Fix incorrect path for libWTF.a in Mac project file.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-04-01  Darin Adler  <darin@apple.com>
2
3         Fix incorrect path for libWTF.a in Mac project file.
4
5         * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that
6         would cause other configurations to try to link with the "Release" version of
7         libWTF.a instead of the correct version.
8
9 2012-03-29  Filip Pizlo  <fpizlo@apple.com>
10
11         DFG should optimize a==b for a being an object and b being either an object or
12         null/undefined, and vice versa
13         https://bugs.webkit.org/show_bug.cgi?id=82656
14
15         Reviewed by Oliver Hunt.
16         
17         Implements additional object equality optimizations for the case that one
18         operand is predicted to be an easily speculated object (like FinalObject or
19         Array) and the other is either an easily speculated object or Other, i.e.
20         Null or Undefined.
21         
22         2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8.
23         
24         I also took the opportunity to clean up the control flow for the speculation
25         decisions in the various Compare opcodes. And to fix a build bug in SamplingTool.
26         And to remove debug cruft I stupidly committed in my last patch.
27         
28         * bytecode/SamplingTool.h:
29         (SamplingRegion):
30         * dfg/DFGAbstractState.cpp:
31         (JSC::DFG::AbstractState::execute):
32         * dfg/DFGOperations.cpp:
33         * dfg/DFGSpeculativeJIT.cpp:
34         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
35         (JSC::DFG::SpeculativeJIT::compare):
36         * dfg/DFGSpeculativeJIT.h:
37         (SpeculativeJIT):
38         * dfg/DFGSpeculativeJIT32_64.cpp:
39         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
40         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
41         (DFG):
42         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
43         * dfg/DFGSpeculativeJIT64.cpp:
44         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
45         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
46         (DFG):
47         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
48
49 2012-03-30  David Barr  <davidbarr@chromium.org>
50
51         Split up top-level .gitignore and .gitattributes
52         https://bugs.webkit.org/show_bug.cgi?id=82687
53
54         Reviewed by Tor Arne Vestbø.
55
56         * JavaScriptCore.gyp/.gitignore: Added.
57
58 2012-03-30  Steve Falkenburg  <sfalken@apple.com>
59
60         Windows (make based) build fix.
61
62         * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them.
63
64 2012-03-30  Keishi Hattori  <keishi@webkit.org>
65
66         Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium
67         https://bugs.webkit.org/show_bug.cgi?id=80972
68
69         Reviewed by Kent Tamura.
70
71         * Configurations/FeatureDefines.xcconfig:
72
73 2012-03-29  Mark Hahnenberg  <mhahnenberg@apple.com>
74
75         Refactor recompileAllJSFunctions() to be less expensive
76         https://bugs.webkit.org/show_bug.cgi?id=80330
77
78         Reviewed by Filip Pizlo.
79
80         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
81         load performance, which currently does at least a couple full GCs per navigation.
82
83         * heap/Heap.cpp:
84         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
85         because the function doesn't actually recompile anything (and never did); it simply throws code
86         away for it to be recompiled later if we determine we should do so.
87         (JSC):
88         (JSC::Heap::collectAllGarbage):
89         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
90         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
91         * heap/Heap.h:
92         (JSC):
93         (Heap):
94         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
95         be used in DoublyLinkedLists.
96         (JSC::FunctionExecutable::FunctionExecutable):
97         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
98         * runtime/Executable.h:
99         (FunctionExecutable):
100         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
101         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
102         the list of FunctionExecutables.
103         * runtime/JSGlobalData.h:
104         (JSGlobalData):
105         * runtime/JSGlobalObject.cpp:
106         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
107
108 2012-03-29  Filip Pizlo  <fpizlo@apple.com>
109
110         Unreviewed build fix for non-x86 platforms.
111
112         * dfg/DFGSpeculativeJIT.cpp:
113         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
114         * dfg/DFGSpeculativeJIT.h:
115         (JSC::DFG::SpeculativeJIT::callOperation):
116         * jit/JITArithmetic32_64.cpp:
117         (JSC::JIT::emitSlow_op_mod):
118
119 2012-03-29  Gavin Barraclough  <barraclough@apple.com>
120
121         Windows build fix p2.
122
123         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
124
125 2012-03-29  Gavin Barraclough  <barraclough@apple.com>
126
127         Windows build fix p1.
128
129         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
130
131 2012-03-29  Gavin Barraclough  <barraclough@apple.com>
132
133         Template the Yarr::Interpreter on the character type
134         https://bugs.webkit.org/show_bug.cgi?id=82637
135
136         Reviewed by Sam Weinig.
137
138         We should be able to call to the interpreter after having already checked the character type,
139         without having to re-package the character pointer back up into a string!
140
141         * runtime/RegExp.cpp:
142         (JSC::RegExp::match):
143         (JSC::RegExp::matchCompareWithInterpreter):
144             - Don't pass length.
145         * yarr/Yarr.h:
146             - moved function declarations to YarrInterpreter.h.
147         * yarr/YarrInterpreter.cpp:
148         (Yarr):
149         (Interpreter):
150         (JSC::Yarr::Interpreter::InputStream::InputStream):
151         (InputStream):
152         (JSC::Yarr::Interpreter::Interpreter):
153         (JSC::Yarr::interpret):
154             - templated Interpreter class on CharType.
155         * yarr/YarrInterpreter.h:
156         (Yarr):
157             - added function declarations.
158
159 2012-03-29  David Kilzer  <ddkilzer@apple.com>
160
161         Don't use a flattened framework path when building on OS X
162
163         Reviewed by Mark Rowe.
164
165         * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME
166         to select different INSTALL_PATH values.
167
168 2012-03-29  Kevin Ollivier  <kevino@theolliviers.com>
169
170         [wx] Unreviewed build fix, add Win-specific sources
171         the wx port needs after WTF move.
172
173         * wscript:
174
175 2012-03-29  Andy Estes  <aestes@apple.com>
176
177         Remove an unused variable that breaks the build with newer versions of clang.
178
179         Rubber stamped by Gavin Barraclough.
180
181         * yarr/YarrJIT.cpp:
182         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
183
184 2012-03-29  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
185
186         HashMap<>::add should return a more descriptive object
187         https://bugs.webkit.org/show_bug.cgi?id=71063
188
189         Reviewed by Ryosuke Niwa.
190
191         Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
192         the iterator type, there's a need for its own AddResult type -- instantiated from
193         HashTableAddResult template class.
194
195         * API/JSCallbackObject.h:
196         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
197         * API/JSClassRef.cpp:
198         (OpaqueJSClass::contextData):
199         * bytecompiler/BytecodeGenerator.cpp:
200         (JSC::BytecodeGenerator::addVar):
201         (JSC::BytecodeGenerator::addGlobalVar):
202         (JSC::BytecodeGenerator::addConstant):
203         (JSC::BytecodeGenerator::addConstantValue):
204         (JSC::BytecodeGenerator::emitLoad):
205         (JSC::BytecodeGenerator::addStringConstant):
206         (JSC::BytecodeGenerator::emitLazyNewFunction):
207         * bytecompiler/NodesCodegen.cpp:
208         (JSC::PropertyListNode::emitBytecode):
209         * debugger/Debugger.cpp:
210         * dfg/DFGAssemblyHelpers.cpp:
211         (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
212         * dfg/DFGByteCodeParser.cpp:
213         (JSC::DFG::ByteCodeParser::cellConstant):
214         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
215         * jit/JITStubs.cpp:
216         (JSC::JITThunks::ctiStub):
217         (JSC::JITThunks::hostFunctionStub):
218         * parser/Parser.cpp:
219         (JSC::::parseStrictObjectLiteral):
220         * parser/Parser.h:
221         (JSC::Scope::declareParameter):
222         * runtime/Identifier.cpp:
223         (JSC::Identifier::add):
224         (JSC::Identifier::add8):
225         (JSC::Identifier::addSlowCase):
226         * runtime/Identifier.h:
227         (JSC::Identifier::add):
228         (JSC::IdentifierTable::add):
229         * runtime/JSArray.cpp:
230         (JSC::SparseArrayValueMap::add):
231         (JSC::SparseArrayValueMap::put):
232         (JSC::SparseArrayValueMap::putDirect):
233         (JSC::JSArray::enterDictionaryMode):
234         (JSC::JSArray::defineOwnNumericProperty):
235         * runtime/JSArray.h:
236         (SparseArrayValueMap):
237         * runtime/PropertyNameArray.cpp:
238         (JSC::PropertyNameArray::add):
239         * runtime/StringRecursionChecker.h:
240         (JSC::StringRecursionChecker::performCheck):
241         * runtime/Structure.cpp:
242         (JSC::StructureTransitionTable::add):
243         * runtime/WeakGCMap.h:
244         (WeakGCMap):
245         (JSC::WeakGCMap::add):
246         (JSC::WeakGCMap::set):
247         * tools/ProfileTreeNode.h:
248         (JSC::ProfileTreeNode::sampleChild):
249
250 2012-03-29  Patrick Gansterer  <paroga@webkit.org>
251
252         Build fix for !ENABLE(YARR_JIT) after r112454.
253
254         * runtime/RegExp.cpp:
255         (JSC::RegExp::invalidateCode):
256
257 2012-03-28  Filip Pizlo  <fpizlo@apple.com>
258
259         DFG object equality speculations should be simplified
260         https://bugs.webkit.org/show_bug.cgi?id=82557
261
262         Reviewed by Gavin Barraclough.
263
264         * dfg/DFGNode.h:
265         (JSC::DFG::Node::shouldSpeculateFinalObject):
266         (JSC::DFG::Node::shouldSpeculateArray):
267
268 2012-03-28  David Kilzer  <ddkilzer@apple.com>
269
270         minidom configurations should be based on ToolExecutable.xcconfig
271         <http://webkit.org/b/82513>
272
273         Reviewed by Mark Rowe.
274
275         Note that this patch changes minidom from being installed in
276         /usr/local/bin to JavaScriptCore.framework/Resources.
277
278         * Configurations/ToolExecutable.xcconfig: Add semi-colon.
279         * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
280         configurations on ToolExecutable.xcconfig.  Remove redundant
281         PRODUCT_NAME and SKIP_INSTALL variables.
282
283 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
284
285         Build fix - some compiles generating NORETURN related warnings.
286
287         * yarr/YarrJIT.cpp:
288         (JSC::Yarr::YarrGenerator::setSubpatternStart):
289         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
290         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
291
292 2012-03-28  Kevin Ollivier  <kevino@theolliviers.com>
293
294         [wx] Unreviewed. Build fix, move WTF back into JSCore target
295         until issues with JSCore not linking in all WTF symbols are resolved.
296         
297         * wscript:
298
299 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
300
301         Yarr: if we're not using the output array, don't populate it!
302         https://bugs.webkit.org/show_bug.cgi?id=82519
303
304         Reviewed by Sam Weinig.
305
306         * runtime/RegExp.cpp:
307         (JSC):
308             - Missed review comment! - didn't fully remove RegExpRepresentation.
309
310 2012-03-28  Gavin Barraclough  <barraclough@apple.com>
311
312         Yarr: if we're not using the output array, don't populate it!
313         https://bugs.webkit.org/show_bug.cgi?id=82519
314
315         Reviewed by Sam Weinig.
316
317         Add a new variant of the match method to RegExp that returns a MatchResult,
318         and modify YarrJIT to be able to compile code that doesn't use an output vector.
319
320         This is a 3% progression on v8-regexp.
321
322         * JavaScriptCore.xcodeproj/project.pbxproj:
323             - Moved MatchResult into its own header.
324         * assembler/AbstractMacroAssembler.h:
325             - Added missing include.
326         * runtime/MatchResult.h: Added.
327         (MatchResult::MatchResult):
328         (MatchResult):
329         (MatchResult::failed):
330         (MatchResult::operator bool):
331         (MatchResult::empty):
332             - Moved MatchResult into its own header.
333         * runtime/RegExp.cpp:
334         (JSC::RegExp::compile):
335         (JSC::RegExp::compileIfNecessary):
336         (JSC::RegExp::match):
337             - Changed due to execute & representation changes.
338         (JSC::RegExp::compileMatchOnly):
339         (JSC::RegExp::compileIfNecessaryMatchOnly):
340             - Added helper to compile MatchOnly code.
341         (JSC::RegExp::invalidateCode):
342         (JSC::RegExp::matchCompareWithInterpreter):
343         (JSC::RegExp::printTraceData):
344             - Changed due representation changes.
345         * runtime/RegExp.h:
346         (RegExp):
347         (JSC::RegExp::hasCode):
348             - Made YarrCodeBlock a member.
349         * runtime/RegExpConstructor.h:
350         (RegExpConstructor):
351         (JSC::RegExpConstructor::performMatch):
352             - Added no-ovector form.
353         * runtime/RegExpMatchesArray.cpp:
354         (JSC::RegExpMatchesArray::reifyAllProperties):
355             - Match now takes a reference to ovector, not a pointer.
356         * runtime/RegExpObject.h:
357         (JSC):
358             - Moved MatchResult into its own header.
359         * runtime/StringPrototype.cpp:
360         (JSC::stringProtoFuncSplit):
361             - Match now takes a reference to ovector, not a pointer.
362         * testRegExp.cpp:
363         (testOneRegExp):
364             - Match now takes a reference to ovector, not a pointer.
365         * yarr/YarrJIT.cpp:
366         (Yarr):
367         (YarrGenerator):
368         (JSC::Yarr::YarrGenerator::initCallFrame):
369         (JSC::Yarr::YarrGenerator::removeCallFrame):
370         (JSC::Yarr::YarrGenerator::setSubpatternStart):
371         (JSC::Yarr::YarrGenerator::setSubpatternEnd):
372         (JSC::Yarr::YarrGenerator::clearSubpatternStart):
373         (JSC::Yarr::YarrGenerator::setMatchStart):
374         (JSC::Yarr::YarrGenerator::getMatchStart):
375             - Added helper functions to intermediate access to output.
376         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
377         (JSC::Yarr::YarrGenerator::generate):
378         (JSC::Yarr::YarrGenerator::backtrack):
379         (JSC::Yarr::YarrGenerator::generateEnter):
380         (JSC::Yarr::YarrGenerator::compile):
381             - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
382         (JSC::Yarr::jitCompile):
383             - Needs to template of MatchOnly or IncludeSubpatterns.
384         * yarr/YarrJIT.h:
385         (YarrCodeBlock):
386         (JSC::Yarr::YarrCodeBlock::set8BitCode):
387         (JSC::Yarr::YarrCodeBlock::set16BitCode):
388         (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
389         (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
390         (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
391         (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
392         (JSC::Yarr::YarrCodeBlock::execute):
393         (JSC::Yarr::YarrCodeBlock::clear):
394             - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
395
396 2012-03-27  Filip Pizlo  <fpizlo@apple.com>
397
398         DFG OSR exit should not generate an exit for variables of inlinees if the
399         inlinees are not in scope
400         https://bugs.webkit.org/show_bug.cgi?id=82312
401
402         Reviewed by Oliver Hunt.
403         
404         * bytecode/CodeBlock.h:
405         (JSC::baselineCodeBlockForInlineCallFrame):
406         (JSC):
407         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
408         * dfg/DFGOSRExit.cpp:
409         (JSC::DFG::computeNumVariablesForCodeOrigin):
410         (DFG):
411         (JSC::DFG::OSRExit::OSRExit):
412
413 2012-03-27  Matt Lilek  <mrl@apple.com>
414
415         Stop compiling Interpreter.cpp with -fno-var-tracking
416         https://bugs.webkit.org/show_bug.cgi?id=82299
417
418         Reviewed by Anders Carlsson.
419
420         * JavaScriptCore.xcodeproj/project.pbxproj:
421
422 2012-03-27  Pratik Solanki  <psolanki@apple.com>
423
424         Compiler warning when JIT is not enabled
425         https://bugs.webkit.org/show_bug.cgi?id=82352
426
427         Reviewed by Filip Pizlo.
428
429         * runtime/JSFunction.cpp:
430         (JSC::JSFunction::create):
431
432 2012-03-26  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
433
434         Unaligned userspace access for SH4 platforms
435         https://bugs.webkit.org/show_bug.cgi?id=79104
436
437         Reviewed by Gavin Barraclough.
438
439         * assembler/AbstractMacroAssembler.h:
440         (Jump):
441         (JSC::AbstractMacroAssembler::Jump::Jump):
442         (JSC::AbstractMacroAssembler::Jump::link):
443         * assembler/MacroAssemblerSH4.h:
444         (JSC::MacroAssemblerSH4::load16Unaligned):
445         (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
446         (JSC::MacroAssemblerSH4::branchDouble):
447         (JSC::MacroAssemblerSH4::branchTrue):
448         (JSC::MacroAssemblerSH4::branchFalse):
449         * assembler/SH4Assembler.h:
450         (JSC::SH4Assembler::extraInstrForBranch):
451         (SH4Assembler):
452         (JSC::SH4Assembler::bra):
453         (JSC::SH4Assembler::linkJump):
454         * jit/JIT.h:
455         (JIT):
456         * yarr/YarrJIT.cpp:
457         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
458
459 2012-03-26  Ryosuke Niwa  <rniwa@webkit.org>
460
461         cssText should use shorthand notations
462         https://bugs.webkit.org/show_bug.cgi?id=81737
463
464         Reviewed by Enrica Casucci.
465
466         Export symbols of BitVector on Windows.
467
468         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
469
470 2012-03-26  Filip Pizlo  <fpizlo@apple.com>
471
472         DFG should assert that argument value recoveries can only be
473         AlreadyInRegisterFile or Constant
474         https://bugs.webkit.org/show_bug.cgi?id=82249
475
476         Reviewed by Michael Saboff.
477         
478         Made the assertions that the DFG makes for argument value recoveries match
479         what Arguments expects.
480
481         * bytecode/ValueRecovery.h:
482         (JSC::ValueRecovery::isConstant):
483         (ValueRecovery):
484         (JSC::ValueRecovery::isAlreadyInRegisterFile):
485         * dfg/DFGSpeculativeJIT.cpp:
486         (JSC::DFG::SpeculativeJIT::compile):
487
488 2012-03-26  Dan Bernstein  <mitz@apple.com>
489
490         Tried to fix the Windows build.
491
492         * yarr/YarrPattern.cpp:
493         (JSC::Yarr::CharacterClassConstructor::putRange):
494
495 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
496
497         Unreviewed - speculative Windows build fix.
498
499         * yarr/YarrCanonicalizeUCS2.h:
500         (JSC::Yarr::getCanonicalPair):
501
502 2012-03-26  Dan Bernstein  <mitz@apple.com>
503
504         Fixed builds with assertions disabled.
505
506         * yarr/YarrCanonicalizeUCS2.h:
507         (JSC::Yarr::areCanonicallyEquivalent):
508
509 2012-03-26  Gavin Barraclough  <barraclough@apple.com>
510
511         Unreviewed - errk! - accidentally the whole pbxproj.
512
513         * JavaScriptCore.xcodeproj/project.pbxproj:
514
515 2012-03-25  Gavin Barraclough  <barraclough@apple.com>
516
517         Greek sigma is handled wrong in case independent regexp.
518         https://bugs.webkit.org/show_bug.cgi?id=82063
519
520         Reviewed by Oliver Hunt.
521
522         The bug here is that we assume that any given codepoint has at most one additional value it
523         should match under a case insensitive match, and that the pair of codepoints that match (if
524         a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
525         given codepoint). Life is not that simple.
526
527         Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
528         it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
529         we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
530         simple binary search to find an entry in typically eight compares.
531
532         * CMakeLists.txt:
533         * GNUmakefile.list.am:
534         * JavaScriptCore.gypi:
535         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
536         * JavaScriptCore.xcodeproj/project.pbxproj:
537         * yarr/yarr.pri:
538             - Added new files to build systems.
539         * yarr/YarrCanonicalizeUCS2.cpp: Added.
540             - New - autogenerated, UCS2 canonicalized comparison tables.
541         * yarr/YarrCanonicalizeUCS2.h: Added.
542         (JSC::Yarr::rangeInfoFor):
543             - Look up the canonicalization info for a UCS2 character.
544         (JSC::Yarr::getCanonicalPair):
545             - For a UCS2 character with a single equivalent value, look it up.
546         (JSC::Yarr::isCanonicallyUnique):
547             - Returns true if no other UCS2 code points are canonically equal.
548         (JSC::Yarr::areCanonicallyEquivalent):
549             - Compare two values, under canonicalization rules.
550         * yarr/YarrCanonicalizeUCS2.js: Added.
551             - script used to generate YarrCanonicalizeUCS2.cpp.
552         * yarr/YarrInterpreter.cpp:
553         (JSC::Yarr::Interpreter::tryConsumeBackReference):
554             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
555         * yarr/YarrJIT.cpp:
556         (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
557         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
558         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
559             - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
560         * yarr/YarrPattern.cpp:
561         (JSC::Yarr::CharacterClassConstructor::putChar):
562             - Updated to determine canonical equivalents correctly.
563         (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
564             - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
565         (JSC::Yarr::CharacterClassConstructor::putRange):
566             - Updated to determine canonical equivalents correctly.
567         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
568             - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
569
570 2012-03-26  Kevin Ollivier  <kevino@theolliviers.com>
571
572         [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
573         so we make sure it finds the API headers on all platforms.
574
575         * wscript:
576
577 2012-03-26  Patrick Gansterer  <paroga@webkit.org>
578
579         Build fix for WinCE after r112039.
580
581         * interpreter/Register.h:
582         (Register): Removed inline keyword from decleration since
583                     there is an ALWAYS_INLINE at the definition anyway.
584
585 2012-03-26  Carlos Garcia Campos  <cgarcia@igalia.com>
586
587         Unreviewed. Fix make distcheck.
588
589         * GNUmakefile.list.am: Add missing files.
590
591 2012-03-25  Kevin Ollivier  <kevino@theolliviers.com>
592
593         [wx] Unreviewed build fix. Move WTF to its own static lib build.
594
595         * wscript:
596
597 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
598
599         DFG int-to-double conversion should be revealed to CSE
600         https://bugs.webkit.org/show_bug.cgi?id=82135
601
602         Reviewed by Oliver Hunt.
603         
604         This introduces the notion of an Int32ToDouble node, which is injected
605         into the graph anytime we know that we have a double use of a node that
606         was predicted integer. The Int32ToDouble simplifies double speculation
607         on integers by skipping the path that would unbox doubles, if we know
608         that the value is already proven to be an integer. It allows integer to
609         double conversions to be subjected to common subexpression elimination
610         (CSE) by allowing the CSE phase to see where these conversions are
611         occurring. Finally, it allows us to see when a constant is being used
612         as both a double and an integer. This is a bit odd, since it means that
613         sometimes a double use of a constant will not refer directly to the
614         constant. This should not cause problems, for now, but it may require
615         some canonizalization in the future if we want to support strength
616         reductions of double operations based on constants.
617         
618         To allow injection of nodes into the graph, this change introduces the
619         DFG::InsertionSet, which is a way of lazily inserting elements into a
620         list. This allows the FixupPhase to remain O(N) despite performing
621         multiple injections in a single basic block. Without the InsertionSet,
622         each injection would require performing an insertion into a vector,
623         which is O(N), leading to O(N^2) performance overall. With the
624         InsertionSet, each injection simply records what insertion would have
625         been performed, and all insertions are performed at once (via
626         InsertionSet::execute) after processing of a basic block is completed.
627
628         * JavaScriptCore.xcodeproj/project.pbxproj:
629         * bytecode/PredictedType.h:
630         (JSC::isActionableIntMutableArrayPrediction):
631         (JSC):
632         (JSC::isActionableFloatMutableArrayPrediction):
633         (JSC::isActionableTypedMutableArrayPrediction):
634         (JSC::isActionableMutableArrayPrediction):
635         * dfg/DFGAbstractState.cpp:
636         (JSC::DFG::AbstractState::execute):
637         * dfg/DFGCSEPhase.cpp:
638         (JSC::DFG::CSEPhase::performNodeCSE):
639         * dfg/DFGCommon.h:
640         (JSC::DFG::useKindToString):
641         (DFG):
642         * dfg/DFGFixupPhase.cpp:
643         (JSC::DFG::FixupPhase::run):
644         (JSC::DFG::FixupPhase::fixupBlock):
645         (FixupPhase):
646         (JSC::DFG::FixupPhase::fixupNode):
647         (JSC::DFG::FixupPhase::fixDoubleEdge):
648         * dfg/DFGGraph.cpp:
649         (JSC::DFG::Graph::dump):
650         * dfg/DFGInsertionSet.h: Added.
651         (DFG):
652         (Insertion):
653         (JSC::DFG::Insertion::Insertion):
654         (JSC::DFG::Insertion::index):
655         (JSC::DFG::Insertion::element):
656         (InsertionSet):
657         (JSC::DFG::InsertionSet::InsertionSet):
658         (JSC::DFG::InsertionSet::append):
659         (JSC::DFG::InsertionSet::execute):
660         * dfg/DFGNodeType.h:
661         (DFG):
662         * dfg/DFGPredictionPropagationPhase.cpp:
663         (JSC::DFG::PredictionPropagationPhase::propagate):
664         * dfg/DFGSpeculativeJIT.cpp:
665         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
666         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
667         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
668         (DFG):
669         * dfg/DFGSpeculativeJIT.h:
670         (SpeculativeJIT):
671         (JSC::DFG::IntegerOperand::IntegerOperand):
672         (JSC::DFG::DoubleOperand::DoubleOperand):
673         (JSC::DFG::JSValueOperand::JSValueOperand):
674         (JSC::DFG::StorageOperand::StorageOperand):
675         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
676         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
677         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
678         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
679         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
680         * dfg/DFGSpeculativeJIT32_64.cpp:
681         (JSC::DFG::SpeculativeJIT::compile):
682         * dfg/DFGSpeculativeJIT64.cpp:
683         (JSC::DFG::SpeculativeJIT::compile):
684
685 2012-03-25  Filip Pizlo  <fpizlo@apple.com>
686
687         DFGOperands should be moved out of the DFG and into bytecode
688         https://bugs.webkit.org/show_bug.cgi?id=82151
689
690         Reviewed by Dan Bernstein.
691
692         * GNUmakefile.list.am:
693         * JavaScriptCore.xcodeproj/project.pbxproj:
694         * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
695         * dfg/DFGBasicBlock.h:
696         * dfg/DFGNode.h:
697         * dfg/DFGOSREntry.h:
698         * dfg/DFGOSRExit.h:
699         * dfg/DFGOperands.h: Removed.
700         * dfg/DFGVariableAccessData.h:
701
702 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
703
704         DFG 64-bit Branch implementation should not be creating a JSValueOperand that
705         it isn't going to use
706         https://bugs.webkit.org/show_bug.cgi?id=82136
707
708         Reviewed by Geoff Garen.
709
710         * dfg/DFGSpeculativeJIT64.cpp:
711         (JSC::DFG::SpeculativeJIT::emitBranch):
712
713 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
714
715         [wx] Unreviewed. Fix the build after WTF move.
716
717         * wscript:
718
719 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
720
721         DFG double voting may be overzealous in the case of variables that end up
722         being used as integers
723         https://bugs.webkit.org/show_bug.cgi?id=82008
724
725         Reviewed by Oliver Hunt.
726         
727         Cleaned up propagation, making the intent more explicit in most places.
728         Back-propagate NodeUsedAsInt for cases where a node was used in a context
729         that is known to strongly prefer integers.
730
731         * dfg/DFGByteCodeParser.cpp:
732         (JSC::DFG::ByteCodeParser::handleCall):
733         (JSC::DFG::ByteCodeParser::parseBlock):
734         * dfg/DFGGraph.cpp:
735         (JSC::DFG::Graph::dumpCodeOrigin):
736         (JSC::DFG::Graph::dump):
737         * dfg/DFGGraph.h:
738         (Graph):
739         * dfg/DFGNodeFlags.cpp:
740         (JSC::DFG::nodeFlagsAsString):
741         * dfg/DFGNodeFlags.h:
742         (DFG):
743         * dfg/DFGPredictionPropagationPhase.cpp:
744         (JSC::DFG::PredictionPropagationPhase::run):
745         (JSC::DFG::PredictionPropagationPhase::propagate):
746         (PredictionPropagationPhase):
747         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
748         (JSC::DFG::PredictionPropagationPhase::vote):
749         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
750         (JSC::DFG::PredictionPropagationPhase::fixupNode):
751         * dfg/DFGVariableAccessData.h:
752         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
753
754 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
755
756         DFG::Node::shouldNotSpeculateInteger() should be eliminated
757         https://bugs.webkit.org/show_bug.cgi?id=82123
758
759         Reviewed by Geoff Garen.
760
761         * dfg/DFGAbstractState.cpp:
762         (JSC::DFG::AbstractState::execute):
763         * dfg/DFGNode.h:
764         (Node):
765         * dfg/DFGSpeculativeJIT.cpp:
766         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
767         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
768
769 2012-03-24  Yong Li  <yoli@rim.com>
770
771         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
772         https://bugs.webkit.org/show_bug.cgi?id=81521
773
774         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
775         for CPU(ARM_TRADITIONAL) to fit actual need.
776
777         Reviewed by Oliver Hunt.
778
779         * jit/JIT.h:
780         (JIT):
781
782 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
783
784         DFG Fixup should be able to short-circuit trivial ValueToInt32's
785         https://bugs.webkit.org/show_bug.cgi?id=82030
786
787         Reviewed by Michael Saboff.
788         
789         Takes the fixup() method of the prediction propagation phase and makes it
790         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
791         nodes, and mark pure ValueToInt32's as such.
792
793         * CMakeLists.txt:
794         * GNUmakefile.list.am:
795         * JavaScriptCore.xcodeproj/project.pbxproj:
796         * Target.pri:
797         * dfg/DFGByteCodeParser.cpp:
798         (JSC::DFG::ByteCodeParser::makeSafe):
799         (JSC::DFG::ByteCodeParser::handleCall):
800         (JSC::DFG::ByteCodeParser::parseBlock):
801         * dfg/DFGCommon.h:
802         * dfg/DFGDriver.cpp:
803         (JSC::DFG::compile):
804         * dfg/DFGFixupPhase.cpp: Added.
805         (DFG):
806         (FixupPhase):
807         (JSC::DFG::FixupPhase::FixupPhase):
808         (JSC::DFG::FixupPhase::run):
809         (JSC::DFG::FixupPhase::fixupNode):
810         (JSC::DFG::FixupPhase::fixIntEdge):
811         (JSC::DFG::performFixup):
812         * dfg/DFGFixupPhase.h: Added.
813         (DFG):
814         * dfg/DFGPredictionPropagationPhase.cpp:
815         (JSC::DFG::PredictionPropagationPhase::run):
816         (PredictionPropagationPhase):
817
818 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
819
820         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
821         https://bugs.webkit.org/show_bug.cgi?id=82087
822
823         Reviewed by Filip Pizlo.
824
825         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
826         undid the modification to the current block if we fail.
827
828         * heap/CopiedSpace.cpp:
829         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
830         to reallocate from the current block.
831
832 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
833
834         [Mac] No need for platform-specific ENABLE_BLOB values
835         https://bugs.webkit.org/show_bug.cgi?id=82102
836
837         Reviewed by David Kilzer.
838
839         * Configurations/FeatureDefines.xcconfig:
840
841 2012-03-23  Michael Saboff  <msaboff@apple.com>
842
843         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
844         https://bugs.webkit.org/show_bug.cgi?id=81805
845
846         Reviewed by Filip Pizlo.
847
848         Added SpeculativeJIT::checkGeneratedType() to determine the current format
849         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
850         to generate code that will use integer and JSValue types in integer
851         format directly without a conversion to double.
852
853         * JavaScriptCore.xcodeproj/project.pbxproj:
854         * dfg/DFGSpeculativeJIT.cpp:
855         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
856         (DFG):
857         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
858         * dfg/DFGSpeculativeJIT.h:
859         (DFG):
860         (SpeculativeJIT):
861
862 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
863
864         Update Apple Windows build files for WTF move
865         https://bugs.webkit.org/show_bug.cgi?id=82069
866
867         Reviewed by Jessie Berlin.
868
869         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
870
871 2012-03-23  Dean Jackson  <dino@apple.com>
872
873         Disable CSS_SHADERS in Apple builds
874         https://bugs.webkit.org/show_bug.cgi?id=81996
875
876         Reviewed by Simon Fraser.
877
878         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
879
880         * Configurations/FeatureDefines.xcconfig:
881
882 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
883
884         RexExp constructor last match properties should not rely on previous ovector
885         https://bugs.webkit.org/show_bug.cgi?id=82077
886
887         Reviewed by Oliver Hunt.
888
889         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
890
891         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
892         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
893         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
894         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
895         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
896         reified state. This means that next time a match is performed, the store of the result will
897         automatically blow away the reified value.
898
899         * JavaScriptCore.xcodeproj/project.pbxproj:
900             - Added new files.
901         * runtime/RegExp.cpp:
902         (JSC::RegExpFunctionalTestCollector::outputOneTest):
903             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
904         * runtime/RegExpCachedResult.cpp: Added.
905         (JSC::RegExpCachedResult::visitChildren):
906         (JSC::RegExpCachedResult::lastResult):
907         (JSC::RegExpCachedResult::setInput):
908             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
909         * runtime/RegExpCachedResult.h: Added.
910         (RegExpCachedResult):
911             - Added new class.
912         (JSC::RegExpCachedResult::RegExpCachedResult):
913         (JSC::RegExpCachedResult::record):
914         (JSC::RegExpCachedResult::input):
915             - Initialize the object, record the result of a RegExp match, access the stored input property.
916         * runtime/RegExpConstructor.cpp:
917         (JSC::RegExpConstructor::RegExpConstructor):
918             - Initialize m_result/m_multiline properties.
919         (JSC::RegExpConstructor::visitChildren):
920             - Make sure the cached results (or lazy source for them) are marked.
921         (JSC::RegExpConstructor::getBackref):
922         (JSC::RegExpConstructor::getLastParen):
923         (JSC::RegExpConstructor::getLeftContext):
924         (JSC::RegExpConstructor::getRightContext):
925             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
926         (JSC::regExpConstructorInput):
927         (JSC::setRegExpConstructorInput):
928             - Changed to use RegExpCachedResult.
929         * runtime/RegExpConstructor.h:
930         (JSC::RegExpConstructor::create):
931         (RegExpConstructor):
932         (JSC::RegExpConstructor::setMultiline):
933         (JSC::RegExpConstructor::multiline):
934             - Move multiline property onto the constructor object; it is not affected by the last match.
935         (JSC::RegExpConstructor::setInput):
936         (JSC::RegExpConstructor::input):
937             - These defer to RegExpCachedResult.
938         (JSC::RegExpConstructor::performMatch):
939         * runtime/RegExpMatchesArray.cpp: Added.
940         (JSC::RegExpMatchesArray::visitChildren):
941             - Eeeep! added missing visitChildren!
942         (JSC::RegExpMatchesArray::finishCreation):
943         (JSC::RegExpMatchesArray::reifyAllProperties):
944         (JSC::RegExpMatchesArray::reifyMatchProperty):
945             - Moved from RegExpConstructor.cpp.
946         (JSC::RegExpMatchesArray::leftContext):
947         (JSC::RegExpMatchesArray::rightContext):
948             - Since the match start/
949         * runtime/RegExpMatchesArray.h:
950         (RegExpMatchesArray):
951             - Declare new methods & structure flags.
952         * runtime/RegExpObject.cpp:
953         (JSC::RegExpObject::match):
954             - performMatch now requires the JSString input, to cache.
955         * runtime/StringPrototype.cpp:
956         (JSC::removeUsingRegExpSearch):
957         (JSC::replaceUsingRegExpSearch):
958         (JSC::stringProtoFuncMatch):
959         (JSC::stringProtoFuncSearch):
960             - performMatch now requires the JSString input, to cache.
961
962 2012-03-23  Tony Chang  <tony@chromium.org>
963
964         [chromium] rename newwtf target back to wtf
965         https://bugs.webkit.org/show_bug.cgi?id=82064
966
967         Reviewed by Adam Barth.
968
969         * JavaScriptCore.gyp/JavaScriptCore.gyp:
970
971 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
972
973         Simplify memory usage tracking in CopiedSpace
974         https://bugs.webkit.org/show_bug.cgi?id=80705
975
976         Reviewed by Filip Pizlo.
977
978         * heap/CopiedAllocator.h:
979         (CopiedAllocator): Rename currentUtilization to currentSize.
980         (JSC::CopiedAllocator::currentCapacity):
981         * heap/CopiedBlock.h:
982         (CopiedBlock):
983         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
984         declaration.
985         (JSC):
986         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
987         (JSC::CopiedBlock::capacity): Ditto for capacity.
988         * heap/CopiedSpace.cpp:
989         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
990         field for the water mark.
991         (JSC::CopiedSpace::init):
992         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
993         block, we need to update our current water mark with the size of the block.
994         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
995         need to update our current water mark with the size of the used portion of the block.
996         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
997         reallocating because it will either get accounted for when we fill up the block later 
998         in the case of being able to reallocate in the current block or it will get picked up 
999         immediately because we'll have to get a new block.
1000         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
1001         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
1002         new one.
1003         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
1004         the CopiedSpace by the SlotVisitors.
1005         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
1006         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
1007         not we should collect now instead of doing the calculation ourself.
1008         (JSC::CopiedSpace::destroy):
1009         (JSC):
1010         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
1011         MarkedSpace does.
1012         (JSC::CopiedSpace::capacity): Ditto for capacity.
1013         * heap/CopiedSpace.h:
1014         (JSC::CopiedSpace::waterMark):
1015         (CopiedSpace):
1016         * heap/CopiedSpaceInlineMethods.h:
1017         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
1018         collection.
1019         (JSC::CopiedSpace::allocateNewBlock):
1020         (JSC::CopiedSpace::fitsInBlock):
1021         (JSC::CopiedSpace::allocateFromBlock):
1022         * heap/Heap.cpp:
1023         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
1024         (JSC::Heap::capacity): Ditto for capacity.
1025         (JSC::Heap::collect):
1026         * heap/Heap.h:
1027         (Heap):
1028         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
1029         determine whether they should initiate a collection or continue to allocate new blocks.
1030         (JSC):
1031         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
1032         Heap (MarkedSpace and CopiedSpace).
1033         * heap/MarkedAllocator.cpp:
1034         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
1035
1036 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
1037
1038         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
1039         https://bugs.webkit.org/show_bug.cgi?id=82012
1040
1041         Reviewed by Filip Pizlo.
1042
1043         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
1044
1045         * wtf/BitVector.cpp:
1046         (WTF::BitVector::resizeOutOfLine):
1047         * wtf/BitVector.h:
1048         (BitVector):
1049         (OutOfLineBits):
1050
1051 2012-03-22  Michael Saboff  <msaboff@apple.com>
1052
1053         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
1054         https://bugs.webkit.org/show_bug.cgi?id=82002
1055
1056         Reviewed by Filip Pizlo.
1057
1058         Guard against divide by zero and then make sure the return
1059         value is >= 1.0.
1060
1061         * jit/ExecutableAllocator.cpp:
1062         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1063         * jit/ExecutableAllocatorFixedVMPool.cpp:
1064         (JSC::ExecutableAllocator::memoryPressureMultiplier):
1065
1066 2012-03-22  Jessie Berlin  <jberlin@apple.com>
1067
1068         Windows build fix after r111778.
1069
1070         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1071         Don't include and try to build files owned by WTF.
1072         Also, let VS have its way with the vcproj in terms of file ordering.
1073
1074 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1075
1076         [CMake] Unreviewed build fix after r111778.
1077
1078         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
1079         the include paths so that the right config.h is used.
1080
1081 2012-03-22  Tony Chang  <tony@chromium.org>
1082
1083         Unreviewed, fix chromium build after wtf move.
1084
1085         Remove old wtf_config and wtf targets.
1086
1087         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1088
1089 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
1090
1091         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
1092
1093         * GNUmakefile.list.am: Removed an extra trailing backslash.
1094
1095 2012-03-22  Mark Rowe  <mrowe@apple.com>
1096
1097         Fix the build.
1098
1099         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
1100         rather than only those that contain symbols that JavaScriptCore itself uses.
1101         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
1102
1103 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
1104
1105         DFG NodeFlags has some duplicate code and naming issues
1106         https://bugs.webkit.org/show_bug.cgi?id=81975
1107
1108         Reviewed by Gavin Barraclough.
1109         
1110         Removed most references to "ArithNodeFlags" since those are now just part
1111         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
1112         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
1113         because the former was never called and the latter did the same things as
1114         mergeFlags().
1115
1116         * dfg/DFGByteCodeParser.cpp:
1117         (JSC::DFG::ByteCodeParser::makeSafe):
1118         (JSC::DFG::ByteCodeParser::makeDivSafe):
1119         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1120         * dfg/DFGGraph.cpp:
1121         (JSC::DFG::Graph::dump):
1122         * dfg/DFGNode.h:
1123         (JSC::DFG::Node::arithNodeFlags):
1124         (Node):
1125         * dfg/DFGNodeFlags.cpp:
1126         (JSC::DFG::nodeFlagsAsString):
1127         * dfg/DFGNodeFlags.h:
1128         (DFG):
1129         (JSC::DFG::nodeUsedAsNumber):
1130         * dfg/DFGPredictionPropagationPhase.cpp:
1131         (JSC::DFG::PredictionPropagationPhase::propagate):
1132         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1133
1134 2012-03-22  Eric Seidel  <eric@webkit.org>
1135
1136         Actually move WTF files to their new home
1137         https://bugs.webkit.org/show_bug.cgi?id=81844
1138
1139         Unreviewed.  The details of the port-specific changes
1140         have been seen by contributors from those ports, but
1141         the whole 5MB change isn't very reviewable as-is.
1142
1143         * GNUmakefile.am:
1144         * GNUmakefile.list.am:
1145         * JSCTypedArrayStubs.h:
1146         * JavaScriptCore.gypi:
1147         * JavaScriptCore.xcodeproj/project.pbxproj:
1148         * jsc.cpp:
1149
1150 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
1151
1152         [wx] Unreviewed. Adding Source/WTF to the build.
1153
1154         * wscript:
1155
1156 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
1157
1158         Add JSValue::isFunction
1159         https://bugs.webkit.org/show_bug.cgi?id=81935
1160
1161         Reviewed by Geoff Garen.
1162
1163         This would be useful in the WebCore bindings code.
1164         Also, remove asFunction, replace with jsCast<JSFunction*>.
1165
1166         * API/JSContextRef.cpp:
1167         * debugger/Debugger.cpp:
1168         * debugger/DebuggerCallFrame.cpp:
1169         (JSC::DebuggerCallFrame::functionName):
1170         * dfg/DFGGraph.h:
1171         (JSC::DFG::Graph::valueOfFunctionConstant):
1172         * dfg/DFGOperations.cpp:
1173         * interpreter/CallFrame.cpp:
1174         (JSC::CallFrame::isInlineCallFrameSlow):
1175         * interpreter/Interpreter.cpp:
1176         (JSC::Interpreter::privateExecute):
1177         * jit/JITStubs.cpp:
1178         (JSC::DEFINE_STUB_FUNCTION):
1179         (JSC::jitCompileFor):
1180         (JSC::lazyLinkFor):
1181         * llint/LLIntSlowPaths.cpp:
1182         (JSC::LLInt::traceFunctionPrologue):
1183         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1184         (JSC::LLInt::setUpCall):
1185         * runtime/Arguments.h:
1186         (JSC::Arguments::finishCreation):
1187         * runtime/ArrayPrototype.cpp:
1188         (JSC::arrayProtoFuncFilter):
1189         (JSC::arrayProtoFuncMap):
1190         (JSC::arrayProtoFuncEvery):
1191         (JSC::arrayProtoFuncForEach):
1192         (JSC::arrayProtoFuncSome):
1193         (JSC::arrayProtoFuncReduce):
1194         (JSC::arrayProtoFuncReduceRight):
1195         * runtime/CommonSlowPaths.h:
1196         (JSC::CommonSlowPaths::arityCheckFor):
1197         * runtime/Executable.h:
1198         (JSC::FunctionExecutable::compileFor):
1199         (JSC::FunctionExecutable::compileOptimizedFor):
1200         * runtime/FunctionPrototype.cpp:
1201         (JSC::functionProtoFuncToString):
1202         * runtime/JSArray.cpp:
1203         (JSC::JSArray::sort):
1204         * runtime/JSFunction.cpp:
1205         (JSC::JSFunction::argumentsGetter):
1206         (JSC::JSFunction::callerGetter):
1207         (JSC::JSFunction::lengthGetter):
1208         * runtime/JSFunction.h:
1209         (JSC):
1210         (JSC::asJSFunction):
1211         (JSC::JSValue::isFunction):
1212         * runtime/JSGlobalData.cpp:
1213         (WTF::Recompiler::operator()):
1214         (JSC::JSGlobalData::releaseExecutableMemory):
1215         * runtime/JSValue.h:
1216         * runtime/StringPrototype.cpp:
1217         (JSC::replaceUsingRegExpSearch):
1218
1219 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
1220
1221         DFG speculation on booleans should be rationalized
1222         https://bugs.webkit.org/show_bug.cgi?id=81840
1223
1224         Reviewed by Gavin Barraclough.
1225         
1226         This removes isKnownBoolean() and replaces it with AbstractState-based
1227         optimization, and cleans up the control flow in code gen methods for
1228         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
1229         and removes isKnownNotBoolean() since that method appeared to be a
1230         helper used solely by 32_64's speculateBooleanOperation().
1231         
1232         This is performance-neutral.
1233
1234         * dfg/DFGAbstractState.cpp:
1235         (JSC::DFG::AbstractState::execute):
1236         * dfg/DFGNode.h:
1237         (JSC::DFG::Node::shouldSpeculateNumber):
1238         * dfg/DFGSpeculativeJIT.cpp:
1239         (DFG):
1240         * dfg/DFGSpeculativeJIT.h:
1241         (SpeculativeJIT):
1242         * dfg/DFGSpeculativeJIT32_64.cpp:
1243         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1244         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1245         (JSC::DFG::SpeculativeJIT::emitBranch):
1246         (JSC::DFG::SpeculativeJIT::compile):
1247         * dfg/DFGSpeculativeJIT64.cpp:
1248         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1249         (JSC::DFG::SpeculativeJIT::emitBranch):
1250         (JSC::DFG::SpeculativeJIT::compile):
1251
1252 2012-03-21  Mark Rowe  <mrowe@apple.com>
1253
1254         Fix the build.
1255
1256         * wtf/MetaAllocator.h:
1257         (MetaAllocator): Export the destructor.
1258
1259 2012-03-21  Eric Seidel  <eric@webkit.org>
1260
1261         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
1262         https://bugs.webkit.org/show_bug.cgi?id=81834
1263
1264         Reviewed by Adam Barth.
1265
1266         * jsc.cpp:
1267         * os-win32/WinMain.cpp:
1268         * runtime/JSDateMath.cpp:
1269         * runtime/TimeoutChecker.cpp:
1270         * testRegExp.cpp:
1271         * tools/CodeProfiling.cpp:
1272
1273 2012-03-21  Eric Seidel  <eric@webkit.org>
1274
1275         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
1276         https://bugs.webkit.org/show_bug.cgi?id=81838
1277
1278         Reviewed by Geoffrey Garen.
1279
1280         My understanding is that weak vtables happen when the compiler/linker cannot
1281         determine which compilation unit should constain the vtable.  In this case
1282         because there were only pure virtual functions as well as an "inline"
1283         virtual destructor (thus the virtual destructor was defined in many compilation
1284         units).  Since you can't actually "inline" a virtual function (it still has to
1285         bounce through the vtable), the "inline" on this virutal destructor doesn't
1286         actually help performance, and is only serving to confuse the compiler here.
1287         I've moved the destructor implementation to the .cpp file, thus making
1288         it clear to the compiler where the vtable should be stored, and solving the error.
1289
1290         * wtf/MetaAllocator.cpp:
1291         (WTF::MetaAllocator::~MetaAllocator):
1292         (WTF):
1293         * wtf/MetaAllocator.h:
1294
1295 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
1296
1297         RegExpMatchesArray should not copy the ovector
1298         https://bugs.webkit.org/show_bug.cgi?id=81742
1299
1300         Reviewed by Michael Saboff.
1301
1302         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
1303         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
1304         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
1305         and the results never accessed).
1306         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
1307
1308         * dfg/DFGOperations.cpp:
1309             - RegExpObject match renamed back to test (test returns a bool).
1310         * runtime/RegExpConstructor.cpp:
1311         (JSC):
1312             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
1313         (JSC::RegExpMatchesArray::finishCreation):
1314             - Removed RegExpConstructorPrivate parameter.
1315         (JSC::RegExpMatchesArray::reifyAllProperties):
1316             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
1317             If there are sub-pattern properties, the RegExp is re-run to generate their values.
1318         (JSC::RegExpMatchesArray::reifyMatchProperty):
1319             - Reify just the match (index 0) property of the RegExpMatchesArray.
1320         * runtime/RegExpConstructor.h:
1321         (RegExpConstructor):
1322         (JSC::RegExpConstructor::performMatch):
1323             - performMatch now returns a MatchResult, rather than using out-parameters.
1324         * runtime/RegExpMatchesArray.h:
1325         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1326             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
1327         (RegExpMatchesArray):
1328         (JSC::RegExpMatchesArray::create):
1329             - Now passed the input string matched against, the RegExp, and the MatchResult.
1330         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
1331         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
1332             - Helpers to conditionally reify properties.
1333         (JSC::RegExpMatchesArray::getOwnPropertySlot):
1334         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
1335         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
1336         (JSC::RegExpMatchesArray::put):
1337         (JSC::RegExpMatchesArray::putByIndex):
1338         (JSC::RegExpMatchesArray::deleteProperty):
1339         (JSC::RegExpMatchesArray::deletePropertyByIndex):
1340         (JSC::RegExpMatchesArray::getOwnPropertyNames):
1341         (JSC::RegExpMatchesArray::defineOwnProperty):
1342             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
1343             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
1344         * runtime/RegExpObject.cpp:
1345         (JSC::RegExpObject::exec):
1346         (JSC::RegExpObject::match):
1347             - match now returns a MatchResult.
1348         * runtime/RegExpObject.h:
1349         (JSC::MatchResult::MatchResult):
1350             - Added the result of a match is a start & end tuple.
1351         (JSC::MatchResult::failed):
1352             - A failure is indicated by (notFound, 0).
1353         (JSC::MatchResult::operator bool):
1354             - Evaluates to false if the match failed.
1355         (JSC::MatchResult::empty):
1356             - Evaluates to true if the match succeeded with length 0.
1357         (JSC::RegExpObject::test):
1358             - Now returns a bool.
1359         * runtime/RegExpPrototype.cpp:
1360         (JSC::regExpProtoFuncTest):
1361             - RegExpObject match renamed back to test (test returns a bool).
1362         * runtime/StringPrototype.cpp:
1363         (JSC::removeUsingRegExpSearch):
1364         (JSC::replaceUsingRegExpSearch):
1365         (JSC::stringProtoFuncMatch):
1366         (JSC::stringProtoFuncSearch):
1367             - performMatch now returns a MatchResult, rather than using out-parameters.
1368
1369 2012-03-21  Hojong Han  <hojong.han@samsung.com>
1370
1371         Fix out of memory by allowing overcommit
1372         https://bugs.webkit.org/show_bug.cgi?id=81743
1373
1374         Reviewed by Geoffrey Garen.
1375
1376         Garbage collection is not triggered and new blocks are added
1377         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
1378
1379         * wtf/OSAllocatorPosix.cpp:
1380         (WTF::OSAllocator::reserveAndCommit):
1381
1382 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1383
1384         More Windows build fixing.
1385
1386         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1387         Fix the order of the include directories to look in include/private first before looking
1388         in include/private/JavaScriptCore.
1389         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1390         Look in the Production output directory (where the wtf headers will be). This is the same
1391         thing that is done for jsc and testRegExp in ReleasePGO.
1392
1393 2012-03-21  Jessie Berlin  <jberlin@apple.com>
1394
1395         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
1396         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
1397         https://bugs.webkit.org/show_bug.cgi?id=81739
1398
1399         Reviewed by Dan Bernstein.
1400
1401         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
1402         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
1403         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
1404         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
1405         Ditto.
1406
1407         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
1408         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
1409         JavaScriptCore/wtf subdirectory.
1410         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1411         Ditto.
1412
1413 2012-03-20  Eric Seidel  <eric@webkit.org>
1414
1415         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
1416         https://bugs.webkit.org/show_bug.cgi?id=80911
1417
1418         Reviewed by Adam Barth.
1419
1420         Update the various build systems to depend on Source/WTF headers
1421         as well as remove references to Platform.h (since it's now moved).
1422
1423         * CMakeLists.txt:
1424         * JavaScriptCore.pri:
1425         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1426         * JavaScriptCore.xcodeproj/project.pbxproj:
1427         * wtf/CMakeLists.txt:
1428
1429 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
1430
1431         op_mod fails on many interesting corner cases
1432         https://bugs.webkit.org/show_bug.cgi?id=81648
1433
1434         Reviewed by Oliver Hunt.
1435         
1436         Removed most strength reduction for op_mod, and fixed the integer handling
1437         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
1438         which this patch also fixes.
1439         
1440         This patch is performance neutral on all of the major benchmarks we track.
1441
1442         * dfg/DFGOperations.cpp:
1443         * dfg/DFGOperations.h:
1444         * dfg/DFGSpeculativeJIT.cpp:
1445         (DFG):
1446         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1447         (JSC::DFG::SpeculativeJIT::compileArithMod):
1448         * jit/JIT.h:
1449         (JIT):
1450         * jit/JITArithmetic.cpp:
1451         (JSC):
1452         (JSC::JIT::emit_op_mod):
1453         (JSC::JIT::emitSlow_op_mod):
1454         * jit/JITArithmetic32_64.cpp:
1455         (JSC::JIT::emit_op_mod):
1456         (JSC::JIT::emitSlow_op_mod):
1457         * jit/JITOpcodes32_64.cpp:
1458         (JSC::JIT::privateCompileCTIMachineTrampolines):
1459         (JSC):
1460         * jit/JITStubs.h:
1461         (TrampolineStructure):
1462         (JSC::JITThunks::ctiNativeConstruct):
1463         * llint/LowLevelInterpreter64.asm:
1464         * wtf/Platform.h:
1465         * wtf/SimpleStats.h:
1466         (WTF::SimpleStats::variance):
1467
1468 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1469
1470         Windows (make based) build fix.
1471         <rdar://problem/11069015>
1472
1473         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
1474
1475 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
1476
1477         Move WTF-related Windows project files out of JavaScriptCore
1478         https://bugs.webkit.org/show_bug.cgi?id=80680
1479
1480         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
1481         It does not move any source code. This is in preparation for the WTF source move out of
1482         JavaScriptCore.
1483
1484         Reviewed by Jessie Berlin.
1485
1486         * JavaScriptCore.vcproj/JavaScriptCore.sln:
1487         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
1488         * JavaScriptCore.vcproj/WTF: Removed.
1489         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
1490         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
1491         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
1492         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
1493         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
1494         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
1495         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
1496         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
1497         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
1498         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
1499         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
1500         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
1501         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
1502         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
1503         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
1504         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
1505         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
1506         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
1507         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
1508         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
1509         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
1510         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
1511
1512 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
1513
1514         Cache the type string of JavaScript object
1515         https://bugs.webkit.org/show_bug.cgi?id=81446
1516
1517         Reviewed by Geoffrey Garen.
1518
1519         Instead of creating the JSString every time, we create
1520         lazily the strings in JSGlobalData.
1521
1522         This avoid the construction of the StringImpl and of the JSString,
1523         which gives some performance improvements.
1524
1525         * runtime/CommonIdentifiers.h:
1526         * runtime/JSValue.cpp:
1527         (JSC::JSValue::toStringSlowCase):
1528         * runtime/Operations.cpp:
1529         (JSC::jsTypeStringForValue):
1530         * runtime/SmallStrings.cpp:
1531         (JSC::SmallStrings::SmallStrings):
1532         (JSC::SmallStrings::finalizeSmallStrings):
1533         (JSC::SmallStrings::initialize):
1534         (JSC):
1535         * runtime/SmallStrings.h:
1536         (SmallStrings):
1537
1538 2012-03-20  Oliver Hunt  <oliver@apple.com>
1539
1540         Allow LLINT to work even when executable allocation fails.
1541         https://bugs.webkit.org/show_bug.cgi?id=81693
1542
1543         Reviewed by Gavin Barraclough.
1544
1545         Don't crash if executable allocation fails if we can fall back on LLINT
1546
1547         * jit/ExecutableAllocatorFixedVMPool.cpp:
1548         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
1549         * wtf/OSAllocatorPosix.cpp:
1550         (WTF::OSAllocator::reserveAndCommit):
1551
1552 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
1553
1554         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
1555         https://bugs.webkit.org/show_bug.cgi?id=81428
1556
1557         32 bit buildfix after r111355.
1558
1559         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
1560         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
1561
1562         Reviewed by Zoltan Herczeg.
1563
1564         * dfg/DFGSpeculativeJIT.cpp:
1565         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1566
1567 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
1568
1569         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
1570         https://bugs.webkit.org/show_bug.cgi?id=80983
1571
1572         Reviewed by Darin Adler.
1573
1574         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
1575         call which is useful for local debugging.
1576
1577         * wtf/Assertions.cpp:
1578         * wtf/Assertions.h:
1579
1580 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
1581
1582         Do not copy the script source in the SourceProvider, just reference the existing string
1583         https://bugs.webkit.org/show_bug.cgi?id=81466
1584
1585         Reviewed by Geoffrey Garen.
1586
1587         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
1588         * parser/SourceProvider.h: Add OVERRIDE for clarity.
1589
1590 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1591
1592         Division optimizations fail to infer cases of truncated division and
1593         mishandle -2147483648/-1
1594         https://bugs.webkit.org/show_bug.cgi?id=81428
1595         <rdar://problem/11067382>
1596
1597         Reviewed by Oliver Hunt.
1598
1599         If you're a division over integers and you're only used as an integer, then you're
1600         an integer division and remainder checks become unnecessary. If you're dividing
1601         -2147483648 by -1, don't crash.
1602
1603         * assembler/MacroAssemblerX86Common.h:
1604         (MacroAssemblerX86Common):
1605         (JSC::MacroAssemblerX86Common::add32):
1606         * dfg/DFGSpeculativeJIT.cpp:
1607         (DFG):
1608         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
1609         * dfg/DFGSpeculativeJIT.h:
1610         (SpeculativeJIT):
1611         * dfg/DFGSpeculativeJIT32_64.cpp:
1612         (JSC::DFG::SpeculativeJIT::compile):
1613         * dfg/DFGSpeculativeJIT64.cpp:
1614         (JSC::DFG::SpeculativeJIT::compile):
1615         * llint/LowLevelInterpreter64.asm:
1616
1617 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
1618
1619         Simplify SmallStrings
1620         https://bugs.webkit.org/show_bug.cgi?id=81445
1621
1622         Reviewed by Gavin Barraclough.
1623
1624         SmallStrings had two methods that should not be public: count() and clear().
1625
1626         The method clear() is effectively replaced by finalizeSmallStrings(). The body
1627         of the method was moved to the constructor since the code is obvious.
1628
1629         The method count() is unused.
1630
1631         * runtime/SmallStrings.cpp:
1632         (JSC::SmallStrings::SmallStrings):
1633         * runtime/SmallStrings.h:
1634         (SmallStrings):
1635
1636 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1637
1638         DFG can no longer compile V8-v4/regexp in debug mode
1639         https://bugs.webkit.org/show_bug.cgi?id=81592
1640
1641         Reviewed by Gavin Barraclough.
1642
1643         * dfg/DFGSpeculativeJIT32_64.cpp:
1644         (JSC::DFG::SpeculativeJIT::compile):
1645         * dfg/DFGSpeculativeJIT64.cpp:
1646         (JSC::DFG::SpeculativeJIT::compile):
1647
1648 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1649
1650         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
1651         change throughout the fixpoint
1652         https://bugs.webkit.org/show_bug.cgi?id=81583
1653
1654         Reviewed by Michael Saboff.
1655
1656         * dfg/DFGPredictionPropagationPhase.cpp:
1657         (JSC::DFG::PredictionPropagationPhase::propagate):
1658
1659 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1660
1661         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
1662         the process of being generated
1663         https://bugs.webkit.org/show_bug.cgi?id=81565
1664
1665         Reviewed by Oliver Hunt.
1666
1667         * bytecode/CodeBlock.cpp:
1668         (JSC::CodeBlock::finalizeUnconditionally):
1669
1670 2012-03-19  Eric Seidel  <eric@webkit.org>
1671
1672         Fix WTF header include discipline in Chromium WebKit
1673         https://bugs.webkit.org/show_bug.cgi?id=81281
1674
1675         Reviewed by James Robinson.
1676
1677         * JavaScriptCore.gyp/JavaScriptCore.gyp:
1678         * wtf/unicode/icu/CollatorICU.cpp:
1679
1680 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1681
1682         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
1683         https://bugs.webkit.org/show_bug.cgi?id=81556
1684
1685         Rubber stamped by Gavin Barraclough.
1686
1687         * GNUmakefile.list.am:
1688         * JavaScriptCore.xcodeproj/project.pbxproj:
1689         * dfg/DFGAbstractState.h:
1690         (JSC::DFG::AbstractState::forNode):
1691         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
1692         (JSC::DFG::AdjacencyList::AdjacencyList):
1693         (JSC::DFG::AdjacencyList::child):
1694         (JSC::DFG::AdjacencyList::setChild):
1695         (JSC::DFG::AdjacencyList::child1):
1696         (JSC::DFG::AdjacencyList::child2):
1697         (JSC::DFG::AdjacencyList::child3):
1698         (JSC::DFG::AdjacencyList::setChild1):
1699         (JSC::DFG::AdjacencyList::setChild2):
1700         (JSC::DFG::AdjacencyList::setChild3):
1701         (JSC::DFG::AdjacencyList::child1Unchecked):
1702         (JSC::DFG::AdjacencyList::initialize):
1703         (AdjacencyList):
1704         * dfg/DFGByteCodeParser.cpp:
1705         (JSC::DFG::ByteCodeParser::addVarArgChild):
1706         (JSC::DFG::ByteCodeParser::processPhiStack):
1707         * dfg/DFGCSEPhase.cpp:
1708         (JSC::DFG::CSEPhase::canonicalize):
1709         (JSC::DFG::CSEPhase::performSubstitution):
1710         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
1711         (DFG):
1712         (JSC::DFG::Edge::Edge):
1713         (JSC::DFG::Edge::operator==):
1714         (JSC::DFG::Edge::operator!=):
1715         (Edge):
1716         (JSC::DFG::operator==):
1717         (JSC::DFG::operator!=):
1718         * dfg/DFGGraph.h:
1719         (JSC::DFG::Graph::operator[]):
1720         (JSC::DFG::Graph::at):
1721         (JSC::DFG::Graph::ref):
1722         (JSC::DFG::Graph::deref):
1723         (JSC::DFG::Graph::clearAndDerefChild1):
1724         (JSC::DFG::Graph::clearAndDerefChild2):
1725         (JSC::DFG::Graph::clearAndDerefChild3):
1726         (Graph):
1727         * dfg/DFGJITCompiler.h:
1728         (JSC::DFG::JITCompiler::getPrediction):
1729         * dfg/DFGNode.h:
1730         (JSC::DFG::Node::Node):
1731         (JSC::DFG::Node::child1):
1732         (JSC::DFG::Node::child1Unchecked):
1733         (JSC::DFG::Node::child2):
1734         (JSC::DFG::Node::child3):
1735         (Node):
1736         * dfg/DFGNodeFlags.cpp:
1737         (JSC::DFG::arithNodeFlagsAsString):
1738         * dfg/DFGNodeFlags.h:
1739         (DFG):
1740         (JSC::DFG::nodeUsedAsNumber):
1741         * dfg/DFGNodeReferenceBlob.h: Removed.
1742         * dfg/DFGNodeUse.h: Removed.
1743         * dfg/DFGPredictionPropagationPhase.cpp:
1744         (JSC::DFG::PredictionPropagationPhase::propagate):
1745         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1746         (JSC::DFG::PredictionPropagationPhase::vote):
1747         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1748         * dfg/DFGScoreBoard.h:
1749         (JSC::DFG::ScoreBoard::use):
1750         * dfg/DFGSpeculativeJIT.cpp:
1751         (JSC::DFG::SpeculativeJIT::useChildren):
1752         (JSC::DFG::SpeculativeJIT::writeBarrier):
1753         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1754         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1755         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1756         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1757         * dfg/DFGSpeculativeJIT.h:
1758         (JSC::DFG::SpeculativeJIT::at):
1759         (JSC::DFG::SpeculativeJIT::canReuse):
1760         (JSC::DFG::SpeculativeJIT::use):
1761         (SpeculativeJIT):
1762         (JSC::DFG::SpeculativeJIT::speculationCheck):
1763         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1764         (JSC::DFG::IntegerOperand::IntegerOperand):
1765         (JSC::DFG::DoubleOperand::DoubleOperand):
1766         (JSC::DFG::JSValueOperand::JSValueOperand):
1767         (JSC::DFG::StorageOperand::StorageOperand):
1768         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1769         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1770         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1771         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1772         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1773         * dfg/DFGSpeculativeJIT32_64.cpp:
1774         (JSC::DFG::SpeculativeJIT::cachedPutById):
1775         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1776         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1777         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1778         (JSC::DFG::SpeculativeJIT::emitCall):
1779         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1780         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1781         * dfg/DFGSpeculativeJIT64.cpp:
1782         (JSC::DFG::SpeculativeJIT::cachedPutById):
1783         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1784         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1785         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1786         (JSC::DFG::SpeculativeJIT::emitCall):
1787         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1788         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1789
1790 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1791
1792         Object.freeze broken on latest Nightly
1793         https://bugs.webkit.org/show_bug.cgi?id=80577
1794
1795         Reviewed by Oliver Hunt.
1796
1797         * runtime/Arguments.cpp:
1798         (JSC::Arguments::defineOwnProperty):
1799             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1800             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1801         * runtime/JSFunction.cpp:
1802         (JSC::JSFunction::defineOwnProperty):
1803             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1804             the object must be extensible; this is incorrect since these properties should already exist
1805             on the object. In addition, it was asserting that the arguments/caller values must match the
1806             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1807             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1808
1809 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1810
1811         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1812         https://bugs.webkit.org/show_bug.cgi?id=81559
1813
1814         Reviewed by Michael Saboff.
1815
1816         * llint/LLIntSlowPaths.cpp:
1817         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1818
1819 2012-03-19  Yong Li  <yoli@rim.com>
1820
1821         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1822         https://bugs.webkit.org/show_bug.cgi?id=77013
1823
1824         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1825         implement memory decommitting for QNX.
1826
1827         Reviewed by Rob Buis.
1828
1829         * wtf/OSAllocatorPosix.cpp:
1830         (WTF::OSAllocator::reserveUncommitted):
1831         (WTF::OSAllocator::commit):
1832         (WTF::OSAllocator::decommit):
1833
1834 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1835
1836         Unreviewed - revent a couple of files accidentally committed.
1837
1838         * runtime/Arguments.cpp:
1839         (JSC::Arguments::defineOwnProperty):
1840         * runtime/JSFunction.cpp:
1841         (JSC::JSFunction::defineOwnProperty):
1842
1843 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1844
1845         Another Windows build fix after r111129.
1846
1847         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1848
1849 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1850
1851         Cross-platform processor core counter: fix build on FreeBSD.
1852         https://bugs.webkit.org/show_bug.cgi?id=81482
1853
1854         Reviewed by Zoltan Herczeg.
1855
1856         The documentation of sysctl(3) shows that <sys/types.h> should be
1857         included before <sys/sysctl.h> (sys/types.h tends to be the first
1858         included header in general).
1859
1860         This should fix the build on FreeBSD and other systems where
1861         sysctl.h really depends on types defined in types.h.
1862
1863         * wtf/NumberOfCores.cpp:
1864
1865 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1866
1867         Windows build fix after r111129.
1868
1869         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1870
1871 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1872
1873         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1874         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1875
1876         Reviewed by Oliver Hunt.
1877
1878         The API specifies that convertToType may opt not to handle a conversion:
1879             "@result The objects's converted value, or NULL if the object was not converted."
1880         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1881         conversion functions, and failing that call the JSObject::defaultValue function.
1882
1883         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1884         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1885         bug#73368, these will return the result from the first convertToType they find, regardless
1886         of whether this result is null, and if no convertToType method is found in the api class
1887         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1888         chain), they will also return a null pointer. This is unsafe.
1889
1890         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1891         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1892         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1893         Making the fallback work with toString/valueOf methods attached to api objects is probably
1894         not the right thing to do – instead, we should just implement the defaultValue trap for api
1895         objects.
1896
1897         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1898         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1899
1900         * API/JSCallbackFunction.cpp:
1901         (JSC::JSCallbackFunction::call):
1902             - Should be null checking the return value.
1903         (JSC):
1904             - Remove toStringCallback/valueOfCallback.
1905         * API/JSCallbackFunction.h:
1906         (JSCallbackFunction):
1907             - Remove toStringCallback/valueOfCallback.
1908         * API/JSCallbackObject.h:
1909         (JSCallbackObject):
1910             - Add defaultValue mthods to JSCallbackObject.
1911         * API/JSCallbackObjectFunctions.h:
1912         (JSC::::defaultValue):
1913             - Add defaultValue mthods to JSCallbackObject.
1914         * API/JSClassRef.cpp:
1915         (OpaqueJSClass::prototype):
1916             - Remove toStringCallback/valueOfCallback.
1917         * API/tests/testapi.js:
1918             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1919
1920 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1921
1922         [EFL] Include ICU_INCLUDE_DIRS when building.
1923         https://bugs.webkit.org/show_bug.cgi?id=81483
1924
1925         Reviewed by Daniel Bates.
1926
1927         So far, only the ICU libraries were being included when building
1928         JavaScriptCore, however the include path is also needed, otherwise the
1929         build will fail when ICU is installed into a non-standard location.
1930
1931         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1932
1933 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1934
1935         Strength reduction, RegExp.exec -> RegExp.test
1936         https://bugs.webkit.org/show_bug.cgi?id=81459
1937
1938         Reviewed by Sam Weinig.
1939
1940         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1941         expression for a match against a string - however exec is more expensive, since
1942         it allocates a matches array object. In cases where the result is consumed in a
1943         boolean context the allocation of the matches array can be trivially elided.
1944
1945         For example:
1946             function f()
1947             {
1948                 for (i =0; i < 10000000; ++i)
1949                     if(!/a/.exec("a"))
1950                         err = true;
1951             }
1952
1953         This is a 2.5x speedup on this example microbenchmark loop.
1954
1955         In a more advanced form of this optimization, we may be able to avoid allocating
1956         the array where access to the array can be observed.
1957
1958         * create_hash_table:
1959         * dfg/DFGAbstractState.cpp:
1960         (JSC::DFG::AbstractState::execute):
1961         * dfg/DFGByteCodeParser.cpp:
1962         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1963         * dfg/DFGNode.h:
1964         (JSC::DFG::Node::hasHeapPrediction):
1965         * dfg/DFGNodeType.h:
1966         (DFG):
1967         * dfg/DFGOperations.cpp:
1968         * dfg/DFGOperations.h:
1969         * dfg/DFGPredictionPropagationPhase.cpp:
1970         (JSC::DFG::PredictionPropagationPhase::propagate):
1971         * dfg/DFGSpeculativeJIT.cpp:
1972         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1973         (DFG):
1974         * dfg/DFGSpeculativeJIT.h:
1975         (JSC::DFG::SpeculativeJIT::callOperation):
1976         * dfg/DFGSpeculativeJIT32_64.cpp:
1977         (JSC::DFG::SpeculativeJIT::compile):
1978         * dfg/DFGSpeculativeJIT64.cpp:
1979         (JSC::DFG::SpeculativeJIT::compile):
1980         * jsc.cpp:
1981         (GlobalObject::addConstructableFunction):
1982         * runtime/Intrinsic.h:
1983         * runtime/JSFunction.cpp:
1984         (JSC::JSFunction::create):
1985         (JSC):
1986         * runtime/JSFunction.h:
1987         (JSFunction):
1988         * runtime/Lookup.cpp:
1989         (JSC::setUpStaticFunctionSlot):
1990         * runtime/RegExpObject.cpp:
1991         (JSC::RegExpObject::exec):
1992         (JSC::RegExpObject::match):
1993         * runtime/RegExpObject.h:
1994         (RegExpObject):
1995         * runtime/RegExpPrototype.cpp:
1996         (JSC::regExpProtoFuncTest):
1997         (JSC::regExpProtoFuncExec):
1998
1999 2012-03-16  Michael Saboff  <msaboff@apple.com>
2000
2001         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
2002         https://bugs.webkit.org/show_bug.cgi?id=81244
2003
2004         Rubber stamped by Filip Pizlo.
2005
2006         Changed type and name of JSGlobalData::m_isInitializingObject to
2007         ClassInfo* and m_initializingObjectClass.
2008         Changed JSGlobalData::setInitializingObject to
2009         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
2010         the debugger to determine what type of object is being initialized.
2011         
2012         * runtime/JSCell.h:
2013         (JSC::JSCell::finishCreation):
2014         (JSC::allocateCell):
2015         * runtime/JSGlobalData.cpp:
2016         (JSC::JSGlobalData::JSGlobalData):
2017         * runtime/JSGlobalData.h:
2018         (JSGlobalData):
2019         (JSC::JSGlobalData::isInitializingObject):
2020         (JSC::JSGlobalData::setInitializingObjectClass):
2021         * runtime/Structure.h:
2022         (JSC::JSCell::finishCreation):
2023
2024 2012-03-16  Mark Rowe  <mrowe@apple.com>
2025
2026         Build fix. Do not preserve owner and group information when installing the WTF headers.
2027
2028         * JavaScriptCore.xcodeproj/project.pbxproj:
2029
2030 2012-03-15  David Dorwin  <ddorwin@chromium.org>
2031
2032         Make the array pointer parameters in the Typed Array create() methods const.
2033         https://bugs.webkit.org/show_bug.cgi?id=81147
2034
2035         Reviewed by Kenneth Russell.
2036
2037         This allows const arrays to be passed to these methods.
2038         They use PassRefPtr<Subclass> create(), which already has a const parameter.
2039
2040         * wtf/Int16Array.h:
2041         (Int16Array):
2042         (WTF::Int16Array::create):
2043         * wtf/Int32Array.h:
2044         (Int32Array):
2045         (WTF::Int32Array::create):
2046         * wtf/Int8Array.h:
2047         (Int8Array):
2048         (WTF::Int8Array::create):
2049         * wtf/Uint16Array.h:
2050         (Uint16Array):
2051         (WTF::Uint16Array::create):
2052         * wtf/Uint32Array.h:
2053         (Uint32Array):
2054         (WTF::Uint32Array::create):
2055         * wtf/Uint8Array.h:
2056         (Uint8Array):
2057         (WTF::Uint8Array::create):
2058         * wtf/Uint8ClampedArray.h:
2059         (Uint8ClampedArray):
2060         (WTF::Uint8ClampedArray::create):
2061
2062 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
2063
2064         CopiedSpace::tryAllocateOversize assumes system page size
2065         https://bugs.webkit.org/show_bug.cgi?id=80615
2066
2067         Reviewed by Geoffrey Garen.
2068
2069         * heap/CopiedSpace.cpp:
2070         (JSC::CopiedSpace::tryAllocateOversize):
2071         * heap/CopiedSpace.h:
2072         (CopiedSpace):
2073         * heap/CopiedSpaceInlineMethods.h:
2074         (JSC::CopiedSpace::oversizeBlockFor):
2075         * wtf/BumpPointerAllocator.h:
2076         (WTF::BumpPointerPool::create):
2077         * wtf/StdLibExtras.h:
2078         (WTF::roundUpToMultipleOf):
2079
2080 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2081
2082         Fixing Windows build breakage
2083
2084         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2085
2086 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
2087
2088         [EFL] Make zlib a general build requirement
2089         https://bugs.webkit.org/show_bug.cgi?id=80153
2090
2091         Reviewed by Hajime Morita.
2092
2093         After r109538 WebSocket module needs zlib to support deflate-frame extension.
2094
2095         * wtf/Platform.h:
2096
2097 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
2098
2099         NumericStrings should be inlined
2100         https://bugs.webkit.org/show_bug.cgi?id=81183
2101
2102         Reviewed by Gavin Barraclough.
2103
2104         NumericStrings is not always inlined. When it is not, the class is not faster
2105         than using UString::number() directly.
2106
2107         * runtime/NumericStrings.h:
2108         (JSC::NumericStrings::add):
2109         (JSC::NumericStrings::lookupSmallString):
2110
2111 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
2112
2113         Fix ARM build after r110792.
2114
2115         Unreviewed build fix.
2116
2117         * jit/ExecutableAllocator.h:
2118         (JSC::ExecutableAllocator::cacheFlush):
2119         Remove superfluous curly brackets.
2120
2121 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
2122
2123         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
2124         https://bugs.webkit.org/show_bug.cgi?id=81256
2125
2126         Reviewed by Oliver Hunt.
2127
2128         This is a 0.5% sunspider progression.
2129
2130         * assembler/MacroAssemblerARMv7.h:
2131         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
2132             - switch which form of vmov we use.
2133
2134 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
2135
2136         [EFL] Add OwnPtr specialization for Ecore_Timer.
2137         https://bugs.webkit.org/show_bug.cgi?id=80119
2138
2139         Reviewed by Hajime Morita.
2140
2141         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
2142
2143         * wtf/OwnPtrCommon.h:
2144         (WTF):
2145         * wtf/efl/OwnPtrEfl.cpp:
2146         (WTF::deleteOwnedPtr):
2147         (WTF):
2148
2149 2012-03-15  Hojong Han  <hojong.han@samsung.com>
2150
2151         Linux has madvise enough to support OSAllocator::commit/decommit
2152         https://bugs.webkit.org/show_bug.cgi?id=80505
2153
2154         Reviewed by Geoffrey Garen.
2155
2156         * wtf/OSAllocatorPosix.cpp:
2157         (WTF::OSAllocator::reserveUncommitted):
2158         (WTF::OSAllocator::commit):
2159         (WTF::OSAllocator::decommit):
2160
2161 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
2162
2163         Windows build fix.
2164
2165         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
2166         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
2167         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
2168         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
2169
2170 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
2171
2172         Windows build fix.
2173
2174         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
2175
2176 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
2177
2178         Move wx port to using export macros
2179         https://bugs.webkit.org/show_bug.cgi?id=77279
2180
2181         Reviewed by Hajime Morita.
2182
2183         * wscript:
2184         * wtf/Platform.h:
2185
2186 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
2187
2188         Avoid StringImpl::getData16SlowCase() when sorting array
2189         https://bugs.webkit.org/show_bug.cgi?id=81070
2190
2191         Reviewed by Geoffrey Garen.
2192
2193         The function codePointCompare() is used intensively when sorting strings.
2194         This patch improves its performance by:
2195         -Avoiding character conversion.
2196         -Inlining the function.
2197
2198         This makes Peacekeeper's arrayCombined test 30% faster.
2199
2200         * wtf/text/StringImpl.cpp:
2201         * wtf/text/StringImpl.h:
2202         (WTF):
2203         (WTF::codePointCompare):
2204         (WTF::codePointCompare8):
2205         (WTF::codePointCompare16):
2206         (WTF::codePointCompare8To16):
2207
2208 2012-03-14  Hojong Han  <hojong.han@samsung.com>
2209
2210         Fix memory allocation failed by fastmalloc
2211         https://bugs.webkit.org/show_bug.cgi?id=79614
2212
2213         Reviewed by Geoffrey Garen.
2214
2215         Memory allocation failed even if the heap grows successfully.
2216         It is wrong to get the span only from the large list after the heap grows,
2217         because new span could be added in the normal list.
2218
2219         * wtf/FastMalloc.cpp:
2220         (WTF::TCMalloc_PageHeap::New):
2221
2222 2012-03-14  Hojong Han  <hojong.han@samsung.com>
2223
2224         Run cacheFlush page by page to assure of flushing all the requested ranges
2225         https://bugs.webkit.org/show_bug.cgi?id=77712
2226
2227         Reviewed by Geoffrey Garen.
2228
2229         Current MetaAllocator concept, always coalesces adjacent free spaces,
2230         doesn't meet memory management of Linux kernel.
2231         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
2232         Therefore cacheFlush page by page guarantees a flush-requested range.
2233
2234         * jit/ExecutableAllocator.h:
2235         (JSC::ExecutableAllocator::cacheFlush):
2236
2237 2012-03-14  Oliver Hunt  <oliver@apple.com>
2238
2239         Make ARMv7 work again
2240         https://bugs.webkit.org/show_bug.cgi?id=81157
2241
2242         Reviewed by Geoffrey Garen.
2243
2244         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
2245         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
2246         nefarious purposes.
2247
2248         * assembler/MacroAssembler.h:
2249         (JSC::MacroAssembler::store32):
2250         * assembler/MacroAssemblerARMv7.h:
2251         (MacroAssemblerARMv7):
2252
2253 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2254
2255         Heap::destroy leaks CopiedSpace
2256         https://bugs.webkit.org/show_bug.cgi?id=81055
2257
2258         Reviewed by Geoffrey Garen.
2259
2260         Added a destroy() function to CopiedSpace that moves all normal size 
2261         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
2262         as well as deallocates all of the oversize blocks in the CopiedSpace. 
2263         This function is now called in Heap::destroy().
2264
2265         * heap/CopiedSpace.cpp:
2266         (JSC::CopiedSpace::destroy):
2267         (JSC):
2268         * heap/CopiedSpace.h:
2269         (CopiedSpace):
2270         * heap/Heap.cpp:
2271         (JSC::Heap::destroy):
2272
2273 2012-03-14  Andrew Lo  <anlo@rim.com>
2274
2275         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
2276         https://bugs.webkit.org/show_bug.cgi?id=81000
2277
2278         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
2279
2280         Reviewed by Antonio Gomes.
2281
2282         * wtf/Platform.h:
2283
2284 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2285
2286         ValueToInt32 speculation will cause OSR exits even when it does not have to
2287         https://bugs.webkit.org/show_bug.cgi?id=81068
2288         <rdar://problem/11043926>
2289
2290         Reviewed by Anders Carlsson.
2291         
2292         Two related changes:
2293         1) ValueToInt32 will now always just defer to the non-speculative path, instead
2294            of exiting, if it doesn't know what speculations to perform.
2295         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
2296
2297         * dfg/DFGAbstractState.cpp:
2298         (JSC::DFG::AbstractState::execute):
2299         * dfg/DFGNode.h:
2300         (JSC::DFG::Node::shouldSpeculateBoolean):
2301         (Node):
2302         * dfg/DFGSpeculativeJIT.cpp:
2303         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2304
2305 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2306
2307         More Windows build fixing
2308
2309         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2310
2311 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2312
2313         Windows build fix
2314
2315         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2316
2317 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
2318
2319         Type conversion of exponential part failed
2320         https://bugs.webkit.org/show_bug.cgi?id=80673
2321
2322         Reviewed by Geoffrey Garen.
2323
2324         * parser/Lexer.cpp:
2325         (JSC::::lex):
2326         * runtime/JSGlobalObjectFunctions.cpp:
2327         (JSC::parseInt):
2328         (JSC):
2329         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
2330         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
2331         parameter for strtod to allow trailing spaces.
2332         (JSC::toDouble):
2333         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
2334         * runtime/LiteralParser.cpp:
2335         (JSC::::Lexer::lexNumber):
2336         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
2337         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
2338         * wtf/dtoa.cpp:
2339         (WTF):
2340         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
2341         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
2342         * wtf/dtoa.h:
2343         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
2344         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
2345         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
2346         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
2347         * wtf/text/WTFString.cpp:
2348         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
2349
2350 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2351
2352         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
2353         Removing the assert for now.
2354
2355         * dfg/DFGOperations.h:
2356         * llint/LLIntSlowPaths.h:
2357
2358 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2359
2360         Functions with C linkage should return POD types
2361         https://bugs.webkit.org/show_bug.cgi?id=81061
2362
2363         Reviewed by Mark Rowe.
2364
2365         * dfg/DFGOperations.h:
2366         * llint/LLIntSlowPaths.h:
2367         (LLInt):
2368         (SlowPathReturnType):
2369         (JSC::LLInt::encodeResult):
2370
2371 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
2372
2373         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
2374         https://bugs.webkit.org/show_bug.cgi?id=80979
2375         <rdar://problem/11036848>
2376
2377         Reviewed by Oliver Hunt.
2378         
2379         Also improved DFG IR dumping to include type information in a somewhat more
2380         intuitive way.
2381
2382         * bytecode/PredictedType.cpp:
2383         (JSC::predictionToAbbreviatedString):
2384         (JSC):
2385         * bytecode/PredictedType.h:
2386         (JSC):
2387         * dfg/DFGAbstractState.cpp:
2388         (JSC::DFG::AbstractState::execute):
2389         * dfg/DFGGraph.cpp:
2390         (JSC::DFG::Graph::dump):
2391         * dfg/DFGPredictionPropagationPhase.cpp:
2392         (JSC::DFG::PredictionPropagationPhase::propagate):
2393         * dfg/DFGSpeculativeJIT.cpp:
2394         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2395         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2396         * dfg/DFGSpeculativeJIT.h:
2397         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
2398
2399 2012-03-13  George Staikos  <staikos@webkit.org>
2400
2401         The callback is only used if SA_RESTART is defined.  Compile it out
2402         otherwise to avoid a warning.
2403         https://bugs.webkit.org/show_bug.cgi?id=80926
2404
2405         Reviewed by Alexey Proskuryakov.
2406
2407         * heap/MachineStackMarker.cpp:
2408         (JSC):
2409
2410 2012-03-13  Hojong Han  <hojong.han@samsung.com>
2411
2412         Dump the generated code for ARM_TRADITIONAL
2413         https://bugs.webkit.org/show_bug.cgi?id=80975
2414
2415         Reviewed by Gavin Barraclough.
2416
2417         * assembler/LinkBuffer.h:
2418         (JSC::LinkBuffer::dumpCode):
2419
2420 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
2421
2422         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
2423         https://bugs.webkit.org/show_bug.cgi?id=78853
2424
2425         Reviewed by Adam Barth.
2426
2427         * Configurations/FeatureDefines.xcconfig:
2428         * wtf/Platform.h:
2429
2430 2012-03-13  Kwonjin Jeong  <gram@company100.net>
2431
2432         Remove SlotVisitor::copy() method.
2433         https://bugs.webkit.org/show_bug.cgi?id=80973
2434
2435         Reviewed by Geoffrey Garen.
2436
2437         SlotVisitor::copy() method isn't called anywhere.
2438
2439         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
2440         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
2441
2442 2012-03-12  Hojong Han  <hojong.han@samsung.com>
2443
2444         Fix test cases for RegExp multiline
2445         https://bugs.webkit.org/show_bug.cgi?id=80822
2446
2447         Reviewed by Gavin Barraclough.
2448
2449         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
2450         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
2451         * tests/mozilla/js1_2/regexp/beginLine.js:
2452         * tests/mozilla/js1_2/regexp/endLine.js:
2453
2454 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2455
2456         Arithmetic use inference should be procedure-global and should run in tandem
2457         with type propagation
2458         https://bugs.webkit.org/show_bug.cgi?id=80819
2459         <rdar://problem/11034006>
2460
2461         Reviewed by Gavin Barraclough.
2462         
2463         * CMakeLists.txt:
2464         * GNUmakefile.list.am:
2465         * JavaScriptCore.xcodeproj/project.pbxproj:
2466         * Target.pri:
2467         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
2468         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
2469         * dfg/DFGDriver.cpp:
2470         (JSC::DFG::compile):
2471         * dfg/DFGPredictionPropagationPhase.cpp:
2472         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
2473         (PredictionPropagationPhase):
2474         (JSC::DFG::PredictionPropagationPhase::isNotZero):
2475         (JSC::DFG::PredictionPropagationPhase::propagate):
2476         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
2477         * dfg/DFGVariableAccessData.h:
2478         (JSC::DFG::VariableAccessData::VariableAccessData):
2479         (JSC::DFG::VariableAccessData::flags):
2480         (VariableAccessData):
2481         (JSC::DFG::VariableAccessData::mergeFlags):
2482
2483 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2484
2485         Node::op and Node::flags should be private
2486         https://bugs.webkit.org/show_bug.cgi?id=80824
2487         <rdar://problem/11033435>
2488
2489         Reviewed by Gavin Barraclough.
2490
2491         * CMakeLists.txt:
2492         * GNUmakefile.list.am:
2493         * JavaScriptCore.xcodeproj/project.pbxproj:
2494         * Target.pri:
2495         * dfg/DFGAbstractState.cpp:
2496         (JSC::DFG::AbstractState::initialize):
2497         (JSC::DFG::AbstractState::execute):
2498         (JSC::DFG::AbstractState::mergeStateAtTail):
2499         (JSC::DFG::AbstractState::mergeToSuccessors):
2500         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2501         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2502         * dfg/DFGByteCodeParser.cpp:
2503         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2504         (JSC::DFG::ByteCodeParser::getLocal):
2505         (JSC::DFG::ByteCodeParser::getArgument):
2506         (JSC::DFG::ByteCodeParser::flushArgument):
2507         (JSC::DFG::ByteCodeParser::toInt32):
2508         (JSC::DFG::ByteCodeParser::isJSConstant):
2509         (JSC::DFG::ByteCodeParser::makeSafe):
2510         (JSC::DFG::ByteCodeParser::makeDivSafe):
2511         (JSC::DFG::ByteCodeParser::handleInlining):
2512         (JSC::DFG::ByteCodeParser::parseBlock):
2513         (JSC::DFG::ByteCodeParser::processPhiStack):
2514         (JSC::DFG::ByteCodeParser::linkBlock):
2515         * dfg/DFGCFAPhase.cpp:
2516         (JSC::DFG::CFAPhase::performBlockCFA):
2517         * dfg/DFGCSEPhase.cpp:
2518         (JSC::DFG::CSEPhase::canonicalize):
2519         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2520         (JSC::DFG::CSEPhase::pureCSE):
2521         (JSC::DFG::CSEPhase::byValIsPure):
2522         (JSC::DFG::CSEPhase::clobbersWorld):
2523         (JSC::DFG::CSEPhase::impureCSE):
2524         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2525         (JSC::DFG::CSEPhase::getByValLoadElimination):
2526         (JSC::DFG::CSEPhase::checkFunctionElimination):
2527         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
2528         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2529         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2530         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2531         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
2532         (JSC::DFG::CSEPhase::performNodeCSE):
2533         * dfg/DFGGraph.cpp:
2534         (JSC::DFG::Graph::dump):
2535         (DFG):
2536         * dfg/DFGGraph.h:
2537         (JSC::DFG::Graph::addShouldSpeculateInteger):
2538         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2539         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2540         * dfg/DFGNode.cpp: Removed.
2541         * dfg/DFGNode.h:
2542         (DFG):
2543         (JSC::DFG::Node::Node):
2544         (Node):
2545         (JSC::DFG::Node::op):
2546         (JSC::DFG::Node::flags):
2547         (JSC::DFG::Node::setOp):
2548         (JSC::DFG::Node::setFlags):
2549         (JSC::DFG::Node::mergeFlags):
2550         (JSC::DFG::Node::filterFlags):
2551         (JSC::DFG::Node::clearFlags):
2552         (JSC::DFG::Node::setOpAndDefaultFlags):
2553         (JSC::DFG::Node::mustGenerate):
2554         (JSC::DFG::Node::isConstant):
2555         (JSC::DFG::Node::isWeakConstant):
2556         (JSC::DFG::Node::valueOfJSConstant):
2557         (JSC::DFG::Node::hasVariableAccessData):
2558         (JSC::DFG::Node::hasIdentifier):
2559         (JSC::DFG::Node::resolveGlobalDataIndex):
2560         (JSC::DFG::Node::hasArithNodeFlags):
2561         (JSC::DFG::Node::arithNodeFlags):
2562         (JSC::DFG::Node::setArithNodeFlag):
2563         (JSC::DFG::Node::mergeArithNodeFlags):
2564         (JSC::DFG::Node::hasConstantBuffer):
2565         (JSC::DFG::Node::hasRegexpIndex):
2566         (JSC::DFG::Node::hasVarNumber):
2567         (JSC::DFG::Node::hasScopeChainDepth):
2568         (JSC::DFG::Node::hasResult):
2569         (JSC::DFG::Node::hasInt32Result):
2570         (JSC::DFG::Node::hasNumberResult):
2571         (JSC::DFG::Node::hasJSResult):
2572         (JSC::DFG::Node::hasBooleanResult):
2573         (JSC::DFG::Node::isJump):
2574         (JSC::DFG::Node::isBranch):
2575         (JSC::DFG::Node::isTerminal):
2576         (JSC::DFG::Node::hasHeapPrediction):
2577         (JSC::DFG::Node::hasFunctionCheckData):
2578         (JSC::DFG::Node::hasStructureTransitionData):
2579         (JSC::DFG::Node::hasStructureSet):
2580         (JSC::DFG::Node::hasStorageAccessData):
2581         (JSC::DFG::Node::hasFunctionDeclIndex):
2582         (JSC::DFG::Node::hasFunctionExprIndex):
2583         (JSC::DFG::Node::child1):
2584         (JSC::DFG::Node::child2):
2585         (JSC::DFG::Node::child3):
2586         (JSC::DFG::Node::firstChild):
2587         (JSC::DFG::Node::numChildren):
2588         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
2589         * dfg/DFGNodeFlags.h: Added.
2590         (DFG):
2591         (JSC::DFG::nodeUsedAsNumber):
2592         (JSC::DFG::nodeCanTruncateInteger):
2593         (JSC::DFG::nodeCanIgnoreNegativeZero):
2594         (JSC::DFG::nodeMayOverflow):
2595         (JSC::DFG::nodeCanSpeculateInteger):
2596         * dfg/DFGNodeType.h: Added.
2597         (DFG):
2598         (JSC::DFG::defaultFlags):
2599         * dfg/DFGPredictionPropagationPhase.cpp:
2600         (JSC::DFG::PredictionPropagationPhase::propagate):
2601         (JSC::DFG::PredictionPropagationPhase::vote):
2602         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2603         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2604         * dfg/DFGRedundantPhiEliminationPhase.cpp:
2605         (JSC::DFG::RedundantPhiEliminationPhase::run):
2606         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2607         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2608         * dfg/DFGSpeculativeJIT.cpp:
2609         (JSC::DFG::SpeculativeJIT::useChildren):
2610         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2611         (JSC::DFG::SpeculativeJIT::compileMovHint):
2612         (JSC::DFG::SpeculativeJIT::compile):
2613         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2614         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2615         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2616         (JSC::DFG::SpeculativeJIT::compileAdd):
2617         (JSC::DFG::SpeculativeJIT::compare):
2618         * dfg/DFGSpeculativeJIT.h:
2619         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2620         * dfg/DFGSpeculativeJIT32_64.cpp:
2621         (JSC::DFG::SpeculativeJIT::emitCall):
2622         (JSC::DFG::SpeculativeJIT::compile):
2623         * dfg/DFGSpeculativeJIT64.cpp:
2624         (JSC::DFG::SpeculativeJIT::emitCall):
2625         (JSC::DFG::SpeculativeJIT::compile):
2626         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2627         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2628
2629 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
2630
2631         Minor DataLog fixes
2632         https://bugs.webkit.org/show_bug.cgi?id=80826
2633
2634         Reviewed by Andreas Kling.
2635
2636         * bytecode/ExecutionCounter.cpp:
2637         Do not include DataLog.h, it is not used.
2638         
2639         * jit/ExecutableAllocator.cpp:
2640         Ditto.
2641
2642         * wtf/DataLog.cpp:
2643         (WTF::initializeLogFileOnce):
2644         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
2645
2646         * wtf/HashTable.cpp:
2647         Include DataLog as it is used.
2648
2649 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
2650
2651         Integer overflow check code in arithmetic operation in classic interpreter
2652         https://bugs.webkit.org/show_bug.cgi?id=80465
2653
2654         Reviewed by Gavin Barraclough.
2655
2656         * interpreter/Interpreter.cpp:
2657         (JSC::Interpreter::privateExecute):
2658
2659 2012-03-12  Zeno Albisser  <zeno@webkit.org>
2660
2661         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
2662         https://bugs.webkit.org/show_bug.cgi?id=80827
2663
2664         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
2665
2666         Reviewed by Simon Hausmann.
2667
2668         * wtf/Platform.h:
2669
2670 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
2671
2672         Unreviewed prospective Qt/Mac build fix
2673
2674         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
2675         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
2676         constructor.
2677
2678 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
2679
2680         All DFG nodes should have a mutable set of flags
2681         https://bugs.webkit.org/show_bug.cgi?id=80779
2682         <rdar://problem/11026218>
2683
2684         Reviewed by Gavin Barraclough.
2685         
2686         Got rid of NodeId, and placed all of the flags that distinguished NodeId
2687         from NodeType into a separate Node::flags field. Combined what was previously
2688         ArithNodeFlags into Node::flags.
2689         
2690         In the process of debugging, I found that the debug support in the virtual
2691         register allocator was lacking, so I improved it. I also realized that the
2692         virtual register allocator was assuming that the nodes in a basic block were
2693         contiguous, which is no longer the case. So I fixed that. The fix also made
2694         it natural to have more extreme assertions, so I added them. I suspect this
2695         will make it easier to catch virtual register allocation bugs in the future.
2696         
2697         This is mostly performance neutral; if anything it looks like a slight
2698         speed-up.
2699         
2700         This patch does leave some work for future refactorings; for example, Node::op
2701         is unencapsulated. This was already the case, though now it feels even more
2702         like it should be. I avoided doing that because this patch has already grown
2703         way bigger than I wanted.
2704         
2705         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
2706         move some unnecessarily inline stuff out of DFGNode.h.
2707
2708         * CMakeLists.txt:
2709         * GNUmakefile.list.am:
2710         * JavaScriptCore.xcodeproj/project.pbxproj:
2711         * Target.pri:
2712         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2713         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2714         * dfg/DFGByteCodeParser.cpp:
2715         (JSC::DFG::ByteCodeParser::addToGraph):
2716         (JSC::DFG::ByteCodeParser::makeSafe):
2717         (JSC::DFG::ByteCodeParser::makeDivSafe):
2718         (JSC::DFG::ByteCodeParser::handleMinMax):
2719         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2720         (JSC::DFG::ByteCodeParser::parseBlock):
2721         * dfg/DFGCFAPhase.cpp:
2722         (JSC::DFG::CFAPhase::performBlockCFA):
2723         * dfg/DFGCSEPhase.cpp:
2724         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2725         (JSC::DFG::CSEPhase::pureCSE):
2726         (JSC::DFG::CSEPhase::clobbersWorld):
2727         (JSC::DFG::CSEPhase::impureCSE):
2728         (JSC::DFG::CSEPhase::setReplacement):
2729         (JSC::DFG::CSEPhase::eliminate):
2730         (JSC::DFG::CSEPhase::performNodeCSE):
2731         (JSC::DFG::CSEPhase::performBlockCSE):
2732         (CSEPhase):
2733         * dfg/DFGGraph.cpp:
2734         (JSC::DFG::Graph::opName):
2735         (JSC::DFG::Graph::dump):
2736         (DFG):
2737         * dfg/DFGNode.cpp: Added.
2738         (DFG):
2739         (JSC::DFG::arithNodeFlagsAsString):
2740         * dfg/DFGNode.h:
2741         (DFG):
2742         (JSC::DFG::nodeUsedAsNumber):
2743         (JSC::DFG::nodeCanTruncateInteger):
2744         (JSC::DFG::nodeCanIgnoreNegativeZero):
2745         (JSC::DFG::nodeMayOverflow):
2746         (JSC::DFG::nodeCanSpeculateInteger):
2747         (JSC::DFG::defaultFlags):
2748         (JSC::DFG::Node::Node):
2749         (Node):
2750         (JSC::DFG::Node::setOpAndDefaultFlags):
2751         (JSC::DFG::Node::mustGenerate):
2752         (JSC::DFG::Node::arithNodeFlags):
2753         (JSC::DFG::Node::setArithNodeFlag):
2754         (JSC::DFG::Node::mergeArithNodeFlags):
2755         (JSC::DFG::Node::hasResult):
2756         (JSC::DFG::Node::hasInt32Result):
2757         (JSC::DFG::Node::hasNumberResult):
2758         (JSC::DFG::Node::hasJSResult):
2759         (JSC::DFG::Node::hasBooleanResult):
2760         (JSC::DFG::Node::isJump):
2761         (JSC::DFG::Node::isBranch):
2762         (JSC::DFG::Node::isTerminal):
2763         (JSC::DFG::Node::child1):
2764         (JSC::DFG::Node::child2):
2765         (JSC::DFG::Node::child3):
2766         (JSC::DFG::Node::firstChild):
2767         (JSC::DFG::Node::numChildren):
2768         * dfg/DFGPredictionPropagationPhase.cpp:
2769         (JSC::DFG::PredictionPropagationPhase::propagate):
2770         (JSC::DFG::PredictionPropagationPhase::vote):
2771         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2772         * dfg/DFGScoreBoard.h:
2773         (ScoreBoard):
2774         (JSC::DFG::ScoreBoard::~ScoreBoard):
2775         (JSC::DFG::ScoreBoard::assertClear):
2776         (JSC::DFG::ScoreBoard::use):
2777         * dfg/DFGSpeculativeJIT.cpp:
2778         (JSC::DFG::SpeculativeJIT::useChildren):
2779         * dfg/DFGSpeculativeJIT32_64.cpp:
2780         (JSC::DFG::SpeculativeJIT::compile):
2781         * dfg/DFGSpeculativeJIT64.cpp:
2782         (JSC::DFG::SpeculativeJIT::compile):
2783         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2784         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2785
2786 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2787
2788         LLInt should support JSVALUE64
2789         https://bugs.webkit.org/show_bug.cgi?id=79609
2790         <rdar://problem/10063437>
2791
2792         Reviewed by Gavin Barraclough and Oliver Hunt.
2793         
2794         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2795         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2796         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2797         specialized for value representation.
2798         
2799         Also made some minor changes to offlineasm and the slow-paths.
2800
2801         * llint/LLIntData.cpp:
2802         (JSC::LLInt::Data::performAssertions):
2803         * llint/LLIntEntrypoints.cpp:
2804         * llint/LLIntSlowPaths.cpp:
2805         (LLInt):
2806         (JSC::LLInt::llint_trace_value):
2807         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2808         (JSC::LLInt::jitCompileAndSetHeuristics):
2809         * llint/LLIntSlowPaths.h:
2810         (LLInt):
2811         (SlowPathReturnType):
2812         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2813         (JSC::LLInt::encodeResult):
2814         * llint/LLIntThunks.cpp:
2815         * llint/LowLevelInterpreter.asm:
2816         * llint/LowLevelInterpreter32_64.asm:
2817         * llint/LowLevelInterpreter64.asm:
2818         * offlineasm/armv7.rb:
2819         * offlineasm/asm.rb:
2820         * offlineasm/ast.rb:
2821         * offlineasm/backends.rb:
2822         * offlineasm/instructions.rb:
2823         * offlineasm/parser.rb:
2824         * offlineasm/registers.rb:
2825         * offlineasm/transform.rb:
2826         * offlineasm/x86.rb:
2827         * wtf/Platform.h:
2828
2829 2012-03-10  Yong Li  <yoli@rim.com>
2830
2831         Web Worker crashes with WX_EXCLUSIVE
2832         https://bugs.webkit.org/show_bug.cgi?id=80532
2833
2834         Let each JS global object own a meta allocator
2835         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2836         Also fix a mutex leak in MetaAllocator's dtor.
2837
2838         Reviewed by Filip Pizlo.
2839
2840         * jit/ExecutableAllocator.cpp:
2841         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2842         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2843         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2844         (DemandExecutableAllocator):
2845         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2846         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2847         (JSC::DemandExecutableAllocator::allocateNewSpace):
2848         (JSC::DemandExecutableAllocator::allocators):
2849         (JSC::DemandExecutableAllocator::allocatorsMutex):
2850         (JSC):
2851         (JSC::ExecutableAllocator::initializeAllocator):
2852         (JSC::ExecutableAllocator::ExecutableAllocator):
2853         (JSC::ExecutableAllocator::underMemoryPressure):
2854         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2855         (JSC::ExecutableAllocator::allocate):
2856         (JSC::ExecutableAllocator::committedByteCount):
2857         (JSC::ExecutableAllocator::dumpProfile):
2858         * jit/ExecutableAllocator.h:
2859         (JSC):
2860         (ExecutableAllocator):
2861         (JSC::ExecutableAllocator::allocator):
2862         * wtf/MetaAllocator.h:
2863         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2864         * wtf/TCSpinLock.h:
2865         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2866
2867 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2868
2869         Object.freeze broken on latest Nightly
2870         https://bugs.webkit.org/show_bug.cgi?id=80577
2871
2872         Reviewed by Oliver Hunt.
2873
2874         The problem here is that deleteProperty rejects deletion of prototype.
2875         This is correct in most cases, however defineOwnPropery is presently
2876         implemented internally to ensure the attributes change by deleting the
2877         old property, and creating a new one.
2878
2879         * runtime/JSFunction.cpp:
2880         (JSC::JSFunction::deleteProperty):
2881             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2882
2883 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2884
2885         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2886         https://bugs.webkit.org/show_bug.cgi?id=80663
2887
2888         Reviewed by Michael Saboff.
2889
2890         The bug here is actually that we're continuing to process the array after an exception
2891         has been thrown, and that the second value throw is overriding the first.
2892
2893         * runtime/ArrayPrototype.cpp:
2894         (JSC::arrayProtoFuncToLocaleString):
2895
2896 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2897
2898         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2899         https://bugs.webkit.org/show_bug.cgi?id=80080
2900
2901         Reviewed by Filip Pizlo.
2902
2903         * bytecode/SamplingTool.cpp:
2904         (JSC::SamplingRegion::Locker::Locker):
2905         (JSC::SamplingRegion::Locker::~Locker):
2906         * bytecode/SamplingTool.h:
2907         (JSC::SamplingRegion::exchangeCurrent):
2908         * wtf/Atomics.h:
2909         (WTF):
2910         (WTF::weakCompareAndSwap):
2911         (WTF::weakCompareAndSwapUIntPtr):
2912
2913 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2914
2915         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2916         https://bugs.webkit.org/show_bug.cgi?id=49989
2917
2918         Reviewed by Oliver Hunt.
2919
2920         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2921         allow the year to appear before the timezone in date strings.
2922
2923         * wtf/DateMath.cpp:
2924         (WTF::parseDateFromNullTerminatedCharacters):
2925
2926 2012-03-09  Mark Rowe  <mrowe@apple.com>
2927
2928         Ensure that the WTF headers are copied at installhdrs time.
2929
2930         Reviewed by Dan Bernstein and Jessie Berlin.
2931
2932         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2933         so that our script phases are invoked at installhdrs time. The only one that
2934         does any useful work at that time is the one that installs WTF headers.
2935
2936 2012-03-09  Jon Lee  <jonlee@apple.com>
2937
2938         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2939         https://bugs.webkit.org/show_bug.cgi?id=80497
2940
2941         Reviewed by Adam Barth.
2942
2943         Prep for b80472: Update API for Web Notifications
2944         * Configurations/FeatureDefines.xcconfig:
2945
2946 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2947
2948         Bash scripts should support LF endings only
2949         https://bugs.webkit.org/show_bug.cgi?id=79509
2950
2951         Reviewed by David Kilzer.
2952
2953         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2954         * gyp/run-if-exists.sh: Added property svn:eol-style.
2955         * gyp/update-info-plist.sh: Added property svn:eol-style.
2956
2957 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2958
2959         Windows debug build fix.
2960
2961         * assembler/MacroAssembler.h:
2962         (JSC::MacroAssembler::shouldBlind):
2963         Fix unreachable code warnings (which we treat as errors).
2964
2965 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2966
2967         Reviewed by Zoltan Herczeg.
2968
2969         [Qt] Fix the SH4 build after r109834
2970         https://bugs.webkit.org/show_bug.cgi?id=80492
2971
2972         * assembler/MacroAssemblerSH4.h:
2973         (JSC::MacroAssemblerSH4::branchAdd32):
2974         (JSC::MacroAssemblerSH4::branchSub32):
2975
2976 2012-03-09  Andy Wingo  <wingo@igalia.com>
2977
2978         Refactor code feature analysis in the parser
2979         https://bugs.webkit.org/show_bug.cgi?id=79112
2980
2981         Reviewed by Geoffrey Garen.
2982
2983         This commit refactors the parser to more uniformly propagate flag
2984         bits down and up the parse process, as the parser descends and
2985         returns into nested blocks.  Some flags get passed town to
2986         subscopes, some apply to specific scopes only, and some get
2987         unioned up after parsing subscopes.
2988
2989         The goal is to eventually be very precise with scoping
2990         information, once we have block scopes: one block scope might use
2991         `eval', which would require the emission of a symbol table within
2992         that block and containing blocks, whereas another block in the
2993         same function might not, allowing us to not emit a symbol table.
2994
2995         * parser/Nodes.h:
2996         (JSC::ScopeFlags): Rename from CodeFeatures.
2997         (JSC::ScopeNode::addScopeFlags):
2998         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2999         (JSC::ScopeNode::isStrictMode):
3000         (JSC::ScopeNode::usesEval):
3001         (JSC::ScopeNode::usesArguments):
3002         (JSC::ScopeNode::setUsesArguments):
3003         (JSC::ScopeNode::usesThis):
3004         (JSC::ScopeNode::needsActivationForMoreThanVariables):
3005         (JSC::ScopeNode::needsActivation): Refactor these accessors to
3006         operate on the m_scopeFlags member.
3007         (JSC::ScopeNode::source):
3008         (JSC::ScopeNode::sourceURL):
3009         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
3010         semantic change.
3011         (JSC::ScopeNode::ScopeNode)
3012         (JSC::ProgramNode::ProgramNode)
3013         (JSC::EvalNode::EvalNode)
3014         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
3015         take a ScopeFlags as an argument, instead of a bool inStrictContext.
3016
3017         * parser/Nodes.cpp:
3018         (JSC::ScopeNode::ScopeNode):
3019         (JSC::ProgramNode::ProgramNode):
3020         (JSC::ProgramNode::create):
3021         (JSC::EvalNode::EvalNode):
3022         (JSC::EvalNode::create):
3023         (JSC::FunctionBodyNode::FunctionBodyNode):
3024         (JSC::FunctionBodyNode::create): Adapt constructors to change.
3025
3026         * parser/ASTBuilder.h:
3027         (JSC::ASTBuilder::ASTBuilder):
3028         (JSC::ASTBuilder::thisExpr):
3029         (JSC::ASTBuilder::createResolve):
3030         (JSC::ASTBuilder::createFunctionBody):
3031         (JSC::ASTBuilder::createFuncDeclStatement):
3032         (JSC::ASTBuilder::createTryStatement):
3033         (JSC::ASTBuilder::createWithStatement):
3034         (JSC::ASTBuilder::addVar):
3035         (JSC::ASTBuilder::Scope::Scope):
3036         (Scope):
3037         (ASTBuilder):
3038         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
3039         features here.  Instead rely on the base Parser mechanism to track
3040         features.
3041
3042         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
3043
3044         * parser/Parser.h:
3045         (JSC::Scope::Scope): Manage scope through flags, not
3046         bit-booleans.  This lets us uniformly propagate them up and down.
3047         (JSC::Scope::declareWrite):
3048         (JSC::Scope::declareParameter):
3049         (JSC::Scope::useVariable):
3050         (JSC::Scope::collectFreeVariables):
3051         (JSC::Scope::getCapturedVariables):
3052         (JSC::Scope::saveFunctionInfo):
3053         (JSC::Scope::restoreFunctionInfo):
3054         (JSC::Parser::pushScope): Adapt to use scope flags and their
3055         accessors instead of bit-booleans.
3056         * parser/Parser.cpp:
3057         (JSC::::Parser):
3058         (JSC::::parseInner):
3059         (JSC::::didFinishParsing):
3060         (JSC::::parseSourceElements):
3061         (JSC::::parseVarDeclarationList):
3062         (JSC::::parseConstDeclarationList):
3063         (JSC::::parseWithStatement):
3064         (JSC::::parseTryStatement):
3065         (JSC::::parseFunctionBody):
3066         (JSC::::parseFunctionInfo):
3067         (JSC::::parseFunctionDeclaration):
3068         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
3069         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
3070         Does not seem to have a performance impact.
3071
3072         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
3073         Cache the scopeflags.
3074         * parser/SyntaxChecker.h: Remove evalCount() decl.
3075
3076         * runtime/Executable.cpp:
3077         (JSC::EvalExecutable::compileInternal):
3078         (JSC::ProgramExecutable::compileInternal):
3079         (JSC::FunctionExecutable::produceCodeBlockFor):
3080         * runtime/Executable.h:
3081         (JSC::ScriptExecutable::ScriptExecutable):
3082         (JSC::ScriptExecutable::usesEval):
3083         (JSC::ScriptExecutable::usesArguments):
3084         (JSC::ScriptExecutable::needsActivation):
3085         (JSC::ScriptExecutable::isStrictMode):
3086         (JSC::ScriptExecutable::recordParse):
3087         (ScriptExecutable): ScopeFlags, not features.
3088
3089 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
3090
3091         Build fix for MSVC after r110266
3092
3093         Unreviewed. A #ifdef for MSVC was left over in r110266.
3094
3095         * runtime/RegExpObject.h:
3096         (RegExpObject):
3097
3098 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
3099
3100         Allocate the RegExpObject's data with the Cell
3101         https://bugs.webkit.org/show_bug.cgi?id=80654
3102
3103         Reviewed by Gavin Barraclough.
3104
3105         This patch removes the creation of RegExpObject's data to avoid the overhead
3106         create by the allocation and destruction.
3107
3108         We RegExp are created repeatedly, this provides some performance improvment.
3109         The PeaceKeeper test stringDetectBrowser improves by 10%.
3110
3111         * runtime/RegExpObject.cpp:
3112         (JSC::RegExpObject::RegExpObject):
3113         (JSC::RegExpObject::visitChildren):
3114         (JSC::RegExpObject::getOwnPropertyDescriptor):
3115         (JSC::RegExpObject::defineOwnProperty):
3116         (JSC::RegExpObject::match):
3117         * runtime/RegExpObject.h:
3118         (JSC::RegExpObject::setRegExp):
3119         (JSC::RegExpObject::regExp):
3120         (JSC::RegExpObject::setLastIndex):
3121         (JSC::RegExpObject::getLastIndex):
3122         (RegExpObject):
3123
3124 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
3125
3126         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
3127         https://bugs.webkit.org/show_bug.cgi?id=80657
3128         
3129         Preparation for WTF separation from JavaScriptCore.
3130         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
3131         dependencies for generated files.
3132         
3133         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
3134         versions of the WTF code independent of the JavaScriptCore code.
3135
3136         Reviewed by Jessie Berlin.
3137
3138         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
3139         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
3140         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
3141         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
3142         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
3143         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
3144         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
3145         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
3146         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
3147         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
3148         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
3149         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
3150         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
3151         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
3152         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
3153         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
3154         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
3155         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
3156         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
3157         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
3158         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
3159
3160 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
3161
3162         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
3163         https://bugs.webkit.org/show_bug.cgi?id=80652
3164
3165         Reviewed by Eric Seidel.
3166
3167         Fix the header, URLSegments.h is not part of the API.
3168
3169         * wtf/url/api/ParsedURL.h:
3170
3171 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
3172
3173         Mac build fix for micro data API.
3174
3175         * Configurations/FeatureDefines.xcconfig:
3176
3177 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
3178
3179         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
3180         https://bugs.webkit.org/show_bug.cgi?id=26890
3181
3182         Reviewed by Oliver Hunt.
3183
3184         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
3185
3186         * runtime/StringPrototype.cpp:
3187         (JSC::replaceUsingRegExpSearch):
3188         (JSC::stringProtoFuncMatch):
3189             - added calls to setLastIndex.
3190
3191 2012-03-08  Matt Lilek  <mrl@apple.com>
3192
3193         Don't enable VIDEO_TRACK on all OS X platforms
3194         https://bugs.webkit.org/show_bug.cgi?id=80635
3195
3196         Reviewed by Eric Carlson.
3197
3198         * Configurations/FeatureDefines.xcconfig:
3199
3200 2012-03-08  Oliver Hunt  <oliver@apple.com>
3201
3202         Build fix.  That day is not today.
3203
3204         * assembler/MacroAssembler.h:
3205         (JSC::MacroAssembler::shouldBlind):
3206         * assembler/MacroAssemblerX86Common.h:
3207         (MacroAssemblerX86Common):
3208         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
3209
3210 2012-03-08  Oliver Hunt  <oliver@apple.com>
3211
3212         Build fix. One of these days I'll manage to commit something that works everywhere.
3213
3214         * assembler/AbstractMacroAssembler.h:
3215         (AbstractMacroAssembler):
3216         * assembler/MacroAssemblerARMv7.h:
3217         (MacroAssemblerARMv7):
3218         * assembler/MacroAssemblerX86Common.h:
3219         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
3220         (MacroAssemblerX86Common):
3221
3222 2012-03-08  Chao-ying Fu  <fu@mips.com>
3223
3224         Update MIPS patchOffsetGetByIdSlowCaseCall
3225         https://bugs.webkit.org/show_bug.cgi?id=80302
3226
3227         Reviewed by Oliver Hunt.
3228
3229         * jit/JIT.h:
3230         (JIT):
3231
3232 2012-03-08  Oliver Hunt  <oliver@apple.com>
3233
3234         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
3235         https://bugs.webkit.org/show_bug.cgi?id=80633
3236
3237         Reviewed by Gavin Barraclough.
3238
3239         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
3240         if there isn't a machine specific implementation (otherwise the 64bit value
3241         got truncated and 32bit checks were used -- leaving 32bits untested).
3242         Also add a bit of logic to ensure that we don't try to blind a few common
3243         constants that go through the ImmPtr paths -- encoded numeric JSValues and
3244         unencoded doubles with common "safe" values.
3245
3246         * assembler/AbstractMacroAssembler.h:
3247         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
3248         * assembler/MacroAssembler.h:
3249         (JSC::MacroAssembler::shouldBlindDouble):
3250         (MacroAssembler):
3251         (JSC::MacroAssembler::shouldBlind):
3252         * assembler/MacroAssemblerX86Common.h:
3253         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
3254
3255 2012-03-08  Mark Rowe  <mrowe@apple.com>
3256
3257         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
3258
3259         Reviewed by Dan Bernstein.
3260
3261         * Configurations/Base.xcconfig:
3262
3263 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
3264
3265         Fix line endings for copy-files.cmd.
3266         
3267         If a cmd file doesn't have Windows line endings, it doesn't work properly.
3268         In this case, the label :clean wasn't found, breaking the clean build.
3269         
3270         Reviewed by Jessie Berlin.
3271
3272         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3273
3274 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3275
3276         DFG CFA incorrectly handles ValueToInt32
3277         https://bugs.webkit.org/show_bug.cgi?id=80568
3278
3279         Reviewed by Gavin Barraclough.
3280         
3281         Changed it match exactly the decision pattern used in
3282         DFG::SpeculativeJIT::compileValueToInt32
3283
3284         * dfg/DFGAbstractState.cpp:
3285         (JSC::DFG::AbstractState::execute):
3286
3287 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
3288
3289         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
3290         https://bugs.webkit.org/show_bug.cgi?id=80524
3291
3292         Reviewed by Simon Hausmann.
3293
3294         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
3295         of WTF library.
3296
3297         * runtime/Identifier.cpp:
3298         * wtf/WTFThreadData.cpp:
3299         (JSC):
3300         (JSC::IdentifierTable::~IdentifierTable):
3301         (JSC::IdentifierTable::add):
3302
3303 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
3304
3305         DFG instruction count threshold should be lifted to 10000
3306         https://bugs.webkit.org/show_bug.cgi?id=80579
3307
3308         Reviewed by Gavin Barraclough.
3309
3310         * runtime/Options.cpp:
3311         (JSC::Options::initializeOptions):
3312
3313 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
3314
3315         Incorrect tracking of abstract values of variables forced double
3316         https://bugs.webkit.org/show_bug.cgi?id=80566
3317         <rdar://problem/11001442>
3318
3319         Reviewed by Gavin Barraclough.
3320
3321         * dfg/DFGAbstractState.cpp:
3322         (JSC::DFG::AbstractState::mergeStateAtTail):
3323
3324 2012-03-07  Chao-yng Fu  <fu@mips.com>
3325
3326         [Qt] Fix the MIPS/SH4 build after r109834
3327         https://bugs.webkit.org/show_bug.cgi?id=80492
3328
3329         Reviewed by Oliver Hunt.
3330
3331         Implement three-argument branch(Add,Sub)32.
3332
3333         * assembler/MacroAssemblerMIPS.h:
3334         (JSC::MacroAssemblerMIPS::add32):
3335         (MacroAssemblerMIPS):
3336         (JSC::MacroAssemblerMIPS::sub32):
3337         (JSC::MacroAssemblerMIPS::branchAdd32):
3338         (JSC::MacroAssemblerMIPS::branchSub32):
3339
3340 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
3341
3342         Unreviewed, rolling out r110127.
3343         http://trac.webkit.org/changeset/110127
3344         https://bugs.webkit.org/show_bug.cgi?id=80562
3345
3346         compile failed on AppleWin (Requested by ukai on #webkit).
3347
3348         * heap/Heap.cpp:
3349         (JSC::Heap::collectAllGarbage):
3350         * heap/Heap.h:
3351         (JSC):
3352         (Heap):
3353         * runtime/Executable.cpp:
3354         (JSC::FunctionExecutable::FunctionExecutable):
3355         (JSC::FunctionExecutable::finalize):
3356         * runtime/Executable.h:
3357         (FunctionExecutable):
3358         (JSC::FunctionExecutable::create):
3359         * runtime/JSGlobalData.cpp:
3360         (WTF):
3361         (Recompiler):
3362         (WTF::Recompiler::operator()):
3363         (JSC::JSGlobalData::recompileAllJSFunctions):
3364         (JSC):
3365         * runtime/JSGlobalData.h:
3366         (JSGlobalData):
3367         * runtime/JSGlobalObject.cpp:
3368         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
3369
3370 2012-03-07  Hojong Han  <hojong.han@samsung.com>
3371
3372         The end atom of the marked block considered to filter invalid cells
3373         https://bugs.webkit.org/show_bug.cgi?id=79191
3374
3375         Reviewed by Geoffrey Garen.
3376
3377         Register file could have stale pointers beyond the end atom of marked block.
3378         Those pointers can weasel out of filtering in-middle-of-cell pointer.
3379
3380         * heap/MarkedBlock.h:
3381         (JSC::MarkedBlock::isLiveCell):
3382
3383 2012-03-07  Jessie Berlin  <jberlin@apple.com>
3384
3385         Clean Windows build fails after r110033
3386         https://bugs.webkit.org/show_bug.cgi?id=80553
3387
3388         Rubber-stamped by Jon Honeycutt and Eric Seidel.
3389
3390         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3391         Place the implementation files next to their header files in the wtf/text subdirectory.
3392         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
3393         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
3394         Update the path to those implementation files.
3395         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
3396         Ditto.
3397
3398 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
3399
3400         Eliminate redundant Phis in DFG
3401         https://bugs.webkit.org/show_bug.cgi?id=80415
3402
3403         Reviewed by Filip Pizlo.
3404
3405         Although this may not have any advantage at current stage, this is towards
3406         minimal SSA to make more high level optimizations (like bug 76770) easier.
3407         We have the choices either to build minimal SSA from scratch or to
3408         keep current simple Phi insertion mechanism and remove the redundancy
3409         in another phase. Currently we choose the latter because the change
3410         could be smaller.
3411
3412         * CMakeLists.txt:
3413         * GNUmakefile.list.am:
3414         * JavaScriptCore.xcodeproj/project.pbxproj:
3415         * Target.pri:
3416         * dfg/DFGDriver.cpp:
3417         (JSC::DFG::compile):
3418         * dfg/DFGGraph.cpp:
3419         (JSC::DFG::Graph::dump):
3420         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
3421         (DFG):
3422         (RedundantPhiEliminationPhase):
3423         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
3424         (JSC::DFG::RedundantPhiEliminationPhase::run):
3425         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
3426         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
3427         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
3428         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
3429         (JSC::DFG::performRedundantPhiElimination):
3430         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
3431         (DFG):
3432
3433 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
3434
3435         Refactor recompileAllJSFunctions() to be less expensive