1 2008-10-13 Maciej Stachowiak <mjs@apple.com>
3 Reviewed by Cameron Zwarich.
5 - make Machine::getArgumentsData an Arguments method and inline it
11 (JSC::Machine::getArgumentsData):
13 2008-10-13 Alp Toker <alp@nuanti.com>
15 Fix autotools dist build target by listing recently added header
16 files only. Not reviewed.
20 2008-10-13 Maciej Stachowiak <mjs@apple.com>
22 Rubber stamped by Mark Rowe.
24 - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
25 - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default
27 * Configurations/DebugRelease.xcconfig:
28 * JavaScriptCore.xcodeproj/project.pbxproj:
30 2008-10-13 Cameron Zwarich <zwarich@apple.com>
32 Reviewed by Geoff Garen.
34 Bug 21541: Move RegisterFile growth check to callee
35 <https://bugs.webkit.org/show_bug.cgi?id=21541>
37 Move the RegisterFile growth check to the callee in the common case,
38 where some of the information is known statically at JIT time. There is
39 still a check in the caller in the case where the caller provides too
42 This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
43 the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
44 1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
48 (JSC::CTI::privateCompile):
50 (JSC::Machine::cti_register_file_check):
51 (JSC::Machine::cti_op_call_JSFunction):
52 (JSC::Machine::cti_op_construct_JSConstruct):
55 * masm/X86Assembler.h:
56 (JSC::X86Assembler::):
57 (JSC::X86Assembler::cmpl_mr):
58 (JSC::X86Assembler::emitUnlinkedJg):
60 2008-10-13 Sam Weinig <sam@webkit.org>
62 Reviewed by Dan Bernstein.
64 Fix for https://bugs.webkit.org/show_bug.cgi?id=21577
65 5 false positive StructureID leaks
67 - Add leak ignore set to StructureID to selectively ignore leaking some StructureIDs.
68 - Add create method to JSGlolalData to be used when the data will be intentionally
69 leaked and ignore all leaks caused the StructureIDs stored in it.
72 * kjs/JSGlobalData.cpp:
73 (JSC::JSGlobalData::createLeaked):
75 * kjs/StructureID.cpp:
76 (JSC::StructureID::StructureID):
77 (JSC::StructureID::~StructureID):
78 (JSC::StructureID::startIgnoringLeaks):
79 (JSC::StructureID::stopIgnoringLeaks):
82 2008-10-13 Marco Barisione <marco.barisione@collabora.co.uk>
84 Reviewed by Darin Adler. Landed by Jan Alonzo.
86 WebKit GTK Port needs a smartpointer to handle g_free (GFreePtr?)
87 http://bugs.webkit.org/show_bug.cgi?id=20483
89 Add a GOwnPtr smart pointer (similar to OwnPtr) to handle memory
90 allocated by GLib and start the conversion to use it.
93 * wtf/GOwnPtr.cpp: Added.
100 * wtf/GOwnPtr.h: Added.
102 (WTF::GOwnPtr::GOwnPtr):
103 (WTF::GOwnPtr::~GOwnPtr):
105 (WTF::GOwnPtr::release):
106 (WTF::GOwnPtr::rawPtr):
108 (WTF::GOwnPtr::clear):
109 (WTF::GOwnPtr::operator*):
110 (WTF::GOwnPtr::operator->):
111 (WTF::GOwnPtr::operator!):
112 (WTF::GOwnPtr::operator UnspecifiedBoolType):
113 (WTF::GOwnPtr::swap):
119 * wtf/ThreadingGtk.cpp:
120 (WTF::Mutex::~Mutex):
122 (WTF::Mutex::tryLock):
123 (WTF::Mutex::unlock):
124 (WTF::ThreadCondition::~ThreadCondition):
125 (WTF::ThreadCondition::wait):
126 (WTF::ThreadCondition::timedWait):
127 (WTF::ThreadCondition::signal):
128 (WTF::ThreadCondition::broadcast):
130 2008-10-12 Gabriella Toth <gtoth@inf.u-szeged.hu>
132 Reviewed by Darin Adler.
134 - part of https://bugs.webkit.org/show_bug.cgi?id=21055
135 Bug 21055: not invoked functions
137 * kjs/nodes.cpp: Deleted a function that is not invoked:
138 statementListInitializeVariableAccessStack.
140 2008-10-12 Darin Adler <darin@apple.com>
142 Reviewed by Sam Weinig.
144 * wtf/unicode/icu/UnicodeIcu.h: Fixed indentation to match WebKit coding style.
145 * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
147 2008-10-12 Darin Adler <darin@apple.com>
149 Reviewed by Sam Weinig.
151 - https://bugs.webkit.org/show_bug.cgi?id=21556
152 Bug 21556: non-ASCII digits are allowed in places where only ASCII should be
154 * wtf/unicode/icu/UnicodeIcu.h: Removed isDigit, digitValue, and isFormatChar.
155 * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
157 2008-10-12 Anders Carlsson <andersca@apple.com>
159 Reviewed by Darin Adler.
161 Make the append method that takes a Vector more strict - it now requires the elements
162 of the vector to be appended same type as the elements of the Vector they're being appended to.
164 This would cause problems when dealing with Vectors containing other Vectors.
169 2008-10-11 Cameron Zwarich <zwarich@apple.com>
171 Reviewed by Sam Weinig.
173 Clean up RegExpMatchesArray.h to match our coding style.
175 * kjs/RegExpMatchesArray.h:
176 (JSC::RegExpMatchesArray::getOwnPropertySlot):
177 (JSC::RegExpMatchesArray::put):
178 (JSC::RegExpMatchesArray::deleteProperty):
179 (JSC::RegExpMatchesArray::getPropertyNames):
181 2008-10-11 Cameron Zwarich <zwarich@apple.com>
183 Reviewed by Sam Weinig.
185 Bug 21525: 55 StructureID leaks on Wikitravel's main page
186 <https://bugs.webkit.org/show_bug.cgi?id=21525>
188 Bug 21533: Simple JavaScript code leaks StructureIDs
189 <https://bugs.webkit.org/show_bug.cgi?id=21533>
191 StructureID::getEnumerablePropertyNames() ends up calling back to itself
192 via JSObject::getPropertyNames(), which causes the PropertyNameArray to
193 be cached twice. This leads to a memory leak in almost every use of
194 JSObject::getPropertyNames() on an object. The fix here is based on a
195 suggestion of Sam Weinig.
197 This patch also fixes every StructureID leaks that occurs while running
198 the Mozilla MemBuster test.
200 * kjs/PropertyNameArray.h:
201 (JSC::PropertyNameArray::PropertyNameArray):
202 (JSC::PropertyNameArray::setCacheable):
203 (JSC::PropertyNameArray::cacheable):
204 * kjs/StructureID.cpp:
205 (JSC::StructureID::getEnumerablePropertyNames):
207 2008-10-10 Oliver Hunt <oliver@apple.com>
209 Reviewed by Cameron Zwarich.
211 Use fastcall calling convention on GCC > 4.0
213 Results in a 2-3% improvement in GCC 4.2 performance, so
214 that it is no longer a regression vs. GCC 4.0
220 2008-10-10 Sam Weinig <sam@webkit.org>
222 Reviewed by Darin Adler.
224 - Add a workaround for a bug in ceil in Darwin libc.
225 - Remove old workarounds for JS math functions that are not needed
228 The math functions are heavily tested by fast/js/math.html.
230 * kjs/MathObject.cpp:
231 (JSC::mathProtoFuncAbs): Remove workaround.
232 (JSC::mathProtoFuncCeil): Ditto.
233 (JSC::mathProtoFuncFloor): Ditto.
235 (wtf_ceil): Add ceil workaround for darwin.
237 2008-10-10 Sam Weinig <sam@webkit.org>
239 Reviewed by Darin Adler
241 Add Assertions to JSObject constructor.
244 (JSC::JSObject::JSObject):
246 2008-10-10 Sam Weinig <sam@webkit.org>
248 Reviewed by Cameron Zwarich.
250 Remove now unused m_getterSetterFlag variable from PropertyMap.
252 * kjs/PropertyMap.cpp:
253 (JSC::PropertyMap::operator=):
255 (JSC::PropertyMap::PropertyMap):
257 2008-10-09 Sam Weinig <sam@webkit.org>
259 Reviewed by Maciej Stachowiak.
261 Add leaks checking to StructureID.
263 * kjs/StructureID.cpp:
264 (JSC::StructureID::StructureID):
265 (JSC::StructureID::~StructureID):
267 2008-10-09 Alp Toker <alp@nuanti.com>
269 Reviewed by Mark Rowe.
271 https://bugs.webkit.org/show_bug.cgi?id=20760
272 Implement support for x86 Linux in CTI
274 Prepare to enable CTI/WREC on supported architectures.
276 Make it possible to use the CTI_ARGUMENT workaround with GCC as well
277 as MSVC by fixing some preprocessor conditionals.
279 Note that CTI/WREC no longer requires CTI_ARGUMENT on Linux so we
280 don't actually enable it except when building with MSVC. GCC on Win32
283 Adapt inline ASM code to use the global symbol underscore prefix only
284 on Darwin and to call the properly mangled Machine::cti_vm_throw
285 symbol name depending on CTI_ARGUMENT.
287 Also avoid global inclusion of the JIT infrastructure headers
288 throughout WebCore and WebKit causing recompilation of about ~1500
289 source files after modification to X86Assembler.h, CTI.h, WREC.h,
290 which are only used deep inside JavaScriptCore.
298 (JSC::RegExp::RegExp):
299 (JSC::RegExp::~RegExp):
300 (JSC::RegExp::match):
302 * masm/X86Assembler.h:
303 (JSC::X86Assembler::emitConvertToFastCall):
304 (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
305 (JSC::X86Assembler::emitRestoreArgumentReference):
307 2008-10-09 Gavin Barraclough <barraclough@apple.com>
309 Reviewed by Cameron Zwarich.
311 Fix for bug #21160, x=0;1/(x*-1) == -Infinity
315 (JSC::CTI::emitFastArithDeTagImmediate):
316 (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
317 (JSC::CTI::compileBinaryArithOp):
318 (JSC::CTI::compileBinaryArithOpSlowCase):
319 (JSC::CTI::privateCompileMainPass):
320 (JSC::CTI::privateCompileSlowCases):
322 * masm/X86Assembler.h:
323 (JSC::X86Assembler::):
324 (JSC::X86Assembler::emitUnlinkedJs):
326 2008-10-09 Cameron Zwarich <zwarich@apple.com>
328 Reviewed by Oliver Hunt.
330 Bug 21459: REGRESSION (r37324): Safari crashes inside JavaScriptCore while browsing hulu.com
331 <https://bugs.webkit.org/show_bug.cgi?id=21459>
333 After r37324, an Arguments object does not mark an associated activation
334 object. This change was made because Arguments no longer directly used
335 the activation object in any way. However, if an activation is torn off,
336 then the backing store of Arguments becomes the register array of the
337 activation object. Arguments directly marks all of the arguments, but
338 the activation object is being collected, which causes its register
339 array to be freed and new memory to be allocated in its place.
341 Unfortunately, it does not seem possible to reproduce this issue in a
345 (JSC::Arguments::mark):
347 (JSC::Arguments::setActivation):
348 (JSC::Arguments::Arguments):
349 (JSC::JSActivation::copyRegisters):
351 2008-10-09 Ariya Hidayat <ariya.hidayat@trolltech.com>
357 * wtf/AlwaysInline.h:
359 2008-10-08 Cameron Zwarich <zwarich@apple.com>
361 Reviewed by Maciej Stachowiak.
363 Bug 21497: REGRESSION (r37433): Bytecode JSC tests are severely broken
364 <https://bugs.webkit.org/show_bug.cgi?id=21497>
366 Fix a typo in r37433 that causes the failure of a large number of JSC
367 tests with the bytecode interpreter enabled.
370 (JSC::Machine::privateExecute):
372 2008-10-08 Mark Rowe <mrowe@apple.com>
377 (JSC::): Update type of argument to ctiTrampoline.
379 2008-10-08 Darin Adler <darin@apple.com>
381 Reviewed by Cameron Zwarich.
383 - https://bugs.webkit.org/show_bug.cgi?id=21403
384 Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
386 Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
387 client over to the new name.
389 Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
390 as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
391 accessor functions to get at things in the frame.
393 Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
394 JSGlobalData* and in other cases eliminating them entirely.
396 * API/JSObjectRef.cpp:
397 (JSObjectMakeFunctionWithCallback):
398 (JSObjectMakeFunction):
399 (JSObjectHasProperty):
400 (JSObjectGetProperty):
401 (JSObjectSetProperty):
402 (JSObjectDeleteProperty):
403 * API/OpaqueJSString.cpp:
404 * API/OpaqueJSString.h:
406 (JSC::CTI::getConstant):
407 (JSC::CTI::emitGetArg):
408 (JSC::CTI::emitGetPutArg):
409 (JSC::CTI::getConstantImmediateNumericArg):
410 (JSC::CTI::printOpcodeOperandTypes):
412 (JSC::CTI::compileOpCall):
413 (JSC::CTI::compileBinaryArithOp):
414 (JSC::CTI::privateCompileMainPass):
415 (JSC::CTI::privateCompile):
416 (JSC::CTI::privateCompileGetByIdProto):
417 (JSC::CTI::privateCompileGetByIdChain):
418 (JSC::CTI::compileRegExp):
421 * VM/CodeGenerator.cpp:
422 (JSC::CodeGenerator::emitEqualityOp):
423 (JSC::CodeGenerator::emitLoad):
424 (JSC::CodeGenerator::emitUnexpectedLoad):
425 (JSC::CodeGenerator::emitConstruct):
426 * VM/CodeGenerator.h:
430 (JSC::jsAddSlowCase):
432 (JSC::jsTypeStringForValue):
433 (JSC::Machine::resolve):
434 (JSC::Machine::resolveSkip):
435 (JSC::Machine::resolveGlobal):
436 (JSC::inlineResolveBase):
437 (JSC::Machine::resolveBase):
438 (JSC::Machine::resolveBaseAndProperty):
439 (JSC::Machine::resolveBaseAndFunc):
440 (JSC::Machine::slideRegisterWindowForCall):
442 (JSC::Machine::callEval):
443 (JSC::Machine::dumpCallFrame):
444 (JSC::Machine::dumpRegisters):
445 (JSC::Machine::unwindCallFrame):
446 (JSC::Machine::throwException):
447 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
448 (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
449 (JSC::Machine::execute):
450 (JSC::Machine::debug):
451 (JSC::Machine::createExceptionScope):
452 (JSC::cachePrototypeChain):
453 (JSC::Machine::tryCachePutByID):
454 (JSC::Machine::tryCacheGetByID):
455 (JSC::Machine::privateExecute):
456 (JSC::Machine::retrieveArguments):
457 (JSC::Machine::retrieveCaller):
458 (JSC::Machine::retrieveLastCaller):
459 (JSC::Machine::findFunctionCallFrame):
460 (JSC::Machine::getArgumentsData):
461 (JSC::Machine::tryCTICachePutByID):
462 (JSC::Machine::getCTIArrayLengthTrampoline):
463 (JSC::Machine::getCTIStringLengthTrampoline):
464 (JSC::Machine::tryCTICacheGetByID):
465 (JSC::Machine::cti_op_convert_this):
466 (JSC::Machine::cti_op_end):
467 (JSC::Machine::cti_op_add):
468 (JSC::Machine::cti_op_pre_inc):
469 (JSC::Machine::cti_timeout_check):
470 (JSC::Machine::cti_op_loop_if_less):
471 (JSC::Machine::cti_op_loop_if_lesseq):
472 (JSC::Machine::cti_op_new_object):
473 (JSC::Machine::cti_op_put_by_id):
474 (JSC::Machine::cti_op_put_by_id_second):
475 (JSC::Machine::cti_op_put_by_id_generic):
476 (JSC::Machine::cti_op_put_by_id_fail):
477 (JSC::Machine::cti_op_get_by_id):
478 (JSC::Machine::cti_op_get_by_id_second):
479 (JSC::Machine::cti_op_get_by_id_generic):
480 (JSC::Machine::cti_op_get_by_id_fail):
481 (JSC::Machine::cti_op_instanceof):
482 (JSC::Machine::cti_op_del_by_id):
483 (JSC::Machine::cti_op_mul):
484 (JSC::Machine::cti_op_new_func):
485 (JSC::Machine::cti_op_call_JSFunction):
486 (JSC::Machine::cti_vm_compile):
487 (JSC::Machine::cti_op_push_activation):
488 (JSC::Machine::cti_op_call_NotJSFunction):
489 (JSC::Machine::cti_op_create_arguments):
490 (JSC::Machine::cti_op_tear_off_activation):
491 (JSC::Machine::cti_op_tear_off_arguments):
492 (JSC::Machine::cti_op_ret_profiler):
493 (JSC::Machine::cti_op_ret_scopeChain):
494 (JSC::Machine::cti_op_new_array):
495 (JSC::Machine::cti_op_resolve):
496 (JSC::Machine::cti_op_construct_JSConstruct):
497 (JSC::Machine::cti_op_construct_NotJSConstruct):
498 (JSC::Machine::cti_op_get_by_val):
499 (JSC::Machine::cti_op_resolve_func):
500 (JSC::Machine::cti_op_sub):
501 (JSC::Machine::cti_op_put_by_val):
502 (JSC::Machine::cti_op_put_by_val_array):
503 (JSC::Machine::cti_op_lesseq):
504 (JSC::Machine::cti_op_loop_if_true):
505 (JSC::Machine::cti_op_negate):
506 (JSC::Machine::cti_op_resolve_base):
507 (JSC::Machine::cti_op_resolve_skip):
508 (JSC::Machine::cti_op_resolve_global):
509 (JSC::Machine::cti_op_div):
510 (JSC::Machine::cti_op_pre_dec):
511 (JSC::Machine::cti_op_jless):
512 (JSC::Machine::cti_op_not):
513 (JSC::Machine::cti_op_jtrue):
514 (JSC::Machine::cti_op_post_inc):
515 (JSC::Machine::cti_op_eq):
516 (JSC::Machine::cti_op_lshift):
517 (JSC::Machine::cti_op_bitand):
518 (JSC::Machine::cti_op_rshift):
519 (JSC::Machine::cti_op_bitnot):
520 (JSC::Machine::cti_op_resolve_with_base):
521 (JSC::Machine::cti_op_new_func_exp):
522 (JSC::Machine::cti_op_mod):
523 (JSC::Machine::cti_op_less):
524 (JSC::Machine::cti_op_neq):
525 (JSC::Machine::cti_op_post_dec):
526 (JSC::Machine::cti_op_urshift):
527 (JSC::Machine::cti_op_bitxor):
528 (JSC::Machine::cti_op_new_regexp):
529 (JSC::Machine::cti_op_bitor):
530 (JSC::Machine::cti_op_call_eval):
531 (JSC::Machine::cti_op_throw):
532 (JSC::Machine::cti_op_get_pnames):
533 (JSC::Machine::cti_op_next_pname):
534 (JSC::Machine::cti_op_push_scope):
535 (JSC::Machine::cti_op_pop_scope):
536 (JSC::Machine::cti_op_typeof):
537 (JSC::Machine::cti_op_to_jsnumber):
538 (JSC::Machine::cti_op_in):
539 (JSC::Machine::cti_op_push_new_scope):
540 (JSC::Machine::cti_op_jmp_scopes):
541 (JSC::Machine::cti_op_put_by_index):
542 (JSC::Machine::cti_op_switch_imm):
543 (JSC::Machine::cti_op_switch_char):
544 (JSC::Machine::cti_op_switch_string):
545 (JSC::Machine::cti_op_del_by_val):
546 (JSC::Machine::cti_op_put_getter):
547 (JSC::Machine::cti_op_put_setter):
548 (JSC::Machine::cti_op_new_error):
549 (JSC::Machine::cti_op_debug):
550 (JSC::Machine::cti_vm_throw):
555 * kjs/DebuggerCallFrame.cpp:
556 (JSC::DebuggerCallFrame::functionName):
557 (JSC::DebuggerCallFrame::type):
558 (JSC::DebuggerCallFrame::thisObject):
559 (JSC::DebuggerCallFrame::evaluate):
560 * kjs/DebuggerCallFrame.h:
562 (JSC::CallFrame::thisValue):
564 * kjs/FunctionConstructor.cpp:
565 (JSC::constructFunction):
566 * kjs/JSActivation.cpp:
567 (JSC::JSActivation::JSActivation):
568 (JSC::JSActivation::argumentsGetter):
569 * kjs/JSActivation.h:
570 * kjs/JSGlobalObject.cpp:
571 (JSC::JSGlobalObject::init):
572 * kjs/JSGlobalObjectFunctions.cpp:
573 (JSC::globalFuncEval):
574 * kjs/JSVariableObject.h:
576 (JSC::Parser::parse):
577 * kjs/RegExpConstructor.cpp:
578 (JSC::constructRegExp):
579 * kjs/RegExpPrototype.cpp:
580 (JSC::regExpProtoFuncCompile):
583 * kjs/StringPrototype.cpp:
584 (JSC::stringProtoFuncMatch):
585 (JSC::stringProtoFuncSearch):
586 * kjs/identifier.cpp:
587 (JSC::Identifier::checkSameIdentifierTable):
588 * kjs/interpreter.cpp:
589 (JSC::Interpreter::checkSyntax):
590 (JSC::Interpreter::evaluate):
592 (JSC::ThrowableExpressionData::emitThrowError):
593 (JSC::RegExpNode::emitCode):
594 (JSC::ArrayNode::emitCode):
595 (JSC::InstanceOfNode::emitCode):
598 (JSC::RegExp::RegExp):
599 (JSC::RegExp::create):
601 * profiler/HeavyProfile.h:
602 * profiler/Profile.h:
606 2008-10-08 Mark Rowe <mrowe@apple.com>
608 Typed by Maciej Stachowiak, reviewed by Mark Rowe.
610 Fix crash in fast/js/constant-folding.html with CTI disabled.
613 (JSC::Machine::privateExecute):
615 2008-10-08 Timothy Hatcher <timothy@apple.com>
617 Roll out r37427 because it causes an infinite recursion loading about:blank.
619 https://bugs.webkit.org/show_bug.cgi?id=21476
621 2008-10-08 Darin Adler <darin@apple.com>
623 Reviewed by Cameron Zwarich.
625 - https://bugs.webkit.org/show_bug.cgi?id=21403
626 Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
628 Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
629 client over to the new name.
631 Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
632 as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
633 accessor functions to get at things in the frame.
635 Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
636 JSGlobalData* and in other cases eliminating them entirely.
638 * API/JSObjectRef.cpp:
639 (JSObjectMakeFunctionWithCallback):
640 (JSObjectMakeFunction):
641 (JSObjectHasProperty):
642 (JSObjectGetProperty):
643 (JSObjectSetProperty):
644 (JSObjectDeleteProperty):
645 * API/OpaqueJSString.cpp:
646 * API/OpaqueJSString.h:
648 (JSC::CTI::getConstant):
649 (JSC::CTI::emitGetArg):
650 (JSC::CTI::emitGetPutArg):
651 (JSC::CTI::getConstantImmediateNumericArg):
652 (JSC::CTI::printOpcodeOperandTypes):
654 (JSC::CTI::compileOpCall):
655 (JSC::CTI::compileBinaryArithOp):
656 (JSC::CTI::privateCompileMainPass):
657 (JSC::CTI::privateCompile):
658 (JSC::CTI::privateCompileGetByIdProto):
659 (JSC::CTI::privateCompileGetByIdChain):
660 (JSC::CTI::compileRegExp):
663 * VM/CodeGenerator.cpp:
664 (JSC::CodeGenerator::emitEqualityOp):
665 (JSC::CodeGenerator::emitLoad):
666 (JSC::CodeGenerator::emitUnexpectedLoad):
667 (JSC::CodeGenerator::emitConstruct):
668 * VM/CodeGenerator.h:
672 (JSC::jsAddSlowCase):
674 (JSC::jsTypeStringForValue):
675 (JSC::Machine::resolve):
676 (JSC::Machine::resolveSkip):
677 (JSC::Machine::resolveGlobal):
678 (JSC::inlineResolveBase):
679 (JSC::Machine::resolveBase):
680 (JSC::Machine::resolveBaseAndProperty):
681 (JSC::Machine::resolveBaseAndFunc):
682 (JSC::Machine::slideRegisterWindowForCall):
684 (JSC::Machine::callEval):
685 (JSC::Machine::dumpCallFrame):
686 (JSC::Machine::dumpRegisters):
687 (JSC::Machine::unwindCallFrame):
688 (JSC::Machine::throwException):
689 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
690 (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
691 (JSC::Machine::execute):
692 (JSC::Machine::debug):
693 (JSC::Machine::createExceptionScope):
694 (JSC::cachePrototypeChain):
695 (JSC::Machine::tryCachePutByID):
696 (JSC::Machine::tryCacheGetByID):
697 (JSC::Machine::privateExecute):
698 (JSC::Machine::retrieveArguments):
699 (JSC::Machine::retrieveCaller):
700 (JSC::Machine::retrieveLastCaller):
701 (JSC::Machine::findFunctionCallFrame):
702 (JSC::Machine::getArgumentsData):
703 (JSC::Machine::tryCTICachePutByID):
704 (JSC::Machine::getCTIArrayLengthTrampoline):
705 (JSC::Machine::getCTIStringLengthTrampoline):
706 (JSC::Machine::tryCTICacheGetByID):
707 (JSC::Machine::cti_op_convert_this):
708 (JSC::Machine::cti_op_end):
709 (JSC::Machine::cti_op_add):
710 (JSC::Machine::cti_op_pre_inc):
711 (JSC::Machine::cti_timeout_check):
712 (JSC::Machine::cti_op_loop_if_less):
713 (JSC::Machine::cti_op_loop_if_lesseq):
714 (JSC::Machine::cti_op_new_object):
715 (JSC::Machine::cti_op_put_by_id):
716 (JSC::Machine::cti_op_put_by_id_second):
717 (JSC::Machine::cti_op_put_by_id_generic):
718 (JSC::Machine::cti_op_put_by_id_fail):
719 (JSC::Machine::cti_op_get_by_id):
720 (JSC::Machine::cti_op_get_by_id_second):
721 (JSC::Machine::cti_op_get_by_id_generic):
722 (JSC::Machine::cti_op_get_by_id_fail):
723 (JSC::Machine::cti_op_instanceof):
724 (JSC::Machine::cti_op_del_by_id):
725 (JSC::Machine::cti_op_mul):
726 (JSC::Machine::cti_op_new_func):
727 (JSC::Machine::cti_op_call_JSFunction):
728 (JSC::Machine::cti_vm_compile):
729 (JSC::Machine::cti_op_push_activation):
730 (JSC::Machine::cti_op_call_NotJSFunction):
731 (JSC::Machine::cti_op_create_arguments):
732 (JSC::Machine::cti_op_tear_off_activation):
733 (JSC::Machine::cti_op_tear_off_arguments):
734 (JSC::Machine::cti_op_ret_profiler):
735 (JSC::Machine::cti_op_ret_scopeChain):
736 (JSC::Machine::cti_op_new_array):
737 (JSC::Machine::cti_op_resolve):
738 (JSC::Machine::cti_op_construct_JSConstruct):
739 (JSC::Machine::cti_op_construct_NotJSConstruct):
740 (JSC::Machine::cti_op_get_by_val):
741 (JSC::Machine::cti_op_resolve_func):
742 (JSC::Machine::cti_op_sub):
743 (JSC::Machine::cti_op_put_by_val):
744 (JSC::Machine::cti_op_put_by_val_array):
745 (JSC::Machine::cti_op_lesseq):
746 (JSC::Machine::cti_op_loop_if_true):
747 (JSC::Machine::cti_op_negate):
748 (JSC::Machine::cti_op_resolve_base):
749 (JSC::Machine::cti_op_resolve_skip):
750 (JSC::Machine::cti_op_resolve_global):
751 (JSC::Machine::cti_op_div):
752 (JSC::Machine::cti_op_pre_dec):
753 (JSC::Machine::cti_op_jless):
754 (JSC::Machine::cti_op_not):
755 (JSC::Machine::cti_op_jtrue):
756 (JSC::Machine::cti_op_post_inc):
757 (JSC::Machine::cti_op_eq):
758 (JSC::Machine::cti_op_lshift):
759 (JSC::Machine::cti_op_bitand):
760 (JSC::Machine::cti_op_rshift):
761 (JSC::Machine::cti_op_bitnot):
762 (JSC::Machine::cti_op_resolve_with_base):
763 (JSC::Machine::cti_op_new_func_exp):
764 (JSC::Machine::cti_op_mod):
765 (JSC::Machine::cti_op_less):
766 (JSC::Machine::cti_op_neq):
767 (JSC::Machine::cti_op_post_dec):
768 (JSC::Machine::cti_op_urshift):
769 (JSC::Machine::cti_op_bitxor):
770 (JSC::Machine::cti_op_new_regexp):
771 (JSC::Machine::cti_op_bitor):
772 (JSC::Machine::cti_op_call_eval):
773 (JSC::Machine::cti_op_throw):
774 (JSC::Machine::cti_op_get_pnames):
775 (JSC::Machine::cti_op_next_pname):
776 (JSC::Machine::cti_op_push_scope):
777 (JSC::Machine::cti_op_pop_scope):
778 (JSC::Machine::cti_op_typeof):
779 (JSC::Machine::cti_op_to_jsnumber):
780 (JSC::Machine::cti_op_in):
781 (JSC::Machine::cti_op_push_new_scope):
782 (JSC::Machine::cti_op_jmp_scopes):
783 (JSC::Machine::cti_op_put_by_index):
784 (JSC::Machine::cti_op_switch_imm):
785 (JSC::Machine::cti_op_switch_char):
786 (JSC::Machine::cti_op_switch_string):
787 (JSC::Machine::cti_op_del_by_val):
788 (JSC::Machine::cti_op_put_getter):
789 (JSC::Machine::cti_op_put_setter):
790 (JSC::Machine::cti_op_new_error):
791 (JSC::Machine::cti_op_debug):
792 (JSC::Machine::cti_vm_throw):
797 * kjs/DebuggerCallFrame.cpp:
798 (JSC::DebuggerCallFrame::functionName):
799 (JSC::DebuggerCallFrame::type):
800 (JSC::DebuggerCallFrame::thisObject):
801 (JSC::DebuggerCallFrame::evaluate):
802 * kjs/DebuggerCallFrame.h:
804 (JSC::CallFrame::thisValue):
806 * kjs/FunctionConstructor.cpp:
807 (JSC::constructFunction):
808 * kjs/JSActivation.cpp:
809 (JSC::JSActivation::JSActivation):
810 (JSC::JSActivation::argumentsGetter):
811 * kjs/JSActivation.h:
812 * kjs/JSGlobalObject.cpp:
813 (JSC::JSGlobalObject::init):
814 * kjs/JSGlobalObjectFunctions.cpp:
815 (JSC::globalFuncEval):
816 * kjs/JSVariableObject.h:
818 (JSC::Parser::parse):
819 * kjs/RegExpConstructor.cpp:
820 (JSC::constructRegExp):
821 * kjs/RegExpPrototype.cpp:
822 (JSC::regExpProtoFuncCompile):
825 * kjs/StringPrototype.cpp:
826 (JSC::stringProtoFuncMatch):
827 (JSC::stringProtoFuncSearch):
828 * kjs/identifier.cpp:
829 (JSC::Identifier::checkSameIdentifierTable):
830 * kjs/interpreter.cpp:
831 (JSC::Interpreter::checkSyntax):
832 (JSC::Interpreter::evaluate):
834 (JSC::ThrowableExpressionData::emitThrowError):
835 (JSC::RegExpNode::emitCode):
836 (JSC::ArrayNode::emitCode):
837 (JSC::InstanceOfNode::emitCode):
840 (JSC::RegExp::RegExp):
841 (JSC::RegExp::create):
843 * profiler/HeavyProfile.h:
844 * profiler/Profile.h:
848 2008-10-08 Prasanth Ullattil <pullatti@trolltech.com>
850 Reviewed by Oliver Hunt.
852 Avoid endless loops when compiling without the computed goto
855 NEXT_OPCODE expands to "continue", which will not work inside
859 (JSC::Machine::privateExecute):
861 2008-10-08 Maciej Stachowiak <mjs@apple.com>
863 Reviewed by Oliver Hunt.
865 Re-landing the following fix with the crashing bug in it fixed (r37405):
867 - optimize away multiplication by constant 1.0
869 2.3% speedup on v8 RayTrace benchmark
871 Apparently it's not uncommon for JavaScript code to multiply by
872 constant 1.0 in the mistaken belief that this converts integer to
873 floating point and that there is any operational difference.
876 (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
877 case where parameter is already number.
878 (JSC::CTI::privateCompileSlowCases): ditto
880 (JSC::Machine::privateExecute): ditto
882 (makeMultNode): Transform as follows:
883 +FOO * BAR ==> FOO * BAR
884 FOO * +BAR ==> FOO * BAR
887 (makeDivNode): Transform as follows:
888 +FOO / BAR ==> FOO / BAR
889 FOO / +BAR ==> FOO / BAR
890 (makeSubNode): Transform as follows:
891 +FOO - BAR ==> FOO - BAR
892 FOO - +BAR ==> FOO - BAR
894 (JSC::ExpressionNode::stripUnaryPlus): Helper for above
896 (JSC::UnaryPlusNode::stripUnaryPlus): ditto
898 2008-10-08 Maciej Stachowiak <mjs@apple.com>
900 Reviewed by Oliver Hunt.
902 - correctly handle appending -0 to a string, it should stringify as just 0
907 2008-10-08 Prasanth Ullattil <pullatti@trolltech.com>
911 Fix WebKit compilation with VC2008SP1
913 Apply the TR1 workaround for JavaScriptCore, too.
915 * JavaScriptCore.pro:
917 2008-10-08 Prasanth Ullattil <pullatti@trolltech.com>
921 Fix compilation errors on VS2008 64Bit
924 (JSC::currentThreadStackBase):
926 2008-10-08 André Pönitz <apoenitz@trolltech.com>
930 Fix compilation with Qt namespaces.
934 2008-10-07 Sam Weinig <sam@webkit.org>
938 2008-10-07 Oliver Hunt <oliver@apple.com>
940 Reviewed by Cameron Zwarich.
942 Switch CTI runtime calls to the fastcall calling convention
944 Basically this means that we get to store the argument for CTI
945 calls in the ECX register, which saves a register->memory write
946 and subsequent memory->register read.
948 This is a 1.7% progression in SunSpider and 2.4% on commandline
953 (JSC::CTI::privateCompilePutByIdTransition):
954 (JSC::CTI::privateCompilePatchGetArrayLength):
957 * masm/X86Assembler.h:
958 (JSC::X86Assembler::emitRestoreArgumentReference):
959 (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
960 We need this to correctly reload ecx from inside certain property access
964 2008-10-07 Maciej Stachowiak <mjs@apple.com>
966 Reviewed by Mark Rowe.
968 - optimize away multiplication by constant 1.0
970 2.3% speedup on v8 RayTrace benchmark
972 Apparently it's not uncommon for JavaScript code to multiply by
973 constant 1.0 in the mistaken belief that this converts integer to
974 floating point and that there is any operational difference.
977 (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
978 case where parameter is already number.
979 (JSC::CTI::privateCompileSlowCases): ditto
981 (JSC::Machine::privateExecute): ditto
983 (makeMultNode): Transform as follows:
984 +FOO * BAR ==> FOO * BAR
985 FOO * +BAR ==> FOO * BAR
988 (makeDivNode): Transform as follows:
989 +FOO / BAR ==> FOO / BAR
990 FOO / +BAR ==> FOO / BAR
991 (makeSubNode): Transform as follows:
992 +FOO - BAR ==> FOO - BAR
993 FOO - +BAR ==> FOO - BAR
995 (JSC::ExpressionNode::stripUnaryPlus): Helper for above
997 (JSC::UnaryPlusNode::stripUnaryPlus): ditto
999 2008-10-07 Maciej Stachowiak <mjs@apple.com>
1001 Reviewed by Oliver Hunt.
1003 - make constant folding code more consistent
1005 Added a makeSubNode to match add, mult and div; use the makeFooNode functions always,
1006 instead of allocating nodes directly in other places in the grammar.
1010 2008-10-07 Sam Weinig <sam@webkit.org>
1012 Reviewed by Cameron Zwarich.
1014 Move hasGetterSetterProperties flag from PropertyMap to StructureID.
1017 (JSC::JSObject::put):
1018 (JSC::JSObject::defineGetter):
1019 (JSC::JSObject::defineSetter):
1021 (JSC::JSObject::hasGetterSetterProperties):
1022 (JSC::JSObject::getOwnPropertySlotForWrite):
1023 (JSC::JSObject::getOwnPropertySlot):
1024 * kjs/PropertyMap.h:
1025 * kjs/StructureID.cpp:
1026 (JSC::StructureID::StructureID):
1027 (JSC::StructureID::addPropertyTransition):
1028 (JSC::StructureID::toDictionaryTransition):
1029 (JSC::StructureID::changePrototypeTransition):
1030 (JSC::StructureID::getterSetterTransition):
1031 * kjs/StructureID.h:
1032 (JSC::StructureID::hasGetterSetterProperties):
1033 (JSC::StructureID::setHasGetterSetterProperties):
1035 2008-10-07 Sam Weinig <sam@webkit.org>
1037 Reviewed by Cameron Zwarich.
1039 Roll r37370 back in with bug fixes.
1041 - PropertyMap::storageSize() should reflect the number of keys + deletedOffsets
1042 and has nothing to do with the internal deletedSentinel count anymore.
1044 2008-10-07 Gavin Barraclough <barraclough@apple.com>
1046 Reviewed by Oliver Hunt.
1048 Move callframe initialization into JIT code, again.
1050 As a part of the restructuring the second result from functions is now
1051 returned in edx, allowing the new value of 'r' to be returned via a
1052 register, and stored to the stack from JIT code, too.
1054 4.5% progression on v8-tests. (3% in their harness)
1058 (JSC::CTI::emitCall):
1059 (JSC::CTI::compileOpCall):
1060 (JSC::CTI::privateCompileMainPass):
1061 (JSC::CTI::privateCompileSlowCases):
1062 (JSC::CTI::privateCompile):
1064 (JSC::CallRecord::CallRecord):
1066 (JSC::Machine::cti_op_call_JSFunction):
1067 (JSC::Machine::cti_op_construct_JSConstruct):
1068 (JSC::Machine::cti_op_resolve_func):
1069 (JSC::Machine::cti_op_post_inc):
1070 (JSC::Machine::cti_op_resolve_with_base):
1071 (JSC::Machine::cti_op_post_dec):
1076 2008-10-07 Mark Rowe <mrowe@apple.com>
1078 Fix typo in method name.
1083 2008-10-07 Cameron Zwarich <zwarich@apple.com>
1085 Rubber-stamped by Mark Rowe.
1089 2008-10-06 Sam Weinig <sam@webkit.org>
1091 Reviewed by Cameron Zwarich.
1093 Fix for https://bugs.webkit.org/show_bug.cgi?id=21415
1094 Improve the division between PropertyStorageArray and PropertyMap
1096 - Rework ProperyMap to store offsets in the value so that they don't
1097 change when rehashing. This allows us not to have to keep the
1098 PropertyStorageArray in sync and thus not have to pass it in.
1099 - Rename PropertyMap::getOffset -> PropertyMap::get since put/remove
1100 now also return offsets.
1101 - A Vector of deleted offsets is now needed since the storage is out of
1104 1% win on SunSpider. Wash on V8 suite.
1106 * JavaScriptCore.exp:
1108 (JSC::transitionWillNeedStorageRealloc):
1110 (JSC::Machine::privateExecute):
1111 Transition logic can be greatly simplified by the fact that
1112 the storage capacity is always known, and is correct for the
1115 (JSC::JSObject::put): Rename getOffset -> get.
1116 (JSC::JSObject::deleteProperty): Ditto.
1117 (JSC::JSObject::getPropertyAttributes): Ditto.
1118 (JSC::JSObject::removeDirect): Use returned offset to
1119 clear the value in the PropertyNameArray.
1120 (JSC::JSObject::allocatePropertyStorage): Add assert.
1122 (JSC::JSObject::getDirect): Rename getOffset -> get
1123 (JSC::JSObject::getDirectLocation): Rename getOffset -> get
1124 (JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
1125 or not to resize. Also, since put now returns an offset (and thus
1126 addPropertyTransition does also) setting of the PropertyStorageArray is
1128 (JSC::JSObject::transitionTo):
1129 * kjs/PropertyMap.cpp:
1130 (JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer
1132 (JSC::PropertyMap::operator=): Copy the delete offsets vector.
1133 (JSC::PropertyMap::put): Instead of setting the PropertyNameArray
1134 explicitly, return the offset where the value should go.
1135 (JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
1136 explicitly, return the offset where the value should be removed.
1137 (JSC::PropertyMap::get): Switch to using the stored offset, instead
1138 of the implicit one.
1139 (JSC::PropertyMap::insert):
1140 (JSC::PropertyMap::expand): This is never called when m_table is null,
1141 so remove that branch and add it as an assertion.
1142 (JSC::PropertyMap::createTable): Consistency checks no longer take
1143 a PropertyNameArray.
1144 (JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
1145 now that it is completely out of band.
1146 * kjs/PropertyMap.h:
1147 (JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
1148 (JSC::PropertyMap::get): Switch to using the stored offset, instead
1149 of the implicit one.
1150 * kjs/StructureID.cpp:
1151 (JSC::StructureID::StructureID): Initialize the propertyStorageCapacity to
1152 JSObject::inlineStorageCapacity.
1153 (JSC::StructureID::growPropertyStorageCapacity): Grow the storage capacity as
1155 (JSC::StructureID::addPropertyTransition): Copy the storage capacity.
1156 (JSC::StructureID::toDictionaryTransition): Ditto.
1157 (JSC::StructureID::changePrototypeTransition): Ditto.
1158 (JSC::StructureID::getterSetterTransition): Ditto.
1159 * kjs/StructureID.h:
1160 (JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
1161 which is the current capacity for the JSObjects PropertyStorageArray.
1162 It starts at the JSObject::inlineStorageCapacity (currently 2), then
1163 when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
1164 (currently 16), and after that doubles each time.
1166 2008-10-06 Cameron Zwarich <zwarich@apple.com>
1168 Reviewed by Oliver Hunt.
1170 Bug 21396: Remove the OptionalCalleeActivation call frame slot
1171 <https://bugs.webkit.org/show_bug.cgi?id=21396>
1173 Remove the OptionalCalleeActivation call frame slot. We have to be
1174 careful to store the activation object in a register, because objects
1175 in the scope chain do not get marked.
1177 This is a 0.3% speedup on both SunSpider and the V8 benchmark.
1180 (JSC::CTI::privateCompileMainPass):
1182 (JSC::CodeBlock::dump):
1183 * VM/CodeGenerator.cpp:
1184 (JSC::CodeGenerator::CodeGenerator):
1185 (JSC::CodeGenerator::emitReturn):
1186 * VM/CodeGenerator.h:
1188 (JSC::Machine::dumpRegisters):
1189 (JSC::Machine::unwindCallFrame):
1190 (JSC::Machine::privateExecute):
1191 (JSC::Machine::cti_op_call_JSFunction):
1192 (JSC::Machine::cti_op_push_activation):
1193 (JSC::Machine::cti_op_tear_off_activation):
1194 (JSC::Machine::cti_op_construct_JSConstruct):
1196 (JSC::Machine::initializeCallFrame):
1197 * VM/RegisterFile.h:
1198 (JSC::RegisterFile::):
1200 2008-10-06 Tony Chang <tony@chromium.org>
1202 Reviewed by Alexey Proskuryakov.
1204 Chromium doesn't use pthreads on windows, so make its use conditional.
1206 Also convert a WORD to a DWORD to avoid a compiler warning. This
1207 matches the other methods around it.
1209 * wtf/ThreadingWin.cpp:
1210 (WTF::wtfThreadEntryPoint):
1211 (WTF::ThreadCondition::broadcast):
1213 2008-10-06 Mark Mentovai <mark@moxienet.com>
1215 Reviewed by Tim Hatcher.
1217 Allow ENABLE_DASHBOARD_SUPPORT and ENABLE_MAC_JAVA_BRIDGE to be
1218 disabled on the Mac.
1220 https://bugs.webkit.org/show_bug.cgi?id=21333
1224 2008-10-06 Steve Falkenburg <sfalken@apple.com>
1226 https://bugs.webkit.org/show_bug.cgi?id=21416
1227 Pass 0 for size to VirtualAlloc, as documented by MSDN.
1228 Identified by Application Verifier.
1230 Reviewed by Darin Adler.
1232 * kjs/collector.cpp:
1235 2008-10-06 Kevin McCullough <kmccullough@apple.com>
1237 Reviewed by Tim Hatcheri and Oliver Hunt.
1239 https://bugs.webkit.org/show_bug.cgi?id=21412
1240 Bug 21412: Refactor user initiated profile count to be more stable
1241 - Export UString::from for use with creating the profile title.
1243 * JavaScriptCore.exp:
1245 2008-10-06 Maciej Stachowiak <mjs@apple.com>
1247 Not reviewed. Build fix.
1249 - revert toBoolean changes (r37333 and r37335); need to make WebCore work with these
1251 * API/JSValueRef.cpp:
1254 * JavaScriptCore.exp:
1256 (JSC::CodeBlock::dump):
1258 (JSC::Machine::privateExecute):
1259 (JSC::Machine::cti_op_loop_if_true):
1260 (JSC::Machine::cti_op_not):
1261 (JSC::Machine::cti_op_jtrue):
1262 * kjs/ArrayPrototype.cpp:
1263 (JSC::arrayProtoFuncFilter):
1264 (JSC::arrayProtoFuncEvery):
1265 (JSC::arrayProtoFuncSome):
1266 * kjs/BooleanConstructor.cpp:
1267 (JSC::constructBoolean):
1268 (JSC::callBooleanConstructor):
1269 * kjs/GetterSetter.h:
1271 (JSC::JSValue::toBoolean):
1272 * kjs/JSNumberCell.cpp:
1273 (JSC::JSNumberCell::toBoolean):
1274 * kjs/JSNumberCell.h:
1276 (JSC::JSObject::toBoolean):
1279 (JSC::JSString::toBoolean):
1282 * kjs/RegExpConstructor.cpp:
1283 (JSC::setRegExpConstructorMultiline):
1284 * kjs/RegExpObject.cpp:
1285 (JSC::RegExpObject::match):
1286 * kjs/RegExpPrototype.cpp:
1287 (JSC::regExpProtoFuncToString):
1289 2008-10-06 Maciej Stachowiak <mjs@apple.com>
1291 Reviewed by Sam Weinig.
1293 - optimize op_jtrue, op_loop_if_true and op_not in various ways
1294 https://bugs.webkit.org/show_bug.cgi?id=21404
1296 1) Make JSValue::toBoolean nonvirtual and completely inline by
1297 making use of the StructureID type field.
1299 2) Make JSValue::toBoolean not take an ExecState; doesn't need it.
1301 3) Make op_not, op_loop_if_true and op_jtrue not read the
1302 ExecState (toBoolean doesn't need it any more) and not check
1303 exceptions (toBoolean can't throw).
1305 * API/JSValueRef.cpp:
1307 * JavaScriptCore.exp:
1309 (JSC::CodeBlock::dump):
1311 (JSC::Machine::privateExecute):
1312 (JSC::Machine::cti_op_loop_if_true):
1313 (JSC::Machine::cti_op_not):
1314 (JSC::Machine::cti_op_jtrue):
1315 * kjs/ArrayPrototype.cpp:
1316 (JSC::arrayProtoFuncFilter):
1317 (JSC::arrayProtoFuncEvery):
1318 (JSC::arrayProtoFuncSome):
1319 * kjs/BooleanConstructor.cpp:
1320 (JSC::constructBoolean):
1321 (JSC::callBooleanConstructor):
1322 * kjs/GetterSetter.h:
1324 (JSC::JSValue::toBoolean):
1325 * kjs/JSNumberCell.cpp:
1326 * kjs/JSNumberCell.h:
1327 (JSC::JSNumberCell::toBoolean):
1330 (JSC::JSObject::toBoolean):
1331 (JSC::JSCell::toBoolean):
1334 (JSC::JSString::toBoolean):
1336 * kjs/RegExpConstructor.cpp:
1337 (JSC::setRegExpConstructorMultiline):
1338 * kjs/RegExpObject.cpp:
1339 (JSC::RegExpObject::match):
1340 * kjs/RegExpPrototype.cpp:
1341 (JSC::regExpProtoFuncToString):
1343 2008-10-06 Ariya Hidayat <ariya.hidayat@trolltech.com>
1347 Build fix for MinGW.
1349 * JavaScriptCore.pri:
1351 (JSC::highResUpTime):
1353 2008-10-05 Cameron Zwarich <zwarich@apple.com>
1355 Reviewed by Oliver Hunt.
1357 Remove ScopeNode::containsClosures() now that it is unused.
1360 (JSC::ScopeNode::containsClosures):
1362 2008-10-05 Maciej Stachowiak <mjs@apple.com>
1364 Reviewed by Cameron Zwarich.
1366 - fix releas-only test failures caused by the fix to bug 21375
1369 (JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
1370 it now matters more to have a still-valid ExecState, since dynamicGlobalObject
1371 will make use of the ExecState's scope chain.
1374 2008-10-05 Cameron Zwarich <zwarich@apple.com>
1376 Reviewed by Oliver Hunt.
1378 Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
1379 <https://bugs.webkit.org/show_bug.cgi?id=21364>
1381 Use information from the parser to detect whether an activation is
1382 needed or 'arguments' is used, and emit explicit instructions to tear
1383 them off before op_ret. This allows a branch to be removed from op_ret
1384 and simplifies some other code. This does cause a small change in the
1385 behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
1386 mentioned in the lexical scope of the function.
1388 It should now be easy to remove the OptionaCalleeActivation slot in the
1389 call frame, but this will be done in a later patch.
1392 (JSC::CTI::privateCompileMainPass):
1394 (JSC::CodeBlock::dump):
1395 * VM/CodeGenerator.cpp:
1396 (JSC::CodeGenerator::emitReturn):
1397 * VM/CodeGenerator.h:
1399 (JSC::Machine::unwindCallFrame):
1400 (JSC::Machine::privateExecute):
1401 (JSC::Machine::retrieveArguments):
1402 (JSC::Machine::cti_op_create_arguments):
1403 (JSC::Machine::cti_op_tear_off_activation):
1404 (JSC::Machine::cti_op_tear_off_arguments):
1407 * kjs/Arguments.cpp:
1408 (JSC::Arguments::mark):
1410 (JSC::Arguments::isTornOff):
1411 (JSC::Arguments::Arguments):
1412 (JSC::Arguments::copyRegisters):
1413 (JSC::JSActivation::copyRegisters):
1414 * kjs/JSActivation.cpp:
1415 (JSC::JSActivation::argumentsGetter):
1416 * kjs/JSActivation.h:
1418 2008-10-05 Maciej Stachowiak <mjs@apple.com>
1420 Reviewed by Oliver Hunt.
1422 - fixed "REGRESSION (r37297): fast/js/deep-recursion-test takes too long and times out"
1423 https://bugs.webkit.org/show_bug.cgi?id=21375
1425 The problem is that dynamicGlobalObject had become O(N) in number
1426 of call frames, but unwinding the stack for an exception called it
1427 for every call frame, resulting in O(N^2) behavior for an
1428 exception thrown from inside deep recursion.
1430 Instead of doing it that way, stash the dynamic global object in JSGlobalData.
1432 * JavaScriptCore.exp:
1434 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
1435 store and later restore a dynamicGlobalObject in JSGlobalData.
1436 (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
1437 (JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
1438 For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
1439 only if none is currently set.
1442 * kjs/JSGlobalData.cpp:
1443 (JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.
1444 * kjs/JSGlobalData.h:
1445 * kjs/JSGlobalObject.h:
1446 (JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
1447 Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
1448 for the one stashed there.
1450 2008-10-05 Sam Weinig <sam@webkit.org>
1452 Reviewed by Maciej Stachowiak.
1454 Avoid an extra lookup when transitioning to an existing StructureID
1455 by caching the offset of property that caused the transition.
1457 1% win on V8 suite. Wash on SunSpider.
1459 * kjs/PropertyMap.cpp:
1460 (JSC::PropertyMap::put):
1461 * kjs/PropertyMap.h:
1462 * kjs/StructureID.cpp:
1463 (JSC::StructureID::StructureID):
1464 (JSC::StructureID::addPropertyTransition):
1465 * kjs/StructureID.h:
1466 (JSC::StructureID::setCachedTransistionOffset):
1467 (JSC::StructureID::cachedTransistionOffset):
1469 2008-10-05 Cameron Zwarich <zwarich@apple.com>
1471 Reviewed by Maciej Stachowiak.
1473 Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
1474 <https://bugs.webkit.org/show_bug.cgi?id=21364>
1476 This patch does not yet remove the branch, but it does a bit of refactoring
1477 so that a CodeGenerator now knows whether the associated CodeBlock will need
1478 a full scope before doing any code generation. This makes it possible to emit
1479 explicit tear-off instructions before every op_ret.
1482 (JSC::CodeBlock::CodeBlock):
1483 * VM/CodeGenerator.cpp:
1484 (JSC::CodeGenerator::generate):
1485 (JSC::CodeGenerator::CodeGenerator):
1486 (JSC::CodeGenerator::emitPushScope):
1487 (JSC::CodeGenerator::emitPushNewScope):
1489 (JSC::ScopeNode::needsActivation):
1491 2008-10-05 Gavin Barraclough <barraclough@apple.com>
1493 Reviewed by Cameron Zwarich.
1495 Fix for bug #21387 - using SamplingTool with CTI.
1497 (1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
1498 (2) Fix an incusion order problem due to ExecState changes.
1499 (3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.
1502 (JSC::CTI::execute):
1503 * VM/SamplingTool.h:
1504 (JSC::SamplingTool::privateExecuteReturned):
1507 2008-10-04 Mark Rowe <mrowe@apple.com>
1509 Reviewed by Tim Hatcher.
1511 Add a 'Check For Weak VTables' build phase to catch weak vtables as early as possible.
1513 * JavaScriptCore.xcodeproj/project.pbxproj:
1515 2008-10-04 Sam Weinig <sam@webkit.org>
1517 Reviewed by Oliver Hunt.
1519 Fix https://bugs.webkit.org/show_bug.cgi?id=21320
1520 leaks of PropertyNameArrayData seen on buildbot
1522 - Fix RefPtr cycle by making PropertyNameArrayData's pointer back
1523 to the StructureID a weak pointer.
1525 * kjs/PropertyNameArray.h:
1526 (JSC::PropertyNameArrayData::setCachedStructureID):
1527 (JSC::PropertyNameArrayData::cachedStructureID):
1528 * kjs/StructureID.cpp:
1529 (JSC::StructureID::getEnumerablePropertyNames):
1530 (JSC::StructureID::clearEnumerationCache):
1531 (JSC::StructureID::~StructureID):
1533 2008-10-04 Darin Adler <darin@apple.com>
1535 Reviewed by Cameron Zwarich.
1537 - https://bugs.webkit.org/show_bug.cgi?id=21295
1538 Bug 21295: Replace ExecState with a call frame Register pointer
1540 10% faster on Richards; other v8 benchmarks faster too.
1541 A wash on SunSpider.
1543 This does the minimum necessary to get the speedup. Next step in
1544 cleaning this up is to replace ExecState with a CallFrame class,
1545 and be more judicious about when to pass a call frame and when
1546 to pass a global data pointer, global object pointer, or perhaps
1547 something else entirely.
1549 * VM/CTI.cpp: Remove the debug-only check of the exception in
1550 ctiVMThrowTrampoline -- already checked in the code the trampoline
1551 jumps to, so not all that useful. Removed the exec argument from
1552 ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
1553 (JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
1554 (JSC::CTI::privateCompileMainPass): Removed code in catch to extract
1555 the exception from ExecState::m_exception; instead, the code that
1556 jumps into catch will make sure the exception is already in eax.
1557 * VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
1558 non-helpful "volatile". Temporarily left ARG_exec in as a synonym
1559 for ARG_r; I'll change that on a future cleanup pass when introducing
1560 more use of the CallFrame type.
1561 (JSC::CTI::execute): Removed the ExecState* argument.
1563 * VM/ExceptionHelpers.cpp:
1564 (JSC::InterruptedExecutionError::InterruptedExecutionError): Take
1565 JSGlobalData* instead of ExecState*.
1566 (JSC::createInterruptedExecutionException): Ditto.
1567 * VM/ExceptionHelpers.h: Ditto. Also removed an unneeded include.
1570 (JSC::slideRegisterWindowForCall): Removed the exec and
1571 exceptionValue arguments. Changed to return 0 when there's a stack
1572 overflow rather than using a separate exception argument to cut
1573 down on memory accesses in the calling convention.
1574 (JSC::Machine::unwindCallFrame): Removed the exec argument when
1575 constructing a DebuggerCallFrame. Also removed code to set
1576 ExecState::m_callFrame.
1577 (JSC::Machine::throwException): Removed the exec argument when
1578 construction a DebuggerCallFrame.
1579 (JSC::Machine::execute): Updated to use the register instead of
1580 ExecState and also removed various uses of ExecState.
1581 (JSC::Machine::debug):
1582 (JSC::Machine::privateExecute): Put globalData into a local
1583 variable so it can be used throughout the interpreter. Changed
1584 the VM_CHECK_EXCEPTION to get the exception in globalData instead
1585 of through ExecState.
1586 (JSC::Machine::retrieveLastCaller): Turn exec into a registers
1587 pointer by calling registers() instead of by getting m_callFrame.
1588 (JSC::Machine::callFrame): Ditto.
1589 Tweaked exception macros. Made new versions for when you know
1590 you have an exception. Get at global exception with ARG_globalData.
1591 Got rid of the need to pass in the return value type.
1592 (JSC::Machine::cti_op_add): Update to use new version of exception
1594 (JSC::Machine::cti_op_pre_inc): Ditto.
1595 (JSC::Machine::cti_timeout_check): Ditto.
1596 (JSC::Machine::cti_op_instanceof): Ditto.
1597 (JSC::Machine::cti_op_new_func): Ditto.
1598 (JSC::Machine::cti_op_call_JSFunction): Optimized by using the
1599 ARG values directly instead of through local variables -- this gets
1600 rid of code that just shuffles things around in the stack frame.
1601 Also get rid of ExecState and update for the new way exceptions are
1602 handled in slideRegisterWindowForCall.
1603 (JSC::Machine::cti_vm_compile): Update to make exec out of r since
1604 they are both the same thing now.
1605 (JSC::Machine::cti_op_call_NotJSFunction): Ditto.
1606 (JSC::Machine::cti_op_init_arguments): Ditto.
1607 (JSC::Machine::cti_op_resolve): Ditto.
1608 (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
1609 (JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
1610 (JSC::Machine::cti_op_resolve_func): Ditto.
1611 (JSC::Machine::cti_op_put_by_val): Ditto.
1612 (JSC::Machine::cti_op_put_by_val_array): Ditto.
1613 (JSC::Machine::cti_op_resolve_skip): Ditto.
1614 (JSC::Machine::cti_op_resolve_global): Ditto.
1615 (JSC::Machine::cti_op_post_inc): Ditto.
1616 (JSC::Machine::cti_op_resolve_with_base): Ditto.
1617 (JSC::Machine::cti_op_post_dec): Ditto.
1618 (JSC::Machine::cti_op_call_eval): Ditto.
1619 (JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
1620 the exception value as the return value so it can be used by
1622 (JSC::Machine::cti_op_push_scope): Ditto.
1623 (JSC::Machine::cti_op_in): Ditto.
1624 (JSC::Machine::cti_op_del_by_val): Ditto.
1625 (JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
1626 the exception value as the return value so it can be used by
1629 * kjs/DebuggerCallFrame.cpp:
1630 (JSC::DebuggerCallFrame::functionName): Pass globalData.
1631 (JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
1633 * kjs/DebuggerCallFrame.h: Removed ExecState argument from
1636 * kjs/ExecState.h: Eliminated all data members and made ExecState
1637 inherit privately from Register instead. Also added a typedef to
1638 the future name for this class, which is CallFrame. It's just a
1639 Register* that knows it's a pointer at a call frame. The new class
1640 can't be constructed or copied. Changed all functions to use
1641 the this pointer instead of m_callFrame. Changed exception-related
1642 functions to access an exception in JSGlobalData. Removed functions
1643 used by CTI to pass the return address to the throw machinery --
1644 this is now done directly with a global in the global data.
1646 * kjs/FunctionPrototype.cpp:
1647 (JSC::functionProtoFuncToString): Pass globalData instead of exec.
1649 * kjs/InternalFunction.cpp:
1650 (JSC::InternalFunction::name): Take globalData instead of exec.
1651 * kjs/InternalFunction.h: Ditto.
1653 * kjs/JSGlobalData.cpp: Initialize the new exception global to 0.
1654 * kjs/JSGlobalData.h: Declare two new globals. One for the current
1655 exception and another for the return address used by CTI to
1656 implement the throw operation.
1658 * kjs/JSGlobalObject.cpp:
1659 (JSC::JSGlobalObject::init): Removed code to set up globalExec,
1660 which is now the same thing as globalCallFrame.
1661 (JSC::JSGlobalObject::reset): Get globalExec from our globalExec
1662 function so we don't have to repeat the logic twice.
1663 (JSC::JSGlobalObject::mark): Removed code to mark the exception;
1664 the exception is now stored in JSGlobalData and marked there.
1665 (JSC::JSGlobalObject::globalExec): Return a pointer to the end
1666 of the global call frame.
1667 * kjs/JSGlobalObject.h: Removed the globalExec data member.
1670 (JSC::JSObject::putDirectFunction): Pass globalData instead of exec.
1672 * kjs/collector.cpp:
1673 (JSC::Heap::collect): Mark the global exception.
1675 * profiler/ProfileGenerator.cpp:
1676 (JSC::ProfileGenerator::addParentForConsoleStart): Pass globalData
1677 instead of exec to createCallIdentifier.
1679 * profiler/Profiler.cpp:
1680 (JSC::Profiler::willExecute): Pass globalData instead of exec to
1681 createCallIdentifier.
1682 (JSC::Profiler::didExecute): Ditto.
1683 (JSC::Profiler::createCallIdentifier): Take globalData instead of
1685 (JSC::createCallIdentifierFromFunctionImp): Ditto.
1686 * profiler/Profiler.h: Change interface to take a JSGlobalData
1687 instead of an ExecState.
1689 2008-10-04 Cameron Zwarich <zwarich@apple.com>
1691 Reviewed by Darin Adler.
1693 Bug 21369: Add opcode documentation for all undocumented opcodes
1694 <https://bugs.webkit.org/show_bug.cgi?id=21369>
1696 This patch adds opcode documentation for all undocumented opcodes, and
1697 it also renames op_init_arguments to op_create_arguments.
1700 (JSC::CTI::privateCompileMainPass):
1702 (JSC::CodeBlock::dump):
1703 * VM/CodeGenerator.cpp:
1704 (JSC::CodeGenerator::CodeGenerator):
1706 (JSC::Machine::privateExecute):
1707 (JSC::Machine::cti_op_create_arguments):
1711 2008-10-03 Maciej Stachowiak <mjs@apple.com>
1713 Reviewed by Cameron Zwarich.
1715 - "this" object in methods called on primitives should be wrapper object
1716 https://bugs.webkit.org/show_bug.cgi?id=21362
1718 I changed things so that functions which use "this" do a fast
1719 version of toThisObject conversion if needed. Currently we miss
1720 the conversion entirely, at least for primitive types. Using
1721 TypeInfo and the primitive check, I made the fast case bail out
1724 This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).
1726 Also renamed some opcodes for clarity:
1729 init_activation ==> enter_with_activation
1732 (JSC::CTI::privateCompileMainPass):
1733 (JSC::CTI::privateCompileSlowCases):
1735 (JSC::CodeBlock::dump):
1736 * VM/CodeGenerator.cpp:
1737 (JSC::CodeGenerator::generate):
1738 (JSC::CodeGenerator::CodeGenerator):
1740 (JSC::Machine::privateExecute):
1741 (JSC::Machine::cti_op_convert_this):
1744 * kjs/JSActivation.cpp:
1745 (JSC::JSActivation::JSActivation):
1746 * kjs/JSActivation.h:
1747 (JSC::JSActivation::createStructureID):
1749 (JSC::JSValue::needsThisConversion):
1750 * kjs/JSGlobalData.cpp:
1751 (JSC::JSGlobalData::JSGlobalData):
1752 * kjs/JSGlobalData.h:
1753 * kjs/JSNumberCell.h:
1754 (JSC::JSNumberCell::createStructureID):
1755 * kjs/JSStaticScopeObject.h:
1756 (JSC::JSStaticScopeObject::JSStaticScopeObject):
1757 (JSC::JSStaticScopeObject::createStructureID):
1759 (JSC::JSString::createStructureID):
1762 (JSC::TypeInfo::needsThisConversion):
1764 (JSC::ScopeNode::usesThis):
1766 2008-10-03 Cameron Zwarich <zwarich@apple.com>
1768 Reviewed by Maciej Stachowiak.
1770 Bug 21356: The size of the RegisterFile differs depending on 32-bit / 64-bit and Debug / Release
1771 <https://bugs.webkit.org/show_bug.cgi?id=21356>
1773 The RegisterFile decreases in size (measured in terms of numbers of
1774 Registers) as the size of a Register increases. This causes
1776 js1_5/Regress/regress-159334.js
1778 to fail in 64-bit debug builds. This fix makes the RegisterFile on all
1779 platforms the same size that it is in 32-bit Release builds.
1781 * VM/RegisterFile.h:
1782 (JSC::RegisterFile::RegisterFile):
1784 2008-10-03 Maciej Stachowiak <mjs@apple.com>
1786 Reviewed by Cameron Zwarich.
1788 - Some code cleanup to how we handle code features.
1790 1) Rename FeatureInfo typedef to CodeFeatures.
1791 2) Rename NodeFeatureInfo template to NodeInfo.
1792 3) Keep CodeFeature bitmask in ScopeNode instead of trying to break it out into individual bools.
1793 4) Rename misleadingly named "needsClosure" method to "containsClosures", which better describes the meaning
1795 5) Make setUsersArguments() not take an argument since it only goes one way.
1797 * JavaScriptCore.exp:
1799 (JSC::CodeBlock::CodeBlock):
1802 (JSC::Parser::didFinishParsing):
1804 (JSC::Parser::parse):
1807 (JSC::ScopeNode::ScopeNode):
1808 (JSC::ProgramNode::ProgramNode):
1809 (JSC::ProgramNode::create):
1810 (JSC::EvalNode::EvalNode):
1811 (JSC::EvalNode::create):
1812 (JSC::FunctionBodyNode::FunctionBodyNode):
1813 (JSC::FunctionBodyNode::create):
1815 (JSC::ScopeNode::usesEval):
1816 (JSC::ScopeNode::containsClosures):
1817 (JSC::ScopeNode::usesArguments):
1818 (JSC::ScopeNode::setUsesArguments):
1820 2008-10-03 Cameron Zwarich <zwarich@apple.com>
1822 Reviewed by Maciej Stachowiak.
1824 Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
1825 <https://bugs.webkit.org/show_bug.cgi?id=21343>
1827 A fix was landed for this issue in r37253, and the ChangeLog assumes
1828 that it is a compiler bug, but it turns out that it is a subtle issue
1829 with mixing signed and unsigned 32-bit values in a 64-bit environment.
1830 In order to properly fix this bug, we should convert our signed offsets
1831 into the register file to use ptrdiff_t.
1833 This may not be the only instance of this issue, but I will land this
1834 fix first and look for more later.
1837 (JSC::Machine::getArgumentsData):
1839 * kjs/Arguments.cpp:
1840 (JSC::Arguments::getOwnPropertySlot):
1842 (JSC::Arguments::init):
1844 2008-10-03 Darin Adler <darin@apple.com>
1846 * VM/CTI.cpp: Another Windows build fix. Change the args of ctiTrampoline.
1848 * kjs/JSNumberCell.h: A build fix for newer versions of gcc. Added
1849 declarations of JSGlobalData overloads of jsNumberCell.
1851 2008-10-03 Darin Adler <darin@apple.com>
1853 - try to fix Windows build
1855 * kjs/ScopeChain.h: Add forward declaration of JSGlobalData.
1857 2008-10-03 Darin Adler <darin@apple.com>
1859 Reviewed by Geoff Garen.
1861 - next step of https://bugs.webkit.org/show_bug.cgi?id=21295
1862 Turn ExecState into a call frame pointer.
1864 Remove m_globalObject and m_globalData from ExecState.
1866 SunSpider says this is a wash (slightly faster but not statistically
1867 significant); which is good enough since it's a preparation step and
1868 not supposed to be a spedup.
1870 * API/JSCallbackFunction.cpp:
1871 (JSC::JSCallbackFunction::JSCallbackFunction):
1872 * kjs/ArrayConstructor.cpp:
1873 (JSC::ArrayConstructor::ArrayConstructor):
1874 * kjs/BooleanConstructor.cpp:
1875 (JSC::BooleanConstructor::BooleanConstructor):
1876 * kjs/DateConstructor.cpp:
1877 (JSC::DateConstructor::DateConstructor):
1878 * kjs/ErrorConstructor.cpp:
1879 (JSC::ErrorConstructor::ErrorConstructor):
1880 * kjs/FunctionPrototype.cpp:
1881 (JSC::FunctionPrototype::FunctionPrototype):
1882 * kjs/JSFunction.cpp:
1883 (JSC::JSFunction::JSFunction):
1884 * kjs/NativeErrorConstructor.cpp:
1885 (JSC::NativeErrorConstructor::NativeErrorConstructor):
1886 * kjs/NumberConstructor.cpp:
1887 (JSC::NumberConstructor::NumberConstructor):
1888 * kjs/ObjectConstructor.cpp:
1889 (JSC::ObjectConstructor::ObjectConstructor):
1890 * kjs/PrototypeFunction.cpp:
1891 (JSC::PrototypeFunction::PrototypeFunction):
1892 * kjs/RegExpConstructor.cpp:
1893 (JSC::RegExpConstructor::RegExpConstructor):
1894 * kjs/StringConstructor.cpp:
1895 (JSC::StringConstructor::StringConstructor):
1896 Pass JSGlobalData* instead of ExecState* to the InternalFunction
1899 * API/OpaqueJSString.cpp: Added now-needed include.
1901 * JavaScriptCore.exp: Updated.
1904 (JSC::CTI::emitSlowScriptCheck): Changed to use ARGS_globalData
1905 instead of ARGS_exec.
1907 * VM/CTI.h: Added a new argument to the CTI, the global data pointer.
1908 While it's possible to get to the global data pointer using the
1909 ExecState pointer, it's slow enough that it's better to just keep
1910 it around in the CTI arguments.
1912 * VM/CodeBlock.h: Moved the CodeType enum here from ExecState.h.
1915 (JSC::Machine::execute): Pass fewer arguments when constructing
1916 ExecState, and pass the global data pointer when invoking CTI.
1917 (JSC::Machine::firstCallFrame): Added. Used to get the dynamic global
1918 object, which is in the scope chain of the first call frame.
1919 (JSC::Machine::cti_op_add): Use globalData instead of exec when
1920 possible, to keep fast cases fast, since it's now more expensive to
1921 get to it through the exec pointer.
1922 (JSC::Machine::cti_timeout_check): Ditto.
1923 (JSC::Machine::cti_op_put_by_id_second): Ditto.
1924 (JSC::Machine::cti_op_get_by_id_second): Ditto.
1925 (JSC::Machine::cti_op_mul): Ditto.
1926 (JSC::Machine::cti_vm_compile): Ditto.
1927 (JSC::Machine::cti_op_get_by_val): Ditto.
1928 (JSC::Machine::cti_op_sub): Ditto.
1929 (JSC::Machine::cti_op_put_by_val): Ditto.
1930 (JSC::Machine::cti_op_put_by_val_array): Ditto.
1931 (JSC::Machine::cti_op_negate): Ditto.
1932 (JSC::Machine::cti_op_div): Ditto.
1933 (JSC::Machine::cti_op_pre_dec): Ditto.
1934 (JSC::Machine::cti_op_post_inc): Ditto.
1935 (JSC::Machine::cti_op_lshift): Ditto.
1936 (JSC::Machine::cti_op_bitand): Ditto.
1937 (JSC::Machine::cti_op_rshift): Ditto.
1938 (JSC::Machine::cti_op_bitnot): Ditto.
1939 (JSC::Machine::cti_op_mod): Ditto.
1940 (JSC::Machine::cti_op_post_dec): Ditto.
1941 (JSC::Machine::cti_op_urshift): Ditto.
1942 (JSC::Machine::cti_op_bitxor): Ditto.
1943 (JSC::Machine::cti_op_bitor): Ditto.
1944 (JSC::Machine::cti_op_call_eval): Ditto.
1945 (JSC::Machine::cti_op_throw): Ditto.
1946 (JSC::Machine::cti_op_is_string): Ditto.
1947 (JSC::Machine::cti_op_debug): Ditto.
1948 (JSC::Machine::cti_vm_throw): Ditto.
1950 * VM/Machine.h: Added firstCallFrame.
1952 * kjs/DebuggerCallFrame.cpp:
1953 (JSC::DebuggerCallFrame::evaluate): Pass fewer arguments when
1954 constructing ExecState.
1956 * kjs/ExecState.cpp: Deleted contents. Later we'll remove the
1959 * kjs/ExecState.h: Removed m_globalObject and m_globalData.
1960 Moved CodeType into another header.
1961 (JSC::ExecState::ExecState): Take only a single argument, a
1963 (JSC::ExecState::dynamicGlobalObject): Get the object from
1964 the first call frame since it's no longer stored.
1965 (JSC::ExecState::globalData): Get the global data from the
1966 scope chain, since we no longer store a pointer to it here.
1967 (JSC::ExecState::identifierTable): Ditto.
1968 (JSC::ExecState::propertyNames): Ditto.
1969 (JSC::ExecState::emptyList): Ditto.
1970 (JSC::ExecState::lexer): Ditto.
1971 (JSC::ExecState::parser): Ditto.
1972 (JSC::ExecState::machine): Ditto.
1973 (JSC::ExecState::arrayTable): Ditto.
1974 (JSC::ExecState::dateTable): Ditto.
1975 (JSC::ExecState::mathTable): Ditto.
1976 (JSC::ExecState::numberTable): Ditto.
1977 (JSC::ExecState::regExpTable): Ditto.
1978 (JSC::ExecState::regExpConstructorTable): Ditto.
1979 (JSC::ExecState::stringTable): Ditto.
1980 (JSC::ExecState::heap): Ditto.
1982 * kjs/FunctionConstructor.cpp:
1983 (JSC::FunctionConstructor::FunctionConstructor): Pass
1984 JSGlobalData* instead of ExecState* to the InternalFunction
1986 (JSC::constructFunction): Pass the global data pointer when
1987 constructing a new scope chain.
1989 * kjs/InternalFunction.cpp:
1990 (JSC::InternalFunction::InternalFunction): Take a JSGlobalData*
1991 instead of an ExecState*. Later we can change more places to
1992 work this way -- it's more efficient to take the type you need
1993 since the caller might already have it.
1994 * kjs/InternalFunction.h: Ditto.
1997 (JSC::JSCell::operator new): Added an overload that takes a
1998 JSGlobalData* so you can construct without an ExecState*.
2000 * kjs/JSGlobalObject.cpp:
2001 (JSC::JSGlobalObject::init): Moved creation of the global scope
2002 chain in here, since it now requires a pointer to the global data.
2003 Moved the initialization of the call frame in here since it requires
2004 the global scope chain node. Removed the extra argument to ExecState
2005 when creating the global ExecState*.
2006 * kjs/JSGlobalObject.h: Removed initialization of globalScopeChain
2007 and the call frame from the JSGlobalObjectData constructor. Added
2008 a thisValue argument to the init function.
2010 * kjs/JSNumberCell.cpp: Added versions of jsNumberCell that take
2011 JSGlobalData* rather than ExecState*.
2012 * kjs/JSNumberCell.h:
2013 (JSC::JSNumberCell::operator new): Added a version that takes
2015 (JSC::JSNumberCell::JSNumberCell): Ditto.
2016 (JSC::jsNumber): Ditto.
2018 (JSC::jsString): Ditto.
2019 (JSC::jsSubstring): Ditto.
2020 (JSC::jsOwnedString): Ditto.
2022 (JSC::JSString::JSString): Changed to take JSGlobalData*.
2023 (JSC::jsEmptyString): Added a version that takes JSGlobalData*.
2024 (JSC::jsSingleCharacterString): Ditto.
2025 (JSC::jsSingleCharacterSubstring): Ditto.
2026 (JSC::jsNontrivialString): Ditto.
2027 (JSC::JSString::getIndex): Ditto.
2028 (JSC::jsString): Ditto.
2029 (JSC::jsSubstring): Ditto.
2030 (JSC::jsOwnedString): Ditto.
2032 * kjs/ScopeChain.h: Added a globalData pointer to each node.
2033 (JSC::ScopeChainNode::ScopeChainNode): Initialize the globalData
2035 (JSC::ScopeChainNode::push): Set the global data pointer in the
2037 (JSC::ScopeChain::ScopeChain): Take a globalData argument.
2039 * kjs/SmallStrings.cpp:
2040 (JSC::SmallStrings::createEmptyString): Take JSGlobalData* instead of
2042 (JSC::SmallStrings::createSingleCharacterString): Ditto.
2043 * kjs/SmallStrings.h:
2044 (JSC::SmallStrings::emptyString): Ditto.
2045 (JSC::SmallStrings::singleCharacterString): Ditto.
2047 2008-10-03 Cameron Zwarich <zwarich@apple.com>
2049 Reviewed by Geoff Garen.
2051 Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
2052 <https://bugs.webkit.org/show_bug.cgi?id=21343>
2054 Add a workaround for a bug in GCC, which affects GCC 4.0, GCC 4.2, and
2055 llvm-gcc 4.2. I put it in an #ifdef because it was a slight regression
2056 on SunSpider in 32-bit, although that might be entirely random.
2058 * kjs/Arguments.cpp:
2059 (JSC::Arguments::getOwnPropertySlot):
2061 2008-10-03 Darin Adler <darin@apple.com>
2063 Rubber stamped by Alexey Proskuryakov.
2065 * kjs/Shell.cpp: (main): Don't delete JSGlobalData. Later, we need to change
2066 this tool to use public JavaScriptCore API instead.
2068 2008-10-03 Darin Adler <darin@apple.com>
2070 Suggested by Alexey Proskuryakov.
2072 * kjs/JSGlobalData.cpp:
2073 (JSC::JSGlobalData::~JSGlobalData): Remove call to heap.destroy() because
2074 it's too late to ref the JSGlobalData object once it's already being
2075 destroyed. In practice this is not a problem because WebCore's JSGlobalData
2076 is never destroyed and JSGlobalContextRelease takes care of calling
2077 heap.destroy() in advance.
2079 2008-10-02 Oliver Hunt <oliver@apple.com>
2081 Reviewed by Maciej Stachowiak.
2083 Replace SSE3 check with an SSE2 check, and implement SSE2 check on windows.
2085 5.6% win on SunSpider on windows.
2088 (JSC::isSSE2Present):
2089 (JSC::CTI::compileBinaryArithOp):
2090 (JSC::CTI::compileBinaryArithOpSlowCase):
2092 2008-10-03 Maciej Stachowiak <mjs@apple.com>
2094 Rubber stamped by Cameron Zwarich.
2096 - fix mistaken change of | to || which caused a big perf regression on EarleyBoyer
2100 2008-10-02 Darin Adler <darin@apple.com>
2102 Reviewed by Geoff Garen.
2104 - https://bugs.webkit.org/show_bug.cgi?id=21321
2105 Bug 21321: speed up JavaScriptCore by inlining Heap in JSGlobalData
2107 1.019x as fast on SunSpider.
2110 (JSEvaluateScript): Use heap. instead of heap-> to work with the heap.
2111 (JSCheckScriptSyntax): Ditto.
2112 (JSGarbageCollect): Ditto.
2113 (JSReportExtraMemoryCost): Ditto.
2114 * API/JSContextRef.cpp:
2115 (JSGlobalContextRetain): Ditto.
2116 (JSGlobalContextRelease): Destroy the heap with the destroy function instead
2117 of the delete operator.
2118 (JSContextGetGlobalObject): Use heap. instead of heap-> to work with the heap.
2119 * API/JSObjectRef.cpp:
2120 (JSObjectMake): Use heap. instead of heap-> to work with the heap.
2121 (JSObjectMakeFunctionWithCallback): Ditto.
2122 (JSObjectMakeConstructor): Ditto.
2123 (JSObjectMakeFunction): Ditto.
2124 (JSObjectMakeArray): Ditto.
2125 (JSObjectMakeDate): Ditto.
2126 (JSObjectMakeError): Ditto.
2127 (JSObjectMakeRegExp): Ditto.
2128 (JSObjectHasProperty): Ditto.
2129 (JSObjectGetProperty): Ditto.
2130 (JSObjectSetProperty): Ditto.
2131 (JSObjectGetPropertyAtIndex): Ditto.
2132 (JSObjectSetPropertyAtIndex): Ditto.
2133 (JSObjectDeleteProperty): Ditto.
2134 (JSObjectCallAsFunction): Ditto.
2135 (JSObjectCallAsConstructor): Ditto.
2136 (JSObjectCopyPropertyNames): Ditto.
2137 (JSPropertyNameAccumulatorAddName): Ditto.
2138 * API/JSValueRef.cpp:
2139 (JSValueIsEqual): Ditto.
2140 (JSValueIsInstanceOfConstructor): Ditto.
2141 (JSValueMakeNumber): Ditto.
2142 (JSValueMakeString): Ditto.
2143 (JSValueToNumber): Ditto.
2144 (JSValueToStringCopy): Ditto.
2145 (JSValueToObject): Ditto.
2146 (JSValueProtect): Ditto.
2147 (JSValueUnprotect): Ditto.
2150 (JSC::ExecState::heap): Update to use the & operator.
2152 * kjs/JSGlobalData.cpp:
2153 (JSC::JSGlobalData::JSGlobalData): Update to initialize a heap member
2154 instead of calling new to make a heap.
2155 (JSC::JSGlobalData::~JSGlobalData): Destroy the heap with the destroy
2156 function instead of the delete operator.
2157 * kjs/JSGlobalData.h: Change from Heap* to a Heap.
2158 * kjs/JSGlobalObject.cpp:
2159 (JSC::JSGlobalObject::mark): Use the & operator here.
2160 (JSC::JSGlobalObject::operator new): Use heap. instead of heap-> to work
2163 2008-10-02 Cameron Zwarich <zwarich@apple.com>
2165 Reviewed by Geoff Garen.
2167 Bug 21317: Replace RegisterFile size and capacity information with Register pointers
2168 <https://bugs.webkit.org/show_bug.cgi?id=21317>
2170 This is a 2.3% speedup on the V8 DeltaBlue benchmark, a 3.3% speedup on
2171 the V8 Raytrace benchmark, and a 1.0% speedup on SunSpider.
2174 (JSC::slideRegisterWindowForCall):
2175 (JSC::Machine::callEval):
2176 (JSC::Machine::execute):
2177 (JSC::Machine::privateExecute):
2178 (JSC::Machine::cti_op_call_JSFunction):
2179 (JSC::Machine::cti_op_construct_JSConstruct):
2180 * VM/RegisterFile.cpp:
2181 (JSC::RegisterFile::~RegisterFile):
2182 * VM/RegisterFile.h:
2183 (JSC::RegisterFile::RegisterFile):
2184 (JSC::RegisterFile::start):
2185 (JSC::RegisterFile::end):
2186 (JSC::RegisterFile::size):
2187 (JSC::RegisterFile::shrink):
2188 (JSC::RegisterFile::grow):
2189 (JSC::RegisterFile::lastGlobal):
2190 (JSC::RegisterFile::markGlobals):
2191 (JSC::RegisterFile::markCallFrames):
2192 * kjs/JSGlobalObject.cpp:
2193 (JSC::JSGlobalObject::copyGlobalsTo):
2195 2008-10-02 Cameron Zwarich <zwarich@apple.com>
2197 Rubber-stamped by Darin Adler.
2199 Change bitwise operations introduced in r37166 to boolean operations. We
2200 only use bitwise operations over boolean operations for increasing
2201 performance in extremely hot code, but that does not apply to anything
2206 2008-10-02 Gavin Barraclough <barraclough@apple.com>
2208 Reviewed by Darin Adler.
2210 Fix for bug #21232 - should reset m_isPendingDash on flush,
2211 and should allow '\-' as beginning or end of a range (though
2212 not to specifiy a range itself).
2215 * wrec/CharacterClassConstructor.cpp:
2216 (JSC::CharacterClassConstructor::put):
2217 (JSC::CharacterClassConstructor::flush):
2218 * wrec/CharacterClassConstructor.h:
2219 (JSC::CharacterClassConstructor::flushBeforeEscapedHyphen):
2221 (JSC::WRECGenerator::generateDisjunction):
2222 (JSC::WRECParser::parseCharacterClass):
2223 (JSC::WRECParser::parseDisjunction):
2226 2008-10-02 Darin Adler <darin@apple.com>
2228 Reviewed by Sam Weinig.
2230 - remove the "static" from declarations in a header file, since we
2231 don't want them to have internal linkage
2233 * VM/Machine.h: Remove the static keyword from the constant and the
2234 three inline functions that Geoff just moved here.
2236 2008-10-02 Geoffrey Garen <ggaren@apple.com>
2238 Reviewed by Sam Weinig.
2240 Fixed https://bugs.webkit.org/show_bug.cgi?id=21283.
2241 Profiler Crashes When Started
2245 (JSC::makeHostCallFramePointer):
2246 (JSC::isHostCallFrame):
2247 (JSC::stripHostCallFrameBit): Moved some things to the header so
2248 JSGlobalObject could use them.
2250 * kjs/JSGlobalObject.h:
2251 (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Call the
2252 new makeHostCallFramePointer API, since 0 no longer indicates a host
2255 2008-10-02 Alexey Proskuryakov <ap@webkit.org>
2257 Reviewed by Darin Adler.
2259 https://bugs.webkit.org/show_bug.cgi?id=21304
2260 Stop using a static wrapper map for WebCore JS bindings
2262 * kjs/JSGlobalData.cpp:
2263 (JSC::JSGlobalData::JSGlobalData):
2264 (JSC::JSGlobalData::~JSGlobalData):
2265 (JSC::JSGlobalData::ClientData::~ClientData):
2266 * kjs/JSGlobalData.h:
2267 Added a client data member to JSGlobalData. WebCore will use it to store bindings-related
2270 * JavaScriptCore.exp: Export virtual ClientData destructor.
2272 2008-10-02 Geoffrey Garen <ggaren@apple.com>
2276 Try to fix Qt build.
2280 2008-10-01 Geoffrey Garen <ggaren@apple.com>
2282 Reviewed by Darin Adler and Cameron Zwarich.
2284 Preliminary step toward dynamic recompilation: Standardized and
2285 simplified the parsing interface.
2287 The main goal in this patch is to make it easy to ask for a duplicate
2288 compilation, and get back a duplicate result -- same source URL, same
2289 debugger / profiler ID, same toString behavior, etc.
2291 The basic unit of compilation and evaluation is now SourceCode, which
2292 encompasses a SourceProvider, a range in that provider, and a starting
2295 A SourceProvider now encompasses a source URL, and *is* a source ID,
2296 since a pointer is a unique identifier.
2300 (JSCheckScriptSyntax): Provide a SourceCode to the Interpreter, since
2301 other APIs are no longer supported.
2304 (JSC::EvalCodeCache::get): Provide a SourceCode to the Interpreter, since
2305 other APIs are no longer supported.
2306 (JSC::CodeBlock::CodeBlock): ASSERT something that used to be ASSERTed
2307 by our caller -- this is a better bottleneck.
2309 * VM/CodeGenerator.cpp:
2310 (JSC::CodeGenerator::CodeGenerator): Updated for the fact that
2311 FunctionBodyNode's parameters are no longer a WTF::Vector.
2313 * kjs/Arguments.cpp:
2314 (JSC::Arguments::Arguments): ditto
2316 * kjs/DebuggerCallFrame.cpp:
2317 (JSC::DebuggerCallFrame::evaluate): Provide a SourceCode to the Parser,
2318 since other APIs are no longer supported.
2320 * kjs/FunctionConstructor.cpp:
2321 (JSC::constructFunction): Provide a SourceCode to the Parser, since
2322 other APIs are no longer supported. Adopt FunctionBodyNode's new
2323 "finishParsing" API.
2325 * kjs/JSFunction.cpp:
2326 (JSC::JSFunction::lengthGetter):
2327 (JSC::JSFunction::getParameterName): Updated for the fact that
2328 FunctionBodyNode's parameters are no longer a wtf::Vector.
2330 * kjs/JSFunction.h: Nixed some cruft.
2332 * kjs/JSGlobalObjectFunctions.cpp:
2333 (JSC::globalFuncEval): Provide a SourceCode to the Parser, since
2334 other APIs are no longer supported.
2337 (JSC::Parser::parse): Require a SourceCode argument, instead of a bunch
2338 of broken out parameters. Stop tracking sourceId as an integer, since we
2339 use the SourceProvider pointer for this now. Don't clamp the
2340 startingLineNumber, since SourceCode does that now.
2343 (JSC::Parser::parse): Standardized the parsing interface to require a
2349 (prettyPrintScript):
2351 (runInteractive): Provide a SourceCode to the Interpreter, since
2352 other APIs are no longer supported.
2354 * kjs/SourceProvider.h:
2355 (JSC::SourceProvider::SourceProvider):
2356 (JSC::SourceProvider::url):
2357 (JSC::SourceProvider::asId):
2358 (JSC::UStringSourceProvider::create):
2359 (JSC::UStringSourceProvider::UStringSourceProvider): Added new
2360 responsibilities described above.
2362 * kjs/SourceRange.h:
2363 (JSC::SourceCode::SourceCode):
2364 (JSC::SourceCode::toString):
2365 (JSC::SourceCode::provider):
2366 (JSC::SourceCode::firstLine):
2367 (JSC::SourceCode::data):
2368 (JSC::SourceCode::length): Added new responsibilities described above.
2369 Renamed SourceRange to SourceCode, based on review feedback. Added
2370 a makeSource function for convenience.
2372 * kjs/debugger.h: Provide a SourceCode to the client, since other APIs
2373 are no longer supported.
2375 * kjs/grammar.y: Provide startingLineNumber when creating a SourceCode.
2377 * kjs/debugger.h: Treat sourceId as intptr_t to avoid loss of precision
2380 * kjs/interpreter.cpp:
2381 (JSC::Interpreter::checkSyntax):
2382 (JSC::Interpreter::evaluate):
2383 * kjs/interpreter.h: Require a SourceCode instead of broken out arguments.
2386 (JSC::Lexer::setCode):
2388 (JSC::Lexer::sourceRange): Fold together the SourceProvider and line number
2389 into a SourceCode. Fixed a bug where the Lexer would accidentally keep
2390 alive the last SourceProvider forever.
2393 (JSC::ScopeNode::ScopeNode):
2394 (JSC::ProgramNode::ProgramNode):
2395 (JSC::ProgramNode::create):
2396 (JSC::EvalNode::EvalNode):
2397 (JSC::EvalNode::generateCode):
2398 (JSC::EvalNode::create):
2399 (JSC::FunctionBodyNode::FunctionBodyNode):
2400 (JSC::FunctionBodyNode::finishParsing):
2401 (JSC::FunctionBodyNode::create):
2402 (JSC::FunctionBodyNode::generateCode):
2403 (JSC::ProgramNode::generateCode):
2404 (JSC::FunctionBodyNode::paramString):
2407 (JSC::ScopeNode::sourceId):
2408 (JSC::FunctionBodyNode::):
2409 (JSC::FunctionBodyNode::parameterCount):
2410 (JSC::FuncExprNode::):
2411 (JSC::FuncDeclNode::): Store a SourceCode in all ScopeNodes, since
2412 SourceCode is now responsible for tracking URL, ID, etc. Streamlined
2413 some ad hoc FunctionBodyNode fixups into a "finishParsing" function, to
2414 help make clear what you need to do in order to finish parsing a
2418 (WTF::::releaseBuffer): Don't ASSERT that releaseBuffer() is only called
2419 when buffer is not 0, since FunctionBodyNode is more than happy
2420 to get back a 0 buffer, and other functions like RefPtr::release() allow
2423 2008-10-01 Cameron Zwarich <zwarich@apple.com>
2425 Reviewed by Maciej Stachowiak.
2427 Bug 21289: REGRESSION (r37160): Inspector crashes on load
2428 <https://bugs.webkit.org/show_bug.cgi?id=21289>
2430 The code in Arguments::mark() in r37160 was wrong. It marks indices in
2431 d->registers, but that makes no sense (they are local variables, not
2432 arguments). It should mark those indices in d->registerArray instead.
2434 This patch also changes Arguments::copyRegisters() to use d->numParameters
2435 instead of recomputing it.
2437 * kjs/Arguments.cpp:
2438 (JSC::Arguments::mark):
2440 (JSC::Arguments::copyRegisters):
2442 2008-09-30 Darin Adler <darin@apple.com>
2444 Reviewed by Eric Seidel.
2446 - https://bugs.webkit.org/show_bug.cgi?id=21214
2447 work on getting rid of ExecState
2449 Eliminate some unneeded uses of dynamicGlobalObject.
2451 * API/JSClassRef.cpp:
2452 (OpaqueJSClass::contextData): Changed to use a map in the global data instead
2453 of on the global object. Also fixed to use only a single hash table lookup.
2455 * API/JSObjectRef.cpp:
2456 (JSObjectMakeConstructor): Use lexicalGlobalObject rather than dynamicGlobalObject
2457 to get the object prototype.
2459 * kjs/ArrayPrototype.cpp:
2460 (JSC::arrayProtoFuncToString): Use arrayVisitedElements set in global data rather
2461 than in the global object.
2462 (JSC::arrayProtoFuncToLocaleString): Ditto.
2463 (JSC::arrayProtoFuncJoin): Ditto.
2465 * kjs/JSGlobalData.cpp:
2466 (JSC::JSGlobalData::JSGlobalData): Don't initialize opaqueJSClassData, since
2467 it's no longer a pointer.
2468 (JSC::JSGlobalData::~JSGlobalData): We still need to delete all the values, but
2469 we don't need to delete the map since it's no longer a pointer.
2471 * kjs/JSGlobalData.h: Made opaqueJSClassData a map instead of a pointer to a map.
2472 Also added arrayVisitedElements.
2474 * kjs/JSGlobalObject.h: Removed arrayVisitedElements.
2477 (functionRun): Use lexicalGlobalObject instead of dynamicGlobalObject.
2478 (functionLoad): Ditto.
2480 2008-10-01 Cameron Zwarich <zwarich@apple.com>
2484 Speculative Windows build fix.
2488 2008-10-01 Cameron Zwarich <zwarich@apple.com>
2490 Reviewed by Darin Adler.
2492 Bug 21123: using "arguments" in a function should not force creation of an activation object
2493 <https://bugs.webkit.org/show_bug.cgi?id=21123>
2495 Make the 'arguments' object not require a JSActivation. We store the
2496 'arguments' object in the OptionalCalleeArguments call frame slot. We
2497 need to be able to get the original 'arguments' object to tear it off
2498 when returning from a function, but 'arguments' may be assigned to in a
2501 Therefore, we use the OptionalCalleeArguments slot when we want to get
2502 the original activation or we know that 'arguments' was not assigned a
2503 different value. When 'arguments' may have been assigned a new value,
2504 we use a new local variable that is initialized with 'arguments'. Since
2505 a function parameter named 'arguments' may overwrite the value of
2506 'arguments', we also need to be careful to look up 'arguments' in the
2507 symbol table, so we get the parameter named 'arguments' instead of the
2508 local variable that we have added for holding the 'arguments' object.
2510 This is a 19.1% win on the V8 Raytrace benchmark using the SunSpider
2511 harness, and a 20.7% win using the V8 harness. This amounts to a 6.5%
2512 total speedup on the V8 benchmark suite using the V8 harness.
2515 (JSC::CTI::privateCompileMainPass):
2517 * VM/CodeGenerator.cpp:
2518 (JSC::CodeGenerator::CodeGenerator):
2520 (JSC::Machine::unwindCallFrame):
2521 (JSC::Machine::privateExecute):
2522 (JSC::Machine::retrieveArguments):
2523 (JSC::Machine::cti_op_init_arguments):
2524 (JSC::Machine::cti_op_ret_activation_arguments):
2526 * VM/RegisterFile.h:
2527 (JSC::RegisterFile::):
2528 * kjs/Arguments.cpp:
2529 (JSC::Arguments::mark):
2530 (JSC::Arguments::fillArgList):
2531 (JSC::Arguments::getOwnPropertySlot):
2532 (JSC::Arguments::put):
2534 (JSC::Arguments::setRegisters):
2535 (JSC::Arguments::init):
2536 (JSC::Arguments::Arguments):
2537 (JSC::Arguments::copyRegisters):
2538 (JSC::JSActivation::copyRegisters):
2539 * kjs/JSActivation.cpp:
2540 (JSC::JSActivation::argumentsGetter):
2541 * kjs/JSActivation.h:
2542 (JSC::JSActivation::JSActivationData::JSActivationData):
2545 (JSC::ScopeNode::setUsesArguments):
2546 * masm/X86Assembler.h:
2547 (JSC::X86Assembler::):
2548 (JSC::X86Assembler::orl_mr):
2550 2008-10-01 Kevin McCullough <kmccullough@apple.com>
2552 Rubberstamped by Geoff Garen.
2554 Remove BreakpointCheckStatement because it's not used anymore.
2555 No effect on sunspider or the jsc tests.
2560 2008-09-30 Oliver Hunt <oliver@apple.com>
2562 Reviewed by Geoff Garen.
2564 Improve performance of CTI on windows.
2566 Currently on platforms where the compiler doesn't allow us to safely
2567 index relative to the address of a parameter we need to actually
2568 provide a pointer to CTI runtime call arguments. This patch improves
2569 performance in this case by making the CTI logic for restoring this
2570 parameter much less conservative by only resetting it before we actually
2571 make a call, rather than between each and every SF bytecode we generate
2574 This results in a 3.6% progression on the v8 benchmark when compiled with MSVC.
2577 (JSC::CTI::emitCall):
2578 (JSC::CTI::compileOpCall):
2579 (JSC::CTI::privateCompileMainPass):
2580 (JSC::CTI::privateCompileSlowCases):
2581 (JSC::CTI::privateCompilePutByIdTransition):
2583 * masm/X86Assembler.h:
2586 2008-09-30 Maciej Stachowiak <mjs@apple.com>
2588 Reviewed by Oliver Hunt.
2590 - track uses of "this", "with" and "catch" in the parser
2592 Knowing this up front will be useful for future optimizations.
2594 Perf and correctness remain the same.
2599 2008-09-30 Sam Weinig <sam@webkit.org>
2601 Reviewed by Mark Rowe.
2603 Add WebKitAvailability macros for JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError,
2604 and JSObjectMakeRegExp
2606 * API/JSObjectRef.h:
2608 2008-09-30 Darin Adler <darin@apple.com>
2610 Reviewed by Geoff Garen.
2612 - https://bugs.webkit.org/show_bug.cgi?id=21214
2613 work on getting rid of ExecState
2615 Replaced the m_prev field of ExecState with a bit in the
2616 call frame pointer to indicate "host" call frames.
2619 (JSC::makeHostCallFramePointer): Added. Sets low bit.
2620 (JSC::isHostCallFrame): Added. Checks low bit.
2621 (JSC::stripHostCallFrameBit): Added. Clears low bit.
2622 (JSC::Machine::unwindCallFrame): Replaced null check that was
2623 formerly used to detect host call frames with an isHostCallFrame check.
2624 (JSC::Machine::execute): Pass in a host call frame pointer rather than
2625 always passing 0 when starting execution from the host. This allows us
2626 to follow the entire call frame pointer chain when desired, or to stop
2627 at the host calls when that's desired.
2628 (JSC::Machine::privateExecute): Replaced null check that was
2629 formerly used to detect host call frames with an isHostCallFrame check.
2630 (JSC::Machine::retrieveCaller): Ditto.
2631 (JSC::Machine::retrieveLastCaller): Ditto.
2632 (JSC::Machine::callFrame): Removed the code to walk up m_prev pointers
2633 and replaced it with code that uses the caller pointer and uses the
2634 stripHostCallFrameBit function.
2636 * kjs/ExecState.cpp: Removed m_prev.
2637 * kjs/ExecState.h: Ditto.
2639 2008-09-30 Cameron Zwarich <zwarich@apple.com>
2641 Reviewed by Geoff Garen.
2643 Move all detection of 'arguments' in a lexical scope to the parser, in
2644 preparation for fixing
2646 Bug 21123: using "arguments" in a function should not force creation of an activation object
2647 <https://bugs.webkit.org/show_bug.cgi?id=21123>
2649 * VM/CodeGenerator.cpp:
2650 (JSC::CodeGenerator::CodeGenerator):
2654 2008-09-30 Geoffrey Garen <ggaren@apple.com>
2659 (runWithScripts): Fixed indentation.
2661 2008-09-30 Mark Rowe <mrowe@apple.com>
2663 Rubber-stamped by Sam Weinig.
2665 Build fix. Move InternalFunction::classInfo implementation into the .cpp
2666 file to prevent the vtable for InternalFunction being generated as a weak symbol.
2667 Has no effect on SunSpider.
2669 * kjs/InternalFunction.cpp:
2670 (JSC::InternalFunction::classInfo):
2671 * kjs/InternalFunction.h:
2673 2008-09-29 Maciej Stachowiak <mjs@apple.com>
2675 Reviewed by Darin Adler.
2677 - optimize appending a number to a string
2678 https://bugs.webkit.org/show_bug.cgi?id=21203
2680 It's pretty common in real-world code (and on some of the v8
2681 benchmarks) to append a number to a string, so I made this one of
2682 the fast cases, and also added support to UString to do it
2683 directly without allocating a temporary UString.
2685 ~1% speedup on v8 benchmark.
2688 (JSC::jsAddSlowCase): Make this NEVER_INLINE because somehow otherwise
2689 the change is a regression.
2690 (JSC::jsAdd): Handle number + string special case.
2691 (JSC::Machine::cti_op_add): Integrate much of the logic of jsAdd to
2692 avoid exception check in the str + str, num + num and str + num cases.
2694 (JSC::expandedSize): Make this a non-member function, since it needs to be
2695 called in non-member functions but not outside this file.
2696 (JSC::expandCapacity): Ditto.
2697 (JSC::UString::expandCapacity): Call the non-member version.
2698 (JSC::createRep): Helper to make a rep from a char*.
2699 (JSC::UString::UString): Use above helper.
2700 (JSC::concatenate): Guts of concatenating constructor for cases where first
2701 item is a UString::Rep, and second is a UChar* and length, or a char*.
2702 (JSC::UString::append): Implement for cases where first item is a UString::Rep,
2703 and second is an int or double. Sadly duplicates logic of UString::from(int)
2704 and UString::from(double).
2707 2008-09-29 Darin Adler <darin@apple.com>
2709 Reviewed by Sam Weinig.
2711 - https://bugs.webkit.org/show_bug.cgi?id=21214
2712 work on getting rid of ExecState
2714 * JavaScriptCore.exp: Updated since JSGlobalObject::init
2715 no longer takes a parameter.
2718 (JSC::Machine::execute): Removed m_registerFile argument
2719 for ExecState constructors.
2721 * kjs/DebuggerCallFrame.cpp:
2722 (JSC::DebuggerCallFrame::evaluate): Removed globalThisValue
2723 argument for ExecState constructor.
2725 * kjs/ExecState.cpp:
2726 (JSC::ExecState::ExecState): Removed globalThisValue and
2727 registerFile arguments to constructors.
2729 * kjs/ExecState.h: Removed m_globalThisValue and
2730 m_registerFile data members.
2732 * kjs/JSGlobalObject.cpp:
2733 (JSC::JSGlobalObject::init): Removed globalThisValue
2734 argument for ExecState constructor.
2736 * kjs/JSGlobalObject.h:
2737 (JSC::JSGlobalObject::JSGlobalObject): Got rid of parameter
2738 for the init function.
2740 2008-09-29 Geoffrey Garen <ggaren@apple.com>
2742 Rubber-stamped by Cameron Zwarich.
2744 Fixed https://bugs.webkit.org/show_bug.cgi?id=21225
2745 Machine::retrieveLastCaller should check for a NULL codeBlock
2747 In order to crash, you would need to call retrieveCaller in a situation
2748 where you had two host call frames in a row in the register file. I
2749 don't know how to make that happen, or if it's even possible, so I don't
2750 have a test case -- but better safe than sorry!
2753 (JSC::Machine::retrieveLastCaller):
2755 2008-09-29 Geoffrey Garen <ggaren@apple.com>
2757 Reviewed by Cameron Zwarich.
2759 Store the callee ScopeChain, not the caller ScopeChain, in the call frame
2760 header. Nix the "scopeChain" local variable and ExecState::m_scopeChain, and
2761 access the callee ScopeChain through the call frame header instead.
2763 Profit: call + return are simpler, because they don't have to update the
2764 "scopeChain" local variable, or ExecState::m_scopeChain.
2766 Because CTI keeps "r" in a register, reading the callee ScopeChain relative
2767 to "r" can be very fast, in any cases we care to optimize.
2769 0% speedup on empty function call benchmark. (5.5% speedup in bytecode.)
2770 0% speedup on SunSpider. (7.5% speedup on controlflow-recursive.)
2771 2% speedup on SunSpider --v8.
2772 2% speedup on v8 benchmark.
2774 * VM/CTI.cpp: Changed scope chain access to read the scope chain from
2775 the call frame header. Sped up op_ret by changing it not to fuss with
2776 the "scopeChain" local variable or ExecState::m_scopeChain.
2778 * VM/CTI.h: Updated CTI trampolines not to take a ScopeChainNode*
2779 argument, since that's stored in the call frame header now.
2781 * VM/Machine.cpp: Access "scopeChain" and "codeBlock" through new helper
2782 functions that read from the call frame header. Updated functions operating
2783 on ExecState::m_callFrame to account for / take advantage of the fact that
2784 Exec:m_callFrame is now never NULL.
2786 Fixed a bug in op_construct, where it would use the caller's default
2787 object prototype, rather than the callee's, when constructing a new object.
2789 * VM/Machine.h: Made some helper functions available. Removed
2790 ScopeChainNode* arguments to a lot of functions, since the ScopeChainNode*
2791 is now stored in the call frame header.
2793 * VM/RegisterFile.h: Renamed "CallerScopeChain" to "ScopeChain", since
2794 that's what it is now.
2796 * kjs/DebuggerCallFrame.cpp: Updated for change to ExecState signature.
2798 * kjs/ExecState.cpp:
2799 * kjs/ExecState.h: Nixed ExecState::m_callFrame, along with the unused
2800 isGlobalObject function.
2802 * kjs/JSGlobalObject.cpp:
2803 * kjs/JSGlobalObject.h: Gave the global object a fake call frame in
2804 which to store the global scope chain, since our code now assumes that
2805 it can always read the scope chain out of the ExecState's call frame.
2807 2008-09-29 Cameron Zwarich <cwzwarich@uwaterloo.ca>
2809 Reviewed by Sam Weinig.
2811 Remove the isActivationObject() virtual method on JSObject and use
2812 StructureID information instead. This should be slightly faster, but
2813 isActivationObject() is only used in assertions and unwinding the stack
2818 (JSC::Machine::unwindCallFrame):
2819 (JSC::Machine::privateExecute):
2820 (JSC::Machine::cti_op_ret_activation):
2821 * kjs/JSActivation.cpp:
2822 * kjs/JSActivation.h:
2825 2008-09-29 Peter Gal <galpeter@inf.u-szeged.hu>
2827 Reviewed and tweaked by Darin Adler.
2829 Fix build for non-all-in-one platforms.
2831 * kjs/StringPrototype.cpp: Added missing ASCIICType.h include.
2833 2008-09-29 Bradley T. Hughes <bradley.hughes@nokia.com>
2835 Reviewed by Simon Hausmann.
2837 Fix compilation with icpc
2843 2008-09-29 Thiago Macieira <thiago.macieira@nokia.com>
2845 Reviewed by Simon Hausmann.
2847 Changed copyright from Trolltech ASA to Nokia.
2849 Nokia acquired Trolltech ASA, assets were transferred on September 26th 2008.
2852 * wtf/qt/MainThreadQt.cpp:
2854 2008-09-29 Simon Hausmann <hausmann@webkit.org>
2856 Reviewed by Lars Knoll.
2858 Don't accidentially install libJavaScriptCore.a for the build inside
2861 * JavaScriptCore.pro:
2863 2008-09-28 Cameron Zwarich <cwzwarich@uwaterloo.ca>
2865 Reviewed by Maciej Stachowiak.
2867 Bug 21200: Allow direct access to 'arguments' without using op_resolve
2868 <https://bugs.webkit.org/show_bug.cgi?id=21200>
2870 Allow fast access to the 'arguments' object by adding an extra slot to
2871 the callframe to store it.
2873 This is a 3.0% speedup on the V8 Raytrace benchmark.
2875 * JavaScriptCore.exp:
2877 (JSC::CTI::privateCompileMainPass):
2879 (JSC::CodeBlock::dump):
2880 * VM/CodeGenerator.cpp:
2881 (JSC::CodeGenerator::CodeGenerator):
2882 (JSC::CodeGenerator::registerFor):
2883 * VM/CodeGenerator.h:
2884 (JSC::CodeGenerator::registerFor):
2886 (JSC::Machine::initializeCallFrame):
2887 (JSC::Machine::dumpRegisters):
2888 (JSC::Machine::privateExecute):
2889 (JSC::Machine::retrieveArguments):
2890 (JSC::Machine::cti_op_call_JSFunction):
2891 (JSC::Machine::cti_op_create_arguments):
2892 (JSC::Machine::cti_op_construct_JSConstruct):
2895 * VM/RegisterFile.h:
2896 (JSC::RegisterFile::):
2897 * kjs/JSActivation.cpp:
2898 (JSC::JSActivation::mark):
2899 (JSC::JSActivation::argumentsGetter):
2900 * kjs/JSActivation.h:
2901 (JSC::JSActivation::JSActivationData::JSActivationData):
2904 (JSC::Parser::didFinishParsing):
2906 (JSC::Parser::parse):
2909 (JSC::ScopeNode::ScopeNode):
2910 (JSC::ProgramNode::ProgramNode):
2911 (JSC::ProgramNode::create):
2912 (JSC::EvalNode::EvalNode):
2913 (JSC::EvalNode::create):
2914 (JSC::FunctionBodyNode::FunctionBodyNode):
2915 (JSC::FunctionBodyNode::create):
2917 (JSC::ScopeNode::usesArguments):
2919 2008-09-28 Mark Rowe <mrowe@apple.com>
2921 Reviewed by Sam Weinig.
2923 Add an ASCII fast-path to toLowerCase and toUpperCase.
2925 The fast path speeds up the common case of an ASCII-only string by up to 60% while adding a less than 5% penalty
2926 to the less common non-ASCII case.
2928 This also removes stringProtoFuncToLocaleLowerCase and stringProtoFuncToLocaleUpperCase, which were identical
2929 to the non-locale variants of the functions. toLocaleLowerCase and toLocaleUpperCase now use the non-locale
2930 variants of the functions directly.
2932 * kjs/StringPrototype.cpp:
2933 (JSC::stringProtoFuncToLowerCase):
2934 (JSC::stringProtoFuncToUpperCase):
2936 2008-09-28 Mark Rowe <mrowe@apple.com>
2938 Reviewed by Cameron Zwarich.
2940 Speed up parseInt and parseFloat.
2942 Repeatedly indexing into a UString is slow, so retrieve a pointer into the underlying buffer once up front
2943 and use that instead. This is a 7% win on a parseInt/parseFloat micro-benchmark.
2945 * kjs/JSGlobalObjectFunctions.cpp:
2949 2008-09-28 Simon Hausmann <hausmann@webkit.org>
2951 Reviewed by David Hyatt.
2953 In Qt's initializeThreading re-use an existing thread identifier for the main
2954 thread if it exists.
2956 currentThread() implicitly creates new identifiers and it could be that
2957 it is called before initializeThreading().
2959 * wtf/ThreadingQt.cpp:
2960 (WTF::initializeThreading):
2962 2008-09-27 Keishi Hattori <casey.hattori@gmail.com>
2964 Added Machine::retrieveCaller to the export list.
2966 Reviewed by Kevin McCullough and Tim Hatcher.
2968 * JavaScriptCore.exp: Added Machine::retrieveCaller.
2970 2008-09-27 Anders Carlsson <andersca@apple.com>
2977 2008-09-27 Geoffrey Garen <ggaren@apple.com>
2979 Reviewed by Cameron Zwarich.
2981 https://bugs.webkit.org/show_bug.cgi?id=21175
2983 Store the callee CodeBlock, not the caller CodeBlock, in the call frame
2984 header. Nix the "codeBlock" local variable, and access the callee
2985 CodeBlock through the call frame header instead.
2987 Profit: call + return are simpler, because they don't have to update the
2988 "codeBlock" local variable.
2990 Because CTI keeps "r" in a register, reading the callee CodeBlock relative
2991 to "r" can be very fast, in any cases we care to optimize. Presently,
2992 no such cases seem important.
2994 Also, stop writing "dst" to the call frame header. CTI doesn't use it.
2996 21.6% speedup on empty function call benchmark.
2997 3.8% speedup on SunSpider --v8.
2998 2.1% speedup on v8 benchmark.
2999 0.7% speedup on SunSpider (6% speedup on controlflow-recursive).
3001 Small regression in bytecode, because currently every op_ret reads the
3002 callee CodeBlock to check needsFullScopeChain, and bytecode does not
3003 keep "r" in a register. On-balance, this is probably OK, since CTI is
3004 our high-performance execution model. Also, this should go away once
3005 we make needsFullScopeChain statically determinable at parse time.
3008 (JSC::CTI::compileOpCall): The speedup!
3009 (JSC::CTI::privateCompileSlowCases): ditto
3012 (JSC::): Fixed up magic trampoline constants to account for the nixed
3013 "codeBlock" argument.
3014 (JSC::CTI::execute): Changed trampoline function not to take a "codeBlock"
3015 argument, since codeBlock is now stored in the call frame header.
3017 * VM/Machine.cpp: Read the callee CodeBlock from the register file. Use
3018 a NULL CallerRegisters in the call frame header to signal a built-in
3019 caller, since CodeBlock is now never NULL.
3021 * VM/Machine.h: Made some stand-alone functions Machine member functions
3022 so they could call the private codeBlock() accessor in the Register
3023 class, of which Machine is a friend. Renamed "CallerCodeBlock" to
3024 "CodeBlock", since it's no longer the caller's CodeBlock.
3026 * VM/RegisterFile.h: Marked some methods const to accommodate a
3027 const RegisterFile* being passed around in Machine.cpp.
3029 2008-09-26 Jan Michael Alonzo <jmalonzo@webkit.org>
3031 Gtk build fix. Not reviewed.
3033 Narrow-down the target of the JavaScriptCore .lut.h generator so
3034 it won't try to create the WebCore .lut.hs.
3038 2008-09-26 Matt Lilek <webkit@mattlilek.com>
3040 Reviewed by Tim Hatcher.
3042 Update FEATURE_DEFINES after ENABLE_CROSS_DOCUMENT_MESSAGING was removed.
3044 * Configurations/JavaScriptCore.xcconfig:
3046 2008-09-26 Cameron Zwarich <cwzwarich@uwaterloo.ca>
3048 Rubber-stamped by Anders Carlson.
3050 Change the name 'sc' to 'scopeChainNode' in a few places.
3053 (JSC::EvalNode::generateCode):
3054 (JSC::FunctionBodyNode::generateCode):
3055 (JSC::ProgramNode::generateCode):
3057 2008-09-26 Sam Weinig <sam@webkit.org>
3059 Reviewed by Darin Adler.
3061 Patch for https://bugs.webkit.org/show_bug.cgi?id=21152
3062 Speedup static property get/put
3064 Convert getting/setting static property values to use static functions
3065 instead of storing an integer and switching in getValueProperty/putValueProperty.
3068 (JSC::JSObject::deleteProperty):
3069 (JSC::JSObject::getPropertyAttributes):
3070 * kjs/MathObject.cpp:
3071 (JSC::MathObject::getOwnPropertySlot):
3072 * kjs/NumberConstructor.cpp:
3073 (JSC::numberConstructorNaNValue):
3074 (JSC::numberConstructorNegInfinity):
3075 (JSC::numberConstructorPosInfinity):
3076 (JSC::numberConstructorMaxValue):
3077 (JSC::numberConstructorMinValue):
3078 * kjs/PropertySlot.h:
3079 (JSC::PropertySlot::):
3080 * kjs/RegExpConstructor.cpp:
3081 (JSC::regExpConstructorDollar1):
3082 (JSC::regExpConstructorDollar2):
3083 (JSC::regExpConstructorDollar3):
3084 (JSC::regExpConstructorDollar4):
3085 (JSC::regExpConstructorDollar5):
3086 (JSC::regExpConstructorDollar6):
3087 (JSC::regExpConstructorDollar7):
3088 (JSC::regExpConstructorDollar8):
3089 (JSC::regExpConstructorDollar9):
3090 (JSC::regExpConstructorInput):
3091 (JSC::regExpConstructorMultiline):
3092 (JSC::regExpConstructorLastMatch):
3093 (JSC::regExpConstructorLastParen):
3094 (JSC::regExpConstructorLeftContext):
3095 (JSC::regExpConstructorRightContext):
3096 (JSC::setRegExpConstructorInput):
3097 (JSC::setRegExpConstructorMultiline):
3098 (JSC::RegExpConstructor::setInput):
3099 (JSC::RegExpConstructor::setMultiline):
3100 (JSC::RegExpConstructor::multiline):
3101 * kjs/RegExpConstructor.h:
3102 * kjs/RegExpObject.cpp:
3103 (JSC::regExpObjectGlobal):
3104 (JSC::regExpObjectIgnoreCase):
3105 (JSC::regExpObjectMultiline):
3106 (JSC::regExpObjectSource):
3107 (JSC::regExpObjectLastIndex):
3108 (JSC::setRegExpObjectLastIndex):
3109 * kjs/RegExpObject.h:
3110 (JSC::RegExpObject::setLastIndex):
3111 (JSC::RegExpObject::lastIndex):
3112 (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
3113 * kjs/StructureID.cpp:
3114 (JSC::StructureID::getEnumerablePropertyNames):
3115 * kjs/create_hash_table:
3119 (JSC::HashTable::createTable):
3120 (JSC::HashTable::deleteTable):
3121 (JSC::setUpStaticFunctionSlot):
3123 (JSC::HashEntry::initialize):
3124 (JSC::HashEntry::setKey):
3125 (JSC::HashEntry::key):
3126 (JSC::HashEntry::attributes):
3127 (JSC::HashEntry::function):
3128 (JSC::HashEntry::functionLength):
3129 (JSC::HashEntry::propertyGetter):
3130 (JSC::HashEntry::propertyPutter):
3131 (JSC::HashEntry::lexerValue):
3133 (JSC::HashTable::entry):
3134 (JSC::getStaticPropertySlot):
3135 (JSC::getStaticValueSlot):
3138 2008-09-26 Gavin Barraclough <barraclough@apple.com>
3140 Reviewed by Maciej Stachowiak & Oliver Hunt.
3142 Add support for reusing temporary JSNumberCells. This change is based on the observation
3143 that if the result of certain operations is a JSNumberCell and is consumed by a subsequent
3144 operation that would produce a JSNumberCell, we can reuse the object rather than allocating
3145 a fresh one. E.g. given the expression ((a * b) * c), we can statically determine that
3146 (a * b) will have a numeric result (or else it will have thrown an exception), so the result
3147 will either be a JSNumberCell or a JSImmediate.
3149 This patch changes three areas of JSC:
3150 * The AST now tracks type information about the result of each node.
3151 * This information is consumed in bytecode compilation, and certain bytecode operations
3152 now carry the statically determined type information about their operands.
3153 * CTI uses the information in a number of fashions:
3154 * Where an operand to certain arithmetic operations is reusable, it will plant code
3155 to try to perform the operation in JIT code & reuse the cell, where appropriate.
3156 * Where it can be statically determined that an operand can only be numeric (typically
3157 the result of another arithmetic operation) the code will not redundantly check that
3158 the JSCell is a JSNumberCell.
3159 * Where either of the operands to an add are non-numeric do not plant an optimized
3160 arithmetic code path, just call straight out to the C function.
3162 +6% Sunspider (10% progression on 3D, 16% progression on math, 60% progression on access-nbody),
3163 +1% v8-tests (improvements in raytrace & crypto)
3165 * VM/CTI.cpp: Add optimized code generation with reuse of temporary JSNumberCells.
3167 * kjs/JSNumberCell.h:
3168 * masm/X86Assembler.h:
3170 * VM/CodeBlock.cpp: Add type information to specific bytecodes.
3171 * VM/CodeGenerator.cpp:
3172 * VM/CodeGenerator.h:
3175 * kjs/nodes.cpp: Track static type information for nodes.
3177 * kjs/ResultDescriptor.h: (Added)
3178 * JavaScriptCore.xcodeproj/project.pbxproj:
3180 2008-09-26 Yichao Yin <yichao.yin@torchmobile.com.cn>
3182 Reviewed by George Staikos, Maciej Stachowiak.
3184 Add utility functions needed for upcoming WML code.
3187 (WTF::isASCIIPrintable):
3189 2008-09-26 Geoffrey Garen <ggaren@apple.com>
3191 Reviewed by Darin Adler.
3193 Reverted the part of r36614 that used static data because static data
3196 2008-09-26 Geoffrey Garen <ggaren@apple.com>
3198 Reviewed by Maciej Stachowiak.
3200 Removed dynamic check for whether the callee needs an activation object.
3201 Replaced with callee code to create the activation object.
3203 0.5% speedup on SunSpider.
3204 No change on v8 benchmark. (Might be a speedup, but it's in range of the
3207 0.7% speedup on v8 benchmark in bytecode.
3208 1.3% speedup on empty call benchmark in bytecode.
3211 (JSC::CTI::privateCompileMainPass): Added support for op_init_activation,
3212 the new opcode that specifies that the callee's initialization should
3213 create an activation object.
3214 (JSC::CTI::privateCompile): Removed previous code that did a similar
3215 thing in an ad-hoc way.
3218 (JSC::CodeBlock::dump): Added a case for dumping op_init_activation.
3220 * VM/CodeGenerator.cpp:
3221 (JSC::CodeGenerator::generate): Added fixup code to change op_init to
3222 op_init_activation if necessary. (With a better parser, we would know
3223 which to use from the beginning.)
3226 (JSC::Instruction::Instruction):
3227 (WTF::): Faster traits for the instruction vector. An earlier version
3228 of this patch relied on inserting at the beginning of the vector, and
3229 depended on this change for speed.
3232 (JSC::Machine::execute): Removed clients of setScopeChain, the old
3233 abstraction for dynamically checking for whether an activation object
3234 needed to be created.
3235 (JSC::Machine::privateExecute): ditto
3237 (JSC::Machine::cti_op_push_activation): Renamed this function from
3238 cti_vm_updateScopeChain, and made it faster by removing the call to
3242 * VM/Opcode.h: Declared op_init_activation.
3244 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3246 Reviewed by Maciej Stachowiak.
3248 Move most of the return code back into the callee, now that the callee
3249 doesn't have to calculate anything dynamically.
3251 11.5% speedup on empty function call benchmark.
3253 SunSpider says 0.3% faster. SunSpider --v8 says no change.
3256 (JSC::CTI::compileOpCall):
3257 (JSC::CTI::privateCompileMainPass):
3258 (JSC::CTI::privateCompileSlowCases):
3260 2008-09-24 Sam Weinig <sam@webkit.org>
3262 Reviewed by Maciej Stachowiak.
3264 Remove staticFunctionGetter. There is only one remaining user of
3265 staticFunctionGetter and it can be converted to use setUpStaticFunctionSlot.
3267 * JavaScriptCore.exp:
3271 2008-09-24 Maciej Stachowiak <mjs@apple.com>
3273 Reviewed by Oliver Hunt.
3275 - inline JIT fast case of op_neq
3276 - remove extra level of function call indirection from slow cases of eq and neq
3278 1% speedup on Richards
3281 (JSC::CTI::privateCompileMainPass):
3282 (JSC::CTI::privateCompileSlowCases):
3284 (JSC::Machine::privateExecute):
3285 (JSC::Machine::cti_op_eq):
3286 (JSC::Machine::cti_op_neq):
3287 * kjs/operations.cpp:
3289 (JSC::equalSlowCase):
3291 (JSC::equalSlowCaseInline):
3293 2008-09-24 Sam Weinig <sam@webkit.org>
3295 Reviewed by Darin Adler.
3297 Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
3298 <rdar://problem/6243534>
3299 Crash below Function.apply when using a runtime array as the argument list
3301 Test: plugins/bindings-array-apply-crash.html
3303 * kjs/FunctionPrototype.cpp:
3304 (JSC::functionProtoFuncApply): Revert to the slow case if the object inherits from
3305 JSArray (via ClassInfo) but is not a JSArray.
3307 2008-09-24 Kevin McCullough <kmccullough@apple.com>
3312 (JSC::statementListEmitCode):
3314 2008-09-24 Kevin McCullough <kmccullough@apple.com>
3318 Bug 21031: Breakpoints in the condition of loops only breaks the first
3320 - Now when setting breakpoints in the condition of a loop (for, while,
3321 for in, and do while) will successfully break each time throught the
3323 - For 'for' loops we need a little more complicated behavior that cannot
3324 be accomplished without some more significant changes:
3325 https://bugs.webkit.org/show_bug.cgi?id=21073
3328 (JSC::statementListEmitCode): We don't want to blindly emit a debug hook
3329 at the first line of loops, instead let the loop emit the debug hooks.
3330 (JSC::DoWhileNode::emitCode):
3331 (JSC::WhileNode::emitCode):
3332 (JSC::ForNode::emitCode):
3333 (JSC::ForInNode::emitCode):
3335 (JSC::StatementNode::):
3336 (JSC::DoWhileNode::):
3340 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3342 Reviewed by Darin Adler.
3344 Fixed <rdar://problem/5605532> Need a SPI for telling JS the size of
3345 the objects it retains
3347 * API/tests/testapi.c: Test the new SPI a little.
3349 * API/JSSPI.cpp: Add the new SPI.
3350 * API/JSSPI.h: Add the new SPI.
3351 * JavaScriptCore.exp: Add the new SPI.
3352 * JavaScriptCore.xcodeproj/project.pbxproj: Add the new SPI.
3354 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3356 Reviewed by Darin Adler.
3358 * API/JSBase.h: Filled in some missing function names.
3360 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3362 Reviewed by Cameron Zwarich.
3364 Fixed https://bugs.webkit.org/show_bug.cgi?id=21057
3365 Crash in RegisterID::deref() running fast/canvas/canvas-putImageData.html
3367 * VM/CodeGenerator.h: Changed declaration order to ensure the
3368 m_lastConstant, which is a RefPtr that points into m_calleeRegisters,
3369 has its destructor called before the destructor for m_calleeRegisters.
3371 2008-09-24 Darin Adler <darin@apple.com>
3373 Reviewed by Sam Weinig.
3375 - https://bugs.webkit.org/show_bug.cgi?id=21047
3376 speed up ret_activation with inlining
3378 About 1% on v8-raytrace.
3380 * JavaScriptCore.exp: Removed JSVariableObject::setRegisters.
3382 * kjs/JSActivation.cpp: Moved copyRegisters to the header to make it inline.
3383 * kjs/JSActivation.h:
3384 (JSC::JSActivation::copyRegisters): Moved here. Also removed the registerArraySize
3385 argument to setRegisters, since the object doesn't need to store the number of
3388 * kjs/JSGlobalObject.cpp:
3389 (JSC::JSGlobalObject::reset): Removed unnecessary clearing left over from when we
3390 used this on objects that weren't brand new. These days, this function is really
3391 just part of the constructor.
3393 * kjs/JSGlobalObject.h: Added registerArraySize to JSGlobalObjectData, since
3394 JSVariableObjectData no longer needs it. Added a setRegisters override here
3395 that handles storing the size.
3397 * kjs/JSStaticScopeObject.h: Removed code to set registerArraySize, since it
3400 * kjs/JSVariableObject.cpp: Moved copyRegisterArray and setRegisters to the
3401 header to make them inline.
3402 * kjs/JSVariableObject.h: Removed registerArraySize from JSVariableObjectData,
3403 since it was only used for the global object.
3404 (JSC::JSVariableObject::copyRegisterArray): Moved here ot make it inline.
3405 (JSC::JSVariableObject::setRegisters): Moved here to make it inline. Also
3406 removed the code to set registerArraySize and changed an if statement into
3407 an assert to save an unnnecessary branch.
3409 2008-09-24 Maciej Stachowiak <mjs@apple.com>
3411 Reviewed by Oliver Hunt.
3413 - inline PropertyMap::getOffset to speed up polymorphic lookups
3415 ~1.5% speedup on v8 benchmark
3416 no effect on SunSpider
3418 * JavaScriptCore.exp:
3419 * kjs/PropertyMap.cpp:
3420 * kjs/PropertyMap.h:
3421 (JSC::PropertyMap::getOffset):
3423 2008-09-24 Jan Michael Alonzo <jmalonzo@webkit.org>
3425 Reviewed by Alp Toker.
3427 https://bugs.webkit.org/show_bug.cgi?id=20992
3428 Build fails on GTK+ Mac OS
3430 * wtf/ThreadingGtk.cpp: Remove platform ifdef as suggested by
3432 (WTF::initializeThreading):
3434 2008-09-23 Oliver Hunt <oliver@apple.com>
3436 Reviewed by Maciej Stachowiak.
3438 Bug 19968: Slow Script at www.huffingtonpost.com
3439 <https://bugs.webkit.org/show_bug.cgi?id=19968>
3441 Finally found the cause of this accursed issue. It is triggered
3442 by synchronous creation of a new global object from JS. The new
3443 global object resets the timer state in this execution group's
3444 Machine, taking timerCheckCount to 0. Then when JS returns the
3445 timerCheckCount is decremented making it non-zero. The next time
3446 we execute JS we will start the timeout counter, however the non-zero
3447 timeoutCheckCount means we don't reset the timer information. This
3448 means that the timeout check is now checking the cumulative time
3449 since the creation of the global object rather than the time since
3450 JS was last entered. At this point the slow script dialog is guaranteed
3451 to eventually be displayed incorrectly unless a page is loaded
3452 asynchronously (which will reset everything into a sane state).
3454 The fix for this is rather trivial -- the JSGlobalObject constructor
3455 should not be resetting the machine timer state.
3458 (JSC::Machine::Machine):
3459 Now that we can't rely on the GlobalObject initialising the timeout
3460 state, we do it in the Machine constructor.
3463 (JSC::Machine::stopTimeoutCheck):
3464 Add assertions to guard against this happening.
3466 * kjs/JSGlobalObject.cpp:
3467 (JSC::JSGlobalObject::init):
3468 Don't reset the timeout state.
3470 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3472 Reviewed by Oliver Hunt.
3474 Fixed https://bugs.webkit.org/show_bug.cgi?id=21038 | <rdar://problem/6240812>
3475 Uncaught exceptions in regex replace callbacks crash webkit
3477 This was a combination of two problems:
3479 (1) the replace function would continue execution after an exception
3482 (2) In some cases, the Machine would return 0 in the case of an exception,
3483 despite the fact that a few clients dereference the Machine's return
3484 value without first checking for an exception.
3487 (JSC::Machine::execute):
3489 ^ Return jsNull() instead of 0 in the case of an exception, since some
3490 clients depend on using our return value.
3492 ^ ASSERT that execution does not continue after an exception has been
3493 thrown, to help catch problems like this in the future.
3495 * kjs/StringPrototype.cpp:
3496 (JSC::stringProtoFuncReplace):
3498 ^ Stop execution if an exception has been thrown.
3500 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3502 Try to fix the windows build.
3505 (JSC::CTI::compileOpCall):
3506 (JSC::CTI::privateCompileMainPass):
3508 2008-09-23 Alp Toker <alp@nuanti.com>
3514 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3516 Reviewed by Darin Adler.
3518 * wtf/Platform.h: Removed duplicate #if.
3520 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3522 Reviewed by Darin Adler.
3524 Changed the layout of the call frame from
3526 { header, parameters, locals | constants, temporaries }
3530 { parameters, header | locals, constants, temporaries }
3532 This simplifies function entry+exit, and enables a number of future
3535 13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
3536 empty call benchmark for CTI.
3538 SunSpider says no change. SunSpider --v8 says 1% faster.
3542 Added a bit of abstraction for calculating whether a register is a
3543 constant, since this patch changes that calculation:
3544 (JSC::CTI::isConstant):
3545 (JSC::CTI::getConstant):
3546 (JSC::CTI::emitGetArg):
3547 (JSC::CTI::emitGetPutArg):
3548 (JSC::CTI::getConstantImmediateNumericArg):
3550 Updated for changes to callframe header location:
3551 (JSC::CTI::emitPutToCallFrameHeader):
3552 (JSC::CTI::emitGetFromCallFrameHeader):
3553 (JSC::CTI::printOpcodeOperandTypes):
3555 Renamed to spite Oliver:
3556 (JSC::CTI::emitInitRegister):
3558 Added an abstraction for emitting a call through a register, so that
3559 calls through registers generate exception info, too:
3560 (JSC::CTI::emitCall):
3562 Updated to match the new callframe header layout, and to support calls
3563 through registers, which have no destination address:
3564 (JSC::CTI::compileOpCall):
3565 (JSC::CTI::privateCompileMainPass):
3566 (JSC::CTI::privateCompileSlowCases):
3567 (JSC::CTI::privateCompile):
3572 (JSC::CallRecord::CallRecord):
3576 Updated for new register layout:
3577 (JSC::registerName):
3578 (JSC::CodeBlock::dump):
3582 Updated CodeBlock to track slightly different information about the
3583 register frame, and tweaked the style
git://git.webkit.org / WebKit.git / blob