DFG 64-bit Branch implementation should not be creating a JSValueOperand that
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
2
3         DFG 64-bit Branch implementation should not be creating a JSValueOperand that
4         it isn't going to use
5         https://bugs.webkit.org/show_bug.cgi?id=82136
6
7         Reviewed by Geoff Garen.
8
9         * dfg/DFGSpeculativeJIT64.cpp:
10         (JSC::DFG::SpeculativeJIT::emitBranch):
11
12 2012-03-24  Kevin Ollivier  <kevino@theolliviers.com>
13
14         [wx] Unreviewed. Fix the build after WTF move.
15
16         * wscript:
17
18 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
19
20         DFG double voting may be overzealous in the case of variables that end up
21         being used as integers
22         https://bugs.webkit.org/show_bug.cgi?id=82008
23
24         Reviewed by Oliver Hunt.
25         
26         Cleaned up propagation, making the intent more explicit in most places.
27         Back-propagate NodeUsedAsInt for cases where a node was used in a context
28         that is known to strongly prefer integers.
29
30         * dfg/DFGByteCodeParser.cpp:
31         (JSC::DFG::ByteCodeParser::handleCall):
32         (JSC::DFG::ByteCodeParser::parseBlock):
33         * dfg/DFGGraph.cpp:
34         (JSC::DFG::Graph::dumpCodeOrigin):
35         (JSC::DFG::Graph::dump):
36         * dfg/DFGGraph.h:
37         (Graph):
38         * dfg/DFGNodeFlags.cpp:
39         (JSC::DFG::nodeFlagsAsString):
40         * dfg/DFGNodeFlags.h:
41         (DFG):
42         * dfg/DFGPredictionPropagationPhase.cpp:
43         (JSC::DFG::PredictionPropagationPhase::run):
44         (JSC::DFG::PredictionPropagationPhase::propagate):
45         (PredictionPropagationPhase):
46         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
47         (JSC::DFG::PredictionPropagationPhase::vote):
48         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
49         (JSC::DFG::PredictionPropagationPhase::fixupNode):
50         * dfg/DFGVariableAccessData.h:
51         (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
52
53 2012-03-24  Filip Pizlo  <fpizlo@apple.com>
54
55         DFG::Node::shouldNotSpeculateInteger() should be eliminated
56         https://bugs.webkit.org/show_bug.cgi?id=82123
57
58         Reviewed by Geoff Garen.
59
60         * dfg/DFGAbstractState.cpp:
61         (JSC::DFG::AbstractState::execute):
62         * dfg/DFGNode.h:
63         (Node):
64         * dfg/DFGSpeculativeJIT.cpp:
65         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
66         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
67
68 2012-03-24  Yong Li  <yoli@rim.com>
69
70         Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
71         https://bugs.webkit.org/show_bug.cgi?id=81521
72
73         Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
74         for CPU(ARM_TRADITIONAL) to fit actual need.
75
76         Reviewed by Oliver Hunt.
77
78         * jit/JIT.h:
79         (JIT):
80
81 2012-03-23  Filip Pizlo  <fpizlo@apple.com>
82
83         DFG Fixup should be able to short-circuit trivial ValueToInt32's
84         https://bugs.webkit.org/show_bug.cgi?id=82030
85
86         Reviewed by Michael Saboff.
87         
88         Takes the fixup() method of the prediction propagation phase and makes it
89         into its own phase. Adds the ability to short-circuit trivial ValueToInt32
90         nodes, and mark pure ValueToInt32's as such.
91
92         * CMakeLists.txt:
93         * GNUmakefile.list.am:
94         * JavaScriptCore.xcodeproj/project.pbxproj:
95         * Target.pri:
96         * dfg/DFGByteCodeParser.cpp:
97         (JSC::DFG::ByteCodeParser::makeSafe):
98         (JSC::DFG::ByteCodeParser::handleCall):
99         (JSC::DFG::ByteCodeParser::parseBlock):
100         * dfg/DFGCommon.h:
101         * dfg/DFGDriver.cpp:
102         (JSC::DFG::compile):
103         * dfg/DFGFixupPhase.cpp: Added.
104         (DFG):
105         (FixupPhase):
106         (JSC::DFG::FixupPhase::FixupPhase):
107         (JSC::DFG::FixupPhase::run):
108         (JSC::DFG::FixupPhase::fixupNode):
109         (JSC::DFG::FixupPhase::fixIntEdge):
110         (JSC::DFG::performFixup):
111         * dfg/DFGFixupPhase.h: Added.
112         (DFG):
113         * dfg/DFGPredictionPropagationPhase.cpp:
114         (JSC::DFG::PredictionPropagationPhase::run):
115         (PredictionPropagationPhase):
116
117 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
118
119         tryReallocate could break the zero-ed memory invariant of CopiedBlocks
120         https://bugs.webkit.org/show_bug.cgi?id=82087
121
122         Reviewed by Filip Pizlo.
123
124         Removing this optimization turned out to be ~1% regression on kraken, so I simply 
125         undid the modification to the current block if we fail.
126
127         * heap/CopiedSpace.cpp:
128         (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail 
129         to reallocate from the current block.
130
131 2012-03-23  Alexey Proskuryakov  <ap@apple.com>
132
133         [Mac] No need for platform-specific ENABLE_BLOB values
134         https://bugs.webkit.org/show_bug.cgi?id=82102
135
136         Reviewed by David Kilzer.
137
138         * Configurations/FeatureDefines.xcconfig:
139
140 2012-03-23  Michael Saboff  <msaboff@apple.com>
141
142         DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
143         https://bugs.webkit.org/show_bug.cgi?id=81805
144
145         Reviewed by Filip Pizlo.
146
147         Added SpeculativeJIT::checkGeneratedType() to determine the current format
148         of an operand.  Used that information in SpeculativeJIT::compileValueToInt32
149         to generate code that will use integer and JSValue types in integer
150         format directly without a conversion to double.
151
152         * JavaScriptCore.xcodeproj/project.pbxproj:
153         * dfg/DFGSpeculativeJIT.cpp:
154         (JSC::DFG::SpeculativeJIT::checkGeneratedType):
155         (DFG):
156         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
157         * dfg/DFGSpeculativeJIT.h:
158         (DFG):
159         (SpeculativeJIT):
160
161 2012-03-23  Steve Falkenburg  <sfalken@apple.com>
162
163         Update Apple Windows build files for WTF move
164         https://bugs.webkit.org/show_bug.cgi?id=82069
165
166         Reviewed by Jessie Berlin.
167
168         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
169
170 2012-03-23  Dean Jackson  <dino@apple.com>
171
172         Disable CSS_SHADERS in Apple builds
173         https://bugs.webkit.org/show_bug.cgi?id=81996
174
175         Reviewed by Simon Fraser.
176
177         Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
178
179         * Configurations/FeatureDefines.xcconfig:
180
181 2012-03-23  Gavin Barraclough  <barraclough@apple.com>
182
183         RexExp constructor last match properties should not rely on previous ovector
184         https://bugs.webkit.org/show_bug.cgi?id=82077
185
186         Reviewed by Oliver Hunt.
187
188         This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
189
190         This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
191         Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
192         a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
193         location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
194         a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
195         reified state. This means that next time a match is performed, the store of the result will
196         automatically blow away the reified value.
197
198         * JavaScriptCore.xcodeproj/project.pbxproj:
199             - Added new files.
200         * runtime/RegExp.cpp:
201         (JSC::RegExpFunctionalTestCollector::outputOneTest):
202             - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
203         * runtime/RegExpCachedResult.cpp: Added.
204         (JSC::RegExpCachedResult::visitChildren):
205         (JSC::RegExpCachedResult::lastResult):
206         (JSC::RegExpCachedResult::setInput):
207             - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
208         * runtime/RegExpCachedResult.h: Added.
209         (RegExpCachedResult):
210             - Added new class.
211         (JSC::RegExpCachedResult::RegExpCachedResult):
212         (JSC::RegExpCachedResult::record):
213         (JSC::RegExpCachedResult::input):
214             - Initialize the object, record the result of a RegExp match, access the stored input property.
215         * runtime/RegExpConstructor.cpp:
216         (JSC::RegExpConstructor::RegExpConstructor):
217             - Initialize m_result/m_multiline properties.
218         (JSC::RegExpConstructor::visitChildren):
219             - Make sure the cached results (or lazy source for them) are marked.
220         (JSC::RegExpConstructor::getBackref):
221         (JSC::RegExpConstructor::getLastParen):
222         (JSC::RegExpConstructor::getLeftContext):
223         (JSC::RegExpConstructor::getRightContext):
224             - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
225         (JSC::regExpConstructorInput):
226         (JSC::setRegExpConstructorInput):
227             - Changed to use RegExpCachedResult.
228         * runtime/RegExpConstructor.h:
229         (JSC::RegExpConstructor::create):
230         (RegExpConstructor):
231         (JSC::RegExpConstructor::setMultiline):
232         (JSC::RegExpConstructor::multiline):
233             - Move multiline property onto the constructor object; it is not affected by the last match.
234         (JSC::RegExpConstructor::setInput):
235         (JSC::RegExpConstructor::input):
236             - These defer to RegExpCachedResult.
237         (JSC::RegExpConstructor::performMatch):
238         * runtime/RegExpMatchesArray.cpp: Added.
239         (JSC::RegExpMatchesArray::visitChildren):
240             - Eeeep! added missing visitChildren!
241         (JSC::RegExpMatchesArray::finishCreation):
242         (JSC::RegExpMatchesArray::reifyAllProperties):
243         (JSC::RegExpMatchesArray::reifyMatchProperty):
244             - Moved from RegExpConstructor.cpp.
245         (JSC::RegExpMatchesArray::leftContext):
246         (JSC::RegExpMatchesArray::rightContext):
247             - Since the match start/
248         * runtime/RegExpMatchesArray.h:
249         (RegExpMatchesArray):
250             - Declare new methods & structure flags.
251         * runtime/RegExpObject.cpp:
252         (JSC::RegExpObject::match):
253             - performMatch now requires the JSString input, to cache.
254         * runtime/StringPrototype.cpp:
255         (JSC::removeUsingRegExpSearch):
256         (JSC::replaceUsingRegExpSearch):
257         (JSC::stringProtoFuncMatch):
258         (JSC::stringProtoFuncSearch):
259             - performMatch now requires the JSString input, to cache.
260
261 2012-03-23  Tony Chang  <tony@chromium.org>
262
263         [chromium] rename newwtf target back to wtf
264         https://bugs.webkit.org/show_bug.cgi?id=82064
265
266         Reviewed by Adam Barth.
267
268         * JavaScriptCore.gyp/JavaScriptCore.gyp:
269
270 2012-03-23  Mark Hahnenberg  <mhahnenberg@apple.com>
271
272         Simplify memory usage tracking in CopiedSpace
273         https://bugs.webkit.org/show_bug.cgi?id=80705
274
275         Reviewed by Filip Pizlo.
276
277         * heap/CopiedAllocator.h:
278         (CopiedAllocator): Rename currentUtilization to currentSize.
279         (JSC::CopiedAllocator::currentCapacity):
280         * heap/CopiedBlock.h:
281         (CopiedBlock):
282         (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
283         declaration.
284         (JSC):
285         (JSC::CopiedBlock::size): Add new function to calculate the block's size.
286         (JSC::CopiedBlock::capacity): Ditto for capacity.
287         * heap/CopiedSpace.cpp:
288         (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
289         field for the water mark.
290         (JSC::CopiedSpace::init):
291         (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current 
292         block, we need to update our current water mark with the size of the block.
293         (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we 
294         need to update our current water mark with the size of the used portion of the block.
295         (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when 
296         reallocating because it will either get accounted for when we fill up the block later 
297         in the case of being able to reallocate in the current block or it will get picked up 
298         immediately because we'll have to get a new block.
299         (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when 
300         realloc-ing an oversize block because we deallocate the old block and allocate a brand 
301         new one.
302         (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to 
303         the CopiedSpace by the SlotVisitors.
304         (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
305         (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or 
306         not we should collect now instead of doing the calculation ourself.
307         (JSC::CopiedSpace::destroy):
308         (JSC):
309         (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how 
310         MarkedSpace does.
311         (JSC::CopiedSpace::capacity): Ditto for capacity.
312         * heap/CopiedSpace.h:
313         (JSC::CopiedSpace::waterMark):
314         (CopiedSpace):
315         * heap/CopiedSpaceInlineMethods.h:
316         (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a 
317         collection.
318         (JSC::CopiedSpace::allocateNewBlock):
319         (JSC::CopiedSpace::fitsInBlock):
320         (JSC::CopiedSpace::allocateFromBlock):
321         * heap/Heap.cpp:
322         (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
323         (JSC::Heap::capacity): Ditto for capacity.
324         (JSC::Heap::collect):
325         * heap/Heap.h:
326         (Heap):
327         (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to 
328         determine whether they should initiate a collection or continue to allocate new blocks.
329         (JSC):
330         (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
331         Heap (MarkedSpace and CopiedSpace).
332         * heap/MarkedAllocator.cpp:
333         (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
334
335 2012-03-23  Ryosuke Niwa  <rniwa@webkit.org>
336
337         BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
338         https://bugs.webkit.org/show_bug.cgi?id=82012
339
340         Reviewed by Filip Pizlo.
341
342         Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
343
344         * wtf/BitVector.cpp:
345         (WTF::BitVector::resizeOutOfLine):
346         * wtf/BitVector.h:
347         (BitVector):
348         (OutOfLineBits):
349
350 2012-03-22  Michael Saboff  <msaboff@apple.com>
351
352         ExecutableAllocator::memoryPressureMultiplier() might can return NaN
353         https://bugs.webkit.org/show_bug.cgi?id=82002
354
355         Reviewed by Filip Pizlo.
356
357         Guard against divide by zero and then make sure the return
358         value is >= 1.0.
359
360         * jit/ExecutableAllocator.cpp:
361         (JSC::ExecutableAllocator::memoryPressureMultiplier):
362         * jit/ExecutableAllocatorFixedVMPool.cpp:
363         (JSC::ExecutableAllocator::memoryPressureMultiplier):
364
365 2012-03-22  Jessie Berlin  <jberlin@apple.com>
366
367         Windows build fix after r111778.
368
369         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
370         Don't include and try to build files owned by WTF.
371         Also, let VS have its way with the vcproj in terms of file ordering.
372
373 2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
374
375         [CMake] Unreviewed build fix after r111778.
376
377         * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
378         the include paths so that the right config.h is used.
379
380 2012-03-22  Tony Chang  <tony@chromium.org>
381
382         Unreviewed, fix chromium build after wtf move.
383
384         Remove old wtf_config and wtf targets.
385
386         * JavaScriptCore.gyp/JavaScriptCore.gyp:
387
388 2012-03-22  Martin Robinson  <mrobinson@igalia.com>
389
390         Fixed the GTK+ WTF/JavaScriptCore build after r111778.
391
392         * GNUmakefile.list.am: Removed an extra trailing backslash.
393
394 2012-03-22  Mark Rowe  <mrowe@apple.com>
395
396         Fix the build.
397
398         * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
399         rather than only those that contain symbols that JavaScriptCore itself uses.
400         * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
401
402 2012-03-22  Filip Pizlo  <fpizlo@apple.com>
403
404         DFG NodeFlags has some duplicate code and naming issues
405         https://bugs.webkit.org/show_bug.cgi?id=81975
406
407         Reviewed by Gavin Barraclough.
408         
409         Removed most references to "ArithNodeFlags" since those are now just part
410         of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
411         NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
412         because the former was never called and the latter did the same things as
413         mergeFlags().
414
415         * dfg/DFGByteCodeParser.cpp:
416         (JSC::DFG::ByteCodeParser::makeSafe):
417         (JSC::DFG::ByteCodeParser::makeDivSafe):
418         (JSC::DFG::ByteCodeParser::handleIntrinsic):
419         * dfg/DFGGraph.cpp:
420         (JSC::DFG::Graph::dump):
421         * dfg/DFGNode.h:
422         (JSC::DFG::Node::arithNodeFlags):
423         (Node):
424         * dfg/DFGNodeFlags.cpp:
425         (JSC::DFG::nodeFlagsAsString):
426         * dfg/DFGNodeFlags.h:
427         (DFG):
428         (JSC::DFG::nodeUsedAsNumber):
429         * dfg/DFGPredictionPropagationPhase.cpp:
430         (JSC::DFG::PredictionPropagationPhase::propagate):
431         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
432
433 2012-03-22  Eric Seidel  <eric@webkit.org>
434
435         Actually move WTF files to their new home
436         https://bugs.webkit.org/show_bug.cgi?id=81844
437
438         Unreviewed.  The details of the port-specific changes
439         have been seen by contributors from those ports, but
440         the whole 5MB change isn't very reviewable as-is.
441
442         * GNUmakefile.am:
443         * GNUmakefile.list.am:
444         * JSCTypedArrayStubs.h:
445         * JavaScriptCore.gypi:
446         * JavaScriptCore.xcodeproj/project.pbxproj:
447         * jsc.cpp:
448
449 2012-03-22  Kevin Ollivier  <kevino@theolliviers.com>
450
451         [wx] Unreviewed. Adding Source/WTF to the build.
452
453         * wscript:
454
455 2012-03-22  Gavin Barraclough  <barraclough@apple.com>
456
457         Add JSValue::isFunction
458         https://bugs.webkit.org/show_bug.cgi?id=81935
459
460         Reviewed by Geoff Garen.
461
462         This would be useful in the WebCore bindings code.
463         Also, remove asFunction, replace with jsCast<JSFunction*>.
464
465         * API/JSContextRef.cpp:
466         * debugger/Debugger.cpp:
467         * debugger/DebuggerCallFrame.cpp:
468         (JSC::DebuggerCallFrame::functionName):
469         * dfg/DFGGraph.h:
470         (JSC::DFG::Graph::valueOfFunctionConstant):
471         * dfg/DFGOperations.cpp:
472         * interpreter/CallFrame.cpp:
473         (JSC::CallFrame::isInlineCallFrameSlow):
474         * interpreter/Interpreter.cpp:
475         (JSC::Interpreter::privateExecute):
476         * jit/JITStubs.cpp:
477         (JSC::DEFINE_STUB_FUNCTION):
478         (JSC::jitCompileFor):
479         (JSC::lazyLinkFor):
480         * llint/LLIntSlowPaths.cpp:
481         (JSC::LLInt::traceFunctionPrologue):
482         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
483         (JSC::LLInt::setUpCall):
484         * runtime/Arguments.h:
485         (JSC::Arguments::finishCreation):
486         * runtime/ArrayPrototype.cpp:
487         (JSC::arrayProtoFuncFilter):
488         (JSC::arrayProtoFuncMap):
489         (JSC::arrayProtoFuncEvery):
490         (JSC::arrayProtoFuncForEach):
491         (JSC::arrayProtoFuncSome):
492         (JSC::arrayProtoFuncReduce):
493         (JSC::arrayProtoFuncReduceRight):
494         * runtime/CommonSlowPaths.h:
495         (JSC::CommonSlowPaths::arityCheckFor):
496         * runtime/Executable.h:
497         (JSC::FunctionExecutable::compileFor):
498         (JSC::FunctionExecutable::compileOptimizedFor):
499         * runtime/FunctionPrototype.cpp:
500         (JSC::functionProtoFuncToString):
501         * runtime/JSArray.cpp:
502         (JSC::JSArray::sort):
503         * runtime/JSFunction.cpp:
504         (JSC::JSFunction::argumentsGetter):
505         (JSC::JSFunction::callerGetter):
506         (JSC::JSFunction::lengthGetter):
507         * runtime/JSFunction.h:
508         (JSC):
509         (JSC::asJSFunction):
510         (JSC::JSValue::isFunction):
511         * runtime/JSGlobalData.cpp:
512         (WTF::Recompiler::operator()):
513         (JSC::JSGlobalData::releaseExecutableMemory):
514         * runtime/JSValue.h:
515         * runtime/StringPrototype.cpp:
516         (JSC::replaceUsingRegExpSearch):
517
518 2012-03-21  Filip Pizlo  <fpizlo@apple.com>
519
520         DFG speculation on booleans should be rationalized
521         https://bugs.webkit.org/show_bug.cgi?id=81840
522
523         Reviewed by Gavin Barraclough.
524         
525         This removes isKnownBoolean() and replaces it with AbstractState-based
526         optimization, and cleans up the control flow in code gen methods for
527         Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
528         and removes isKnownNotBoolean() since that method appeared to be a
529         helper used solely by 32_64's speculateBooleanOperation().
530         
531         This is performance-neutral.
532
533         * dfg/DFGAbstractState.cpp:
534         (JSC::DFG::AbstractState::execute):
535         * dfg/DFGNode.h:
536         (JSC::DFG::Node::shouldSpeculateNumber):
537         * dfg/DFGSpeculativeJIT.cpp:
538         (DFG):
539         * dfg/DFGSpeculativeJIT.h:
540         (SpeculativeJIT):
541         * dfg/DFGSpeculativeJIT32_64.cpp:
542         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
543         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
544         (JSC::DFG::SpeculativeJIT::emitBranch):
545         (JSC::DFG::SpeculativeJIT::compile):
546         * dfg/DFGSpeculativeJIT64.cpp:
547         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
548         (JSC::DFG::SpeculativeJIT::emitBranch):
549         (JSC::DFG::SpeculativeJIT::compile):
550
551 2012-03-21  Mark Rowe  <mrowe@apple.com>
552
553         Fix the build.
554
555         * wtf/MetaAllocator.h:
556         (MetaAllocator): Export the destructor.
557
558 2012-03-21  Eric Seidel  <eric@webkit.org>
559
560         Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
561         https://bugs.webkit.org/show_bug.cgi?id=81834
562
563         Reviewed by Adam Barth.
564
565         * jsc.cpp:
566         * os-win32/WinMain.cpp:
567         * runtime/JSDateMath.cpp:
568         * runtime/TimeoutChecker.cpp:
569         * testRegExp.cpp:
570         * tools/CodeProfiling.cpp:
571
572 2012-03-21  Eric Seidel  <eric@webkit.org>
573
574         WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
575         https://bugs.webkit.org/show_bug.cgi?id=81838
576
577         Reviewed by Geoffrey Garen.
578
579         My understanding is that weak vtables happen when the compiler/linker cannot
580         determine which compilation unit should constain the vtable.  In this case
581         because there were only pure virtual functions as well as an "inline"
582         virtual destructor (thus the virtual destructor was defined in many compilation
583         units).  Since you can't actually "inline" a virtual function (it still has to
584         bounce through the vtable), the "inline" on this virutal destructor doesn't
585         actually help performance, and is only serving to confuse the compiler here.
586         I've moved the destructor implementation to the .cpp file, thus making
587         it clear to the compiler where the vtable should be stored, and solving the error.
588
589         * wtf/MetaAllocator.cpp:
590         (WTF::MetaAllocator::~MetaAllocator):
591         (WTF):
592         * wtf/MetaAllocator.h:
593
594 2012-03-20  Gavin Barraclough  <barraclough@apple.com>
595
596         RegExpMatchesArray should not copy the ovector
597         https://bugs.webkit.org/show_bug.cgi?id=81742
598
599         Reviewed by Michael Saboff.
600
601         Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
602         This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
603         main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
604         and the results never accessed).
605         If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
606
607         * dfg/DFGOperations.cpp:
608             - RegExpObject match renamed back to test (test returns a bool).
609         * runtime/RegExpConstructor.cpp:
610         (JSC):
611             - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
612         (JSC::RegExpMatchesArray::finishCreation):
613             - Removed RegExpConstructorPrivate parameter.
614         (JSC::RegExpMatchesArray::reifyAllProperties):
615             - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
616             If there are sub-pattern properties, the RegExp is re-run to generate their values.
617         (JSC::RegExpMatchesArray::reifyMatchProperty):
618             - Reify just the match (index 0) property of the RegExpMatchesArray.
619         * runtime/RegExpConstructor.h:
620         (RegExpConstructor):
621         (JSC::RegExpConstructor::performMatch):
622             - performMatch now returns a MatchResult, rather than using out-parameters.
623         * runtime/RegExpMatchesArray.h:
624         (JSC::RegExpMatchesArray::RegExpMatchesArray):
625             - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
626         (RegExpMatchesArray):
627         (JSC::RegExpMatchesArray::create):
628             - Now passed the input string matched against, the RegExp, and the MatchResult.
629         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
630         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
631             - Helpers to conditionally reify properties.
632         (JSC::RegExpMatchesArray::getOwnPropertySlot):
633         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
634         (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
635         (JSC::RegExpMatchesArray::put):
636         (JSC::RegExpMatchesArray::putByIndex):
637         (JSC::RegExpMatchesArray::deleteProperty):
638         (JSC::RegExpMatchesArray::deletePropertyByIndex):
639         (JSC::RegExpMatchesArray::getOwnPropertyNames):
640         (JSC::RegExpMatchesArray::defineOwnProperty):
641             - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
642             (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
643         * runtime/RegExpObject.cpp:
644         (JSC::RegExpObject::exec):
645         (JSC::RegExpObject::match):
646             - match now returns a MatchResult.
647         * runtime/RegExpObject.h:
648         (JSC::MatchResult::MatchResult):
649             - Added the result of a match is a start & end tuple.
650         (JSC::MatchResult::failed):
651             - A failure is indicated by (notFound, 0).
652         (JSC::MatchResult::operator bool):
653             - Evaluates to false if the match failed.
654         (JSC::MatchResult::empty):
655             - Evaluates to true if the match succeeded with length 0.
656         (JSC::RegExpObject::test):
657             - Now returns a bool.
658         * runtime/RegExpPrototype.cpp:
659         (JSC::regExpProtoFuncTest):
660             - RegExpObject match renamed back to test (test returns a bool).
661         * runtime/StringPrototype.cpp:
662         (JSC::removeUsingRegExpSearch):
663         (JSC::replaceUsingRegExpSearch):
664         (JSC::stringProtoFuncMatch):
665         (JSC::stringProtoFuncSearch):
666             - performMatch now returns a MatchResult, rather than using out-parameters.
667
668 2012-03-21  Hojong Han  <hojong.han@samsung.com>
669
670         Fix out of memory by allowing overcommit
671         https://bugs.webkit.org/show_bug.cgi?id=81743
672
673         Reviewed by Geoffrey Garen.
674
675         Garbage collection is not triggered and new blocks are added
676         because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
677
678         * wtf/OSAllocatorPosix.cpp:
679         (WTF::OSAllocator::reserveAndCommit):
680
681 2012-03-21  Jessie Berlin  <jberlin@apple.com>
682
683         More Windows build fixing.
684
685         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
686         Fix the order of the include directories to look in include/private first before looking
687         in include/private/JavaScriptCore.
688         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
689         Look in the Production output directory (where the wtf headers will be). This is the same
690         thing that is done for jsc and testRegExp in ReleasePGO.
691
692 2012-03-21  Jessie Berlin  <jberlin@apple.com>
693
694         WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
695         $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
696         https://bugs.webkit.org/show_bug.cgi?id=81739
697
698         Reviewed by Dan Bernstein.
699
700         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
701         Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
702         subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
703         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
704         Ditto.
705
706         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
707         Get the headers for those 4 files from the wtf subdirectory of the build output, not the
708         JavaScriptCore/wtf subdirectory.
709         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
710         Ditto.
711
712 2012-03-20  Eric Seidel  <eric@webkit.org>
713
714         Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
715         https://bugs.webkit.org/show_bug.cgi?id=80911
716
717         Reviewed by Adam Barth.
718
719         Update the various build systems to depend on Source/WTF headers
720         as well as remove references to Platform.h (since it's now moved).
721
722         * CMakeLists.txt:
723         * JavaScriptCore.pri:
724         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
725         * JavaScriptCore.xcodeproj/project.pbxproj:
726         * wtf/CMakeLists.txt:
727
728 2012-03-20  Filip Pizlo  <fpizlo@apple.com>
729
730         op_mod fails on many interesting corner cases
731         https://bugs.webkit.org/show_bug.cgi?id=81648
732
733         Reviewed by Oliver Hunt.
734         
735         Removed most strength reduction for op_mod, and fixed the integer handling
736         to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
737         which this patch also fixes.
738         
739         This patch is performance neutral on all of the major benchmarks we track.
740
741         * dfg/DFGOperations.cpp:
742         * dfg/DFGOperations.h:
743         * dfg/DFGSpeculativeJIT.cpp:
744         (DFG):
745         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
746         (JSC::DFG::SpeculativeJIT::compileArithMod):
747         * jit/JIT.h:
748         (JIT):
749         * jit/JITArithmetic.cpp:
750         (JSC):
751         (JSC::JIT::emit_op_mod):
752         (JSC::JIT::emitSlow_op_mod):
753         * jit/JITArithmetic32_64.cpp:
754         (JSC::JIT::emit_op_mod):
755         (JSC::JIT::emitSlow_op_mod):
756         * jit/JITOpcodes32_64.cpp:
757         (JSC::JIT::privateCompileCTIMachineTrampolines):
758         (JSC):
759         * jit/JITStubs.h:
760         (TrampolineStructure):
761         (JSC::JITThunks::ctiNativeConstruct):
762         * llint/LowLevelInterpreter64.asm:
763         * wtf/Platform.h:
764         * wtf/SimpleStats.h:
765         (WTF::SimpleStats::variance):
766
767 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
768
769         Windows (make based) build fix.
770         <rdar://problem/11069015>
771
772         * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
773
774 2012-03-20  Steve Falkenburg  <sfalken@apple.com>
775
776         Move WTF-related Windows project files out of JavaScriptCore
777         https://bugs.webkit.org/show_bug.cgi?id=80680
778
779         This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
780         It does not move any source code. This is in preparation for the WTF source move out of
781         JavaScriptCore.
782
783         Reviewed by Jessie Berlin.
784
785         * JavaScriptCore.vcproj/JavaScriptCore.sln:
786         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
787         * JavaScriptCore.vcproj/WTF: Removed.
788         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
789         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
790         * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
791         * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
792         * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
793         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
794         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
795         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
796         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
797         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
798         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
799         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
800         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
801         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
802         * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
803         * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
804         * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
805         * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
806         * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
807         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
808         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
809         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
810
811 2012-03-20  Benjamin Poulain  <bpoulain@apple.com>
812
813         Cache the type string of JavaScript object
814         https://bugs.webkit.org/show_bug.cgi?id=81446
815
816         Reviewed by Geoffrey Garen.
817
818         Instead of creating the JSString every time, we create
819         lazily the strings in JSGlobalData.
820
821         This avoid the construction of the StringImpl and of the JSString,
822         which gives some performance improvements.
823
824         * runtime/CommonIdentifiers.h:
825         * runtime/JSValue.cpp:
826         (JSC::JSValue::toStringSlowCase):
827         * runtime/Operations.cpp:
828         (JSC::jsTypeStringForValue):
829         * runtime/SmallStrings.cpp:
830         (JSC::SmallStrings::SmallStrings):
831         (JSC::SmallStrings::finalizeSmallStrings):
832         (JSC::SmallStrings::initialize):
833         (JSC):
834         * runtime/SmallStrings.h:
835         (SmallStrings):
836
837 2012-03-20  Oliver Hunt  <oliver@apple.com>
838
839         Allow LLINT to work even when executable allocation fails.
840         https://bugs.webkit.org/show_bug.cgi?id=81693
841
842         Reviewed by Gavin Barraclough.
843
844         Don't crash if executable allocation fails if we can fall back on LLINT
845
846         * jit/ExecutableAllocatorFixedVMPool.cpp:
847         (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
848         * wtf/OSAllocatorPosix.cpp:
849         (WTF::OSAllocator::reserveAndCommit):
850
851 2012-03-20  Csaba Osztrogonác  <ossy@webkit.org>
852
853         Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
854         https://bugs.webkit.org/show_bug.cgi?id=81428
855
856         32 bit buildfix after r111355.
857
858         2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
859         The smallest int is -2147483648 (-2^31) == -2147483647 - 1  == -INT32_MAX-1 == INT32_MIN (stdint.h).
860
861         Reviewed by Zoltan Herczeg.
862
863         * dfg/DFGSpeculativeJIT.cpp:
864         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
865
866 2012-03-19  Jochen Eisinger  <jochen@chromium.org>
867
868         Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
869         https://bugs.webkit.org/show_bug.cgi?id=80983
870
871         Reviewed by Darin Adler.
872
873         This allows printing a backtrace acquired by an earlier WTFGetBacktrace
874         call which is useful for local debugging.
875
876         * wtf/Assertions.cpp:
877         * wtf/Assertions.h:
878
879 2012-03-19  Benjamin Poulain  <benjamin@webkit.org>
880
881         Do not copy the script source in the SourceProvider, just reference the existing string
882         https://bugs.webkit.org/show_bug.cgi?id=81466
883
884         Reviewed by Geoffrey Garen.
885
886         * parser/SourceCode.h: Remove the unused, and incorrect, function data().
887         * parser/SourceProvider.h: Add OVERRIDE for clarity.
888
889 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
890
891         Division optimizations fail to infer cases of truncated division and
892         mishandle -2147483648/-1
893         https://bugs.webkit.org/show_bug.cgi?id=81428
894         <rdar://problem/11067382>
895
896         Reviewed by Oliver Hunt.
897
898         If you're a division over integers and you're only used as an integer, then you're
899         an integer division and remainder checks become unnecessary. If you're dividing
900         -2147483648 by -1, don't crash.
901
902         * assembler/MacroAssemblerX86Common.h:
903         (MacroAssemblerX86Common):
904         (JSC::MacroAssemblerX86Common::add32):
905         * dfg/DFGSpeculativeJIT.cpp:
906         (DFG):
907         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
908         * dfg/DFGSpeculativeJIT.h:
909         (SpeculativeJIT):
910         * dfg/DFGSpeculativeJIT32_64.cpp:
911         (JSC::DFG::SpeculativeJIT::compile):
912         * dfg/DFGSpeculativeJIT64.cpp:
913         (JSC::DFG::SpeculativeJIT::compile):
914         * llint/LowLevelInterpreter64.asm:
915
916 2012-03-19  Benjamin Poulain  <bpoulain@apple.com>
917
918         Simplify SmallStrings
919         https://bugs.webkit.org/show_bug.cgi?id=81445
920
921         Reviewed by Gavin Barraclough.
922
923         SmallStrings had two methods that should not be public: count() and clear().
924
925         The method clear() is effectively replaced by finalizeSmallStrings(). The body
926         of the method was moved to the constructor since the code is obvious.
927
928         The method count() is unused.
929
930         * runtime/SmallStrings.cpp:
931         (JSC::SmallStrings::SmallStrings):
932         * runtime/SmallStrings.h:
933         (SmallStrings):
934
935 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
936
937         DFG can no longer compile V8-v4/regexp in debug mode
938         https://bugs.webkit.org/show_bug.cgi?id=81592
939
940         Reviewed by Gavin Barraclough.
941
942         * dfg/DFGSpeculativeJIT32_64.cpp:
943         (JSC::DFG::SpeculativeJIT::compile):
944         * dfg/DFGSpeculativeJIT64.cpp:
945         (JSC::DFG::SpeculativeJIT::compile):
946
947 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
948
949         Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
950         change throughout the fixpoint
951         https://bugs.webkit.org/show_bug.cgi?id=81583
952
953         Reviewed by Michael Saboff.
954
955         * dfg/DFGPredictionPropagationPhase.cpp:
956         (JSC::DFG::PredictionPropagationPhase::propagate):
957
958 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
959
960         GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
961         the process of being generated
962         https://bugs.webkit.org/show_bug.cgi?id=81565
963
964         Reviewed by Oliver Hunt.
965
966         * bytecode/CodeBlock.cpp:
967         (JSC::CodeBlock::finalizeUnconditionally):
968
969 2012-03-19  Eric Seidel  <eric@webkit.org>
970
971         Fix WTF header include discipline in Chromium WebKit
972         https://bugs.webkit.org/show_bug.cgi?id=81281
973
974         Reviewed by James Robinson.
975
976         * JavaScriptCore.gyp/JavaScriptCore.gyp:
977         * wtf/unicode/icu/CollatorICU.cpp:
978
979 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
980
981         DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
982         https://bugs.webkit.org/show_bug.cgi?id=81556
983
984         Rubber stamped by Gavin Barraclough.
985
986         * GNUmakefile.list.am:
987         * JavaScriptCore.xcodeproj/project.pbxproj:
988         * dfg/DFGAbstractState.h:
989         (JSC::DFG::AbstractState::forNode):
990         * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
991         (JSC::DFG::AdjacencyList::AdjacencyList):
992         (JSC::DFG::AdjacencyList::child):
993         (JSC::DFG::AdjacencyList::setChild):
994         (JSC::DFG::AdjacencyList::child1):
995         (JSC::DFG::AdjacencyList::child2):
996         (JSC::DFG::AdjacencyList::child3):
997         (JSC::DFG::AdjacencyList::setChild1):
998         (JSC::DFG::AdjacencyList::setChild2):
999         (JSC::DFG::AdjacencyList::setChild3):
1000         (JSC::DFG::AdjacencyList::child1Unchecked):
1001         (JSC::DFG::AdjacencyList::initialize):
1002         (AdjacencyList):
1003         * dfg/DFGByteCodeParser.cpp:
1004         (JSC::DFG::ByteCodeParser::addVarArgChild):
1005         (JSC::DFG::ByteCodeParser::processPhiStack):
1006         * dfg/DFGCSEPhase.cpp:
1007         (JSC::DFG::CSEPhase::canonicalize):
1008         (JSC::DFG::CSEPhase::performSubstitution):
1009         * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
1010         (DFG):
1011         (JSC::DFG::Edge::Edge):
1012         (JSC::DFG::Edge::operator==):
1013         (JSC::DFG::Edge::operator!=):
1014         (Edge):
1015         (JSC::DFG::operator==):
1016         (JSC::DFG::operator!=):
1017         * dfg/DFGGraph.h:
1018         (JSC::DFG::Graph::operator[]):
1019         (JSC::DFG::Graph::at):
1020         (JSC::DFG::Graph::ref):
1021         (JSC::DFG::Graph::deref):
1022         (JSC::DFG::Graph::clearAndDerefChild1):
1023         (JSC::DFG::Graph::clearAndDerefChild2):
1024         (JSC::DFG::Graph::clearAndDerefChild3):
1025         (Graph):
1026         * dfg/DFGJITCompiler.h:
1027         (JSC::DFG::JITCompiler::getPrediction):
1028         * dfg/DFGNode.h:
1029         (JSC::DFG::Node::Node):
1030         (JSC::DFG::Node::child1):
1031         (JSC::DFG::Node::child1Unchecked):
1032         (JSC::DFG::Node::child2):
1033         (JSC::DFG::Node::child3):
1034         (Node):
1035         * dfg/DFGNodeFlags.cpp:
1036         (JSC::DFG::arithNodeFlagsAsString):
1037         * dfg/DFGNodeFlags.h:
1038         (DFG):
1039         (JSC::DFG::nodeUsedAsNumber):
1040         * dfg/DFGNodeReferenceBlob.h: Removed.
1041         * dfg/DFGNodeUse.h: Removed.
1042         * dfg/DFGPredictionPropagationPhase.cpp:
1043         (JSC::DFG::PredictionPropagationPhase::propagate):
1044         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1045         (JSC::DFG::PredictionPropagationPhase::vote):
1046         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1047         * dfg/DFGScoreBoard.h:
1048         (JSC::DFG::ScoreBoard::use):
1049         * dfg/DFGSpeculativeJIT.cpp:
1050         (JSC::DFG::SpeculativeJIT::useChildren):
1051         (JSC::DFG::SpeculativeJIT::writeBarrier):
1052         (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
1053         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
1054         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
1055         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1056         * dfg/DFGSpeculativeJIT.h:
1057         (JSC::DFG::SpeculativeJIT::at):
1058         (JSC::DFG::SpeculativeJIT::canReuse):
1059         (JSC::DFG::SpeculativeJIT::use):
1060         (SpeculativeJIT):
1061         (JSC::DFG::SpeculativeJIT::speculationCheck):
1062         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1063         (JSC::DFG::IntegerOperand::IntegerOperand):
1064         (JSC::DFG::DoubleOperand::DoubleOperand):
1065         (JSC::DFG::JSValueOperand::JSValueOperand):
1066         (JSC::DFG::StorageOperand::StorageOperand):
1067         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
1068         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
1069         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
1070         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
1071         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1072         * dfg/DFGSpeculativeJIT32_64.cpp:
1073         (JSC::DFG::SpeculativeJIT::cachedPutById):
1074         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1075         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1076         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1077         (JSC::DFG::SpeculativeJIT::emitCall):
1078         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1079         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1080         * dfg/DFGSpeculativeJIT64.cpp:
1081         (JSC::DFG::SpeculativeJIT::cachedPutById):
1082         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1083         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1084         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1085         (JSC::DFG::SpeculativeJIT::emitCall):
1086         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1087         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1088
1089 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1090
1091         Object.freeze broken on latest Nightly
1092         https://bugs.webkit.org/show_bug.cgi?id=80577
1093
1094         Reviewed by Oliver Hunt.
1095
1096         * runtime/Arguments.cpp:
1097         (JSC::Arguments::defineOwnProperty):
1098             - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
1099             been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
1100         * runtime/JSFunction.cpp:
1101         (JSC::JSFunction::defineOwnProperty):
1102             - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
1103             the object must be extensible; this is incorrect since these properties should already exist
1104             on the object. In addition, it was asserting that the arguments/caller values must match the
1105             corresponding magic data properties, but for strict mode function this is incorrect. Instead,
1106             just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
1107
1108 2012-03-19  Filip Pizlo  <fpizlo@apple.com>
1109
1110         LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
1111         https://bugs.webkit.org/show_bug.cgi?id=81559
1112
1113         Reviewed by Michael Saboff.
1114
1115         * llint/LLIntSlowPaths.cpp:
1116         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1117
1118 2012-03-19  Yong Li  <yoli@rim.com>
1119
1120         [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
1121         https://bugs.webkit.org/show_bug.cgi?id=77013
1122
1123         We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
1124         implement memory decommitting for QNX.
1125
1126         Reviewed by Rob Buis.
1127
1128         * wtf/OSAllocatorPosix.cpp:
1129         (WTF::OSAllocator::reserveUncommitted):
1130         (WTF::OSAllocator::commit):
1131         (WTF::OSAllocator::decommit):
1132
1133 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1134
1135         Unreviewed - revent a couple of files accidentally committed.
1136
1137         * runtime/Arguments.cpp:
1138         (JSC::Arguments::defineOwnProperty):
1139         * runtime/JSFunction.cpp:
1140         (JSC::JSFunction::defineOwnProperty):
1141
1142 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1143
1144         Another Windows build fix after r111129.
1145
1146         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1147
1148 2012-03-19  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1149
1150         Cross-platform processor core counter: fix build on FreeBSD.
1151         https://bugs.webkit.org/show_bug.cgi?id=81482
1152
1153         Reviewed by Zoltan Herczeg.
1154
1155         The documentation of sysctl(3) shows that <sys/types.h> should be
1156         included before <sys/sysctl.h> (sys/types.h tends to be the first
1157         included header in general).
1158
1159         This should fix the build on FreeBSD and other systems where
1160         sysctl.h really depends on types defined in types.h.
1161
1162         * wtf/NumberOfCores.cpp:
1163
1164 2012-03-19  Jessie Berlin  <jberlin@apple.com>
1165
1166         Windows build fix after r111129.
1167
1168         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1169
1170 2012-03-19  Gavin Barraclough  <barraclough@apple.com>
1171
1172         JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
1173         https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
1174
1175         Reviewed by Oliver Hunt.
1176
1177         The API specifies that convertToType may opt not to handle a conversion:
1178             "@result The objects's converted value, or NULL if the object was not converted."
1179         In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
1180         conversion functions, and failing that call the JSObject::defaultValue function.
1181
1182         Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
1183         the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
1184         bug#73368, these will return the result from the first convertToType they find, regardless
1185         of whether this result is null, and if no convertToType method is found in the api class
1186         hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
1187         chain), they will also return a null pointer. This is unsafe.
1188
1189         It would be easy to make the approach based around toStringCallback/valueOfCallback continue
1190         to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
1191         (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
1192         Making the fallback work with toString/valueOf methods attached to api objects is probably
1193         not the right thing to do – instead, we should just implement the defaultValue trap for api
1194         objects.
1195
1196         In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
1197         null to be returned from C to JavaScript - this is not okay. Handle with an exception.
1198
1199         * API/JSCallbackFunction.cpp:
1200         (JSC::JSCallbackFunction::call):
1201             - Should be null checking the return value.
1202         (JSC):
1203             - Remove toStringCallback/valueOfCallback.
1204         * API/JSCallbackFunction.h:
1205         (JSCallbackFunction):
1206             - Remove toStringCallback/valueOfCallback.
1207         * API/JSCallbackObject.h:
1208         (JSCallbackObject):
1209             - Add defaultValue mthods to JSCallbackObject.
1210         * API/JSCallbackObjectFunctions.h:
1211         (JSC::::defaultValue):
1212             - Add defaultValue mthods to JSCallbackObject.
1213         * API/JSClassRef.cpp:
1214         (OpaqueJSClass::prototype):
1215             - Remove toStringCallback/valueOfCallback.
1216         * API/tests/testapi.js:
1217             - Revert this test, now we no longer artificially introduce a toString method onto the api object.
1218
1219 2012-03-18  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
1220
1221         [EFL] Include ICU_INCLUDE_DIRS when building.
1222         https://bugs.webkit.org/show_bug.cgi?id=81483
1223
1224         Reviewed by Daniel Bates.
1225
1226         So far, only the ICU libraries were being included when building
1227         JavaScriptCore, however the include path is also needed, otherwise the
1228         build will fail when ICU is installed into a non-standard location.
1229
1230         * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
1231
1232 2012-03-17  Gavin Barraclough  <barraclough@apple.com>
1233
1234         Strength reduction, RegExp.exec -> RegExp.test
1235         https://bugs.webkit.org/show_bug.cgi?id=81459
1236
1237         Reviewed by Sam Weinig.
1238
1239         RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
1240         expression for a match against a string - however exec is more expensive, since
1241         it allocates a matches array object. In cases where the result is consumed in a
1242         boolean context the allocation of the matches array can be trivially elided.
1243
1244         For example:
1245             function f()
1246             {
1247                 for (i =0; i < 10000000; ++i)
1248                     if(!/a/.exec("a"))
1249                         err = true;
1250             }
1251
1252         This is a 2.5x speedup on this example microbenchmark loop.
1253
1254         In a more advanced form of this optimization, we may be able to avoid allocating
1255         the array where access to the array can be observed.
1256
1257         * create_hash_table:
1258         * dfg/DFGAbstractState.cpp:
1259         (JSC::DFG::AbstractState::execute):
1260         * dfg/DFGByteCodeParser.cpp:
1261         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1262         * dfg/DFGNode.h:
1263         (JSC::DFG::Node::hasHeapPrediction):
1264         * dfg/DFGNodeType.h:
1265         (DFG):
1266         * dfg/DFGOperations.cpp:
1267         * dfg/DFGOperations.h:
1268         * dfg/DFGPredictionPropagationPhase.cpp:
1269         (JSC::DFG::PredictionPropagationPhase::propagate):
1270         * dfg/DFGSpeculativeJIT.cpp:
1271         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
1272         (DFG):
1273         * dfg/DFGSpeculativeJIT.h:
1274         (JSC::DFG::SpeculativeJIT::callOperation):
1275         * dfg/DFGSpeculativeJIT32_64.cpp:
1276         (JSC::DFG::SpeculativeJIT::compile):
1277         * dfg/DFGSpeculativeJIT64.cpp:
1278         (JSC::DFG::SpeculativeJIT::compile):
1279         * jsc.cpp:
1280         (GlobalObject::addConstructableFunction):
1281         * runtime/Intrinsic.h:
1282         * runtime/JSFunction.cpp:
1283         (JSC::JSFunction::create):
1284         (JSC):
1285         * runtime/JSFunction.h:
1286         (JSFunction):
1287         * runtime/Lookup.cpp:
1288         (JSC::setUpStaticFunctionSlot):
1289         * runtime/RegExpObject.cpp:
1290         (JSC::RegExpObject::exec):
1291         (JSC::RegExpObject::match):
1292         * runtime/RegExpObject.h:
1293         (RegExpObject):
1294         * runtime/RegExpPrototype.cpp:
1295         (JSC::regExpProtoFuncTest):
1296         (JSC::regExpProtoFuncExec):
1297
1298 2012-03-16  Michael Saboff  <msaboff@apple.com>
1299
1300         Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
1301         https://bugs.webkit.org/show_bug.cgi?id=81244
1302
1303         Rubber stamped by Filip Pizlo.
1304
1305         Changed type and name of JSGlobalData::m_isInitializingObject to
1306         ClassInfo* and m_initializingObjectClass.
1307         Changed JSGlobalData::setInitializingObject to
1308         JSGlobalData::setInitializingObjectClass.  This pointer can be used within 
1309         the debugger to determine what type of object is being initialized.
1310         
1311         * runtime/JSCell.h:
1312         (JSC::JSCell::finishCreation):
1313         (JSC::allocateCell):
1314         * runtime/JSGlobalData.cpp:
1315         (JSC::JSGlobalData::JSGlobalData):
1316         * runtime/JSGlobalData.h:
1317         (JSGlobalData):
1318         (JSC::JSGlobalData::isInitializingObject):
1319         (JSC::JSGlobalData::setInitializingObjectClass):
1320         * runtime/Structure.h:
1321         (JSC::JSCell::finishCreation):
1322
1323 2012-03-16  Mark Rowe  <mrowe@apple.com>
1324
1325         Build fix. Do not preserve owner and group information when installing the WTF headers.
1326
1327         * JavaScriptCore.xcodeproj/project.pbxproj:
1328
1329 2012-03-15  David Dorwin  <ddorwin@chromium.org>
1330
1331         Make the array pointer parameters in the Typed Array create() methods const.
1332         https://bugs.webkit.org/show_bug.cgi?id=81147
1333
1334         Reviewed by Kenneth Russell.
1335
1336         This allows const arrays to be passed to these methods.
1337         They use PassRefPtr<Subclass> create(), which already has a const parameter.
1338
1339         * wtf/Int16Array.h:
1340         (Int16Array):
1341         (WTF::Int16Array::create):
1342         * wtf/Int32Array.h:
1343         (Int32Array):
1344         (WTF::Int32Array::create):
1345         * wtf/Int8Array.h:
1346         (Int8Array):
1347         (WTF::Int8Array::create):
1348         * wtf/Uint16Array.h:
1349         (Uint16Array):
1350         (WTF::Uint16Array::create):
1351         * wtf/Uint32Array.h:
1352         (Uint32Array):
1353         (WTF::Uint32Array::create):
1354         * wtf/Uint8Array.h:
1355         (Uint8Array):
1356         (WTF::Uint8Array::create):
1357         * wtf/Uint8ClampedArray.h:
1358         (Uint8ClampedArray):
1359         (WTF::Uint8ClampedArray::create):
1360
1361 2012-03-15  Myles Maxfield  <mmaxfield@google.com>
1362
1363         CopiedSpace::tryAllocateOversize assumes system page size
1364         https://bugs.webkit.org/show_bug.cgi?id=80615
1365
1366         Reviewed by Geoffrey Garen.
1367
1368         * heap/CopiedSpace.cpp:
1369         (JSC::CopiedSpace::tryAllocateOversize):
1370         * heap/CopiedSpace.h:
1371         (CopiedSpace):
1372         * heap/CopiedSpaceInlineMethods.h:
1373         (JSC::CopiedSpace::oversizeBlockFor):
1374         * wtf/BumpPointerAllocator.h:
1375         (WTF::BumpPointerPool::create):
1376         * wtf/StdLibExtras.h:
1377         (WTF::roundUpToMultipleOf):
1378
1379 2012-03-15  Mark Hahnenberg  <mhahnenberg@apple.com>
1380
1381         Fixing Windows build breakage
1382
1383         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1384
1385 2012-03-15  Patrick Gansterer  <paroga@webkit.org>
1386
1387         [EFL] Make zlib a general build requirement
1388         https://bugs.webkit.org/show_bug.cgi?id=80153
1389
1390         Reviewed by Hajime Morita.
1391
1392         After r109538 WebSocket module needs zlib to support deflate-frame extension.
1393
1394         * wtf/Platform.h:
1395
1396 2012-03-15  Benjamin Poulain  <bpoulain@apple.com>
1397
1398         NumericStrings should be inlined
1399         https://bugs.webkit.org/show_bug.cgi?id=81183
1400
1401         Reviewed by Gavin Barraclough.
1402
1403         NumericStrings is not always inlined. When it is not, the class is not faster
1404         than using UString::number() directly.
1405
1406         * runtime/NumericStrings.h:
1407         (JSC::NumericStrings::add):
1408         (JSC::NumericStrings::lookupSmallString):
1409
1410 2012-03-15  Andras Becsi  <andras.becsi@nokia.com>
1411
1412         Fix ARM build after r110792.
1413
1414         Unreviewed build fix.
1415
1416         * jit/ExecutableAllocator.h:
1417         (JSC::ExecutableAllocator::cacheFlush):
1418         Remove superfluous curly brackets.
1419
1420 2012-03-15  Gavin Barraclough  <barraclough@apple.com>
1421
1422         ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
1423         https://bugs.webkit.org/show_bug.cgi?id=81256
1424
1425         Reviewed by Oliver Hunt.
1426
1427         This is a 0.5% sunspider progression.
1428
1429         * assembler/MacroAssemblerARMv7.h:
1430         (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
1431             - switch which form of vmov we use.
1432
1433 2012-03-15  YoungTaeck Song  <youngtaeck.song@samsung.com>
1434
1435         [EFL] Add OwnPtr specialization for Ecore_Timer.
1436         https://bugs.webkit.org/show_bug.cgi?id=80119
1437
1438         Reviewed by Hajime Morita.
1439
1440         Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
1441
1442         * wtf/OwnPtrCommon.h:
1443         (WTF):
1444         * wtf/efl/OwnPtrEfl.cpp:
1445         (WTF::deleteOwnedPtr):
1446         (WTF):
1447
1448 2012-03-15  Hojong Han  <hojong.han@samsung.com>
1449
1450         Linux has madvise enough to support OSAllocator::commit/decommit
1451         https://bugs.webkit.org/show_bug.cgi?id=80505
1452
1453         Reviewed by Geoffrey Garen.
1454
1455         * wtf/OSAllocatorPosix.cpp:
1456         (WTF::OSAllocator::reserveUncommitted):
1457         (WTF::OSAllocator::commit):
1458         (WTF::OSAllocator::decommit):
1459
1460 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1461
1462         Windows build fix.
1463
1464         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
1465         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
1466         * JavaScriptCore.vcproj/WTF/copy-files.cmd:
1467         * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
1468
1469 2012-03-15  Steve Falkenburg  <sfalken@apple.com>
1470
1471         Windows build fix.
1472
1473         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
1474
1475 2012-03-15  Kevin Ollivier  <kevino@theolliviers.com>
1476
1477         Move wx port to using export macros
1478         https://bugs.webkit.org/show_bug.cgi?id=77279
1479
1480         Reviewed by Hajime Morita.
1481
1482         * wscript:
1483         * wtf/Platform.h:
1484
1485 2012-03-14  Benjamin Poulain  <bpoulain@apple.com>
1486
1487         Avoid StringImpl::getData16SlowCase() when sorting array
1488         https://bugs.webkit.org/show_bug.cgi?id=81070
1489
1490         Reviewed by Geoffrey Garen.
1491
1492         The function codePointCompare() is used intensively when sorting strings.
1493         This patch improves its performance by:
1494         -Avoiding character conversion.
1495         -Inlining the function.
1496
1497         This makes Peacekeeper's arrayCombined test 30% faster.
1498
1499         * wtf/text/StringImpl.cpp:
1500         * wtf/text/StringImpl.h:
1501         (WTF):
1502         (WTF::codePointCompare):
1503         (WTF::codePointCompare8):
1504         (WTF::codePointCompare16):
1505         (WTF::codePointCompare8To16):
1506
1507 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1508
1509         Fix memory allocation failed by fastmalloc
1510         https://bugs.webkit.org/show_bug.cgi?id=79614
1511
1512         Reviewed by Geoffrey Garen.
1513
1514         Memory allocation failed even if the heap grows successfully.
1515         It is wrong to get the span only from the large list after the heap grows,
1516         because new span could be added in the normal list.
1517
1518         * wtf/FastMalloc.cpp:
1519         (WTF::TCMalloc_PageHeap::New):
1520
1521 2012-03-14  Hojong Han  <hojong.han@samsung.com>
1522
1523         Run cacheFlush page by page to assure of flushing all the requested ranges
1524         https://bugs.webkit.org/show_bug.cgi?id=77712
1525
1526         Reviewed by Geoffrey Garen.
1527
1528         Current MetaAllocator concept, always coalesces adjacent free spaces,
1529         doesn't meet memory management of Linux kernel.
1530         In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
1531         Therefore cacheFlush page by page guarantees a flush-requested range.
1532
1533         * jit/ExecutableAllocator.h:
1534         (JSC::ExecutableAllocator::cacheFlush):
1535
1536 2012-03-14  Oliver Hunt  <oliver@apple.com>
1537
1538         Make ARMv7 work again
1539         https://bugs.webkit.org/show_bug.cgi?id=81157
1540
1541         Reviewed by Geoffrey Garen.
1542
1543         We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
1544         where we the ARMv7MacroAssembler would also try to use dataRegister for its own
1545         nefarious purposes.
1546
1547         * assembler/MacroAssembler.h:
1548         (JSC::MacroAssembler::store32):
1549         * assembler/MacroAssemblerARMv7.h:
1550         (MacroAssemblerARMv7):
1551
1552 2012-03-14  Mark Hahnenberg  <mhahnenberg@apple.com>
1553
1554         Heap::destroy leaks CopiedSpace
1555         https://bugs.webkit.org/show_bug.cgi?id=81055
1556
1557         Reviewed by Geoffrey Garen.
1558
1559         Added a destroy() function to CopiedSpace that moves all normal size 
1560         CopiedBlocks from the CopiedSpace to the Heap's list of free blocks 
1561         as well as deallocates all of the oversize blocks in the CopiedSpace. 
1562         This function is now called in Heap::destroy().
1563
1564         * heap/CopiedSpace.cpp:
1565         (JSC::CopiedSpace::destroy):
1566         (JSC):
1567         * heap/CopiedSpace.h:
1568         (CopiedSpace):
1569         * heap/Heap.cpp:
1570         (JSC::Heap::destroy):
1571
1572 2012-03-14  Andrew Lo  <anlo@rim.com>
1573
1574         [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
1575         https://bugs.webkit.org/show_bug.cgi?id=81000
1576
1577         Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
1578
1579         Reviewed by Antonio Gomes.
1580
1581         * wtf/Platform.h:
1582
1583 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1584
1585         ValueToInt32 speculation will cause OSR exits even when it does not have to
1586         https://bugs.webkit.org/show_bug.cgi?id=81068
1587         <rdar://problem/11043926>
1588
1589         Reviewed by Anders Carlsson.
1590         
1591         Two related changes:
1592         1) ValueToInt32 will now always just defer to the non-speculative path, instead
1593            of exiting, if it doesn't know what speculations to perform.
1594         2) ValueToInt32 will speculate boolean if it sees this to be profitable.
1595
1596         * dfg/DFGAbstractState.cpp:
1597         (JSC::DFG::AbstractState::execute):
1598         * dfg/DFGNode.h:
1599         (JSC::DFG::Node::shouldSpeculateBoolean):
1600         (Node):
1601         * dfg/DFGSpeculativeJIT.cpp:
1602         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
1603
1604 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1605
1606         More Windows build fixing
1607
1608         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1609
1610 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1611
1612         Windows build fix
1613
1614         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1615
1616 2012-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1617
1618         Type conversion of exponential part failed
1619         https://bugs.webkit.org/show_bug.cgi?id=80673
1620
1621         Reviewed by Geoffrey Garen.
1622
1623         * parser/Lexer.cpp:
1624         (JSC::::lex):
1625         * runtime/JSGlobalObjectFunctions.cpp:
1626         (JSC::parseInt):
1627         (JSC):
1628         (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
1629         we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template 
1630         parameter for strtod to allow trailing spaces.
1631         (JSC::toDouble):
1632         (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
1633         * runtime/LiteralParser.cpp:
1634         (JSC::::Lexer::lexNumber):
1635         * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that 
1636         we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
1637         * wtf/dtoa.cpp:
1638         (WTF):
1639         (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were 
1640         broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
1641         * wtf/dtoa.h:
1642         * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the 
1643         Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
1644         A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those 
1645         here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
1646         * wtf/text/WTFString.cpp:
1647         (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
1648
1649 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1650
1651         Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
1652         Removing the assert for now.
1653
1654         * dfg/DFGOperations.h:
1655         * llint/LLIntSlowPaths.h:
1656
1657 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1658
1659         Functions with C linkage should return POD types
1660         https://bugs.webkit.org/show_bug.cgi?id=81061
1661
1662         Reviewed by Mark Rowe.
1663
1664         * dfg/DFGOperations.h:
1665         * llint/LLIntSlowPaths.h:
1666         (LLInt):
1667         (SlowPathReturnType):
1668         (JSC::LLInt::encodeResult):
1669
1670 2012-03-13  Filip Pizlo  <fpizlo@apple.com>
1671
1672         Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
1673         https://bugs.webkit.org/show_bug.cgi?id=80979
1674         <rdar://problem/11036848>
1675
1676         Reviewed by Oliver Hunt.
1677         
1678         Also improved DFG IR dumping to include type information in a somewhat more
1679         intuitive way.
1680
1681         * bytecode/PredictedType.cpp:
1682         (JSC::predictionToAbbreviatedString):
1683         (JSC):
1684         * bytecode/PredictedType.h:
1685         (JSC):
1686         * dfg/DFGAbstractState.cpp:
1687         (JSC::DFG::AbstractState::execute):
1688         * dfg/DFGGraph.cpp:
1689         (JSC::DFG::Graph::dump):
1690         * dfg/DFGPredictionPropagationPhase.cpp:
1691         (JSC::DFG::PredictionPropagationPhase::propagate):
1692         * dfg/DFGSpeculativeJIT.cpp:
1693         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1694         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
1695         * dfg/DFGSpeculativeJIT.h:
1696         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1697
1698 2012-03-13  George Staikos  <staikos@webkit.org>
1699
1700         The callback is only used if SA_RESTART is defined.  Compile it out
1701         otherwise to avoid a warning.
1702         https://bugs.webkit.org/show_bug.cgi?id=80926
1703
1704         Reviewed by Alexey Proskuryakov.
1705
1706         * heap/MachineStackMarker.cpp:
1707         (JSC):
1708
1709 2012-03-13  Hojong Han  <hojong.han@samsung.com>
1710
1711         Dump the generated code for ARM_TRADITIONAL
1712         https://bugs.webkit.org/show_bug.cgi?id=80975
1713
1714         Reviewed by Gavin Barraclough.
1715
1716         * assembler/LinkBuffer.h:
1717         (JSC::LinkBuffer::dumpCode):
1718
1719 2012-03-13  Adam Barth  <abarth@webkit.org> && Benjamin Poulain  <bpoulain@apple.com>
1720
1721         Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
1722         https://bugs.webkit.org/show_bug.cgi?id=78853
1723
1724         Reviewed by Adam Barth.
1725
1726         * Configurations/FeatureDefines.xcconfig:
1727         * wtf/Platform.h:
1728
1729 2012-03-13  Kwonjin Jeong  <gram@company100.net>
1730
1731         Remove SlotVisitor::copy() method.
1732         https://bugs.webkit.org/show_bug.cgi?id=80973
1733
1734         Reviewed by Geoffrey Garen.
1735
1736         SlotVisitor::copy() method isn't called anywhere.
1737
1738         * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
1739         * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
1740
1741 2012-03-12  Hojong Han  <hojong.han@samsung.com>
1742
1743         Fix test cases for RegExp multiline
1744         https://bugs.webkit.org/show_bug.cgi?id=80822
1745
1746         Reviewed by Gavin Barraclough.
1747
1748         * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
1749         * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
1750         * tests/mozilla/js1_2/regexp/beginLine.js:
1751         * tests/mozilla/js1_2/regexp/endLine.js:
1752
1753 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1754
1755         Arithmetic use inference should be procedure-global and should run in tandem
1756         with type propagation
1757         https://bugs.webkit.org/show_bug.cgi?id=80819
1758         <rdar://problem/11034006>
1759
1760         Reviewed by Gavin Barraclough.
1761         
1762         * CMakeLists.txt:
1763         * GNUmakefile.list.am:
1764         * JavaScriptCore.xcodeproj/project.pbxproj:
1765         * Target.pri:
1766         * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
1767         * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
1768         * dfg/DFGDriver.cpp:
1769         (JSC::DFG::compile):
1770         * dfg/DFGPredictionPropagationPhase.cpp:
1771         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1772         (PredictionPropagationPhase):
1773         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1774         (JSC::DFG::PredictionPropagationPhase::propagate):
1775         (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
1776         * dfg/DFGVariableAccessData.h:
1777         (JSC::DFG::VariableAccessData::VariableAccessData):
1778         (JSC::DFG::VariableAccessData::flags):
1779         (VariableAccessData):
1780         (JSC::DFG::VariableAccessData::mergeFlags):
1781
1782 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1783
1784         Node::op and Node::flags should be private
1785         https://bugs.webkit.org/show_bug.cgi?id=80824
1786         <rdar://problem/11033435>
1787
1788         Reviewed by Gavin Barraclough.
1789
1790         * CMakeLists.txt:
1791         * GNUmakefile.list.am:
1792         * JavaScriptCore.xcodeproj/project.pbxproj:
1793         * Target.pri:
1794         * dfg/DFGAbstractState.cpp:
1795         (JSC::DFG::AbstractState::initialize):
1796         (JSC::DFG::AbstractState::execute):
1797         (JSC::DFG::AbstractState::mergeStateAtTail):
1798         (JSC::DFG::AbstractState::mergeToSuccessors):
1799         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1800         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1801         * dfg/DFGByteCodeParser.cpp:
1802         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
1803         (JSC::DFG::ByteCodeParser::getLocal):
1804         (JSC::DFG::ByteCodeParser::getArgument):
1805         (JSC::DFG::ByteCodeParser::flushArgument):
1806         (JSC::DFG::ByteCodeParser::toInt32):
1807         (JSC::DFG::ByteCodeParser::isJSConstant):
1808         (JSC::DFG::ByteCodeParser::makeSafe):
1809         (JSC::DFG::ByteCodeParser::makeDivSafe):
1810         (JSC::DFG::ByteCodeParser::handleInlining):
1811         (JSC::DFG::ByteCodeParser::parseBlock):
1812         (JSC::DFG::ByteCodeParser::processPhiStack):
1813         (JSC::DFG::ByteCodeParser::linkBlock):
1814         * dfg/DFGCFAPhase.cpp:
1815         (JSC::DFG::CFAPhase::performBlockCFA):
1816         * dfg/DFGCSEPhase.cpp:
1817         (JSC::DFG::CSEPhase::canonicalize):
1818         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1819         (JSC::DFG::CSEPhase::pureCSE):
1820         (JSC::DFG::CSEPhase::byValIsPure):
1821         (JSC::DFG::CSEPhase::clobbersWorld):
1822         (JSC::DFG::CSEPhase::impureCSE):
1823         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1824         (JSC::DFG::CSEPhase::getByValLoadElimination):
1825         (JSC::DFG::CSEPhase::checkFunctionElimination):
1826         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1827         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1828         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1829         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1830         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1831         (JSC::DFG::CSEPhase::performNodeCSE):
1832         * dfg/DFGGraph.cpp:
1833         (JSC::DFG::Graph::dump):
1834         (DFG):
1835         * dfg/DFGGraph.h:
1836         (JSC::DFG::Graph::addShouldSpeculateInteger):
1837         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1838         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1839         * dfg/DFGNode.cpp: Removed.
1840         * dfg/DFGNode.h:
1841         (DFG):
1842         (JSC::DFG::Node::Node):
1843         (Node):
1844         (JSC::DFG::Node::op):
1845         (JSC::DFG::Node::flags):
1846         (JSC::DFG::Node::setOp):
1847         (JSC::DFG::Node::setFlags):
1848         (JSC::DFG::Node::mergeFlags):
1849         (JSC::DFG::Node::filterFlags):
1850         (JSC::DFG::Node::clearFlags):
1851         (JSC::DFG::Node::setOpAndDefaultFlags):
1852         (JSC::DFG::Node::mustGenerate):
1853         (JSC::DFG::Node::isConstant):
1854         (JSC::DFG::Node::isWeakConstant):
1855         (JSC::DFG::Node::valueOfJSConstant):
1856         (JSC::DFG::Node::hasVariableAccessData):
1857         (JSC::DFG::Node::hasIdentifier):
1858         (JSC::DFG::Node::resolveGlobalDataIndex):
1859         (JSC::DFG::Node::hasArithNodeFlags):
1860         (JSC::DFG::Node::arithNodeFlags):
1861         (JSC::DFG::Node::setArithNodeFlag):
1862         (JSC::DFG::Node::mergeArithNodeFlags):
1863         (JSC::DFG::Node::hasConstantBuffer):
1864         (JSC::DFG::Node::hasRegexpIndex):
1865         (JSC::DFG::Node::hasVarNumber):
1866         (JSC::DFG::Node::hasScopeChainDepth):
1867         (JSC::DFG::Node::hasResult):
1868         (JSC::DFG::Node::hasInt32Result):
1869         (JSC::DFG::Node::hasNumberResult):
1870         (JSC::DFG::Node::hasJSResult):
1871         (JSC::DFG::Node::hasBooleanResult):
1872         (JSC::DFG::Node::isJump):
1873         (JSC::DFG::Node::isBranch):
1874         (JSC::DFG::Node::isTerminal):
1875         (JSC::DFG::Node::hasHeapPrediction):
1876         (JSC::DFG::Node::hasFunctionCheckData):
1877         (JSC::DFG::Node::hasStructureTransitionData):
1878         (JSC::DFG::Node::hasStructureSet):
1879         (JSC::DFG::Node::hasStorageAccessData):
1880         (JSC::DFG::Node::hasFunctionDeclIndex):
1881         (JSC::DFG::Node::hasFunctionExprIndex):
1882         (JSC::DFG::Node::child1):
1883         (JSC::DFG::Node::child2):
1884         (JSC::DFG::Node::child3):
1885         (JSC::DFG::Node::firstChild):
1886         (JSC::DFG::Node::numChildren):
1887         * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
1888         * dfg/DFGNodeFlags.h: Added.
1889         (DFG):
1890         (JSC::DFG::nodeUsedAsNumber):
1891         (JSC::DFG::nodeCanTruncateInteger):
1892         (JSC::DFG::nodeCanIgnoreNegativeZero):
1893         (JSC::DFG::nodeMayOverflow):
1894         (JSC::DFG::nodeCanSpeculateInteger):
1895         * dfg/DFGNodeType.h: Added.
1896         (DFG):
1897         (JSC::DFG::defaultFlags):
1898         * dfg/DFGPredictionPropagationPhase.cpp:
1899         (JSC::DFG::PredictionPropagationPhase::propagate):
1900         (JSC::DFG::PredictionPropagationPhase::vote):
1901         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1902         (JSC::DFG::PredictionPropagationPhase::fixupNode):
1903         * dfg/DFGRedundantPhiEliminationPhase.cpp:
1904         (JSC::DFG::RedundantPhiEliminationPhase::run):
1905         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
1906         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
1907         * dfg/DFGSpeculativeJIT.cpp:
1908         (JSC::DFG::SpeculativeJIT::useChildren):
1909         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1910         (JSC::DFG::SpeculativeJIT::compileMovHint):
1911         (JSC::DFG::SpeculativeJIT::compile):
1912         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1913         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1914         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1915         (JSC::DFG::SpeculativeJIT::compileAdd):
1916         (JSC::DFG::SpeculativeJIT::compare):
1917         * dfg/DFGSpeculativeJIT.h:
1918         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1919         * dfg/DFGSpeculativeJIT32_64.cpp:
1920         (JSC::DFG::SpeculativeJIT::emitCall):
1921         (JSC::DFG::SpeculativeJIT::compile):
1922         * dfg/DFGSpeculativeJIT64.cpp:
1923         (JSC::DFG::SpeculativeJIT::emitCall):
1924         (JSC::DFG::SpeculativeJIT::compile):
1925         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1926         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1927
1928 2012-03-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1929
1930         Minor DataLog fixes
1931         https://bugs.webkit.org/show_bug.cgi?id=80826
1932
1933         Reviewed by Andreas Kling.
1934
1935         * bytecode/ExecutionCounter.cpp:
1936         Do not include DataLog.h, it is not used.
1937         
1938         * jit/ExecutableAllocator.cpp:
1939         Ditto.
1940
1941         * wtf/DataLog.cpp:
1942         (WTF::initializeLogFileOnce):
1943         Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
1944
1945         * wtf/HashTable.cpp:
1946         Include DataLog as it is used.
1947
1948 2012-03-12  SangGyu Lee  <sg5.lee@samsung.com>
1949
1950         Integer overflow check code in arithmetic operation in classic interpreter
1951         https://bugs.webkit.org/show_bug.cgi?id=80465
1952
1953         Reviewed by Gavin Barraclough.
1954
1955         * interpreter/Interpreter.cpp:
1956         (JSC::Interpreter::privateExecute):
1957
1958 2012-03-12  Zeno Albisser  <zeno@webkit.org>
1959
1960         [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
1961         https://bugs.webkit.org/show_bug.cgi?id=80827
1962
1963         Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
1964
1965         Reviewed by Simon Hausmann.
1966
1967         * wtf/Platform.h:
1968
1969 2012-03-12  Simon Hausmann  <simon.hausmann@nokia.com>
1970
1971         Unreviewed prospective Qt/Mac build fix
1972
1973         * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
1974         whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
1975         constructor.
1976
1977 2012-03-12  Filip Pizlo  <fpizlo@apple.com>
1978
1979         All DFG nodes should have a mutable set of flags
1980         https://bugs.webkit.org/show_bug.cgi?id=80779
1981         <rdar://problem/11026218>
1982
1983         Reviewed by Gavin Barraclough.
1984         
1985         Got rid of NodeId, and placed all of the flags that distinguished NodeId
1986         from NodeType into a separate Node::flags field. Combined what was previously
1987         ArithNodeFlags into Node::flags.
1988         
1989         In the process of debugging, I found that the debug support in the virtual
1990         register allocator was lacking, so I improved it. I also realized that the
1991         virtual register allocator was assuming that the nodes in a basic block were
1992         contiguous, which is no longer the case. So I fixed that. The fix also made
1993         it natural to have more extreme assertions, so I added them. I suspect this
1994         will make it easier to catch virtual register allocation bugs in the future.
1995         
1996         This is mostly performance neutral; if anything it looks like a slight
1997         speed-up.
1998         
1999         This patch does leave some work for future refactorings; for example, Node::op
2000         is unencapsulated. This was already the case, though now it feels even more
2001         like it should be. I avoided doing that because this patch has already grown
2002         way bigger than I wanted.
2003         
2004         Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
2005         move some unnecessarily inline stuff out of DFGNode.h.
2006
2007         * CMakeLists.txt:
2008         * GNUmakefile.list.am:
2009         * JavaScriptCore.xcodeproj/project.pbxproj:
2010         * Target.pri:
2011         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
2012         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
2013         * dfg/DFGByteCodeParser.cpp:
2014         (JSC::DFG::ByteCodeParser::addToGraph):
2015         (JSC::DFG::ByteCodeParser::makeSafe):
2016         (JSC::DFG::ByteCodeParser::makeDivSafe):
2017         (JSC::DFG::ByteCodeParser::handleMinMax):
2018         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2019         (JSC::DFG::ByteCodeParser::parseBlock):
2020         * dfg/DFGCFAPhase.cpp:
2021         (JSC::DFG::CFAPhase::performBlockCFA):
2022         * dfg/DFGCSEPhase.cpp:
2023         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2024         (JSC::DFG::CSEPhase::pureCSE):
2025         (JSC::DFG::CSEPhase::clobbersWorld):
2026         (JSC::DFG::CSEPhase::impureCSE):
2027         (JSC::DFG::CSEPhase::setReplacement):
2028         (JSC::DFG::CSEPhase::eliminate):
2029         (JSC::DFG::CSEPhase::performNodeCSE):
2030         (JSC::DFG::CSEPhase::performBlockCSE):
2031         (CSEPhase):
2032         * dfg/DFGGraph.cpp:
2033         (JSC::DFG::Graph::opName):
2034         (JSC::DFG::Graph::dump):
2035         (DFG):
2036         * dfg/DFGNode.cpp: Added.
2037         (DFG):
2038         (JSC::DFG::arithNodeFlagsAsString):
2039         * dfg/DFGNode.h:
2040         (DFG):
2041         (JSC::DFG::nodeUsedAsNumber):
2042         (JSC::DFG::nodeCanTruncateInteger):
2043         (JSC::DFG::nodeCanIgnoreNegativeZero):
2044         (JSC::DFG::nodeMayOverflow):
2045         (JSC::DFG::nodeCanSpeculateInteger):
2046         (JSC::DFG::defaultFlags):
2047         (JSC::DFG::Node::Node):
2048         (Node):
2049         (JSC::DFG::Node::setOpAndDefaultFlags):
2050         (JSC::DFG::Node::mustGenerate):
2051         (JSC::DFG::Node::arithNodeFlags):
2052         (JSC::DFG::Node::setArithNodeFlag):
2053         (JSC::DFG::Node::mergeArithNodeFlags):
2054         (JSC::DFG::Node::hasResult):
2055         (JSC::DFG::Node::hasInt32Result):
2056         (JSC::DFG::Node::hasNumberResult):
2057         (JSC::DFG::Node::hasJSResult):
2058         (JSC::DFG::Node::hasBooleanResult):
2059         (JSC::DFG::Node::isJump):
2060         (JSC::DFG::Node::isBranch):
2061         (JSC::DFG::Node::isTerminal):
2062         (JSC::DFG::Node::child1):
2063         (JSC::DFG::Node::child2):
2064         (JSC::DFG::Node::child3):
2065         (JSC::DFG::Node::firstChild):
2066         (JSC::DFG::Node::numChildren):
2067         * dfg/DFGPredictionPropagationPhase.cpp:
2068         (JSC::DFG::PredictionPropagationPhase::propagate):
2069         (JSC::DFG::PredictionPropagationPhase::vote):
2070         (JSC::DFG::PredictionPropagationPhase::fixupNode):
2071         * dfg/DFGScoreBoard.h:
2072         (ScoreBoard):
2073         (JSC::DFG::ScoreBoard::~ScoreBoard):
2074         (JSC::DFG::ScoreBoard::assertClear):
2075         (JSC::DFG::ScoreBoard::use):
2076         * dfg/DFGSpeculativeJIT.cpp:
2077         (JSC::DFG::SpeculativeJIT::useChildren):
2078         * dfg/DFGSpeculativeJIT32_64.cpp:
2079         (JSC::DFG::SpeculativeJIT::compile):
2080         * dfg/DFGSpeculativeJIT64.cpp:
2081         (JSC::DFG::SpeculativeJIT::compile):
2082         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2083         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2084
2085 2012-03-10  Filip Pizlo  <fpizlo@apple.com>
2086
2087         LLInt should support JSVALUE64
2088         https://bugs.webkit.org/show_bug.cgi?id=79609
2089         <rdar://problem/10063437>
2090
2091         Reviewed by Gavin Barraclough and Oliver Hunt.
2092         
2093         Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
2094         patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
2095         file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
2096         specialized for value representation.
2097         
2098         Also made some minor changes to offlineasm and the slow-paths.
2099
2100         * llint/LLIntData.cpp:
2101         (JSC::LLInt::Data::performAssertions):
2102         * llint/LLIntEntrypoints.cpp:
2103         * llint/LLIntSlowPaths.cpp:
2104         (LLInt):
2105         (JSC::LLInt::llint_trace_value):
2106         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2107         (JSC::LLInt::jitCompileAndSetHeuristics):
2108         * llint/LLIntSlowPaths.h:
2109         (LLInt):
2110         (SlowPathReturnType):
2111         (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
2112         (JSC::LLInt::encodeResult):
2113         * llint/LLIntThunks.cpp:
2114         * llint/LowLevelInterpreter.asm:
2115         * llint/LowLevelInterpreter32_64.asm:
2116         * llint/LowLevelInterpreter64.asm:
2117         * offlineasm/armv7.rb:
2118         * offlineasm/asm.rb:
2119         * offlineasm/ast.rb:
2120         * offlineasm/backends.rb:
2121         * offlineasm/instructions.rb:
2122         * offlineasm/parser.rb:
2123         * offlineasm/registers.rb:
2124         * offlineasm/transform.rb:
2125         * offlineasm/x86.rb:
2126         * wtf/Platform.h:
2127
2128 2012-03-10  Yong Li  <yoli@rim.com>
2129
2130         Web Worker crashes with WX_EXCLUSIVE
2131         https://bugs.webkit.org/show_bug.cgi?id=80532
2132
2133         Let each JS global object own a meta allocator
2134         for WX_EXCLUSIVE to avoid conflicts from Web Worker.
2135         Also fix a mutex leak in MetaAllocator's dtor.
2136
2137         Reviewed by Filip Pizlo.
2138
2139         * jit/ExecutableAllocator.cpp:
2140         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2141         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2142         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2143         (DemandExecutableAllocator):
2144         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2145         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2146         (JSC::DemandExecutableAllocator::allocateNewSpace):
2147         (JSC::DemandExecutableAllocator::allocators):
2148         (JSC::DemandExecutableAllocator::allocatorsMutex):
2149         (JSC):
2150         (JSC::ExecutableAllocator::initializeAllocator):
2151         (JSC::ExecutableAllocator::ExecutableAllocator):
2152         (JSC::ExecutableAllocator::underMemoryPressure):
2153         (JSC::ExecutableAllocator::memoryPressureMultiplier):
2154         (JSC::ExecutableAllocator::allocate):
2155         (JSC::ExecutableAllocator::committedByteCount):
2156         (JSC::ExecutableAllocator::dumpProfile):
2157         * jit/ExecutableAllocator.h:
2158         (JSC):
2159         (ExecutableAllocator):
2160         (JSC::ExecutableAllocator::allocator):
2161         * wtf/MetaAllocator.h:
2162         (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
2163         * wtf/TCSpinLock.h:
2164         (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
2165
2166 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2167
2168         Object.freeze broken on latest Nightly
2169         https://bugs.webkit.org/show_bug.cgi?id=80577
2170
2171         Reviewed by Oliver Hunt.
2172
2173         The problem here is that deleteProperty rejects deletion of prototype.
2174         This is correct in most cases, however defineOwnPropery is presently
2175         implemented internally to ensure the attributes change by deleting the
2176         old property, and creating a new one.
2177
2178         * runtime/JSFunction.cpp:
2179         (JSC::JSFunction::deleteProperty):
2180             - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
2181
2182 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2183
2184         Array.prototype.toLocaleString visits elements in wrong order under certain conditions
2185         https://bugs.webkit.org/show_bug.cgi?id=80663
2186
2187         Reviewed by Michael Saboff.
2188
2189         The bug here is actually that we're continuing to process the array after an exception
2190         has been thrown, and that the second value throw is overriding the first.
2191
2192         * runtime/ArrayPrototype.cpp:
2193         (JSC::arrayProtoFuncToLocaleString):
2194
2195 2012-03-09  Ryosuke Niwa  <rniwa@webkit.org>
2196
2197         WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
2198         https://bugs.webkit.org/show_bug.cgi?id=80080
2199
2200         Reviewed by Filip Pizlo.
2201
2202         * bytecode/SamplingTool.cpp:
2203         (JSC::SamplingRegion::Locker::Locker):
2204         (JSC::SamplingRegion::Locker::~Locker):
2205         * bytecode/SamplingTool.h:
2206         (JSC::SamplingRegion::exchangeCurrent):
2207         * wtf/Atomics.h:
2208         (WTF):
2209         (WTF::weakCompareAndSwap):
2210         (WTF::weakCompareAndSwapUIntPtr):
2211
2212 2012-03-09  Gavin Barraclough  <barraclough@apple.com>
2213
2214         REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
2215         https://bugs.webkit.org/show_bug.cgi?id=49989
2216
2217         Reviewed by Oliver Hunt.
2218
2219         Patch originally by chris reiss <christopher.reiss@nokia.com>,
2220         allow the year to appear before the timezone in date strings.
2221
2222         * wtf/DateMath.cpp:
2223         (WTF::parseDateFromNullTerminatedCharacters):
2224
2225 2012-03-09  Mark Rowe  <mrowe@apple.com>
2226
2227         Ensure that the WTF headers are copied at installhdrs time.
2228
2229         Reviewed by Dan Bernstein and Jessie Berlin.
2230
2231         * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
2232         so that our script phases are invoked at installhdrs time. The only one that
2233         does any useful work at that time is the one that installs WTF headers.
2234
2235 2012-03-09  Jon Lee  <jonlee@apple.com>
2236
2237         Add support for ENABLE(LEGACY_NOTIFICATIONS)
2238         https://bugs.webkit.org/show_bug.cgi?id=80497
2239
2240         Reviewed by Adam Barth.
2241
2242         Prep for b80472: Update API for Web Notifications
2243         * Configurations/FeatureDefines.xcconfig:
2244
2245 2012-03-09  Ashod Nakashian  <ashodnakashian@yahoo.com>
2246
2247         Bash scripts should support LF endings only
2248         https://bugs.webkit.org/show_bug.cgi?id=79509
2249
2250         Reviewed by David Kilzer.
2251
2252         * gyp/generate-derived-sources.sh: Added property svn:eol-style.
2253         * gyp/run-if-exists.sh: Added property svn:eol-style.
2254         * gyp/update-info-plist.sh: Added property svn:eol-style.
2255
2256 2012-03-09  Jessie Berlin  <jberlin@apple.com>
2257
2258         Windows debug build fix.
2259
2260         * assembler/MacroAssembler.h:
2261         (JSC::MacroAssembler::shouldBlind):
2262         Fix unreachable code warnings (which we treat as errors).
2263
2264 2012-03-09  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
2265
2266         Reviewed by Zoltan Herczeg.
2267
2268         [Qt] Fix the SH4 build after r109834
2269         https://bugs.webkit.org/show_bug.cgi?id=80492
2270
2271         * assembler/MacroAssemblerSH4.h:
2272         (JSC::MacroAssemblerSH4::branchAdd32):
2273         (JSC::MacroAssemblerSH4::branchSub32):
2274
2275 2012-03-09  Andy Wingo  <wingo@igalia.com>
2276
2277         Refactor code feature analysis in the parser
2278         https://bugs.webkit.org/show_bug.cgi?id=79112
2279
2280         Reviewed by Geoffrey Garen.
2281
2282         This commit refactors the parser to more uniformly propagate flag
2283         bits down and up the parse process, as the parser descends and
2284         returns into nested blocks.  Some flags get passed town to
2285         subscopes, some apply to specific scopes only, and some get
2286         unioned up after parsing subscopes.
2287
2288         The goal is to eventually be very precise with scoping
2289         information, once we have block scopes: one block scope might use
2290         `eval', which would require the emission of a symbol table within
2291         that block and containing blocks, whereas another block in the
2292         same function might not, allowing us to not emit a symbol table.
2293
2294         * parser/Nodes.h:
2295         (JSC::ScopeFlags): Rename from CodeFeatures.
2296         (JSC::ScopeNode::addScopeFlags):
2297         (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
2298         (JSC::ScopeNode::isStrictMode):
2299         (JSC::ScopeNode::usesEval):
2300         (JSC::ScopeNode::usesArguments):
2301         (JSC::ScopeNode::setUsesArguments):
2302         (JSC::ScopeNode::usesThis):
2303         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2304         (JSC::ScopeNode::needsActivation): Refactor these accessors to
2305         operate on the m_scopeFlags member.
2306         (JSC::ScopeNode::source):
2307         (JSC::ScopeNode::sourceURL):
2308         (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
2309         semantic change.
2310         (JSC::ScopeNode::ScopeNode)
2311         (JSC::ProgramNode::ProgramNode)
2312         (JSC::EvalNode::EvalNode)
2313         (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
2314         take a ScopeFlags as an argument, instead of a bool inStrictContext.
2315
2316         * parser/Nodes.cpp:
2317         (JSC::ScopeNode::ScopeNode):
2318         (JSC::ProgramNode::ProgramNode):
2319         (JSC::ProgramNode::create):
2320         (JSC::EvalNode::EvalNode):
2321         (JSC::EvalNode::create):
2322         (JSC::FunctionBodyNode::FunctionBodyNode):
2323         (JSC::FunctionBodyNode::create): Adapt constructors to change.
2324
2325         * parser/ASTBuilder.h:
2326         (JSC::ASTBuilder::ASTBuilder):
2327         (JSC::ASTBuilder::thisExpr):
2328         (JSC::ASTBuilder::createResolve):
2329         (JSC::ASTBuilder::createFunctionBody):
2330         (JSC::ASTBuilder::createFuncDeclStatement):
2331         (JSC::ASTBuilder::createTryStatement):
2332         (JSC::ASTBuilder::createWithStatement):
2333         (JSC::ASTBuilder::addVar):
2334         (JSC::ASTBuilder::Scope::Scope):
2335         (Scope):
2336         (ASTBuilder):
2337         (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
2338         features here.  Instead rely on the base Parser mechanism to track
2339         features.
2340
2341         * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
2342
2343         * parser/Parser.h:
2344         (JSC::Scope::Scope): Manage scope through flags, not
2345         bit-booleans.  This lets us uniformly propagate them up and down.
2346         (JSC::Scope::declareWrite):
2347         (JSC::Scope::declareParameter):
2348         (JSC::Scope::useVariable):
2349         (JSC::Scope::collectFreeVariables):
2350         (JSC::Scope::getCapturedVariables):
2351         (JSC::Scope::saveFunctionInfo):
2352         (JSC::Scope::restoreFunctionInfo):
2353         (JSC::Parser::pushScope): Adapt to use scope flags and their
2354         accessors instead of bit-booleans.
2355         * parser/Parser.cpp:
2356         (JSC::::Parser):
2357         (JSC::::parseInner):
2358         (JSC::::didFinishParsing):
2359         (JSC::::parseSourceElements):
2360         (JSC::::parseVarDeclarationList):
2361         (JSC::::parseConstDeclarationList):
2362         (JSC::::parseWithStatement):
2363         (JSC::::parseTryStatement):
2364         (JSC::::parseFunctionBody):
2365         (JSC::::parseFunctionInfo):
2366         (JSC::::parseFunctionDeclaration):
2367         (JSC::::parsePrimaryExpression): Hoist some of the flag handling
2368         out of the "context" (ASTBuilder or SyntaxChecker) and to here.
2369         Does not seem to have a performance impact.
2370
2371         * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
2372         Cache the scopeflags.
2373         * parser/SyntaxChecker.h: Remove evalCount() decl.
2374
2375         * runtime/Executable.cpp:
2376         (JSC::EvalExecutable::compileInternal):
2377         (JSC::ProgramExecutable::compileInternal):
2378         (JSC::FunctionExecutable::produceCodeBlockFor):
2379         * runtime/Executable.h:
2380         (JSC::ScriptExecutable::ScriptExecutable):
2381         (JSC::ScriptExecutable::usesEval):
2382         (JSC::ScriptExecutable::usesArguments):
2383         (JSC::ScriptExecutable::needsActivation):
2384         (JSC::ScriptExecutable::isStrictMode):
2385         (JSC::ScriptExecutable::recordParse):
2386         (ScriptExecutable): ScopeFlags, not features.
2387
2388 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2389
2390         Build fix for MSVC after r110266
2391
2392         Unreviewed. A #ifdef for MSVC was left over in r110266.
2393
2394         * runtime/RegExpObject.h:
2395         (RegExpObject):
2396
2397 2012-03-08  Benjamin Poulain  <bpoulain@apple.com>
2398
2399         Allocate the RegExpObject's data with the Cell
2400         https://bugs.webkit.org/show_bug.cgi?id=80654
2401
2402         Reviewed by Gavin Barraclough.
2403
2404         This patch removes the creation of RegExpObject's data to avoid the overhead
2405         create by the allocation and destruction.
2406
2407         We RegExp are created repeatedly, this provides some performance improvment.
2408         The PeaceKeeper test stringDetectBrowser improves by 10%.
2409
2410         * runtime/RegExpObject.cpp:
2411         (JSC::RegExpObject::RegExpObject):
2412         (JSC::RegExpObject::visitChildren):
2413         (JSC::RegExpObject::getOwnPropertyDescriptor):
2414         (JSC::RegExpObject::defineOwnProperty):
2415         (JSC::RegExpObject::match):
2416         * runtime/RegExpObject.h:
2417         (JSC::RegExpObject::setRegExp):
2418         (JSC::RegExpObject::regExp):
2419         (JSC::RegExpObject::setLastIndex):
2420         (JSC::RegExpObject::getLastIndex):
2421         (RegExpObject):
2422
2423 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2424
2425         Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
2426         https://bugs.webkit.org/show_bug.cgi?id=80657
2427         
2428         Preparation for WTF separation from JavaScriptCore.
2429         The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
2430         dependencies for generated files.
2431         
2432         This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
2433         versions of the WTF code independent of the JavaScriptCore code.
2434
2435         Reviewed by Jessie Berlin.
2436
2437         * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
2438         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
2439         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
2440         * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
2441         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
2442         * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
2443         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
2444         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
2445         * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
2446         * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
2447         * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
2448         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
2449         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
2450         * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
2451         * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
2452         * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
2453         * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
2454         * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
2455         * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
2456         * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
2457         * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
2458
2459 2012-03-08  Benjamin Poulain  <benjamin@webkit.org>
2460
2461         Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
2462         https://bugs.webkit.org/show_bug.cgi?id=80652
2463
2464         Reviewed by Eric Seidel.
2465
2466         Fix the header, URLSegments.h is not part of the API.
2467
2468         * wtf/url/api/ParsedURL.h:
2469
2470 2012-03-08  Ryosuke Niwa  <rniwa@webkit.org>
2471
2472         Mac build fix for micro data API.
2473
2474         * Configurations/FeatureDefines.xcconfig:
2475
2476 2012-03-08  Gavin Barraclough  <barraclough@apple.com>
2477
2478         String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
2479         https://bugs.webkit.org/show_bug.cgi?id=26890
2480
2481         Reviewed by Oliver Hunt.
2482
2483         Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
2484
2485         * runtime/StringPrototype.cpp:
2486         (JSC::replaceUsingRegExpSearch):
2487         (JSC::stringProtoFuncMatch):
2488             - added calls to setLastIndex.
2489
2490 2012-03-08  Matt Lilek  <mrl@apple.com>
2491
2492         Don't enable VIDEO_TRACK on all OS X platforms
2493         https://bugs.webkit.org/show_bug.cgi?id=80635
2494
2495         Reviewed by Eric Carlson.
2496
2497         * Configurations/FeatureDefines.xcconfig:
2498
2499 2012-03-08  Oliver Hunt  <oliver@apple.com>
2500
2501         Build fix.  That day is not today.
2502
2503         * assembler/MacroAssembler.h:
2504         (JSC::MacroAssembler::shouldBlind):
2505         * assembler/MacroAssemblerX86Common.h:
2506         (MacroAssemblerX86Common):
2507         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2508
2509 2012-03-08  Oliver Hunt  <oliver@apple.com>
2510
2511         Build fix. One of these days I'll manage to commit something that works everywhere.
2512
2513         * assembler/AbstractMacroAssembler.h:
2514         (AbstractMacroAssembler):
2515         * assembler/MacroAssemblerARMv7.h:
2516         (MacroAssemblerARMv7):
2517         * assembler/MacroAssemblerX86Common.h:
2518         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2519         (MacroAssemblerX86Common):
2520
2521 2012-03-08  Chao-ying Fu  <fu@mips.com>
2522
2523         Update MIPS patchOffsetGetByIdSlowCaseCall
2524         https://bugs.webkit.org/show_bug.cgi?id=80302
2525
2526         Reviewed by Oliver Hunt.
2527
2528         * jit/JIT.h:
2529         (JIT):
2530
2531 2012-03-08  Oliver Hunt  <oliver@apple.com>
2532
2533         Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
2534         https://bugs.webkit.org/show_bug.cgi?id=80633
2535
2536         Reviewed by Gavin Barraclough.
2537
2538         Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
2539         if there isn't a machine specific implementation (otherwise the 64bit value
2540         got truncated and 32bit checks were used -- leaving 32bits untested).
2541         Also add a bit of logic to ensure that we don't try to blind a few common
2542         constants that go through the ImmPtr paths -- encoded numeric JSValues and
2543         unencoded doubles with common "safe" values.
2544
2545         * assembler/AbstractMacroAssembler.h:
2546         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
2547         * assembler/MacroAssembler.h:
2548         (JSC::MacroAssembler::shouldBlindDouble):
2549         (MacroAssembler):
2550         (JSC::MacroAssembler::shouldBlind):
2551         * assembler/MacroAssemblerX86Common.h:
2552         (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
2553
2554 2012-03-08  Mark Rowe  <mrowe@apple.com>
2555
2556         <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
2557
2558         Reviewed by Dan Bernstein.
2559
2560         * Configurations/Base.xcconfig:
2561
2562 2012-03-08  Steve Falkenburg  <sfalken@apple.com>
2563
2564         Fix line endings for copy-files.cmd.
2565         
2566         If a cmd file doesn't have Windows line endings, it doesn't work properly.
2567         In this case, the label :clean wasn't found, breaking the clean build.
2568         
2569         Reviewed by Jessie Berlin.
2570
2571         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2572
2573 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2574
2575         DFG CFA incorrectly handles ValueToInt32
2576         https://bugs.webkit.org/show_bug.cgi?id=80568
2577
2578         Reviewed by Gavin Barraclough.
2579         
2580         Changed it match exactly the decision pattern used in
2581         DFG::SpeculativeJIT::compileValueToInt32
2582
2583         * dfg/DFGAbstractState.cpp:
2584         (JSC::DFG::AbstractState::execute):
2585
2586 2012-03-08  Viatcheslav Ostapenko  <ostapenko.viatcheslav@nokia.com>
2587
2588         [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
2589         https://bugs.webkit.org/show_bug.cgi?id=80524
2590
2591         Reviewed by Simon Hausmann.
2592
2593         Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking 
2594         of WTF library.
2595
2596         * runtime/Identifier.cpp:
2597         * wtf/WTFThreadData.cpp:
2598         (JSC):
2599         (JSC::IdentifierTable::~IdentifierTable):
2600         (JSC::IdentifierTable::add):
2601
2602 2012-03-08  Filip Pizlo  <fpizlo@apple.com>
2603
2604         DFG instruction count threshold should be lifted to 10000
2605         https://bugs.webkit.org/show_bug.cgi?id=80579
2606
2607         Reviewed by Gavin Barraclough.
2608
2609         * runtime/Options.cpp:
2610         (JSC::Options::initializeOptions):
2611
2612 2012-03-07  Filip Pizlo  <fpizlo@apple.com>
2613
2614         Incorrect tracking of abstract values of variables forced double
2615         https://bugs.webkit.org/show_bug.cgi?id=80566
2616         <rdar://problem/11001442>
2617
2618         Reviewed by Gavin Barraclough.
2619
2620         * dfg/DFGAbstractState.cpp:
2621         (JSC::DFG::AbstractState::mergeStateAtTail):
2622
2623 2012-03-07  Chao-yng Fu  <fu@mips.com>
2624
2625         [Qt] Fix the MIPS/SH4 build after r109834
2626         https://bugs.webkit.org/show_bug.cgi?id=80492
2627
2628         Reviewed by Oliver Hunt.
2629
2630         Implement three-argument branch(Add,Sub)32.
2631
2632         * assembler/MacroAssemblerMIPS.h:
2633         (JSC::MacroAssemblerMIPS::add32):
2634         (MacroAssemblerMIPS):
2635         (JSC::MacroAssemblerMIPS::sub32):
2636         (JSC::MacroAssemblerMIPS::branchAdd32):
2637         (JSC::MacroAssemblerMIPS::branchSub32):
2638
2639 2012-03-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2640
2641         Unreviewed, rolling out r110127.
2642         http://trac.webkit.org/changeset/110127
2643         https://bugs.webkit.org/show_bug.cgi?id=80562
2644
2645         compile failed on AppleWin (Requested by ukai on #webkit).
2646
2647         * heap/Heap.cpp:
2648         (JSC::Heap::collectAllGarbage):
2649         * heap/Heap.h:
2650         (JSC):
2651         (Heap):
2652         * runtime/Executable.cpp:
2653         (JSC::FunctionExecutable::FunctionExecutable):
2654         (JSC::FunctionExecutable::finalize):
2655         * runtime/Executable.h:
2656         (FunctionExecutable):
2657         (JSC::FunctionExecutable::create):
2658         * runtime/JSGlobalData.cpp:
2659         (WTF):
2660         (Recompiler):
2661         (WTF::Recompiler::operator()):
2662         (JSC::JSGlobalData::recompileAllJSFunctions):
2663         (JSC):
2664         * runtime/JSGlobalData.h:
2665         (JSGlobalData):
2666         * runtime/JSGlobalObject.cpp:
2667         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
2668
2669 2012-03-07  Hojong Han  <hojong.han@samsung.com>
2670
2671         The end atom of the marked block considered to filter invalid cells
2672         https://bugs.webkit.org/show_bug.cgi?id=79191
2673
2674         Reviewed by Geoffrey Garen.
2675
2676         Register file could have stale pointers beyond the end atom of marked block.
2677         Those pointers can weasel out of filtering in-middle-of-cell pointer.
2678
2679         * heap/MarkedBlock.h:
2680         (JSC::MarkedBlock::isLiveCell):
2681
2682 2012-03-07  Jessie Berlin  <jberlin@apple.com>
2683
2684         Clean Windows build fails after r110033
2685         https://bugs.webkit.org/show_bug.cgi?id=80553
2686
2687         Rubber-stamped by Jon Honeycutt and Eric Seidel.
2688
2689         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2690         Place the implementation files next to their header files in the wtf/text subdirectory.
2691         Use echo -F to tell xcopy that these are files (since there is apparently no flag).
2692         * JavaScriptCore.vcproj/jsc/jsc.vcproj:
2693         Update the path to those implementation files.
2694         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
2695         Ditto.
2696
2697 2012-03-07  Yuqiang Xian  <yuqiang.xian@intel.com>
2698
2699         Eliminate redundant Phis in DFG
2700         https://bugs.webkit.org/show_bug.cgi?id=80415
2701
2702         Reviewed by Filip Pizlo.
2703
2704         Although this may not have any advantage at current stage, this is towards
2705         minimal SSA to make more high level optimizations (like bug 76770) easier.
2706         We have the choices either to build minimal SSA from scratch or to
2707         keep current simple Phi insertion mechanism and remove the redundancy
2708         in another phase. Currently we choose the latter because the change
2709         could be smaller.
2710
2711         * CMakeLists.txt:
2712         * GNUmakefile.list.am:
2713         * JavaScriptCore.xcodeproj/project.pbxproj:
2714         * Target.pri:
2715         * dfg/DFGDriver.cpp:
2716         (JSC::DFG::compile):
2717         * dfg/DFGGraph.cpp:
2718         (JSC::DFG::Graph::dump):
2719         * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
2720         (DFG):
2721         (RedundantPhiEliminationPhase):
2722         (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
2723         (JSC::DFG::RedundantPhiEliminationPhase::run):
2724         (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
2725         (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
2726         (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
2727         (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
2728         (JSC::DFG::performRedundantPhiElimination):
2729         * dfg/DFGRedundantPhiEliminationPhase.h: Added.
2730         (DFG):
2731
2732 2012-03-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2733
2734         Refactor recompileAllJSFunctions() to be less expensive
2735         https://bugs.webkit.org/show_bug.cgi?id=80330
2736
2737         Reviewed by Geoffrey Garen.
2738
2739         This change is performance neutral on the JS benchmarks we track. It's mostly to improve page 
2740         load performance, which currently does at least a couple full GCs per navigation.
2741
2742         * heap/Heap.cpp:
2743         (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode 
2744         because the function doesn't actually recompile anything (and never did); it simply throws code
2745         away for it to be recompiled later if we determine we should do so.
2746         (JSC):
2747         (JSC::Heap::collectAllGarbage):
2748         (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
2749         (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
2750         * heap/Heap.h:
2751         (JSC):
2752         (Heap):
2753         * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can 
2754         be used in DoublyLinkedLists.
2755         (JSC::FunctionExecutable::FunctionExecutable):
2756         (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
2757         * runtime/Executable.h:
2758         (FunctionExecutable):
2759         (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
2760         * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage 
2761         the list of FunctionExecutables.
2762         * runtime/JSGlobalData.h:
2763         (JSGlobalData):
2764         * runtime/JSGlobalObject.cpp:
2765         (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
2766
2767 2012-03-06  Oliver Hunt  <oliver@apple.com>
2768
2769         Further harden 64-bit JIT
2770         https://bugs.webkit.org/show_bug.cgi?id=80457
2771
2772         Reviewed by Filip Pizlo.
2773
2774         This patch implements blinding for ImmPtr.  Rather than xor based blinding
2775         we perform randomised pointer rotations in order to avoid the significant
2776         cost in executable memory that would otherwise be necessary (and to avoid
2777         the need for an additional scratch register in some cases).
2778
2779         As with the prior blinding patch there's a moderate amount of noise as we
2780         correct the use of ImmPtr vs. TrustedImmPtr.
2781
2782         * assembler/AbstractMacroAssembler.h:
2783         (ImmPtr):
2784         (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
2785         * assembler/MacroAssembler.h:
2786         (MacroAssembler):
2787         (JSC::MacroAssembler::storePtr):
2788         (JSC::MacroAssembler::branchPtr):
2789         (JSC::MacroAssembler::shouldBlind):
2790         (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
2791         (RotatedImmPtr):
2792         (JSC::MacroAssembler::rotationBlindConstant):
2793         (JSC::MacroAssembler::loadRotationBlindedConstant):
2794         (JSC::MacroAssembler::convertInt32ToDouble):
2795         (JSC::MacroAssembler::move):
2796         (JSC::MacroAssembler::poke):
2797         * assembler/MacroAssemblerARMv7.h:
2798         (JSC::MacroAssemblerARMv7::storeDouble):
2799         (JSC::MacroAssemblerARMv7::branchAdd32):
2800         * assembler/MacroAssemblerX86_64.h:
2801         (MacroAssemblerX86_64):
2802         (JSC::MacroAssemblerX86_64::rotateRightPtr):
2803         (JSC::MacroAssemblerX86_64::xorPtr):
2804         * assembler/X86Assembler.h:
2805         (X86Assembler):
2806         (JSC::X86Assembler::xorq_rm):
2807         (JSC::X86Assembler::rorq_i8r):
2808         * dfg/DFGCCallHelpers.h:
2809         (CCallHelpers):
2810         (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2811         * dfg/DFGOSRExitCompiler32_64.cpp:
2812         (JSC::DFG::OSRExitCompiler::compileExit):
2813         * dfg/DFGOSRExitCompiler64.cpp:
2814         (JSC::DFG::OSRExitCompiler::compileExit):
2815         * dfg/DFGSpeculativeJIT.cpp:
2816         (JSC::DFG::SpeculativeJIT::createOSREntries):
2817         * dfg/DFGSpeculativeJIT.h:
2818         (JSC::DFG::SpeculativeJIT::silentFillGPR):
2819         (JSC::DFG::SpeculativeJIT::callOperation):
2820         (JSC::DFG::SpeculativeJIT::emitEdgeCode):
2821         * dfg/DFGSpeculativeJIT32_64.cpp:
2822         (JSC::DFG::SpeculativeJIT::compile):
2823         * dfg/DFGSpeculativeJIT64.cpp:
2824         (JSC::DFG::SpeculativeJIT::fillInteger):
2825         (JSC::DFG::SpeculativeJIT::fillDouble):
2826         (JSC::DFG::SpeculativeJIT::fillJSValue):
2827         (JSC::DFG::SpeculativeJIT::emitCall):
2828         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2829         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2830         (JSC::DFG::SpeculativeJIT::emitBranch):
2831         * jit/JIT.cpp:
2832         (JSC::JIT::emitOptimizationCheck):
2833         * jit/JITArithmetic32_64.cpp:
2834         (JSC::JIT::emitSlow_op_post_inc):
2835         * jit/JITInlineMethods.h:
2836         (JSC::JIT::emitValueProfilingSite):
2837         (JSC::JIT::emitGetVirtualRegister):
2838         * jit/JITOpcodes.cpp:
2839         (JSC::JIT::emit_op_mov):
2840         (JSC::JIT::emit_op_new_object):
2841         (JSC::JIT::emit_op_strcat):
2842         (JSC::JIT::emit_op_ensure_property_exists):
2843         (JSC::JIT::emit_op_resolve_skip):
2844         (JSC::JIT::emitSlow_op_resolve_global):
2845         (JSC::JIT::emit_op_resolve_with_base):
2846         (JSC::JIT::emit_op_resolve_with_this):
2847         (JSC::JIT::emit_op_jmp_scopes):
2848         (JSC::JIT::emit_op_switch_imm):
2849         (JSC::JIT::emit_op_switch_char):
2850         (JSC::JIT::emit_op_switch_string):
2851         (JSC::JIT::emit_op_throw_reference_error):
2852         (JSC::JIT::emit_op_debug):
2853         (JSC::JIT::emitSlow_op_resolve_global_dynamic):
2854         (JSC::JIT::emit_op_new_array):
2855         (JSC::JIT::emitSlow_op_new_array):
2856         (JSC::JIT::emit_op_new_array_buffer):
2857         * jit/JITOpcodes32_64.cpp:
2858         (JSC::JIT::emit_op_new_object):
2859         (JSC::JIT::emit_op_strcat):
2860         (JSC::JIT::emit_op_ensure_property_exists):
2861         (JSC::JIT::emit_op_resolve_skip):
2862         (JSC::JIT::emitSlow_op_resolve_global):
2863         (JSC::JIT::emit_op_resolve_with_base):
2864         (JSC::JIT::emit_op_resolve_with_this):
2865         (JSC::JIT::emit_op_jmp_scopes):
2866         (JSC::JIT::emit_op_switch_imm):
2867         (JSC::JIT::emit_op_switch_char):
2868         (JSC::JIT::emit_op_switch_string):
2869         * jit/JITPropertyAccess32_64.cpp:
2870         (JSC::JIT::emit_op_put_by_index):
2871         * jit/JITStubCall.h:
2872         (JITStubCall):
2873         (JSC::JITStubCall::addArgument):
2874
2875 2012-03-07  Simon Hausmann  <simon.hausmann@nokia.com>
2876
2877         ARM build fix.
2878
2879         Reviewed by Zoltan Herczeg.
2880
2881         Implement three-argument branch(Add,Sub)32.
2882
2883         * assembler/MacroAssemblerARM.h:
2884         (JSC::MacroAssemblerARM::add32):
2885         (MacroAssemblerARM):
2886         (JSC::MacroAssemblerARM::sub32):
2887         (JSC::MacroAssemblerARM::branchAdd32):
2888         (JSC::MacroAssemblerARM::branchSub32):
2889
2890 2012-03-07  Andy Wingo  <wingo@igalia.com>
2891
2892         Parser: Inline ScopeNodeData into ScopeNode
2893         https://bugs.webkit.org/show_bug.cgi?id=79776
2894
2895         Reviewed by Geoffrey Garen.
2896
2897         It used to be that some ScopeNode members were kept in a separate
2898         structure because sometimes they wouldn't be needed, and
2899         allocating a ParserArena was expensive.  This patch makes
2900         ParserArena lazily allocate its IdentifierArena, allowing the
2901         members to be included directly, which is simpler and easier to
2902         reason about.
2903
2904         * parser/ParserArena.cpp:
2905         (JSC::ParserArena::ParserArena):
2906         (JSC::ParserArena::reset):
2907         (JSC::ParserArena::isEmpty):
2908         * parser/ParserArena.h:
2909         (JSC::ParserArena::identifierArena): Lazily allocate the
2910         IdentifierArena.
2911
2912         * parser/Nodes.cpp:
2913         (JSC::ScopeNode::ScopeNode):
2914         (JSC::ScopeNode::singleStatement):
2915         (JSC::ProgramNode::create):
2916         (JSC::EvalNode::create):
2917         (JSC::FunctionBodyNode::create):
2918         * parser/Nodes.h:
2919         (JSC::ScopeNode::destroyData):
2920         (JSC::ScopeNode::needsActivationForMoreThanVariables):
2921         (JSC::ScopeNode::needsActivation):
2922         (JSC::ScopeNode::hasCapturedVariables):
2923         (JSC::ScopeNode::capturedVariableCount):
2924         (JSC::ScopeNode::captures):
2925         (JSC::ScopeNode::varStack):
2926         (JSC::ScopeNode::functionStack):
2927         (JSC::ScopeNode::neededConstants):
2928         (ScopeNode):
2929         * bytecompiler/NodesCodegen.cpp:
2930         (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
2931         into ScopeNode.  Adapt accessors.
2932
2933 2012-03-06  Eric Seidel  <eric@webkit.org>
2934
2935         Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
2936         https://bugs.webkit.org/show_bug.cgi?id=80363
2937
2938         Reviewed by Mark Rowe.
2939
2940         Historically WTF has been part of JavaScriptCore, and on Mac and Windows
2941         its headers have appeared as part of the "private" headers exported by
2942         JavaScriptCore.  All of the WTF headers there are "flattened" into a single
2943         private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
2944         to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
2945
2946         However, very soon, we are moving the WTF source code out of JavaScriptCore into its
2947         own directory and project.  As part of such, the WTF headers will no longer be part of
2948         the JavaScriptCore private interfaces.
2949         In preparation for that, this change makes both the Mac and Win builds export
2950         WTF headers in a non-flattened manner.  On Mac, that means into usr/local/include/wtf
2951         (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
2952
2953         There are 5 parts to this change.
2954         1.  Updates the JavaScriptCore XCode and VCProj files to actually install these headers
2955             (and header directories) into the appropriate places in the build directory.
2956         2.  Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
2957             (WebCore, WebKit, etc. had already been taught to look in previous patches).
2958         3.  Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
2959             using fully qualified paths.
2960         4.  Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
2961         5.  Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
2962
2963         Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
2964         It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
2965         headers, those will have to be updated to use <wtf/Foo.h> after this change.
2966         I've discussed this proposed change at length with Mark Rowe, and my understanding is they
2967         are ready for (and interested in) this change happening.
2968
2969         * API/tests/JSNode.c:
2970         * API/tests/JSNodeList.c:
2971         * Configurations/Base.xcconfig:
2972         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2973         * JavaScriptCore.xcodeproj/project.pbxproj:
2974         * assembler/MacroAssemblerCodeRef.h:
2975         * bytecompiler/BytecodeGenerator.h:
2976         * dfg/DFGOperations.cpp:
2977         * heap/GCAssertions.h:
2978         * heap/HandleHeap.h:
2979         * heap/HandleStack.h:
2980         * heap/MarkedSpace.h:
2981         * heap/PassWeak.h:
2982         * heap/Strong.h:
2983         * heap/Weak.h:
2984         * jit/HostCallReturnValue.cpp:
2985         * jit/JIT.cpp:
2986         * jit/JITStubs.cpp:
2987         * jit/ThunkGenerators.cpp:
2988         * parser/Lexer.cpp:
2989         * runtime/Completion.cpp:
2990         * runtime/Executable.cpp:
2991         * runtime/Identifier.h:
2992         * runtime/InitializeThreading.cpp:
2993         * runtime/JSDateMath.cpp:
2994         * runtime/JSGlobalObjectFunctions.cpp:
2995         * runtime/JSStringBuilder.h:
2996         * runtime/JSVariableObject.h:
2997         * runtime/NumberPrototype.cpp:
2998         * runtime/WriteBarrier.h:
2999         * tools/CodeProfile.cpp:
3000         * tools/TieredMMapArray.h:
3001         * wtf/AVLTree.h:
3002         * wtf/Alignment.h:
3003         * wtf/AlwaysInline.h:
3004         * wtf/ArrayBufferView.h:
3005         * wtf/Assertions.h:
3006         * wtf/Atomics.h:
3007         * wtf/Bitmap.h:
3008         * wtf/BoundsCheckedPointer.h:
3009         * wtf/CheckedArithmetic.h:
3010         * wtf/Deque.h:
3011         * wtf/ExportMacros.h:
3012         * wtf/FastAllocBase.h:
3013         * wtf/FastMalloc.h:
3014         * wtf/Float32Array.h:
3015         * wtf/Float64Array.h:
3016         * wtf/Functional.h:
3017         * wtf/HashCountedSet.h:
3018         * wtf/HashFunctions.h:
3019         * wtf/HashMap.h:
3020         * wtf/HashSet.h:
3021         * wtf/HashTable.h:
3022         * wtf/HashTraits.h:
3023         * wtf/Int16Array.h:
3024         * wtf/Int32Array.h:
3025         * wtf/Int8Array.h:
3026         * wtf/IntegralTypedArrayBase.h:
3027         * wtf/ListHashSet.h:
3028         * wtf/MainThread.h:
3029         * wtf/MetaAllocator.h:
3030         * wtf/Noncopyable.h:
3031         * wtf/OwnArrayPtr.h:
3032         * wtf/OwnPtr.h:
3033         * wtf/PackedIntVector.h:
3034         * wtf/ParallelJobs.h:
3035         * wtf/PassOwnArrayPtr.h:
3036         * wtf/PassOwnPtr.h:
3037         * wtf/PassRefPtr.h:
3038         * wtf/PassTraits.h:
3039         * wtf/Platform.h:
3040         * wtf/PossiblyNull.h:
3041         * wtf/RefCounted.h:
3042         * wtf/RefCountedLeakCounter.h:
3043         * wtf/RefPtr.h:
3044         * wtf/RetainPtr.h:
3045         * wtf/SimpleStats.h:
3046         * wtf/Spectrum.h:
3047         * wtf/StdLibExtras.h:
3048         * wtf/TCPageMap.h:
3049         * wtf/TemporaryChange.h:
3050         * wtf/ThreadSafeRefCounted.h:
3051         * wtf/Threading.h:
3052         * wtf/ThreadingPrimitives.h:
3053         * wtf/TypeTraits.h:
3054         * wtf/TypedArrayBase.h:
3055         * wtf/Uint16Array.h:
3056         * wtf/Uint32Array.h:
3057         * wtf/Uint8Array.h:
3058         * wtf/Uint8ClampedArray.h:
3059         * wtf/UnusedParam.h:
3060         * wtf/Vector.h:
3061         * wtf/VectorTraits.h:
3062         * wtf/dtoa/double-conversion.h:
3063         * wtf/dtoa/utils.h:
3064         * wtf/gobject/GRefPtr.h:
3065         * wtf/gobject/GlibUtilities.h:
3066         * wtf/text/AtomicString.h:
3067         * wtf/text/AtomicStringImpl.h:
3068         * wtf/text/CString.h:
3069         * wtf/text/StringConcatenate.h:
3070         * wtf/text/StringHash.h:
3071         * wtf/text/WTFString.h:
3072         * wtf/unicode/CharacterNames.h:
3073         * wtf/unicode/UTF8.h:
3074         * wtf/unicode/glib/UnicodeGLib.h:
3075         * wtf/unicode/qt4/UnicodeQt4.h:
3076         * wtf/unicode/wince/UnicodeWinCE.h:
3077         * wtf/url/api/ParsedURL.h:
3078         * wtf/url/api/URLString.h:
3079         * wtf/wince/FastMallocWinCE.h:
3080         * yarr/YarrJIT.cpp:
3081
3082 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3083
3084         Array.prototype functions should throw if delete fails
3085         https://bugs.webkit.org/show_bug.cgi?id=80467
3086
3087         Reviewed by Oliver Hunt.
3088
3089         All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
3090         In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
3091         in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
3092         one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
3093         routines, for handling arrays with holes. These three copies should be unified.
3094
3095         * runtime/ArrayPrototype.cpp:
3096         (JSC::shift):
3097         (JSC::unshift):
3098             - Added - shared copies of the shift/unshift functionality.
3099         (JSC::arrayProtoFuncPop):
3100             - should throw if the delete fails.
3101         (JSC::arrayProtoFuncReverse):
3102             - should throw if the delete fails.
3103         (JSC::arrayProtoFuncShift):
3104         (JSC::arrayProtoFuncSplice):
3105         (JSC::arrayProtoFuncUnShift):
3106             - use shift/unshift.
3107         * runtime/JSArray.cpp:
3108         (JSC::JSArray::shiftCount):
3109         (JSC::JSArray::unshiftCount):
3110             - Don't try to handle arrays with holes; return a value indicating
3111               the generic routine should be used instead.
3112         * runtime/JSArray.h:
3113             - declaration for shiftCount/unshiftCount changed.
3114         * tests/mozilla/js1_6/Array/regress-304828.js:
3115             - this was asserting incorrect behaviour.
3116
3117 2012-03-06  Raphael Kubo da Costa  <kubo@profusion.mobi>
3118
3119         [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
3120         https://bugs.webkit.org/show_bug.cgi?id=80469
3121
3122         Reviewed by Antonio Gomes.
3123
3124         * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
3125         property on the library being created.
3126
3127 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
3128
3129         DFG BasicBlock should group the Phi nodes together and separate them
3130         from the other nodes
3131         https://bugs.webkit.org/show_bug.cgi?id=80361
3132
3133         Reviewed by Filip Pizlo.
3134
3135         This would make it more efficient to remove the redundant Phi nodes or
3136         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
3137         This is performance neutral on SunSpider, V8 and Kraken.
3138
3139         * dfg/DFGAbstractState.cpp:
3140         (JSC::DFG::AbstractState::clobberStructures):
3141         (JSC::DFG::AbstractState::dump):
3142         * dfg/DFGBasicBlock.h:
3143         (JSC::DFG::BasicBlock::BasicBlock):
3144         (BasicBlock):
3145         * dfg/DFGByteCodeParser.cpp:
3146         (JSC::DFG::ByteCodeParser::addToGraph):
3147         (JSC::DFG::ByteCodeParser::insertPhiNode):
3148         * dfg/DFGCFAPhase.cpp:
3149         (JSC::DFG::CFAPhase::performBlockCFA):
3150         * dfg/DFGCSEPhase.cpp:
3151         (JSC::DFG::CSEPhase::pureCSE):
3152         (JSC::DFG::CSEPhase::impureCSE):
3153         (JSC::DFG::CSEPhase::globalVarLoadElimination):
3154         (JSC::DFG::CSEPhase::getByValLoadElimination):
3155         (JSC::DFG::CSEPhase::checkFunctionElimination):
3156         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
3157         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
3158         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
3159         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
3160         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
3161         (JSC::DFG::CSEPhase::performBlockCSE):
3162         * dfg/DFGGraph.cpp:
3163         (JSC::DFG::Graph::dump):
3164         * dfg/DFGSpeculativeJIT.cpp:
3165         (JSC::DFG::SpeculativeJIT::compile):
3166
3167 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3168
3169         GCActivityCallback timer should vary with the length of the previous GC
3170         https://bugs.webkit.org/show_bug.cgi?id=80344
3171
3172         Reviewed by Geoffrey Garen.
3173
3174         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
3175         GC length so that the GC Activity Callback can use it.
3176         (JSC::Heap::Heap):
3177         (JSC::Heap::collect):
3178         * heap/Heap.h:
3179         (JSC::Heap::lastGCLength):
3180         (Heap):
3181         * runtime/GCActivityCallbackCF.cpp:
3182         (JSC):
3183         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
3184         GC to determine the length of our timer trigger (currently set at 100x the duration 
3185         of the last GC).
3186
3187 2012-03-06  Rob Buis  <rbuis@rim.com>
3188
3189         BlackBerry] Fix cast-align gcc warnings when compiling JSC
3190         https://bugs.webkit.org/show_bug.cgi?id=80420
3191
3192         Reviewed by Gavin Barraclough.
3193
3194         Fix warnings given in Blackberry build.
3195
3196         * heap/CopiedBlock.h:
3197         (JSC::CopiedBlock::CopiedBlock):
3198         * wtf/RefCountedArray.h:
3199         (WTF::RefCountedArray::Header::fromPayload):
3200
3201 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
3202
3203         writable/configurable not respected for some properties of Function/String/Arguments
3204         https://bugs.webkit.org/show_bug.cgi?id=80436
3205
3206         Reviewed by Oliver Hunt.
3207
3208         Special properties should behave like regular properties.
3209
3210         * runtime/Arguments.cpp:
3211         (JSC::Arguments::defineOwnProperty):
3212             - Mis-nested logic for making read-only properties non-live.
3213         * runtime/JSFunction.cpp:
3214         (JSC::JSFunction::put):
3215             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3216         (JSC::JSFunction::deleteProperty):
3217             - Attempting to delete prototype/caller should fail.
3218         (JSC::JSFunction::defineOwnProperty):
3219             - Ensure prototype is reified on attempt to reify it.
3220             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
3221         * runtime/JSFunction.h:
3222             - added declaration for defineOwnProperty.
3223         (JSFunction):
3224         * runtime/StringObject.cpp:
3225         (JSC::StringObject::put):
3226             - length is non-writable, non-configurable - reject appropriately.
3227
3228 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
3229
3230         TypedArray subarray call for subarray does not clamp the end index parameter properly
3231         https://bugs.webkit.org/show_bug.cgi?id=80285
3232
3233         Reviewed by Kenneth Russell.
3234
3235         * wtf/ArrayBufferView.h:
3236         (WTF::ArrayBufferView::calculateOffsetAndLength):
3237
3238 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
3239
3240         Unreviewed, rolling out r109837.
3241         http://trac.webkit.org/changeset/109837
3242         https://bugs.webkit.org/show_bug.cgi?id=80399
3243
3244         breaks Mac Productions builds, too late to try and fix it
3245         tonight (Requested by eseidel on #webkit).
3246
3247         * API/tests/JSNode.c:
3248         * API/tests/JSNodeList.c:
3249         * Configurations/Base.xcconfig:
3250         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3251         * JavaScriptCore.xcodeproj/project.pbxproj:
3252         * assembler/MacroAssemblerCodeRef.h:
3253         * bytecompiler/BytecodeGenerator.h:
3254         * dfg/DFGOperations.cpp:
3255         * heap/GCAssertions.h:
3256         * heap/HandleHeap.h:
3257         * heap/HandleStack.h:
3258         * heap/MarkedSpace.h:
3259         * heap/PassWeak.h:
3260         * heap/Strong.h:
3261         * heap/Weak.h:
3262         * jit/HostCallReturnValue.cpp:
3263         * jit/JIT.cpp:
3264         * jit/JITStubs.cpp:
3265         * jit/ThunkGenerators.cpp:
3266         * parser/Lexer.cpp:
3267         * runtime/Completion.cpp:
3268         * runtime/Executable.cpp:
3269         * runtime/Identifier.h:
3270         * runtime/InitializeThreading.cpp:
3271         * runtime/JSDateMath.cpp:
3272         * runtime/JSGlobalObjectFunctions.cpp:
3273         * runtime/JSStringBuilder.h:
3274         * runtime/JSVariableObject.h:
3275         * runtime/NumberPrototype.cpp:
3276         * runtime/WriteBarrier.h:
3277         * tools/CodeProfile.cpp:
3278         * tools/TieredMMapArray.h:
3279         * yarr/YarrJIT.cpp:
3280
3281 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
3282
3283         [Qt][ARM] Speculative buildfix after r109834.
3284
3285         Reviewed by Csaba Osztrogonác.
3286
3287         * assembler/MacroAssemblerARM.h:
3288         (JSC::MacroAssemblerARM::and32):
3289         (MacroAssemblerARM):
3290
3291 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3292
3293         Unreviewed windows build fix pt 2.
3294
3295         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3296
3297 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3298
3299         Unreviewed windows build fix pt 1.
3300
3301         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3302
3303 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
3304
3305         putByIndex should throw in strict mode
3306         https://bugs.webkit.org/show_bug.cgi?id=80335
3307
3308         Reviewed by Filip Pizlo.
3309
3310         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
3311
3312         This is a largely mechanical change, simply adding an extra parameter to a number
3313         of functions. Some call sites need perform additional exception checks, and
3314         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
3315
3316         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
3317         an existing bug), I'll follow up with a third patch to handle that.
3318
3319         * API/JSObjectRef.cpp:
3320         (JSObjectSetPropertyAtIndex):
3321         * JSCTypedArrayStubs.h:
3322         (JSC):
3323         * dfg/DFGOperations.cpp:
3324         (JSC::DFG::putByVal):
3325         * dfg/DFGOperations.h:
3326         * dfg/DFGSpeculativeJIT32_64.cpp:
3327         (JSC::DFG::SpeculativeJIT::compile):
3328         * dfg/DFGSpeculativeJIT64.cpp:
3329         (JSC::DFG::SpeculativeJIT::compile):
3330         * interpreter/Interpreter.cpp:
3331         (JSC::Interpreter::privateExecute):
3332         * jit/JITStubs.cpp:
3333         (JSC::DEFINE_STUB_FUNCTION):
3334         * jsc.cpp:
3335         (GlobalObject::finishCreation):
3336         * llint/LLIntSlowPaths.cpp:
3337         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3338         * runtime/Arguments.cpp:
3339         (JSC::Arguments::putByIndex):
3340         * runtime/Arguments.h:
3341         (Arguments):
3342         * runtime/ArrayPrototype.cpp:
3343         (JSC::arrayProtoFuncPush):
3344         (JSC::arrayProtoFuncReverse):
3345         (JSC::arrayProtoFuncShift):
3346         (JSC::arrayProtoFuncSort):
3347         (JSC::arrayProtoFuncSplice):
3348         (JSC::arrayProtoFuncUnShift):
3349         * runtime/ClassInfo.h:
3350         (MethodTable):
3351         * runtime/JSArray.cpp:
3352         (JSC::SparseArrayValueMap::put):
3353         (JSC::JSArray::put):
3354         (JSC::JSArray::putByIndex):
3355         (JSC::JSArray::putByIndexBeyondVectorLength):
3356         (JSC::JSArray::push):
3357         (JSC::JSArray::shiftCount):
3358         (JSC::JSArray::unshiftCount):
3359         * runtime/JSArray.h:
3360         (SparseArrayValueMap):
3361         (JSArray):
3362         * runtime/JSByteArray.cpp:
3363         (JSC::JSByteArray::putByIndex):
3364         * runtime/JSByteArray.h:
3365         (JSByteArray):
3366         * runtime/JSCell.cpp:
3367         (JSC::JSCell::putByIndex):
3368         * runtime/JSCell.h:
3369         (JSCell):
3370         * runtime/JSNotAnObject.cpp:
3371         (JSC::JSNotAnObject::putByIndex):
3372         * runtime/JSNotAnObject.h:
3373         (JSNotAnObject):
3374         * runtime/JSONObject.cpp:
3375         (JSC::Walker::walk):
3376         * runtime/JSObject.cpp:
3377         (JSC::JSObject::putByIndex):
3378         * runtime/JSObject.h:
3379         (JSC::JSValue::putByIndex):
3380         * runtime/RegExpConstructor.cpp:
3381         (JSC::RegExpMatchesArray::fillArrayInstance):
3382         * runtime/RegExpMatchesArray.h:
3383         (JSC::RegExpMatchesArray::putByIndex):
3384         * runtime/StringPrototype.cpp:
3385         (JSC::stringProtoFuncSplit):
3386
3387 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
3388
3389         PredictNone is incorrectly treated as isDoublePrediction
3390         https://bugs.webkit.org/show_bug.cgi?id=80365
3391
3392         Reviewed by Filip Pizlo.
3393
3394         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
3395
3396         * bytecode/PredictedType.h:
3397         (JSC::isFixedIndexedStorageObjectPrediction):
3398         (JSC::isDoublePrediction):
3399
3400 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
3401
3402         The LLInt should work even when the JIT is disabled
3403         https://bugs.webkit.org/show_bug.cgi?id=80340
3404         <rdar://problem/10922235>
3405
3406         Reviewed by Gavin Barraclough.
3407
3408         * assembler/MacroAssemblerCodeRef.h:
3409         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
3410         (MacroAssemblerCodeRef):
3411         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
3412         * interpreter/Interpreter.cpp:
3413         (JSC::Interpreter::initialize):
3414         (JSC::Interpreter::execute):
3415         (JSC::Interpreter::executeCall):
3416         (JSC::Interpreter::executeConstruct):
3417         * jit/JIT.h:
3418         (JSC::JIT::compileCTINativeCall):
3419         * jit/JITStubs.h:
3420         (JSC::JITThunks::ctiNativeCall):
3421         (JSC::JITThunks::ctiNativeConstruct):
3422         * llint/LLIntEntrypoints.cpp:
3423         (JSC::LLInt::getFunctionEntrypoint):
3424         (JSC::LLInt::getEvalEntrypoint):
3425         (JSC::LLInt::getProgramEntrypoint):
3426         * llint/LLIntSlowPaths.cpp:
3427         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3428         (LLInt):
3429         * llint/LLIntSlowPaths.h:
3430         (LLInt):
3431         * llint/LowLevelInterpreter.h:
3432         * llint/LowLevelInterpreter32_64.asm:
3433        &n