2012-01-26 Csaba Osztrogonác [Qt][Win] One more speculative buildfix after r105970. * JavaScriptCore.pri: 2012-01-26 Csaba Osztrogonác [Qt][Win] Speculative buildfix after r105970. * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC(). 2012-01-26 Sheriff Bot Unreviewed, rolling out r105982. http://trac.webkit.org/changeset/105982 https://bugs.webkit.org/show_bug.cgi?id=77090 breaks the world (Requested by WildFox on #webkit). * wtf/MainThread.cpp: (WTF): * wtf/Platform.h: * wtf/mac/MainThreadMac.mm: (WTF): (WTF::registerGCThread): (WTF::isMainThreadOrGCThread): 2012-01-26 Roland Takacs [Qt] GC should be parallel on Qt platform https://bugs.webkit.org/show_bug.cgi?id=73309 Reviewed by Zoltan Herczeg. These changes made the parallel gc feature available for Qt port. The implementation of "registerGCThread" and "isMainThreadOrGCThread" is moved from MainThreadMac.mm to the common MainThread.cpp to make them available for other platforms. Measurement results: V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ] WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms] V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ] Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core. * wtf/MainThread.cpp: (WTF): (WTF::registerGCThread): (WTF::isMainThreadOrGCThread): * wtf/Platform.h: * wtf/mac/MainThreadMac.mm: 2012-01-26 Andy Estes REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types https://bugs.webkit.org/show_bug.cgi?id=77073 Reviewed by Ryosuke Niwa. r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined. This should have been changed to OS(WINDOWS). This causes the preprocessor to strip out Win32 data type overrides for deleteOwnedPtr, causing allocations made by Win32 to be deleted by fastmalloc. * wtf/OwnPtrCommon.h: (WTF): Use OS(WINDOWS) instead of OS(WIN). 2012-01-25 Mark Rowe Attempted Mac build fix after r105939. * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS. It isn't used on these platforms and isn't available in the ICU headers for Mac. 2012-01-25 Mark Rowe Build in to an alternate location when USE_STAGING_INSTALL_PATH is set. Adopt USE_STAGING_INSTALL_PATH Reviewed by David Kilzer. * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on the normal framework location. This prevents an incorrect install name from being used when installing in to the staged frameworks directory. 2012-01-25 Eli Fidler Implement Date.toLocaleString() using ICU https://bugs.webkit.org/show_bug.cgi?id=76714 Reviewed by Darin Adler. * runtime/DatePrototype.cpp: (JSC::formatLocaleDate): 2012-01-25 Hajime Morita ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom https://bugs.webkit.org/show_bug.cgi?id=76863 Reviewed by Dimitri Glazkov. Added a feature flag. * Configurations/FeatureDefines.xcconfig: 2012-01-25 Yong Li [BlackBerry] Implement OSAllocator::commit/decommit. BlackBerry port should support virtual memory decommiting. https://bugs.webkit.org/show_bug.cgi?id=77013 Reviewed by Rob Buis. * wtf/OSAllocatorPosix.cpp: (WTF::OSAllocator::reserveUncommitted): (WTF::OSAllocator::commit): (WTF::OSAllocator::decommit): * wtf/Platform.h: 2012-01-24 Oliver Hunt Make DFG update topCallFrame https://bugs.webkit.org/show_bug.cgi?id=76969 Reviewed by Filip Pizlo. Add NativeCallFrameTracer to manage topCallFrame assignment in the DFG operations, and make use of it. * dfg/DFGOperations.cpp: (JSC::DFG::operationPutByValInternal): (): * interpreter/Interpreter.h: (JSC): (NativeCallFrameTracer): (JSC::NativeCallFrameTracer::NativeCallFrameTracer): 2012-01-24 Filip Pizlo Inlining breaks call frame walking when the walking is done from outside the inlinee, but inside a code block that had inlining https://bugs.webkit.org/show_bug.cgi?id=76978 Reviewed by Oliver Hunt. * bytecode/CodeBlock.h: (JSC::CodeBlock::codeOriginForReturn): * interpreter/CallFrame.cpp: (JSC::CallFrame::trueCallerFrame): 2012-01-24 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=76855 Implement a JIT-code aware sampling profiler for JSC Reviewed by Oliver Hunt. Add support to MetaAllocator.cpp to track all live handles in a map, allowing lookup based on any address within the allocation. * wtf/MetaAllocator.cpp: (WTF::MetaAllocatorTracker::notify): (WTF::MetaAllocatorTracker::release): - Track live handle objects in a map. (WTF::MetaAllocator::release): - Removed support for handles with null m_allocator (no longer used). - Notify the tracker of handles being released. (WTF::MetaAllocatorHandle::~MetaAllocatorHandle): - Moved functionality out into MetaAllocator::release. (WTF::MetaAllocatorHandle::shrink): - Removed support for handles with null m_allocator (no longer used). (WTF::MetaAllocator::MetaAllocator): - Initialize m_tracker. (WTF::MetaAllocator::allocate): - Notify the tracker of new allocations. * wtf/MetaAllocator.h: (WTF::MetaAllocatorTracker::find): - Lookup a MetaAllocatorHandle based on an address inside the allocation. (WTF::MetaAllocator::trackAllocations): - Register a callback object to track allocation state. * wtf/MetaAllocatorHandle.h: - Remove unused createSelfManagedHandle/constructor. (WTF::MetaAllocatorHandle::key): - Added, for use in RedBlackTree. 2012-01-24 Mark Hahnenberg Use copying collector for out-of-line JSObject property storage https://bugs.webkit.org/show_bug.cgi?id=76665 Reviewed by Geoffrey Garen. * runtime/JSObject.cpp: (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. Also added a temporary variable to avoid warnings from GCC. (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to operator new. Also added a temporary variable to avoid warnings from GCC. * runtime/JSObject.h: 2012-01-24 Geoffrey Garen JSValue::toString() should return a JSString* instead of a UString https://bugs.webkit.org/show_bug.cgi?id=76861 Fixed two failing layout tests after my last patch. Reviewed by Gavin Barraclough. * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncSort): Call value() after calling toString(), as in all other cases. I missed this case because the JSString* type has a valid operator<, so the compiler didn't complain. 2012-01-24 Kenichi Ishibashi [V8] Add Uint8ClampedArray support https://bugs.webkit.org/show_bug.cgi?id=76803 Reviewed by Kenneth Russell. * wtf/ArrayBufferView.h: (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added. * wtf/Uint8ClampedArray.h: (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true. 2012-01-23 Carlos Garcia Campos [GTK] Add WebKitDownload to WebKit2 GTK+ API https://bugs.webkit.org/show_bug.cgi?id=72949 Reviewed by Martin Robinson. * wtf/gobject/GOwnPtr.cpp: (WTF::GTimer): Use g_timer_destroy() to free a GTimer. * wtf/gobject/GOwnPtr.h: Add GTimer template. * wtf/gobject/GTypedefs.h: Add GTimer forward declaration. 2012-01-24 Ilya Tikhonovsky Unreviewed build fix for Qt LinuxSH4 build after r105698. * interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): 2012-01-23 Geoffrey Garen JSValue::toString() should return a JSString* instead of a UString https://bugs.webkit.org/show_bug.cgi?id=76861 Reviewed by Gavin Barraclough. This makes the common case -- toString() on a string -- faster and inline-able. (Not a measureable speedup, but we can now remove a bunch of duplicate hand-rolled code for this optimization.) This also clarifies the boundary between "C++ strings" and "JS strings". In all cases other than true, false, null, undefined, and multi-digit numbers, the JS runtime was just retrieving a UString from a JSString, so returning a JSString* is strictly better. In the other cases, we can optimize to avoid creating a new JSString if we care to, but it doesn't seem to be a big deal. * JavaScriptCore.exp: Export! * jsc.cpp: (functionPrint): (functionDebug): (functionRun): (functionLoad): (functionCheckSyntax): (runWithScripts): (runInteractive): * API/JSValueRef.cpp: (JSValueToStringCopy): * bytecode/CodeBlock.cpp: (JSC::valueToSourceString): Call value() after calling toString(), to convert from "JS string" (JSString*) to "C++ string" (UString), since toString() no longer returns a "C++ string". * dfg/DFGOperations.cpp: (JSC::DFG::operationValueAddNotNumber): * jit/JITStubs.cpp: (op_add): Updated for removal of toPrimitiveString(): all '+' operands can use toString(), except for object operands, which need to take a slow path to call toPrimitive(). * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncToString): (JSC::arrayProtoFuncToLocaleString): (JSC::arrayProtoFuncJoin): (JSC::arrayProtoFuncPush): * runtime/CommonSlowPaths.h: (JSC::CommonSlowPaths::opIn): * runtime/DateConstructor.cpp: (JSC::dateParse): * runtime/DatePrototype.cpp: (JSC::formatLocaleDate): Call value() after calling toString(), as above. * runtime/ErrorInstance.h: (JSC::ErrorInstance::create): Simplified down to one canonical create() function, to make string handling easier. * runtime/ErrorPrototype.cpp: (JSC::errorProtoFuncToString): * runtime/ExceptionHelpers.cpp: (JSC::createInvalidParamError): (JSC::createNotAConstructorError): (JSC::createNotAFunctionError): (JSC::createNotAnObjectError): * runtime/FunctionConstructor.cpp: (JSC::constructFunctionSkippingEvalEnabledCheck): * runtime/FunctionPrototype.cpp: (JSC::functionProtoFuncBind): * runtime/JSArray.cpp: (JSC::JSArray::sort): Call value() after calling toString(), as above. * runtime/JSCell.cpp: * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this job now. Doing it in JSCell is slower (requires extra type checking), and creates the misimpression that language-defined toString() behavior is an implementation detail of JSCell. * runtime/JSGlobalObjectFunctions.cpp: (JSC::encode): (JSC::decode): (JSC::globalFuncEval): (JSC::globalFuncParseInt): (JSC::globalFuncParseFloat): (JSC::globalFuncEscape): (JSC::globalFuncUnescape): Call value() after calling toString(), as above. * runtime/JSONObject.cpp: (JSC::unwrapBoxedPrimitive): (JSC::Stringifier::Stringifier): (JSC::JSONProtoFuncParse): Removed some manual optimization that toString() takes care of. * runtime/JSObject.cpp: (JSC::JSObject::toString): * runtime/JSObject.h: Updated to return JSString*. * runtime/JSString.cpp: * runtime/JSString.h: (JSC::JSValue::toString): Removed, since I removed JSCell::toString(). * runtime/JSValue.cpp: (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re- spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString() basically did what we want all the time. (Note that the toPrimitive() preference changes from NoPreference to PreferString, because that's how ToString is defined in the language. op_add does not want this behavior.) * runtime/NumberPrototype.cpp: (JSC::numberProtoFuncToString): (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString() returns a JSString*. * runtime/ObjectConstructor.cpp: (JSC::objectConstructorGetOwnPropertyDescriptor): (JSC::objectConstructorDefineProperty): * runtime/ObjectPrototype.cpp: (JSC::objectProtoFuncHasOwnProperty): (JSC::objectProtoFuncDefineGetter): (JSC::objectProtoFuncDefineSetter): (JSC::objectProtoFuncLookupGetter): (JSC::objectProtoFuncLookupSetter): (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above. * runtime/Operations.cpp: (JSC::jsAddSlowCase): Need to check for object before taking the toString() fast path becuase adding an object to a string requires calling toPrimitive() on the object, not toString(). (They differ in their preferred conversion type.) * runtime/Operations.h: (JSC::jsString): (JSC::jsStringFromArguments): This code gets simpler, now that toString() does the right thing. (JSC::jsAdd): Now checks for object, just like jsAddSlowCase(). * runtime/RegExpConstructor.cpp: (JSC::setRegExpConstructorInput): (JSC::constructRegExp): * runtime/RegExpObject.cpp: (JSC::RegExpObject::match): * runtime/RegExpPrototype.cpp: (JSC::regExpProtoFuncCompile): (JSC::regExpProtoFuncToString): More calls to value(), as above. * runtime/StringConstructor.cpp: (JSC::constructWithStringConstructor): (JSC::callStringConstructor): This code gets simpler, now that toString() does the right thing. * runtime/StringPrototype.cpp: (JSC::replaceUsingRegExpSearch): (JSC::replaceUsingStringSearch): (JSC::stringProtoFuncReplace): (JSC::stringProtoFuncCharAt): (JSC::stringProtoFuncCharCodeAt): (JSC::stringProtoFuncConcat): (JSC::stringProtoFuncIndexOf): (JSC::stringProtoFuncLastIndexOf): (JSC::stringProtoFuncMatch): (JSC::stringProtoFuncSearch): (JSC::stringProtoFuncSlice): (JSC::stringProtoFuncSplit): (JSC::stringProtoFuncSubstr): (JSC::stringProtoFuncSubstring): (JSC::stringProtoFuncToLowerCase): (JSC::stringProtoFuncToUpperCase): (JSC::stringProtoFuncLocaleCompare): (JSC::stringProtoFuncBig): (JSC::stringProtoFuncSmall): (JSC::stringProtoFuncBlink): (JSC::stringProtoFuncBold): (JSC::stringProtoFuncFixed): (JSC::stringProtoFuncItalics): (JSC::stringProtoFuncStrike): (JSC::stringProtoFuncSub): (JSC::stringProtoFuncSup): (JSC::stringProtoFuncFontcolor): (JSC::stringProtoFuncFontsize): (JSC::stringProtoFuncAnchor): (JSC::stringProtoFuncLink): (JSC::trimString): Some of this code gets simpler, now that toString() does the right thing. More calls to value(), as above. 2012-01-23 Luke Macpherson Unreviewed, rolling out r105676. http://trac.webkit.org/changeset/105676 https://bugs.webkit.org/show_bug.cgi?id=76665 Breaks build on max due to compile warnings. * runtime/JSObject.cpp: (JSC::JSObject::finalize): (JSC::JSObject::visitChildren): (JSC::JSObject::allocatePropertyStorage): * runtime/JSObject.h: 2012-01-23 Mark Hahnenberg Use copying collector for out-of-line JSObject property storage https://bugs.webkit.org/show_bug.cgi?id=76665 Reviewed by Geoffrey Garen. * runtime/JSObject.cpp: (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line. (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to operator new. * runtime/JSObject.h: 2012-01-23 Brian Weinstein More build fixing after r105646. * JavaScriptCore.exp: 2012-01-23 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=76855 Implement a JIT-code aware sampling profiler for JSC Reviewed by Geoff Garen. Step 2: generalize RedBlackTree. The profiler is going to want tio use a RedBlackTree, allow this class to work with subclasses of RedBlackTree::Node, Node should not need to know the names of the m_key and m_value fields (the subclass can provide a key() accessor), and RedBlackTree does not need to know anything about ValueType. * JavaScriptCore.exp: * wtf/MetaAllocator.cpp: (WTF::MetaAllocator::findAndRemoveFreeSpace): (WTF::MetaAllocator::debugFreeSpaceSize): (WTF::MetaAllocator::addFreeSpace): * wtf/MetaAllocator.h: (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode): (WTF::MetaAllocator::FreeSpaceNode::key): * wtf/MetaAllocatorHandle.h: (WTF::MetaAllocatorHandle::key): * wtf/RedBlackTree.h: (WTF::RedBlackTree::Node::successor): (WTF::RedBlackTree::Node::predecessor): (WTF::RedBlackTree::Node::parent): (WTF::RedBlackTree::Node::setParent): (WTF::RedBlackTree::Node::left): (WTF::RedBlackTree::Node::setLeft): (WTF::RedBlackTree::Node::right): (WTF::RedBlackTree::Node::setRight): (WTF::RedBlackTree::insert): (WTF::RedBlackTree::remove): (WTF::RedBlackTree::findExact): (WTF::RedBlackTree::findLeastGreaterThanOrEqual): (WTF::RedBlackTree::findGreatestLessThanOrEqual): (WTF::RedBlackTree::first): (WTF::RedBlackTree::last): (WTF::RedBlackTree::size): (WTF::RedBlackTree::treeMinimum): (WTF::RedBlackTree::treeMaximum): (WTF::RedBlackTree::treeInsert): (WTF::RedBlackTree::leftRotate): (WTF::RedBlackTree::rightRotate): (WTF::RedBlackTree::removeFixup): 2012-01-23 Andy Estes Fix the build after r105635. * JavaScriptCore.exp: 2012-01-23 Mark Hahnenberg Remove StackBounds from JSGlobalData https://bugs.webkit.org/show_bug.cgi?id=76310 Reviewed by Sam Weinig. Removed StackBounds and the stack() function from JSGlobalData since it no longer accessed any members of JSGlobalData. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): * heap/MachineStackMarker.cpp: (JSC::MachineThreads::addCurrentThread): (JSC::MachineThreads::gatherFromCurrentThread): * parser/Parser.cpp: (JSC::::Parser): * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData): * runtime/JSGlobalData.h: 2012-01-23 Gavin Barraclough Implement a JIT-code aware sampling profiler for JSC https://bugs.webkit.org/show_bug.cgi?id=76855 Rubber stanmped by Geoff Garen. Mechanical change - pass CodeBlock through to the executable allocator, such that we will be able to map ranges of JIT code back to their owner. * assembler/ARMAssembler.cpp: (JSC::ARMAssembler::executableCopy): * assembler/ARMAssembler.h: * assembler/AssemblerBuffer.h: (JSC::AssemblerBuffer::executableCopy): * assembler/AssemblerBufferWithConstantPool.h: (JSC::AssemblerBufferWithConstantPool::executableCopy): * assembler/LinkBuffer.h: (JSC::LinkBuffer::LinkBuffer): (JSC::LinkBuffer::linkCode): * assembler/MIPSAssembler.h: (JSC::MIPSAssembler::executableCopy): * assembler/SH4Assembler.h: (JSC::SH4Assembler::executableCopy): * assembler/X86Assembler.h: (JSC::X86Assembler::executableCopy): (JSC::X86Assembler::X86InstructionFormatter::executableCopy): * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compile): (JSC::DFG::JITCompiler::compileFunction): * dfg/DFGOSRExitCompiler.cpp: * dfg/DFGRepatch.cpp: (JSC::DFG::generateProtoChainAccessStub): (JSC::DFG::tryCacheGetByID): (JSC::DFG::tryBuildGetByIDList): (JSC::DFG::tryCachePutByID): * dfg/DFGThunks.cpp: (JSC::DFG::osrExitGenerationThunkGenerator): * jit/ExecutableAllocator.cpp: (JSC::ExecutableAllocator::allocate): * jit/ExecutableAllocator.h: * jit/ExecutableAllocatorFixedVMPool.cpp: (JSC::ExecutableAllocator::allocate): * jit/JIT.cpp: (JSC::JIT::privateCompile): * jit/JITOpcodes.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines): * jit/JITOpcodes32_64.cpp: (JSC::JIT::privateCompileCTIMachineTrampolines): (JSC::JIT::privateCompileCTINativeCall): * jit/JITPropertyAccess.cpp: (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::privateCompilePatchGetArrayLength): (JSC::JIT::privateCompileGetByIdProto): (JSC::JIT::privateCompileGetByIdSelfList): (JSC::JIT::privateCompileGetByIdProtoList): (JSC::JIT::privateCompileGetByIdChainList): (JSC::JIT::privateCompileGetByIdChain): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::privateCompilePatchGetArrayLength): (JSC::JIT::privateCompileGetByIdProto): (JSC::JIT::privateCompileGetByIdSelfList): (JSC::JIT::privateCompileGetByIdProtoList): (JSC::JIT::privateCompileGetByIdChainList): (JSC::JIT::privateCompileGetByIdChain): * jit/JITStubs.cpp: * jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::finalize): * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::compile): 2012-01-23 Xianzhu Wang Basic enhancements to StringBuilder https://bugs.webkit.org/show_bug.cgi?id=67081 This change contains the following enhancements to StringBuilder, for convenience, performance, testability, etc.: - Change toStringPreserveCapacity() to const - new public methods: capacity(), swap(), toAtomicString(), canShrink() and append(const StringBuilder&) - == and != opearators to compare StringBuilders and a StringBuilder/String Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp Reviewed by Darin Adler. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * wtf/text/AtomicString.cpp: (WTF::SubstringTranslator::hash): (WTF::SubstringTranslator::equal): (WTF::SubstringTranslator::translate): (WTF::AtomicString::add): (WTF::AtomicString::addSlowCase): * wtf/text/AtomicString.h: (WTF::AtomicString::AtomicString): (WTF::AtomicString::add): * wtf/text/StringBuilder.cpp: (WTF::StringBuilder::reifyString): (WTF::StringBuilder::resize): (WTF::StringBuilder::canShrink): (WTF::StringBuilder::shrinkToFit): * wtf/text/StringBuilder.h: (WTF::StringBuilder::append): (WTF::StringBuilder::toString): (WTF::StringBuilder::toStringPreserveCapacity): (WTF::StringBuilder::toAtomicString): (WTF::StringBuilder::isEmpty): (WTF::StringBuilder::capacity): (WTF::StringBuilder::is8Bit): (WTF::StringBuilder::swap): (WTF::equal): (WTF::operator==): (WTF::operator!=): * wtf/text/StringImpl.h: 2012-01-23 Carlos Garcia Campos Unreviewed. Fix make distcheck. * GNUmakefile.list.am: Add missing files, remove deleted files and fix indentation. 2012-01-22 Filip Pizlo Build fix for non-DFG platforms that error out on warn-unused-parameter. * bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeFor): * bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeFor): * bytecode/MethodCallLinkStatus.cpp: (JSC::MethodCallLinkStatus::computeFor): * bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFor): 2012-01-22 Filip Pizlo Build fix for non-DFG platforms. * bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeFor): * bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeFor): * bytecode/MethodCallLinkStatus.cpp: (JSC::MethodCallLinkStatus::computeFor): * bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFor): 2012-01-20 Filip Pizlo DFG should not have code that directly decodes the states of old JIT inline cache data structures https://bugs.webkit.org/show_bug.cgi?id=76768 Reviewed by Sam Weinig. Introduced new classes (like GetByIdStatus) that encapsulate the set of things that the DFG would like to know about property accesses and calls. Whereas it previously got this information by directly decoding the data structures used by the old JIT for inline caching, it now uses these classes, which do the work for it. This should make it somewhat more straight forward to introduce new ways of profiling the same information. Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by code in bytecode/. Making this work right involved carefully ensuring that the heuristics for choosing how to handle property accesses was at least as good as what we had before, since I completely restructured that code. Currently the performance looks neutral. Since I rewrote the code I did change some things that I never liked before, like previously if a put_bu_id had executed exactly once then we'd compile it as if it had taken slow-path. Executing once is special because then the inline cache is not baked in, so there is no information about how the DFG should optimize the code. Now this is rationalized: if the put_by_id does not offer enough information to be optimized (i.e. had executed 0 or 1 times) then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id still has the old behavior; I left it that way because I didn't want to make too many changes at once. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/CallLinkStatus.cpp: Added. (JSC::CallLinkStatus::computeFor): * bytecode/CallLinkStatus.h: Added. (JSC::CallLinkStatus::CallLinkStatus): (JSC::CallLinkStatus::isSet): (JSC::CallLinkStatus::operator!): (JSC::CallLinkStatus::couldTakeSlowPath): (JSC::CallLinkStatus::callTarget): * bytecode/GetByIdStatus.cpp: Added. (JSC::GetByIdStatus::computeFor): * bytecode/GetByIdStatus.h: Added. (JSC::GetByIdStatus::GetByIdStatus): (JSC::GetByIdStatus::state): (JSC::GetByIdStatus::isSet): (JSC::GetByIdStatus::operator!): (JSC::GetByIdStatus::isSimpleDirect): (JSC::GetByIdStatus::takesSlowPath): (JSC::GetByIdStatus::makesCalls): (JSC::GetByIdStatus::structureSet): (JSC::GetByIdStatus::offset): * bytecode/MethodCallLinkStatus.cpp: Added. (JSC::MethodCallLinkStatus::computeFor): * bytecode/MethodCallLinkStatus.h: Added. (JSC::MethodCallLinkStatus::MethodCallLinkStatus): (JSC::MethodCallLinkStatus::isSet): (JSC::MethodCallLinkStatus::operator!): (JSC::MethodCallLinkStatus::needsPrototypeCheck): (JSC::MethodCallLinkStatus::structure): (JSC::MethodCallLinkStatus::prototypeStructure): (JSC::MethodCallLinkStatus::function): (JSC::MethodCallLinkStatus::prototype): * bytecode/PutByIdStatus.cpp: Added. (JSC::PutByIdStatus::computeFor): * bytecode/PutByIdStatus.h: Added. (JSC::PutByIdStatus::PutByIdStatus): (JSC::PutByIdStatus::state): (JSC::PutByIdStatus::isSet): (JSC::PutByIdStatus::operator!): (JSC::PutByIdStatus::isSimpleReplace): (JSC::PutByIdStatus::isSimpleTransition): (JSC::PutByIdStatus::takesSlowPath): (JSC::PutByIdStatus::oldStructure): (JSC::PutByIdStatus::newStructure): (JSC::PutByIdStatus::structureChain): (JSC::PutByIdStatus::offset): * bytecode/StructureSet.h: Added. (JSC::StructureSet::StructureSet): (JSC::StructureSet::clear): (JSC::StructureSet::add): (JSC::StructureSet::addAll): (JSC::StructureSet::remove): (JSC::StructureSet::contains): (JSC::StructureSet::isSubsetOf): (JSC::StructureSet::isSupersetOf): (JSC::StructureSet::size): (JSC::StructureSet::at): (JSC::StructureSet::operator[]): (JSC::StructureSet::last): (JSC::StructureSet::predictionFromStructures): (JSC::StructureSet::operator==): (JSC::StructureSet::dump): * dfg/DFGAbstractValue.h: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGStructureSet.h: Removed. 2012-01-20 Filip Pizlo JIT compilation should not require ExecState https://bugs.webkit.org/show_bug.cgi?id=76729 Reviewed by Gavin Barraclough. Changed the relevant JIT driver functions to take JSGlobalData& instead of ExecState*, since really they just needed the global data. * dfg/DFGDriver.cpp: (JSC::DFG::compile): (JSC::DFG::tryCompile): (JSC::DFG::tryCompileFunction): * dfg/DFGDriver.h: (JSC::DFG::tryCompile): (JSC::DFG::tryCompileFunction): * jit/JITDriver.h: (JSC::jitCompileIfAppropriate): (JSC::jitCompileFunctionIfAppropriate): * runtime/Executable.cpp: (JSC::EvalExecutable::compileInternal): (JSC::ProgramExecutable::compileInternal): (JSC::FunctionExecutable::compileForCallInternal): (JSC::FunctionExecutable::compileForConstructInternal): 2012-01-20 David Levin Make OwnPtr work for the Chromium Windows port. https://bugs.webkit.org/show_bug.cgi?id=76738 Reviewed by Jian Li. * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the Chromium Windows build. * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for OwnPtr and similar constructs. 2012-01-19 Geoffrey Garen Removed some regexp entry boilerplate code https://bugs.webkit.org/show_bug.cgi?id=76687 Reviewed by Darin Adler. 1% - 2% speedup on regexp tests, no change overall. * runtime/RegExp.cpp: (JSC::RegExp::match): - ASSERT that our startIndex is non-negative, because anything less would be uncivilized. - ASSERT that our input is not the null string for the same reason. - No need to test for startOffset being past the end of the string, since the regular expression engine will do this test for us. - No need to initialize the output vector, since the regular expression engine will fill it in for us. * yarr/YarrInterpreter.cpp: (JSC::Yarr::Interpreter::interpret): * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::compile): RegExp used to do these jobs for us, but now we do them for ourselves because it's a better separation of concerns, and the JIT can do them more efficiently than C++ code: - Test for "past the end" before doing any matching -- otherwise a* will match with zero length past the end of the string, which is wrong. - Initialize the output vector before doing any matching. 2012-01-20 Filip Pizlo Build fix for no-DFG configuration. Needed for . * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitProfiledOpcode): * jit/JIT.h: (JSC::JIT::emitValueProfilingSite): 2012-01-19 Filip Pizlo Bytecode instructions that may have value profiling should have a direct inline link to the ValueProfile instance https://bugs.webkit.org/show_bug.cgi?id=76682 Reviewed by Sam Weinig. Each opcode that gets value profiled now has a link to its ValueProfile. This required rationalizing the emission of value profiles for opcode combos, like op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes sense for one of them to have a value profile link, and it makes most sense for it to be the one that actually sets the result. The previous behavior was to have op_method_check profile for op_get_by_id when they were used together, but otherwise for op_get_by_id to have its own profiles. op_call already did the right thing; all profiling was done by op_call_put_result. But rationalizing this code required breaking some of the natural boundaries that the code had; for instance the code in DFG that emits a GetById in place of both op_method_check and op_get_by_id must now know that it's the latter of those that has the value profile, while the first of those constitutes the OSR target. Hence each CodeOrigin must now have two bytecode indices - one for OSR exit and one for profiling. Finally this change required some refiddling of our optimization heuristics, because now all code blocks have "more instructions" due to the value profile slots. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::printGetByIdOp): (JSC::CodeBlock::dump): * bytecode/CodeBlock.h: (JSC::CodeBlock::valueProfileForBytecodeOffset): * bytecode/CodeOrigin.h: (JSC::CodeOrigin::CodeOrigin): (JSC::CodeOrigin::bytecodeIndexForValueProfile): * bytecode/Instruction.h: (JSC::Instruction::Instruction): * bytecode/Opcode.h: * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitProfiledOpcode): (JSC::BytecodeGenerator::emitResolve): (JSC::BytecodeGenerator::emitGetScopedVar): (JSC::BytecodeGenerator::emitResolveBase): (JSC::BytecodeGenerator::emitResolveBaseForPut): (JSC::BytecodeGenerator::emitResolveWithBase): (JSC::BytecodeGenerator::emitResolveWithThis): (JSC::BytecodeGenerator::emitGetById): (JSC::BytecodeGenerator::emitGetByVal): (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitCallVarargs): (JSC::BytecodeGenerator::emitConstruct): * bytecompiler/BytecodeGenerator.h: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::ByteCodeParser): (JSC::DFG::ByteCodeParser::currentCodeOrigin): (JSC::DFG::ByteCodeParser::addCall): (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit): (JSC::DFG::ByteCodeParser::getPrediction): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::parseBlock): (JSC::DFG::ByteCodeParser::parse): * dfg/DFGGraph.h: (JSC::DFG::Graph::valueProfileFor): * jit/JIT.h: (JSC::JIT::emitValueProfilingSite): * jit/JITCall.cpp: (JSC::JIT::emit_op_call_put_result): * jit/JITCall32_64.cpp: (JSC::JIT::emit_op_call_put_result): * jit/JITInlineMethods.h: (JSC::JIT::emitValueProfilingSite): * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_resolve): (JSC::JIT::emit_op_resolve_base): (JSC::JIT::emit_op_resolve_skip): (JSC::JIT::emit_op_resolve_global): (JSC::JIT::emitSlow_op_resolve_global): (JSC::JIT::emit_op_resolve_with_base): (JSC::JIT::emit_op_resolve_with_this): (JSC::JIT::emitSlow_op_resolve_global_dynamic): * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_resolve): (JSC::JIT::emit_op_resolve_base): (JSC::JIT::emit_op_resolve_skip): (JSC::JIT::emit_op_resolve_global): (JSC::JIT::emitSlow_op_resolve_global): (JSC::JIT::emit_op_resolve_with_base): (JSC::JIT::emit_op_resolve_with_this): * jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_get_by_val): (JSC::JIT::emitSlow_op_get_by_val): (JSC::JIT::emit_op_method_check): (JSC::JIT::emitSlow_op_method_check): (JSC::JIT::emit_op_get_by_id): (JSC::JIT::emitSlow_op_get_by_id): (JSC::JIT::emit_op_get_scoped_var): (JSC::JIT::emit_op_get_global_var): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emit_op_method_check): (JSC::JIT::emitSlow_op_method_check): (JSC::JIT::emit_op_get_by_val): (JSC::JIT::emitSlow_op_get_by_val): (JSC::JIT::emit_op_get_by_id): (JSC::JIT::emitSlow_op_get_by_id): (JSC::JIT::emit_op_get_scoped_var): (JSC::JIT::emit_op_get_global_var): * jit/JITStubCall.h: (JSC::JITStubCall::callWithValueProfiling): * runtime/Options.cpp: (JSC::Options::initializeOptions): 2012-01-20 ChangSeok Oh undefined reference to symbol eina_module_free https://bugs.webkit.org/show_bug.cgi?id=76681 Reviewed by Martin Robinson. eina_module_free has been used without including eina libraries after r104936. * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES. 2012-01-19 Tony Chang [chromium] Remove an obsolete comment about features.gypi https://bugs.webkit.org/show_bug.cgi?id=76643 There can be only one features.gypi. Reviewed by James Robinson. * JavaScriptCore.gyp/JavaScriptCore.gyp: 2012-01-19 Geoffrey Garen Implicit creation of a regular expression should eagerly check for syntax errors https://bugs.webkit.org/show_bug.cgi?id=76642 Reviewed by Oliver Hunt. This is a correctness fix and a slight optimization. * runtime/StringPrototype.cpp: (JSC::stringProtoFuncMatch): (JSC::stringProtoFuncSearch): Check for syntax errors because that's the correct behavior. * runtime/RegExp.cpp: (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line of code change, many lines of indentation change.) Since we have no clients that try to match a RegExp that is a syntax error, let's optimize out the check. 2012-01-19 Mark Hahnenberg Implement a new allocator for backing stores https://bugs.webkit.org/show_bug.cgi?id=75181 Reviewed by Filip Pizlo. We want to move away from using fastMalloc for the backing stores for some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing stores have a nice property in that they only have a single owner (i.e. a single pointer to them at any one time). One way that we can take advantage of this property is to implement a simple bump allocator/copying collector, which will run alongside our normal mark/sweep collector, that only needs to update the single owner pointer rather than having to redirect an arbitrary number of pointers in from-space to to-space. This plan can give us a number of benefits. We can beat fastMalloc in terms of both performance and memory usage, we can track how much memory we're using far more accurately than our rough estimation now through the use of reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed to being limited to size classes like we have been historically). This is also another step toward moving away from lazy destruction, which will improve our memory footprint. We start by creating said allocator and moving the ArrayStorage for JSArray to use it rather than fastMalloc. The design of the collector is as follows: Allocation: -The collector allocates 64KB chunks from the OS to use for object allocation. -Each chunk contains an offset, a flag indicating if the block has been pinned, and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists. -Any allocation greater than 64KB gets its own separate oversize block, which is managed separately from the rest. -If the allocator receives a request for more than the remaining amount in the current block, it grabs a fresh block. -Grabbing a fresh block means grabbing one off of the global free list (which is now shared between the mark/sweep allocator and the bump allocator) if there is one. If there isn't a new one we do one of two things: allocate a new block from the OS if we're not ready for a GC yet, or run a GC and then try again. If we still don't have enough space after the GC, we allocate a new block from the OS. Garbage collection: -At the start of garbage collection during conservative stack scanning, if we encounter what appears to be a pointer to a bump-allocated block of memory, we pin that block so that it will not be copied for this round of collection. -We also pin any oversize blocks that we encounter, which effectively doubles as a "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying are given back to the OS. -Marking threads are now also responsible for copying bump-allocated objects to newSpace -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters. -When that block fills up, the marking thread gives it back to the allocator and requests a new one. -When all marking has concluded, each thread gives back its copy block, even if it isn't full. -At the conclusion of copying (which is done by the end of the marking phase), we un-pin any pinned blocks and give any blocks left in from-space to the global free list. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.gypi: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: * JavaScriptCore.vcproj/WTF/WTF.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * heap/AllocationSpace.cpp: (JSC::AllocationSpace::allocateSlowCase): (JSC::AllocationSpace::allocateBlock): (JSC::AllocationSpace::freeBlocks): * heap/AllocationSpace.h: (JSC::AllocationSpace::waterMark): * heap/BumpBlock.h: Added. (JSC::BumpBlock::BumpBlock): * heap/BumpSpace.cpp: Added. (JSC::BumpSpace::tryAllocateSlowCase): * heap/BumpSpace.h: Added. (JSC::BumpSpace::isInCopyPhase): (JSC::BumpSpace::totalMemoryAllocated): (JSC::BumpSpace::totalMemoryUtilized): * heap/BumpSpaceInlineMethods.h: Added. (JSC::BumpSpace::BumpSpace): (JSC::BumpSpace::init): (JSC::BumpSpace::contains): (JSC::BumpSpace::pin): (JSC::BumpSpace::startedCopying): (JSC::BumpSpace::doneCopying): (JSC::BumpSpace::doneFillingBlock): (JSC::BumpSpace::recycleBlock): (JSC::BumpSpace::getFreshBlock): (JSC::BumpSpace::borrowBlock): (JSC::BumpSpace::addNewBlock): (JSC::BumpSpace::allocateNewBlock): (JSC::BumpSpace::fitsInBlock): (JSC::BumpSpace::fitsInCurrentBlock): (JSC::BumpSpace::tryAllocate): (JSC::BumpSpace::tryAllocateOversize): (JSC::BumpSpace::allocateFromBlock): (JSC::BumpSpace::tryReallocate): (JSC::BumpSpace::tryReallocateOversize): (JSC::BumpSpace::isOversize): (JSC::BumpSpace::isPinned): (JSC::BumpSpace::oversizeBlockFor): (JSC::BumpSpace::blockFor): * heap/ConservativeRoots.cpp: (JSC::ConservativeRoots::ConservativeRoots): (JSC::ConservativeRoots::genericAddPointer): (JSC::ConservativeRoots::add): * heap/ConservativeRoots.h: * heap/Heap.cpp: (JSC::Heap::Heap): (JSC::Heap::blockFreeingThreadMain): (JSC::Heap::reportExtraMemoryCostSlowCase): (JSC::Heap::getConservativeRegisterRoots): (JSC::Heap::markRoots): (JSC::Heap::collect): (JSC::Heap::releaseFreeBlocks): * heap/Heap.h: (JSC::Heap::waterMark): (JSC::Heap::highWaterMark): (JSC::Heap::setHighWaterMark): (JSC::Heap::tryAllocateStorage): (JSC::Heap::tryReallocateStorage): * heap/HeapBlock.h: Added. (JSC::HeapBlock::HeapBlock): * heap/MarkStack.cpp: (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): (JSC::SlotVisitor::drain): (JSC::SlotVisitor::drainFromShared): (JSC::SlotVisitor::startCopying): (JSC::SlotVisitor::allocateNewSpace): (JSC::SlotVisitor::copy): (JSC::SlotVisitor::copyAndAppend): (JSC::SlotVisitor::doneCopying): * heap/MarkStack.h: * heap/MarkedBlock.cpp: (JSC::MarkedBlock::recycle): (JSC::MarkedBlock::MarkedBlock): * heap/MarkedBlock.h: * heap/MarkedSpace.cpp: (JSC::MarkedSpace::MarkedSpace): * heap/MarkedSpace.h: (JSC::MarkedSpace::allocate): (JSC::MarkedSpace::forEachBlock): (JSC::MarkedSpace::SizeClass::resetAllocator): * heap/SlotVisitor.h: (JSC::SlotVisitor::SlotVisitor): * heap/TinyBloomFilter.h: (JSC::TinyBloomFilter::reset): * runtime/JSArray.cpp: (JSC::JSArray::JSArray): (JSC::JSArray::finishCreation): (JSC::JSArray::tryFinishCreationUninitialized): (JSC::JSArray::~JSArray): (JSC::JSArray::enterSparseMode): (JSC::JSArray::defineOwnNumericProperty): (JSC::JSArray::setLengthWritable): (JSC::JSArray::getOwnPropertySlotByIndex): (JSC::JSArray::getOwnPropertyDescriptor): (JSC::JSArray::putByIndexBeyondVectorLength): (JSC::JSArray::deletePropertyByIndex): (JSC::JSArray::getOwnPropertyNames): (JSC::JSArray::increaseVectorLength): (JSC::JSArray::unshiftCountSlowCase): (JSC::JSArray::setLength): (JSC::JSArray::pop): (JSC::JSArray::unshiftCount): (JSC::JSArray::visitChildren): (JSC::JSArray::sortNumeric): (JSC::JSArray::sort): (JSC::JSArray::compactForSorting): (JSC::JSArray::subclassData): (JSC::JSArray::setSubclassData): (JSC::JSArray::checkConsistency): * runtime/JSArray.h: (JSC::JSArray::inSparseMode): (JSC::JSArray::isLengthWritable): * wtf/CheckedBoolean.h: Added. (CheckedBoolean::CheckedBoolean): (CheckedBoolean::~CheckedBoolean): (CheckedBoolean::operator bool): * wtf/DoublyLinkedList.h: (WTF::::push): * wtf/StdLibExtras.h: (WTF::isPointerAligned): 2012-01-19 Joi Sigurdsson Enable use of precompiled headers in Chromium port on Windows. Bug 76381 - Use precompiled headers in Chromium port on Windows https://bugs.webkit.org/show_bug.cgi?id=76381 Reviewed by Tony Chang. * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi. 2012-01-18 Roland Takacs Cross-platform processor core counter fix https://bugs.webkit.org/show_bug.cgi?id=76540 Reviewed by Zoltan Herczeg. I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)" and I removed the OS checking macros from ParallelJobsGeneric.cpp because the NumberOfCores.cpp contains them for counting CPU cores. The processor core counter patch located at https://bugs.webkit.org/show_bug.cgi?id=76530 * wtf/NumberOfCores.cpp: * wtf/ParallelJobsGeneric.cpp: 2012-01-18 Csaba Osztrogonác Cross-platform processor core counter https://bugs.webkit.org/show_bug.cgi?id=76530 Unreviewed cross-MinGW buildfix after r105270. * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h. 2012-01-18 Roland Takacs Cross-platform processor core counter https://bugs.webkit.org/show_bug.cgi?id=76530 Reviewed by Zoltan Herczeg. Two files have been created that include the processor core counter function. It used to be in ParallelJobsGeneric.h/cpp before. * GNUmakefile.list.am: * JavaScriptCore.gypi: * JavaScriptCore.vcproj/WTF/WTF.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * runtime/Options.cpp: (JSC::Options::initializeOptions): * wtf/CMakeLists.txt: * wtf/NumberOfCores.cpp: Added. (WTF::numberOfProcessorCores): * wtf/NumberOfCores.h: Added. * wtf/ParallelJobsGeneric.cpp: (WTF::ParallelEnvironment::ParallelEnvironment): * wtf/ParallelJobsGeneric.h: 2012-01-18 Balazs Kelemen [Qt] Consolidate layout test crash logging https://bugs.webkit.org/show_bug.cgi?id=75088 Reviewed by Simon Hausmann. Move backtrace generating logic into WTFReportBacktrace and add a way to deinstall signal handlers if we know that we have already printed the backtrace. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * wtf/Assertions.cpp: (WTFLogLocker::WTFReportBacktrace): (WTFLogLocker::WTFSetCrashHook): (WTFLogLocker::WTFInvokeCrashHook): * wtf/Assertions.h: 2012-01-17 Geoffrey Garen Factored out some code into a helper function. I think this might help getting rid of omit-frame-pointer. Reviewed by Sam Weinig. No benchmark change. * runtime/StringPrototype.cpp: (JSC::removeUsingRegExpSearch): Moved to here... (JSC::replaceUsingRegExpSearch): ...from here. 2012-01-17 Caio Marcelo de Oliveira Filho Uint8ClampedArray support https://bugs.webkit.org/show_bug.cgi?id=74455 Reviewed by Filip Pizlo. * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * bytecode/PredictedType.cpp: (JSC::predictionToString): (JSC::predictionFromClassInfo): * bytecode/PredictedType.h: (JSC::isUint8ClampedArrayPrediction): (JSC::isActionableMutableArrayPrediction): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::initialize): (JSC::DFG::AbstractState::execute): * dfg/DFGNode.h: (JSC::DFG::Node::shouldSpeculateUint8ClampedArray): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): (JSC::DFG::Propagator::fixupNode): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArgumentTypes): (JSC::DFG::clampDoubleToByte): (JSC::DFG::compileClampIntegerToByte): (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/JSCell.h: * runtime/JSGlobalData.h: * wtf/Forward.h: * wtf/Uint8Array.h: * wtf/Uint8ClampedArray.h: Added. (WTF::Uint8ClampedArray::set): (WTF::Uint8ClampedArray::create): (WTF::Uint8ClampedArray::Uint8ClampedArray): (WTF::Uint8ClampedArray::subarray): 2012-01-17 Sam Weinig Add helper macro for forward declaring objective-c classes https://bugs.webkit.org/show_bug.cgi?id=76485 Reviewed by Anders Carlsson. * wtf/Compiler.h: Add OBJC_CLASS macro which helps reduce code when forward declaring an objective-c class in a header which can be included from both Objective-C and non-Objective-C files. 2012-01-17 Filip Pizlo DFG should be able to do JS and custom getter caching https://bugs.webkit.org/show_bug.cgi?id=76361 Reviewed by Csaba Osztrogonác. Fix for 32-bit. * dfg/DFGRepatch.cpp: (JSC::DFG::tryBuildGetByIDList): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2012-01-15 Filip Pizlo DFG should be able to do JS and custom getter caching https://bugs.webkit.org/show_bug.cgi?id=76361 Reviewed by Geoff Garen. Added the ability to cache JS getter calls and custom getter calls in the DFG. Most of this is pretty mundane, since the old JIT supported this functionality as well. But a couple interesting things had to happen: - There are now two variants of GetById: GetById, which works as before, and GetByIdFlush, which flushes registers prior to doing the GetById. Only GetByIdFlush can be used for caching getters. We detect which GetById style to use by looking at the inline caches of the old JIT. - Exception handling for getter calls planted in stubs uses a separate lookup handler routine, which uses the CodeOrigin stored in the StructureStubInfo. This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and Kraken. * bytecode/StructureStubInfo.h: * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::emitExceptionCheck): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::willNeedFlush): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCCallHelpers.h: (JSC::DFG::CCallHelpers::setupResults): * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): * dfg/DFGJITCompiler.h: (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord): (JSC::DFG::JITCompiler::addExceptionCheck): * dfg/DFGNode.h: (JSC::DFG::Node::hasIdentifier): (JSC::DFG::Node::hasHeapPrediction): * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): * dfg/DFGRepatch.cpp: (JSC::DFG::tryCacheGetByID): (JSC::DFG::tryBuildGetByIDList): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::cachedGetById): (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::cachedGetById): (JSC::DFG::SpeculativeJIT::compile): 2012-01-16 Jon Lee Build fix for r105086. * Configurations/FeatureDefines.xcconfig: * wtf/Platform.h: 2012-01-16 Jon Lee Remove HTML notifications support on Mac https://bugs.webkit.org/show_bug.cgi?id=76401 Reviewed by Sam Weinig. * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro. 2012-01-16 Zeno Albisser [Qt] Fix QT_VERSION related warnings when building on Mac OS X https://bugs.webkit.org/show_bug.cgi?id=76340 This bug was caused by r104826. As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239 we should not use "using namespace WebCore" in header files, because it might cause ambiguous references. This patch reverts the changes from r104826 and r104981 and removes the "using namespace WebCore" statement from two header files. Reviewed by Tor Arne Vestbø. * wtf/Platform.h: 2012-01-16 Carlos Garcia Campos Unreviewed. Fix make distcheck. * GNUmakefile.list.am: Fix typo. 2012-01-16 Pavel Heimlich Solaris Studio supports alignment macros too https://bugs.webkit.org/show_bug.cgi?id=75453 Reviewed by Hajime Morita. * wtf/Alignment.h: 2012-01-16 Yuqiang Xian Build fix on 32bit if verbose debug is enabled in DFG https://bugs.webkit.org/show_bug.cgi?id=76351 Reviewed by Hajime Morita. Mostly change "%lu" to "%zu" to print a "size_t" variable. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::endBasicBlock): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::parseBlock): (JSC::DFG::ByteCodeParser::parseCodeBlock): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::predictArgumentTypes): * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): * dfg/DFGOSREntry.cpp: (JSC::DFG::prepareOSREntry): 2012-01-15 Filip Pizlo The C calling convention logic in DFG::SpeculativeJIT should be available even when not generating code for the DFG speculative path https://bugs.webkit.org/show_bug.cgi?id=76355 Reviewed by Dan Bernstein. Moved all of the logic for placing C call arguments into the right place (stack or registers) into a new class, DFG::CCallHelpers. This class inherits from AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved this code into AssemblyHelpers, but decided against it, because I wanted to limit the number of methods each class in the JIT has. Hence now we have a slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers (understands calls to C functions) <= JITCompiler (can compile a graph to machine code). Each of these except for JITCompiler can be reused for stub compilation. * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGCCallHelpers.h: Added. (JSC::DFG::CCallHelpers::CCallHelpers): (JSC::DFG::CCallHelpers::resetCallArguments): (JSC::DFG::CCallHelpers::addCallArgument): (JSC::DFG::CCallHelpers::setupArguments): (JSC::DFG::CCallHelpers::setupArgumentsExecState): (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): (JSC::DFG::CCallHelpers::setupTwoStubArgs): (JSC::DFG::CCallHelpers::setupStubArguments): * dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::JITCompiler): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callOperation): 2012-01-15 Pablo Flouret Fix compilation errors on build-webkit --debug --no-video on mac. https://bugs.webkit.org/show_bug.cgi?id=75867 Reviewed by Philippe Normand. Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature doesn't build without video. * wtf/Platform.h: 2012-01-14 David Levin HWndDC should be in platform/win instead of wtf. https://bugs.webkit.org/show_bug.cgi?id=76314 Reviewed by Sam Weinig. * JavaScriptCore.gyp/JavaScriptCore.gyp: * JavaScriptCore.gypi: 2012-01-13 David Levin check-webkit-style: should encourage the use of Own* classes for Windows DC. https://bugs.webkit.org/show_bug.cgi?id=76227 Reviewed by Dirk Pranke. * wtf/win/HWndDCWin.h: (WTF::HwndDC::HwndDC): Add a way to do GetDCEx. There are no users, but I want to catch this in check-webkit-style and tell any users to use HwndDC to avoid leaks. 2012-01-13 David Levin Header file is missing header guard. Reviewed by Dirk Pranke. * wtf/win/HWndDCWin.h: Added the guards. 2012-01-13 Andy Wingo Eval in strict mode does not need dynamic checks https://bugs.webkit.org/show_bug.cgi?id=76286 Reviewed by Oliver Hunt. * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation): Eval in strict mode cannot introduce variables, so it not impose the need for dynamic checks. 2012-01-13 David Levin HWndDC is a better name than HwndDC. https://bugs.webkit.org/show_bug.cgi?id=76281 Reviewed by Darin Adler. * JavaScriptCore.gyp/JavaScriptCore.gyp: * JavaScriptCore.gypi: * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h. (WTF::HWndDC::HWndDC): (WTF::HWndDC::~HWndDC): (WTF::HWndDC::operator HDC): 2012-01-13 YoungTaeck Song [EFL] Add OwnPtr specialization for Eina_Module. https://bugs.webkit.org/show_bug.cgi?id=76255 Reviewed by Andreas Kling. Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port. * wtf/OwnPtrCommon.h: * wtf/efl/OwnPtrEfl.cpp: (WTF::deleteOwnedPtr): 2012-01-13 Yuqiang Xian Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): 2012-01-12 Hajime Morrita JavaScriptCore: Mark all exported symbols in the header file automatically. https://bugs.webkit.org/show_bug.cgi?id=72855 Reviewed by Darin Adler. Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files. The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables) * API/OpaqueJSString.h: * bytecode/CodeBlock.h: * bytecode/SamplingTool.h: * debugger/Debugger.h: * debugger/DebuggerActivation.h: * debugger/DebuggerCallFrame.h: * heap/AllocationSpace.h: * heap/HandleHeap.h: * heap/Heap.h: * heap/MachineStackMarker.h: * heap/MarkStack.h: * heap/VTableSpectrum.h: * heap/WriteBarrierSupport.h: * parser/Nodes.h: * parser/ParserArena.h: * profiler/Profile.h: * runtime/ArgList.h: * runtime/CallData.h: * runtime/Completion.h: * runtime/ConstructData.h: * runtime/DateInstance.h: * runtime/Error.h: * runtime/ExceptionHelpers.h: * runtime/FunctionConstructor.h: * runtime/Identifier.h: * runtime/InitializeThreading.h: * runtime/InternalFunction.h: * runtime/JSArray.h: * runtime/JSByteArray.h: * runtime/JSCell.h: * runtime/JSFunction.h: * runtime/JSGlobalData.cpp: * runtime/JSGlobalData.h: * runtime/JSGlobalObject.h: * runtime/JSGlobalThis.h: * runtime/JSLock.h: * runtime/JSObject.h: * runtime/JSString.h: * runtime/JSValue.h: * runtime/JSVariableObject.h: * runtime/Lookup.h: * runtime/MemoryStatistics.h: * runtime/ObjectPrototype.h: * runtime/Options.h: * runtime/PropertyDescriptor.h: * runtime/PropertyNameArray.h: * runtime/PropertySlot.h: * runtime/RegExp.h: * runtime/RegExpObject.h: * runtime/SamplingCounter.h: * runtime/SmallStrings.h: * runtime/StringObject.h: * runtime/Structure.h: * runtime/TimeoutChecker.h: * runtime/UString.h: * runtime/WriteBarrier.h: * wtf/ArrayBufferView.h: * wtf/ByteArray.h: * wtf/CryptographicallyRandomNumber.h: * wtf/CurrentTime.h: * wtf/DateMath.h: * wtf/DecimalNumber.h: * wtf/FastMalloc.cpp: * wtf/FastMalloc.h: * wtf/MD5.h: * wtf/MainThread.h: * wtf/MetaAllocator.h: * wtf/MetaAllocatorHandle.h: * wtf/OSAllocator.h: * wtf/PageBlock.h: * wtf/RandomNumber.h: * wtf/RefCountedLeakCounter.h: * wtf/SHA1.h: * wtf/Threading.cpp: * wtf/Threading.h: * wtf/ThreadingPrimitives.h: * wtf/WTFThreadData.h: * wtf/dtoa.h: * wtf/text/AtomicString.h: * wtf/text/CString.h: * wtf/text/StringBuilder.h: * wtf/text/StringImpl.h: * wtf/text/WTFString.h: * wtf/unicode/Collator.h: * wtf/unicode/UTF8.h: * yarr/Yarr.h: * yarr/YarrPattern.h: 2012-01-12 MORITA Hajime [Chromium] JSExportMacros.h should be visible. https://bugs.webkit.org/show_bug.cgi?id=76147 Reviewed by Tony Chang. * config.h: 2012-01-12 David Levin HwndDC is a better name than OwnGetDC. https://bugs.webkit.org/show_bug.cgi?id=76235 Reviewed by Dmitry Titov. This is a better name for two reasons: 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC). 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr) classes always take something to hold on to. In this case, the object (the DC) is created by the class once it is given a Window to ensure that the HDC was actually created using GetDC. * JavaScriptCore.gyp/JavaScriptCore.gyp: * JavaScriptCore.gypi: * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h. (WTF::HwndDC::HwndDC): (WTF::HwndDC::~HwndDC): (WTF::HwndDC::operator HDC): 2012-01-12 Gavin Barraclough Clean up putDirect (part 2) https://bugs.webkit.org/show_bug.cgi?id=76232 Reviewed by Sam Weinig. Rename putWithAttributes to putDirectVirtual, to identify that this has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal to be templated on an enum indicating which behaviour it is supposed to be implementing, and change clients that are defining properties to call putDirectInternal correctly. * API/JSObjectRef.cpp: (JSObjectSetProperty): * JavaScriptCore.exp: * debugger/DebuggerActivation.cpp: (JSC::DebuggerActivation::putDirectVirtual): * debugger/DebuggerActivation.h: * interpreter/Interpreter.cpp: (JSC::Interpreter::execute): * runtime/ClassInfo.h: * runtime/Error.cpp: (JSC::addErrorInfo): * runtime/JSActivation.cpp: (JSC::JSActivation::putDirectVirtual): * runtime/JSActivation.h: * runtime/JSCell.cpp: (JSC::JSCell::putDirectVirtual): * runtime/JSCell.h: * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::putDirectVirtual): * runtime/JSGlobalObject.h: * runtime/JSObject.cpp: (JSC::JSObject::put): (JSC::JSObject::putDirectVirtual): (JSC::JSObject::defineGetter): (JSC::JSObject::initializeGetterSetterProperty): (JSC::JSObject::defineSetter): (JSC::putDescriptor): * runtime/JSObject.h: (JSC::JSObject::putDirectInternal): (JSC::JSObject::putOwnDataProperty): (JSC::JSObject::putDirect): * runtime/JSStaticScopeObject.cpp: (JSC::JSStaticScopeObject::putDirectVirtual): * runtime/JSStaticScopeObject.h: * runtime/JSVariableObject.cpp: (JSC::JSVariableObject::putDirectVirtual): * runtime/JSVariableObject.h: 2012-01-12 Gavin Barraclough Clean up putDirect (part 1) https://bugs.webkit.org/show_bug.cgi?id=76232 Reviewed by Sam Weinig. putDirect has ambiguous semantics, clean these up a bit. putDirect generally behaves a bit like a fast defineOwnProperty, but one that always creates the property, with no checking to validate the put it permitted. It also encompasses two slightly different behaviors. (1) a fast form of put for JSActivation, which doesn't have to handle searching the prototype chain, getter/setter properties, or the magic __proto__ value. Break this out as a new method, 'putOwnDataProperty'. (2) the version of putDirect on JSValue will also check for overwriting ReadOnly values, in strict mode. This is, however, not so smart on a few level, since it is only called from op_put_by_id with direct set, which is only used with an object as the base, and is only used to put new properties onto objects. * dfg/DFGOperations.cpp: * interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): * runtime/JSActivation.cpp: (JSC::JSActivation::put): * runtime/JSFunction.cpp: (JSC::JSFunction::getOwnPropertySlot): * runtime/JSObject.h: (JSC::JSObject::putOwnDataProperty): * runtime/JSValue.h: 2012-01-12 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=76141 defineSetter/defineGetter may fail to update Accessor attribute Reviewed by Oliver Hunt. * runtime/JSObject.cpp: (JSC::JSObject::defineGetter): (JSC::JSObject::initializeGetterSetterProperty): (JSC::JSObject::defineSetter): * runtime/Structure.cpp: (JSC::Structure::attributeChangeTransition): * runtime/Structure.h: 2012-01-12 David Levin [chromium] Fix DC leak in WebScreenInfoFactory. https://bugs.webkit.org/show_bug.cgi?id=76203 Reviewed by Dmitry Titov. * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h * JavaScriptCore.gypi: Added OwnGetDCWin.h * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC. 2012-01-11 Gavin Barraclough Allow accessor get/set property to be set to undefined https://bugs.webkit.org/show_bug.cgi?id=76148 Reviewed by Oliver Hunt. AccessorDescriptor properties may have their get & set properties defined to reference a function (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object). On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and any JSObject* (with a constraint that this must be callable). Logically the get/set property of an accessor descriptor on an object might be in any of the three states above, but in practice there is no way to distinguish between the first two states. As such we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value. * runtime/GetterSetter.h: (JSC::GetterSetter::setGetter): (JSC::GetterSetter::setSetter): - Allow the getter/setter to be cleared. * runtime/JSArray.cpp: (JSC::JSArray::putDescriptor): - Changed to call getterObject/setterObject. (JSC::JSArray::defineOwnNumericProperty): - Added ASSERT. * runtime/JSObject.cpp: (JSC::putDescriptor): (JSC::JSObject::defineOwnProperty): - Changed to call getterObject/setterObject. * runtime/ObjectConstructor.cpp: (JSC::objectConstructorGetOwnPropertyDescriptor): - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'. (JSC::toPropertyDescriptor): - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined. * runtime/PropertyDescriptor.cpp: (JSC::PropertyDescriptor::getterObject): (JSC::PropertyDescriptor::setterObject): - Accessors to convert the get/set property to an object pointer, converting undefined to 0. (JSC::PropertyDescriptor::setDescriptor): (JSC::PropertyDescriptor::setAccessorDescriptor): - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present. * runtime/PropertyDescriptor.h: - Declare getterObject/setterObject. 2012-01-12 Zeno Albisser [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560. https://bugs.webkit.org/show_bug.cgi?id=76175 Defining ENABLE_CSS_FILTERS leads to ambiguous references due to MacTypes.h being included. Defining CF_OPEN_SOURCE works around this problem. Reviewed by Simon Hausmann. * wtf/Platform.h: 2012-01-12 Simon Hausmann Make the new WTF module build on Qt https://bugs.webkit.org/show_bug.cgi?id=76163 Reviewed by Tor Arne Vestbø. * JavaScriptCore.pro: Removed wtf from the subdirs to build. 2012-01-11 Filip Pizlo CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter https://bugs.webkit.org/show_bug.cgi?id=76144 Rubber stamped by Gavin Barraclough. * bytecode/CodeBlock.h: (JSC::CodeBlock::addressOfJITExecuteCounter): (JSC::CodeBlock::offsetOfJITExecuteCounter): (JSC::CodeBlock::jitExecuteCounter): (JSC::CodeBlock::optimizeNextInvocation): (JSC::CodeBlock::dontOptimizeAnytimeSoon): (JSC::CodeBlock::optimizeAfterWarmUp): (JSC::CodeBlock::optimizeAfterLongWarmUp): (JSC::CodeBlock::optimizeSoon): * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * jit/JIT.cpp: (JSC::JIT::emitOptimizationCheck): 2012-01-11 Gavin Barraclough Merge 'Getter'/'Setter' attributes into 'Accessor' https://bugs.webkit.org/show_bug.cgi?id=76141 Reviewed by Filip Pizlo. These are currently ambiguous (and used inconsistently). It would logically appear that either being bit set implies that the corresponding type of accessor is present but (a) we don't correctly enforce this, and (b) this means the attributes would not be able to distinguish between a data descriptor and an accessor descriptor with neither a getter nor setter defined (which is a descriptor permissible under the spec). This ambiguity would lead to unsafe property caching behavior (though this does not represent an actual current bug, since we are currently unable to create descriptors that have neither a getter nor setter, it just prevents us from doing so). * runtime/Arguments.cpp: (JSC::Arguments::createStrictModeCallerIfNecessary): (JSC::Arguments::createStrictModeCalleeIfNecessary): * runtime/JSArray.cpp: (JSC::SparseArrayValueMap::put): (JSC::JSArray::putDescriptor): * runtime/JSBoundFunction.cpp: (JSC::JSBoundFunction::finishCreation): * runtime/JSFunction.cpp: (JSC::JSFunction::getOwnPropertySlot): (JSC::JSFunction::getOwnPropertyDescriptor): * runtime/JSObject.cpp: (JSC::JSObject::defineGetter): (JSC::JSObject::initializeGetterSetterProperty): (JSC::JSObject::defineSetter): (JSC::putDescriptor): (JSC::JSObject::defineOwnProperty): * runtime/JSObject.h: * runtime/ObjectConstructor.cpp: (JSC::objectConstructorDefineProperty): * runtime/PropertyDescriptor.cpp: (JSC::PropertyDescriptor::setDescriptor): (JSC::PropertyDescriptor::setAccessorDescriptor): (JSC::PropertyDescriptor::setSetter): (JSC::PropertyDescriptor::setGetter): (JSC::PropertyDescriptor::attributesOverridingCurrent): 2012-01-11 Gavin Barraclough Object.defineProperty([], 'length', {}) should not make length read-only https://bugs.webkit.org/show_bug.cgi?id=76097 Reviewed by Oliver Hunt. * runtime/JSArray.cpp: (JSC::JSArray::defineOwnProperty): - We should be checking writablePresent(). 2012-01-11 Filip Pizlo Code duplication for invoking the JIT and DFG should be reduced https://bugs.webkit.org/show_bug.cgi?id=76117 Rubber stamped by Geoff Garen. * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * jit/JITDriver.h: Added. (JSC::jitCompileIfAppropriate): (JSC::jitCompileFunctionIfAppropriate): * runtime/Executable.cpp: (JSC::EvalExecutable::compileInternal): (JSC::ProgramExecutable::compileInternal): (JSC::FunctionExecutable::compileForCallInternal): (JSC::FunctionExecutable::compileForConstructInternal): 2012-01-11 Geoffrey Garen Bytecode dumping is broken for call opcodes (due to two new operands) https://bugs.webkit.org/show_bug.cgi?id=75886 Reviewed by Oliver Hunt. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have to fix this more than once. The helper function skips the extra two operands at the end of the opcode, used for optimization. (JSC::CodeBlock::dump): Used the helper function. * bytecode/CodeBlock.h: Declared the helper function. 2012-01-09 Geoffrey Garen REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken) https://bugs.webkit.org/show_bug.cgi?id=75911 * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to explicitly cast to our return type in C++. * bytecompiler/NodesCodegen.cpp: (JSC::FunctionCallResolveNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function into a temporary register before evaluating our arguments, since argument evaluation might include function calls or assignments that overwrite our callee by name. 2012-01-11 Michael Saboff v8-regexp spends 35% of its time allocating and copying internal regexp results data https://bugs.webkit.org/show_bug.cgi?id=76079 Reviewed by Geoffrey Garen. Added a new RegExpResults struct that has the input string, the number of subexpressions and the output vector. Changed RegExpConstructor to include a RegExpConstructorPrivate instead of having a reference to one. Changed RegExpMatchesArray to include a RegExpResults instead of a reference to a RegExpConstructorPrivate. Created an overloaded assignment operator to assign a RegExpConstructorPrivate to a RegExpResults. Collectively this change is worth 24% performance improvement to v8-regexp. * runtime/RegExpConstructor.cpp: (JSC::RegExpResult::operator=): (JSC::RegExpConstructor::RegExpConstructor): (JSC::RegExpMatchesArray::RegExpMatchesArray): (JSC::RegExpMatchesArray::finishCreation): (JSC::RegExpMatchesArray::~RegExpMatchesArray): (JSC::RegExpMatchesArray::fillArrayInstance): (JSC::RegExpConstructor::arrayOfMatches): (JSC::RegExpConstructor::getBackref): (JSC::RegExpConstructor::getLastParen): (JSC::RegExpConstructor::getLeftContext): (JSC::RegExpConstructor::getRightContext): (JSC::RegExpConstructor::setInput): (JSC::RegExpConstructor::input): (JSC::RegExpConstructor::setMultiline): (JSC::RegExpConstructor::multiline): * runtime/RegExpConstructor.h: (JSC::RegExpResult::RegExpResult): (JSC::RegExpConstructor::performMatch): * runtime/RegExpMatchesArray.h: (JSC::RegExpMatchesArray::create): (JSC::RegExpMatchesArray::getOwnPropertySlot): (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): (JSC::RegExpMatchesArray::getOwnPropertyDescriptor): (JSC::RegExpMatchesArray::put): (JSC::RegExpMatchesArray::putByIndex): (JSC::RegExpMatchesArray::deleteProperty): (JSC::RegExpMatchesArray::deletePropertyByIndex): (JSC::RegExpMatchesArray::getOwnPropertyNames): 2012-01-11 Eugene Girard Typo in error message: Unexpected token 'defualt' https://bugs.webkit.org/show_bug.cgi?id=75105 Reviewed by Simon Fraser. * parser/Parser.h: (JSC::Parser::getTokenName): 2012-01-11 Anders Carlsson Assertion failure in JSC::allocateCell trying to allocate a JSString https://bugs.webkit.org/show_bug.cgi?id=76101 Reviewed by Adam Roben. Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and export them explicitly using the JS_EXPORTDATA macro. member variables explicitly using * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * runtime/Executable.h: * runtime/JSString.h: 2012-01-10 Mark Rowe jsc should install directly in to versioned Resources subfolder This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT as JavaScriptCore.framework or in to a different one. Rubber-stamped by Dan Bernstein. * Configurations/JSC.xcconfig: Update INSTALL_PATH. 2012-01-10 Filip Pizlo DFG inlining block linking compares BlockIndex against bytecode index https://bugs.webkit.org/show_bug.cgi?id=76018 Reviewed by Gavin Barraclough. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseCodeBlock): 2012-01-10 Filip Pizlo CodeBlock.h declares too many things https://bugs.webkit.org/show_bug.cgi?id=76001 Rubber stamped by Gavin Barraclough. Removed all non-CodeBlock type declarations from CodeBlock.h, and put them into separate header files. Also removed all non-CodeBlock method implementations from CodeBlock.cpp and put them into corresponding cpp files. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * assembler/RepatchBuffer.h: * bytecode/CallLinkInfo.cpp: Added. (JSC::CallLinkInfo::unlink): * bytecode/CallLinkInfo.h: Added. (JSC::CallLinkInfo::callTypeFor): (JSC::CallLinkInfo::CallLinkInfo): (JSC::CallLinkInfo::~CallLinkInfo): (JSC::CallLinkInfo::isLinked): (JSC::CallLinkInfo::seenOnce): (JSC::CallLinkInfo::setSeen): (JSC::getCallLinkInfoReturnLocation): (JSC::getCallLinkInfoBytecodeIndex): * bytecode/CallReturnOffsetToBytecodeOffset.h: Added. (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset): (JSC::getCallReturnOffset): * bytecode/CodeBlock.cpp: * bytecode/CodeBlock.h: * bytecode/CodeType.h: Added. * bytecode/ExpressionRangeInfo.h: Added. * bytecode/GlobalResolveInfo.h: Added. (JSC::GlobalResolveInfo::GlobalResolveInfo): * bytecode/HandlerInfo.h: Added. * bytecode/LineInfo.h: Added. * bytecode/MethodCallLinkInfo.cpp: Added. (JSC::MethodCallLinkInfo::reset): * bytecode/MethodCallLinkInfo.h: Added. (JSC::MethodCallLinkInfo::MethodCallLinkInfo): (JSC::MethodCallLinkInfo::seenOnce): (JSC::MethodCallLinkInfo::setSeen): (JSC::getMethodCallLinkInfoReturnLocation): (JSC::getMethodCallLinkInfoBytecodeIndex): * bytecode/StructureStubInfo.h: (JSC::getStructureStubInfoReturnLocation): (JSC::getStructureStubInfoBytecodeIndex): 2012-01-10 Anders Carlsson Hang opening movie that requires authentication https://bugs.webkit.org/show_bug.cgi?id=75989 Reviewed by Sam Weinig. * wtf/Functional.h: Add function wrapper for a function that takes three parameters. 2012-01-10 Filip Pizlo CodeBlock::m_numParameters should be encapsulated https://bugs.webkit.org/show_bug.cgi?id=75985 Reviewed by Oliver Hunt. Encapsulated CodeBlock::m_numParameters and hooked argument profile creation into it. This appears to be performance neutral. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::setNumParameters): (JSC::CodeBlock::addParameter): * bytecode/CodeBlock.h: (JSC::CodeBlock::numParameters): (JSC::CodeBlock::addressOfNumParameters): (JSC::CodeBlock::offsetOfNumParameters): (JSC::CodeBlock::numberOfArgumentValueProfiles): * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::addParameter): (JSC::BytecodeGenerator::emitReturn): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::AbstractState): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::ByteCodeParser): (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::predictArgumentTypes): * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileFunction): * dfg/DFGOperations.cpp: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArgumentTypes): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::SpeculativeJIT): * interpreter/Interpreter.cpp: (JSC::Interpreter::slideRegisterWindowForCall): (JSC::Interpreter::dumpRegisters): (JSC::Interpreter::execute): (JSC::Interpreter::prepareForRepeatCall): * jit/JIT.cpp: (JSC::JIT::privateCompile): * jit/JITStubs.cpp: (JSC::arityCheckFor): (JSC::lazyLinkFor): * runtime/Executable.cpp: (JSC::FunctionExecutable::compileForCallInternal): (JSC::FunctionExecutable::compileForConstructInternal): 2012-01-10 Gavin Barraclough Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935 Fix 32-bit builds. * runtime/JSArray.cpp: (JSC::JSArray::getOwnPropertyNames): (JSC::JSArray::setLength): 2012-01-10 Gavin Barraclough Windows build fix. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2012-01-10 Gavin Barraclough Do not allow Array length to be set if it is non-configurable https://bugs.webkit.org/show_bug.cgi?id=75935 Reviewed by Sam Weinig. Do not allow Array length to be set if it is non-configurable, and if the new length is less than the old length then intervening properties should removed in reverse order. Removal of properties should cease if an intervening indexed property being removed is non-configurable. * JavaScriptCore.exp: - Removed export for setLength. * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncConcat): - JSArray::setLength now takes an ExecState* (JSC::arrayProtoFuncSlice): - JSArray::setLength now takes an ExecState* * runtime/JSArray.cpp: (JSC::JSArray::defineOwnProperty): - JSArray::setLength now takes an ExecState* (JSC::JSArray::put): - JSArray::setLength now takes an ExecState* (JSC::compareKeysForQSort): - Keys extracted from the map can be stored as unsigneds. (JSC::JSArray::getOwnPropertyNames): - Keys extracted from the map can be stored as unsigneds. (JSC::JSArray::setLength): - Check lengthIsReadOnly(), rather than copying the entire map to iterate over to determine which keys to remove, instead just copy the keys from the map to a Vector. When inSparseMode sort the keys in the Vector so that we can remove properties in reverse order. * runtime/JSArray.h: - JSArray::setLength now takes an ExecState* 2012-01-10 Gavin Barraclough Use SameValue to compare property descriptor values https://bugs.webkit.org/show_bug.cgi?id=75975 Reviewed by Sam Weinig. Rather than strictEqual. * runtime/JSArray.cpp: (JSC::JSArray::defineOwnNumericProperty): - Missing configurablePresent() check. * runtime/JSObject.cpp: (JSC::JSObject::defineOwnProperty): - call sameValue. * runtime/PropertyDescriptor.cpp: (JSC::sameValue): - Moved from JSArray.cpp, fix NaN comparison. (JSC::PropertyDescriptor::equalTo): - call sameValue. * runtime/PropertyDescriptor.h: - Added declaration for sameValue. 2012-01-09 Gavin Barraclough Error handling : in ISO8601 timezone https://bugs.webkit.org/show_bug.cgi?id=75919 Reviewed by Sam Weinig. * wtf/DateMath.cpp: (WTF::parseDateFromNullTerminatedCharacters): - need to increment the string position. 2012-01-09 Mark Rowe JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target / We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit dependencies prevent this. Reviewed by Dan Bernstein. * JavaScriptCore.xcodeproj/project.pbxproj: 2012-01-09 Adam Treat Log is a little to verbose for blackberry port https://bugs.webkit.org/show_bug.cgi?id=75728 The BlackBerry::Platform::Log* functions take care of the call to vfprintf which is resulting in unintentional noise in our logs. Add a conditional directive to fix. Change to using BlackBerry::Platform::logStreamV which does not insert threading info and newlines unlike BlackBerry::Platform::log. Finally, add log locking and unlocking which the BlackBerry platform uses to ensure that N threads do not trample on each other's logs. Reviewed by Rob Buis. * wtf/Assertions.cpp: (WTFLogLocker::WTFReportAssertionFailure): (WTFLogLocker::WTFReportAssertionFailureWithMessage): (WTFLogLocker::WTFReportArgumentAssertionFailure): (WTFLogLocker::WTFReportFatalError): (WTFLogLocker::WTFReportError): (WTFLogLocker::WTFLog): (WTFLogLocker::WTFLogVerbose): 2012-01-09 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75789 defineOwnProperty not implemented for Array objects Reviewed by Sam Weinig. Implements support for getter/setter & non-default attribute properties on arrays, by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262 test failures. * JavaScriptCore.exp: - Updated exports. * dfg/DFGOperations.cpp: - JSArray::pop now requires an exec state. * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncPop): - JSArray::pop now requires an exec state. * runtime/JSArray.cpp: (JSC::SparseArrayValueMap::add): - Add a potentially empty entry into the map. (JSC::SparseArrayValueMap::put): - Changed to call setter. (JSC::SparseArrayEntry::get): - calls getters. (JSC::SparseArrayEntry::getNonSparseMode): - does not call getters. (JSC::JSArray::enterSparseMode): - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated. (JSC::JSArray::putDescriptor): - Create a numeric property based on a descriptor. (JSC::sameValue): - See ES5.1 9.12. (JSC::reject): - Helper for the [[DefineOwnProperty]] algorithm. (JSC::JSArray::defineOwnNumericProperty): - Define an indexed property on an array object. (JSC::JSArray::setLengthWritable): - Marks the length read-only, enters SparseMode as necessary. (JSC::JSArray::defineOwnProperty): - Defines either an indexed property or 'length' on an array object. (JSC::JSArray::getOwnPropertySlotByIndex): - Updated to correctly handle accessor descriptors & attributes. (JSC::JSArray::getOwnPropertyDescriptor): - Updated to correctly handle accessor descriptors & attributes. (JSC::JSArray::put): - Pass strict mode flag to setLength. (JSC::JSArray::putByIndex): - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. (JSC::JSArray::putByIndexBeyondVectorLength): - Pass exec to SparseArrayValueMap::put. (JSC::JSArray::deletePropertyByIndex): - Do not allow deletion of non-configurable properties. (JSC::compareKeysForQSort): - used in implementation of getOwnPropertyNames. (JSC::JSArray::getOwnPropertyNames): - Properties in the sparse map should be iterated in order. (JSC::JSArray::setLength): - Updated to take a 'shouldThrow' flag, return a result indicating error. (JSC::JSArray::pop): - pop should throw an error if length is not writable, even if the array is empty. (JSC::JSArray::push): - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&. (JSC::JSArray::sort): - Changed 'get' to 'getNonSparseMode' (can't be getters to call). (JSC::JSArray::compactForSorting): - Changed 'get' to 'getNonSparseMode' (can't be getters to call). * runtime/JSArray.h: (JSC::SparseArrayValueMap::lengthIsReadOnly): - Check if the length is read only. (JSC::SparseArrayValueMap::setLengthIsReadOnly): - Mark the length as read only. (JSC::SparseArrayValueMap::find): - Moved into header. (JSC::JSArray::isLengthWritable): - Wraps SparseArrayValueMap::lengthIsReadOnly. * runtime/JSObject.cpp: (JSC::JSObject::defineOwnProperty): - Should be returning the result of putDescriptor. * runtime/PropertyDescriptor.cpp: (JSC::PropertyDescriptor::attributesOverridingCurrent): - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride. * runtime/PropertyDescriptor.h: - Added attributesOverridingCurrent. 2012-01-09 Pavel Heimlich There is no support for fastcall in Solaris Studio. Fixes build on Solaris. https://bugs.webkit.org/show_bug.cgi?id=75736 Reviewed by Gavin Barraclough. * jit/JITStubs.h: 2012-01-09 Pavel Heimlich Fix build failure on Solaris https://bugs.webkit.org/show_bug.cgi?id=75733 Reviewed by Gavin Barraclough. * wtf/ByteArray.h: 2012-01-01 Raphael Kubo da Costa [CMake] Clean up some cruft from WTF's CMakeLists.txt https://bugs.webkit.org/show_bug.cgi?id=75420 Reviewed by Daniel Bates. * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add all needed paths to WTF_INCLUDE_DIRECTORIES in a single place. 2012-01-08 Xianzhu Wang Fix compilation error about ListHashSetReverseIterator https://bugs.webkit.org/show_bug.cgi?id=75372 Reviewed by Darin Adler. There is a typo in class ListHashSetReverseIterator: typedef ListHashSetConstIterator const_reverse_iterator; Should be typedef ListHashSetConstReverseIterator const_reverse_iterator; * wtf/ListHashSet.h: 2012-01-08 Ryosuke Niwa WinCE build fix after r104415. * jit/JITExceptions.cpp: * jit/JITExceptions.h: 2012-01-08 Filip Pizlo The JIT's protocol for exception handling should be available to other parts of the system https://bugs.webkit.org/show_bug.cgi?id=75808 Reviewed by Oliver Hunt. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * jit/JITExceptions.cpp: Added. (JSC::genericThrow): (JSC::jitThrow): * jit/JITExceptions.h: Added. * jit/JITStubs.cpp: * runtime/JSGlobalData.h: 2012-01-06 Hajime Morrita https://bugs.webkit.org/show_bug.cgi?id=75296 JSString should not have JS_EXPORTCLASS annotation Reviewed by Kevin Ollivier. * runtime/JSString.h: Removed JS_EXPORTCLASS annotation. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added missing symbols which were hidden by JS_EXPORTCLASS. 2012-01-06 Michael Saboff JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound() https://bugs.webkit.org/show_bug.cgi?id=75757 Reviewed by Gavin Barraclough. * runtime/JSArray.cpp: (JSC::JSArray::pop): Changed map->end() to map->notFound(). 2012-01-06 Filip Pizlo JIT stub slow paths that would be identical to that of an interpreter should be factored out https://bugs.webkit.org/show_bug.cgi?id=75743 Reviewed by Geoff Garen. * GNUmakefile.list.am: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): * runtime/CommonSlowPaths.h: Added. (JSC::CommonSlowPaths::opInstanceOfSlow): (JSC::CommonSlowPaths::opIn): (JSC::CommonSlowPaths::opResolve): (JSC::CommonSlowPaths::opResolveSkip): (JSC::CommonSlowPaths::opResolveWithBase): (JSC::CommonSlowPaths::opResolveWithThis): 2012-01-06 Sam Weinig Fix windows build. * wtf/TypeTraits.cpp: 2012-01-05 Michael Saboff Default HashTraits for Opcode don't work for Opcode = 0 https://bugs.webkit.org/show_bug.cgi?id=75595 Reviewed by Oliver Hunt. Removed the populating of the m_opcodeIDTable table in the case where the OpcodeID and Opcode are the same (m_enabled is false). Instead we just cast the one type to the other. * interpreter/Interpreter.cpp: (JSC::Interpreter::initialize): (JSC::Interpreter::isOpcode): * interpreter/Interpreter.h: (JSC::Interpreter::getOpcodeID): 2012-01-06 Sam Weinig Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr https://bugs.webkit.org/show_bug.cgi?id=75737 Reviewed by Anders Carlsson. * wtf/TypeTraits.cpp: * wtf/TypeTraits.h: Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray is composed of some helpers which are also exposed, Conditional<>, which can provide one type or another based on a boolean predicate, IsArray<> which can deduce array types, and RemoveExtent<>, which removes the extent from an array type. 2012-01-06 Oliver Hunt GetByteArrayLength is incorrect https://bugs.webkit.org/show_bug.cgi?id=75735 Reviewed by Filip Pizlo. Load the byte array length from the correct location. This stops an existing test from hanging. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2012-01-06 Filip Pizlo Fix build. * JavaScriptCore.xcodeproj/project.pbxproj: 2012-01-06 Oliver Hunt DFG no longer optimises CanvasPixelArray https://bugs.webkit.org/show_bug.cgi?id=75729 Reviewed by Gavin Barraclough. Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match the future name when we switch over to the new typed-array based ImageData specification. * runtime/JSByteArray.cpp: 2012-01-06 Caio Marcelo de Oliveira Filho Use HashMap for SourceProviderCache items https://bugs.webkit.org/show_bug.cgi?id=75346 Reviewed by Daniel Bates. * parser/Parser.cpp: * parser/SourceProviderCache.cpp: (JSC::SourceProviderCache::clear): (JSC::SourceProviderCache::add): * parser/SourceProviderCache.h: 2012-01-06 Sam Weinig Remove unused OwnFastMallocPtr class. https://bugs.webkit.org/show_bug.cgi?id=75722 Reviewed by Geoffrey Garen. * GNUmakefile.list.am: * JavaScriptCore.gypi: * JavaScriptCore.vcproj/WTF/WTF.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/OwnFastMallocPtr.h: Removed. * wtf/text/StringImpl.h: * wtf/wtf.pro: 2012-01-06 Benjamin Poulain [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates https://bugs.webkit.org/show_bug.cgi?id=75631 Reviewed by Andreas Kling. * JavaScriptCore.xcodeproj/project.pbxproj: 2012-01-06 Eric Seidel and Gustavo Noronha Silva Make the new WTF module build on Gtk https://bugs.webkit.org/show_bug.cgi?id=75669 * GNUmakefile.am: 2012-01-06 Tor Arne Vestbø [Qt] Remove un-needed VPATHs from project includes Reviewed by Simon Hausmann. * JavaScriptCore.pri: * wtf/wtf.pri: 2012-01-06 Tor Arne Vestbø [Qt] Move listing of include paths and libs to pri files in sources Includepaths are sometimes modified by non-Qt contributors so keeping them in files inside Sources makes it more likely that they are updated along with project files for the other ports. Using pri files instead of prf files for this also has the benefit that the include() from the main target file can be parsed and followed by Qt Creator -- something that does not work with load(). Dependency from a target to a library through the WEBKIT variable are handled through forwarding-files in Tools/qmake/mkspecs/modules, which set the source root of the module and include the right pri file. Ideally we'd use the variant of include() that takes an optional namespace to read the variables into, or the fromfile() function, but both of these add an overhead of about 40% on the total qmake runtime, due to making a deep copy of all the variables in the project or re-reading all the prf files from scratch. Reviewed by Simon Hausmann. Reviewed by Ossy. * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf. * Target.pri: * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf. * wtf/wtf.pro: 2012-01-06 Hajime Morrita WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE https://bugs.webkit.org/show_bug.cgi?id=75612 Reviewed by Kevin Ollivier. * wtf/text/WTFString.h: (WTF::String::findIgnoringCase): (WTF::String::append): (WTF::String::fromUTF8): (WTF::String::fromUTF8WithLatin1Fallback): (WTF::String::isHashTableDeletedValue): 2012-01-05 Dan Bernstein Update copyright strings Reviewed by Mark Rowe. * Info.plist: 2012-01-05 Gavin Barraclough Date constructor handles infinite values incorrectly. https://bugs.webkit.org/show_bug.cgi?id=70998 Reviewed by Filip Pizlo. * runtime/DateConstructor.cpp: (JSC::constructDate): - should be checking !finite rather then isnan. 2012-01-05 Gavin Barraclough date.toISOString produces incorrect results for dates with ms prior to 1970 https://bugs.webkit.org/show_bug.cgi?id=75684 Reviewed by Sam Weinig. * runtime/DatePrototype.cpp: (JSC::dateProtoFuncToISOString): 2012-01-05 Gavin Barraclough Array.prototype.lastIndexOf ignores undefined fromIndex. https://bugs.webkit.org/show_bug.cgi?id=75678 Reviewed by Sam Weinig. array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x) * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncLastIndexOf): - should check argumnet count, rather than checking agument value for undefined. 2012-01-05 Gavin Barraclough Date parsing is too restrictive. https://bugs.webkit.org/show_bug.cgi?id=75671 Reviewed by Oliver Hunt. ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15). The spec allow a date to be date only, or date + time. The date portion on the should match: (pseudocode!:) [(+|-)YY]YYYY[-MM[-DD]] though we are slightly more liberal (permitted by the spec), allowing: [+|-]Y+[-MM[-DD]] The time portion should match: THH:mm[:ss[.sss]][Z|(+|-)HH:mm] again we're slightly more liberal, allowing: THH:mm[:ss[.s+]][Z|(+|-)HH:mm] * wtf/DateMath.cpp: (WTF::parseES5DatePortion): - Month/day fields are optional, default to 01. (WTF::parseES5TimePortion): - Hours/Minutes are requires, seconds/timezone are optional. (WTF::parseES5DateFromNullTerminatedCharacters): - Dates may be date only, or date + time. 2012-01-05 Bruno Dilly [EFL] Undefined references to ICU_I18N symbols on WTF https://bugs.webkit.org/show_bug.cgi?id=75642 Unreviewed build fix. Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake. Some undefined references were ucol_setAttribute_44, ucol_close_44, ucol_getAttribute_44... * wtf/PlatformEfl.cmake: 2012-01-05 Geoffrey Garen Refined the fast path for StringImpl::hash() https://bugs.webkit.org/show_bug.cgi?id=75178 Reviewed by Darin Adler. Moved the hash calculation code into an out-of-line function to clean up the hot path. No measurable benchmark change, but this knocks some samples off in Instruments, and I think this is a step toward removing -fomit-frame-pointer. * wtf/text/StringImpl.cpp: (WTF::StringImpl::hashSlowCase): * wtf/text/StringImpl.h: (WTF::StringImpl::hash): The patch. * wtf/text/StringStatics.cpp: (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build scheme, which requires all out-of-line StringImpl functions used by WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.) 2012-01-05 Gavin Barraclough Literal tab in JSONString fails https://bugs.webkit.org/show_bug.cgi?id=71772 Reviewed by Oliver Hunt. rfc4627 does not allow literal tab characters in JSON source. * runtime/LiteralParser.cpp: (JSC::isSafeStringCharacter): - do not allow literal tab in StrictJSON mode. 2012-01-05 Gavin Barraclough push/shift fifo may consume excessive memory https://bugs.webkit.org/show_bug.cgi?id=75610 Reviewed by Sam Weinig. Array object commonly store data in a vector, consisting of a portion that is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and the current algorithm for increaseVectorLength (used by push, or [[Put]]) will never shrink the pre-capacity, so a push/shift fifo may consume an inordinate amount of memory, whilst having a relatively small active length. * runtime/JSArray.cpp: (JSC::JSArray::increaseVectorLength): - If m_indexBias is non-zero, decay it over time. 2012-01-05 Csaba Osztrogonác unshift/pop fifo may consume excessive memory https://bugs.webkit.org/show_bug.cgi?id=75588 Reviewed by Zoltan Herczeg. Buildfix after r104120. * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true (JSC::JSArray::unshiftCount): 2012-01-05 Zoltan Herczeg Unreviewed gardening after r104134. * wtf/Assertions.cpp: 2012-01-05 Zoltan Herczeg Unreviewed gardening after r75605. Rubber stamped by NOBODY Csaba Osztrogonác. * wtf/Assertions.cpp: 2012-01-05 Benjamin Poulain Improve charactersAreAllASCII() to compare multiple characters at a time https://bugs.webkit.org/show_bug.cgi?id=74063 Reviewed by Darin Adler. A new header ASCIIFastPath.h contains the functions related to the detection of ASCII by using machine words. Part of it comes from WebCore's TextCodecASCIIFastPath.h. The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h and is implemented with computer word comparison. The gain over the previous implementation of charactersAreAllASCII() is of the order of how many comparison are avoided (4x, 8x, 16x depending on the format and the CPU type). * GNUmakefile.list.am: * JavaScriptCore.gypi: * JavaScriptCore.vcproj/WTF/WTF.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * wtf/text/ASCIIFastPath.h: Added. (WTF::isAlignedToMachineWord): (WTF::alignToMachineWord): (WTF::isAllASCII): (WTF::charactersAreAllASCII): * wtf/text/WTFString.h: * wtf/wtf.pro: 2012-01-05 Mark Rowe [Mac] WTF logging functions should output to both stderr and ASL We should always log to both ASL and stderr on platforms where this won't result in launchd duplicating the messages. Reviewed by Dan Bernstein. * wtf/Assertions.cpp: (vprintf_stderr_common): 2012-01-05 Mark Rowe WTF logging functions should call vprintf_stderr_common only once per line Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a single line of text. This results in strangely formatted output if vprintf_stderr_common is retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented like stderr. Reviewed by Dan Bernstein. * wtf/Assertions.cpp: (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format string before handing it off to vprintf_stderr_common. This requires disabling warnings about calling a printf-like function with a non-literal format string for this piece of code. It's safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix. (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the given format string if one does not already exist. It requires the same treatment with regards to the non-literal format string warning. (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix. (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common. (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix. (WTFReportError): Ditto. (WTFLog): Switch to using vprintf_stderr_with_trailing_newline. (WTFLogVerbose): Ditto. 2012-01-04 Gavin Barraclough unshift/pop fifo may consume excessive memory https://bugs.webkit.org/show_bug.cgi?id=75588 Reviewed by Sam Weinig. The Array object commonly store data in a vector, consisting of a portion that is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the current algorithm for increasePrefixVectorLength (used by unshift) will never stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount of memory, whilst having a relatively small active length. * runtime/JSArray.cpp: (JSC::storageSize): - sizeof(JSValue) should be sizeof(WriteBarrier) (JSC::SparseArrayValueMap::put): - sizeof(JSValue) should be sizeof(WriteBarrier) (JSC::JSArray::increaseVectorLength): - sizeof(JSValue) should be sizeof(WriteBarrier) (JSC::JSArray::unshiftCountSlowCase): - renamed from increaseVectorPrefixLength (this was a bad name, since it also moved the ArrayStorage header), rewritten. (JSC::JSArray::shiftCount): - sizeof(JSValue) should be sizeof(WriteBarrier), count should be unsigned (JSC::JSArray::unshiftCount): - sizeof(JSValue) should be sizeof(WriteBarrier), count should be unsigned, increaseVectorPrefixLength renamed to unshiftCountSlowCase (JSC::JSArray::sortNumeric): * runtime/JSArray.h: - Updated function declarations, m_indexBias should be unsigned. 2012-01-04 Mark Rowe All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments Since JSC::Arguments has an OwnPtr for a member it needs to override destroy to ensure that the correct destructor is invoked. This is necessary because JSCell subclasses all intentionally have non-virtual destructors. Reviewed by Filip Pizlo. * runtime/Arguments.cpp: (JSC::Arguments::destroy): * runtime/Arguments.h: 2012-01-04 Filip Pizlo Unreviewed, accidentally turned off the JIT in previous commit. Turning it back on. * wtf/Platform.h: 2012-01-04 Filip Pizlo Changed "return" to "break" in some macrology I introduced in http://trac.webkit.org/changeset/104086. This is a benign change, as "return" was technically correct for all uses of the macro. Reviewed by Oliver Hunt. * dfg/DFGGraph.cpp: * wtf/Platform.h: 2012-01-04 Michael Saboff StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset https://bugs.webkit.org/show_bug.cgi?id=75583 Reviewed by Filip Pizlo. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding StructureStubInfo and reset the appropriate JIT and the StructureStubInfo itself when reseting a MethodCallLinkInfo. 2012-01-04 Michael Saboff Invalid ASSERT() in DFGRepatch.cpp near line 385 https://bugs.webkit.org/show_bug.cgi?id=75584 Reviewed by Filip Pizlo. * dfg/DFGRepatch.cpp: (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==. 2012-01-04 Filip Pizlo Incorrect use of DFG node reference counts when mutating the graph https://bugs.webkit.org/show_bug.cgi?id=75580 Reviewed by Oliver Hunt. Made deref(node) follow the pattern of ref(node), which it should have to begin with. * dfg/DFGGraph.cpp: (JSC::DFG::Graph::refChildren): (JSC::DFG::Graph::derefChildren): * dfg/DFGGraph.h: (JSC::DFG::Graph::deref): (JSC::DFG::Graph::clearAndDerefChild1): (JSC::DFG::Graph::clearAndDerefChild2): (JSC::DFG::Graph::clearAndDerefChild3): * dfg/DFGNode.h: (JSC::DFG::Node::deref): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::fixupNode): 2012-01-04 Tor Arne Vestbø [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies The custom qmake variable 'WEBKIT' is used for signaling that a target depends in some way on other subproject of the WebKit project. For now this is limited to the set of intermediate libraries: wtf, javascriptcore, webcore, and webkit2. This replaces the previous convension of using load(foo) for just include paths, and CONFIG += foo to also link against foo. Adding a dependency results in additional include paths being available, and potentially linking to the library. This is decided by the build system based on conditions such as what kind of target is being built and the general build config. An advantage to his approach is that it simplifies the individual foo.prf files, for example by allowing us to use INCLUDEPATH += and LIBS += as normal instead of prepending. Reviewed by Simon Hausmann. * Target.pri: * jsc.pro: * wtf/wtf.pro: 2012-01-03 Filip Pizlo DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong https://bugs.webkit.org/show_bug.cgi?id=75516 Reviewed by Gavin Barraclough. Removed the offending assertion, since it was wrong. Also hardened the code to make this case less likely by first having the propagator fixpoint converge, and then doing double voting combined with a second fixpoint. This is neutral on benchmarks and fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double until we've converged to the conclusion that it really is double). * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagatePredictions): * dfg/DFGVariableAccessData.h: (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): 2012-01-03 Filip Pizlo REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds https://bugs.webkit.org/show_bug.cgi?id=75303 Reviewed by Gavin Barraclough. The this argument was not being kept alive in some cases during inlining and intrinsic optimizations. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::emitFunctionCheck): (JSC::DFG::ByteCodeParser::handleInlining): 2012-01-03 Gavin Barraclough Windows build fix. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2012-01-03 Gavin Barraclough Windows build fix. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2012-01-03 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75140 Reviewed by Sam Weinig. Rewrite JSArray::putSlowCase to be much cleaner & simpler. This rewrite only significantly changes behaviour for sparse array, specifically in how sparse arrays are reified back to vector form. This does not affect arrays with less than 10000 entries (since these always use a vector). The more common cases of sparse array behavior (though large sparse arrays are rare) - arrays that always remain sparse, and arrays that are filled in reverse sequential order - should be just as fast or faster (since reification is simpler & no longer requires map lookups) after these changes. Simplifying this code allows all cases of putByIndex that need to grow the vector to do so via increaseVectorLength, which means that this method can encapsulate the policy of determining how the vector should be grown. No performance impact. * runtime/JSArray.cpp: (JSC::isDenseEnoughForVector): - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector. (JSC::JSArray::putByIndex): - simplify & comment. (JSC::JSArray::putByIndexBeyondVectorLength): - Re-written to be much clearer & simpler. (JSC::JSArray::increaseVectorLength): (JSC::JSArray::increaseVectorPrefixLength): - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so. (JSC::JSArray::push): - simplify & comment. * runtime/JSArray.h: - removed SparseArrayValueMap::take. 2012-01-03 Gavin Barraclough Windows build fix. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2012-01-03 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75140 Reviewed by Sam Weinig. Simplify JSArray creation - remove ArgsList/JSValue* create methods (this functionality can be implemented in terms of tryCreateUninitialized). * JavaScriptCore.exp: * runtime/ArrayConstructor.cpp: - use constructArray/constructEmptyArray instead of calling JSArray::create directly (JSC::constructArrayWithSizeQuirk): * runtime/JSArray.cpp: * runtime/JSArray.h: - removed ArgsList/JSValue* create methods * runtime/JSGlobalObject.h: (JSC::constructEmptyArray): (JSC::constructArray): - changed to be implemented in terms of JSArray::tryCreateUninitialized 2012-01-03 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75429 ThrowTypeError should be a singleton object Reviewed by Sam Weinig. Per section 13.2.3 of the spec. We could change setAccessorDescriptor to be able to share the global GetterSetter object, rather than storing the accessor functions and creating a new GetterSetter in defineProperty - but this won't be a small change to PropertyDescriptors (and would probably mean making GetterSetter objects immutable?) - so I'll leave that for another patch. * JavaScriptCore.exp: - don't export setAccessorDescriptor * runtime/Arguments.cpp: (JSC::Arguments::createStrictModeCallerIfNecessary): (JSC::Arguments::createStrictModeCalleeIfNecessary): - call throwTypeErrorGetterSetter instead of createTypeErrorFunction * runtime/Error.cpp: * runtime/Error.h: - remove createTypeErrorFunction * runtime/JSFunction.cpp: * runtime/JSFunction.h: - remove unused createDescriptorForThrowingProperty * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): - removed m_strictModeTypeErrorFunctionStructure. * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::internalFunctionStructure): - removed m_strictModeTypeErrorFunctionStructure. * runtime/PropertyDescriptor.cpp: (JSC::PropertyDescriptor::setAccessorDescriptor): - changed to take a GetterSetter * runtime/PropertyDescriptor.h: - changed to take a GetterSetter 2012-01-02 Gavin Barraclough Check in fixes for jsc tests following bug #75455. * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js: * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js: 2012-01-02 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75452 If argument to Error is undefined, message is not set Reviewed by Sam Weinig. Per section 15.11.1.1 of the spec. * runtime/ErrorInstance.h: (JSC::ErrorInstance::create): (JSC::ErrorInstance::finishCreation): 2012-01-02 Gavin Barraclough ES5 prohibits parseInt from supporting octal https://bugs.webkit.org/show_bug.cgi?id=75455 Reviewed by Sam Weinig. See sections 15.1.2.2 and annex E. * runtime/JSGlobalObjectFunctions.cpp: (JSC::parseInt): 2012-01-02 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=55343 Global JSON should be configurable but isn't Reviewed by Sam Weinig. * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): - make JSON configurable 2012-01-01 Filip Pizlo Call instructions should leave room for linking information https://bugs.webkit.org/show_bug.cgi?id=75422 Reviewed by Oliver Hunt. * bytecode/Opcode.h: * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitConstruct): 2011-12-31 Dan Bernstein Continue trying to fix the Windows build after r103823. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2011-12-31 Dan Bernstein Start trying to fix the Windows build after r103823. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2011-12-30 Anders Carlsson Add a ParamStorageTraits specialization for RetainPtr https://bugs.webkit.org/show_bug.cgi?id=75392 Reviewed by Daniel Bates. * wtf/Functional.h: Add a partial specialization of ParamStorageTraits for RetainPtr. * wtf/RetainPtr.h: Bring in the retainPtr function template from WTF. 2011-12-29 Sam Weinig It should be easier to iterate a Vector backwards https://bugs.webkit.org/show_bug.cgi?id=75359 Reviewed by Anders Carlsson. Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(), a new proxy driven way to access a vector backwards. One can use reversed() in a range-based for loop like so: for (auto val: myVector.reversed()) doSomething(val) * wtf/Vector.h: (WTF::Vector::~Vector): Fix style. (WTF::Vector::rbegin): (WTF::Vector::rend): Added using standard adaptor std::reverse_iterator. (WTF::Vector::reversed): (WTF::Vector::VectorReverseProxy::begin): (WTF::Vector::VectorReverseProxy::end): Add proxy similar to one used in HashMap for keys() and values() which allows access to a Vector backwards for use in range-based for loops. 2011-12-29 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75140 Reviewed by Oliver Hunt. Start cleaning up JSArray construction. JSArray has a set of create methods, one of which (currently) takes a 'creation mode' enum parameter. Based on that parameter, the constructor does one of two completely different things. If the parameter is 'CreateInitialized' it creates an array, setting the length, but does not eagerly allocate a storage vector of the specified length. A small (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property access to the vector will read the hole value (return undefined). The alternate usage of this method ('CreateCompact') does something very different. It tries to create an array of the requested length, and also allocates a storage vector large enough to hold all properties. It does not clear the storage vector, leaving the memory uninitialized and requiring the user to call a method 'uncheckedSetIndex' to initialize values in the vector. This patch factors out these two behaviours, moving the 'CreateCompact' mode into its own method, 'tryCreateUninitialized' (matching the naming for this functionality in the string classes). 'tryCreateUninitialized' may return 0 if memory allocation fails during construction of the object. The construction pattern changes such that values added during initialization will be marked if a GC is triggered during array allocation. 'CreateInitialized' no longer need be passed to create a normal, fully constructed array with a length, and this method is merged with the version of 'create' that does not take an initial length (length parameter defaults to 0). * JavaScriptCore.exp: * runtime/ArrayConstructor.cpp: (JSC::constructArrayWithSizeQuirk): - removed 'CreateInitialized' argument * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncSplice): - changed to call 'tryCreateUninitialized' * runtime/FunctionPrototype.cpp: (JSC::functionProtoFuncBind): - changed to call 'tryCreateUninitialized' * runtime/JSArray.cpp: (JSC::JSArray::JSArray): - initialize m_storage to null; if construction fails, make destruction safe (JSC::JSArray::finishCreation): - merge versions of this method, takes an initialLength parameter defaulting to zero (JSC::JSArray::tryFinishCreationUninitialized): - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0 (JSC::JSArray::~JSArray): - check for null m_storage, in case array construction failed. (JSC::JSArray::increaseVectorPrefixLength): * runtime/JSArray.h: (JSC::JSArray::create): - merge versions of this method, takes an initialLength parameter defaulting to zero (JSC::JSArray::tryCreateUninitialized): - version of 'create' that tries to eagerly allocate storage; may fail & return 0 (JSC::JSArray::initializeIndex): (JSC::JSArray::completeInitialization): - used in conjunction with 'tryCreateUninitialized' to initialize the array * runtime/JSGlobalObject.h: (JSC::constructEmptyArray): - removed 'CreateInitialized' argument * runtime/RegExpConstructor.cpp: (JSC::RegExpMatchesArray::finishCreation): - removed 'CreateInitialized' argument 2011-12-29 Anders Carlsson Add a retainPtr function template https://bugs.webkit.org/show_bug.cgi?id=75365 Reviewed by Dan Bernstein. This makes it easier to make a RetainPtr using template argument deduction, which is useful when passing RetainPtr objects as function arguments. * wtf/RetainPtr.h: (WTF::retainPtr): 2011-12-28 Yuqiang Xian spill unboxed values in DFG 32_64 https://bugs.webkit.org/show_bug.cgi?id=75291 Reviewed by Filip Pizlo. Currently all the values are spilled as boxed in DFG 32_64, which is not necessary and introduces additional stores/loads. Instead we can spill them as unboxed if feasible. It can be applied to the Integers, Cells and Booleans in DFG 32_64. Doubles are left as is because they don't need to be boxed at all. The modifications to the spill/fill and the OSR exit are required, as well as a bug fix to the "isUnknownJS" logic. * bytecode/ValueRecovery.h: (JSC::ValueRecovery::displacedInRegisterFile): (JSC::ValueRecovery::virtualRegister): (JSC::ValueRecovery::dump): * dfg/DFGGenerationInfo.h: (JSC::DFG::GenerationInfo::isUnknownJS): (JSC::DFG::GenerationInfo::spill): * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::isKnownNotBoolean): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::silentFillGPR): (JSC::DFG::SpeculativeJIT::spill): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::fillInteger): (JSC::DFG::SpeculativeJIT::fillDouble): (JSC::DFG::SpeculativeJIT::fillJSValue): (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compile): 2011-12-28 Anders Carlsson Add an implicit block conversion operator to WTF::Function https://bugs.webkit.org/show_bug.cgi?id=75325 Reviewed by Dan Bernstein. * wtf/Compiler.h: Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation is buggy, especially when it comes to C++. * wtf/Functional.h: Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed. 2011-12-27 Anders Carlsson Add a new WTF::bind overload that takes 6 parameters https://bugs.webkit.org/show_bug.cgi?id=75287 Reviewed by Sam Weinig. * wtf/Functional.h: 2011-12-27 Sam Weinig Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro https://bugs.webkit.org/show_bug.cgi?id=75268 Reviewed by Anders Carlsson. * wtf/Compiler.h: Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). * wtf/Noncopyable.h: Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS). * wtf/NullPtr.cpp: * wtf/NullPtr.h: Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR). * wtf/RefPtr.h: * wtf/RetainPtr.h: Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR). 2011-12-27 Anders Carlsson Misc fixes and cleanups in Functional.h https://bugs.webkit.org/show_bug.cgi?id=75281 Reviewed by Andreas Kling. - Reformat template declarations so that the class begins on a new line. - Change the parameter template parameters to start at P1 instead of P0. - Add function wrappers and bind overloads for 4 and 5 parameter functions. - Change the Function call operator to be const so const functions can be called. * wtf/Functional.h: 2011-12-27 Tony Chang [chromium] Minor cleanup of gyp files. https://bugs.webkit.org/show_bug.cgi?id=75269 Reviewed by Adam Barth. * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed and vim/emacs specific hooks should be added by the user. 2011-12-27 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75260 Null name for host function can result in dereference of uninitialize memory Reviewed by Filip Pizlo. This is a recent regression in ToT, if the name passed to finishCreation of a host function is null, we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the aspect of the change that introduced the issue. It might be better if functions that don't have a name don't have this property at all, but that's change should be separate from fixing the bug. * runtime/JSFunction.cpp: (JSC::JSFunction::finishCreation): - Always initialize the name property. 2011-12-27 Anders Carlsson Function should handle wrapping/unwrapping RefPtr and PassRefPtr https://bugs.webkit.org/show_bug.cgi?id=75266 Reviewed by Sam Weinig. Add ParamStorageTraits that can be used for deciding how bound parameters should be stored and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn. For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking. * wtf/Functional.h: (WTF::ParamStorageTraits::wrap): (WTF::ParamStorageTraits::unwrap): 2011-12-27 Tony Chang [chromium] really enable wpo for WebCore libs and for WTF https://bugs.webkit.org/show_bug.cgi?id=75264 Reviewed by Adam Barth. * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr. 2011-12-26 Gavin Barraclough Errk! OS X build fix. * JavaScriptCore.exp: 2011-12-26 Gavin Barraclough Windows build fix. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * runtime/JSObject.h: 2011-12-26 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75231 Fail to throw in strict mode on assign to read only static properties Reviewed by Filip Pizlo. There are three bugs here: * symbolTablePut should throw for strict mode accesses. * lookupPut should throw for strict mode accesses. * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties. * runtime/JSActivation.cpp: (JSC::JSActivation::symbolTablePut): (JSC::JSActivation::put): * runtime/JSActivation.h: * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::put): * runtime/JSStaticScopeObject.cpp: (JSC::JSStaticScopeObject::put): * runtime/JSVariableObject.h: (JSC::JSVariableObject::symbolTablePut): * runtime/Lookup.h: (JSC::lookupPut): * runtime/NumberConstructor.cpp: (JSC::NumberConstructor::put): * runtime/NumberConstructor.h: 2011-12-26 Gavin Barraclough Fix miss-commit of utf8 change. Reviewed by Filip Pizlo Eeep, patch as landed a while ago had no effect! - acidentally landed modified version of patch used for performance testing. (This isn't covered by layout tests because layour tests don't use jsc, and the tests/mozilla tests use latin1, which was already supported!) Landing changes as intended (and as originally reviewed). * jsc.cpp: (jscSource): 2011-12-26 Filip Pizlo Unreviewed build fix for ARMv7. * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::load16Signed): (JSC::MacroAssemblerARMv7::load8Signed): 2011-12-26 Hajime Morrita Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE https://bugs.webkit.org/show_bug.cgi?id=74990 Reviewed by Kevin Ollivier. * runtime/JSExportMacros.h: Removed JS_INLINE * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE 2011-12-24 Filip Pizlo The ArgumentCount field in the CallFrame should have its tag left blank for other uses https://bugs.webkit.org/show_bug.cgi?id=75199 Reviewed by Oliver Hunt. * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): * interpreter/CallFrame.h: (JSC::ExecState::argumentCountIncludingThis): (JSC::ExecState::setArgumentCountIncludingThis): * interpreter/Register.h: (JSC::Register::unboxedInt32): (JSC::Register::unboxedBoolean): (JSC::Register::unboxedCell): (JSC::Register::payload): (JSC::Register::tag): * jit/JITCall.cpp: (JSC::JIT::compileOpCall): * jit/JITCall32_64.cpp: (JSC::JIT::compileLoadVarargs): (JSC::JIT::compileOpCall): 2011-12-25 Andreas Kling Yarr: Avoid copying vectors in CharacterClassConstructor. Reviewed by Darin Adler. Yarr::CharacterClassConstructor::charClass() was hot when loading twitter feeds (1.2%), replace the usage of Vector::append() by swap() since we're always clearing the source vector afterwards anyway. * yarr/YarrPattern.cpp: (JSC::Yarr::CharacterClassConstructor::charClass): 2011-12-24 Darin Adler Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn https://bugs.webkit.org/show_bug.cgi?id=72476 Reviewed by Sam Weinig. * wtf/HashTraits.h: Defined PassInType and store function in HashTraits. 2011-12-23 Geoffrey Garen Inlined Yarr::execute https://bugs.webkit.org/show_bug.cgi?id=75180 Reviewed reluctantly by Beth Dakin. Tiny speedup on SunSpider string tests. Removes some samples from Instruments. A step toward removing -fomit-frame-pointer. * yarr/YarrJIT.cpp: * yarr/YarrJIT.h: (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?! 2011-12-23 Filip Pizlo DFG loads from signed 8-bit and 16-bit typed arrays are broken https://bugs.webkit.org/show_bug.cgi?id=75163 Reviewed by Geoffrey Garen. Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm currently disabling Int8Array and Int16Array optimizations on ARM. * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::load8Signed): (JSC::MacroAssemblerX86Common::load16Signed): * assembler/X86Assembler.h: (JSC::X86Assembler::movswl_mr): (JSC::X86Assembler::movsbl_mr): * bytecode/PredictedType.h: (JSC::isActionableMutableArrayPrediction): * dfg/DFGNode.h: (JSC::DFG::Node::shouldSpeculateInt8Array): (JSC::DFG::Node::shouldSpeculateInt16Array): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): 2011-12-23 Filip Pizlo DFG does double-to-int conversion incorrectly when storing into int typed arrays https://bugs.webkit.org/show_bug.cgi?id=75164 Reviewed by Geoffrey Garen. * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32): * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32): (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): 2011-12-23 Geoffrey Garen Refactored String.prototype.replace https://bugs.webkit.org/show_bug.cgi?id=75114 Reviewed by Darin Adler. No performance difference. I think this is a step toward removing -fomit-frame-pointer. * runtime/JSString.cpp: * runtime/JSString.h: Removed the test and special case for a single-character search string because the standard path does this test and special case for us. (As an aside, if we do come up with a unique single-character replace optimization in future, it probably belongs in the replace function, and not in JSString.) * runtime/StringPrototype.cpp: (JSC::stringProtoFuncReplace): Split this mega-sized function into: (JSC::replaceUsingStringSearch): - This reasonably sized function, and (JSC::replaceUsingRegExpSearch): - This still mega-sized function. 2011-12-23 Pierre Rossi [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html https://bugs.webkit.org/show_bug.cgi?id=75087 monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds. Reviewed by Darin Adler. * wtf/CurrentTime.cpp: (WTF::monotonicallyIncreasingTime): 2011-12-22 Filip Pizlo DFG should not speculate array even when predictions say that the base is not an array https://bugs.webkit.org/show_bug.cgi?id=75160 Reviewed by Oliver Hunt. Added the ability to call slow path when the base is known to not be an array. Also rationalized the logic for deciding when the index is not an int, and cleaned up the logic for deciding when to speculate typed array. Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can likely be mitigated by having the notion of a polymorphic array access, where we try, but don't speculate, to access the array one way before either trying some other ways or calling slow path. * bytecode/PredictedType.h: (JSC::isActionableMutableArrayPrediction): (JSC::isActionableArrayPrediction): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGNode.h: (JSC::DFG::Node::shouldSpeculateInt8Array): (JSC::DFG::Node::shouldSpeculateInt16Array): (JSC::DFG::Node::shouldSpeculateInt32Array): (JSC::DFG::Node::shouldSpeculateUint8Array): (JSC::DFG::Node::shouldSpeculateUint16Array): (JSC::DFG::Node::shouldSpeculateUint32Array): (JSC::DFG::Node::shouldSpeculateFloat32Array): (JSC::DFG::Node::shouldSpeculateFloat64Array): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::byValIsPure): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-22 Gavin Barraclough Unreviewed - fix stylebot issues from last patch. * runtime/JSArray.cpp: (JSC::JSArray::putSlowCase): 2011-12-22 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=75151 Add attributes field to JSArray's SparseMap Reviewed by Sam Weinig. This will be necessary to be able to support non- writable/configurable/enumerable properties, and helpful for getters/setters. Added a concept of being 'inSparseMode' - this indicates the array has a non-standard * runtime/ArrayPrototype.cpp: (JSC::arrayProtoFuncSort): - JSArray::sort methods not allowed on arrays that are 'inSparseMode'. (must fall back to generic sort alogrithm). * runtime/JSArray.cpp: (JSC::JSArray::finishCreation): - moved reportedMapCapacity into the SparseArrayValueMap object. (JSC::SparseArrayValueMap::find): (JSC::SparseArrayValueMap::put): (JSC::SparseArrayValueMap::visitChildren): - Added. (JSC::JSArray::getOwnPropertySlotByIndex): (JSC::JSArray::getOwnPropertyDescriptor): (JSC::JSArray::putSlowCase): (JSC::JSArray::deletePropertyByIndex): (JSC::JSArray::getOwnPropertyNames): (JSC::JSArray::setLength): (JSC::JSArray::pop): (JSC::JSArray::visitChildren): - Updated for changes in SparseArrayValueMap. (JSC::JSArray::sortNumeric): (JSC::JSArray::sort): (JSC::JSArray::compactForSorting): - Disallow on 'SparseMode' arrays. * runtime/JSArray.h: (JSC::SparseArrayEntry::SparseArrayEntry): - An entry in the sparse array - value (WriteBarrier) + attributes. (JSC::SparseArrayValueMap::SparseArrayValueMap): (JSC::SparseArrayValueMap::sparseMode): (JSC::SparseArrayValueMap::setSparseMode): - Flags to track whether an Array is forced into SparseMode. (JSC::SparseArrayValueMap::remove): (JSC::SparseArrayValueMap::notFound): (JSC::SparseArrayValueMap::isEmpty): (JSC::SparseArrayValueMap::contains): (JSC::SparseArrayValueMap::size): (JSC::SparseArrayValueMap::begin): (JSC::SparseArrayValueMap::end): - accessors to the map (JSC::SparseArrayValueMap::take): - only for use on non-SpareMode arrays. (JSC::JSArray::inSparseMode): - Added. 2011-12-22 Filip Pizlo DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array https://bugs.webkit.org/show_bug.cgi?id=75150 Reviewed by Gavin Barraclough. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): 2011-12-22 Filip Pizlo DFG JIT does exactly the wrong thing when doing strict equality on two known cells https://bugs.webkit.org/show_bug.cgi?id=75138 Reviewed by Oliver Hunt. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq): 2011-12-22 Balazs Kelemen Fix debug build with assertions disabled https://bugs.webkit.org/show_bug.cgi?id=75075 Reviewed by Darin Adler. Check whether assertions are disabled instead of NDEBUG where appropriate to avoid "defined but not used" warnings. * wtf/DateMath.cpp: (WTF::initializeDates): 2011-12-22 Mariusz Grzegorczyk [EFL] Missing plugins support for efl port https://bugs.webkit.org/show_bug.cgi?id=44505 Reviewed by Anders Carlsson. Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port. * wtf/Platform.h: 2011-12-22 Wei Charles Remove un-used data member of LiteralParser::Lex::m_string https://bugs.webkit.org/show_bug.cgi?id=68216 Reviewed by George Staikos. * runtime/LiteralParser.h: 2011-12-21 Dan Bernstein OS X build fix after r103488. * JavaScriptCore.exp: 2011-12-21 Konrad Piascik Implement the JavaScriptCore bindings for eventListenerHandlerLocation https://bugs.webkit.org/show_bug.cgi?id=74313 Reviewed by Eric Seidel. Updated project files to get Windows and Mac builds working. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * JavaScriptCore.xcodeproj/project.pbxproj: 2011-12-21 Filip Pizlo DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object https://bugs.webkit.org/show_bug.cgi?id=75058 Reviewed by Oliver Hunt. Added a call to toThisObject() in the DFG when planting a direct reference to the global this object. Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState* is optional. * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::globalThisObjectFor): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/JSObject.h: 2011-12-21 Pierre Rossi Implement montonicallyIncreasingClock() on Qt https://bugs.webkit.org/show_bug.cgi?id=62159 Reviewed by Darin Adler. * wtf/CurrentTime.cpp: (WTF::monotonicallyIncreasingTime): 2011-12-20 Filip Pizlo 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails https://bugs.webkit.org/show_bug.cgi?id=74997 Reviewed by Gavin Barraclough. * jit/JITArithmetic32_64.cpp: (JSC::JIT::emit_op_div): 2011-12-20 Filip Pizlo JavaScriptCore should be consistent about how it reads and writes ArgumentCount https://bugs.webkit.org/show_bug.cgi?id=74989 Reviewed by Gavin Barraclough. * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileFunction): * jit/JIT.cpp: (JSC::JIT::privateCompile): * jit/JITCall32_64.cpp: (JSC::JIT::compileLoadVarargs): * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_get_arguments_length): (JSC::JIT::emit_op_get_argument_by_val): * jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::SpecializedThunkJIT): 2011-12-20 Filip Pizlo Value Profiles for arguments should be more easily accessible to the interpreter https://bugs.webkit.org/show_bug.cgi?id=74984 Reviewed by Gavin Barraclough. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::stronglyVisitStrongReferences): (JSC::CodeBlock::shouldOptimizeNow): (JSC::CodeBlock::dumpValueProfiles): * bytecode/CodeBlock.h: (JSC::CodeBlock::setArgumentValueProfileSize): (JSC::CodeBlock::numberOfArgumentValueProfiles): (JSC::CodeBlock::valueProfileForArgument): (JSC::CodeBlock::addValueProfile): (JSC::CodeBlock::valueProfile): (JSC::CodeBlock::valueProfileForBytecodeOffset): (JSC::CodeBlock::totalNumberOfValueProfiles): (JSC::CodeBlock::getFromAllValueProfiles): * bytecode/ValueProfile.h: (JSC::ValueProfile::ValueProfile): * jit/JIT.cpp: (JSC::JIT::privateCompile): * jit/JIT.h: * jit/JITInlineMethods.h: (JSC::JIT::emitValueProfilingSite): 2011-12-20 Gavin Barraclough JSC shell should accept utf8 input. Reviewed by Filip Pizlo. * jsc.cpp: (jscSource): (functionRun): (functionLoad): (functionCheckSyntax): (runWithScripts): (runInteractive): 2011-12-20 Gavin Barraclough Rubber Stamped by Sam Weinig * runtime/JSGlobalData.cpp: - removed some dead code. 2011-12-19 Geoffrey Garen Tightened up Vector::append https://bugs.webkit.org/show_bug.cgi?id=74906 Reviewed by Sam Weinig. Not a measurable speedup, but code inspection shows better code generated, and I believe this is a step toward turning off -fomit-frame-pointer. * wtf/Vector.h: (WTF::::append): (WTF::::appendSlowCase): Split out the slow case into a separate function to keep unnecessary instructions off the hot path. This means the hot path can now be inlined more often. Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a compiler work-around from 2007. 2011-12-19 Yuqiang Xian Temporary GPR should not be lazily allocated in DFG JIT on X86 https://bugs.webkit.org/show_bug.cgi?id=74908 Reviewed by Filip Pizlo. On X86, we used to allocate a temporary GPR lazily when it's really used rather than defined. This may cause potential issues of allocating registers inside control flow and result in problems in subsequent code generation, for example the DFG JIT may think an operand already being spilled (to satisfy the allocation request) and generate code to read the data from memory, but the allocation and spilling are in a branch which is not taken at runtime, so the generated code is incorrect. Although current DFG JIT code doesn't have this problematic pattern, it's better to cut-off the root to avoid any potential issues in the future. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::GPRTemporary::GPRTemporary): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::GPRTemporary::gpr): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-19 Yuqiang Xian Remove unused code for non-speculative Arith operations from DFG JIT https://bugs.webkit.org/show_bug.cgi?id=74905 Reviewed by Filip Pizlo. * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: * dfg/DFGSpeculativeJIT64.cpp: 2011-12-19 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=74903 Exceptions not thrown correctly from DFG JIT on 32bit Reviewed by Oliver Hunt. Arguments for lookupExceptionHandler are not setup correctly. In the case of ARMv7 we rely on lr being preserved over a call, this in invalid. On x86 we don't should be poking the arguments onto the stack! * bytecode/CodeBlock.h: (JSC::CodeBlock::bytecodeOffsetForCallAtIndex): * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn): * dfg/DFGGPRInfo.h: * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileBody): * dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::addExceptionCheck): (JSC::DFG::JITCompiler::addFastExceptionCheck): * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: 2011-12-19 Filip Pizlo If we detect that we can use the JIT, don't use computed opcode lookups https://bugs.webkit.org/show_bug.cgi?id=74899 Reviewed by Gavin Barraclough. * interpreter/Interpreter.cpp: (JSC::Interpreter::Interpreter): (JSC::Interpreter::initialize): (JSC::Interpreter::privateExecute): * interpreter/Interpreter.h: (JSC::Interpreter::getOpcode): (JSC::Interpreter::getOpcodeID): * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData): 2011-12-19 Geoffrey Garen Try to fix the Qt build. Unreviewed. * wtf/ThreadSpecific.h: #include! 2011-12-18 Filip Pizlo It should be possible to change the value of an Options variable without recompiling the world https://bugs.webkit.org/show_bug.cgi?id=74807 Reviewed by Gavin Barraclough. * runtime/Options.cpp: (JSC::Options::initializeOptions): * runtime/Options.h: 2011-12-19 Sheriff Bot Unreviewed, rolling out r103250. http://trac.webkit.org/changeset/103250 https://bugs.webkit.org/show_bug.cgi?id=74877 it still breaks codegen (Requested by olliej on #webkit). * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGNode.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateArithNodeFlags): (JSC::DFG::Propagator::fixupNode): (JSC::DFG::Propagator::byValIsPure): (JSC::DFG::Propagator::clobbersWorld): (JSC::DFG::Propagator::getByValLoadElimination): (JSC::DFG::Propagator::checkStructureLoadElimination): (JSC::DFG::Propagator::getByOffsetLoadElimination): (JSC::DFG::Propagator::getPropertyStorageLoadElimination): (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-16 Oliver Hunt Rolling r103120 back in with merge errors corrected. PutByVal[Alias] unnecessarily reloads the storage buffer https://bugs.webkit.org/show_bug.cgi?id=74747 Reviewed by Gavin Barraclough. Make PutByVal use GetIndexedStorage to load the storage buffer. This required switching PutByVal to a vararg node (which is responsible for most of the noise in this patch). This fixes the remaining portion of the kraken regression caused by the GetByVal storage load elimination, and a 1-5% win on some of the sub tests of the typed array benchmark at: http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGNode.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateArithNodeFlags): (JSC::DFG::Propagator::fixupNode): (JSC::DFG::Propagator::byValIndexIsPure): (JSC::DFG::Propagator::clobbersWorld): (JSC::DFG::Propagator::getByValLoadElimination): (JSC::DFG::Propagator::checkStructureLoadElimination): (JSC::DFG::Propagator::getByOffsetLoadElimination): (JSC::DFG::Propagator::getPropertyStorageLoadElimination): (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-15 Geoffrey Garen Placement new does an unnecessary NULL check https://bugs.webkit.org/show_bug.cgi?id=74676 Reviewed by Sam Weinig. We can define our own version, which skips the NULL check. Not a measurable speedup, but code inspection shows better code generated, and I believe this is a step toward turning off -fomit-frame-pointer. * API/JSCallbackConstructor.h: (JSC::JSCallbackConstructor::create): * API/JSCallbackFunction.h: (JSC::JSCallbackFunction::create): Use the NotNull version of placement new to skip the NULL check. * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new. (JSC::JSCallbackObject::create): * debugger/DebuggerActivation.h: (JSC::DebuggerActivation::create): * heap/HandleHeap.cpp: (JSC::HandleHeap::grow): * heap/HandleHeap.h: (JSC::HandleHeap::allocate): * heap/MarkedBlock.cpp: (JSC::MarkedBlock::create): (JSC::MarkedBlock::recycle): * jit/JITCode.h: (JSC::JITCode::clear): * jsc.cpp: (GlobalObject::create): * profiler/CallIdentifier.h: * runtime/Arguments.h: (JSC::Arguments::create): * runtime/ArrayConstructor.h: (JSC::ArrayConstructor::create): * runtime/ArrayPrototype.h: (JSC::ArrayPrototype::create): * runtime/BooleanConstructor.h: (JSC::BooleanConstructor::create): * runtime/BooleanObject.h: (JSC::BooleanObject::create): * runtime/BooleanPrototype.h: (JSC::BooleanPrototype::create): * runtime/DateConstructor.h: (JSC::DateConstructor::create): * runtime/DateInstance.h: (JSC::DateInstance::create): * runtime/DatePrototype.h: (JSC::DatePrototype::create): * runtime/Error.h: (JSC::StrictModeTypeErrorFunction::create): * runtime/ErrorConstructor.h: (JSC::ErrorConstructor::create): * runtime/ErrorInstance.h: (JSC::ErrorInstance::create): * runtime/ErrorPrototype.h: (JSC::ErrorPrototype::create): * runtime/ExceptionHelpers.h: (JSC::InterruptedExecutionError::create): (JSC::TerminatedExecutionError::create): * runtime/Executable.h: (JSC::NativeExecutable::create): (JSC::EvalExecutable::create): (JSC::ProgramExecutable::create): (JSC::FunctionExecutable::create): * runtime/FunctionConstructor.h: (JSC::FunctionConstructor::create): * runtime/FunctionPrototype.h: (JSC::FunctionPrototype::create): * runtime/GetterSetter.h: (JSC::GetterSetter::create): * runtime/JSAPIValueWrapper.h: (JSC::JSAPIValueWrapper::create): * runtime/JSActivation.h: (JSC::JSActivation::create): * runtime/JSArray.h: (JSC::JSArray::create): * runtime/JSBoundFunction.cpp: (JSC::JSBoundFunction::create): * runtime/JSByteArray.h: (JSC::JSByteArray::create): Use the NotNull version of placement new to skip the NULL check. * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new. * runtime/JSFunction.cpp: (JSC::JSFunction::create): * runtime/JSFunction.h: (JSC::JSFunction::create): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::create): * runtime/JSGlobalThis.h: (JSC::JSGlobalThis::create): * runtime/JSNotAnObject.h: (JSC::JSNotAnObject::create): * runtime/JSONObject.h: (JSC::JSONObject::create): * runtime/JSObject.h: (JSC::JSFinalObject::create): * runtime/JSPropertyNameIterator.cpp: (JSC::JSPropertyNameIterator::create): * runtime/JSPropertyNameIterator.h: (JSC::JSPropertyNameIterator::create): * runtime/JSStaticScopeObject.h: (JSC::JSStaticScopeObject::create): * runtime/JSString.cpp: (JSC::StringObject::create): * runtime/JSString.h: (JSC::RopeBuilder::createNull): (JSC::RopeBuilder::create): (JSC::RopeBuilder::createHasOtherOwner): * runtime/MathObject.h: (JSC::MathObject::create): * runtime/NativeErrorConstructor.h: (JSC::NativeErrorConstructor::create): * runtime/NativeErrorPrototype.h: (JSC::NativeErrorPrototype::create): * runtime/NumberConstructor.h: (JSC::NumberConstructor::create): * runtime/NumberObject.h: (JSC::NumberObject::create): * runtime/NumberPrototype.h: (JSC::NumberPrototype::create): * runtime/ObjectConstructor.h: (JSC::ObjectConstructor::create): * runtime/ObjectPrototype.h: (JSC::ObjectPrototype::create): * runtime/RegExp.cpp: (JSC::RegExp::createWithoutCaching): * runtime/RegExpConstructor.h: (JSC::RegExpConstructor::create): * runtime/RegExpMatchesArray.h: (JSC::RegExpMatchesArray::create): * runtime/RegExpObject.h: (JSC::RegExpObject::create): * runtime/RegExpPrototype.h: (JSC::RegExpPrototype::create): * runtime/ScopeChain.h: (JSC::ScopeChainNode::create): * runtime/StrictEvalActivation.h: (JSC::StrictEvalActivation::create): * runtime/StringConstructor.h: (JSC::StringConstructor::create): * runtime/StringObject.h: (JSC::StringObject::create): * runtime/StringPrototype.h: (JSC::StringPrototype::create): * runtime/Structure.h: (JSC::Structure::create): (JSC::Structure::createStructure): * runtime/StructureChain.h: (JSC::StructureChain::create): * testRegExp.cpp: (GlobalObject::create): * wtf/BitVector.cpp: (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement new to skip the NULL check. * wtf/BumpPointerAllocator.h: (WTF::BumpPointerPool::create): Standardized spacing to make grep easier. * wtf/ByteArray.cpp: (WTF::ByteArray::create): * wtf/Deque.h: (WTF::::append): (WTF::::prepend): Use NotNull, as above. * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise hide the name of the global placement new. (WTF::fastNew): Standardized spacing. Most of these functions don't need NotNull, since they check for NULL, and the optimizer can see that. * wtf/HashTable.h: * wtf/HashTraits.h: (WTF::SimpleClassHashTraits::constructDeletedValue): * wtf/MetaAllocator.cpp: (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above. * wtf/StdLibExtras.h: (throw): This is our NotNull placement new. Declaring that we throw is the C++ way to say that operator new will not return NULL. * wtf/ThreadSpecific.h: (WTF::T): * wtf/Vector.h: (WTF::::append): (WTF::::tryAppend): (WTF::::uncheckedAppend): (WTF::::insert): * wtf/text/AtomicStringHash.h: * wtf/text/StringImpl.cpp: (WTF::StringImpl::createUninitialized): (WTF::StringImpl::reallocate): * wtf/text/StringImpl.h: (WTF::StringImpl::tryCreateUninitialized): * wtf/text/StringStatics.cpp: (WTF::AtomicString::init): Use NotNull, as above. * yarr/YarrInterpreter.cpp: (JSC::Yarr::Interpreter::allocDisjunctionContext): (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext): (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized spacing for easy grep. 2011-12-19 Eric Carlson Enable for Mac build https://bugs.webkit.org/show_bug.cgi?id=74838 Reviewed by Darin Adler. * wtf/Platform.h: 2011-12-18 Filip Pizlo DFG is too sloppy with register allocation https://bugs.webkit.org/show_bug.cgi?id=74835 Reviewed by Gavin Barraclough. Added assertions that at the end of a successfully generated basic block, all use counts should be zero. This revealed a number of bugs: - Array length optimizations were turning a must-generate node into one that is not must-generate, but failing to change the ref count accordingly. - Indexed property storage optimizations were failing to deref their children, or to deref the indexed property storage node itself. Also, they used the Phantom node as a replacement. But the Phantom node is must-generate, which was causing bizarre issues. So this introduces a Nop node, which should be used in cases where you want a node that is skipped and has no children. This does not have any significant performance effect, but it should relieve some register pressure. The main thing this patch adds, though, are the assertions, which should make it easier to do register allocation related changes in the future. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGGenerationInfo.h: (JSC::DFG::GenerationInfo::initConstant): (JSC::DFG::GenerationInfo::initInteger): (JSC::DFG::GenerationInfo::initJSValue): (JSC::DFG::GenerationInfo::initCell): (JSC::DFG::GenerationInfo::initBoolean): (JSC::DFG::GenerationInfo::initDouble): (JSC::DFG::GenerationInfo::initStorage): (JSC::DFG::GenerationInfo::use): * dfg/DFGGraph.h: (JSC::DFG::Graph::clearAndDerefChild1): (JSC::DFG::Graph::clearAndDerefChild2): (JSC::DFG::Graph::clearAndDerefChild3): * dfg/DFGNode.h: (JSC::DFG::Node::deref): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): (JSC::DFG::Propagator::fixupNode): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-18 Benjamin Poulain Remove the duplicated code from ASCIICType.h https://bugs.webkit.org/show_bug.cgi?id=74771 Reviewed by Andreas Kling. Use isASCIIDigit() and isASCIIAlpha() instead of copying the code. * wtf/ASCIICType.h: (WTF::isASCIIDigit): (WTF::isASCIIAlphanumeric): (WTF::isASCIIHexDigit): 2011-12-18 Anders Carlsson Set the main frame view scroll position asynchronously https://bugs.webkit.org/show_bug.cgi?id=74823 Reviewed by Sam Weinig. * JavaScriptCore.exp: 2011-12-10 Andreas Kling OpaqueJSClass: Remove RVCT2 workarounds. Reviewed by Benjamin Poulain. We no longer need workarounds for the RVCT2 compiler since it was only used for the Symbian port of WebKit which is now defunct. * API/JSClassRef.cpp: (OpaqueJSClass::OpaqueJSClass): (OpaqueJSClassContextData::OpaqueJSClassContextData): 2011-12-16 Benjamin Poulain Remove the duplicated code from ASCIICType.h https://bugs.webkit.org/show_bug.cgi?id=74771 Reviewed by Andreas Kling. The functions were sharing similar code and were defined for the various input types. Use templates instead to avoid code duplication. * wtf/ASCIICType.h: (WTF::isASCII): (WTF::isASCIIAlpha): (WTF::isASCIIAlphanumeric): (WTF::isASCIIDigit): (WTF::isASCIIHexDigit): (WTF::isASCIILower): (WTF::isASCIIOctalDigit): (WTF::isASCIIPrintable): (WTF::isASCIISpace): (WTF::isASCIIUpper): (WTF::toASCIILower): (WTF::toASCIIUpper): (WTF::toASCIIHexValue): (WTF::lowerNibbleToASCIIHexDigit): (WTF::upperNibbleToASCIIHexDigit): 2011-12-16 Filip Pizlo DFG OSR exit may get confused about where in the scratch buffer it stored a value https://bugs.webkit.org/show_bug.cgi?id=74695 Reviewed by Oliver Hunt. The code that reads from the scratch buffer now explicitly knows which locations to read from. No new tests, since this patch covers a case so uncommon that I don't know how to make a test for it. * dfg/DFGOSRExitCompiler.h: (JSC::DFG::OSRExitCompiler::badIndex): (JSC::DFG::OSRExitCompiler::initializePoisoned): (JSC::DFG::OSRExitCompiler::poisonIndex): * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): 2011-12-16 Oliver Hunt PutByVal[Alias] unnecessarily reloads the storage buffer https://bugs.webkit.org/show_bug.cgi?id=74747 Reviewed by Gavin Barraclough. Make PutByVal use GetIndexedStorage to load the storage buffer. This required switching PutByVal to a vararg node (which is responsible for most of the noise in this patch). This fixes the remaining portion of the kraken regression caused by the GetByVal storage load elimination, and a 1-5% win on some of the sub tests of the typed array benchmark at: http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGNode.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateArithNodeFlags): (JSC::DFG::Propagator::fixupNode): (JSC::DFG::Propagator::byValIndexIsPure): (JSC::DFG::Propagator::clobbersWorld): (JSC::DFG::Propagator::getByValLoadElimination): (JSC::DFG::Propagator::checkStructureLoadElimination): (JSC::DFG::Propagator::getByOffsetLoadElimination): (JSC::DFG::Propagator::getPropertyStorageLoadElimination): (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-16 Daniel Bates Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h Rubber-stamped by Antonio Gomes. BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h. * wtf/Assertions.cpp: 2011-12-16 Mark Hahnenberg De-virtualize destructors https://bugs.webkit.org/show_bug.cgi?id=74331 Reviewed by Geoffrey Garen. This is a megapatch which frees us from the chains of virtual destructors. In order to remove the virtual destructors, which are the last of the virtual functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to the cell rather than to the structure because in order to be able to lazily call the static destroy() functions that will replace the virtual destructors, we need to be able to access the ClassInfo without the danger of the object's Structure being collected before the object itself. After adding the ClassInfo to the cell, we can then begin to remove our use of vptrs for optimizations within the JIT and the GC. When we have removed all of the stored vptrs from JSGlobalData, we can then also remove all of the related VPtrStealingHack code. The replacement for virtual destructors will be to add a static destroy function pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has a non-trivial destructor will require its own static destroy function to static call its corresponding destructor, which will now be non-virtual. In future patches we will slowly move away from destructors altogether as we make more and more objects backed by GC memory rather than malloc-ed memory. The GC will now call the static destroy method rather than the virtual destructor. As we go through the hierarchy and add static destroy functions to classes, we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes to which it applies. The future goal is to eventually have every class have that assert. * API/JSCallbackConstructor.cpp: (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call ~JSCallbackConstructor because it has some extra destruction logic. * API/JSCallbackConstructor.h: * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction. * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject because it has a member OwnPtr that needs destruction. (JSC::::destroy): * API/JSCallbackObject.h: * JavaScriptCore.exp: Add/remove necessary symbols for JSC. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols. * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't have its own ClassInfo despite the fact that it overrides a number of MethodTable methods. Added the ClassInfo, along with an assertion that its destructor is trivial. * debugger/DebuggerActivation.h: * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray, isJSString, as it is no longer necessary. (JSC::DFG::putByVal): * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the JSArray ClassInfo pointer. (JSC::DFG::tryCacheGetByID): * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo comparisons since we don't have vptrs anymore. (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): (JSC::DFG::SpeculativeJIT::checkArgumentTypes): (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compare): (JSC::DFG::SpeculativeJIT::compileStrictEq): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: Ditto. (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): * dfg/DFGSpeculativeJIT32_64.cpp: Ditto. (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): (JSC::DFG::SpeculativeJIT::compileLogicalNot): (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): (JSC::DFG::SpeculativeJIT::emitBranch): (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: Ditto. (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): (JSC::DFG::SpeculativeJIT::compileLogicalNot): (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): (JSC::DFG::SpeculativeJIT::emitBranch): (JSC::DFG::SpeculativeJIT::compile): * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with ClassInfo comparisons. (JSC::Heap::Heap): * heap/MarkStack.cpp: Ditto. (JSC::MarkStackThreadSharedData::markingThreadMain): (JSC::visitChildren): (JSC::SlotVisitor::drain): * heap/MarkStack.h: Ditto. (JSC::MarkStack::MarkStack): * heap/MarkedBlock.cpp: Ditto. (JSC::MarkedBlock::callDestructor): (JSC::MarkedBlock::specializedSweep): * heap/MarkedBlock.h: Ditto. * heap/SlotVisitor.h: Ditto. (JSC::SlotVisitor::SlotVisitor): * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them. We'll have to rename this class and make it use ClassInfo ptrs in a future patch. (JSC::VTableSpectrum::count): * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray, etc. functions. (JSC::loadVarargs): (JSC::Interpreter::tryCacheGetByID): (JSC::Interpreter::privateExecute): * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting, remove all vtable related code. (JSC::JIT::emitLoadCharacterString): (JSC::JIT::emitAllocateBasicJSObject): (JSC::JIT::emitAllocateJSFinalObject): (JSC::JIT::emitAllocateJSFunction): * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo. (JSC::JIT::privateCompileCTIMachineTrampolines): (JSC::JIT::emit_op_to_primitive): (JSC::JIT::emit_op_convert_this): * jit/JITOpcodes32_64.cpp: Ditto. (JSC::JIT::privateCompileCTIMachineTrampolines): (JSC::JIT::emit_op_to_primitive): (JSC::JIT::emitSlow_op_eq): (JSC::JIT::emitSlow_op_neq): (JSC::JIT::compileOpStrictEq): (JSC::JIT::emit_op_convert_this): * jit/JITPropertyAccess.cpp: Ditto. (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::emit_op_get_by_val): (JSC::JIT::emitSlow_op_get_by_val): (JSC::JIT::emit_op_put_by_val): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::privateCompilePatchGetArrayLength): * jit/JITPropertyAccess32_64.cpp: Ditto. (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::emit_op_get_by_val): (JSC::JIT::emitSlow_op_get_by_val): (JSC::JIT::emit_op_put_by_val): (JSC::JIT::privateCompilePatchGetArrayLength): * jit/JITStubs.cpp: Remove global data argument from isJSString, etc. (JSC::JITThunks::tryCacheGetByID): (JSC::DEFINE_STUB_FUNCTION): * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff. (JSC::SpecializedThunkJIT::loadJSStringArgument): * runtime/ArrayConstructor.cpp: Add trivial destructor assert. * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray. (JSC::arrayProtoFuncToString): (JSC::arrayProtoFuncJoin): (JSC::arrayProtoFuncPop): (JSC::arrayProtoFuncPush): (JSC::arrayProtoFuncShift): (JSC::arrayProtoFuncSplice): (JSC::arrayProtoFuncUnShift): (JSC::arrayProtoFuncFilter): (JSC::arrayProtoFuncMap): (JSC::arrayProtoFuncEvery): (JSC::arrayProtoFuncForEach): (JSC::arrayProtoFuncSome): (JSC::arrayProtoFuncReduce): (JSC::arrayProtoFuncReduceRight): * runtime/BooleanConstructor.cpp: Add trivial destructor assert. * runtime/BooleanObject.cpp: Ditto. * runtime/BooleanPrototype.cpp: Ditto. * runtime/ClassInfo.h: Add destroy function pointer to MethodTable. * runtime/DateConstructor.cpp: Add trivial destructor assert. * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr that needs destruction. (JSC::DateInstance::destroy): * runtime/DateInstance.h: * runtime/Error.cpp: Ditto (because of UString member). (JSC::StrictModeTypeErrorFunction::destroy): * runtime/Error.h: * runtime/ErrorConstructor.cpp: Add trivial destructor assert. * runtime/ErrorInstance.cpp: Ditto. * runtime/ExceptionHelpers.cpp: Ditto. * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses. (JSC::ExecutableBase::destroy): (JSC::NativeExecutable::destroy): (JSC::ScriptExecutable::destroy): (JSC::EvalExecutable::destroy): (JSC::ProgramExecutable::destroy): (JSC::FunctionExecutable::destroy): * runtime/Executable.h: * runtime/FunctionConstructor.cpp: Add trivial destructor assert. * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray. (JSC::functionProtoFuncApply): * runtime/GetterSetter.cpp: Ditto. * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no longer exists. (JSC::initializeThreadingOnce): * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert, remove first arg from isJSString. (JSC::InternalFunction::displayName): * runtime/InternalFunction.h: Remove VPtrStealingHack. * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert. * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in destructor with ClassInfo checks. (JSC::JSArray::~JSArray): (JSC::JSArray::destroy): * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray and change them to check the ClassInfo rather than the vptrs. (JSC::isJSArray): * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray. (JSC::boundFunctionCall): (JSC::boundFunctionConstruct): * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks. (JSC::JSByteArray::~JSByteArray): (JSC::JSByteArray::destroy): * runtime/JSByteArray.h: Remove VPtrStealingHack code. (JSC::isJSByteArray): * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function. (JSC::JSCell::destroy): * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions, as they are no longer used. Add a validatedClassInfo function to JSCell for any clients that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the same one as that contained in the Structure. This isn't used too often, because most of the places where we compare the ClassInfo to things can be called during destruction. Since the Structure is unreliable during the phase when destructors are being called, we can't call validatedClassInfo. (JSC::JSCell::classInfoOffset): (JSC::JSCell::structure): (JSC::JSCell::classInfo): * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor, remove first arg from call to isJSString. (JSC::JSFunction::destroy): (JSC::JSFunction::displayName): * runtime/JSFunction.h: * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs, as these vptrs are no longer needed in the codebase. * runtime/JSGlobalData.h: (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use ClassInfo rather than the vptr. * runtime/JSGlobalObject.cpp: Add static destroy function. (JSC::JSGlobalObject::destroy): * runtime/JSGlobalObject.h: * runtime/JSGlobalThis.cpp: Add trivial destructor assert. * runtime/JSNotAnObject.cpp: Ditto. * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls. (JSC::Stringifier::Holder::appendNextProperty): (JSC::Walker::walk): * runtime/JSObject.cpp: (JSC::JSFinalObject::destroy): (JSC::JSNonFinalObject::destroy): (JSC::JSObject::destroy): * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code. (JSC::JSObject::finishCreation): (JSC::JSNonFinalObject::finishCreation): (JSC::JSFinalObject::finishCreation): (JSC::isJSFinalObject): * runtime/JSPropertyNameIterator.cpp: Add static destroy. (JSC::JSPropertyNameIterator::destroy): * runtime/JSPropertyNameIterator.h: * runtime/JSStaticScopeObject.cpp: Ditto. (JSC::JSStaticScopeObject::destroy): * runtime/JSStaticScopeObject.h: Ditto. * runtime/JSString.cpp: (JSC::JSString::destroy): * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code, since we no longer need to fixup vptrs. (JSC::jsSingleCharacterString): (JSC::jsSingleCharacterSubstring): (JSC::jsNontrivialString): (JSC::jsString): (JSC::jsSubstring8): (JSC::jsSubstring): (JSC::jsOwnedString): (JSC::jsStringBuilder): (JSC::isJSString): * runtime/JSVariableObject.cpp: (JSC::JSVariableObject::destroy): * runtime/JSVariableObject.h: Ditto. * runtime/JSWrapperObject.cpp: * runtime/JSWrapperObject.h: Add trivial destructor assert. * runtime/MathObject.cpp: Ditto. * runtime/NativeErrorConstructor.cpp: Ditto. * runtime/NumberConstructor.cpp: Ditto. * runtime/NumberObject.cpp: Ditto. * runtime/NumberPrototype.cpp: Ditto. * runtime/ObjectConstructor.cpp: Ditto. * runtime/ObjectPrototype.cpp: Ditto. * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString. (JSC::jsString): (JSC::jsLess): (JSC::jsLessEq): * runtime/RegExp.cpp: Add static destroy. (JSC::RegExp::destroy): * runtime/RegExp.h: * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray. (JSC::RegExpConstructor::destroy): (JSC::RegExpMatchesArray::destroy): * runtime/RegExpConstructor.h: * runtime/RegExpMatchesArray.h: * runtime/RegExpObject.cpp: Add static destroy. (JSC::RegExpObject::destroy): * runtime/RegExpObject.h: * runtime/ScopeChain.cpp: Add trivial destructor assert. * runtime/ScopeChain.h: * runtime/StrictEvalActivation.cpp: Ditto. * runtime/StringConstructor.cpp: * runtime/StringObject.cpp: Ditto. Remove vtableAnchor. * runtime/StringObject.h: * runtime/StringPrototype.cpp: Ditto. * runtime/Structure.cpp: Add static destroy. (JSC::Structure::destroy): * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h because they need to have the full Structure type to access the ClassInfo to store in the JSCell. (JSC::JSCell::setStructure): (JSC::JSCell::validatedClassInfo): (JSC::JSCell::JSCell): (JSC::JSCell::finishCreation): * runtime/StructureChain.cpp: Add static destroy. (JSC::StructureChain::destroy): * runtime/StructureChain.h: * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs ability to tell us when a class has a trivial destructor. We will use this assert more in future patches as we move toward having all JSC objects backed by GC memory, which means moving away from using destructors/finalizers. 2011-12-15 Martin Robinson Fix 'make dist' in preparation for the GTK+ release. * GNUmakefile.list.am: Add missing header. 2011-12-15 Sam Weinig JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly Reviewed by Gavin Barraclough. Original patch by Jim Grosbach. * jit/JITStubs.cpp: (JSC::ctiTrampoline): (JSC::ctiVMThrowTrampoline): Replace uses of the 'cpy' mnemonic with 'mov'. 2011-12-15 Filip Pizlo Value profiling should distinguished between NaN and non-NaN doubles https://bugs.webkit.org/show_bug.cgi?id=74682 Reviewed by Gavin Barraclough. Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union of the two. * bytecode/PredictedType.cpp: (JSC::predictionToString): (JSC::predictionFromValue): * bytecode/PredictedType.h: (JSC::isDoubleRealPrediction): (JSC::isDoublePrediction): 2011-12-15 Anders Carlsson Regression (r102866): Navigating away from or closing a page with a plugin crashes https://bugs.webkit.org/show_bug.cgi?id=74655 Reviewed by Sam Weinig. Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes, using a modified version of the technique described here: http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699 * wtf/Functional.h: 2011-12-15 Andy Wingo Warnings fixes in Interpreter.cpp and PrivateExecute.cpp https://bugs.webkit.org/show_bug.cgi?id=74624 Reviewed by Darin Adler. * interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): Fix variables unused in release mode. * wtf/ParallelJobsGeneric.cpp: (WTF::ParallelEnvironment::ParallelEnvironment): Fix signed/unsigned comparison warning, with a cast. 2011-12-15 Andy Wingo Use more macrology in JSC::Options https://bugs.webkit.org/show_bug.cgi?id=72938 Reviewed by Filip Pizlo. * runtime/Options.cpp: (JSC::Options::initializeOptions): * runtime/Options.h: Use macros to ensure that all heuristics are declared and have initializers. 2011-12-15 Anders Carlsson Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define https://bugs.webkit.org/show_bug.cgi?id=74639 Reviewed by Andreas Kling. Add ENABLE_THREADED_SCROLLING #define. * wtf/Platform.h: 2011-12-15 Anders Carlsson EventDispatcher should handle wheel events on the connection queue https://bugs.webkit.org/show_bug.cgi?id=74627 Reviewed by Andreas Kling. Add a BoundFunctionImpl specialization that takes three parameters. * wtf/Functional.h: (WTF::C::): (WTF::R): (WTF::bind): 2011-12-14 Anders Carlsson Add WTF::Function to wtf/Forward.h https://bugs.webkit.org/show_bug.cgi?id=74576 Reviewed by Adam Roben. * jsc.cpp: Work around a name conflict in the readline library. * wtf/Forward.h: Add Function. 2011-12-15 Igor Oliveira [Qt] Support requestAnimationFrame API https://bugs.webkit.org/show_bug.cgi?id=74528 Let Qt port use REQUEST_ANIMATION_FRAME_TIMER. Reviewed by Kenneth Rohde Christiansen. * wtf/Platform.h: 2011-12-15 Andy Wingo Minor refactor to Parser::parseTryStatement https://bugs.webkit.org/show_bug.cgi?id=74507 Reviewed by Geoffrey Garen. * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the Parser's declareVariable instead of going directly to the scope. This will facilitate future checks related to harmony block scoping. 2011-12-15 Andy Wingo Rename JSC::Heuristics to JSC::Options https://bugs.webkit.org/show_bug.cgi?id=72889 Reviewed by Filip Pizlo. * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp. * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/CodeBlock.cpp: (JSC::CodeBlock::shouldOptimizeNow): * bytecode/CodeBlock.h: (JSC::CodeBlock::likelyToTakeSlowCase): (JSC::CodeBlock::couldTakeSlowCase): (JSC::CodeBlock::likelyToTakeSpecialFastCase): (JSC::CodeBlock::likelyToTakeDeepestSlowCase): (JSC::CodeBlock::likelyToTakeAnySlowCase): (JSC::CodeBlock::reoptimizationRetryCounter): (JSC::CodeBlock::countReoptimization): (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp): (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp): (JSC::CodeBlock::optimizeNextInvocation): (JSC::CodeBlock::dontOptimizeAnytimeSoon): (JSC::CodeBlock::optimizeSoon): (JSC::CodeBlock::largeFailCountThreshold): (JSC::CodeBlock::largeFailCountThresholdForLoop): (JSC::CodeBlock::shouldReoptimizeNow): (JSC::CodeBlock::shouldReoptimizeFromLoopNow): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleInlining): * dfg/DFGCapabilities.h: (JSC::DFG::mightCompileEval): (JSC::DFG::mightCompileProgram): (JSC::DFG::mightCompileFunctionForCall): (JSC::DFG::mightCompileFunctionForConstruct): (JSC::DFG::mightInlineFunctionForCall): (JSC::DFG::mightInlineFunctionForConstruct): * dfg/DFGOSRExit.cpp: (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGVariableAccessData.h: (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): * heap/MarkStack.cpp: (JSC::MarkStackSegmentAllocator::allocate): (JSC::MarkStackSegmentAllocator::shrinkReserve): (JSC::MarkStackArray::MarkStackArray): (JSC::MarkStackArray::donateSomeCellsTo): (JSC::MarkStackArray::stealSomeCellsFrom): (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData): (JSC::SlotVisitor::donateSlow): (JSC::SlotVisitor::drain): (JSC::SlotVisitor::drainFromShared): * heap/MarkStack.h: (JSC::MarkStack::mergeOpaqueRootsIfProfitable): (JSC::MarkStack::addOpaqueRoot): (JSC::MarkStackArray::canDonateSomeCells): * heap/SlotVisitor.h: (JSC::SlotVisitor::donate): * jit/JIT.cpp: (JSC::JIT::emitOptimizationCheck): * runtime/InitializeThreading.cpp: (JSC::initializeThreadingOnce): Adapt callers and build systems. * testRegExp.cpp: (CommandLine::CommandLine): * jsc.cpp: (CommandLine::CommandLine): Rename from Options, to avoid name conflict. 2011-12-14 Sam Weinig Revert unintentional change to JavaScriptCore.def * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: 2011-12-14 Sam Weinig Remove whitespace from InheritedPropertySheets attributes in vsprops files to appease the Visual Studio project migrator. Reviewed by Adam Roben. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops: * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: * JavaScriptCore.vcproj/jsc/jscDebug.vsprops: * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops: * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops: * JavaScriptCore.vcproj/jsc/jscProduction.vsprops: * JavaScriptCore.vcproj/jsc/jscRelease.vsprops: * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops: * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops: * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops: * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops: * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops: * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops: * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops: 2011-12-14 Anders Carlsson binding a member function should ref/deref the object pointer if needed https://bugs.webkit.org/show_bug.cgi?id=74552 Reviewed by Sam Weinig. Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref member functions which the right type. Use this to determine if we should ref/deref the first parameter. * wtf/Functional.h: (WTF::R): (WTF::C::): (WTF::RefAndDeref::ref): (WTF::RefAndDeref::deref): 2011-12-14 Hajime Morrita JS_INLINE and WTF_INLINE should be visible from WebCore https://bugs.webkit.org/show_bug.cgi?id=73191 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. Reviewed by Kevin Ollivier. * JavaScriptCore.xcodeproj/project.pbxproj: * config.h: * runtime/JSExportMacros.h: Added. * wtf/ExportMacros.h: * wtf/Platform.h: * wtf/WTFThreadData.h: * wtf/text/AtomicString.h: * wtf/text/StringStatics.cpp: 2011-12-14 Anders Carlsson Work around a bug in the MSVC2005 compiler https://bugs.webkit.org/show_bug.cgi?id=74550 Reviewed by Sam Weinig. Add template parameters for the return types of the partial specializations of BoundFunctionImpl. * wtf/Functional.h: (WTF::R): 2011-12-13 Jon Lee Enable notifications on Mac. Reviewed by Sam Weinig. * Configurations/FeatureDefines.xcconfig: 2011-12-14 David Kilzer Remove definition of old ENABLE(YARR) macro Reviewed by Darin Adler. * wtf/Platform.h: Removed ENABLE_YARR macros. 2011-12-14 Anders Carlsson bind should handle member functions https://bugs.webkit.org/show_bug.cgi?id=74529 Reviewed by Sam Weinig. Add FunctionWrapper partial specializations for member function pointers. * wtf/Functional.h: (WTF::C::): 2011-12-14 Gavin Barraclough DFG relies on returning a struct in registers https://bugs.webkit.org/show_bug.cgi?id=74527 Reviewed by Geoff Garen. This will not work on all platforms. Returning a uint64_t will more reliably achieve what we want, on 32-bit platforms (on 64-bit, stick with the struct return). * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: (JSC::DFG::DFGHandler::dfgHandlerEncoded): 2011-12-14 Anders Carlsson Add unary and binary bind overloads https://bugs.webkit.org/show_bug.cgi?id=74524 Reviewed by Sam Weinig. * wtf/Functional.h: (WTF::R): (WTF::FunctionWrapper::ResultType): (WTF::bind): 2011-12-14 Anders Carlsson Add back the callOnMainThread overload that takes a WTF::Function https://bugs.webkit.org/show_bug.cgi?id=74512 Reviewed by Darin Adler. Add back the overload; the changes to WebCore should hopefully keep Windows building. * wtf/MainThread.cpp: (WTF::callFunctionObject): (WTF::callOnMainThread): * wtf/MainThread.h: 2011-12-13 Filip Pizlo DFG should infer when local variables are doubles https://bugs.webkit.org/show_bug.cgi?id=74480 Reviewed by Oliver Hunt. Introduced the notion that a local variable (though not an argument, yet!) can be stored as a double, and will be guaranteed to always contain a double. This requires more magic in the OSR (conversion in both entry and exit). The inference is quite unorthodox: all uses of a variable vote on whether they think it should be a double or a JSValue, based on how they use it. If they use it in an integer or boxed value context, they vote JSValue. If they use it in a double context, they vote double. This voting is interleaved in the propagator's fixpoint, so that variables voted double then have a double prediction propagated from them. This interleaving is needed because a variable that actually always contains an integer that always gets used in arithmetic that involves doubles may end up being voted double, which then means that all uses of the variable will see a double rather than an integer. This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7% to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial. It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall win on SunSpider. * bytecode/ValueRecovery.h: (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble): (JSC::ValueRecovery::dump): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::boxDouble): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::dump): * dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::noticeOSREntry): * dfg/DFGOSREntry.cpp: (JSC::DFG::prepareOSREntry): * dfg/DFGOSREntry.h: * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::vote): (JSC::DFG::Propagator::doRoundOfDoubleVoting): (JSC::DFG::Propagator::propagatePredictions): (JSC::DFG::Propagator::fixupNode): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::ValueSource::dump): (JSC::DFG::SpeculativeJIT::compile): (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGVariableAccessData.h: (JSC::DFG::VariableAccessData::VariableAccessData): (JSC::DFG::VariableAccessData::clearVotes): (JSC::DFG::VariableAccessData::vote): (JSC::DFG::VariableAccessData::doubleVoteRatio): (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote): (JSC::DFG::VariableAccessData::shouldUseDoubleFormat): (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat): * runtime/Arguments.cpp: (JSC::Arguments::tearOff): * runtime/Heuristics.cpp: (JSC::Heuristics::initializeHeuristics): * runtime/Heuristics.h: 2011-12-13 Anders Carlsson Try to fix the Windows build. Remove the callOnMainThread overload that takes a WTF::Function since it's not being used. * wtf/MainThread.cpp: * wtf/MainThread.h: 2011-12-13 Anders Carlsson Add a very bare-bones implementation of bind and Function to WTF https://bugs.webkit.org/show_bug.cgi?id=74462 Reviewed by Sam Weinig. In order to make it easier to package up function calls and send them across threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new wtf/Functional.h header. Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied, but I'll add more as the need arises. * GNUmakefile.list.am: * JavaScriptCore.gypi: * JavaScriptCore.vcproj/WTF/WTF.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * wtf/Functional.h: Added. (WTF::R): (WTF::FunctionImplBase::~FunctionImplBase): (WTF::FunctionWrapper::ResultType): (WTF::FunctionBase::isNull): (WTF::FunctionBase::FunctionBase): (WTF::FunctionBase::impl): (WTF::bind): * wtf/MainThread.cpp: (WTF::callFunctionObject): (WTF::callOnMainThread): * wtf/MainThread.h: * wtf/wtf.pro: 2011-12-13 Geoffrey Garen GC Crash introduced in r102545 Reviewed by Gavin Barraclough. MarkedArgumentBuffer was still marking items in forwards order, even though the argument order has been reversed. I fixed this bug, and replaced address calculation code with some helper functions -- mallocBase() and slotFor() -- so it stays fixed everywhere. * runtime/ArgList.cpp: (JSC::MarkedArgumentBuffer::markLists): (JSC::MarkedArgumentBuffer::slowAppend): * runtime/ArgList.h: (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): (JSC::MarkedArgumentBuffer::at): (JSC::MarkedArgumentBuffer::append): (JSC::MarkedArgumentBuffer::last): (JSC::MarkedArgumentBuffer::slotFor): (JSC::MarkedArgumentBuffer::mallocBase): 2011-12-13 Filip Pizlo DFG OSR exit for UInt32ToNumber should roll forward, not roll backward https://bugs.webkit.org/show_bug.cgi?id=74463 Reviewed by Gavin Barraclough. Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing how to execute the slow path of UInt32ToNumber. * bytecode/CodeBlock.h: (JSC::CodeBlock::lastOSRExit): * bytecode/CodeOrigin.h: (JSC::CodeOrigin::operator!=): * bytecode/ValueRecovery.h: (JSC::ValueRecovery::uint32InGPR): (JSC::ValueRecovery::gpr): (JSC::ValueRecovery::dump): * dfg/DFGAssemblyHelpers.cpp: * dfg/DFGAssemblyHelpers.h: * dfg/DFGOSRExit.h: (JSC::DFG::OSRExit::valueRecoveryForOperand): * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber): (JSC::DFG::SpeculativeJIT::compile): 2011-12-13 Oliver Hunt Arguments object doesn't handle mutation of length property correctly https://bugs.webkit.org/show_bug.cgi?id=74454 Reviewed by Gavin Barraclough. Correct handling of arguments objects with overridden length property * interpreter/Interpreter.cpp: (JSC::loadVarargs): * runtime/Arguments.cpp: (JSC::Arguments::copyToArguments): (JSC::Arguments::fillArgList): 2011-12-13 Filip Pizlo DFG GetByVal CSE rule should match PutByValAlias https://bugs.webkit.org/show_bug.cgi?id=74390 Reviewed by Geoff Garen. Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider. * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::getByValLoadElimination): 2011-12-13 Andy Wingo Fix interpreter debug build. https://bugs.webkit.org/show_bug.cgi?id=74439 Reviewed by Geoffrey Garen. * bytecode/ValueRecovery.h: Include stdio.h on debug builds. 2011-12-13 Filip Pizlo DFG should know exactly why recompilation was triggered https://bugs.webkit.org/show_bug.cgi?id=74362 Reviewed by Oliver Hunt. Each OSR exit is now individually counted, as well as counting the total number of OSR exits that occurred in a code block. If recompilation is triggered, we check to see if there are OSR exit sites that make up a sufficiently large portion of the total OSR exits that occurred. For any such OSR exit sites, we add a description of the site (bytecode index, kind) to a data structure in the corresponding baseline CodeBlock. Then, when we recompile the code, we immediately know which speculations would be unwise based on the fact that previous such speculations proved to be fruitless. This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue, and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less than 0.5%. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/CodeBlock.cpp: (JSC::CodeBlock::tallyFrequentExitSites): * bytecode/CodeBlock.h: (JSC::CodeBlock::addFrequentExitSite): (JSC::CodeBlock::exitProfile): (JSC::CodeBlock::reoptimize): (JSC::CodeBlock::tallyFrequentExitSites): * bytecode/DFGExitProfile.cpp: Added. (JSC::DFG::ExitProfile::ExitProfile): (JSC::DFG::ExitProfile::~ExitProfile): (JSC::DFG::ExitProfile::add): (JSC::DFG::QueryableExitProfile::QueryableExitProfile): (JSC::DFG::QueryableExitProfile::~QueryableExitProfile): * bytecode/DFGExitProfile.h: Added. (JSC::DFG::exitKindToString): (JSC::DFG::exitKindIsCountable): (JSC::DFG::FrequentExitSite::FrequentExitSite): (JSC::DFG::FrequentExitSite::operator!): (JSC::DFG::FrequentExitSite::operator==): (JSC::DFG::FrequentExitSite::hash): (JSC::DFG::FrequentExitSite::bytecodeOffset): (JSC::DFG::FrequentExitSite::kind): (JSC::DFG::FrequentExitSite::isHashTableDeletedValue): (JSC::DFG::FrequentExitSiteHash::hash): (JSC::DFG::FrequentExitSiteHash::equal): (JSC::DFG::QueryableExitProfile::hasExitSite): * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock): (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::makeSafe): (JSC::DFG::ByteCodeParser::makeDivSafe): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleIntrinsic): (JSC::DFG::ByteCodeParser::parseBlock): (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): * dfg/DFGOSRExit.cpp: (JSC::DFG::OSRExit::OSRExit): (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow): * dfg/DFGOSRExit.h: (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite): * dfg/DFGOSRExitCompiler.cpp: * dfg/DFGOSRExitCompiler32_64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGOSRExitCompiler64.cpp: (JSC::DFG::OSRExitCompiler::compileExit): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality): (JSC::DFG::SpeculativeJIT::checkArgumentTypes): (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): (JSC::DFG::SpeculativeJIT::compileGetByValOnString): (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject): (JSC::DFG::SpeculativeJIT::compileSoftModulo): (JSC::DFG::SpeculativeJIT::compileArithMul): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::speculationCheck): (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compileObjectEquality): (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): (JSC::DFG::SpeculativeJIT::compileLogicalNot): (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch): (JSC::DFG::SpeculativeJIT::emitBranch): (JSC::DFG::SpeculativeJIT::compile): * runtime/Heuristics.cpp: (JSC::Heuristics::initializeHeuristics): * runtime/Heuristics.h: 2011-12-13 Michael Saboff Cleanup of StringImpl::equal in r102631 post commit https://bugs.webkit.org/show_bug.cgi?id=74421 Reviewed by Darin Adler. * wtf/text/AtomicString.h: (WTF::operator==): Removed cast no longer needed. * wtf/text/StringImpl.h: (WTF::equal): Changed template to several overloaded methods. 2011-12-12 Michael Saboff Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h https://bugs.webkit.org/show_bug.cgi?id=73622 Reviewed by Oliver Hunt. Moved equal(charType1 *, charType2, unsigned) template methods from static StringImpl.cpp to StringImpl.h and then replaced the processor specific character comparison code in StringHash::equal with calls to these methods. This change is worth 3% on SunSpider string-unpack-code as reported by the SunSpider command line harness. No other tests appear to have measurable performance changes. * wtf/text/AtomicString.h: (WTF::operator==): * wtf/text/StringHash.h: (WTF::StringHash::equal): * wtf/text/StringImpl.cpp: * wtf/text/StringImpl.h: (WTF::LChar): (WTF::UChar): (WTF::equal): 2011-12-12 Filip Pizlo ARMv7 version of DFG soft modulo does register allocation inside of control flow https://bugs.webkit.org/show_bug.cgi?id=74354 Reviewed by Gavin Barraclough. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileSoftModulo): 2011-12-12 Andy Wingo Simplify autotools configure.ac https://bugs.webkit.org/show_bug.cgi?id=74312 Reviewed by Martin Robinson. * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags. 2011-12-12 Filip Pizlo DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber https://bugs.webkit.org/show_bug.cgi?id=74329 Reviewed by Gavin Barraclough. * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::getByValLoadElimination): 2011-12-09 Alexander Pavlov WebKit does not enumerate over CSS properties in HTMLElement.style https://bugs.webkit.org/show_bug.cgi?id=23946 Reviewed by Darin Adler. Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, introduce an std::sort() comparator function. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * wtf/text/WTFString.h: (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. 2011-12-12 Alexander Pavlov Unreviewed, build fix. Revert r102570 which broke SnowLeopard builders. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * wtf/text/WTFString.h: 2011-12-09 Alexander Pavlov WebKit does not enumerate over CSS properties in HTMLElement.style https://bugs.webkit.org/show_bug.cgi?id=23946 Reviewed by Darin Adler. Add a few exports to follow the JSCSSStyleDeclaration.cpp changes, introduce an std::sort() comparator function. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * wtf/text/WTFString.h: (WTF::codePointCompareLessThan): Used by std::sort() to sort properties. 2011-12-12 Carlos Garcia Campos Unreviewed. Fix make distcheck issues. * GNUmakefile.list.am: 2011-12-11 Sam Weinig Fix another signed vs. unsigned warning * runtime/ArgList.h: (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): 2011-12-11 Sam Weinig Fix a signed vs. unsigned warning. * runtime/ArgList.cpp: (JSC::MarkedArgumentBuffer::slowAppend): Cast inlineCapacity to an int to appease the warning. This is known OK since inlineCapacity is defined to be 8. 2011-12-11 Geoffrey Garen Rolled out *another* debugging change I committed accidentally. Unreviewed. * Configurations/Base.xcconfig: 2011-12-11 Geoffrey Garen Rolled out a debug counter I committed accidentally. Unreviewed. * jit/JITStubs.cpp: (JSC::arityCheckFor): 2011-12-10 Geoffrey Garen v8 benchmark takes 12-13 million function call slow paths due to extra arguments https://bugs.webkit.org/show_bug.cgi?id=74244 Reviewed by Filip Pizlo. .arguments function of order the Reversed 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken and SunSpider. * bytecode/CodeBlock.h: (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface to this function is an argument number. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitConstruct): (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame helper functions for computing offsets for arguments, rather than doing the math by hand. Switched to iterating argument offsets backwards (--) instead of forwards (++). * bytecompiler/BytecodeGenerator.h: (JSC::CallArguments::thisRegister): (JSC::CallArguments::argumentRegister): (JSC::CallArguments::registerOffset): Updated for arguments being reversed. * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order. * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::getArgument): (JSC::DFG::ByteCodeParser::setArgument): (JSC::DFG::ByteCodeParser::flush): (JSC::DFG::ByteCodeParser::addCall): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::handleMinMax): (JSC::DFG::ByteCodeParser::handleIntrinsic): (JSC::DFG::ByteCodeParser::parseBlock): (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices that just-in-time convert to bytecode operands (i.e., indexes in the register file) through helper functions. This means only one piece of code needs to know how arguments are laid out in the register file. * dfg/DFGGraph.cpp: (JSC::DFG::Graph::dump): Ditto. * dfg/DFGGraph.h: (JSC::DFG::Graph::valueProfileFor): Ditto. * dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch: Treat too many arguments as an arity match. * dfg/DFGOSRExit.h: (JSC::DFG::OSRExit::variableForIndex): (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above. * dfg/DFGOperands.h: (JSC::DFG::operandToArgument): (JSC::DFG::argumentToOperand): These are now the only two lines of code in the DFG compiler that know how arguments are laid out in memory. (JSC::DFG::Operands::operand): (JSC::DFG::Operands::setOperand): Use helper functions, as above. * dfg/DFGOperations.cpp: The whole point of this patch: Treat too many arguments as an arity match. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. Also, don't tag the caller frame slot as a cell, because it's not a cell. * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above. (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed argument virtual register instead of recomputing by hand. * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callFrameSlot): (JSC::DFG::SpeculativeJIT::argumentSlot): (JSC::DFG::SpeculativeJIT::callFrameTagSlot): (JSC::DFG::SpeculativeJIT::callFramePayloadSlot): (JSC::DFG::SpeculativeJIT::argumentTagSlot): (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper functions for dealing with callee arguments specifically. These still build on top of our other helper functions, and have no direct knowledge of how arguments are laid out in the register file. (JSC::DFG::SpeculativeJIT::resetCallArguments): (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to argumentOffset to match CallFrame naming. (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper functions, as above. * interpreter/CallFrame.h: (JSC::ExecState::argumentOffset): (JSC::ExecState::argumentOffsetIncludingThis): (JSC::ExecState::argument): (JSC::ExecState::setArgument): (JSC::ExecState::thisArgumentOffset): (JSC::ExecState::thisValue): (JSC::ExecState::setThisValue): (JSC::ExecState::offsetFor): (JSC::ExecState::hostThisRegister): (JSC::ExecState::hostThisValue): Added a bunch of helper functions for computing where an argument is in the register file. Anything in the runtime that needs to access arguments should use these helpers. * interpreter/CallFrameClosure.h: (JSC::CallFrameClosure::setThis): (JSC::CallFrameClosure::setArgument): (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now that too many arguments counts as an arity match and doesn't require preserving two copies of our arguments. * interpreter/Interpreter.cpp: (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something special if the caller provided too few arguments. Key simplification: We never need to maintain two copies of our arguments anymore. (JSC::eval): (JSC::loadVarargs): Use helper functions. (JSC::Interpreter::unwindCallFrame): Updated for new interface. (JSC::Interpreter::execute): (JSC::Interpreter::executeCall): (JSC::Interpreter::executeConstruct): (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper functions. (JSC::Interpreter::privateExecute): No need to check for stack overflow when calling host functions because they have zero callee registers. (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments object, since there's no special constructor for this anymore. * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some workers tests were hitting stack overflow in some of my testing. We should make this test more exact in future. * interpreter/RegisterFile.h: Death to all runtime knowledge of argument location that does not belong to the CallFrame class! * jit/JIT.cpp: (JSC::JIT::privateCompile): I am a broken record and I use helper functions. Also, the whole point of this patch: Treat too many arguments as an arity match. * jit/JITCall32_64.cpp: (JSC::JIT::compileLoadVarargs): * jit/JITCall.cpp: (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use helper functions, for backwards-correctness. Removed the condition pertaining to declared argument count because, now that arguments are always in just one place, this optimization is valid for all functions. Standardized the if predicate for each line of the optimization. This might fix a bug, but I couldn't get the bug to crash in practice. * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_create_arguments): (JSC::JIT::emit_op_get_argument_by_val): (JSC::JIT::emitSlow_op_get_argument_by_val): * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_create_arguments): (JSC::JIT::emit_op_get_argument_by_val): (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params optimization because it's no longer an optimization, now that arguments are always contiguous in a known location. Updated argument access opcode math for backwards-correctness. * jit/JITStubs.cpp: (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This function is slightly different because it copies the call frame in addition to the arguments. (In the Interpreter, the call frame is not set up by this point.) (JSC::lazyLinkFor): The whole point of this patch: Treat too many arguments as an arity match. (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff(). * jit/JITStubs.h: * jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadDoubleArgument): (JSC::SpecializedThunkJIT::loadCellArgument): (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They build strong bones and teeth! * runtime/ArgList.cpp: (JSC::ArgList::getSlice): (JSC::MarkedArgumentBuffer::slowAppend): * runtime/ArgList.h: (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer): (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer): (JSC::MarkedArgumentBuffer::at): (JSC::MarkedArgumentBuffer::clear): (JSC::MarkedArgumentBuffer::append): (JSC::MarkedArgumentBuffer::removeLast): (JSC::MarkedArgumentBuffer::last): (JSC::ArgList::ArgList): (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't play nice with backwards-ness, so I changed to using manual allocation. Fixed a FIXME about not all values being marked in the case of out-of-line arguments. I had to rewrite the loop anyway, and I didn't feel like maintaining fidelity to its old bugs. * runtime/Arguments.cpp: (JSC::Arguments::visitChildren): (JSC::Arguments::copyToArguments): (JSC::Arguments::fillArgList): (JSC::Arguments::getOwnPropertySlotByIndex): (JSC::Arguments::getOwnPropertySlot): (JSC::Arguments::getOwnPropertyDescriptor): (JSC::Arguments::putByIndex): (JSC::Arguments::put): (JSC::Arguments::tearOff): * runtime/Arguments.h: (JSC::Arguments::create): (JSC::Arguments::Arguments): (JSC::Arguments::argument): (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted lots of tricky code designed to maintain two different copies of function arguments. Now that arguments are always contiguous in one place in memory, this complexity can go away. Reduced down to one create function for the Arguments class, from three. Moved tearOff() into an out-of-line function because it's huge. Moved logic about whether to tear off eagerly into the Arguments class, so we didn't have to duplicate it elsewhere. * runtime/JSActivation.cpp: (JSC::JSActivation::JSActivation): (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to m_numCapturedArgs because if the value really were m_numParametersMinusThis we would be marking too much. (We shouldn't mark 'this' because it can't be captured.) Also, use helper functions. * runtime/JSActivation.h: (JSC::JSActivation::tearOff): Use helper functions. * runtime/JSArray.cpp: (JSC::JSArray::copyToArguments): * runtime/JSArray.h: Use helper functions, as above. 2011-12-10 Mark Hahnenberg JSC testapi is crashing on Windows https://bugs.webkit.org/show_bug.cgi?id=74233 Reviewed by Sam Weinig. Same error we've encountered before where we are calling the wrong version of visitChildren and objects that are still reachable aren't getting marked. This problem will go away soon with the removal of vptrs for these sorts of optimizations in favor of using the ClassInfo, but for now we can simply give JSFinalObject a bogus virtual method that Visual Studio can't optimize away to ensure that JSFinalObject will always have a unique vptr. We don't have to worry about JSString or JSArray right now, which are the other two special cases for visitChildren, since they already have their own virtual functions. * JavaScriptCore.exp: * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: * runtime/JSObject.cpp: (JSC::JSFinalObject::vtableAnchor): * runtime/JSObject.h: 2011-12-10 Alexis Menard Unused variable in YarrJIT.cpp. https://bugs.webkit.org/show_bug.cgi?id=74237 Reviewed by Andreas Kling. Variable is set but not used so we can remove it. * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 2011-12-09 Filip Pizlo DFG ArithMul power-of-two case does not check for overflow https://bugs.webkit.org/show_bug.cgi?id=74230 Reviewed by Gavin Barraclough. Disabled power-of-2 peephole optimization for multiplication, because it was wrong, and any attempt to fix it would likely introduce code bloat and register pressure. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileArithMul): 2011-12-09 David Levin REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock https://bugs.webkit.org/show_bug.cgi?id=73886 Reviewed by Darin Adler. * runtime/SymbolTable.h: (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads. Bug 58091 is about changing these deprecated calls to something else but that something else will still need to be in all of these places. 2011-12-09 Konrad Piascik Remove unnecessary file DissasemblerARM.cpp from build system https://bugs.webkit.org/show_bug.cgi?id=74184 Reviewed by Daniel Bates. * PlatformBlackBerry.cmake: 2011-12-09 Filip Pizlo DFG's interpretation of rare case profiles should be frequency-based not count-based https://bugs.webkit.org/show_bug.cgi?id=74170 Reviewed by Geoff Garen. DFG optimizes for rare cases only when the rare case counter is above some threshold and it also constitutes a large enough fraction of total function executions. Also added some minor debug logic. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): * bytecode/CodeBlock.h: (JSC::CodeBlock::likelyToTakeSlowCase): (JSC::CodeBlock::couldTakeSlowCase): (JSC::CodeBlock::likelyToTakeSpecialFastCase): (JSC::CodeBlock::likelyToTakeDeepestSlowCase): (JSC::CodeBlock::likelyToTakeAnySlowCase): (JSC::CodeBlock::executionEntryCount): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::makeSafe): (JSC::DFG::ByteCodeParser::makeDivSafe): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGDriver.cpp: (JSC::DFG::compile): * jit/JIT.cpp: (JSC::JIT::privateCompile): * runtime/Heuristics.cpp: (JSC::Heuristics::initializeHeuristics): * runtime/Heuristics.h: 2011-12-09 Oliver Hunt PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage https://bugs.webkit.org/show_bug.cgi?id=74223 Reviewed by Geoffrey Garen. Don't clobber GetIndexedPropertyStorage when we see PutByValAlias * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): 2011-12-09 David Levin Hash* iterators should allow comparison between const and const versions. https://bugs.webkit.org/show_bug.cgi?id=73370 Reviewed by Darin Adler. * wtf/HashTable.h: Add the operators needed to do this. (WTF::HashTableConstIterator::operator==): (WTF::HashTableConstIterator::operator!=): (WTF::HashTableIterator::operator==): (WTF::HashTableIterator::operator!=): (WTF::operator==): (WTF::operator!=): 2011-12-09 Michael Saboff YARR: Multi-character read optimization for 8bit strings https://bugs.webkit.org/show_bug.cgi?id=74191 Reviewed by Oliver Hunt. Changed generatePatternCharacterOnce to generate code for 1 to 4 characters in the 8 bit case. This is worth 29% improvement on SunSpider regexp-dna test. It provides no benefit to v8-regexp. * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment. 2011-12-09 David Levin Regression(r53595): Sync xhr requests in workers aren't terminated on worker close. https://bugs.webkit.org/show_bug.cgi?id=71695 Reviewed by Zoltan Herczeg. * wtf/MessageQueue.h: (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages even after the queue has been killed. This is useful when one wants to kill a queue but then go through it to run clean up tasks from it. 2011-12-09 Adrienne Walker Fix HashMap<..., OwnPtr<...> >::add compilation errors https://bugs.webkit.org/show_bug.cgi?id=74159 Reviewed by Darin Adler. Add a constructor to OwnPtr that takes the empty value (nullptr_t) from HashTraits so that this function can compile. * wtf/OwnPtr.h: (WTF::OwnPtr::OwnPtr): 2011-12-09 Oliver Hunt Avoid reloading storage pointer for indexed properties unnecessarily https://bugs.webkit.org/show_bug.cgi?id=74136 Reviewed by Filip Pizlo. Add a node to represent loading property storage for indexed properties. This allows us to reduce code generated for sequential access of arrays, strings, etc. This results in up to 5% improvement in code that is very heavy on indexed reads, such as matrix operations in typed arrays and 20% faster on microbenchmarks. Currently this is only supported by GetByVal and other similar indexed reads. * bytecode/PredictedType.h: (JSC::isFixedIndexedStorageObjectPrediction): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleIntrinsic): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGNode.h: * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): (JSC::DFG::Propagator::fixupNode): (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt): (JSC::DFG::SpeculativeJIT::compileGetByValOnString): (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-12-08 Fady Samuel [Chromium] Enable viewport metatag https://bugs.webkit.org/show_bug.cgi?id=73495 Reviewed by Darin Fisher. * wtf/Platform.h: Added ENABLE(VIEWPORT) tag. 2011-12-08 Adam Klein Use HashMap> in ChildListMutationScope https://bugs.webkit.org/show_bug.cgi?id=73964 Reviewed by Darin Adler. * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs. 2011-12-08 Thouraya ANDOLSI https://bugs.webkit.org/show_bug.cgi?id=74005 fix unaligned access memory in generatePatternCharacterOnce function for SH4 platforms. Reviewed by Gavin Barraclough. * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::load16Unaligned): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::load16Unaligned): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::load16Unaligned): * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::lshift32): (JSC::MacroAssemblerSH4::load8): (JSC::MacroAssemblerSH4::load16): (JSC::MacroAssemblerSH4::load16Unaligned): (JSC::MacroAssemblerSH4::branch8): * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::load16Unaligned): * jit/JIT.h: * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce): 2011-12-08 Michael Saboff Add 8 bit paths for StringTypeAdapter classes https://bugs.webkit.org/show_bug.cgi?id=73882 Reviewed by Darin Adler. Added is8Bit() method and writeTo(LChar*) methods to StringTypeAdapter<> classes. The writeTo(LChar*) method can be used if is8Bit() returns true. The non-native 8 bit classes contain ASSERT(is8Bit()) in their writeTo(LChar*). Updated all of the various versions of tryMakeString() to use 8 bit processing in the updated StringTypeAdapter<> classes. This has slight if any performance improvement on kraken. * runtime/UStringConcatenate.h: * wtf/text/StringConcatenate.h: (WTF::tryMakeString): * wtf/text/StringOperators.h: (WTF::StringAppend::is8Bit): (WTF::StringAppend::writeTo): 2011-12-07 Filip Pizlo DFG CSE should know that CheckFunction is pure https://bugs.webkit.org/show_bug.cgi?id=74044 Reviewed by Oliver Hunt. Possible slight win on V8, no regressions. * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::checkFunctionElimination): 2011-12-07 Michael Saboff StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing. https://bugs.webkit.org/show_bug.cgi?id=73995 Reviewed by Geoffrey Garen. Problem was that a call to characters on an StringImpl associated with a StringBuilder that is being appended to gets stale. Added a new m_valid16BitShadowlen that keeps the length of the 16 bit shadow that has been upconverted or will be up converted with the first getCharacters(). When StringBuilder::characters or ::reifyString is called, further characters are upconverted if we have a shadow16bit copy and the m_valid16BitShadowlen is updated. * JavaScriptCore.exp: * wtf/text/StringBuilder.cpp: (WTF::StringBuilder::reifyString): * wtf/text/StringBuilder.h: (WTF::StringBuilder::StringBuilder): (WTF::StringBuilder::characters): (WTF::StringBuilder::clear): Cleaned up as part of the change. * wtf/text/StringImpl.cpp: (WTF::StringImpl::getData16SlowCase): (WTF::StringImpl::upconvertCharacters): * wtf/text/StringImpl.h: 2011-12-07 Filip Pizlo Compare and Swap should be enabled on ARMv7 https://bugs.webkit.org/show_bug.cgi?id=74023 Reviewed by Geoff Garen. Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC. It gives the expected speed-up on multi-core ARMv7 devices. * wtf/Atomics.h: (WTF::weakCompareAndSwap): * wtf/Platform.h: 2011-12-07 Filip Pizlo DFG CSE is overzealous with GetByVal https://bugs.webkit.org/show_bug.cgi?id=74042 Reviewed by Oliver Hunt. Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal is tested in all places that matter. * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::byValIsPure): (JSC::DFG::Propagator::clobbersWorld): (JSC::DFG::Propagator::getByValLoadElimination): (JSC::DFG::Propagator::checkStructureLoadElimination): (JSC::DFG::Propagator::getByOffsetLoadElimination): (JSC::DFG::Propagator::getPropertyStorageLoadElimination): (JSC::DFG::Propagator::performNodeCSE): 2011-12-07 Sheriff Bot Unreviewed, rolling out r102267. http://trac.webkit.org/changeset/102267 https://bugs.webkit.org/show_bug.cgi?id=74032 Breaks build on Chromium Mac Debug (Requested by aklein on #webkit). * wtf/HashTraits.h: 2011-12-07 Adam Klein Use HashMap> in ChildListMutationScope https://bugs.webkit.org/show_bug.cgi?id=73964 Reviewed by Ryosuke Niwa. * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null. 2011-12-07 Filip Pizlo Non-Mac devices should benefit from a larger heap https://bugs.webkit.org/show_bug.cgi?id=74015 Reviewed by Geoff Garen. Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in Heap.cpp, and got in the way of having more granular, per-platform control over what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB). * heap/Heap.cpp: (JSC::GCTimer::heapSizeForHint): * wtf/Platform.h: 2011-11-30 Simon Hausmann [Qt] V8 build fixes. Reviewed by Tor Arne Vestbø. * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in VPATH. Prefix SOURCES correctly and make sure that runtime/ is in the include search path when building with v8. 2011-12-06 Filip Pizlo Zapping a block that is Marked leads to dead objects being mistaken for live ones https://bugs.webkit.org/show_bug.cgi?id=73982 Reviewed by Geoff Garen. Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally, the code asserts that: - If we zap a Marked or Zapped block then the free list is empty, because this can only happen if the block was never free-listed. - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated blocks are those that cannot be referred to by SizeClass::currentBlock (since SizeClass::currentBlock only refers to blocks that are candidates for allocation, and Allocated blocks are those who have been exhausted by allocation and will not be allocated from again), and New blocks cannot be referred to by anything except during a brief window inside the allocation slow-path. * heap/MarkedBlock.cpp: (JSC::MarkedBlock::zapFreeList): 2011-12-06 Filip Pizlo DFG 32_64 call linking does not handle non-cell callees correctly https://bugs.webkit.org/show_bug.cgi?id=73965 Reviewed by Sam Weinig. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): 2011-12-06 Sam Weinig Remove unintentional type name shadowing in the Interpreter https://bugs.webkit.org/show_bug.cgi?id=73963 Reviewed by Oliver Hunt. * interpreter/Interpreter.cpp: (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable, which shadows the FunctionExecutable type name, with functionExecutable. 2011-12-06 Michael Saboff r102146 from 73875 broke fast/js/encode-URI-test.html https://bugs.webkit.org/show_bug.cgi?id=73950 Reviewed by Gavin Barraclough. * runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncUnescape): Restructured to handle the %uHHHH case to output the resulting character and continue so that a failure in finding 4 hex digits will fall through and output the '%'. Due to style check, changed the temporary character variable to a more descriptive name. 2011-12-06 Filip Pizlo GC zapping logic could benefit from some more assertions https://bugs.webkit.org/show_bug.cgi?id=73947 Reviewed by Gavin Barraclough. - If you're in a zapped block and you're zapped, then your mark bit should never be set. - If you're being marked, then you should never be zapped. * heap/MarkedBlock.h: (JSC::MarkedBlock::isLive): * runtime/Structure.h: (JSC::MarkStack::internalAppend): 2011-12-06 Oliver Hunt Don't allocate register in typedarray control flow https://bugs.webkit.org/show_bug.cgi?id=73944 Reviewed by Gavin Barraclough. Move a temporary allocation outside of control flow. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 2011-12-06 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=68328 The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant Reviewed by Geoff Garen. Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select a thunk genertaor to use based on the Intrinsic. * JavaScriptCore.xcodeproj/project.pbxproj: * create_hash_table: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleIntrinsic): * dfg/DFGCapabilities.h: * dfg/DFGIntrinsic.h: Removed. * jit/JITStubs.cpp: (JSC::JITThunks::hostFunctionStub): * jit/JITStubs.h: * runtime/Executable.cpp: (JSC::ExecutableBase::intrinsic): (JSC::NativeExecutable::intrinsic): * runtime/Executable.h: (JSC::ExecutableBase::intrinsicFor): (JSC::NativeExecutable::create): (JSC::NativeExecutable::finishCreation): * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h. * runtime/JSGlobalData.cpp: (JSC::thunkGeneratorForIntrinsic): (JSC::JSGlobalData::getHostFunction): * runtime/JSGlobalData.h: * runtime/Lookup.cpp: (JSC::HashTable::createTable): (JSC::setUpStaticFunctionSlot): * runtime/Lookup.h: (JSC::HashEntry::initialize): (JSC::HashEntry::intrinsic): 2011-12-06 Michael Saboff Add 8 bit paths to global object functions https://bugs.webkit.org/show_bug.cgi?id=73875 Added 8 bit paths for converions methods. This is worth 1.5% on kraken audio-oscillator, 1.6% on stanford-crypto-ccm and 2.5% on stanford-crypto-sha256-iterative. See bug for a full report. Reviewed by Oliver Hunt. * runtime/JSGlobalObjectFunctions.cpp: (JSC::decode): Split into a templated helper. (JSC::parseInt): Split into a templated helper. (JSC::parseFloat): Added an 8 bit path (JSC::globalFuncEscape): Added 8 bit path (JSC::globalFuncUnescape): Added 8 bit path * runtime/JSStringBuilder.h: (JSC::JSStringBuilder::append): New append for LChar * wtf/text/StringBuilder.h: (WTF::StringBuilder::append): New append for LChar 2011-11-21 Balazs Kelemen Enable ParallelJobs by default https://bugs.webkit.org/show_bug.cgi?id=70032 Reviewed by Zoltan Herczeg. According to measurements on Mac and Linux it is a considerable speedup for SVG on multicore. Remove the ENABLE(PARALLEL_JOBS) guard. Fix build on Windows and Chromium. * JavaScriptCore.gypi: Add the files to the build. It was missing for the gyp build system. * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export symbols. * wtf/ParallelJobs.h: * wtf/ParallelJobsGeneric.cpp: (WTF::ParallelEnvironment::ParallelEnvironment): (WTF::ParallelEnvironment::execute): Deinline these to avoid exporting a lot of symbols. These are non-trivial and called only once on a given object so it doesn't seems to be worthwile to inline them. Additionally fix a signed-unsigned comparison in the constructor. * wtf/ParallelJobsGeneric.h: * wtf/Platform.h: 2011-12-06 Simon Hausmann [Qt] build-jsc script doesn't work https://bugs.webkit.org/show_bug.cgi?id=73910 Reviewed by Tor Arne Vestbø. * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC (moved from top-level WebKit.pro). Also add v8 scopes to only build WTF during v8 builds. 2011-12-05 Anders Carlsson Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11. Reviewed by Darin Adler. * wtf/HashMap.h: 2011-12-05 Michael Saboff Create StringImpl::empty() as an 8 bit string https://bugs.webkit.org/show_bug.cgi?id=73871 Reviewed by Oliver Hunt. * wtf/text/StringStatics.cpp: (WTF::StringImpl::empty): Changed to be an 8 bit string. 2011-12-05 Darin Adler Convert JSClassRef to use HashMap https://bugs.webkit.org/show_bug.cgi?id=73780 Reviewed by Andreas Kling. * API/JSCallbackObjectFunctions.h: (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map entries because the hash map now has an OwnPtr instead of a raw pointer. * API/JSClassRef.cpp: (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating. Removed the code that gets and deletes existing entries, and just use set, which now handles deletion automatically due to it being OwnPtr. (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion with assertion-only NDEBUG-only code. (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when allocating. Use OwnPtr when adding. Removed unneeded code to set staticValues and staticFunctions to 0. Removed unneeded destructor. (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local. (OpaqueJSClass::staticFunctions): Ditto. (OpaqueJSClass::prototype): Added use of adoptPtr. * API/JSClassRef.h: Made the static values and static functions tables use OwnPtr for the entries. Also used OwnPtr for the pointers to the tables themselves. Also removed ~OpaqueJSClassContextData(), letting the compiler generate it. 2011-12-05 Oliver Hunt Land uncommitted bit of float array support https://bugs.webkit.org/show_bug.cgi?id=73873 Reviewed by Filip Pizlo. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): 2011-12-05 Benjamin Poulain Update String::containsOnlyASCII() to handle 8 bits strings https://bugs.webkit.org/show_bug.cgi?id=73799 Reviewed by Darin Adler. Implement String::containsOnlyASCII() so that it does not call String::characters(). * wtf/text/WTFString.h: (WTF::String::containsOnlyASCII): 2011-12-05 Filip Pizlo Unreviewed build fix for non-DFG platforms. * dfg/DFGRepatch.h: 2011-12-05 Filip Pizlo Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they were compact offsets https://bugs.webkit.org/show_bug.cgi?id=73861 Reviewed by Gavin Barraclough. * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::resetPatchPutById): 2011-12-05 Filip Pizlo Unreviewed, build fixes for ARM. * assembler/AbstractMacroAssembler.h: (JSC::AbstractMacroAssembler::unreachableForPlatform): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::loadDouble): (JSC::MacroAssemblerARMv7::loadFloat): (JSC::MacroAssemblerARMv7::storeFloat): (JSC::MacroAssemblerARMv7::convertFloatToDouble): (JSC::MacroAssemblerARMv7::convertDoubleToFloat): 2011-12-05 Benjamin Poulain Update String::containsOnlyLatin1() to avoid converting to 16 bits https://bugs.webkit.org/show_bug.cgi?id=73797 Reviewed by Andreas Kling. When the String use 8bits StringImpl, there is no need to iterate over the string. The function charactersAreAllLatin1() is removed because it is not used anywhere. * wtf/text/WTFString.h: (WTF::String::containsOnlyLatin1): 2011-12-05 Michael Saboff 8 bit string work slows down Kraken json-stringify-tinderbox https://bugs.webkit.org/show_bug.cgi?id=73457 Added 8 bit path to StringBuilder. StringBuilder starts assuming 8 bit contents and gets converted to 16 bit upon seeing the first 16 bit character or string. Split appendUninitialiezed into an inlined fast and function call slow case. Factored out the processing of the UString argument from Stringifier::appendQuotedString() to a static templated function based on character size. This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox. This change introduces a 4.8% slowdown to json-parse-financial. This slowdown will be addressed in a subsequent patch to StringImpl::equal. Reviewed by Oliver Hunt. * runtime/JSONObject.cpp: (JSC::appendStringToUStringBuilder): (JSC::Stringifier::appendQuotedString): * wtf/text/StringBuilder.cpp: (WTF::StringBuilder::resize): (WTF::StringBuilder::allocateBuffer): (WTF::StringBuilder::allocateBufferUpConvert): (WTF::LChar): (WTF::UChar): (WTF::StringBuilder::reserveCapacity): (WTF::StringBuilder::appendUninitialized): (WTF::StringBuilder::appendUninitializedSlow): (WTF::StringBuilder::append): (WTF::StringBuilder::shrinkToFit): * wtf/text/StringBuilder.h: (WTF::StringBuilder::StringBuilder): (WTF::StringBuilder::append): (WTF::StringBuilder::operator[]): (WTF::StringBuilder::characters8): (WTF::StringBuilder::characters16): (WTF::StringBuilder::charactersBlah): (WTF::LChar): (WTF::UChar): 2011-12-01 Gavin Barraclough https://bugs.webkit.org/show_bug.cgi?id=73624 JIT + INTERPRETER builds are broken Reviewed by Geoff Garen, Sam Weinig. These don't fallback to the interpreter correctly. Thunk creation assumes that is the JIT is compiled in, then it is enabled. * jit/JITStubs.cpp: (JSC::JITThunks::JITThunks): * runtime/Executable.h: (JSC::NativeExecutable::create): (JSC::NativeExecutable::finishCreation): * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::getHostFunction): 2011-12-05 Zoltan Herczeg MacroAssemblerSH4 does not implement readCallTarget https://bugs.webkit.org/show_bug.cgi?id=73434 Reviewed by Csaba Osztrogonác. * assembler/MacroAssemblerSH4.h: Support for SH4. (JSC::MacroAssemblerSH4::readCallTarget): * assembler/SH4Assembler.h: (JSC::SH4Assembler::readCallTarget): 2011-12-04 Filip Pizlo DFG should optimize strict equality https://bugs.webkit.org/show_bug.cgi?id=73764 Reviewed by Oliver Hunt. 1% speed-up on V8. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compare): (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant): (JSC::DFG::SpeculativeJIT::compileStrictEq): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compileIntegerCompare): (JSC::DFG::SpeculativeJIT::compileDoubleCompare): (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compileIntegerCompare): (JSC::DFG::SpeculativeJIT::compileDoubleCompare): (JSC::DFG::SpeculativeJIT::compile): 2011-12-03 Darin Adler Use HashMap for ScriptSampleRecordMap https://bugs.webkit.org/show_bug.cgi?id=73758 Reviewed by Andreas Kling. * bytecode/SamplingTool.cpp: (JSC::SamplingTool::notifyOfScope): Added adoptPtr. (JSC::SamplingTool::dump): Added get. * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr. 2011-12-03 Darin Adler Use HashMap for the opaqueJSClassData map https://bugs.webkit.org/show_bug.cgi?id=73759 Reviewed by Andreas Kling. * API/JSClassRef.cpp: (OpaqueJSClass::contextData): Update types. * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the timing the same. If we didn't care about the order of operations, we could remove this, too. * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the opaqueJSClassData map. 2011-12-03 Darin Adler Change HashMap implementation to use the pass type and peek type from traits for the mapped value https://bugs.webkit.org/show_bug.cgi?id=72474 Reviewed by Anders Carlsson. * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType, and PeekType from the traits of the mapped value instead of hard-coding them here. Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself, to accomodate a PassInType that can't be copied. Use the store, peek, and passOut functions from the traits as well. * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had an earlier version that was just PassType, PeekType, pass, and peek. Also commented the HashTraits for RefPtr to foreshadow some work we can do there. * wtf/RefPtrHashMap.h: Same changes as HashMap.h. 2011-12-02 David Levin Rename WTF class from TemporarilyChange to TemporaryChange. https://bugs.webkit.org/show_bug.cgi?id=73479 Reviewed by Eric Seidel. * JavaScriptCore.gypi: * JavaScriptCore.vcproj/WTF/WTF.vcproj: * JavaScriptCore.xcodeproj/project.pbxproj: * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h. (WTF::TemporaryChange::TemporaryChange): (WTF::TemporaryChange::~TemporaryChange): 2011-12-02 Mark Hahnenberg REGRESSION (r99754): All layout tests crash on Windows https://bugs.webkit.org/show_bug.cgi?id=72305 Reviewed by Geoffrey Garen. Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an incorrect version of visitChildren on the object, which left its children unmarked, causing them to be collected when they were still reachable. * runtime/JSFunction.cpp: (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away. * runtime/JSFunction.h: * runtime/JSGlobalData.cpp: (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization purposes are distinct from one another. 2011-12-02 Oliver Hunt Improve float array support in the DFG JIT https://bugs.webkit.org/show_bug.cgi?id=73722 Reviewed by Gavin Barraclough. Add basic support for float typed arrays in JSC. This is currently less optimal than it could be in the following ways: * float32Array1[0] = float32Array2[0] (eg. an element by element copy) promotes float to double and then back to float. * float64Array[0] will always perform NaN tests in order to prevent signalling NaNs from entering the engine. We also don't support Float32Array on ARMv7 * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::loadDouble): (JSC::MacroAssemblerARMv7::loadFloat): (JSC::MacroAssemblerARMv7::storeDouble): (JSC::MacroAssemblerARMv7::storeFloat): (JSC::MacroAssemblerARMv7::convertFloatToDouble): (JSC::MacroAssemblerARMv7::convertDoubleToFloat): * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::loadDouble): (JSC::MacroAssemblerX86Common::loadFloat): (JSC::MacroAssemblerX86Common::storeDouble): (JSC::MacroAssemblerX86Common::storeFloat): (JSC::MacroAssemblerX86Common::convertDoubleToFloat): (JSC::MacroAssemblerX86Common::convertFloatToDouble): * assembler/X86Assembler.h: (JSC::X86Assembler::cvtsd2ss_rr): (JSC::X86Assembler::cvtss2sd_rr): (JSC::X86Assembler::movsd_rm): (JSC::X86Assembler::movss_rm): (JSC::X86Assembler::movsd_mr): (JSC::X86Assembler::movss_mr): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGNode.h: (JSC::DFG::Node::shouldSpeculateFloat32Array): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): (JSC::DFG::SpeculativeJIT::compile): 2011-12-02 Sheriff Bot Unreviewed, rolling out r101801. http://trac.webkit.org/changeset/101801 https://bugs.webkit.org/show_bug.cgi?id=73667 Build is still broken (Requested by Ossy on #webkit). * assembler/SH4Assembler.h: 2011-12-01 Darin Adler Prepare to deploy pass and peek types in the HashMap class https://bugs.webkit.org/show_bug.cgi?id=73477 Reviewed by Adam Roben. This patch adds private typedefs inside the HashMap class, and uses them as appropriate. A future patch will actually tie those typedefs to hash traits, which will allow us to make HashMap work with OwnPtr mapped values and to optimize how HashMap works with RefPtr mapped values. Also changed the hash translator and adapter struct templates to use template functions to simplify them and make them more flexible. Also removed some unused template arguments. This goes out of its way to not change behavior. Future patches will change the peek type to be a reference type, which will reduce reference count churn a bit for hash tables with RefPtr mapped values, and then do further optimizations for RefPtr and OwnPtr by getting types from the hash traits. * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType, and MappedPeekType typedefs, and used them for the arguments and return types of the get, set, add, take, and inlineAdd functions. (WTF::HashMapTranslator): Changed this struct template to take fewer arguments, and changed its member functions to be function templates instead. This allows the compiler to determine types more flexibly and also simplifies use of it. (WTF::HashMapTranslatorAdapter): Ditto. (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter. Also reduced the arguments passed to the HashTable function template. (WTF::HashMap::contains): Ditto. (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. (WTF::HashMap::set): Ditto. (WTF::HashMap::add): Ditto. (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. (WTF::HashMap::get): Ditto. (WTF::HashMap::take): Ditto, but return MappedPassOutType and use that type in the implementation. (WTF::deleteAllValues): Removed unneeded template arguments from call to deleteAllPairSeconds. (WTF::deleteAllKeys): Removed unneeded template arguments from call to deleteAllPairFirsts. * wtf/HashSet.h: (WTF::IdentityExtractor): Changed this to be a struct rather than a struct template, and replaced the extract function with a function template. This allows the compiler to deduce the type. (WTF::HashSetTranslatorAdapter): Changed this struct template to take fewer arguments, and changed its member functions to be function templates instead. This allows the compiler to determine types more flexibly and also simplifies use of it. (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter. Also reduced the arguments passed to the HashTable function template. (WTF::HashSet::contains): Ditto. (WTF::HashSet::add): Ditto. * wtf/HashTable.h: (WTF::IdentityHashTranslator): Changed this struct template to take fewer arguments, and changed its member functions to be function templates instead. This allows the compiler to determine types more flexibly and also simplifies use of it. (WTF::HashTable::add): Reduced arguments passed to the function template. (WTF::HashTable::find): Ditto, also reversed the template arguments so the translator comes first so the compiler can deduce the other type. (WTF::HashTable::contains): Ditto. (WTF::HashTable::lookup): Ditto. (WTF::HashTable::lookupForWriting): Ditto. (WTF::HashTable::checkKey): Ditto. (WTF::HashTable::fullLookupForWriting): Ditto. (WTF::HashTable::add): Ditto. (WTF::HashTable::addPassingHashCode): Ditto. (WTF::HashTable::find): Ditto. (WTF::HashTable::contains): Ditto. * wtf/ListHashSet.h: (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take fewer arguments, and changed its member functions to be function templates instead. This allows the compiler to determine types more flexibly and also simplifies use of it. (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable functon template. (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the same way we changed ListHashSetNodeHashFunctions above. (WTF::ListHashSetTranslatorAdapter::equal): (WTF::::contains): (WTF::::add): (WTF::::insertBefore): * wtf/RefPtrHashMap.h: Updated comments. Removed the RefPtrHashMapRawKeyTranslator struct template; we can use the HashMapTranslator struct template from HashMap.h instead now that it is more flexible. Added MappedPassInType, MappedPassOutType, and MappedPeekType typedefs, and used them for the arguments and return types of the get, inlineGet, set, add, take, and inlineAdd functions. Changed the name of the RawKeyTranslator type to Translator since it's now a class that can handle both raw keys and conventional keys. (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator. Reduced the arguments passed to the HashTable function template. (WTF::HashMap::contains): Ditto. (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType. (WTF::HashMap::set): Ditto. (WTF::HashMap::add): Ditto. (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType. (WTF::HashMap::get): Ditto. (WTF::HashMap::take): Ditto, but return MappedPassOutType and use that type in the implementation. (WTF::deleteAllValues): Removed unneeded template arguments from call to deleteAllPairSeconds. (WTF::deleteAllKeys): Removed unneeded template arguments from call to deleteAllPairFirsts. 2011-12-02 Zoltan Herczeg MacroAssemblerSH4 does not implement readCallTarget https://bugs.webkit.org/show_bug.cgi?id=73434 Reviewed by Csaba Osztrogonác. * assembler/SH4Assembler.h: (JSC::SH4Assembler::readCallTarget): Support for SH4. 2011-12-02 Hajime Morrita Unreviewed, rolling out r101751 and r101775. http://trac.webkit.org/changeset/101751 http://trac.webkit.org/changeset/101775 https://bugs.webkit.org/show_bug.cgi?id=73191 breaks Windows build * JavaScriptCore.xcodeproj/project.pbxproj: * config.h: * runtime/JSExportMacros.h: Removed. * wtf/ExportMacros.h: * wtf/Platform.h: * wtf/WTFThreadData.h: * wtf/text/AtomicString.h: * wtf/text/StringStatics.cpp: 2011-12-01 Hajime Morrita JS_INLINE and WTF_INLINE should be visible from WebCore https://bugs.webkit.org/show_bug.cgi?id=73191 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h. - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h. - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA. Reviewed by Kevin Ollivier. * JavaScriptCore.xcodeproj/project.pbxproj: * config.h: * runtime/JSExportMacros.h: Added. * wtf/ExportMacros.h: * wtf/Platform.h: * wtf/WTFThreadData.h: * wtf/text/AtomicString.h: * wtf/text/StringStatics.cpp: 2011-12-01 Michael Saboff Changes proposed for 73457 slow down Kraken json-parse-financial https://bugs.webkit.org/show_bug.cgi?id=73584 Restructured StringImpl::equal to take advantage of 8 or 4 bytes at a time when possible. This is worth ~3% on Kraken json-parse-financial. It provides ~2% on SunSpider string-unpack-code. Reviewed by Sam Weinig. * wtf/text/StringImpl.cpp: (WTF::equal): 2011-12-01 Oliver Hunt Support integer typed arrays in the DFG JIT https://bugs.webkit.org/show_bug.cgi?id=73608 Reviewed by Filip Pizlo. Add support for all the integral typed arrays in the DFG JIT. Currently this loads the contents of Uint32 arrays as doubles, which is clearly not as efficient as it could be, but this is still in the order of 10-20x faster than the existing behaviour. This needed us to add support for writing 16bit values to the macroassembler, and also to support double<->unsigned conversion. * assembler/ARMv7Assembler.h: (JSC::ARMv7Assembler::strh): (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::store16): (JSC::MacroAssemblerARMv7::truncateDoubleToUint32): * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::store16): (JSC::MacroAssemblerX86Common::truncateDoubleToUint32): * assembler/X86Assembler.h: (JSC::X86Assembler::movw_rm): (JSC::X86Assembler::cvttsd2siq_rr): * bytecode/PredictedType.cpp: (JSC::predictionToString): (JSC::predictionFromClassInfo): * bytecode/PredictedType.h: (JSC::isInt8ArrayPrediction): (JSC::isInt16ArrayPrediction): (JSC::isInt32ArrayPrediction): (JSC::isUint8ArrayPrediction): (JSC::isUint16ArrayPrediction): (JSC::isUint32ArrayPrediction): (JSC::isFloat32ArrayPrediction): (JSC::isFloat64ArrayPrediction): * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::initialize): (JSC::DFG::AbstractState::execute): * dfg/DFGNode.h: (JSC::DFG::Node::shouldSpeculateInt8Array): (JSC::DFG::Node::shouldSpeculateInt16Array): (JSC::DFG::Node::shouldSpeculateInt32Array): (JSC::DFG::Node::shouldSpeculateUint8Array): (JSC::DFG::Node::shouldSpeculateUint16Array): (JSC::DFG::Node::shouldSpeculateUint32Array): (JSC::DFG::Node::shouldSpeculateFloat32Array): (JSC::DFG::Node::shouldSpeculateFloat64Array): * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::propagateNodePredictions): (JSC::DFG::Propagator::fixupNode): (JSC::DFG::Propagator::performNodeCSE): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArgumentTypes): (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/JSGlobalData.h: 2011-12-01 Benjamin Poulain URLs are encoded in UTF-8, then decoded as if they are Latin1 https://bugs.webkit.org/show_bug.cgi?id=71758 Reviewed by Darin Adler. Add the operator == between a String and a Vector of char. The implementation is the same as the comparison of String and char* but adds the length as a parameter for comparing the strings. * JavaScriptCore.exp: * wtf/text/StringImpl.h: (WTF::equal): * wtf/text/WTFString.h: (WTF::operator==): (WTF::operator!=): 2011-12-01 Martin Robinson [GTK] Read fonts from the jhbuild root https://bugs.webkit.org/show_bug.cgi?id=73487 Reviewed by Gustavo Noronha Silva. Read fonts from the jhbuild root instead of from the system. This will ensure that all testers use the same fonts instead of leaving this up to luck. * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner. 2011-12-01 Martin Robinson [GTK] Add a helper function to find the current executable's path https://bugs.webkit.org/show_bug.cgi?id=73473 Reviewed by Gustavo Noronha Silva. Add a WTF helper which gets the binary path. This is currently only used in WebKit2. * GNUmakefile.list.am: Add the new file to the source list. * wtf/gobject/GlibUtilities.cpp: Added. (getCurrentExecutablePath): * wtf/gobject/GlibUtilities.h: Added. 2011-12-01 Sheriff Bot Unreviewed, rolling out r101691. http://trac.webkit.org/changeset/101691 https://bugs.webkit.org/show_bug.cgi?id=73588 Tests fail on Chromium bots, early warning system warned committer, please adjust test_expectations in patch (Requested by scheib on #webkit). * JavaScriptCore.exp: * wtf/text/StringImpl.h: * wtf/text/WTFString.h: 2011-12-01 Filip Pizlo ARMv7 only allows for one-shot patching of compact offsets, while the JIT expects to be able to repatch https://bugs.webkit.org/show_bug.cgi?id=73548 Reviewed by Oliver Hunt. * assembler/ARMv7Assembler.h: (JSC::ARMv7Assembler::setUInt7ForLoad): 2011-11-30 Benjamin Poulain URLs are encoded in UTF-8, then decoded as if they are Latin1 https://bugs.webkit.org/show_bug.cgi?id=71758 Reviewed by Darin Adler. Add the operator == between a String and a Vector of char. The implementation is the same as the comparison of String and char* but adds the length as a parameter for comparing the strings. * JavaScriptCore.exp: * wtf/text/StringImpl.h: (WTF::equal): * wtf/text/WTFString.h: (WTF::operator==): (WTF::operator!=): 2011-11-30 Dmitry Lomov https://bugs.webkit.org/show_bug.cgi?id=73503 [Chromium][V8] Implement ArrayBuffer transfer in chromium. Portions of this patch come from Luke Zarko. Reviewed by David Levin. * wtf/ArrayBuffer.cpp: (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr. * wtf/ArrayBuffer.h: (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr. (WTF::ArrayBuffer::isNeutered): * wtf/TypedArrayBase.h: (WTF::TypedArrayBase::neuter): 2011-12-01 Chao-ying Fu MacroAssemblerMIPS does not implement readCallTarget https://bugs.webkit.org/show_bug.cgi?id=73432 Reviewed by Zoltan Herczeg. * assembler/MIPSAssembler.h: (JSC::MIPSAssembler::readCallTarget): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::readCallTarget): 2011-12-01 Noel Gordon [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects https://bugs.webkit.org/show_bug.cgi?id=73527 Reviewed by Simon Hausmann. wtf/qt/ThreadingQt.cpp was removed in r101477 * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp 2011-12-01 Filip Pizlo BitVector isInline check could fail https://bugs.webkit.org/show_bug.cgi?id=70691 Reviewed by Gavin Barraclough. Switch back to using the high bit as the inline marker, to make all of the bit indexing operations simpler. Computing the size in words and in bytes of a bitvector, using the number of bits as input is error-prone enough; and with the current approach to solving the X86 bug we end up getting it wrong. Making it right seems hard. So instead, to solve the original problem (the high bit may be meaningful on 32-bit systems), the out-of-line storage pointer is right-shifted by 1. Compared to the original BitVector code, this is a much smaller change (just three lines). This solves a bug where the DFG was corrupting its call frame because BitVector lost track of some bits. * wtf/BitVector.cpp: (WTF::BitVector::setSlow): (WTF::BitVector::resizeOutOfLine): * wtf/BitVector.h: (WTF::BitVector::quickGet): (WTF::BitVector::quickSet): (WTF::BitVector::quickClear): (WTF::BitVector::makeInlineBits): (WTF::BitVector::isInline): (WTF::BitVector::outOfLineBits): 2011-11-30 Filip Pizlo DFG should make it easier to notice node boundaries in disassembly https://bugs.webkit.org/show_bug.cgi?id=73509 Rubber-stamped by Gavin Barraclough If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will be emitted at node boundaries, where the immediate being xor'd is the node index. * dfg/DFGCommon.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-11-30 Geoffrey Garen Removed ArgList iterators. Reviewed by Gavin Barraclough. Another step toward reversing the argument order. * interpreter/Interpreter.cpp: (JSC::Interpreter::executeCall): (JSC::Interpreter::executeConstruct): Switched from iterator to int. * runtime/ArgList.h: (JSC::ArgList::ArgList): (JSC::ArgList::isEmpty): Removed iterators. * runtime/JSArray.cpp: (JSC::JSArray::finishCreation): Switched from iterator to int. 2011-11-30 Yuqiang Xian 32 bit DFG should handle logicalNot slow case instead of simply bailing out https://bugs.webkit.org/show_bug.cgi?id=73515 Reviewed by Filip Pizlo. This improves Kraken performance by 14%, mainly due to ~3X improvement on imaging-desaturate. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compileLogicalNot): 2011-11-30 Max Vujovic Some date values not handled consistently with IE/Firefox https://bugs.webkit.org/show_bug.cgi?id=14176 Reviewed by Gavin Barraclough. Changed time zone offset parsing behavior to match IE/Firefox/Opera's in implementation dependent cases like "GMT-4". * wtf/DateMath.cpp: (WTF::parseDateFromNullTerminatedCharacters): 2011-11-30 Mark Hahnenberg toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback https://bugs.webkit.org/show_bug.cgi?id=73368 Reviewed by Darin Adler. We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever happens to be in the first class of the chain, which potentially could be null. * API/JSCallbackFunction.cpp: (JSC::JSCallbackFunction::toStringCallback): (JSC::JSCallbackFunction::valueOfCallback): 2011-11-29 Sam Weinig Add adoptCF and adoptNS convenience functions to RetainPtr.h https://bugs.webkit.org/show_bug.cgi?id=73399 Reviewed by Anders Carlsson. * wtf/RetainPtr.h: (WTF::adoptCF): (WTF::adoptNS): These adoption functions match the pattern we use in other smart pointer classes. 2011-11-30 Adam Roben Fix RetainPtr's move assignment operators Fixes RetainPtr's move assignment operators don't modify the pointer being assigned to I didn't write a test for this because we don't have a way of unit testing C++11 code (see ). Reviewed by Anders Carlsson. * wtf/RetainPtr.h: (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own pointer. 2011-11-30 Csaba Osztrogonác Unreviewed rolling out incorrect r101481. * assembler/MIPSAssembler.h: * assembler/MacroAssemblerMIPS.h: 2011-11-30 Simon Hausmann Fix compilation with MingW. Reviewed by Csaba Osztrogonác. * wtf/ThreadingWin.cpp: (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for the time being make the thread name setting unimplemented for MingW. 2011-11-30 Simon Hausmann Unreviewed propective build fix for Qt/Windows part 2 after r101477. * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific::Data 2011-11-30 Simon Hausmann Unreviewed propective build fix for Qt/Windows after r101477. * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's only referenced from within another OS(WINDOWS) section. 2011-11-30 Csaba Osztrogonác Unreviewed speculative buildfix after r101457. * assembler/MIPSAssembler.h: (JSC::MIPSAssembler::readCallTarget): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::readCallTarget): 2011-11-30 Andrew Wason Replace Qt QThread threading back-end with pthread/Win32 threading back-ends https://bugs.webkit.org/show_bug.cgi?id=72155 Reviewed by Simon Hausmann. Use ThreadingPthreads and ThreadingWin instead of ThreadingQt. * heap/MachineStackMarker.cpp: * wtf/MainThread.cpp: (WTF::initializeMainThread): * wtf/Platform.h: * wtf/ThreadSpecific.h: Drop QThreadStorage related code. (WTF::::destroy): * wtf/ThreadingPrimitives.h: * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread(). (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread. (WTF::scheduleDispatchFunctionsOnMainThread): * wtf/qt/ThreadingQt.cpp: Removed. * wtf/wtf.pro: 2011-11-30 Csaba Osztrogonác MacroAssemblerARM does not implement readCallTarget https://bugs.webkit.org/show_bug.cgi?id=73413 Based on Filip Pizlo's patch. Buildfix. Rubber-stamped by Gabor Loki. * assembler/ARMAssembler.h: (JSC::ARMAssembler::readCallTarget): * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::readCallTarget): 2011-11-29 Filip Pizlo Resetting a put_by_id inline cache should preserve the "isDirect" bit https://bugs.webkit.org/show_bug.cgi?id=73375 Reviewed by Gavin Barraclough. For the replace case, we can find out if it was direct by looking at the slow call. For the transition case, we explicitly remember if it was direct. * bytecode/CodeBlock.cpp: (JSC::printStructureStubInfo): * bytecode/StructureStubInfo.cpp: (JSC::StructureStubInfo::deref): (JSC::StructureStubInfo::visitWeakReferences): * bytecode/StructureStubInfo.h: (JSC::isPutByIdAccess): (JSC::StructureStubInfo::initPutByIdTransition): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGRepatch.cpp: (JSC::DFG::tryCachePutByID): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::resetPatchPutById): (JSC::JIT::isDirectPutById): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::resetPatchPutById): * jit/JITStubs.cpp: (JSC::JITThunks::tryCachePutByID): 2011-11-29 Sam Weinig Remove RetainPtr::releaseRef https://bugs.webkit.org/show_bug.cgi?id=73396 Reviewed by Dan Bernstein. * wtf/RetainPtr.h: Be gone releaseRef! Long live leakRef! 2011-11-29 Sam Weinig Add move semantics to RetainPtr https://bugs.webkit.org/show_bug.cgi?id=73393 Reviewed by Anders Carlsson. * wtf/RetainPtr.h: (WTF::RetainPtr::RetainPtr): Add a move constructor and move enabled assignment operators to RetainPtr if the compiler being used supports rvalue references. If the compiler does not support it, we fallback to the copy semantics we have always had. 2011-11-29 Yuqiang Xian DFG local CSE may cause incorrect reference counting for a node https://bugs.webkit.org/show_bug.cgi?id=73390 Reviewed by Filip Pizlo. When performing a node substitution, the ref count of the replaced child will be increased, no matter whether the user node is skipped in code generation or not. This will cause the reference count of the replaced child never get the chance to become zero and so the registers occupied by it cannot be reused simply without spilling, if it's used by a "skipped" node. This is a 1% gain on V8 benchmark, tested on IA32 Linux. * dfg/DFGPropagator.cpp: (JSC::DFG::Propagator::performSubstitution): (JSC::DFG::Propagator::performNodeCSE): 2011-11-29 David Levin Add a way to revert a variable to its previous value after leaving a scope. https://bugs.webkit.org/show_bug.cgi?id=73371 Reviewed by Adam Barth. In case anyone from Chromium sees this, it is nearly identical to AutoReset but if the same name were used, it causes unnecessary ambiguity. * JavaScriptCore.xcodeproj/project.pbxproj: * wtf/TemporarilyChange.h: Added. (WTF::TemporarilyChange::TemporarilyChange): (WTF::TemporarilyChange::~TemporarilyChange): 2011-11-29 Sam Weinig Add COMPILER_SUPPORTS macro to allow for compiler feature testing https://bugs.webkit.org/show_bug.cgi?id=73386 Reviewed by Anders Carlsson. * wtf/Compiler.h: Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and rvalue references for Clang. 2011-11-29 Oliver Hunt Allow WebCore to describe typed arrays to JSC https://bugs.webkit.org/show_bug.cgi?id=73355 Reviewed by Gavin Barraclough. Allow globaldata to track the structure of typed arrays. * runtime/JSGlobalData.h: (JSC::TypedArrayDescriptor::TypedArrayDescriptor): 2011-11-28 Filip Pizlo DFG debugCall() mechanism only works on X86 and X86-64 https://bugs.webkit.org/show_bug.cgi?id=73282 Reviewed by Oliver Hunt. * dfg/DFGAssemblyHelpers.h: (JSC::DFG::AssemblyHelpers::debugCall): 2011-11-28 Filip Pizlo DFG non-X86 ArithDiv does speculation failure after mutating state, without a value recovery https://bugs.webkit.org/show_bug.cgi?id=73286 Reviewed by Gavin Barraclough. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): 2011-11-28 Filip Pizlo Unreviewed build fixes for ARM. * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::readCallTarget): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState): 2011-11-20 Roland Steiner