com>
2928
2929         Reviewed by Oliver Hunt.
2930
2931         No context for javascript parse errors.
2932         https://bugs.webkit.org/show_bug.cgi?id=62613
2933         
2934         Parse errors now show more details like:
2935         "Unexpected token: ]"
2936         or
2937         "Expected token: while"
2938         
2939         For reserved names, numbers, indentifiers, strings, lexer errors, 
2940         and EOFs, the following error messages are printed:
2941         
2942         "Use of reserved word: super"
2943         "Unexpected number: 42"
2944         "Unexpected identifier: "
2945         "Unexpected string: "foobar""
2946         "Invalid token character sequence: \u4023"
2947         "Unexpected EOF"
2948
2949         * parser/JSParser.cpp:
2950         (JSC::JSParser::consume):
2951         (JSC::JSParser::getToken):
2952         (JSC::JSParser::getTokenName):
2953         (JSC::JSParser::updateErrorMessageSpecialCase):
2954         (JSC::JSParser::updateErrorMessage):
2955         (JSC::JSParser::updateErrorWithNameAndMessage):
2956         (JSC::jsParse):
2957         (JSC::JSParser::JSParser):
2958         (JSC::JSParser::parseProgram):
2959         (JSC::JSParser::parseVarDeclarationList):
2960         (JSC::JSParser::parseForStatement):
2961         (JSC::JSParser::parseBreakStatement):
2962         (JSC::JSParser::parseContinueStatement):
2963         (JSC::JSParser::parseWithStatement):
2964         (JSC::JSParser::parseTryStatement):
2965         (JSC::JSParser::parseStatement):
2966         (JSC::JSParser::parseFormalParameters):
2967         (JSC::JSParser::parseFunctionInfo):
2968         (JSC::JSParser::parseAssignmentExpression):
2969         (JSC::JSParser::parsePrimaryExpression):
2970         (JSC::JSParser::parseMemberExpression):
2971         (JSC::JSParser::parseUnaryExpression):
2972         * parser/JSParser.h:
2973         * parser/Lexer.cpp:
2974         (JSC::Lexer::lex):
2975         * parser/Parser.cpp:
2976         (JSC::Parser::parse):
2977
2978 2011-06-20  Nikolas Zimmermann  <nzimmermann@rim.com>
2979
2980         Reviewed by Rob Buis.
2981
2982         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
2983         https://bugs.webkit.org/show_bug.cgi?id=59085
2984
2985         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
2986
2987 2011-06-19  Oliver Hunt  <oliver@apple.com>
2988
2989         Reviewed by Sam Weinig.
2990
2991         Correct logic for putting errors on the correct line when handling JSONP
2992         https://bugs.webkit.org/show_bug.cgi?id=62962
2993
2994         Minor fix for the minor fix.  *sigh*
2995
2996         * interpreter/Interpreter.cpp:
2997         (JSC::Interpreter::execute):
2998
2999 2011-06-19  Oliver Hunt  <oliver@apple.com>
3000
3001         Minor fix to correct layout test results.
3002
3003         * interpreter/Interpreter.cpp:
3004         (JSC::Interpreter::execute):
3005
3006 2011-06-17  Oliver Hunt  <oliver@apple.com>
3007
3008         Reviewed by Gavin Barraclough.
3009
3010         JSONP is unnecessarily slow
3011         https://bugs.webkit.org/show_bug.cgi?id=62920
3012
3013         JSONP has unfortunately become a fairly common idiom online, yet
3014         it triggers very poor performance in JSC as we end up doing codegen
3015         for a large number of property accesses that will
3016            * only be run once, so the vast amount of logic we dump to handle
3017              caching of accesses is unnecessary.
3018            * We are doing codegen that is directly proportional to just
3019              creating the object in the first place.
3020
3021         This patch extends the use of the literal parser to JSONP-like structures
3022         in global code, handling a number of different forms I have seen online.
3023         In an extreme case this improves performance of JSONP by more than 2x
3024         due to removal of code generation and execution time, and a few optimisations
3025         that I made to the parser itself.
3026
3027         * API/JSValueRef.cpp:
3028         (JSValueMakeFromJSONString):
3029         * interpreter/Interpreter.cpp:
3030         (JSC::Interpreter::callEval):
3031         (JSC::Interpreter::execute):
3032         * parser/Lexer.cpp:
3033         (JSC::Lexer::isKeyword):
3034         * parser/Lexer.h:
3035         * runtime/JSGlobalObjectFunctions.cpp:
3036         (JSC::globalFuncEval):
3037         * runtime/JSONObject.cpp:
3038         (JSC::JSONProtoFuncParse):
3039         * runtime/LiteralParser.cpp:
3040         (JSC::LiteralParser::tryJSONPParse):
3041         (JSC::LiteralParser::makeIdentifier):
3042         (JSC::LiteralParser::Lexer::lex):
3043         (JSC::LiteralParser::Lexer::next):
3044         (JSC::isSafeStringCharacter):
3045         (JSC::LiteralParser::Lexer::lexString):
3046         (JSC::LiteralParser::Lexer::lexNumber):
3047         (JSC::LiteralParser::parse):
3048         * runtime/LiteralParser.h:
3049         (JSC::LiteralParser::LiteralParser):
3050         (JSC::LiteralParser::tryLiteralParse):
3051         (JSC::LiteralParser::Lexer::Lexer):
3052
3053 2011-06-18  Sheriff Bot  <webkit.review.bot@gmail.com>
3054
3055         Unreviewed, rolling out r89184.
3056         http://trac.webkit.org/changeset/89184
3057         https://bugs.webkit.org/show_bug.cgi?id=62927
3058
3059         It broke 22 tests on all bot (Requested by Ossy_weekend on
3060         #webkit).
3061
3062         * API/JSValueRef.cpp:
3063         (JSValueMakeFromJSONString):
3064         * interpreter/Interpreter.cpp:
3065         (JSC::Interpreter::callEval):
3066         (JSC::Interpreter::execute):
3067         * parser/Lexer.cpp:
3068         * parser/Lexer.h:
3069         * runtime/JSGlobalObjectFunctions.cpp:
3070         (JSC::globalFuncEval):
3071         * runtime/JSONObject.cpp:
3072         (JSC::JSONProtoFuncParse):
3073         * runtime/LiteralParser.cpp:
3074         (JSC::LiteralParser::Lexer::lex):
3075         (JSC::isSafeStringCharacter):
3076         (JSC::LiteralParser::Lexer::lexString):
3077         (JSC::LiteralParser::Lexer::lexNumber):
3078         (JSC::LiteralParser::parse):
3079         * runtime/LiteralParser.h:
3080         (JSC::LiteralParser::LiteralParser):
3081         (JSC::LiteralParser::tryLiteralParse):
3082         (JSC::LiteralParser::Lexer::Lexer):
3083         (JSC::LiteralParser::Lexer::next):
3084
3085 2011-06-17  Oliver Hunt  <oliver@apple.com>
3086
3087         Reviewed by Gavin Barraclough.
3088
3089         JSONP is unnecessarily slow
3090         https://bugs.webkit.org/show_bug.cgi?id=62920
3091
3092         JSONP has unfortunately become a fairly common idiom online, yet
3093         it triggers very poor performance in JSC as we end up doing codegen
3094         for a large number of property accesses that will
3095            * only be run once, so the vast amount of logic we dump to handle
3096              caching of accesses is unnecessary.
3097            * We are doing codegen that is directly proportional to just
3098              creating the object in the first place.
3099
3100         This patch extends the use of the literal parser to JSONP-like structures
3101         in global code, handling a number of different forms I have seen online.
3102         In an extreme case this improves performance of JSONP by more than 2x
3103         due to removal of code generation and execution time, and a few optimisations
3104         that I made to the parser itself.
3105
3106         * API/JSValueRef.cpp:
3107         (JSValueMakeFromJSONString):
3108         * interpreter/Interpreter.cpp:
3109         (JSC::Interpreter::callEval):
3110         (JSC::Interpreter::execute):
3111         * parser/Lexer.cpp:
3112         (JSC::Lexer::isKeyword):
3113         * parser/Lexer.h:
3114         * runtime/JSGlobalObjectFunctions.cpp:
3115         (JSC::globalFuncEval):
3116         * runtime/JSONObject.cpp:
3117         (JSC::JSONProtoFuncParse):
3118         * runtime/LiteralParser.cpp:
3119         (JSC::LiteralParser::tryJSONPParse):
3120         (JSC::LiteralParser::makeIdentifier):
3121         (JSC::LiteralParser::Lexer::lex):
3122         (JSC::LiteralParser::Lexer::next):
3123         (JSC::isSafeStringCharacter):
3124         (JSC::LiteralParser::Lexer::lexString):
3125         (JSC::LiteralParser::Lexer::lexNumber):
3126         (JSC::LiteralParser::parse):
3127         * runtime/LiteralParser.h:
3128         (JSC::LiteralParser::LiteralParser):
3129         (JSC::LiteralParser::tryLiteralParse):
3130         (JSC::LiteralParser::Lexer::Lexer):
3131
3132 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
3133
3134         Reviewed by Oliver Hunt.
3135
3136         Moved some property access JIT code into property access JIT files
3137         https://bugs.webkit.org/show_bug.cgi?id=62906
3138
3139         * jit/JITOpcodes.cpp:
3140         * jit/JITOpcodes32_64.cpp:
3141         * jit/JITPropertyAccess.cpp:
3142         (JSC::JIT::emitSlow_op_put_by_val):
3143         (JSC::JIT::emit_op_get_scoped_var):
3144         (JSC::JIT::emit_op_put_scoped_var):
3145         (JSC::JIT::emit_op_get_global_var):
3146         (JSC::JIT::emit_op_put_global_var):
3147         * jit/JITPropertyAccess32_64.cpp:
3148         (JSC::JIT::emit_op_get_scoped_var):
3149         (JSC::JIT::emit_op_put_scoped_var):
3150         (JSC::JIT::emit_op_get_global_var):
3151         (JSC::JIT::emit_op_put_global_var):
3152
3153 2011-06-17  Anders Carlsson  <andersca@apple.com>
3154
3155         Build fix.
3156
3157         * JavaScriptCore.xcodeproj/project.pbxproj:
3158
3159 2011-06-17  Geoffrey Garen  <ggaren@apple.com>
3160
3161         Try to fix the Leopard build?
3162
3163         * JavaScriptCore.xcodeproj/project.pbxproj:
3164
3165 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3166
3167         Reviewed by Oliver Hunt.
3168
3169         Added some write barrier action, compiled out by default
3170         https://bugs.webkit.org/show_bug.cgi?id=62844
3171
3172         * JavaScriptCore.exp: Build!
3173
3174         * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
3175         issue with Heap.cpp.
3176
3177         * heap/Heap.cpp:
3178         (JSC::Heap::writeBarrierSlowCase):
3179         * heap/Heap.h:
3180         (JSC::Heap::writeBarrier):
3181         * heap/MarkedBlock.h:
3182         (JSC::MarkedBlock::isAtomAligned):
3183         (JSC::MarkedBlock::blockFor):
3184         (JSC::MarkedBlock::atomNumber):
3185         (JSC::MarkedBlock::ownerSetNumber):
3186         (JSC::MarkedBlock::addOldSpaceOwner):
3187         (JSC::MarkedBlock::OwnerSet::OwnerSet):
3188         (JSC::MarkedBlock::OwnerSet::add):
3189         (JSC::MarkedBlock::OwnerSet::clear):
3190         (JSC::MarkedBlock::OwnerSet::size):
3191         (JSC::MarkedBlock::OwnerSet::didOverflow):
3192         (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
3193         tracks owners for regions within blocks. Currently unused.
3194
3195 2011-06-17  Raphael Kubo da Costa  <kubo@profusion.mobi>
3196
3197         Reviewed by Eric Seidel.
3198
3199         [EFL] Add some OwnPtr specializations for EFL types.
3200         For now there are specializations for Ecore_Evas and Evas_Object.
3201         https://bugs.webkit.org/show_bug.cgi?id=62877
3202
3203         * wtf/CMakeListsEfl.txt:
3204         * wtf/OwnPtrCommon.h:
3205         * wtf/efl/OwnPtrEfl.cpp: Added.
3206         (WTF::deleteOwnedPtr):
3207
3208 2011-06-17  Joone Hur  <joone.hur@collabora.co.uk>
3209
3210         Reviewed by Martin Robinson.
3211
3212         [GTK] Replace GdkRectangle by cairo_rectangle_int_t
3213         https://bugs.webkit.org/show_bug.cgi?id=60687
3214
3215         Replace GdkRectangle by cairo_rectangle_int_t.
3216
3217         * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
3218
3219 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3220
3221         Reviewed by Oliver Hunt.
3222
3223         https://bugs.webkit.org/show_bug.cgi?id=53014
3224         ES5 strict mode keyword restrictions aren't implemented
3225
3226         The following are future restricted words is strict mode code:
3227             implements, interface, let, package, private, protected, public, static, yield
3228
3229         * parser/JSParser.h:
3230             - Add RESERVED_IF_STRICT token.
3231         * parser/Keywords.table:
3232             - Add new future restricted words.
3233         * parser/Lexer.cpp:
3234         (JSC::Lexer::parseIdentifier):
3235             - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
3236         (JSC::Lexer::lex):
3237             - Pass strictMode flag to parseIdentifier.
3238         * parser/Lexer.h:
3239             - parseIdentifier needs a strictMode flag.
3240         * runtime/CommonIdentifiers.h:
3241             - Add identifiers for new reserved words.
3242
3243 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3244
3245         Reviewed by Oliver Hunt.
3246
3247         https://bugs.webkit.org/show_bug.cgi?id=23611
3248         Multiline Javascript comments cause incorrect parsing of following script.
3249
3250         From the spec:
3251         "A MultiLineComment [is] simply discarded if it contains no line terminator,
3252         but if a MultiLineComment contains one or more line terminators, then it is
3253         replaced with a single line terminator, which becomes part of the stream of
3254         inputs for the syntactic grammar." 
3255
3256         This may result in behavioural changes, due to automatic semicolon insertion.
3257
3258         * parser/Lexer.cpp:
3259         (JSC::Lexer::parseMultilineComment):
3260             - Set m_terminator is we see a line terminator in a multiline comment.
3261
3262 2011-06-16  Gavin Barraclough  <barraclough@apple.com>
3263
3264         Reviewed by Sam Weinig.
3265
3266         https://bugs.webkit.org/show_bug.cgi?id=62824
3267         DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
3268
3269         CompareEq of non-integer values is the most common cause of speculation failure.
3270
3271         * dfg/DFGSpeculativeJIT.cpp:
3272         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
3273             - Support Equals.
3274         (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
3275             - new! - peephole optimized Eq of JSValues.
3276         (JSC::DFG::SpeculativeJIT::compile):
3277             - Add peephole optimization for CompareEq.
3278         * dfg/DFGSpeculativeJIT.h:
3279         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3280             - Add support for dead nodes between compare & branch.
3281         (JSC::DFG::SpeculativeJIT::isInteger):
3282             - Added to determine which form of peephole to do in CompareEq.
3283
3284 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3285
3286         Try to fix the Windows build.
3287
3288         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
3289         symbol.
3290
3291         * bytecode/EvalCodeCache.h:
3292         * heap/HandleHeap.h:
3293         * heap/HeapRootVisitor.h:
3294         * heap/NewSpace.h:
3295         * runtime/ArgList.h:
3296         * runtime/ScopeChain.h:
3297         * runtime/SmallStrings.h:
3298         * runtime/Structure.h: Stop forward-declaring things that don't really
3299         exist anymore.
3300
3301 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3302
3303         Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
3304         project while crossing my fingers and facing west.
3305
3306         * JavaScriptCore.xcodeproj/project.pbxproj:
3307
3308 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3309
3310         Build fix: Removed an incorrect symbol on Windows.
3311
3312         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3313
3314 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3315
3316         Build fix: Removed an accidental commit from the future.
3317
3318         * CMakeLists.txt:
3319
3320 2011-06-16  Geoffrey Garen  <ggaren@apple.com>
3321
3322         Reviewed by Oliver Hunt.
3323
3324         Introduced SlotVisitor into the project
3325         https://bugs.webkit.org/show_bug.cgi?id=62820
3326         
3327         This resolves a class vs typedef forward declaration issue, and gives all
3328         exported symbols the correct names.
3329
3330         * CMakeLists.txt:
3331         * GNUmakefile.list.am:
3332         * JavaScriptCore.exp:
3333         * JavaScriptCore.gypi:
3334         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3335         * JavaScriptCore.xcodeproj/project.pbxproj: Build!
3336
3337         * bytecode/EvalCodeCache.h:
3338         * heap/HandleHeap.h:
3339         * heap/Heap.cpp:
3340         (JSC::Heap::Heap):
3341         (JSC::Heap::markRoots):
3342         * heap/Heap.h:
3343         * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
3344         clients operate on a MarkStack.
3345
3346         * heap/MarkStack.cpp:
3347         (JSC::SlotVisitor::visitChildren):
3348         (JSC::SlotVisitor::drain):
3349         * heap/SlotVisitor.h: Added.
3350         (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
3351         inheritance to give SlotVisitor all the attributes of MarkStack without
3352         making this change giant. Over time, we will move more behavior into
3353         SlotVisitor and its subclasses.
3354
3355         * heap/MarkStack.h:
3356         * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
3357         clients operate on a MarkStack.
3358
3359         * runtime/ArgList.h:
3360         * runtime/JSCell.h:
3361         * runtime/JSObject.h:
3362         * runtime/ScopeChain.h:
3363         * runtime/SmallStrings.h:
3364         * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
3365         clients operate on a MarkStack.
3366
3367 2011-06-15  Oliver Hunt  <oliver@apple.com>
3368
3369         Reviewed by Geoffrey Garen.
3370
3371         Reduce memory usage of resolve_global
3372         https://bugs.webkit.org/show_bug.cgi?id=62765
3373
3374         If we have a large number of resolve_globals in a single
3375         block start planting plain resolve instructions instead 
3376         whenever we aren't in a loop.  This allows us to reduce
3377         the code size for extremely large functions without
3378         losing the performance benefits of op_resolve_global.
3379
3380         * bytecode/CodeBlock.h:
3381         (JSC::CodeBlock::globalResolveInfoCount):
3382         * bytecompiler/BytecodeGenerator.cpp:
3383         (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
3384         (JSC::BytecodeGenerator::emitResolve):
3385         (JSC::BytecodeGenerator::emitResolveWithBase):
3386         * bytecompiler/BytecodeGenerator.h:
3387
3388 2011-06-16  Qi Zhang  <qi.2.zhang@nokia.com>
3389
3390         Reviewed by Laszlo Gombos.
3391
3392         [Qt] Fix building with CONFIG(use_system_icu)
3393         https://bugs.webkit.org/show_bug.cgi?id=62744
3394
3395         Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
3396
3397         * wtf/Platform.h:
3398
3399 2011-06-15  Darin Adler  <darin@apple.com>
3400
3401         Reviewed by Adam Barth.
3402
3403         Remove obsolete LOOSE_OWN_PTR code
3404         https://bugs.webkit.org/show_bug.cgi?id=59909
3405
3406         The internal Apple dependency on this is gone now.
3407
3408         * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
3409         set function that takes a raw pointer.
3410
3411         * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
3412         set functino that takes a raw pointer.
3413
3414         * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
3415         and assignment operator that takes a nullptr unconditional.
3416         Made constructor that takes a raw pointer private and explicit,
3417         and removed assignment operator that takes a raw pointer.
3418
3419         * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
3420         unconditional. Made constructor that takes a raw pointer private
3421         and explicit, and removed assignment operator that takes a raw pointer.
3422
3423 2011-06-15  Sam Weinig  <sam@webkit.org>
3424
3425         Reviewed by Geoffrey Garen and Gavin Barraclough.
3426
3427         Make access-nseive ~9x faster on the non-speculative path by
3428         adding special casing for doubles that can lossless-ly be converted
3429         to a uint32_t in getByVal and putByVal. This avoids calls to stringification
3430         and the hash lookup.  Long term, we should try and get property of a getByVal
3431         and putByVal to be an integer immediate even in the non-speculative path.
3432
3433         * dfg/DFGOperations.cpp:
3434         (JSC::DFG::putByVal):
3435         (JSC::DFG::operationPutByValInternal):
3436
3437 2011-06-15  Oliver Hunt  <oliver@apple.com>
3438
3439         Reviewed by Darin Adler.
3440
3441         REGRESSION (r88719): 5by5.tv schedule is not visible
3442         https://bugs.webkit.org/show_bug.cgi?id=62720
3443
3444         Problem here is that the lexer wasn't considering '$' to be
3445         a valid character in an identifier.
3446
3447         * parser/Lexer.h:
3448         (JSC::Lexer::lexExpectIdentifier):
3449
3450 2011-06-15  Oliver Hunt  <oliver@apple.com>
3451
3452         Reviewed by Sam Weinig.