ed0c4176038e8c7232f2543da3adac6844f3db72
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2012-03-06  Yuqiang Xian  <yuqiang.xian@intel.com>
2
3         DFG BasicBlock should group the Phi nodes together and separate them
4         from the other nodes
5         https://bugs.webkit.org/show_bug.cgi?id=80361
6
7         Reviewed by Filip Pizlo.
8
9         This would make it more efficient to remove the redundant Phi nodes or
10         insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
11         This is performance neutral on SunSpider, V8 and Kraken.
12
13         * dfg/DFGAbstractState.cpp:
14         (JSC::DFG::AbstractState::clobberStructures):
15         (JSC::DFG::AbstractState::dump):
16         * dfg/DFGBasicBlock.h:
17         (JSC::DFG::BasicBlock::BasicBlock):
18         (BasicBlock):
19         * dfg/DFGByteCodeParser.cpp:
20         (JSC::DFG::ByteCodeParser::addToGraph):
21         (JSC::DFG::ByteCodeParser::insertPhiNode):
22         * dfg/DFGCFAPhase.cpp:
23         (JSC::DFG::CFAPhase::performBlockCFA):
24         * dfg/DFGCSEPhase.cpp:
25         (JSC::DFG::CSEPhase::pureCSE):
26         (JSC::DFG::CSEPhase::impureCSE):
27         (JSC::DFG::CSEPhase::globalVarLoadElimination):
28         (JSC::DFG::CSEPhase::getByValLoadElimination):
29         (JSC::DFG::CSEPhase::checkFunctionElimination):
30         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
31         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
32         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
33         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
34         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
35         (JSC::DFG::CSEPhase::performBlockCSE):
36         * dfg/DFGGraph.cpp:
37         (JSC::DFG::Graph::dump):
38         * dfg/DFGSpeculativeJIT.cpp:
39         (JSC::DFG::SpeculativeJIT::compile):
40
41 2012-03-06  Mark Hahnenberg  <mhahnenberg@apple.com>
42
43         GCActivityCallback timer should vary with the length of the previous GC
44         https://bugs.webkit.org/show_bug.cgi?id=80344
45
46         Reviewed by Geoffrey Garen.
47
48         * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last 
49         GC length so that the GC Activity Callback can use it.
50         (JSC::Heap::Heap):
51         (JSC::Heap::collect):
52         * heap/Heap.h:
53         (JSC::Heap::lastGCLength):
54         (Heap):
55         * runtime/GCActivityCallbackCF.cpp:
56         (JSC):
57         (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last 
58         GC to determine the length of our timer trigger (currently set at 100x the duration 
59         of the last GC).
60
61 2012-03-06  Rob Buis  <rbuis@rim.com>
62
63         BlackBerry] Fix cast-align gcc warnings when compiling JSC
64         https://bugs.webkit.org/show_bug.cgi?id=80420
65
66         Reviewed by Gavin Barraclough.
67
68         Fix warnings given in Blackberry build.
69
70         * heap/CopiedBlock.h:
71         (JSC::CopiedBlock::CopiedBlock):
72         * wtf/RefCountedArray.h:
73         (WTF::RefCountedArray::Header::fromPayload):
74
75 2012-03-06  Gavin Barraclough  <barraclough@apple.com>
76
77         writable/configurable not respected for some properties of Function/String/Arguments
78         https://bugs.webkit.org/show_bug.cgi?id=80436
79
80         Reviewed by Oliver Hunt.
81
82         Special properties should behave like regular properties.
83
84         * runtime/Arguments.cpp:
85         (JSC::Arguments::defineOwnProperty):
86             - Mis-nested logic for making read-only properties non-live.
87         * runtime/JSFunction.cpp:
88         (JSC::JSFunction::put):
89             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
90         (JSC::JSFunction::deleteProperty):
91             - Attempting to delete prototype/caller should fail.
92         (JSC::JSFunction::defineOwnProperty):
93             - Ensure prototype is reified on attempt to reify it.
94             - arguments/length/caller are non-writable, non-configurable - reject appropriately.
95         * runtime/JSFunction.h:
96             - added declaration for defineOwnProperty.
97         (JSFunction):
98         * runtime/StringObject.cpp:
99         (JSC::StringObject::put):
100             - length is non-writable, non-configurable - reject appropriately.
101
102 2012-03-06  Ulan Degenbaev  <ulan@chromium.org>
103
104         TypedArray subarray call for subarray does not clamp the end index parameter properly
105         https://bugs.webkit.org/show_bug.cgi?id=80285
106
107         Reviewed by Kenneth Russell.
108
109         * wtf/ArrayBufferView.h:
110         (WTF::ArrayBufferView::calculateOffsetAndLength):
111
112 2012-03-06  Sheriff Bot  <webkit.review.bot@gmail.com>
113
114         Unreviewed, rolling out r109837.
115         http://trac.webkit.org/changeset/109837
116         https://bugs.webkit.org/show_bug.cgi?id=80399
117
118         breaks Mac Productions builds, too late to try and fix it
119         tonight (Requested by eseidel on #webkit).
120
121         * API/tests/JSNode.c:
122         * API/tests/JSNodeList.c:
123         * Configurations/Base.xcconfig:
124         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
125         * JavaScriptCore.xcodeproj/project.pbxproj:
126         * assembler/MacroAssemblerCodeRef.h:
127         * bytecompiler/BytecodeGenerator.h:
128         * dfg/DFGOperations.cpp:
129         * heap/GCAssertions.h:
130         * heap/HandleHeap.h:
131         * heap/HandleStack.h:
132         * heap/MarkedSpace.h:
133         * heap/PassWeak.h:
134         * heap/Strong.h:
135         * heap/Weak.h:
136         * jit/HostCallReturnValue.cpp:
137         * jit/JIT.cpp:
138         * jit/JITStubs.cpp:
139         * jit/ThunkGenerators.cpp:
140         * parser/Lexer.cpp:
141         * runtime/Completion.cpp:
142         * runtime/Executable.cpp:
143         * runtime/Identifier.h:
144         * runtime/InitializeThreading.cpp:
145         * runtime/JSDateMath.cpp:
146         * runtime/JSGlobalObjectFunctions.cpp:
147         * runtime/JSStringBuilder.h:
148         * runtime/JSVariableObject.h:
149         * runtime/NumberPrototype.cpp:
150         * runtime/WriteBarrier.h:
151         * tools/CodeProfile.cpp:
152         * tools/TieredMMapArray.h:
153         * yarr/YarrJIT.cpp:
154
155 2012-03-06  Zoltan Herczeg  <zherczeg@webkit.org>
156
157         [Qt][ARM] Speculative buildfix after r109834.
158
159         Reviewed by Csaba Osztrogonác.
160
161         * assembler/MacroAssemblerARM.h:
162         (JSC::MacroAssemblerARM::and32):
163         (MacroAssemblerARM):
164
165 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
166
167         Unreviewed windows build fix pt 2.
168
169         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
170
171 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
172
173         Unreviewed windows build fix pt 1.
174
175         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
176
177 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
178
179         putByIndex should throw in strict mode
180         https://bugs.webkit.org/show_bug.cgi?id=80335
181
182         Reviewed by Filip Pizlo.
183
184         Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
185
186         This is a largely mechanical change, simply adding an extra parameter to a number
187         of functions. Some call sites need perform additional exception checks, and
188         operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
189
190         This patch doesn't fix a missing throw from some cases of shift/unshift (this is
191         an existing bug), I'll follow up with a third patch to handle that.
192
193         * API/JSObjectRef.cpp:
194         (JSObjectSetPropertyAtIndex):
195         * JSCTypedArrayStubs.h:
196         (JSC):
197         * dfg/DFGOperations.cpp:
198         (JSC::DFG::putByVal):
199         * dfg/DFGOperations.h:
200         * dfg/DFGSpeculativeJIT32_64.cpp:
201         (JSC::DFG::SpeculativeJIT::compile):
202         * dfg/DFGSpeculativeJIT64.cpp:
203         (JSC::DFG::SpeculativeJIT::compile):
204         * interpreter/Interpreter.cpp:
205         (JSC::Interpreter::privateExecute):
206         * jit/JITStubs.cpp:
207         (JSC::DEFINE_STUB_FUNCTION):
208         * jsc.cpp:
209         (GlobalObject::finishCreation):
210         * llint/LLIntSlowPaths.cpp:
211         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
212         * runtime/Arguments.cpp:
213         (JSC::Arguments::putByIndex):
214         * runtime/Arguments.h:
215         (Arguments):
216         * runtime/ArrayPrototype.cpp:
217         (JSC::arrayProtoFuncPush):
218         (JSC::arrayProtoFuncReverse):
219         (JSC::arrayProtoFuncShift):
220         (JSC::arrayProtoFuncSort):
221         (JSC::arrayProtoFuncSplice):
222         (JSC::arrayProtoFuncUnShift):
223         * runtime/ClassInfo.h:
224         (MethodTable):
225         * runtime/JSArray.cpp:
226         (JSC::SparseArrayValueMap::put):
227         (JSC::JSArray::put):
228         (JSC::JSArray::putByIndex):
229         (JSC::JSArray::putByIndexBeyondVectorLength):
230         (JSC::JSArray::push):
231         (JSC::JSArray::shiftCount):
232         (JSC::JSArray::unshiftCount):
233         * runtime/JSArray.h:
234         (SparseArrayValueMap):
235         (JSArray):
236         * runtime/JSByteArray.cpp:
237         (JSC::JSByteArray::putByIndex):
238         * runtime/JSByteArray.h:
239         (JSByteArray):
240         * runtime/JSCell.cpp:
241         (JSC::JSCell::putByIndex):
242         * runtime/JSCell.h:
243         (JSCell):
244         * runtime/JSNotAnObject.cpp:
245         (JSC::JSNotAnObject::putByIndex):
246         * runtime/JSNotAnObject.h:
247         (JSNotAnObject):
248         * runtime/JSONObject.cpp:
249         (JSC::Walker::walk):
250         * runtime/JSObject.cpp:
251         (JSC::JSObject::putByIndex):
252         * runtime/JSObject.h:
253         (JSC::JSValue::putByIndex):
254         * runtime/RegExpConstructor.cpp:
255         (JSC::RegExpMatchesArray::fillArrayInstance):
256         * runtime/RegExpMatchesArray.h:
257         (JSC::RegExpMatchesArray::putByIndex):
258         * runtime/StringPrototype.cpp:
259         (JSC::stringProtoFuncSplit):
260
261 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
262
263         PredictNone is incorrectly treated as isDoublePrediction
264         https://bugs.webkit.org/show_bug.cgi?id=80365
265
266         Reviewed by Filip Pizlo.
267
268         Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
269
270         * bytecode/PredictedType.h:
271         (JSC::isFixedIndexedStorageObjectPrediction):
272         (JSC::isDoublePrediction):
273
274 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
275
276         The LLInt should work even when the JIT is disabled
277         https://bugs.webkit.org/show_bug.cgi?id=80340
278         <rdar://problem/10922235>
279
280         Reviewed by Gavin Barraclough.
281
282         * assembler/MacroAssemblerCodeRef.h:
283         (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
284         (MacroAssemblerCodeRef):
285         (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
286         * interpreter/Interpreter.cpp:
287         (JSC::Interpreter::initialize):
288         (JSC::Interpreter::execute):
289         (JSC::Interpreter::executeCall):
290         (JSC::Interpreter::executeConstruct):
291         * jit/JIT.h:
292         (JSC::JIT::compileCTINativeCall):
293         * jit/JITStubs.h:
294         (JSC::JITThunks::ctiNativeCall):
295         (JSC::JITThunks::ctiNativeConstruct):
296         * llint/LLIntEntrypoints.cpp:
297         (JSC::LLInt::getFunctionEntrypoint):
298         (JSC::LLInt::getEvalEntrypoint):
299         (JSC::LLInt::getProgramEntrypoint):
300         * llint/LLIntSlowPaths.cpp:
301         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
302         (LLInt):
303         * llint/LLIntSlowPaths.h:
304         (LLInt):
305         * llint/LowLevelInterpreter.h:
306         * llint/LowLevelInterpreter32_64.asm:
307         * runtime/Executable.h:
308         (NativeExecutable):
309         (JSC::NativeExecutable::create):
310         (JSC::NativeExecutable::finishCreation):
311         * runtime/JSGlobalData.cpp:
312         (JSC::JSGlobalData::JSGlobalData):
313         * runtime/JSGlobalData.h:
314         (JSGlobalData):
315         * runtime/Options.cpp:
316         (Options):
317         (JSC::Options::parse):
318         (JSC::Options::initializeOptions):
319         * runtime/Options.h:
320         (Options):
321         * wtf/Platform.h:
322
323 2012-03-05  Yuqiang Xian  <yuqiang.xian@intel.com>
324
325         Checks for dead variables are not sufficient when fixing the expected
326         values in DFG OSR entry
327         https://bugs.webkit.org/show_bug.cgi?id=80371
328
329         Reviewed by Filip Pizlo.
330
331         A dead variable should be identified when there's no node referencing it.
332         But we currently failed to catch the case where there are some nodes
333         referencing a variable but those nodes are actually not referenced by
334         others so will be ignored in code generation. In such case we should
335         also consider that variable to be a dead variable in the block and fix
336         the expected values.
337         This is performance neutral on SunSpider, V8 and Kraken.
338
339         * dfg/DFGJITCompiler.h:
340         (JSC::DFG::JITCompiler::noticeOSREntry):
341
342 2012-03-05  Oliver Hunt  <oliver@apple.com>
343
344         Fix Qt build.
345
346         * assembler/AbstractMacroAssembler.h:
347         * assembler/MacroAssembler.h:
348         (MacroAssembler):
349         * dfg/DFGSpeculativeJIT.cpp:
350         (JSC::DFG::SpeculativeJIT::compileArithSub):
351         * jit/JITArithmetic32_64.cpp:
352         (JSC::JIT::emitSub32Constant):
353
354 2012-03-05  Eric Seidel  <eric@webkit.org>
355
356         Update JavaScriptCore files to use fully-qualified WTF include paths
357         https://bugs.webkit.org/show_bug.cgi?id=79960
358
359         Reviewed by Adam Barth.
360
361         This change does 5 small/related things:
362          1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
363             (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
364             was not installing headers there.)
365          2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
366             header search path, as that's where the WTF headers will be installed.
367          3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
368             in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
369          4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
370             since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
371          5. Makes build-webkit build the WTF XCode project by default.
372
373         * API/tests/JSNode.c:
374         * API/tests/JSNodeList.c:
375         * Configurations/Base.xcconfig:
376         * assembler/MacroAssemblerCodeRef.h:
377         * bytecompiler/BytecodeGenerator.h:
378         * dfg/DFGOperations.cpp:
379         * heap/GCAssertions.h:
380         * heap/HandleHeap.h:
381         * heap/HandleStack.h:
382         * heap/MarkedSpace.h:
383         * heap/PassWeak.h:
384         * heap/Strong.h:
385         * heap/Weak.h:
386         * jit/HostCallReturnValue.cpp:
387         * jit/JIT.cpp:
388         * jit/JITStubs.cpp:
389         * jit/ThunkGenerators.cpp:
390         * parser/Lexer.cpp:
391         * runtime/Completion.cpp:
392         * runtime/Executable.cpp:
393         * runtime/Identifier.h:
394         * runtime/InitializeThreading.cpp:
395         * runtime/JSDateMath.cpp:
396         * runtime/JSGlobalObjectFunctions.cpp:
397         * runtime/JSStringBuilder.h:
398         * runtime/JSVariableObject.h:
399         * runtime/NumberPrototype.cpp:
400         * runtime/WriteBarrier.h:
401         * tools/CodeProfile.cpp:
402         * tools/TieredMMapArray.h:
403         * yarr/YarrJIT.cpp:
404
405 2012-03-05  Oliver Hunt  <oliver@apple.com>
406
407         Add basic support for constant blinding to the JIT
408         https://bugs.webkit.org/show_bug.cgi?id=80354
409
410         Reviewed by Filip Pizlo.
411
412         This patch adds basic constant blinding support to the JIT, at the
413         MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
414         get constant blinding.  Woo!
415
416         This patch only introduces blinding for Imm32, a later patch will do similar
417         for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
418         impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
419         accessor that's needed to access the actual value.  This also means you cannot
420         accidentally pass an untrusted value to a function that does not perform
421         blinding.
422
423         To make everything work sensibly, this patch also corrects some code that was using
424         Imm32 when TrustedImm32 could be used, and refactors a few callers that use
425         untrusted immediates, so that they call slightly different varaints of the functions
426         that they used previously.  This is largely necessary to deal with x86-32 not having
427         sufficient registers to handle the additional work required when we choose to blind
428         a constant.
429
430         * assembler/AbstractMacroAssembler.h:
431         (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
432         (Imm32):
433         (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
434         (JSC::AbstractMacroAssembler::endUninterruptedSequence):
435         (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
436         (AbstractMacroAssembler):
437         (JSC::AbstractMacroAssembler::inUninterruptedSequence):
438         (JSC::AbstractMacroAssembler::random):
439         (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
440         (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
441         * assembler/MacroAssembler.h:
442         (JSC::MacroAssembler::addressForPoke):
443         (MacroAssembler):
444         (JSC::MacroAssembler::poke):
445         (JSC::MacroAssembler::branchPtr):
446         (JSC::MacroAssembler::branch32):
447         (JSC::MacroAssembler::convertInt32ToDouble):
448         (JSC::MacroAssembler::shouldBlind):
449         (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
450         (BlindedImm32):
451         (JSC::MacroAssembler::keyForConstant):
452         (JSC::MacroAssembler::xorBlindConstant):
453         (JSC::MacroAssembler::additionBlindedConstant):
454         (JSC::MacroAssembler::andBlindedConstant):
455         (JSC::MacroAssembler::orBlindedConstant):
456         (JSC::MacroAssembler::loadXorBlindedConstant):
457         (JSC::MacroAssembler::add32):
458         (JSC::MacroAssembler::addPtr):
459         (JSC::MacroAssembler::and32):
460         (JSC::MacroAssembler::andPtr):
461         (JSC::MacroAssembler::move):
462         (JSC::MacroAssembler::or32):
463         (JSC::MacroAssembler::store32):
464         (JSC::MacroAssembler::sub32):
465         (JSC::MacroAssembler::subPtr):
466         (JSC::MacroAssembler::xor32):
467         (JSC::MacroAssembler::branchAdd32):
468         (JSC::MacroAssembler::branchMul32):
469         (JSC::MacroAssembler::branchSub32):
470         (JSC::MacroAssembler::trustedImm32ForShift):
471         (JSC::MacroAssembler::lshift32):
472         (JSC::MacroAssembler::rshift32):
473         (JSC::MacroAssembler::urshift32):
474         * assembler/MacroAssemblerARMv7.h:
475         (MacroAssemblerARMv7):
476         (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
477         (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
478         * assembler/MacroAssemblerX86_64.h:
479         (JSC::MacroAssemblerX86_64::branchSubPtr):
480         (MacroAssemblerX86_64):
481         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
482         * dfg/DFGJITCompiler.cpp:
483         (JSC::DFG::JITCompiler::linkOSRExits):
484         (JSC::DFG::JITCompiler::compileBody):
485         (JSC::DFG::JITCompiler::compileFunction):
486         * dfg/DFGOSRExitCompiler32_64.cpp:
487         (JSC::DFG::OSRExitCompiler::compileExit):
488         * dfg/DFGOSRExitCompiler64.cpp:
489         (JSC::DFG::OSRExitCompiler::compileExit):
490         * dfg/DFGSpeculativeJIT.cpp:
491         (JSC::DFG::SpeculativeJIT::compile):
492         (JSC::DFG::SpeculativeJIT::compileArithSub):
493         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
494         * dfg/DFGSpeculativeJIT.h:
495         (JSC::DFG::SpeculativeJIT::callOperation):
496         * dfg/DFGSpeculativeJIT32_64.cpp:
497         (JSC::DFG::SpeculativeJIT::emitCall):
498         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
499         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
500         (JSC::DFG::SpeculativeJIT::compile):
501         * dfg/DFGSpeculativeJIT64.cpp:
502         (JSC::DFG::SpeculativeJIT::emitCall):
503         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
504         (JSC::DFG::SpeculativeJIT::compile):
505         * jit/JIT.cpp:
506         (JSC::JIT::privateCompileSlowCases):
507         (JSC::JIT::privateCompile):
508         * jit/JITArithmetic.cpp:
509         (JSC::JIT::compileBinaryArithOp):
510         (JSC::JIT::emit_op_add):
511         (JSC::JIT::emit_op_mul):
512         (JSC::JIT::emit_op_div):
513         * jit/JITArithmetic32_64.cpp:
514         (JSC::JIT::emitAdd32Constant):
515         (JSC::JIT::emitSub32Constant):
516         (JSC::JIT::emitBinaryDoubleOp):
517         (JSC::JIT::emitSlow_op_mul):
518         (JSC::JIT::emit_op_div):
519         * jit/JITCall.cpp:
520         (JSC::JIT::compileLoadVarargs):
521         * jit/JITCall32_64.cpp:
522         (JSC::JIT::compileLoadVarargs):
523         * jit/JITInlineMethods.h:
524         (JSC::JIT::updateTopCallFrame):
525         (JSC::JIT::emitValueProfilingSite):
526         * jit/JITOpcodes32_64.cpp:
527         (JSC::JIT::emitSlow_op_jfalse):
528         (JSC::JIT::emitSlow_op_jtrue):
529         * jit/JITStubCall.h:
530         (JITStubCall):
531         (JSC::JITStubCall::addArgument):
532         * yarr/YarrJIT.cpp:
533         (JSC::Yarr::YarrGenerator::backtrack):
534
535 2012-03-05  Gavin Barraclough  <barraclough@apple.com>
536
537         putByIndex should throw in strict mode
538         https://bugs.webkit.org/show_bug.cgi?id=80335
539
540         Reviewed by Filip Pizlo.
541
542         We'll need to pass an additional parameter.
543
544         Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
545         to match the method in the MethodTable, make this take a parameter indicating
546         whether the put should throw. This fixes the cases where the base of the put
547         is a primitive.
548
549         * dfg/DFGOperations.cpp:
550         (DFG):
551         (JSC::DFG::putByVal):
552         (JSC::DFG::operationPutByValInternal):
553         * interpreter/Interpreter.cpp:
554         (JSC::Interpreter::execute):
555         (JSC::Interpreter::privateExecute):
556         * jit/JITStubs.cpp:
557         (JSC::DEFINE_STUB_FUNCTION):
558         * llint/LLIntSlowPaths.cpp:
559         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
560         * runtime/JSObject.h:
561         (JSC::JSValue::putByIndex):
562         * runtime/JSValue.cpp:
563         (JSC):
564         * runtime/JSValue.h:
565         (JSValue):
566
567 2012-03-05  Sam Weinig  <sam@webkit.org>
568
569         Add support for hosting layers in the window server in WebKit2
570         <rdar://problem/10400246>
571         https://bugs.webkit.org/show_bug.cgi?id=80310
572
573         Reviewed by Anders Carlsson.
574
575         * wtf/Platform.h:
576         Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
577
578 2012-03-05  Filip Pizlo  <fpizlo@apple.com>
579
580         Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
581
582         * bytecode/ExecutionCounter.cpp:
583         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
584         * bytecode/ExecutionCounter.h:
585
586 2012-03-05  Patrick Gansterer  <paroga@webkit.org>
587
588         Unreviewed. Build fix for !ENABLE(JIT) after r109705.
589
590         * bytecode/ExecutionCounter.cpp:
591         * bytecode/ExecutionCounter.h:
592
593 2012-03-05  Andy Wingo  <wingo@igalia.com>
594
595         Lexer: Specialize character predicates for LChar, UChar
596         https://bugs.webkit.org/show_bug.cgi?id=79677
597
598         Reviewed by Oliver Hunt.
599
600         This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
601         and isLineTerminator to perform a more limited number of checks if
602         the lexer is being instantiated to work on LChar sequences.  This
603         is about a 1.5% win on the --parse-only suite, here.
604
605         * parser/Lexer.cpp:
606         (JSC::isLatin1): New static helper, specialized for LChar and
607         UChar.
608         (JSC::typesOfLatin1Characters): Rename from
609         typesOfASCIICharacters, and expand to the range of the LChar
610         type.  All uses of isASCII are changed to use isLatin1.  Generated
611         using libunistring.
612         (JSC::isNonLatin1IdentStart):
613         (JSC::isIdentStart):
614         (JSC::isNonLatin1IdentPart):
615         (JSC::isIdentPart):
616         (JSC::Lexer::shiftLineTerminator):
617         (JSC::Lexer::parseIdentifier):
618         (JSC::Lexer::parseIdentifierSlowCase):
619         (JSC::Lexer::parseStringSlowCase):
620         (JSC::Lexer::parseMultilineComment):
621         (JSC::Lexer::lex):
622         (JSC::Lexer::scanRegExp):
623         (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
624         * parser/Lexer.h:
625         (JSC::Lexer::isWhiteSpace):
626         (JSC::Lexer::isLineTerminator):
627         * KeywordLookupGenerator.py:
628         (Trie.printAsC): Declare specialized isIdentPart static functions.
629
630 2012-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
631
632         Unreviewed. Fix make distcheck.
633
634         * GNUmakefile.list.am: Add missing header file.
635
636 2012-03-05  Andy Wingo  <wingo@igalia.com>
637
638         WTF: Micro-optimize cleanup of empty vectors and hash tables
639         https://bugs.webkit.org/show_bug.cgi?id=79903
640
641         Reviewed by Michael Saboff and Geoffrey Garen.
642
643         This patch speeds up cleanup of vectors and hash tables whose
644         backing store was never allocated.  This is the case by default
645         for most vectors / hash tables that never had any entries added.
646
647         The result for me is that calling checkSyntax 1000 times on
648         concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
649         2.4% speedup.
650
651         * wtf/HashTable.h:
652         (WTF::HashTable::~HashTable):
653         (WTF::::clear): Don't deallocate the storage or frob member
654         variables if there is no backing storage.
655         * wtf/Vector.h:
656         (WTF::VectorBufferBase::deallocateBuffer): Likewise.
657
658 2012-03-04  Filip Pizlo  <fpizlo@apple.com>
659
660         JIT heuristics should be hyperbolic
661         https://bugs.webkit.org/show_bug.cgi?id=80055
662         <rdar://problem/10922260>
663
664         Reviewed by Oliver Hunt.
665         
666         Added tracking of the amount of executable memory typically used for a bytecode
667         instruction. Modified the execution counter scheme to use this, and the amount
668         of free memory, to determine how long to wait before invoking the JIT.
669         
670         The result is that even if we bomb the VM with more code than can fit in our
671         executable memory pool, we still keep running and almost never run out of
672         executable memory - which ensures that if we have to JIT something critical, then
673         we'll likely have enough memory to do so. This also does not regress performance
674         on the three main benchmarks.
675         
676         * CMakeLists.txt:
677         * GNUmakefile.list.am:
678         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
679         * JavaScriptCore.xcodeproj/project.pbxproj:
680         * Target.pri:
681         * bytecode/CodeBlock.cpp:
682         (JSC::CodeBlock::predictedMachineCodeSize):
683         (JSC):
684         (JSC::CodeBlock::usesOpcode):
685         * bytecode/CodeBlock.h:
686         (CodeBlock):
687         (JSC::CodeBlock::checkIfJITThresholdReached):
688         (JSC::CodeBlock::dontJITAnytimeSoon):
689         (JSC::CodeBlock::jitAfterWarmUp):
690         (JSC::CodeBlock::jitSoon):
691         (JSC::CodeBlock::llintExecuteCounter):
692         (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
693         (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
694         (JSC::CodeBlock::addressOfJITExecuteCounter):
695         (JSC::CodeBlock::offsetOfJITExecuteCounter):
696         (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
697         (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
698         (JSC::CodeBlock::jitExecuteCounter):
699         (JSC::CodeBlock::checkIfOptimizationThresholdReached):
700         (JSC::CodeBlock::optimizeNextInvocation):
701         (JSC::CodeBlock::dontOptimizeAnytimeSoon):
702         (JSC::CodeBlock::optimizeAfterWarmUp):
703         (JSC::CodeBlock::optimizeAfterLongWarmUp):
704         (JSC::CodeBlock::optimizeSoon):
705         * bytecode/ExecutionCounter.cpp: Added.
706         (JSC):
707         (JSC::ExecutionCounter::ExecutionCounter):
708         (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
709         (JSC::ExecutionCounter::setNewThreshold):
710         (JSC::ExecutionCounter::deferIndefinitely):
711         (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
712         (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
713         (JSC::ExecutionCounter::hasCrossedThreshold):
714         (JSC::ExecutionCounter::setThreshold):
715         (JSC::ExecutionCounter::reset):
716         * bytecode/ExecutionCounter.h: Added.
717         (JSC):
718         (ExecutionCounter):
719         (JSC::ExecutionCounter::formattedTotalCount):
720         * dfg/DFGOSRExitCompiler32_64.cpp:
721         (JSC::DFG::OSRExitCompiler::compileExit):
722         * dfg/DFGOSRExitCompiler64.cpp:
723         (JSC::DFG::OSRExitCompiler::compileExit):
724         * jit/ExecutableAllocator.cpp:
725         (JSC::DemandExecutableAllocator::allocateNewSpace):
726         (JSC::ExecutableAllocator::underMemoryPressure):
727         (JSC):
728         (JSC::ExecutableAllocator::memoryPressureMultiplier):
729         * jit/ExecutableAllocator.h:
730         * jit/ExecutableAllocatorFixedVMPool.cpp:
731         (JSC::ExecutableAllocator::memoryPressureMultiplier):
732         (JSC):
733         * jit/JIT.cpp:
734         (JSC::JIT::privateCompile):
735         * jit/JITStubs.cpp:
736         (JSC::DEFINE_STUB_FUNCTION):
737         * llint/LLIntSlowPaths.cpp:
738         (JSC::LLInt::jitCompileAndSetHeuristics):
739         * llint/LowLevelInterpreter32_64.asm:
740         * runtime/JSGlobalData.h:
741         (JSGlobalData):
742         * runtime/Options.cpp:
743         (Options):
744         (JSC::Options::initializeOptions):
745         * runtime/Options.h:
746         (Options):
747         * wtf/SimpleStats.h: Added.
748         (WTF):
749         (SimpleStats):
750         (WTF::SimpleStats::SimpleStats):
751         (WTF::SimpleStats::add):
752         (WTF::SimpleStats::operator!):
753         (WTF::SimpleStats::count):
754         (WTF::SimpleStats::sum):
755         (WTF::SimpleStats::sumOfSquares):
756         (WTF::SimpleStats::mean):
757         (WTF::SimpleStats::variance):
758         (WTF::SimpleStats::standardDeviation):
759
760 2012-03-04  Raphael Kubo da Costa  <kubo@profusion.mobi>
761
762         [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
763         https://bugs.webkit.org/show_bug.cgi?id=71507
764
765         Reviewed by Antonio Gomes.
766
767         * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
768
769 2012-03-04  David Kilzer  <ddkilzer@apple.com>
770
771         Fix build when the classic interpreter is enabled
772
773         Reviewed by Gavin Barraclough.
774
775         Fixes the following build error when running the "Generate
776         Derived Sources" build phase script:
777
778             offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
779             ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
780                     from JavaScriptCore/offlineasm/asm.rb:131
781             Command /bin/sh failed with exit code 1
782
783         Gavin's fix in r109674 avoided the #error statement in
784         JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
785         caused the "Generate Derived Sources" build phase script to fail
786         when JavaScriptCore/offlineasm/asm.rb was run.  The solution is
787         to detect when the classic interpreter is being built and simply
788         exit early from asm.rb in that case.
789
790         * llint/LLIntOffsetsExtractor.cpp:
791         (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
792         JIT is disabled.  Note that offsets.rb doesn't care about the
793         return value here, but instead it cares about finding the magic
794         values in the binary.  The magic values are no longer present
795         when the JIT is disabled.
796         * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
797         early with a status message.
798         * offlineasm/offsets.rb:
799         (MissingMagicValuesException): Add new exception class.
800         (offsetsAndConfigurationIndex): Throw
801         MissingMagicValuesException when no magic values are found.
802
803 2012-03-04  Jurij Smakov  <jurij@wooyd.org>
804
805         SPARC also needs aligned accesses.
806
807         Rubber-stamped by Gustavo Noronha Silva.
808
809         * wtf/Platform.h:
810
811 2012-03-04  Gavin Barraclough  <barraclough@apple.com>
812
813         Unreviewed build fix.
814
815         * jit/JITStubs.h:
816             - Move ENABLE(JIT) to head of file.
817
818 2012-03-03  Gavin Barraclough  <barraclough@apple.com>
819
820         Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
821         https://bugs.webkit.org/show_bug.cgi?id=80217
822
823         Reviewed by Filip Pizlo.
824
825         putByIndex() provides similar behavior to put(), but for indexed property names.
826         Many places in ArrayPrototype call putByIndex() where they really mean to call
827         [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
828         calling numeric accessors (& respecting numeric read only properties) on the
829         prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
830         putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
831
832         * runtime/ArrayPrototype.cpp:
833         (JSC::arrayProtoFuncConcat):
834         (JSC::arrayProtoFuncSlice):
835         (JSC::arrayProtoFuncFilter):
836         (JSC::arrayProtoFuncMap):
837         * runtime/JSArray.cpp:
838         (JSC):
839         (JSC::reject):
840         (JSC::SparseArrayValueMap::putDirect):
841         (JSC::JSArray::defineOwnNumericProperty):
842         (JSC::JSArray::putByIndexBeyondVectorLength):
843         (JSC::JSArray::putDirectIndexBeyondVectorLength):
844         * runtime/JSArray.h:
845         (SparseArrayValueMap):
846         (JSArray):
847         (JSC::JSArray::putDirectIndex):
848
849 2012-03-03  Benjamin Poulain  <benjamin@webkit.org>
850
851         Implement the basis of KURLWTFURL
852         https://bugs.webkit.org/show_bug.cgi?id=79600
853
854         Reviewed by Adam Barth.
855
856         Add an API to know if a ParsedURL is valid.
857
858         * wtf/url/api/ParsedURL.cpp:
859         (WTF::ParsedURL::ParsedURL):
860         (WTF):
861         (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
862         and by KURL's detach() on write.
863         (WTF::ParsedURL::baseAsString):
864         (WTF::ParsedURL::segment):
865         Add a stronger constraint on accessors: the client of this API should never ask for the segments
866         on an invalid URL.
867         * wtf/url/api/ParsedURL.h:
868         (WTF):
869         (WTF::ParsedURL::ParsedURL):
870         (ParsedURL):
871         (WTF::ParsedURL::isValid):
872
873 2012-03-03  Hans Wennborg  <hans@chromium.org>
874
875         Implement Speech JavaScript API
876         https://bugs.webkit.org/show_bug.cgi?id=80019
877
878         Reviewed by Adam Barth.
879
880         Add ENABLE_SCRIPTED_SPEECH.
881
882         * Configurations/FeatureDefines.xcconfig:
883
884 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
885
886         When getting the line number of a call into a call frame with no code block, it's
887         incorrect to rely on the returnPC
888         https://bugs.webkit.org/show_bug.cgi?id=80195
889
890         Reviewed by Oliver Hunt.
891
892         * interpreter/Interpreter.cpp:
893         (JSC::getCallerInfo):
894         * jit/JITCall.cpp:
895         (JSC::JIT::compileLoadVarargs):
896
897 2012-03-02  Han Hojong  <hojong.han@samsung.com>
898
899         Expected results updated for checking type conversion
900         https://bugs.webkit.org/show_bug.cgi?id=80138
901
902         Reviewed by Gavin Barraclough.
903
904         * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
905
906 2012-03-02  Kenichi Ishibashi  <bashi@chromium.org>
907
908         Adding WebSocket per-frame DEFLATE extension
909         https://bugs.webkit.org/show_bug.cgi?id=77522
910
911         Added USE(ZLIB) flag.
912
913         Reviewed by Kent Tamura.
914
915         * wtf/Platform.h:
916
917 2012-03-02  Filip Pizlo  <fpizlo@apple.com>
918
919         Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
920
921         * bytecode/CodeBlock.cpp:
922         (JSC::CodeBlock::visitAggregate):
923
924 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
925
926         DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
927         virtue of being in the transitive closure
928         https://bugs.webkit.org/show_bug.cgi?id=80098
929  
930         Reviewed by Anders Carlsson.
931         
932         If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
933         then you might have the visitAggregate() method called concurrently by multiple threads.
934         This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
935         racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
936         due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
937         
938         It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
939         not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
940         any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
941         Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
942         don't lead to two threads racing over each other as they clobber state. This patch
943         achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
944         trivially linearizable) will get to trace the CodeBlock; all other threads give up and
945         go home.
946         
947         Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
948         times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
949         even when it's gotten sufficient counts. But that takes a while - sometimes up to a
950         minute to get a crash. I have no other reliable repro case.
951
952         * bytecode/CodeBlock.cpp:
953         (JSC::CodeBlock::visitAggregate):
954         * bytecode/CodeBlock.h:
955         (DFGData):
956         * heap/DFGCodeBlocks.cpp:
957         (JSC::DFGCodeBlocks::clearMarks):
958
959 2012-03-01  Filip Pizlo  <fpizlo@apple.com>
960
961         The JIT should not crash the entire process just because there is not enough executable
962         memory, if the LLInt is enabled
963         https://bugs.webkit.org/show_bug.cgi?id=79962
964
965         Reviewed by Csaba Osztrogonác.
966         
967         Fix for ARM, SH4.
968
969         * assembler/AssemblerBufferWithConstantPool.h:
970         (JSC::AssemblerBufferWithConstantPool::executableCopy):
971
972 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
973
974         Revert my change. Broke builds.
975         Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
976         Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
977
978         * wtf/Atomics.h:
979         (WTF):
980         (WTF::weakCompareAndSwap):
981
982 2012-03-01  Ryosuke Niwa  <rniwa@webkit.org>
983
984         Gcc build fix.
985
986         Rubber-stamped by Filip Pizlo.
987
988         * wtf/Atomics.h:
989         (WTF):
990         (WTF::weakCompareAndSwap):
991
992 2012-03-01  Gavin Barraclough  <barraclough@apple.com>
993
994         ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
995         https://bugs.webkit.org/show_bug.cgi?id=80011
996
997         Reviewed by Oliver Hunt.
998
999         Also, fix getting the caller from within a bound function, for within a getter,
1000         or setter (make our implementation match other browsers).
1001
1002         * interpreter/Interpreter.cpp:
1003         (JSC::getCallerInfo):
1004             - Allow this to get the caller of host functions.
1005         (JSC::Interpreter::retrieveCallerFromVMCode):
1006             - This should use getCallerInfo, and should skip over function bindings.
1007         * runtime/JSFunction.cpp:
1008         (JSC::JSFunction::callerGetter):
1009             - This should never return a strict-mode function.
1010
1011 2012-03-01  Yuqiang Xian  <yuqiang.xian@intel.com>
1012
1013         DFG local CSE for a node can be terminated earlier
1014         https://bugs.webkit.org/show_bug.cgi?id=80014
1015
1016         Reviewed by Filip Pizlo.
1017
1018         When one of the node's childredn is met in the process of back traversing
1019         the nodes, we don't need to traverse the remaining nodes.
1020         This is performance neutral on SunSpider, V8 and Kraken.
1021
1022         * dfg/DFGCSEPhase.cpp:
1023         (JSC::DFG::CSEPhase::pureCSE):
1024         (JSC::DFG::CSEPhase::impureCSE):
1025         (JSC::DFG::CSEPhase::getByValLoadElimination):
1026         (JSC::DFG::CSEPhase::checkFunctionElimination):
1027         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1028         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1029         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1030         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1031
1032 2012-02-29  Yuqiang Xian  <yuqiang.xian@intel.com>
1033
1034         DFG BasicBlocks should not require that their nodes have continuous indices in the graph
1035         https://bugs.webkit.org/show_bug.cgi?id=79899
1036
1037         Reviewed by Filip Pizlo.
1038
1039         This will make it more convenient to insert nodes into the DFG.
1040         With this capability we now place the Phi nodes in the corresponding
1041         blocks.
1042         Local CSE is modified to not to rely on the assumption of continuous
1043         node indices in a block.
1044         This is performance neutral on SunSpider, V8 and Kraken.
1045
1046         * dfg/DFGAbstractState.cpp:
1047         (JSC::DFG::AbstractState::AbstractState):
1048         (JSC::DFG::AbstractState::beginBasicBlock):
1049         (JSC::DFG::AbstractState::execute):
1050         (JSC::DFG::AbstractState::clobberStructures):
1051         (JSC::DFG::AbstractState::mergeToSuccessors):
1052         (JSC::DFG::AbstractState::dump):
1053         * dfg/DFGAbstractState.h:
1054         (JSC::DFG::AbstractState::forNode):
1055         (AbstractState):
1056         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1057         (ArithNodeFlagsInferencePhase):
1058         * dfg/DFGBasicBlock.h:
1059         (JSC::DFG::BasicBlock::BasicBlock):
1060         (BasicBlock):
1061         * dfg/DFGByteCodeParser.cpp:
1062         (JSC::DFG::ByteCodeParser::addToGraph):
1063         (ByteCodeParser):
1064         (JSC::DFG::ByteCodeParser::insertPhiNode):
1065         (JSC::DFG::ByteCodeParser::handleInlining):
1066         (JSC::DFG::ByteCodeParser::parseBlock):
1067         (JSC::DFG::ByteCodeParser::processPhiStack):
1068         (JSC::DFG::ByteCodeParser::linkBlock):
1069         (JSC::DFG::ByteCodeParser::determineReachability):
1070         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1071         * dfg/DFGCFAPhase.cpp:
1072         (JSC::DFG::CFAPhase::performBlockCFA):
1073         (CFAPhase):
1074         * dfg/DFGCSEPhase.cpp:
1075         (JSC::DFG::CSEPhase::CSEPhase):
1076         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1077         (JSC::DFG::CSEPhase::pureCSE):
1078         (JSC::DFG::CSEPhase::impureCSE):
1079         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1080         (JSC::DFG::CSEPhase::getByValLoadElimination):
1081         (JSC::DFG::CSEPhase::checkFunctionElimination):
1082         (JSC::DFG::CSEPhase::checkStructureLoadElimination):
1083         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1084         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1085         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1086         (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
1087         (JSC::DFG::CSEPhase::performNodeCSE):
1088         (JSC::DFG::CSEPhase::performBlockCSE):
1089         (CSEPhase):
1090         * dfg/DFGGraph.cpp:
1091         (JSC::DFG::Graph::dump):
1092         * dfg/DFGPhase.cpp:
1093         (JSC::DFG::Phase::beginPhase):
1094         * dfg/DFGSpeculativeJIT.cpp:
1095         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1096         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1097         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1098         (JSC::DFG::SpeculativeJIT::compile):
1099         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
1100         (JSC::DFG::SpeculativeJIT::compileStrictEq):
1101         * dfg/DFGSpeculativeJIT.h:
1102         (SpeculativeJIT):
1103         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
1104         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1105         * dfg/DFGSpeculativeJIT32_64.cpp:
1106         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1107         * dfg/DFGSpeculativeJIT64.cpp:
1108         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
1109         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1110         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1111
1112 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
1113
1114         The JIT should not crash the entire process just because there is not
1115         enough executable memory, if the LLInt is enabled
1116         https://bugs.webkit.org/show_bug.cgi?id=79962
1117         <rdar://problem/10922215>
1118
1119         Unreviewed, adding forgotten file.
1120
1121         * jit/JITCompilationEffort.h: Added.
1122         (JSC):
1123
1124 2012-02-29  Filip Pizlo  <fpizlo@apple.com>
1125
1126         The JIT should not crash the entire process just because there is not
1127         enough executable memory, if the LLInt is enabled
1128         https://bugs.webkit.org/show_bug.cgi?id=79962
1129         <rdar://problem/10922215>
1130
1131         Reviewed by Gavin Barraclough.
1132         
1133         Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
1134         a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
1135         JITCompilationMustSucceed. This preserves the old behavior of LLInt is
1136         disabled or if we're compiling something that can't be interpreted (like
1137         an OSR exit stub).
1138
1139         * JavaScriptCore.xcodeproj/project.pbxproj:
1140         * assembler/ARMAssembler.cpp:
1141         (JSC::ARMAssembler::executableCopy):
1142         * assembler/ARMAssembler.h:
1143         (ARMAssembler):
1144         * assembler/AssemblerBuffer.h:
1145         (JSC::AssemblerBuffer::executableCopy):
1146         * assembler/LinkBuffer.h:
1147         (JSC::LinkBuffer::LinkBuffer):
1148         (JSC::LinkBuffer::~LinkBuffer):
1149         (LinkBuffer):
1150         (JSC::LinkBuffer::didFailToAllocate):
1151         (JSC::LinkBuffer::isValid):
1152         (JSC::LinkBuffer::linkCode):
1153         (JSC::LinkBuffer::performFinalization):
1154         * assembler/MIPSAssembler.h:
1155         (JSC::MIPSAssembler::executableCopy):
1156         * assembler/SH4Assembler.h:
1157         (JSC::SH4Assembler::executableCopy):
1158         * assembler/X86Assembler.h:
1159         (JSC::X86Assembler::executableCopy):
1160         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
1161         * bytecode/CodeBlock.cpp:
1162         (JSC::ProgramCodeBlock::jitCompileImpl):
1163         (JSC::EvalCodeBlock::jitCompileImpl):
1164         (JSC::FunctionCodeBlock::jitCompileImpl):
1165         * bytecode/CodeBlock.h:
1166         (JSC::CodeBlock::jitCompile):
1167         (CodeBlock):
1168         (ProgramCodeBlock):
1169         (EvalCodeBlock):
1170         (FunctionCodeBlock):
1171         * dfg/DFGDriver.cpp:
1172         (JSC::DFG::compile):
1173         * dfg/DFGJITCompiler.cpp:
1174         (JSC::DFG::JITCompiler::compile):
1175         (JSC::DFG::JITCompiler::compileFunction):
1176         * dfg/DFGJITCompiler.h:
1177         (JITCompiler):
1178         * jit/ExecutableAllocator.cpp:
1179         (JSC::DemandExecutableAllocator::allocateNewSpace):
1180         (JSC::ExecutableAllocator::allocate):
1181         * jit/ExecutableAllocator.h:
1182         (ExecutableAllocator):
1183         * jit/ExecutableAllocatorFixedVMPool.cpp:
1184         (JSC::ExecutableAllocator::allocate):
1185         * jit/JIT.cpp:
1186         (JSC::JIT::privateCompile):
1187         * jit/JIT.h:
1188         (JSC::JIT::compile):
1189         (JIT):
1190         * jit/JITCompilationEffort.h: Added.
1191         (JSC):
1192         * jit/JITDriver.h:
1193         (JSC::jitCompileIfAppropriate):
1194         (JSC::jitCompileFunctionIfAppropriate):
1195         * llint/LLIntSlowPaths.cpp:
1196         (LLInt):
1197         (JSC::LLInt::jitCompileAndSetHeuristics):
1198         (JSC::LLInt::entryOSR):
1199         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1200         * runtime/Executable.cpp:
1201         (JSC::EvalExecutable::jitCompile):
1202         (JSC::ProgramExecutable::jitCompile):
1203         (JSC::FunctionExecutable::jitCompileForCall):
1204         (JSC::FunctionExecutable::jitCompileForConstruct):
1205         * runtime/Executable.h:
1206         (EvalExecutable):
1207         (ProgramExecutable):
1208         (FunctionExecutable):
1209         (JSC::FunctionExecutable::jitCompileFor):
1210         * runtime/ExecutionHarness.h:
1211         (JSC::prepareForExecution):
1212         (JSC::prepareFunctionForExecution):
1213
1214 2012-02-29  No'am Rosenthal  <noam.rosenthal@nokia.com>
1215
1216         [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
1217         https://bugs.webkit.org/show_bug.cgi?id=79501
1218
1219         Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
1220
1221         Reviewed by Kenneth Rohde Christiansen.
1222
1223         * wtf/Platform.h:
1224
1225 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
1226
1227         Rubber stamped by Oliver Hunt.
1228
1229         * tests/mozilla/ecma_2/RegExp/constructor-001.js:
1230         * tests/mozilla/ecma_2/RegExp/function-001.js:
1231         * tests/mozilla/ecma_2/RegExp/properties-001.js:
1232             - Check in new test cases results.
1233
1234 2012-02-29  Mark Rowe  <mrowe@apple.com>
1235
1236         Stop installing JSCLLIntOffsetsExtractor.
1237
1238         Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
1239         that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
1240         This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
1241
1242         While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
1243         for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
1244         to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
1245         allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
1246
1247         Reviewed by Filip Pizlo.
1248
1249         * Configurations/TestRegExp.xcconfig: Removed.
1250         * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
1251         * JavaScriptCore.xcodeproj/project.pbxproj:
1252
1253 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
1254
1255         RefCounted::deprecatedTurnOffVerifier() should not be deprecated
1256         https://bugs.webkit.org/show_bug.cgi?id=79864
1257
1258         Reviewed by Oliver Hunt.
1259         
1260         Removed the word "deprecated" from the name of this method, since this method
1261         should not be deprecated. It works just fine as it is, and there is simply no
1262         alternative to calling this method for many interesting JSC classes.
1263
1264         * parser/SourceProvider.h:
1265         (JSC::SourceProvider::SourceProvider):
1266         * runtime/SymbolTable.h:
1267         (JSC::SharedSymbolTable::SharedSymbolTable):
1268         * wtf/MetaAllocator.cpp:
1269         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
1270         (WTF::MetaAllocator::allocate):
1271         * wtf/RefCounted.h:
1272         (RefCountedBase):
1273         (WTF::RefCountedBase::turnOffVerifier):
1274
1275 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
1276
1277         'source' property of RegExp instance cannot be ""
1278         https://bugs.webkit.org/show_bug.cgi?id=79938
1279
1280         Reviewed by Oliver Hunt.
1281
1282         15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
1283         and also states that the result must be a valid RegularExpressionLiteral. '//' is
1284         not a valid RegularExpressionLiteral (since it is a single line comment), and hence
1285         source cannot ever validly be "". If the source is empty, return a different Pattern
1286         that would match the same thing.
1287
1288         * runtime/RegExpObject.cpp:
1289         (JSC::regExpObjectSource):
1290             - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
1291         * runtime/RegExpPrototype.cpp:
1292         (JSC::regExpProtoFuncToString):
1293             - No need to special case the empty string - this should be being done by 'source'.
1294
1295 2012-02-29  Gavin Barraclough  <barraclough@apple.com>
1296
1297         Writable attribute not set correctly when redefining an accessor to a data descriptor
1298         https://bugs.webkit.org/show_bug.cgi?id=79931
1299
1300         Reviewed by Oliver Hunt.
1301
1302         * runtime/JSObject.cpp:
1303         (JSC::JSObject::defineOwnProperty):
1304             - use attributesOverridingCurrent instead of attributesWithOverride.
1305         * runtime/PropertyDescriptor.cpp:
1306         * runtime/PropertyDescriptor.h:
1307             - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
1308
1309 2012-02-29  Kevin Ollivier  <kevino@theolliviers.com>
1310
1311         Add JSCore symbol exports needed by wx port
1312         https://bugs.webkit.org/show_bug.cgi?id=77280
1313
1314         Reviewed by Hajime Morita.
1315
1316         * wtf/ArrayBufferView.h:
1317         * wtf/ExportMacros.h:
1318
1319 2012-02-28  Raphael Kubo da Costa  <kubo@profusion.mobi>
1320
1321         [CMake] Always build wtf as a static library.
1322         https://bugs.webkit.org/show_bug.cgi?id=79857
1323
1324         Reviewed by Eric Seidel.
1325
1326         To help the efforts in bug 75673 to move WTF out of
1327         JavaScriptCore, act more like the other ports and remove the
1328         possibility of building WTF as a shared library.
1329
1330         It does not make much sense to, for example, ship WTF as a
1331         separate .so with webkit-efl packages, and it should be small
1332         enough not to cause problems during linking.
1333
1334         * wtf/CMakeLists.txt:
1335
1336 2012-02-28  Dmitry Lomov  <dslomov@google.com>
1337
1338         [JSC] Implement ArrayBuffer transfer
1339         https://bugs.webkit.org/show_bug.cgi?id=73493.
1340         Implement ArrayBuffer transfer, per Khronos spec:  http://www.khronos.org/registry/typedarray/specs/latest/#9.
1341         This brings parity with V8 implementation of transferable typed arrays.
1342
1343         Reviewed by Oliver Hunt.
1344
1345         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
1346         * wtf/ArrayBuffer.h:
1347         (ArrayBuffer): Added extra export.
1348
1349 2012-02-28  Kevin Ollivier  <kevino@theolliviers.com>
1350
1351         [wx] Unreviewed. Build fix after recent LLInt additions.
1352         
1353         * wscript:
1354
1355 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1356
1357         Refactor SpeculativeJIT::emitAllocateJSFinalObject
1358         https://bugs.webkit.org/show_bug.cgi?id=79801
1359
1360         Reviewed by Filip Pizlo.
1361
1362         * dfg/DFGSpeculativeJIT.h:
1363         (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
1364         function, which is more generic in that it can allocate a variety of classes.
1365         (SpeculativeJIT):
1366         (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
1367
1368 2012-02-28  Gavin Barraclough  <barraclough@apple.com>
1369
1370         [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
1371         https://bugs.webkit.org/show_bug.cgi?id=79588
1372
1373         Reviewed by Oliver Hunt.
1374
1375         In the case of [[Get]], this is a pretty trivial bug - just don't wrap
1376         primitives at the point you call a getter.
1377
1378         For setters, this is a little more involved, since we have already wrapped
1379         the value up in a synthesized object. Stop doing so. There is also a further
1380         subtely, that in strict mode all attempts to create a new data property on
1381         the object should throw.
1382
1383         * runtime/JSCell.cpp:
1384         (JSC::JSCell::put):
1385             - [[Put]] to a string primitive should use JSValue::putToPrimitive.
1386         * runtime/JSObject.cpp:
1387         (JSC::JSObject::put):
1388             - Remove static function called in one place.
1389         * runtime/JSObject.h:
1390         (JSC::JSValue::put):
1391             - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
1392         * runtime/JSValue.cpp:
1393         (JSC::JSValue::synthesizePrototype):
1394             - Add support for synthesizing the prototype of strings.
1395         (JSC::JSValue::putToPrimitive):
1396             - Added, implements [[Put]] for primitive bases, per 8.7.2.
1397         * runtime/JSValue.h:
1398         (JSValue):
1399             - Add declaration for JSValue::putToPrimitive.
1400         * runtime/PropertySlot.cpp:
1401         (JSC::PropertySlot::functionGetter):
1402             - Don't call ToObject on primitive this values.
1403
1404 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1405
1406         Re-enable parallel GC on Mac
1407         https://bugs.webkit.org/show_bug.cgi?id=79837
1408
1409         Rubber stamped by Filip Pizlo.
1410
1411         * runtime/Options.cpp:
1412         (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
1413         so we removed it and things should go back to normal.
1414
1415 2012-02-28  Filip Pizlo  <fpizlo@apple.com>
1416
1417         Some run-javascriptcore-tests broken for 32-bit debug
1418         https://bugs.webkit.org/show_bug.cgi?id=79844
1419
1420         Rubber stamped by Oliver Hunt.
1421         
1422         These assertions are just plain wrong for 32-bit. We could either have a massive
1423         assertion that depends on value representation, that has to be changed every
1424         time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
1425         could get rid of the assertions. I pick the latter.
1426
1427         * dfg/DFGOperations.cpp:
1428         * jit/JITStubs.cpp:
1429         (JSC::DEFINE_STUB_FUNCTION):
1430
1431 2012-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
1432
1433         Get rid of padding cruft in CopiedBlock
1434         https://bugs.webkit.org/show_bug.cgi?id=79686
1435
1436         Reviewed by Filip Pizlo.
1437
1438         * heap/CopiedBlock.h:
1439         (CopiedBlock): Removed the extra padding that was used for alignment purposes until 
1440         the calculation of the payload offset into CopiedBlocks was redone recently.
1441
1442 2012-02-28  Anders Carlsson  <andersca@apple.com>
1443
1444         Fix build with newer versions of clang.
1445
1446         Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
1447         but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
1448         takes a string literal.
1449
1450         * wtf/Assertions.cpp:
1451
1452 2012-02-28  Mario Sanchez Prada  <msanchez@igalia.com>
1453
1454         [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
1455         https://bugs.webkit.org/show_bug.cgi?id=79496
1456
1457         Reviewed by Martin Robinson.
1458
1459         Handle GMainLoop and GMainContext in GRefPtr, by calling
1460         g_main_loop_(un)ref and g_main_context_(un)ref in the
1461         implementation of the refGPtr and derefGPtr template functions.
1462
1463         * wtf/gobject/GRefPtr.cpp:
1464         (WTF::refGPtr):
1465         (WTF):
1466         (WTF::derefGPtr):
1467         * wtf/gobject/GRefPtr.h:
1468         (WTF):
1469         * wtf/gobject/GTypedefs.h:
1470
1471 2012-02-28  Yong Li  <yoli@rim.com>
1472
1473         JSString::resolveRope() should report extra memory cost to the heap.
1474         https://bugs.webkit.org/show_bug.cgi?id=79555
1475
1476         Reviewed by Michael Saboff.
1477
1478         At the time a JSString is constructed with fibers, it doesn't report
1479         extra memory cost, which is reasonable because it hasn't allocate
1480         new memory. However when the rope is resolved, it should report meory
1481         cost for the new buffer.
1482
1483         * runtime/JSString.cpp:
1484         (JSC::JSString::resolveRope):
1485
1486 2012-02-27  Oliver Hunt  <oliver@apple.com>
1487
1488         sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
1489         https://bugs.webkit.org/show_bug.cgi?id=79728
1490
1491         Reviewed by Gavin Barraclough.
1492
1493         When initialising a chained get instruction we may end up in a state where
1494         the instruction stream says we have a scopechain, but it has not yet been set
1495         (eg. if allocating the StructureChain itself is what leads to the GC).  We could
1496         re-order the allocation, but it occurs in a couple of places, so it seems less
1497         fragile simply to null check the scopechain slot before we actually visit the slot.
1498
1499         * bytecode/CodeBlock.cpp:
1500         (JSC::CodeBlock::visitStructures):
1501
1502 2012-02-27  Filip Pizlo  <fpizlo@apple.com>
1503
1504         Old JIT's style of JSVALUE64 strict equality is subtly wrong
1505         https://bugs.webkit.org/show_bug.cgi?id=79700
1506
1507         Reviewed by Oliver Hunt.
1508
1509         * assembler/MacroAssemblerX86_64.h:
1510         (JSC::MacroAssemblerX86_64::comparePtr):
1511         (MacroAssemblerX86_64):
1512         * dfg/DFGOperations.cpp:
1513         * dfg/DFGSpeculativeJIT.cpp:
1514         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1515         * dfg/DFGSpeculativeJIT64.cpp:
1516         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
1517         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
1518         * jit/JITOpcodes.cpp:
1519         (JSC::JIT::compileOpStrictEq):
1520         (JSC::JIT::emitSlow_op_stricteq):
1521         (JSC::JIT::emitSlow_op_nstricteq):
1522         * jit/JITStubs.cpp:
1523         (JSC::DEFINE_STUB_FUNCTION):
1524
1525 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
1526
1527         Implement support for op_negate and op_bitnot in the DFG JIT
1528         https://bugs.webkit.org/show_bug.cgi?id=79617
1529
1530         Reviewed by Filip Pizlo.
1531
1532         Add an ArithNegate op to the DFG JIT, to implement op_negate.
1533
1534         This patch also adds support for op_negate to the JSVALUE64 baseline JIT
1535         (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
1536
1537         This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
1538
1539         * assembler/ARMv7Assembler.h:
1540         (JSC::ARMv7Assembler::sub_S):
1541             - Added sub_S from immediate.
1542         (ARMv7Assembler):
1543         (JSC::ARMv7Assembler::vneg):
1544             - Added double negate.
1545         * assembler/MacroAssemblerARMv7.h:
1546         (JSC::MacroAssemblerARMv7::negateDouble):
1547             - Added double negate.
1548         (MacroAssemblerARMv7):
1549         (JSC::MacroAssemblerARMv7::branchNeg32):
1550             - Added.
1551         * assembler/MacroAssemblerX86.h:
1552         (MacroAssemblerX86):
1553             - moved loadDouble, absDouble to common.
1554         * assembler/MacroAssemblerX86Common.h:
1555         (MacroAssemblerX86Common):
1556         (JSC::MacroAssemblerX86Common::absDouble):
1557             - implementation can be shared.
1558         (JSC::MacroAssemblerX86Common::negateDouble):
1559             - Added.
1560         (JSC::MacroAssemblerX86Common::loadDouble):
1561             - allow absDouble to have a common implementation.
1562         * assembler/MacroAssemblerX86_64.h:
1563         (MacroAssemblerX86_64):
1564             - moved loadDouble, absDouble to common.
1565         * dfg/DFGAbstractState.cpp:
1566         (JSC::DFG::AbstractState::execute):
1567             - support ArithNegate.
1568         * dfg/DFGArithNodeFlagsInferencePhase.cpp:
1569         (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
1570             - support ArithNegate.
1571         * dfg/DFGByteCodeParser.cpp:
1572         (JSC::DFG::ByteCodeParser::makeSafe):
1573             - support ArithNegate.
1574         (JSC::DFG::ByteCodeParser::parseBlock):
1575             - support op_negate.
1576         * dfg/DFGCSEPhase.cpp:
1577         (JSC::DFG::CSEPhase::performNodeCSE):
1578             - support ArithNegate.
1579         * dfg/DFGCapabilities.h:
1580         (JSC::DFG::canCompileOpcode):
1581             - support op_negate.
1582         * dfg/DFGGraph.h:
1583         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1584             - support ArithNegate.
1585         * dfg/DFGNode.h:
1586         (JSC::DFG::Node::hasArithNodeFlags):
1587             - support ArithNegate.
1588         * dfg/DFGPredictionPropagationPhase.cpp:
1589         (JSC::DFG::PredictionPropagationPhase::propagate):
1590             - support ArithNegate.
1591         * dfg/DFGSpeculativeJIT.cpp:
1592         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1593             - support ArithNegate.
1594         * dfg/DFGSpeculativeJIT.h:
1595         (SpeculativeJIT):
1596             - support ArithNegate.
1597         * dfg/DFGSpeculativeJIT32_64.cpp:
1598         (JSC::DFG::SpeculativeJIT::compile):
1599             - support ArithNegate.
1600         * dfg/DFGSpeculativeJIT64.cpp:
1601         (JSC::DFG::SpeculativeJIT::compile):
1602             - support ArithNegate.
1603         * jit/JIT.cpp:
1604         (JSC::JIT::privateCompileMainPass):
1605         (JSC::JIT::privateCompileSlowCases):
1606             - Add support for op_negate in JSVALUE64.
1607         * jit/JITArithmetic.cpp:
1608         (JSC::JIT::emit_op_negate):
1609         (JSC::JIT::emitSlow_op_negate):
1610             - Add support for op_negate in JSVALUE64.
1611
1612 2012-02-27  Mahesh Kulkarni  <mahesh.kulkarni@nokia.com>
1613
1614         Unreviewed. Build fix for linux-bot (qt) after r109021.
1615
1616         * runtime/Error.cpp:
1617
1618 2012-02-27  Oliver Hunt  <oliver@apple.com>
1619
1620         REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
1621         https://bugs.webkit.org/show_bug.cgi?id=79693
1622
1623         Reviewed by Filip Pizlo.
1624
1625         Alas we can't provide the stack trace as an array, as despite everyone wanting
1626         an array, everyone arbitrarily creates the array by calling split on the stack
1627         trace.  To create the array we would have provided them in the first place.
1628
1629         This changes the exception's stack property to a \n separated string.  To get the
1630         old array just do <exception>.stack.split("\n").
1631
1632         * runtime/Error.cpp:
1633         (JSC::addErrorInfo):
1634
1635 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
1636
1637         RegExp lastIndex should behave as a regular property
1638         https://bugs.webkit.org/show_bug.cgi?id=79446
1639
1640         Reviewed by Sam Weinig.
1641
1642         lastIndex should be a regular data descriptor, with the attributes configurable:false,
1643         enumerable:false, writable:true. As such, it should be possible to reconfigure writable
1644         as false. If the lastIndex property is reconfigured to be read-only, we should respect
1645         this correctly.
1646
1647         * runtime/CommonIdentifiers.h:
1648             - Removed some unused identifiers, added lastIndex.
1649         * runtime/RegExpObject.cpp:
1650         (JSC::RegExpObject::getOwnPropertySlot):
1651             - lastIndex is no longer a static value, provided specific handling.
1652         (JSC::RegExpObject::getOwnPropertyDescriptor):
1653             - lastIndex is no longer a static value, provided specific handling.
1654         (JSC::RegExpObject::deleteProperty):
1655             - lastIndex is no longer a static value, provided specific handling.
1656         (JSC::RegExpObject::getOwnPropertyNames):
1657             - lastIndex is no longer a static value, provided specific handling.
1658         (JSC::RegExpObject::getPropertyNames):
1659             - lastIndex is no longer a static value, provided specific handling.
1660         (JSC::reject):
1661             - helper function for defineOwnProperty.
1662         (JSC::RegExpObject::defineOwnProperty):
1663             - lastIndex is no longer a static value, provided specific handling.
1664         (JSC::RegExpObject::put):
1665             - lastIndex is no longer a static value, provided specific handling.
1666         (JSC::RegExpObject::match):
1667             - Pass setLastIndex an ExecState, so it can throw if read-only.
1668         * runtime/RegExpObject.h:
1669         (JSC::RegExpObject::setLastIndex):
1670             - Pass setLastIndex an ExecState, so it can throw if read-only.
1671         (RegExpObjectData):
1672             - Added lastIndexIsWritable.
1673         * runtime/RegExpPrototype.cpp:
1674         (JSC::regExpProtoFuncCompile):
1675             - Pass setLastIndex an ExecState, so it can throw if read-only.
1676
1677 2012-02-27  Gavin Barraclough  <barraclough@apple.com>
1678
1679         Implement support for op_negate and op_bitnot in the DFG JIT
1680         https://bugs.webkit.org/show_bug.cgi?id=79617
1681
1682         Reviewed by Sam Weinig.
1683
1684         Remove op_bitnop - this is redundant, ~x === x^-1.
1685         This is a fractional (<1%) progression.
1686
1687         Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
1688         Remove CanReuse from the result type - this was unused.
1689         Remove op_bitnot.
1690
1691         * assembler/MacroAssemblerARM.h:
1692         (MacroAssemblerARM):
1693         (JSC::MacroAssemblerARM::xor32):
1694         * assembler/MacroAssemblerARMv7.h:
1695         (MacroAssemblerARMv7):
1696         (JSC::MacroAssemblerARMv7::xor32):
1697         * assembler/MacroAssemblerMIPS.h:
1698         (MacroAssemblerMIPS):
1699         (JSC::MacroAssemblerMIPS::xor32):
1700         * assembler/MacroAssemblerSH4.h:
1701         (MacroAssemblerSH4):
1702         (JSC::MacroAssemblerSH4::xor32):
1703         * assembler/MacroAssemblerX86Common.h:
1704         (MacroAssemblerX86Common):
1705         (JSC::MacroAssemblerX86Common::xor32):
1706         * bytecode/CodeBlock.cpp:
1707         (JSC::CodeBlock::dump):
1708         * bytecode/Opcode.h:
1709         (JSC):
1710         (JSC::padOpcodeName):
1711         * bytecompiler/NodesCodegen.cpp:
1712         (JSC):
1713         (JSC::BitwiseNotNode::emitBytecode):
1714         * interpreter/Interpreter.cpp:
1715         (JSC::Interpreter::privateExecute):
1716         * jit/JIT.cpp:
1717         (JSC::JIT::privateCompileMainPass):
1718         (JSC::JIT::privateCompileSlowCases):
1719         * jit/JIT.h:
1720         (JIT):
1721         * jit/JITArithmetic32_64.cpp:
1722         (JSC):
1723         * jit/JITOpcodes.cpp:
1724         (JSC):
1725         * jit/JITStubs.cpp:
1726         (JSC):
1727         * jit/JITStubs.h:
1728         * llint/LLIntSlowPaths.cpp:
1729         (LLInt):
1730         * llint/LLIntSlowPaths.h:
1731         (LLInt):
1732         * llint/LowLevelInterpreter32_64.asm:
1733         * parser/NodeConstructors.h:
1734         (JSC::NegateNode::NegateNode):
1735         (JSC::BitwiseNotNode::BitwiseNotNode):
1736         (JSC::MultNode::MultNode):
1737         (JSC::DivNode::DivNode):
1738         (JSC::ModNode::ModNode):
1739         (JSC::SubNode::SubNode):
1740         (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
1741         * parser/Nodes.h:
1742         (BitwiseNotNode):
1743         (JSC::BitwiseNotNode::expr):
1744         (JSC):
1745         * parser/ResultType.h:
1746         (ResultType):
1747         (JSC::ResultType::numberTypeIsInt32):
1748         (JSC::ResultType::stringOrNumberType):
1749         (JSC::ResultType::forAdd):
1750         (JSC::ResultType::forBitOp):
1751
1752 2012-02-27  Michael Saboff  <msaboff@apple.com>
1753
1754         Error check regexp min quantifier
1755         https://bugs.webkit.org/show_bug.cgi?id=70648
1756
1757         Reviewed by Gavin Barraclough.
1758
1759         Added checking for min or only quantifier being UINT_MAX.
1760         When encountered this becomes a SyntaxError during parsing.
1761
1762         * yarr/YarrParser.h:
1763         (JSC::Yarr::Parser::parseQuantifier):
1764         (JSC::Yarr::Parser::parse):
1765         (Parser):
1766
1767 2012-02-27  Carlos Garcia Campos  <cgarcia@igalia.com>
1768
1769         Unreviewed. Fix make distcheck.
1770
1771         * GNUmakefile.list.am: Add missing files.
1772
1773 2012-02-26  Hajime Morrita  <morrita@chromium.org>
1774
1775         Move ChromeClient::showContextMenu() to ContextMenuClient
1776         https://bugs.webkit.org/show_bug.cgi?id=79427
1777
1778         Reviewed by Adam Barth.
1779
1780         Added ACCESSIBILITY_CONTEXT_MENUS.
1781
1782         * wtf/Platform.h:
1783
1784 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
1785
1786         LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
1787         https://bugs.webkit.org/show_bug.cgi?id=79616
1788
1789         Reviewed by Oliver Hunt.
1790         
1791         Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
1792
1793         * dfg/DFGAbstractValue.h:
1794         (JSC::DFG::AbstractValue::validate):
1795
1796 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
1797
1798         DFG should support activations and nested functions
1799         https://bugs.webkit.org/show_bug.cgi?id=79554
1800
1801         Reviewed by Sam Weinig.
1802         
1803         Fix 32-bit. The 32-bit function+activation code had some really weird
1804         register reuse bugs.
1805
1806         * dfg/DFGSpeculativeJIT32_64.cpp:
1807         (JSC::DFG::SpeculativeJIT::compile):
1808
1809 2012-02-26  Filip Pizlo  <fpizlo@apple.com>
1810
1811         Getting the instruction stream for a code block should not require two loads
1812         https://bugs.webkit.org/show_bug.cgi?id=79608
1813
1814         Reviewed by Sam Weinig.
1815         
1816         Introduced the RefCountedArray class, which contains a single inline pointer
1817         to a ref-counted non-resizeable vector backing store. This satisfies the
1818         requirements of CodeBlock, which desires the ability to share instruction
1819         streams with other CodeBlocks. It also reduces the number of loads required
1820         for getting the instruction stream by one.
1821         
1822         This patch also gets rid of the bytecode discarding logic, since we don't
1823         use it anymore and it's unlikely to ever work right with DFG or LLInt. And
1824         I didn't feel like porting dead code to use RefCountedArray.
1825
1826         * GNUmakefile.list.am:
1827         * JavaScriptCore.xcodeproj/project.pbxproj:
1828         * bytecode/CodeBlock.cpp:
1829         (JSC::instructionOffsetForNth):
1830         (JSC::CodeBlock::dump):
1831         (JSC::CodeBlock::CodeBlock):
1832         (JSC::CodeBlock::finalizeUnconditionally):
1833         (JSC::CodeBlock::handlerForBytecodeOffset):
1834         (JSC::CodeBlock::lineNumberForBytecodeOffset):
1835         (JSC::CodeBlock::expressionRangeForBytecodeOffset):
1836         (JSC::CodeBlock::shrinkToFit):
1837         * bytecode/CodeBlock.h:
1838         (CodeBlock):
1839         (JSC::CodeBlock::numberOfInstructions):
1840         (JSC::CodeBlock::instructions):
1841         (JSC::CodeBlock::instructionCount):
1842         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1843         (JSC):
1844         * bytecompiler/BytecodeGenerator.cpp:
1845         (JSC::Label::setLocation):
1846         (JSC):
1847         (JSC::BytecodeGenerator::generate):
1848         (JSC::BytecodeGenerator::newLabel):
1849         * bytecompiler/BytecodeGenerator.h:
1850         (JSC):
1851         (BytecodeGenerator):
1852         (JSC::BytecodeGenerator::instructions):
1853         * bytecompiler/Label.h:
1854         (JSC::Label::Label):
1855         (Label):
1856         * dfg/DFGByteCodeCache.h:
1857         (JSC::DFG::ByteCodeCache::~ByteCodeCache):
1858         (JSC::DFG::ByteCodeCache::get):
1859         * jit/JITExceptions.cpp:
1860         (JSC::genericThrow):
1861         * llint/LowLevelInterpreter32_64.asm:
1862         * runtime/Executable.cpp:
1863         (JSC::EvalExecutable::compileInternal):
1864         (JSC::ProgramExecutable::compileInternal):
1865         (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
1866         (JSC::FunctionExecutable::produceCodeBlockFor):
1867         * wtf/RefCountedArray.h: Added.
1868         (WTF):
1869         (RefCountedArray):
1870         (WTF::RefCountedArray::RefCountedArray):
1871         (WTF::RefCountedArray::operator=):
1872         (WTF::RefCountedArray::~RefCountedArray):
1873         (WTF::RefCountedArray::size):
1874         (WTF::RefCountedArray::data):
1875         (WTF::RefCountedArray::begin):
1876         (WTF::RefCountedArray::end):
1877         (WTF::RefCountedArray::at):
1878         (WTF::RefCountedArray::operator[]):
1879         (Header):
1880         (WTF::RefCountedArray::Header::size):
1881         (WTF::RefCountedArray::Header::payload):
1882         (WTF::RefCountedArray::Header::fromPayload):
1883         * wtf/Platform.h:
1884
1885 2012-02-26  Yusuke Suzuki  <utatane.tea@gmail.com>
1886
1887         StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
1888         https://bugs.webkit.org/show_bug.cgi?id=79571
1889
1890         Reviewed by Gavin Barraclough.
1891
1892         * parser/ASTBuilder.h:
1893         (JSC::ASTBuilder::createGetterOrSetterProperty):
1894         * parser/Parser.cpp:
1895         (JSC::::parseProperty):
1896         * parser/SyntaxChecker.h:
1897         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1898
1899 2012-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1900
1901         Implement fast path for op_new_array in the baseline JIT
1902         https://bugs.webkit.org/show_bug.cgi?id=78612
1903
1904         Reviewed by Filip Pizlo.
1905
1906         heap/CopiedAllocator.h:
1907         (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
1908         * heap/CopiedSpace.h:
1909         (CopiedSpace): Friended the JIT to allow access to isOversize.
1910         (JSC::CopiedSpace::allocator):
1911         * heap/Heap.h:
1912         (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
1913         can use it for simple allocation i.e. when we can just bump the offset without having to 
1914         do anything else.
1915         * jit/JIT.cpp:
1916         (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
1917         we have to bail out because the fast allocation path fails for whatever reason.
1918         * jit/JIT.h:
1919         (JIT):
1920         * jit/JITInlineMethods.h:
1921         (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
1922         allocate generic backing stores. This function is used by emitAllocateJSArray.
1923         (JSC):
1924         (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
1925         more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
1926         it will also be used for emit_op_new_array_buffer.
1927         * jit/JITOpcodes.cpp:
1928         (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
1929         a stub call for oversize arrays.
1930         (JSC):
1931         (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
1932         fail in any way on the fast path.
1933         * runtime/JSArray.cpp:
1934         (JSC):
1935         * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
1936         initialize in the JIT.
1937         (ArrayStorage):
1938         (JSC::ArrayStorage::lengthOffset):
1939         (JSC::ArrayStorage::numValuesInVectorOffset):
1940         (JSC::ArrayStorage::allocBaseOffset):
1941         (JSC::ArrayStorage::vectorOffset):
1942         (JSArray):
1943         (JSC::JSArray::sparseValueMapOffset):
1944         (JSC::JSArray::subclassDataOffset):
1945         (JSC::JSArray::indexBiasOffset):
1946         (JSC):
1947         (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
1948         to being a static function in the JSArray class. This move allows the JIT to call it to 
1949         see what size it should allocate.
1950
1951 2012-02-26  Patrick Gansterer  <paroga@webkit.org>
1952
1953         Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
1954
1955         * interpreter/Interpreter.cpp:
1956         (JSC::getLineNumberForCallFrame):
1957         (JSC::Interpreter::getStackTrace):
1958
1959 2012-02-26  Patrick Gansterer  <paroga@webkit.org>
1960
1961         Unreviewed. Build fix for !ENABLE(JIT) after r108681.
1962
1963         * interpreter/Interpreter.cpp:
1964         (JSC::getLineNumberForCallFrame):
1965
1966 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
1967
1968         LLInt assembly file should be split into 32-bit and 64-bit parts
1969         https://bugs.webkit.org/show_bug.cgi?id=79584
1970
1971         Reviewed by Sam Weinig.
1972         
1973         Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
1974         the ability to include files, and correctly track dependencies: it restricts
1975         the include mechanism to using the same directory as the source file, and uses
1976         the SHA1 hash of all .asm files in that directory as an input hash.
1977
1978         * llint/LLIntOfflineAsmConfig.h:
1979         * llint/LowLevelInterpreter.asm:
1980         * llint/LowLevelInterpreter32_64.asm: Added.
1981             - This is just the entire contents of what was previously LowLevelInterpreter.asm
1982         * llint/LowLevelInterpreter64.asm: Added.
1983         * offlineasm/asm.rb:
1984         * offlineasm/ast.rb:
1985         * offlineasm/generate_offset_extractor.rb:
1986         * offlineasm/parser.rb:
1987         * offlineasm/self_hash.rb:
1988
1989 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
1990
1991         Offlineasm should support X86_64
1992         https://bugs.webkit.org/show_bug.cgi?id=79581
1993
1994         Reviewed by Oliver Hunt.
1995
1996         * llint/LLIntOfflineAsmConfig.h:
1997         * offlineasm/backends.rb:
1998         * offlineasm/instructions.rb:
1999         * offlineasm/settings.rb:
2000         * offlineasm/x86.rb:
2001
2002 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2003
2004         DFG should support activations and nested functions
2005         https://bugs.webkit.org/show_bug.cgi?id=79554
2006
2007         Reviewed by Oliver Hunt.
2008         
2009         Wrote the simplest possible implementation of activations. Big speed-up on
2010         code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
2011         Kraken) because they do not appear to have sufficient coverage over code
2012         that uses activations.
2013
2014         * bytecode/PredictedType.cpp:
2015         (JSC::predictionToString):
2016         (JSC::predictionFromValue):
2017         * bytecode/PredictedType.h:
2018         (JSC):
2019         (JSC::isEmptyPrediction):
2020         * dfg/DFGAbstractState.cpp:
2021         (JSC::DFG::AbstractState::execute):
2022         * dfg/DFGByteCodeParser.cpp:
2023         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2024         (ByteCodeParser):
2025         (JSC::DFG::ByteCodeParser::parseBlock):
2026         (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
2027         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2028         (JSC::DFG::ByteCodeParser::parse):
2029         * dfg/DFGCapabilities.h:
2030         (JSC::DFG::canCompileOpcode):
2031         (JSC::DFG::canInlineOpcode):
2032         * dfg/DFGGraph.h:
2033         (JSC::DFG::Graph::needsActivation):
2034         * dfg/DFGNode.h:
2035         (DFG):
2036         (JSC::DFG::Node::storageAccessDataIndex):
2037         (Node):
2038         (JSC::DFG::Node::hasFunctionDeclIndex):
2039         (JSC::DFG::Node::functionDeclIndex):
2040         (JSC::DFG::Node::hasFunctionExprIndex):
2041         (JSC::DFG::Node::functionExprIndex):
2042         * dfg/DFGOperations.cpp:
2043         * dfg/DFGOperations.h:
2044         * dfg/DFGPredictionPropagationPhase.cpp:
2045         (JSC::DFG::PredictionPropagationPhase::propagate):
2046         * dfg/DFGSpeculativeJIT.cpp:
2047         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
2048         (DFG):
2049         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
2050         * dfg/DFGSpeculativeJIT.h:
2051         (JSC::DFG::SpeculativeJIT::callOperation):
2052         * dfg/DFGSpeculativeJIT32_64.cpp:
2053         (JSC::DFG::SpeculativeJIT::compile):
2054         * dfg/DFGSpeculativeJIT64.cpp:
2055         (JSC::DFG::SpeculativeJIT::compile):
2056
2057 2012-02-25  Benjamin Poulain  <benjamin@webkit.org>
2058
2059         Add an empty skeleton of KURL for WTFURL
2060         https://bugs.webkit.org/show_bug.cgi?id=78990
2061
2062         Reviewed by Adam Barth.
2063
2064         * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
2065         so that can use them in WebCore.
2066
2067 2012-02-25  Filip Pizlo  <fpizlo@apple.com>
2068
2069         Unreviewed, fix build for DFG disabled and LLInt enabled.
2070
2071         * jit/JIT.cpp:
2072         (JSC::JIT::privateCompile):
2073         * llint/LLIntSlowPaths.cpp:
2074         (LLInt):
2075         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2076
2077 2012-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>
2078
2079         Fix the CopiedBlock offset alignment in a cross platform fashion
2080         https://bugs.webkit.org/show_bug.cgi?id=79556
2081
2082         Reviewed by Filip Pizlo.
2083
2084         Replaced m_payload with a payload() method that calculates the offset
2085         of the payload with the proper alignment. This change allows us to 
2086         avoid alignment-related issues in a cross-platform manner.
2087
2088         * heap/CopiedAllocator.h:
2089         (JSC::CopiedAllocator::currentUtilization):
2090         * heap/CopiedBlock.h:
2091         (JSC::CopiedBlock::CopiedBlock):
2092         (JSC::CopiedBlock::payload):
2093         (CopiedBlock):
2094         * heap/CopiedSpace.cpp:
2095         (JSC::CopiedSpace::doneFillingBlock):
2096         * heap/CopiedSpaceInlineMethods.h:
2097         (JSC::CopiedSpace::borrowBlock):
2098         (JSC::CopiedSpace::allocateFromBlock):
2099
2100 2012-02-24  Michael Saboff  <msaboff@apple.com>
2101
2102         Unreviewed, Windows build fix.  Changed signature in export to match
2103         change made in r108858.
2104
2105         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2106
2107 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2108
2109         DFG support for op_new_regexp should be enabled
2110         https://bugs.webkit.org/show_bug.cgi?id=79538
2111
2112         Reviewed by Oliver Hunt.
2113         
2114         No performance change.
2115
2116         * dfg/DFGCapabilities.h:
2117         (JSC::DFG::canCompileOpcode):
2118         * dfg/DFGCommon.h:
2119
2120 2012-02-24  Michael Saboff  <msaboff@apple.com>
2121
2122         ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
2123         https://bugs.webkit.org/show_bug.cgi?id=73728
2124
2125         Reviewed by Gavin Barraclough.
2126
2127         Fixed the mixing of signed and unsigned character indeces in YARR
2128         interpreter.
2129
2130         * runtime/RegExp.cpp:
2131         (JSC::RegExp::match): Added code to check for match longer than 2^31 and
2132         return no match after resetting the offsets.
2133         * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
2134         handling except when matching back references.
2135         (JSC::Yarr::Interpreter::InputStream::readChecked):
2136         (JSC::Yarr::Interpreter::InputStream::checkInput):
2137         (JSC::Yarr::Interpreter::InputStream::uncheckInput):
2138         (JSC::Yarr::Interpreter::InputStream::atStart):
2139         (JSC::Yarr::Interpreter::InputStream::atEnd):
2140         (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
2141         (JSC::Yarr::Interpreter::checkCharacter):
2142         (JSC::Yarr::Interpreter::checkCasedCharacter):
2143         (JSC::Yarr::Interpreter::checkCharacterClass):
2144         (JSC::Yarr::Interpreter::tryConsumeBackReference):
2145         (JSC::Yarr::Interpreter::matchAssertionBOL):
2146         (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
2147         (JSC::Yarr::Interpreter::backtrackPatternCharacter):
2148         (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
2149         (JSC::Yarr::Interpreter::matchCharacterClass):
2150         (JSC::Yarr::Interpreter::backtrackCharacterClass):
2151         (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
2152         (JSC::Yarr::Interpreter::matchDisjunction):
2153         (JSC::Yarr::Interpreter::interpret):
2154         (JSC::Yarr::ByteCompiler::assertionBOL):
2155         (JSC::Yarr::ByteCompiler::assertionEOL):
2156         (JSC::Yarr::ByteCompiler::assertionWordBoundary):
2157         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
2158         (JSC::Yarr::ByteCompiler::atomCharacterClass):
2159         (JSC::Yarr::ByteCompiler::atomBackReference):
2160         (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
2161         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
2162         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
2163         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
2164         (JSC::Yarr::ByteCompiler::emitDisjunction):
2165         * yarr/YarrInterpreter.h:
2166
2167 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2168
2169         Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
2170         enabled.
2171
2172         * llint/LLIntOfflineAsmConfig.h:
2173         * llint/LowLevelInterpreter.asm:
2174
2175 2012-02-24  Filip Pizlo  <fpizlo@apple.com>
2176
2177         DFG should be able to handle variables getting captured
2178         https://bugs.webkit.org/show_bug.cgi?id=79469
2179
2180         Reviewed by Oliver Hunt.
2181         
2182         Made captured variables work by placing a Flush on the SetLocal and
2183         forcing the emission of the GetLocal even if copy propagation tells us
2184         who has the value.
2185         
2186         Changed the CFA and various prediction codes to understand that we can't
2187         really prove anything about captured variables. Well, we could in the
2188         future by just looking at what side effects are happening, but in this
2189         first cut we just assume that we can't reason about captured variables.
2190         
2191         Also added a mode where the DFG pretends that all variables and arguments
2192         got captured. Used this mode to harden the code.
2193         
2194         This is performance neutral. Capturing all variables is a slow down, but
2195         not too big of one. This seems to predict that when we add activation
2196         support, the amount of speed benefit we'll get from increased coverage
2197         will far outweigh the pessimism that we'll have to endure for captured
2198         variables.
2199
2200         * bytecode/CodeType.h:
2201         (JSC::codeTypeToString):
2202         * dfg/DFGAbstractState.cpp:
2203         (JSC::DFG::AbstractState::initialize):
2204         (JSC::DFG::AbstractState::endBasicBlock):
2205         (JSC::DFG::AbstractState::execute):
2206         (JSC::DFG::AbstractState::merge):
2207         * dfg/DFGAbstractState.h:
2208         (AbstractState):
2209         * dfg/DFGByteCodeParser.cpp:
2210         (JSC::DFG::ByteCodeParser::getLocal):
2211         (JSC::DFG::ByteCodeParser::setLocal):
2212         (JSC::DFG::ByteCodeParser::getArgument):
2213         (JSC::DFG::ByteCodeParser::setArgument):
2214         (JSC::DFG::ByteCodeParser::flushArgument):
2215         (JSC::DFG::ByteCodeParser::handleInlining):
2216         (JSC::DFG::ByteCodeParser::processPhiStack):
2217         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2218         (JSC::DFG::ByteCodeParser::parse):
2219         * dfg/DFGCapabilities.h:
2220         (JSC::DFG::mightInlineFunctionForCall):
2221         (JSC::DFG::mightInlineFunctionForConstruct):
2222         * dfg/DFGCommon.h:
2223         * dfg/DFGGraph.h:
2224         (JSC::DFG::Graph::needsActivation):
2225         (Graph):
2226         (JSC::DFG::Graph::argumentIsCaptured):
2227         (JSC::DFG::Graph::localIsCaptured):
2228         (JSC::DFG::Graph::isCaptured):
2229         * dfg/DFGNode.h:
2230         (JSC::DFG::Node::shouldGenerate):
2231         * dfg/DFGPredictionPropagationPhase.cpp:
2232         (JSC::DFG::PredictionPropagationPhase::propagate):
2233         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2234         * dfg/DFGSpeculativeJIT.cpp:
2235         (DFG):
2236         (JSC::DFG::ValueSource::dump):
2237         (JSC::DFG::SpeculativeJIT::compile):
2238         * dfg/DFGSpeculativeJIT.h:
2239         (ValueSource):
2240         * dfg/DFGSpeculativeJIT32_64.cpp:
2241         (JSC::DFG::SpeculativeJIT::compile):
2242         * dfg/DFGSpeculativeJIT64.cpp:
2243         (JSC::DFG::SpeculativeJIT::compile):
2244         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2245         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2246
2247 2012-02-24  Gavin Barraclough  <barraclough@apple.com>
2248
2249         Should not allow malformed \x escapes
2250         https://bugs.webkit.org/show_bug.cgi?id=79462
2251
2252         Reviewed by Oliver Hunt.
2253
2254         * parser/Lexer.cpp:
2255         (JSC::::parseString):
2256         (JSC::::parseStringSlowCase):
2257             - Prohibit malformed '\x' escapes
2258         * tests/mozilla/ecma/Array/15.4.5.1-1.js:
2259         * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
2260         * tests/mozilla/ecma_2/RegExp/hex-001.js:
2261         * tests/mozilla/js1_2/regexp/hexadecimal.js:
2262             - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
2263
2264 2012-02-24  Daniel Bates  <dbates@webkit.org>
2265
2266         Fix change log entry for changeset r108819; add bug URL
2267         https://bugs.webkit.org/show_bug.cgi?id=79504
2268
2269         Changeset r108819 is associated with bug #79504.
2270
2271         * ChangeLog
2272
2273 2012-02-24  Daniel Bates  <dbates@webkit.org>
2274
2275         Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
2276         https://bugs.webkit.org/show_bug.cgi?id=79504
2277
2278         Reviewed by Oliver Hunt.
2279
2280         There are a few places in Interpreter.cpp that need to be updated to use
2281         ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
2282         ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
2283         (https://bugs.webkit.org/show_bug.cgi?id=78791).
2284
2285         * interpreter/Interpreter.cpp:
2286         (JSC::getLineNumberForCallFrame):
2287         (JSC::getCallerInfo):
2288         (JSC::getSourceURLFromCallFrame):
2289
2290 2012-02-24  Adam Roben  <aroben@apple.com>
2291
2292         Undo the BUILDING_WTF part of r108808
2293
2294         This broke the build, which is obviously worse than the linker warning it was trying to
2295         solve.
2296
2297         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2298
2299 2012-02-24  Adam Roben  <aroben@apple.com>
2300
2301         Fix linker warnings on Windows
2302
2303         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
2304         exported via JS_EXPORTDATA.
2305
2306         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
2307         aren't actually building WTF, but we are statically linking it, so we need to define this
2308         symbol so that we export WTF's exports.
2309
2310 2012-02-24  Philippe Normand  <pnormand@igalia.com>
2311
2312         Fix GTK WebAudio build for WebKitGTK 1.7.90.
2313
2314         Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
2315         Rubber-stamped by Philippe Normand.
2316
2317         * GNUmakefile.list.am: Add Complex.h to the list of files so it
2318         gets disted in the tarballs.
2319
2320 2012-02-24  Zoltan Herczeg  <zherczeg@webkit.org>
2321
2322         [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
2323         https://bugs.webkit.org/show_bug.cgi?id=79199
2324
2325         Ruber stamped by Csaba Osztrogonác.
2326
2327         Temporary fix since the new member wastes a little space on
2328         64 bit systems. Although it is harmless, it is only needed
2329         for 32 bit systems.
2330
2331         * heap/CopiedBlock.h:
2332         (CopiedBlock):
2333
2334 2012-02-24  Han Hojong  <hojong.han@samsung.com>
2335
2336         Remove useless jump instructions for short circuit
2337         https://bugs.webkit.org/show_bug.cgi?id=75602
2338
2339         Reviewed by Michael Saboff.
2340
2341         Jump instruction is inserted to make short circuit, 
2342         however it does nothing but moving to the next instruction.
2343         Therefore useless jump instructions are removed, 
2344         and jump list is moved into the case not for a short circuit,
2345         so that only necessary instructions are added to JIT code
2346         unless it has a 16 bit pattern character and an 8 bit string.
2347
2348         * yarr/YarrJIT.cpp:
2349         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
2350         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
2351
2352 2012-02-24  Sheriff Bot  <webkit.review.bot@gmail.com>
2353
2354         Unreviewed, rolling out r108731.
2355         http://trac.webkit.org/changeset/108731
2356         https://bugs.webkit.org/show_bug.cgi?id=79464
2357
2358         Broke Chromium Win tests (Requested by bashi on #webkit).
2359
2360         * wtf/Platform.h:
2361
2362 2012-02-24  Andrew Lo  <anlo@rim.com>
2363
2364         [BlackBerry] Enable requestAnimationFrame
2365         https://bugs.webkit.org/show_bug.cgi?id=79408
2366
2367         Use timer implementation of requestAnimationFrame on BlackBerry.
2368
2369         Reviewed by Rob Buis.
2370
2371         * wtf/Platform.h:
2372
2373 2012-02-24  Mathias Bynens  <mathias@qiwi.be>
2374
2375         `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
2376         https://bugs.webkit.org/show_bug.cgi?id=78908
2377
2378         Add additional checks for zero-width non-joiner (0x200C) and
2379         zero-width joiner (0x200D) characters.
2380
2381         Reviewed by Michael Saboff.
2382
2383         * parser/Lexer.cpp:
2384         (JSC::isNonASCIIIdentPart)
2385         * runtime/LiteralParser.cpp:
2386         (JSC::::Lexer::lexIdentifier)
2387
2388 2012-02-23  Kenichi Ishibashi  <bashi@chromium.org>
2389
2390         Adding WebSocket per-frame DEFLATE extension
2391         https://bugs.webkit.org/show_bug.cgi?id=77522
2392
2393         Added USE(ZLIB) flag.
2394
2395         Reviewed by Kent Tamura.
2396
2397         * wtf/Platform.h:
2398
2399 2012-02-23  Mark Hahnenberg  <mhahnenberg@apple.com>
2400
2401         Zero out CopiedBlocks on initialization
2402         https://bugs.webkit.org/show_bug.cgi?id=79199
2403
2404         Reviewed by Filip Pizlo.
2405
2406         Made CopyBlocks zero their payloads during construction. This allows 
2407         JSArray to avoid having to manually clear its backing store upon allocation
2408         and also alleviates any future pain with regard to the garbage collector trying 
2409         to mark what it thinks are values in what is actually uninitialized memory.
2410
2411         * heap/CopiedBlock.h:
2412         (JSC::CopiedBlock::CopiedBlock):
2413         * runtime/JSArray.cpp:
2414         (JSC::JSArray::finishCreation):
2415         (JSC::JSArray::tryFinishCreationUninitialized):
2416         (JSC::JSArray::increaseVectorLength):
2417         (JSC::JSArray::unshiftCountSlowCase):
2418
2419 2012-02-23  Oliver Hunt  <oliver@apple.com>
2420
2421         Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
2422         https://bugs.webkit.org/show_bug.cgi?id=79407
2423
2424         Reviewed by Gavin Barraclough.
2425
2426         Outside of exception handling, we don't know what our source line number is.  This
2427         change allows us to pass -1 is as the initial line number, and get the correct line
2428         number in the resultant stack trace.  We can't completely elide the initial line
2429         number (yet) due to some idiosyncrasies of the exception handling machinery.
2430
2431         * interpreter/Interpreter.cpp:
2432         (JSC::getLineNumberForCallFrame):
2433         (JSC):
2434         (JSC::Interpreter::getStackTrace):
2435
2436 2012-02-22  Filip Pizlo  <fpizlo@apple.com>
2437
2438         DFG OSR exit value profiling should have graceful handling of local variables and arguments
2439         https://bugs.webkit.org/show_bug.cgi?id=79310
2440
2441         Reviewed by Gavin Barraclough.
2442         
2443         Previously, if we OSR exited because a prediction in a local was wrong, we'd
2444         only realize what the true type of the local was if the regular value profiling
2445         kicked in and told us. Unless the local was block-locally copy propagated, in
2446         which case we'd know from an OSR exit profile.
2447         
2448         This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
2449         exit because of a mispredicted local or argument type, we'll know what the type of
2450         the local or argument should be immediately upon exiting.
2451         
2452         The way that local variable OSR exit profiling works is that we now have a lazily
2453         added set of OSR-exit-only value profiles for exit sites that are BadType and that
2454         cited a GetLocal as their value source. The value profiles are only added if the
2455         OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
2456         operand. The look-up is performed by querying the
2457         CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
2458         the bytecode index and the operand. Because the value profiles are added at random
2459         times, they are not sorted; instead they are just stored in an arbitrarily-ordered
2460         SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
2461         creates a LazyOperandValueProfileParser, which turns the
2462         CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
2463         of DFG parsing.
2464         
2465         Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
2466         into which values observed during OSR exit would be placed. Now it uses a lazy
2467         thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
2468         either contain a ValueProfile inside it (which works for previous uses of OSR exit
2469         profiling) or it may just have knowledge of how to go about creating the
2470         LazyOperandValueProfile in the case that the OSR exit is actually taken. This
2471         ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
2472         value profiling buckets unless we actually did OSR exit on every single operand,
2473         in every single instruction, in each code block (that's probably unlikely).
2474         
2475         This appears to be neutral on the major benchmarks, but is a double-digit speed-up
2476         on code deliberately written to have data flow that spans basic blocks and where
2477         the code exhibits post-optimization polymorphism in a local variable.
2478
2479         * CMakeLists.txt:
2480         * GNUmakefile.list.am:
2481         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2482         * JavaScriptCore.xcodeproj/project.pbxproj:
2483         * Target.pri:
2484         * bytecode/CodeBlock.cpp:
2485         (JSC::CodeBlock::stronglyVisitStrongReferences):
2486         * bytecode/CodeBlock.h:
2487         (CodeBlock):
2488         (JSC::CodeBlock::lazyOperandValueProfiles):
2489         * bytecode/LazyOperandValueProfile.cpp: Added.
2490         (JSC):
2491         (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
2492         (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
2493         (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
2494         (JSC::CompressedLazyOperandValueProfileHolder::add):
2495         (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
2496         (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
2497         (JSC::LazyOperandValueProfileParser::getIfPresent):
2498         (JSC::LazyOperandValueProfileParser::prediction):
2499         * bytecode/LazyOperandValueProfile.h: Added.
2500         (JSC):
2501         (LazyOperandValueProfileKey):
2502         (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
2503         (JSC::LazyOperandValueProfileKey::operator!):
2504         (JSC::LazyOperandValueProfileKey::operator==):
2505         (JSC::LazyOperandValueProfileKey::hash):
2506         (JSC::LazyOperandValueProfileKey::bytecodeOffset):
2507         (JSC::LazyOperandValueProfileKey::operand):
2508         (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
2509         (JSC::LazyOperandValueProfileKeyHash::hash):
2510         (JSC::LazyOperandValueProfileKeyHash::equal):
2511         (LazyOperandValueProfileKeyHash):
2512         (WTF):
2513         (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
2514         (LazyOperandValueProfile):
2515         (JSC::LazyOperandValueProfile::key):
2516         (CompressedLazyOperandValueProfileHolder):
2517         (LazyOperandValueProfileParser):
2518         * bytecode/MethodOfGettingAValueProfile.cpp: Added.
2519         (JSC):
2520         (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
2521         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
2522         * bytecode/MethodOfGettingAValueProfile.h: Added.
2523         (JSC):
2524         (MethodOfGettingAValueProfile):
2525         (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
2526         (JSC::MethodOfGettingAValueProfile::operator!):
2527         * bytecode/ValueProfile.cpp: Removed.
2528         * bytecode/ValueProfile.h:
2529         (JSC):
2530         (ValueProfileBase):
2531         (JSC::ValueProfileBase::ValueProfileBase):
2532         (JSC::ValueProfileBase::dump):
2533         (JSC::ValueProfileBase::computeUpdatedPrediction):
2534         (JSC::MinimalValueProfile::MinimalValueProfile):
2535         (ValueProfileWithLogNumberOfBuckets):
2536         (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
2537         (JSC::ValueProfile::ValueProfile):
2538         (JSC::getValueProfileBytecodeOffset):
2539         (JSC::getRareCaseProfileBytecodeOffset):
2540         * dfg/DFGByteCodeParser.cpp:
2541         (ByteCodeParser):
2542         (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
2543         (JSC::DFG::ByteCodeParser::getLocal):
2544         (JSC::DFG::ByteCodeParser::getArgument):
2545         (InlineStackEntry):
2546         (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
2547         (DFG):
2548         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2549         (JSC::DFG::ByteCodeParser::parse):
2550         * dfg/DFGDriver.cpp:
2551         (JSC::DFG::compile):
2552         * dfg/DFGGraph.h:
2553         (JSC::DFG::Graph::valueProfileFor):
2554         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2555         (Graph):
2556         * dfg/DFGNode.h:
2557         (Node):
2558         * dfg/DFGOSRExit.cpp:
2559         (JSC::DFG::OSRExit::OSRExit):
2560         * dfg/DFGOSRExit.h:
2561         (OSRExit):
2562         * dfg/DFGOSRExitCompiler32_64.cpp:
2563         (JSC::DFG::OSRExitCompiler::compileExit):
2564         * dfg/DFGOSRExitCompiler64.cpp:
2565         (JSC::DFG::OSRExitCompiler::compileExit):
2566         * dfg/DFGPhase.cpp:
2567         (JSC::DFG::Phase::beginPhase):
2568         (JSC::DFG::Phase::endPhase):
2569         * dfg/DFGSpeculativeJIT.cpp:
2570         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2571         * dfg/DFGSpeculativeJIT.h:
2572         (JSC::DFG::SpeculativeJIT::speculationCheck):
2573         * dfg/DFGVariableAccessData.h:
2574         (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
2575         (VariableAccessData):
2576
2577 2012-02-23  Filip Pizlo  <fpizlo@apple.com>
2578
2579         Build fix.
2580
2581         * llint/LLIntOffsetsExtractor.cpp:
2582
2583 2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
2584
2585         [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
2586
2587         * llint/LLIntOffsetsExtractor.cpp:
2588         * wtf/Platform.h:
2589
2590 2012-02-23  Kevin Ollivier  <kevino@theolliviers.com>
2591
2592         [wx] Build fix for non-Mac wx builds.
2593
2594         * runtime/DatePrototype.cpp:
2595
2596 2012-02-22  Filip Pizlo  <fpizlo@apple.com>
2597
2598         DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
2599         https://bugs.webkit.org/show_bug.cgi?id=79334
2600
2601         Reviewed by Oliver Hunt.
2602
2603         * dfg/DFGByteCodeParser.cpp:
2604         (JSC::DFG::ByteCodeParser::getLocal):
2605         (JSC::DFG::ByteCodeParser::getArgument):
2606         (JSC::DFG::ByteCodeParser::flush):
2607
2608 2012-02-23  Gavin Barraclough  <barraclough@apple.com>
2609
2610         Object.isSealed / Object.isFrozen don't work for native objects
2611         https://bugs.webkit.org/show_bug.cgi?id=79331
2612
2613         Reviewed by Sam Weinig.
2614
2615         Need to inspect all properties, including static ones.
2616         This exposes a couple of bugs in Array & Arguments:
2617             - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
2618             - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
2619
2620         * runtime/Arguments.cpp:
2621         (JSC::Arguments::defineOwnProperty):
2622             - Add handling for callee/caller/length.
2623         * runtime/JSArray.cpp:
2624         (JSC::JSArray::getOwnPropertyDescriptor):
2625             - report length's writability correctly.
2626         * runtime/ObjectConstructor.cpp:
2627         (JSC::objectConstructorSeal):
2628         (JSC::objectConstructorFreeze):
2629         (JSC::objectConstructorIsSealed):
2630         (JSC::objectConstructorIsFrozen):
2631             - Add spec-based implementation for non-final objects.
2632
2633 2012-02-23  Gavin Barraclough  <barraclough@apple.com>
2634
2635         pop of array hole should get from the prototype chain
2636         https://bugs.webkit.org/show_bug.cgi?id=79338
2637
2638         Reviewed by Sam Weinig.
2639
2640         * runtime/JSArray.cpp:
2641         (JSC::JSArray::pop):
2642             - If the fast fast vector case fails, more closely follow the spec.
2643
2644 2012-02-23  Yong Li  <yoli@rim.com>
2645
2646         JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
2647         https://bugs.webkit.org/show_bug.cgi?id=79268
2648
2649         Reviewed by Michael Saboff.
2650
2651         resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
2652         after it fails to allocate a buffer for m_value. So outOfMemory() should assert
2653         isRope() rather than !isRope().
2654
2655         * runtime/JSString.cpp:
2656         (JSC::JSString::outOfMemory):
2657
2658 2012-02-23  Patrick Gansterer  <paroga@webkit.org>
2659
2660         [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
2661         https://bugs.webkit.org/show_bug.cgi?id=79371
2662
2663         Reviewed by Daniel Bates.
2664
2665         * CMakeLists.txt:
2666         * shell/CMakeLists.txt:
2667         * wtf/CMakeLists.txt:
2668
2669 2012-02-23  Aron Rosenberg  <arosenberg@logitech.com>
2670
2671         Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
2672         https://bugs.webkit.org/show_bug.cgi?id=76210
2673
2674         Add compile time check for Visual Studio 2005 or newer.
2675
2676         Reviewed by Simon Hausmann.
2677
2678         * os-win32/inttypes.h:
2679
2680 2012-02-22  Gavin Barraclough  <barraclough@apple.com>
2681
2682         Implement [[DefineOwnProperty]] for the arguments object
2683         https://bugs.webkit.org/show_bug.cgi?id=79309
2684
2685         Reviewed by Sam Weinig.
2686
2687         * runtime/Arguments.cpp:
2688         (JSC::Arguments::deletePropertyByIndex):
2689         (JSC::Arguments::deleteProperty):
2690             - Deleting an argument should also delete the copy on the object, if any.
2691         (JSC::Arguments::defineOwnProperty):
2692             - Defining a property may override the live mapping.
2693         * runtime/Arguments.h:
2694         (Arguments):
2695
2696 2012-02-22  Gavin Barraclough  <barraclough@apple.com>
2697
2698         Fix Object.freeze for non-final objects.
2699         https://bugs.webkit.org/show_bug.cgi?id=79286
2700
2701         Reviewed by Oliver Hunt.
2702
2703         For vanilla objects we implement this with a single transition, for objects
2704         with special properties we should just follow the spec defined algorithm.
2705
2706         * runtime/JSArray.cpp:
2707         (JSC::SparseArrayValueMap::put):
2708             - this does need to handle inextensible objects.
2709         * runtime/ObjectConstructor.cpp:
2710         (JSC::objectConstructorSeal):
2711         (JSC::objectConstructorFreeze):
2712             - Implement spec defined algorithm for non-final objects.
2713         * runtime/Structure.cpp:
2714         (JSC::Structure::Structure):
2715         (JSC::Structure::freezeTransition):
2716             - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
2717         * runtime/Structure.h:
2718         (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
2719         (JSC::Structure::setHasGetterSetterProperties):
2720         (JSC::Structure::setContainsReadOnlyProperties):
2721         (Structure):
2722             - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
2723
2724 2012-02-22  Mark Hahnenberg  <mhahnenberg@apple.com>
2725
2726         Allocations from CopiedBlocks should always be 8-byte aligned
2727         https://bugs.webkit.org/show_bug.cgi?id=79271
2728
2729         Reviewed by Geoffrey Garen.
2730
2731         * heap/CopiedAllocator.h:
2732         (JSC::CopiedAllocator::allocate):
2733         * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always 
2734         guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
2735         (CopiedBlock):
2736         * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
2737         (JSC::CopiedSpace::tryAllocateOversize):
2738         (JSC::CopiedSpace::getFreshBlock):
2739         * heap/CopiedSpaceInlineMethods.h:
2740         (JSC::CopiedSpace::allocateFromBlock):
2741         * runtime/JSArray.h:
2742         (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte 
2743         aligned on both 64- and 32-bit platforms.
2744         * wtf/StdLibExtras.h:
2745         (WTF::is8ByteAligned): Added new utility function that functions similarly to the 
2746         way isPointerAligned does, but it just always checks for 8 byte alignment.
2747         (WTF):
2748
2749 2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2750
2751         Unreviewed, rolling out r108456.
2752         http://trac.webkit.org/changeset/108456
2753         https://bugs.webkit.org/show_bug.cgi?id=79223
2754
2755         Broke fast/regex/pcre-test-4.html and cannot find anyone on
2756         IRC (Requested by zherczeg on #webkit).
2757
2758         * yarr/YarrJIT.cpp:
2759         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
2760
2761 2012-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
2762
2763         Unreviewed, rolling out r108468.
2764         http://trac.webkit.org/changeset/108468
2765         https://bugs.webkit.org/show_bug.cgi?id=79219
2766
2767         Broke Chromium Win release build (Requested by bashi on
2768         #webkit).
2769
2770         * wtf/Platform.h:
2771
2772 2012-02-22  Kenichi Ishibashi  <bashi@chromium.org>
2773
2774         Adding WebSocket per-frame DEFLATE extension
2775         https://bugs.webkit.org/show_bug.cgi?id=77522
2776
2777         Added USE(ZLIB) flag.
2778
2779         Reviewed by Kent Tamura.
2780
2781         * wtf/Platform.h:
2782
2783 2012-02-22  Hojong Han  <hojong.han@samsung.com>
2784
2785         Short circuit fixed for a 16 bt pattern character and an 8 bit string.
2786         https://bugs.webkit.org/show_bug.cgi?id=75602
2787
2788         Reviewed by Gavin Barraclough.
2789
2790         * yarr/YarrJIT.cpp:
2791         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
2792
2793 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
2794
2795         Build fix for systems with case sensitive disks.
2796
2797         * llint/LLIntOfflineAsmConfig.h:
2798
2799 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
2800
2801         JSC should be a triple-tier VM
2802         https://bugs.webkit.org/show_bug.cgi?id=75812
2803         <rdar://problem/10079694>
2804
2805         Reviewed by Gavin Barraclough.
2806         
2807         Implemented an interpreter that uses the JIT's calling convention. This
2808         interpreter is called LLInt, or the Low Level Interpreter. JSC will now
2809         will start by executing code in LLInt and will only tier up to the old
2810         JIT after the code is proven hot.
2811         
2812         LLInt is written in a modified form of our macro assembly. This new macro
2813         assembly is compiled by an offline assembler (see offlineasm), which
2814         implements many modern conveniences such as a Turing-complete CPS-based
2815         macro language and direct access to relevant C++ type information
2816         (basically offsets of fields and sizes of structs/classes).
2817         
2818         Code executing in LLInt appears to the rest of the JSC world "as if" it
2819         were executing in the old JIT. Hence, things like exception handling and
2820         cross-execution-engine calls just work and require pretty much no
2821         additional overhead.
2822         
2823         This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
2824         V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
2825         V8, and Kraken, but appear to get a double-digit improvement on real-world
2826         websites due to a huge reduction in the amount of JIT'ing.
2827         
2828         * CMakeLists.txt:
2829         * GNUmakefile.am:
2830         * GNUmakefile.list.am:
2831         * JavaScriptCore.pri:
2832         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2833         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2834         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2835         * JavaScriptCore.xcodeproj/project.pbxproj:
2836         * Target.pri:
2837         * assembler/LinkBuffer.h:
2838         * assembler/MacroAssemblerCodeRef.h:
2839         (MacroAssemblerCodePtr):
2840         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
2841         * bytecode/BytecodeConventions.h: Added.
2842         * bytecode/CallLinkStatus.cpp:
2843         (JSC::CallLinkStatus::computeFromLLInt):
2844         (JSC):
2845         (JSC::CallLinkStatus::computeFor):
2846         * bytecode/CallLinkStatus.h:
2847         (JSC::CallLinkStatus::isSet):
2848         (JSC::CallLinkStatus::operator!):
2849         (CallLinkStatus):
2850         * bytecode/CodeBlock.cpp:
2851         (JSC::CodeBlock::dump):
2852         (JSC::CodeBlock::CodeBlock):
2853         (JSC::CodeBlock::~CodeBlock):
2854         (JSC::CodeBlock::finalizeUnconditionally):
2855         (JSC::CodeBlock::stronglyVisitStrongReferences):
2856         (JSC):
2857         (JSC::CodeBlock::unlinkCalls):
2858         (JSC::CodeBlock::unlinkIncomingCalls):
2859         (JSC::CodeBlock::bytecodeOffset):
2860         (JSC::ProgramCodeBlock::jettison):
2861         (JSC::EvalCodeBlock::jettison):
2862         (JSC::FunctionCodeBlock::jettison):
2863         (JSC::ProgramCodeBlock::jitCompileImpl):
2864         (JSC::EvalCodeBlock::jitCompileImpl):
2865         (JSC::FunctionCodeBlock::jitCompileImpl):
2866         * bytecode/CodeBlock.h:
2867         (JSC):
2868         (CodeBlock):
2869         (JSC::CodeBlock::baselineVersion):
2870         (JSC::CodeBlock::linkIncomingCall):
2871         (JSC::CodeBlock::bytecodeOffset):
2872         (JSC::CodeBlock::jitCompile):
2873         (JSC::CodeBlock::hasOptimizedReplacement):
2874         (JSC::CodeBlock::addPropertyAccessInstruction):
2875         (JSC::CodeBlock::addGlobalResolveInstruction):
2876         (JSC::CodeBlock::addLLIntCallLinkInfo):
2877         (JSC::CodeBlock::addGlobalResolveInfo):
2878         (JSC::CodeBlock::numberOfMethodCallLinkInfos):
2879         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
2880         (JSC::CodeBlock::likelyToTakeSlowCase):
2881         (JSC::CodeBlock::couldTakeSlowCase):
2882         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
2883         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
2884         (JSC::CodeBlock::likelyToTakeAnySlowCase):
2885         (JSC::CodeBlock::addFrequentExitSite):
2886         (JSC::CodeBlock::dontJITAnytimeSoon):
2887         (JSC::CodeBlock::jitAfterWarmUp):
2888         (JSC::CodeBlock::jitSoon):
2889         (JSC::CodeBlock::llintExecuteCounter):
2890         (ProgramCodeBlock):
2891         (EvalCodeBlock):
2892         (FunctionCodeBlock):
2893         * bytecode/GetByIdStatus.cpp:
2894         (JSC::GetByIdStatus::computeFromLLInt):
2895         (JSC):
2896         (JSC::GetByIdStatus::computeFor):
2897         * bytecode/GetByIdStatus.h:
2898         (JSC::GetByIdStatus::GetByIdStatus):
2899         (JSC::GetByIdStatus::wasSeenInJIT):
2900         (GetByIdStatus):
2901         * bytecode/Instruction.h:
2902         (JSC):
2903         (JSC::Instruction::Instruction):
2904         (Instruction):
2905         * bytecode/LLIntCallLinkInfo.h: Added.
2906         (JSC):
2907         (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
2908         (LLIntCallLinkInfo):
2909         (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
2910         (JSC::LLIntCallLinkInfo::isLinked):
2911         (JSC::LLIntCallLinkInfo::unlink):
2912         * bytecode/MethodCallLinkStatus.cpp:
2913         (JSC::MethodCallLinkStatus::computeFor):
2914         * bytecode/Opcode.cpp:
2915         (JSC):
2916         * bytecode/Opcode.h:
2917         (JSC):
2918         (JSC::padOpcodeName):
2919         * bytecode/PutByIdStatus.cpp:
2920         (JSC::PutByIdStatus::computeFromLLInt):
2921         (JSC):
2922         (JSC::PutByIdStatus::computeFor):
2923         * bytecode/PutByIdStatus.h:
2924         (PutByIdStatus):
2925         * bytecompiler/BytecodeGenerator.cpp:
2926         (JSC::BytecodeGenerator::emitResolve):
2927         (JSC::BytecodeGenerator::emitResolveWithBase):
2928         (JSC::BytecodeGenerator::emitGetById):
2929         (JSC::BytecodeGenerator::emitPutById):
2930         (JSC::BytecodeGenerator::emitDirectPutById):
2931         (JSC::BytecodeGenerator::emitCall):
2932         (JSC::BytecodeGenerator::emitConstruct):
2933         (JSC::BytecodeGenerator::emitCatch):
2934         * dfg/DFGByteCodeParser.cpp:
2935         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2936         (JSC::DFG::ByteCodeParser::handleInlining):
2937         (JSC::DFG::ByteCodeParser::parseBlock):
2938         * dfg/DFGCapabilities.h:
2939         (JSC::DFG::canCompileOpcode):
2940         * dfg/DFGOSRExitCompiler.cpp:
2941         * dfg/DFGOperations.cpp:
2942         * heap/Heap.h:
2943         (JSC):
2944         (JSC::Heap::firstAllocatorWithoutDestructors):
2945         (Heap):
2946         * heap/MarkStack.cpp:
2947         (JSC::visitChildren):
2948         * heap/MarkedAllocator.h:
2949         (JSC):
2950         (MarkedAllocator):
2951         * heap/MarkedSpace.h:
2952         (JSC):
2953         (MarkedSpace):
2954         (JSC::MarkedSpace::firstAllocator):
2955         * interpreter/CallFrame.cpp:
2956         (JSC):
2957         (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
2958         (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
2959         (JSC::CallFrame::currentVPC):
2960         (JSC::CallFrame::setCurrentVPC):
2961         (JSC::CallFrame::trueCallerFrame):
2962         * interpreter/CallFrame.h:
2963         (JSC::ExecState::hasReturnPC):
2964         (JSC::ExecState::clearReturnPC):
2965         (ExecState):
2966         (JSC::ExecState::bytecodeOffsetForNonDFGCode):
2967         (JSC::ExecState::currentVPC):
2968         (JSC::ExecState::setCurrentVPC):
2969         * interpreter/Interpreter.cpp:
2970         (JSC::Interpreter::Interpreter):
2971         (JSC::Interpreter::~Interpreter):
2972         (JSC):
2973         (JSC::Interpreter::initialize):
2974         (JSC::Interpreter::isOpcode):
2975         (JSC::Interpreter::unwindCallFrame):
2976         (JSC::getCallerInfo):
2977         (JSC::Interpreter::privateExecute):
2978         (JSC::Interpreter::retrieveLastCaller):
2979         * interpreter/Interpreter.h:
2980         (JSC):
2981         (Interpreter):
2982         (JSC::Interpreter::getOpcode):
2983         (JSC::Interpreter::getOpcodeID):
2984         (JSC::Interpreter::classicEnabled):
2985         * interpreter/RegisterFile.h:
2986         (JSC):
2987         (RegisterFile):
2988         * jit/ExecutableAllocator.h:
2989         (JSC):
2990         * jit/HostCallReturnValue.cpp: Added.
2991         (JSC):
2992         (JSC::getHostCallReturnValueWithExecState):
2993         * jit/HostCallReturnValue.h: Added.
2994         (JSC):
2995         (JSC::initializeHostCallReturnValue):
2996         * jit/JIT.cpp:
2997         (JSC::JIT::privateCompileMainPass):
2998         (JSC::JIT::privateCompileSlowCases):
2999         (JSC::JIT::privateCompile):
3000         * jit/JITCode.h:
3001         (JSC::JITCode::isOptimizingJIT):
3002         (JITCode):
3003         (JSC::JITCode::isBaselineCode):
3004         (JSC::JITCode::JITCode):
3005         * jit/JITDriver.h:
3006         (JSC::jitCompileIfAppropriate):
3007         (JSC::jitCompileFunctionIfAppropriate):
3008         * jit/JITExceptions.cpp:
3009         (JSC::jitThrow):
3010         * jit/JITInlineMethods.h:
3011         (JSC::JIT::updateTopCallFrame):
3012         * jit/JITStubs.cpp:
3013         (JSC::DEFINE_STUB_FUNCTION):
3014         (JSC):
3015         * jit/JITStubs.h:
3016         (JSC):
3017         * jit/JSInterfaceJIT.h:
3018         * llint: Added.
3019         * llint/LLIntCommon.h: Added.
3020         * llint/LLIntData.cpp: Added.
3021         (LLInt):
3022         (JSC::LLInt::Data::Data):
3023         (JSC::LLInt::Data::performAssertions):
3024         (JSC::LLInt::Data::~Data):
3025         * llint/LLIntData.h: Added.
3026         (JSC):
3027         (LLInt):
3028         (Data):
3029         (JSC::LLInt::Data::exceptionInstructions):
3030         (JSC::LLInt::Data::opcodeMap):
3031         (JSC::LLInt::Data::performAssertions):
3032         * llint/LLIntEntrypoints.cpp: Added.
3033         (LLInt):
3034         (JSC::LLInt::getFunctionEntrypoint):
3035         (JSC::LLInt::getEvalEntrypoint):
3036         (JSC::LLInt::getProgramEntrypoint):
3037         * llint/LLIntEntrypoints.h: Added.
3038         (JSC):
3039         (LLInt):
3040         (JSC::LLInt::getEntrypoint):
3041         * llint/LLIntExceptions.cpp: Added.
3042         (LLInt):
3043         (JSC::LLInt::interpreterThrowInCaller):
3044         (JSC::LLInt::returnToThrowForThrownException):
3045         (JSC::LLInt::returnToThrow):
3046         (JSC::LLInt::callToThrow):
3047         * llint/LLIntExceptions.h: Added.
3048         (JSC):
3049         (LLInt):
3050         * llint/LLIntOfflineAsmConfig.h: Added.
3051         * llint/LLIntOffsetsExtractor.cpp: Added.
3052         (JSC):
3053         (LLIntOffsetsExtractor):
3054         (JSC::LLIntOffsetsExtractor::dummy):
3055         (main):
3056         * llint/LLIntSlowPaths.cpp: Added.
3057         (LLInt):
3058         (JSC::LLInt::llint_trace_operand):
3059         (JSC::LLInt::llint_trace_value):
3060         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3061         (JSC::LLInt::traceFunctionPrologue):
3062         (JSC::LLInt::shouldJIT):
3063         (JSC::LLInt::entryOSR):
3064         (JSC::LLInt::resolveGlobal):
3065         (JSC::LLInt::getByVal):
3066         (JSC::LLInt::handleHostCall):
3067         (JSC::LLInt::setUpCall):
3068         (JSC::LLInt::genericCall):
3069         * llint/LLIntSlowPaths.h: Added.
3070         (JSC):
3071         (LLInt):
3072         * llint/LLIntThunks.cpp: Added.
3073         (LLInt):
3074         (JSC::LLInt::generateThunkWithJumpTo):
3075         (JSC::LLInt::functionForCallEntryThunkGenerator):
3076         (JSC::LLInt::functionForConstructEntryThunkGenerator):
3077         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
3078         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
3079         (JSC::LLInt::evalEntryThunkGenerator):
3080         (JSC::LLInt::programEntryThunkGenerator):
3081         * llint/LLIntThunks.h: Added.
3082         (JSC):
3083         (LLInt):
3084         * llint/LowLevelInterpreter.asm: Added.
3085         * llint/LowLevelInterpreter.cpp: Added.
3086         * llint/LowLevelInterpreter.h: Added.
3087         * offlineasm: Added.
3088         * offlineasm/armv7.rb: Added.
3089         * offlineasm/asm.rb: Added.
3090         * offlineasm/ast.rb: Added.
3091         * offlineasm/backends.rb: Added.
3092         * offlineasm/generate_offset_extractor.rb: Added.
3093         * offlineasm/instructions.rb: Added.
3094         * offlineasm/offset_extractor_constants.rb: Added.
3095         * offlineasm/offsets.rb: Added.
3096         * offlineasm/opt.rb: Added.
3097         * offlineasm/parser.rb: Added.
3098         * offlineasm/registers.rb: Added.
3099         * offlineasm/self_hash.rb: Added.
3100         * offlineasm/settings.rb: Added.
3101         * offlineasm/transform.rb: Added.
3102         * offlineasm/x86.rb: Added.
3103         * runtime/CodeSpecializationKind.h: Added.
3104         (JSC):
3105         * runtime/CommonSlowPaths.h:
3106         (JSC::CommonSlowPaths::arityCheckFor):
3107         (CommonSlowPaths):
3108         * runtime/Executable.cpp:
3109         (JSC::jettisonCodeBlock):
3110         (JSC):
3111         (JSC::EvalExecutable::jitCompile):
3112         (JSC::samplingDescription):
3113         (JSC::EvalExecutable::compileInternal):
3114         (JSC::ProgramExecutable::jitCompile):
3115         (JSC::ProgramExecutable::compileInternal):
3116         (JSC::FunctionExecutable::baselineCodeBlockFor):
3117         (JSC::FunctionExecutable::jitCompileForCall):
3118         (JSC::FunctionExecutable::jitCompileForConstruct):
3119         (JSC::FunctionExecutable::compileForCallInternal):
3120         (JSC::FunctionExecutable::compileForConstructInternal):
3121         * runtime/Executable.h:
3122         (JSC):
3123         (EvalExecutable):
3124         (ProgramExecutable):
3125         (FunctionExecutable):
3126         (JSC::FunctionExecutable::jitCompileFor):
3127         * runtime/ExecutionHarness.h: Added.
3128         (JSC):
3129         (JSC::prepareForExecution):
3130         (JSC::prepareFunctionForExecution):
3131         * runtime/JSArray.h:
3132         (JSC):
3133         (JSArray):
3134         * runtime/JSCell.h:
3135         (JSC):
3136         (JSCell):
3137         * runtime/JSFunction.h:
3138         (JSC):
3139         (JSFunction):
3140         * runtime/JSGlobalData.cpp:
3141         (JSC::JSGlobalData::JSGlobalData):
3142         * runtime/JSGlobalData.h:
3143         (JSC):
3144         (JSGlobalData):
3145         * runtime/JSGlobalObject.h:
3146         (JSC):
3147         (JSGlobalObject):
3148         * runtime/JSObject.h:
3149         (JSC):
3150         (JSObject):
3151         (JSFinalObject):
3152         * runtime/JSPropertyNameIterator.h:
3153         (JSC):
3154         (JSPropertyNameIterator):
3155         * runtime/JSString.h:
3156         (JSC):
3157         (JSString):
3158         * runtime/JSTypeInfo.h:
3159         (JSC):
3160         (TypeInfo):
3161         * runtime/JSValue.cpp:
3162         (JSC::JSValue::description):
3163         * runtime/JSValue.h:
3164         (LLInt):
3165         (JSValue):
3166         * runtime/JSVariableObject.h:
3167         (JSC):
3168         (JSVariableObject):
3169         * runtime/Options.cpp:
3170         (Options):
3171         (JSC::Options::initializeOptions):
3172         * runtime/Options.h:
3173         (Options):
3174         * runtime/ScopeChain.h:
3175         (JSC):
3176         (ScopeChainNode):
3177         * runtime/Structure.cpp:
3178         (JSC::Structure::addPropertyTransition):
3179         * runtime/Structure.h:
3180         (JSC):
3181         (Structure):
3182         * runtime/StructureChain.h:
3183         (JSC):
3184         (StructureChain):
3185         * wtf/InlineASM.h:
3186         * wtf/Platform.h:
3187         * wtf/SentinelLinkedList.h:
3188         (SentinelLinkedList):
3189         (WTF::SentinelLinkedList::isEmpty):
3190         * wtf/text/StringImpl.h:
3191         (JSC):
3192         (StringImpl):
3193
3194 2012-02-21  Oliver Hunt  <oliver@apple.com>
3195
3196         Unbreak double-typed arrays on ARMv7
3197         https://bugs.webkit.org/show_bug.cgi?id=79177
3198
3199         Reviewed by Gavin Barraclough.
3200
3201         The existing code had completely broken address arithmetic.
3202
3203         * JSCTypedArrayStubs.h:
3204         (JSC):
3205         * assembler/MacroAssemblerARMv7.h:
3206         (JSC::MacroAssemblerARMv7::storeDouble):
3207         (JSC::MacroAssemblerARMv7::storeFloat):
3208
3209 2012-02-21  Gavin Barraclough  <barraclough@apple.com>
3210
3211         Should be able to reconfigure a non-configurable property as read-only
3212         https://bugs.webkit.org/show_bug.cgi?id=79170
3213
3214         Reviewed by Sam Weinig.
3215
3216         See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
3217         but does not inhibit making a writable property read-only.
3218
3219         * runtime/JSGlobalData.cpp:
3220         (JSC::JSGlobalData::JSGlobalData):
3221         * runtime/JSGlobalData.h:
3222         (JSC::JSGlobalData::setInDefineOwnProperty):
3223         (JSGlobalData):
3224         (JSC::JSGlobalData::isInDefineOwnProperty):
3225             - Added flag, tracking whether we are in JSObject::defineOwnProperty.
3226         * runtime/JSObject.cpp:
3227         (JSC::JSObject::deleteProperty):
3228         (DefineOwnPropertyScope):
3229             - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
3230         (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
3231         (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
3232             - Added RAII helper.
3233         (JSC::JSObject::defineOwnProperty):
3234             - Track on the globalData when we are in this method.
3235
3236 2012-02-21  Oliver Hunt  <oliver@apple.com>
3237
3238         Make TypedArrays be available in commandline jsc
3239         https://bugs.webkit.org/show_bug.cgi?id=79163
3240
3241         Reviewed by Gavin Barraclough.
3242
3243         Adds a compile time option to have jsc support a basic implementation
3244         of the TypedArrays available in WebCore.  This lets us test the typed
3245         array logic in the JIT witout having to build webcore.
3246
3247         * JSCTypedArrayStubs.h: Added.
3248         (JSC):
3249         * JavaScriptCore.xcodeproj/project.pbxproj:
3250         * jsc.cpp:
3251         (GlobalObject::finishCreation):
3252         (GlobalObject):
3253         (GlobalObject::addConstructableFunction):
3254         * runtime/JSGlobalData.h:
3255         (JSGlobalData):
3256
3257 2012-02-21  Tom Sepez  <tsepez@chromium.org>
3258
3259         equalIgnoringNullity() only comparing half the bytes for equality
3260         https://bugs.webkit.org/show_bug.cgi?id=79135
3261
3262         Reviewed by Adam Barth.
3263
3264         * wtf/text/StringImpl.h:
3265         (WTF::equalIgnoringNullity):
3266
3267 2012-02-21  Roland Takacs  <takacs.roland@stud.u-szeged.hu>
3268
3269         Unnecessary preprocessor macros in MainThread.h/cpp
3270         https://bugs.webkit.org/show_bug.cgi?id=79083
3271
3272         Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.
3273
3274         * wtf/MainThread.cpp:
3275         (WTF):
3276         * wtf/MainThread.h:
3277         (WTF):
3278
3279 2012-02-21  Sam Weinig  <sam@webkit.org>
3280
3281         Attempt to fix the Snow Leopard build.
3282
3283         * Configurations/Base.xcconfig:
3284
3285 2012-02-21  Sam Weinig  <sam@webkit.org>
3286
3287         Use libc++ when building with Clang on Mac
3288         https://bugs.webkit.org/show_bug.cgi?id=78981
3289
3290         Reviewed by Dan Bernstein.
3291
3292         * Configurations/Base.xcconfig:
3293
3294 2012-02-21  Adam Roben  <aroben@apple.com>
3295
3296         Roll out r108309, r108323, and r108326
3297
3298         They broke the 32-bit Lion build.
3299
3300         Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
3301
3302         * CMakeLists.txt:
3303         * GNUmakefile.am:
3304         * GNUmakefile.list.am:
3305         * JavaScriptCore.pri:
3306         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3307         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3308         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3309         * JavaScriptCore.xcodeproj/project.pbxproj:
3310         * Target.pri:
3311         * assembler/LinkBuffer.h:
3312         * assembler/MacroAssemblerCodeRef.h:
3313         * bytecode/BytecodeConventions.h: Removed.
3314         * bytecode/CallLinkStatus.cpp:
3315         * bytecode/CallLinkStatus.h:
3316         * bytecode/CodeBlock.cpp:
3317         * bytecode/CodeBlock.h:
3318         * bytecode/GetByIdStatus.cpp:
3319         * bytecode/GetByIdStatus.h:
3320         * bytecode/Instruction.h:
3321         * bytecode/LLIntCallLinkInfo.h: Removed.
3322         * bytecode/MethodCallLinkStatus.cpp:
3323         * bytecode/Opcode.cpp:
3324         * bytecode/Opcode.h:
3325         * bytecode/PutByIdStatus.cpp:
3326         * bytecode/PutByIdStatus.h:
3327         * bytecompiler/BytecodeGenerator.cpp:
3328         * dfg/DFGByteCodeParser.cpp:
3329         * dfg/DFGCapabilities.h:
3330         * dfg/DFGOSRExitCompiler.cpp:
3331         * dfg/DFGOperations.cpp:
3332         * heap/Heap.h:
3333         * heap/MarkStack.cpp:
3334         * heap/MarkedAllocator.h:
3335         * heap/MarkedSpace.h:
3336         * interpreter/CallFrame.cpp:
3337         * interpreter/CallFrame.h:
3338         * interpreter/Interpreter.cpp:
3339         * interpreter/Interpreter.h:
3340         * interpreter/RegisterFile.h:
3341         * jit/ExecutableAllocator.h:
3342         * jit/HostCallReturnValue.cpp: Removed.
3343         * jit/HostCallReturnValue.h: Removed.
3344         * jit/JIT.cpp:
3345         * jit/JITCode.h:
3346         * jit/JITDriver.h:
3347         * jit/JITExceptions.cpp:
3348         * jit/JITInlineMethods.h:
3349         * jit/JITStubs.cpp:
3350         * jit/JITStubs.h:
3351         * jit/JSInterfaceJIT.h:
3352         * llint/LLIntCommon.h: Removed.
3353         * llint/LLIntData.cpp: Removed.
3354         * llint/LLIntData.h: Removed.
3355         * llint/LLIntEntrypoints.cpp: Removed.
3356         * llint/LLIntEntrypoints.h: Removed.
3357         * llint/LLIntExceptions.cpp: Removed.
3358         * llint/LLIntExceptions.h: Removed.
3359         * llint/LLIntOfflineAsmConfig.h: Removed.
3360         * llint/LLIntOffsetsExtractor.cpp: Removed.
3361         * llint/LLIntSlowPaths.cpp: Removed.
3362         * llint/LLIntSlowPaths.h: Removed.
3363         * llint/LLIntThunks.cpp: Removed.
3364         * llint/LLIntThunks.h: Removed.
3365         * llint/LowLevelInterpreter.asm: Removed.
3366         * llint/LowLevelInterpreter.cpp: Removed.
3367         * llint/LowLevelInterpreter.h: Removed.
3368         * offlineasm/armv7.rb: Removed.
3369         * offlineasm/asm.rb: Removed.
3370         * offlineasm/ast.rb: Removed.
3371         * offlineasm/backends.rb: Removed.
3372         * offlineasm/generate_offset_extractor.rb: Removed.
3373         * offlineasm/instructions.rb: Removed.
3374         * offlineasm/offset_extractor_constants.rb: Removed.
3375         * offlineasm/offsets.rb: Removed.
3376         * offlineasm/opt.rb: Removed.
3377         * offlineasm/parser.rb: Removed.
3378         * offlineasm/registers.rb: Removed.
3379         * offlineasm/self_hash.rb: Removed.
3380         * offlineasm/settings.rb: Removed.
3381         * offlineasm/transform.rb: Removed.
3382         * offlineasm/x86.rb: Removed.
3383         * runtime/CodeSpecializationKind.h: Removed.
3384         * runtime/CommonSlowPaths.h:
3385         * runtime/Executable.cpp:
3386         * runtime/Executable.h:
3387         * runtime/ExecutionHarness.h: Removed.
3388         * runtime/JSArray.h:
3389         * runtime/JSCell.h:
3390         * runtime/JSFunction.h:
3391         * runtime/JSGlobalData.cpp:
3392         * runtime/JSGlobalData.h:
3393         * runtime/JSGlobalObject.h:
3394         * runtime/JSObject.h:
3395         * runtime/JSPropertyNameIterator.h:
3396         * runtime/JSString.h:
3397         * runtime/JSTypeInfo.h:
3398         * runtime/JSValue.cpp:
3399         * runtime/JSValue.h:
3400         * runtime/JSVariableObject.h:
3401         * runtime/Options.cpp:
3402         * runtime/Options.h:
3403         * runtime/ScopeChain.h:
3404         * runtime/Structure.cpp:
3405         * runtime/Structure.h:
3406         * runtime/StructureChain.h:
3407         * wtf/InlineASM.h:
3408         * wtf/Platform.h:
3409         * wtf/SentinelLinkedList.h:
3410         * wtf/text/StringImpl.h:
3411
3412 2012-02-21  Gustavo Noronha Silva  <kov@debian.org> and Bob Tracy  <rct@frus.com>
3413
3414         Does not build on IA64, SPARC and Alpha
3415         https://bugs.webkit.org/show_bug.cgi?id=79047
3416
3417         Rubber-stamped by Kent Tamura.
3418
3419         * wtf/dtoa/utils.h: these architectures also have correct double
3420         operations, so add them to the appropriate side of the check.
3421
3422 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
3423
3424         Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build.
3425         https://bugs.webkit.org/show_bug.cgi?id=75812
3426
3427         Reviewed by Csaba Osztrogonác.
3428
3429         * dfg/DFGOperations.cpp:
3430         (JSC):
3431         * jit/HostCallReturnValue.h:
3432         (JSC::initializeHostCallReturnValue):
3433
3434 2012-02-21  Filip Pizlo  <fpizlo@apple.com>
3435
3436         Attempted build fix for ELF platforms.
3437
3438         * dfg/DFGOperations.cpp:
3439         (JSC):
3440         (JSC::getHostCallReturnValueWithExecState):
3441         * jit/HostCallReturnValue.cpp:
3442         (JSC):
3443         * jit/HostCallReturnValue.h:
3444         (JSC::initializeHostCallReturnValue):
3445
3446 2012-02-20  Filip Pizlo  <fpizlo@apple.com>
3447
3448         JSC should be a triple-tier VM
3449         https://bugs.webkit.org/show_bug.cgi?id=75812
3450         <rdar://problem/10079694>
3451
3452         Reviewed by Gavin Barraclough.
3453         
3454         Implemented an interpreter that uses the JIT's calling convention. This
3455         interpreter is called LLInt, or the Low Level Interpreter. JSC will now
3456         will start by executing code in LLInt and will only tier up to the old
3457         JIT after the code is proven hot.
3458         
3459         LLInt is written in a modified form of our macro assembly. This new macro
3460         assembly is compiled by an offline assembler (see offlineasm), which
3461         implements many modern conveniences such as a Turing-complete CPS-based
3462         macro language and direct access to relevant C++ type information
3463         (basically offsets of fields and sizes of structs/classes).
3464         
3465         Code executing in LLInt appears to the rest of the JSC world "as if" it
3466         were executing in the old JIT. Hence, things like exception handling and
3467         cross-execution-engine calls just work and require pretty much no
3468         additional overhead.
3469         
3470         This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
3471         V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
3472         V8, and Kraken, but appear to get a double-digit improvement on real-world
3473         websites due to a huge reduction in the amount of JIT'ing.
3474         
3475         * CMakeLists.txt:
3476         * GNUmakefile.am:
3477         * GNUmakefile.list.am:
3478         * JavaScriptCore.pri:
3479         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3480         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
3481         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3482         * JavaScriptCore.xcodeproj/project.pbxproj:
3483         * Target.pri:
3484         * assembler/LinkBuffer.h:
3485         * assembler/MacroAssemblerCodeRef.h:
3486         (MacroAssemblerCodePtr):
3487         (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
3488         * bytecode/BytecodeConventions.h: Added.
3489         * bytecode/CallLinkStatus.cpp:
3490         (JSC::CallLinkStatus::computeFromLLInt):
3491         (JSC):
3492         (JSC::CallLinkStatus::computeFor):
3493         * bytecode/CallLinkStatus.h:
3494         (JSC::CallLinkStatus::isSet):
3495         (JSC::CallLinkStatus::operator!):
3496         (CallLinkStatus):
3497         * bytecode/CodeBlock.cpp:
3498         (JSC::CodeBlock::dump):
3499         (JSC::CodeBlock::CodeBlock):
3500         (JSC::CodeBlock::~CodeBlock):
3501         (JSC::CodeBlock::finalizeUnconditionally):
3502         (JSC::CodeBlock::stronglyVisitStrongReferences):
3503         (JSC):
3504         (JSC::CodeBlock::unlinkCalls):
3505         (JSC::CodeBlock::unlinkIncomingCalls):
3506         (JSC::CodeBlock::bytecodeOffset):
3507         (JSC::ProgramCodeBlock::jettison):
3508         (JSC::EvalCodeBlock::jettison):
3509         (JSC::FunctionCodeBlock::jettison):
3510         (JSC::ProgramCodeBlock::jitCompileImpl):
3511         (JSC::EvalCodeBlock::jitCompileImpl):
3512         (JSC::FunctionCodeBlock::jitCompileImpl):
3513         * bytecode/CodeBlock.h:
3514         (JSC):
3515         (CodeBlock):
3516         (JSC::CodeBlock::baselineVersion):
3517         (JSC::CodeBlock::linkIncomingCall):
3518         (JSC::CodeBlock::bytecodeOffset):
3519         (JSC::CodeBlock::jitCompile):
3520         (JSC::CodeBlock::hasOptimizedReplacement):
3521         (JSC::CodeBlock::addPropertyAccessInstruction):
3522         (JSC::CodeBlock::addGlobalResolveInstruction):
3523         (JSC::CodeBlock::addLLIntCallLinkInfo):
3524         (JSC::CodeBlock::addGlobalResolveInfo):
3525         (JSC::CodeBlock::numberOfMethodCallLinkInfos):
3526         (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
3527         (JSC::CodeBlock::likelyToTakeSlowCase):
3528         (JSC::CodeBlock::couldTakeSlowCase):
3529         (JSC::CodeBlock::likelyToTakeSpecialFastCase):
3530         (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
3531         (JSC::CodeBlock::likelyToTakeAnySlowCase):
3532         (JSC::CodeBlock::addFrequentExitSite):
3533         (JSC::CodeBlock::dontJITAnytimeSoon):
3534         (JSC::CodeBlock::jitAfterWarmUp):
3535         (JSC::CodeBlock::jitSoon):
3536         (JSC::CodeBlock::llintExecuteCounter):
3537         (ProgramCodeBlock):
3538         (EvalCodeBlock):
3539         (FunctionCodeBlock):
3540         * bytecode/GetByIdStatus.cpp:
3541         (JSC::GetByIdStatus::computeFromLLInt):
3542         (JSC):
3543         (JSC::GetByIdStatus::computeFor):
3544         * bytecode/GetByIdStatus.h:
3545         (JSC::GetByIdStatus::GetByIdStatus):
3546         (JSC::GetByIdStatus::wasSeenInJIT):
3547         (GetByIdStatus):
3548         * bytecode/Instruction.h:
3549         (JSC):
3550         (JSC::Instruction::Instruction):
3551         (Instruction):
3552         * bytecode/LLIntCallLinkInfo.h: Added.
3553         (JSC):
3554         (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
3555         (LLIntCallLinkInfo):
3556         (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
3557         (JSC::LLIntCallLinkInfo::isLinked):
3558         (JSC::LLIntCallLinkInfo::unlink):
3559         * bytecode/MethodCallLinkStatus.cpp:
3560         (JSC::MethodCallLinkStatus::computeFor):
3561         * bytecode/Opcode.cpp:
3562         (JSC):
3563         * bytecode/Opcode.h:
3564         (JSC):
3565         (JSC::padOpcodeName):
3566         * bytecode/PutByIdStatus.cpp:
3567         (JSC::PutByIdStatus::computeFromLLInt):
3568         (JSC):
3569         (JSC::PutByIdStatus::computeFor):
3570         * bytecode/PutByIdStatus.h:
3571         (PutByIdStatus):
3572         * bytecompiler/BytecodeGenerator.cpp:
3573         (JSC::BytecodeGenerator::emitResolve):
3574         (JSC::BytecodeGenerator::emitResolveWithBase):
3575         (JSC::BytecodeGenerator::emitGetById):
3576         (JSC::BytecodeGenerator::emitPutById):
3577         (JSC::BytecodeGenerator::emitDirectPutById):
3578         (JSC::BytecodeGenerator::emitCall):
3579         (JSC::BytecodeGenerator::emitConstruct):
3580         (JSC::BytecodeGenerator::emitCatch):
3581         * dfg/DFGByteCodeParser.cpp:
3582         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
3583         (JSC::DFG::ByteCodeParser::handleInlining):
3584         (JSC::DFG::ByteCodeParser::parseBlock):
3585         * dfg/DFGCapabilities.h:
3586         (JSC::DFG::canCompileOpcode):
3587         * dfg/DFGOSRExitCompiler.cpp:
3588         * dfg/DFGOperations.cpp:
3589         * heap/Heap.h:
3590         (JSC):
3591         (JSC::Heap::firstAllocatorWithoutDestructors):
3592         (Heap):
3593         * heap/MarkStack.cpp:
3594         (JSC::visitChildren):
3595         * heap/MarkedAllocator.h:
3596         (JSC):
3597         (MarkedAllocator):
3598         * heap/MarkedSpace.h:
3599         (JSC):
3600         (MarkedSpace):
3601         (JSC::MarkedSpace::firstAllocator):
3602         * interpreter/CallFrame.cpp:
3603         (JSC):
3604         (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
3605         (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
3606         (JSC::CallFrame::currentVPC):
3607         (JSC::CallFrame::setCurrentVPC):
3608         (JSC::CallFrame::trueCallerFrame):
3609         * interpreter/CallFrame.h:
3610         (JSC::ExecState::hasReturnPC):
3611         (JSC::ExecState::clearReturnPC):
3612         (ExecState):
3613         (JSC::ExecState::bytecodeOffsetForNonDFGCode):
3614         (JSC::ExecState::currentVPC):
3615         (JSC::ExecState::setCurrentVPC):
3616         * interpreter/Interpreter.cpp:
3617         (JSC::Interpreter::Interpreter):
3618         (JSC::Interpreter::~Interpreter):
3619         (JSC):
3620         (JSC::Interpreter::initialize):
3621         (JSC::Interpreter::isOpcode):
3622         (JSC::Interpreter::unwindCallFrame):
3623         (JSC::getCallerInfo):
3624         (JSC::Interpreter::privateExecute):
3625         (JSC::Interpreter::retrieveLastCaller):
3626         * interpreter/Interpreter.h:
3627         (JSC):
3628         (Interpreter):
3629         (JSC::Interpreter::getOpcode):
3630         (JSC::Interpreter::getOpcodeID):
3631         (JSC::Interpreter::classicEnabled):
3632         * interpreter/RegisterFile.h:
3633         (JSC):
3634         (RegisterFile):
3635         * jit/ExecutableAllocator.h:
3636         (JSC):
3637         * jit/HostCallReturnValue.cpp: Added.
3638         (JSC):
3639         (JSC::getHostCallReturnValueWithExecState):
3640         * jit/HostCallReturnValue.h: Added.
3641         (JSC):
3642         (JSC::initializeHostCallReturnValue):
3643         * jit/JIT.cpp:
3644         (JSC::JIT::privateCompileMainPass):
3645         (JSC::JIT::privateCompileSlowCases):
3646         (JSC::JIT::privateCompile):
3647         * jit/JITCode.h:
3648         (JSC::JITCode::isOptimizingJIT):
3649         (JITCode):
3650         (JSC::JITCode::isBaselineCode):
3651         (JSC::JITCode::JITCode):
3652         * jit/JITDriver.h:
3653         (JSC::jitCompileIfAppropriate):
3654         (JSC::jitCompileFunctionIfAppropriate):
3655         * jit/JITExceptions.cpp:
3656         (JSC::jitThrow):
3657         * jit/JITInlineMethods.h:
3658         (JSC::JIT::updateTopCallFrame):
3659         * jit/JITStubs.cpp:
3660         (JSC::DEFINE_STUB_FUNCTION):
3661         (JSC):
3662         * jit/JITStubs.h:
3663         (JSC):
3664         * jit/JSInterfaceJIT.h:
3665         * llint: Added.
3666         * llint/LLIntCommon.h: Added.
3667         * llint/LLIntData.cpp: Added.
3668         (LLInt):
3669         (JSC::LLInt::Data::Data):
3670         (JSC::LLInt::Data::performAssertions):
3671         (JSC::LLInt::Data::~Data):
3672         * llint/LLIntData.h: Added.
3673         (JSC):
3674         (LLInt):
3675         (Data):
3676         (JSC::LLInt::Data::exceptionInstructions):
3677         (JSC::LLInt::Data::opcodeMap):
3678         (JSC::LLInt::Data::performAssertions):
3679         * llint/LLIntEntrypoints.cpp: Added.
3680         (LLInt):
3681         (JSC::LLInt::getFunctionEntrypoint):
3682         (JSC::LLInt::getEvalEntrypoint):
3683         (JSC::LLInt::getProgramEntrypoint):
3684         * llint/LLIntEntrypoints.h: Added.
3685         (JSC):
3686         (LLInt):
3687         (JSC::LLInt::getEntrypoint):
3688         * llint/LLIntExceptions.cpp: Added.
3689         (LLInt):
3690         (JSC::LLInt::interpreterThrowInCaller):
3691         (JSC::LLInt::returnToThrowForThrownException):
3692         (JSC::LLInt::returnToThrow):
3693         (JSC::LLInt::callToThrow):
3694         * llint/LLIntExceptions.h: Added.
3695         (JSC):
3696         (LLInt):
3697         * llint/LLIntOfflineAsmConfig.h: Added.
3698         * llint/LLIntOffsetsExtractor.cpp: Added.
3699         (JSC):
3700         (LLIntOffsetsExtractor):
3701         (JSC::LLIntOffsetsExtractor::dummy):
3702         (main):
3703         * llint/LLIntSlowPaths.cpp: Added.
3704         (LLInt):
3705         (JSC::LLInt::llint_trace_operand):
3706         (JSC::LLInt::llint_trace_value):
3707         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3708         (JSC::LLInt::traceFunctionPrologue):
3709         (JSC::LLInt::shouldJIT):
3710         (JSC::LLInt::entryOSR):
3711         (JSC::LLInt::resolveGlobal):
3712         (JSC::LLInt::getByVal):
3713         (JSC::LLInt::handleHostCall):
3714         (JSC::LLInt::setUpCall):
3715         (JSC::LLInt::genericCall):
3716         * llint/LLIntSlowPaths.h: Added.
3717         (JSC):
3718         (LLInt):
3719         * llint/LLIntThunks.cpp: Added.
3720         (LLInt):
3721         (JSC::LLInt::generateThunkWithJumpTo):
3722         (JSC::LLInt::functionForCallEntryThunkGenerator):
3723         (JSC::LLInt::functionForConstructEntryThunkGenerator):
3724         (JSC::LLInt::functionForCallArityCheckThunkGenerator):
3725         (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
3726         (JSC::LLInt::evalEntryThunkGenerator):
3727         (JSC::LLInt::programEntryThunkGenerator):
3728         * llint/LLIntThunks.h: Added.
3729         (JSC):
3730         (LLInt):
3731         * llint/LowLevelInterpreter.asm: Added.
3732         * llint/LowLevelInterpreter.cpp: Added.
3733         * llint/LowLevelInterpreter.h: Added.
3734         * offlineasm: Added.
3735         * offlineasm/armv7.rb: Added.
3736         * offlineasm/asm.rb: Added.
3737         * offlineasm/ast.rb: Added.
3738         * offlineasm/backends.rb: Added.
3739         * offlineasm/generate_offset_extractor.rb: Added.
3740         * offlineasm/instructions.rb: Added.
3741         * offlineasm/offset_extractor_constants.rb: Added.
3742         * offlineasm/offsets.rb: Added.
3743         * offlineasm/opt.rb: Added.
3744         * offlineasm/parser.rb: Added.
3745         * offlineasm/registers.rb: Added.
3746         * offlineasm/self_hash.rb: Added.
3747         * offlineasm/settings.rb: Added.
3748         * offlineasm/transform.rb: Added.
3749         * offlineasm/x86.rb: Added.
3750         * runtime/CodeSpecializationKind.h: Added.
3751         (JSC):
3752         * runtime/CommonSlowPaths.h:
3753         (JSC::CommonSlowPaths::arityCheckFor):
3754         (CommonSlowPaths):
3755         * runtime/Executable.cpp:
3756         (JSC::jettisonCodeBlock):
3757         (JSC):
3758         (JSC::EvalExecutable::jitCompile):
3759         (JSC::samplingDescription):
3760         (JSC::EvalExecutable::compileInternal):
3761         (JSC::ProgramExecutable::jitCompile):
3762         (JSC::ProgramExecutable::compileInternal):
3763         (JSC::FunctionExecutable::baselineCodeBlockFor):
3764         (JSC::FunctionExecutable::jitCompileForCall):
3765         (JSC::FunctionExecutable::jitCompileForConstruct):
3766         (JSC::FunctionExecutable::compileForCallInternal):
3767         (JSC::FunctionExecutable::compileForConstructInternal):
3768         * runtime/Executable.h:
3769         (JSC):
3770         (EvalExecutable):
3771         (ProgramExecutable):
3772         (FunctionExecutable):
3773         (JSC::FunctionExecutable::jitCompileFor):
3774         * runtime/ExecutionHarness.h: Added.
3775         (JSC):
3776         (JSC::prepareForExecution):
3777         (JSC::prepareFunctionForExecution):
3778         * runtime/JSArray.h:
3779         (JSC):
3780         (JSArray):
3781         * runtime/JSCell.h:
3782         (JSC):
3783         (JSCell):
3784         * runtime/JSFunction.h:
3785         (JSC):
3786         (JSFunction):
3787         * runtime/JSGlobalData.cpp:
3788         (JSC::JSGlobalData::JSGlobalData):
3789         * runtime/JSGlobalData.h:
3790         (JSC):
3791         (JSGlobalData):
3792         * runtime/JSGlobalObject.h:
3793         (JSC):
3794         (JSGlobalObject):
3795         * runtime/JSObject.h:
3796         (JSC):
3797         (JSObject):
3798         (JSFinalObject):
3799         * runtime/JSPropertyNameIterator.h:
3800         (JSC):
3801         (JSPropertyNameIterator):
3802         * runtime/JSString.h:
3803         (JSC):
3804         (JSString):
3805         * runtime/JSTypeInfo.h:
3806         (JSC):
3807         (TypeInfo):
3808         * runtime/JSValue.cpp:
3809         (JSC::JSValue::description):
3810         * runtime/JSValue.h:
3811         (LLInt):
3812         (JSValue):
3813         * runtime/JSVariableObject.h:
3814         (JSC):
3815         (JSVariableObject):
3816         * runtime/Options.cpp:
3817         (Options):
3818         (JSC::Options::initializeOptions):
3819         * runtime/Options.h:
3820         (Options):
3821         * runtime/ScopeChain.h:
3822         (JSC):
3823         (ScopeChainNode):
3824         * runtime/Structure.cpp:
3825         (JSC::Structure::addPropertyTransition):
3826         * runtime/Structure.h:
3827         (JSC):
3828         (Structure):
3829         * runtime/StructureChain.h:
3830         (JSC):
3831         (StructureChain):
3832         * wtf/InlineASM.h:
3833         * wtf/Platform.h:
3834         * wtf/SentinelLinkedList.h:
3835         (SentinelLinkedList):
3836         (WTF::SentinelLinkedList::isEmpty):
3837         * wtf/text/StringImpl.h:
3838         (JSC):
3839         (StringImpl):
3840
3841 2012-02-20  Filip Pizlo  <fpizlo@apple.com>
3842
3843         Unreviewed, rolling out http://trac.webkit.org/changeset/108291
3844         It completely broke the 32-bit JIT.
3845
3846         * heap/CopiedAllocator.h:
3847         * heap/CopiedSpace.h:
3848         (CopiedSpace):
3849         * heap/Heap.h:
3850         (JSC::Heap::allocatorForObjectWithDestructor):
3851         * jit/JIT.cpp:
3852         (JSC::JIT::privateCompileSlowCases):
3853         * jit/JIT.h:
3854         (JIT):
3855         * jit/JITInlineMethods.h:
3856         (JSC):
3857         * jit/JITOpcodes.cpp:
3858         (JSC::JIT::emit_op_new_array):
3859         * runtime/JSArray.cpp:
3860         (JSC::storageSize):
3861         (JSC):
3862         * runtime/JSArray.h:
3863         (ArrayStorage):
3864         (JSArray):
3865
3866 2012-02-20  Gavin Barraclough  <barraclough@apple.com>
3867
3868         [[Put]] should throw if prototype chain contains a readonly property.
3869         https://bugs.webkit.org/show_bug.cgi?id=79069
3870
3871         Reviewed by Oliver Hunt.
3872
3873         Currently we only check the base of the put, not the prototype chain.
3874         Fold this check in with the test for accessors.
3875
3876         * runtime/JSObject.cpp:
3877         (JSC::JSObject::put):
3878             - Updated to test all objects in the propotype chain for readonly properties.
3879         (JSC::JSObject::putDirectAccessor):
3880         (JSC::putDescriptor):
3881             - Record the presence of readonly properties on the structure.
3882         * runtime/Structure.cpp:
3883         (JSC::Structure::Structure):
3884             - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
3885         * runtime/Structure.h:
3886         (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
3887         (JSC::Structure::setHasGetterSetterProperties):
3888             - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
3889         (JSC::Structure::setContainsReadOnlyProperties):
3890             - Added.
3891
3892 2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3893
3894         Implement fast path for op_new_array in the baseline JIT
3895         https://bugs.webkit.org/show_bug.cgi?id=78612
3896
3897         Reviewed by Filip Pizlo.
3898
3899         * heap/CopiedAllocator.h:
3900         (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
3901         * heap/CopiedSpace.h:
3902         (CopiedSpace): Friended the JIT to allow access to 
3903         (JSC::CopiedSpace::allocator):
3904         * heap/Heap.h:
3905         (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
3906         can use it for simple allocation i.e. when we can just bump the offset without having to 
3907         do anything else.
3908         * jit/JIT.cpp:
3909         (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
3910         we have to bail out because the fast allocation path fails for whatever reason.
3911         * jit/JIT.h:
3912         (JIT):
3913         * jit/JITInlineMethods.h:
3914         (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
3915         allocate generic backing stores. This function is used by emitAllocateJSArray.
3916         (JSC):
3917         (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
3918         more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
3919         it will also be used for emit_op_new_array_buffer.
3920         * jit/JITOpcodes.cpp:
3921         (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
3922         a stub call for oversize arrays.
3923         (JSC):
3924         (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on 
3925         the fast path.
3926         * runtime/JSArray.cpp:
3927         (JSC):
3928         * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
3929         initialize in the JIT.
3930         (ArrayStorage):
3931         (JSC::ArrayStorage::lengthOffset):
3932         (JSC::ArrayStorage::numValuesInVectorOffset):
3933         (JSC::ArrayStorage::allocBaseOffset):
3934         (JSC::ArrayStorage::vectorOffset):
3935         (JSArray):
3936         (JSC::JSArray::sparseValueMapOffset):
3937         (JSC::JSArray::subclassDataOffset):
3938         (JSC::JSArray::indexBiasOffset):
3939         (JSC):
3940         (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
3941         to being a static function in the JSArray class. This move allows the JIT to call it to 
3942         see what size it should allocate.
3943
3944 2012-02-20  Gavin Barraclough  <barraclough@apple.com>
3945
3946         DefineOwnProperty fails with numeric properties & Object.prototype
3947         https://bugs.webkit.org/show_bug.cgi?id=79059
3948
3949         Reviewed by Oliver Hunt.
3950
3951         ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names),
3952         calls to defineOwnProperty need to update this cache.
3953
3954         * runtime/ObjectPrototype.cpp:
3955         (JSC::ObjectPrototype::put):
3956         (JSC::ObjectPrototype::defineOwnProperty):
3957         (JSC):
3958         (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
3959         * runtime/ObjectPrototype.h:
3960         (ObjectPrototype):
3961
3962 2012-02-20  Pino Toscano  <pino@debian.org>
3963
3964         Does not build on GNU Hurd
3965         https://bugs.webkit.org/show_bug.cgi?id=79045
3966
3967         Reviewed by Gustavo Noronha Silva.
3968
3969         * wtf/Platform.h: define WTF_OS_HURD.
3970         * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix
3971         for the lack of PTHREAD_KEYS_MAX definition, with a value which
3972         should not cause issues.
3973
3974 2012-02-20  Gavin Barraclough  <barraclough@apple.com>
3975
3976         Unreviewed windows build fix.
3977
3978         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3979
3980 2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3981
3982         Undoing accidental changes
3983
3984         * heap/Heap.cpp:
3985         (JSC::Heap::collectAllGarbage):
3986
3987 2012-02-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3988
3989         Factor out allocation in CopySpace into a separate CopyAllocator
3990         https://bugs.webkit.org/show_bug.cgi?id=78610
3991
3992         Reviewed by Oliver Hunt.
3993
3994         Added a new CopyAllocator class, which allows us to do allocations without 
3995         having to load the current offset and store the current offset in the current 
3996         block. This change will allow us to easily do inline assembly in the JIT for 
3997         array allocations.
3998
3999         * GNUmakefile.list.am:
4000         * JavaScriptCore.gypi:
4001         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
4002         * JavaScriptCore.xcodeproj/project.pbxproj:
4003         * heap/CopiedAllocator.h: Added.
4004         (JSC):
4005         (CopiedAllocator):
4006         (JSC::CopiedAllocator::currentBlock):
4007         (JSC::CopiedAllocator::CopiedAllocator):
4008         (JSC::CopiedAllocator::allocate):
4009         (JSC::CopiedAllocator::fitsInCurrentBlock):
4010         (JSC::CopiedAllocator::wasLastAllocation):
4011         (JSC::CopiedAllocator::startedCopying):
4012         (JSC::CopiedAllocator::resetCurrentBlock):
4013         (JSC::CopiedAllocator::currentUtilization):
4014         (JSC::CopiedAllocator::resetLastAllocation):
4015         * heap/CopiedBlock.h:
4016         (CopiedBlock):
4017         * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we 
4018