2008-10-07 Maciej Stachowiak <mjs@apple.com>

[WebKit.git] / JavaScriptCore / ChangeLog

2008-10-07  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - make constant folding code more consistent
        
        Added a makeSubNode to match add, mult and div; use the makeFooNode functions always,
        instead of allocating nodes directly in other places in the grammar.

        * kjs/grammar.y:

2008-10-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Move hasGetterSetterProperties flag from PropertyMap to StructureID.

        * kjs/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::defineGetter):
        (JSC::JSObject::defineSetter):
        * kjs/JSObject.h:
        (JSC::JSObject::hasGetterSetterProperties):
        (JSC::JSObject::getOwnPropertySlotForWrite):
        (JSC::JSObject::getOwnPropertySlot):
        * kjs/PropertyMap.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        (JSC::StructureID::toDictionaryTransition):
        (JSC::StructureID::changePrototypeTransition):
        (JSC::StructureID::getterSetterTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::hasGetterSetterProperties):
        (JSC::StructureID::setHasGetterSetterProperties):

2008-10-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Roll r37370 back in with bug fixes.

        - PropertyMap::storageSize() should reflect the number of keys + deletedOffsets
          and has nothing to do with the internal deletedSentinel count anymore.

2008-10-07  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Move callframe initialization into JIT code, again.
        
        As a part of the restructuring the second result from functions is now
        returned in edx, allowing the new value of 'r' to be returned via a
        register, and stored to the stack from JIT code, too.

        4.5% progression on v8-tests. (3% in their harness)

        * VM/CTI.cpp:
        (JSC::):
        (JSC::CTI::emitCall):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):
        * VM/CTI.h:
        (JSC::CallRecord::CallRecord):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_resolve_func):
        (JSC::Machine::cti_op_post_inc):
        (JSC::Machine::cti_op_resolve_with_base):
        (JSC::Machine::cti_op_post_dec):
        * VM/Machine.h:
        * kjs/JSFunction.h:
        * kjs/ScopeChain.h:

2008-10-07  Mark Rowe  <mrowe@apple.com>

        Fix typo in method name.

        * wrec/WREC.cpp:
        * wrec/WREC.h:

2008-10-07  Cameron Zwarich  <zwarich@apple.com>

        Rubber-stamped by Mark Rowe.

        Roll out r37370.

2008-10-06  Sam Weinig  <sam@webkit.org>

        Reviewed by Cameron Zwarich.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21415
        Improve the division between PropertyStorageArray and PropertyMap

        - Rework ProperyMap to store offsets in the value so that they don't
          change when rehashing.  This allows us not to have to keep the 
          PropertyStorageArray in sync and thus not have to pass it in.
        - Rename PropertyMap::getOffset -> PropertyMap::get since put/remove
          now also return offsets.
        - A Vector of deleted offsets is now needed since the storage is out of
          band.

        1% win on SunSpider.  Wash on V8 suite.

        * JavaScriptCore.exp:
        * VM/CTI.cpp:
        (JSC::transitionWillNeedStorageRealloc):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        Transition logic can be greatly simplified by the fact that
        the storage capacity is always known, and is correct for the
        inline case.
        * kjs/JSObject.cpp:
        (JSC::JSObject::put): Rename getOffset -> get.
        (JSC::JSObject::deleteProperty): Ditto.
        (JSC::JSObject::getPropertyAttributes): Ditto.
        (JSC::JSObject::removeDirect): Use returned offset to
        clear the value in the PropertyNameArray.
        (JSC::JSObject::allocatePropertyStorage): Add assert.
        * kjs/JSObject.h:
        (JSC::JSObject::getDirect): Rename getOffset -> get
        (JSC::JSObject::getDirectLocation): Rename getOffset -> get
        (JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
        or not to resize.  Also, since put now returns an offset (and thus 
        addPropertyTransition does also) setting of the PropertyStorageArray is
        now done here.
        (JSC::JSObject::transitionTo):
        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer 
        passed in.
        (JSC::PropertyMap::operator=): Copy the delete offsets vector.
        (JSC::PropertyMap::put): Instead of setting the PropertyNameArray
        explicitly, return the offset where the value should go.
        (JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
        explicitly, return the offset where the value should be removed.
        (JSC::PropertyMap::get): Switch to using the stored offset, instead
        of the implicit one.
        (JSC::PropertyMap::insert):
        (JSC::PropertyMap::expand): This is never called when m_table is null,
        so remove that branch and add it as an assertion.
        (JSC::PropertyMap::createTable): Consistency checks no longer take
        a PropertyNameArray.
        (JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
        now that it is completely out of band.
        * kjs/PropertyMap.h:
        (JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
        (JSC::PropertyMap::get): Switch to using the stored offset, instead
        of the implicit one.
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID): Initialize the propertyStorageCapacity to 
        JSObject::inlineStorageCapacity.
        (JSC::StructureID::growPropertyStorageCapacity): Grow the storage capacity as
        described below.
        (JSC::StructureID::addPropertyTransition): Copy the storage capacity.
        (JSC::StructureID::toDictionaryTransition): Ditto.
        (JSC::StructureID::changePrototypeTransition): Ditto.
        (JSC::StructureID::getterSetterTransition): Ditto.
        * kjs/StructureID.h:
        (JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
        which is the current capacity for the JSObjects PropertyStorageArray.
        It starts at the JSObject::inlineStorageCapacity (currently 2), then
        when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
        (currently 16), and after that doubles each time.

2008-10-06  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 21396: Remove the OptionalCalleeActivation call frame slot
        <https://bugs.webkit.org/show_bug.cgi?id=21396>

        Remove the OptionalCalleeActivation call frame slot. We have to be
        careful to store the activation object in a register, because objects
        in the scope chain do not get marked.

        This is a 0.3% speedup on both SunSpider and the V8 benchmark.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::emitReturn):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_push_activation):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/Machine.h:
        (JSC::Machine::initializeCallFrame):
        * VM/RegisterFile.h:
        (JSC::RegisterFile::):

2008-10-06  Tony Chang  <tony@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Chromium doesn't use pthreads on windows, so make its use conditional.
        
        Also convert a WORD to a DWORD to avoid a compiler warning.  This
        matches the other methods around it.

        * wtf/ThreadingWin.cpp:
        (WTF::wtfThreadEntryPoint):
        (WTF::ThreadCondition::broadcast):

2008-10-06  Mark Mentovai  <mark@moxienet.com>

        Reviewed by Tim Hatcher.

        Allow ENABLE_DASHBOARD_SUPPORT and ENABLE_MAC_JAVA_BRIDGE to be
        disabled on the Mac.

        https://bugs.webkit.org/show_bug.cgi?id=21333

        * wtf/Platform.h:

2008-10-06  Steve Falkenburg  <sfalken@apple.com>

        https://bugs.webkit.org/show_bug.cgi?id=21416
        Pass 0 for size to VirtualAlloc, as documented by MSDN.
        Identified by Application Verifier.
        
        Reviewed by Darin Adler.

        * kjs/collector.cpp:
        (KJS::freeBlock):

2008-10-06  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Tim Hatcheri and Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=21412
        Bug 21412: Refactor user initiated profile count to be more stable
        - Export UString::from for use with creating the profile title.

        * JavaScriptCore.exp:

2008-10-06  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed. Build fix.
        
        - revert toBoolean changes (r37333 and r37335); need to make WebCore work with these

        * API/JSValueRef.cpp:
        (JSValueToBoolean):
        * ChangeLog:
        * JavaScriptCore.exp:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncFilter):
        (JSC::arrayProtoFuncEvery):
        (JSC::arrayProtoFuncSome):
        * kjs/BooleanConstructor.cpp:
        (JSC::constructBoolean):
        (JSC::callBooleanConstructor):
        * kjs/GetterSetter.h:
        * kjs/JSCell.h:
        (JSC::JSValue::toBoolean):
        * kjs/JSNumberCell.cpp:
        (JSC::JSNumberCell::toBoolean):
        * kjs/JSNumberCell.h:
        * kjs/JSObject.cpp:
        (JSC::JSObject::toBoolean):
        * kjs/JSObject.h:
        * kjs/JSString.cpp:
        (JSC::JSString::toBoolean):
        * kjs/JSString.h:
        * kjs/JSValue.h:
        * kjs/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorMultiline):
        * kjs/RegExpObject.cpp:
        (JSC::RegExpObject::match):
        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncToString):

2008-10-06  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam Weinig.
        
        - optimize op_jtrue, op_loop_if_true and op_not in various ways
        https://bugs.webkit.org/show_bug.cgi?id=21404
        
        1) Make JSValue::toBoolean nonvirtual and completely inline by
        making use of the StructureID type field.
        
        2) Make JSValue::toBoolean not take an ExecState; doesn't need it.
        
        3) Make op_not, op_loop_if_true and op_jtrue not read the
        ExecState (toBoolean doesn't need it any more) and not check
        exceptions (toBoolean can't throw).

        * API/JSValueRef.cpp:
        (JSValueToBoolean):
        * JavaScriptCore.exp:
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_loop_if_true):
        (JSC::Machine::cti_op_not):
        (JSC::Machine::cti_op_jtrue):
        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncFilter):
        (JSC::arrayProtoFuncEvery):
        (JSC::arrayProtoFuncSome):
        * kjs/BooleanConstructor.cpp:
        (JSC::constructBoolean):
        (JSC::callBooleanConstructor):
        * kjs/GetterSetter.h:
        * kjs/JSCell.h:
        (JSC::JSValue::toBoolean):
        * kjs/JSNumberCell.cpp:
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::toBoolean):
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        (JSC::JSObject::toBoolean):
        (JSC::JSCell::toBoolean):
        * kjs/JSString.cpp:
        * kjs/JSString.h:
        (JSC::JSString::toBoolean):
        * kjs/JSValue.h:
        * kjs/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorMultiline):
        * kjs/RegExpObject.cpp:
        (JSC::RegExpObject::match):
        * kjs/RegExpPrototype.cpp:
        (JSC::regExpProtoFuncToString):

2008-10-06  Ariya Hidayat  <ariya.hidayat@trolltech.com>

        Reviewed by Simon.

        Build fix for MinGW.

        * JavaScriptCore.pri:
        * kjs/DateMath.cpp:
        (JSC::highResUpTime):

2008-10-05  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Remove ScopeNode::containsClosures() now that it is unused.

        * kjs/nodes.h:
        (JSC::ScopeNode::containsClosures):

2008-10-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - fix releas-only test failures caused by the fix to bug 21375

        * VM/Machine.cpp:
        (JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
        it now matters more to have a still-valid ExecState, since dynamicGlobalObject
        will make use of the ExecState's scope chain.
        * VM/Machine.h:

2008-10-05  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Oliver Hunt.

        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
        <https://bugs.webkit.org/show_bug.cgi?id=21364>

        Use information from the parser to detect whether an activation is
        needed or 'arguments' is used, and emit explicit instructions to tear
        them off before op_ret. This allows a branch to be removed from op_ret
        and simplifies some other code. This does cause a small change in the
        behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
        mentioned in the lexical scope of the function.

        It should now be easy to remove the OptionaCalleeActivation slot in the
        call frame, but this will be done in a later patch.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitReturn):
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::privateExecute):
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_tear_off_activation):
        (JSC::Machine::cti_op_tear_off_arguments):
        * VM/Machine.h:
        * VM/Opcode.h:
        * kjs/Arguments.cpp:
        (JSC::Arguments::mark):
        * kjs/Arguments.h:
        (JSC::Arguments::isTornOff):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::copyRegisters):
        (JSC::JSActivation::copyRegisters):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::argumentsGetter):
        * kjs/JSActivation.h:

2008-10-05  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - fixed "REGRESSION (r37297): fast/js/deep-recursion-test takes too long and times out"
        https://bugs.webkit.org/show_bug.cgi?id=21375
        
        The problem is that dynamicGlobalObject had become O(N) in number
        of call frames, but unwinding the stack for an exception called it
        for every call frame, resulting in O(N^2) behavior for an
        exception thrown from inside deep recursion.

        Instead of doing it that way, stash the dynamic global object in JSGlobalData.
        
        * JavaScriptCore.exp:
        * VM/Machine.cpp:
        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
        store and later restore a dynamicGlobalObject in JSGlobalData.
        (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
        (JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
        For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
        only if none is currently set.
        * VM/Machine.h:
        * kjs/ExecState.h:
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.
        * kjs/JSGlobalData.h:
        * kjs/JSGlobalObject.h:
        (JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
        Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
        for the one stashed there.

2008-10-05  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Avoid an extra lookup when transitioning to an existing StructureID
        by caching the offset of property that caused the transition.

        1% win on V8 suite.  Wash on SunSpider.

        * kjs/PropertyMap.cpp:
        (JSC::PropertyMap::put):
        * kjs/PropertyMap.h:
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::setCachedTransistionOffset):
        (JSC::StructureID::cachedTransistionOffset):

2008-10-05  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
        <https://bugs.webkit.org/show_bug.cgi?id=21364>

        This patch does not yet remove the branch, but it does a bit of refactoring
        so that a CodeGenerator now knows whether the associated CodeBlock will need
        a full scope before doing any code generation. This makes it possible to emit
        explicit tear-off instructions before every op_ret.

        * VM/CodeBlock.h:
        (JSC::CodeBlock::CodeBlock):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::generate):
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::emitPushScope):
        (JSC::CodeGenerator::emitPushNewScope):
        * kjs/nodes.h:
        (JSC::ScopeNode::needsActivation):

2008-10-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Cameron Zwarich.

        Fix for bug #21387 - using SamplingTool with CTI.

        (1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
        (2) Fix an incusion order problem due to ExecState changes.
        (3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.

        * VM/CTI.h:
        (JSC::CTI::execute):
        * VM/SamplingTool.h:
        (JSC::SamplingTool::privateExecuteReturned):
        * kjs/Shell.cpp:

2008-10-04  Mark Rowe  <mrowe@apple.com>

        Reviewed by Tim Hatcher.

        Add a 'Check For Weak VTables' build phase to catch weak vtables as early as possible.

        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-10-04  Sam Weinig  <sam@webkit.org>

        Reviewed by Oliver Hunt.

        Fix https://bugs.webkit.org/show_bug.cgi?id=21320
        leaks of PropertyNameArrayData seen on buildbot

        - Fix RefPtr cycle by making PropertyNameArrayData's pointer back
          to the StructureID a weak pointer.

        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArrayData::setCachedStructureID):
        (JSC::PropertyNameArrayData::cachedStructureID):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):
        (JSC::StructureID::clearEnumerationCache):
        (JSC::StructureID::~StructureID):

2008-10-04  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - https://bugs.webkit.org/show_bug.cgi?id=21295
          Bug 21295: Replace ExecState with a call frame Register pointer

        10% faster on Richards; other v8 benchmarks faster too.
        A wash on SunSpider.

        This does the minimum necessary to get the speedup. Next step in
        cleaning this up is to replace ExecState with a CallFrame class,
        and be more judicious about when to pass a call frame and when
        to pass a global data pointer, global object pointer, or perhaps
        something else entirely.

        * VM/CTI.cpp: Remove the debug-only check of the exception in
        ctiVMThrowTrampoline -- already checked in the code the trampoline
        jumps to, so not all that useful. Removed the exec argument from
        ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
        (JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
        (JSC::CTI::privateCompileMainPass): Removed code in catch to extract
        the exception from ExecState::m_exception; instead, the code that
        jumps into catch will make sure the exception is already in eax.
        * VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
        non-helpful "volatile". Temporarily left ARG_exec in as a synonym
        for ARG_r; I'll change that on a future cleanup pass when introducing
        more use of the CallFrame type.
        (JSC::CTI::execute): Removed the ExecState* argument.

        * VM/ExceptionHelpers.cpp:
        (JSC::InterruptedExecutionError::InterruptedExecutionError): Take
        JSGlobalData* instead of ExecState*.
        (JSC::createInterruptedExecutionException): Ditto.
        * VM/ExceptionHelpers.h: Ditto. Also removed an unneeded include.

        * VM/Machine.cpp:
        (JSC::slideRegisterWindowForCall): Removed the exec and
        exceptionValue arguments. Changed to return 0 when there's a stack
        overflow rather than using a separate exception argument to cut
        down on memory accesses in the calling convention.
        (JSC::Machine::unwindCallFrame): Removed the exec argument when
        constructing a DebuggerCallFrame. Also removed code to set
        ExecState::m_callFrame.
        (JSC::Machine::throwException): Removed the exec argument when
        construction a DebuggerCallFrame.
        (JSC::Machine::execute): Updated to use the register instead of
        ExecState and also removed various uses of ExecState.
        (JSC::Machine::debug):
        (JSC::Machine::privateExecute): Put globalData into a local
        variable so it can be used throughout the interpreter. Changed
        the VM_CHECK_EXCEPTION to get the exception in globalData instead
        of through ExecState.
        (JSC::Machine::retrieveLastCaller): Turn exec into a registers
        pointer by calling registers() instead of by getting m_callFrame.
        (JSC::Machine::callFrame): Ditto.
        Tweaked exception macros. Made new versions for when you know
        you have an exception. Get at global exception with ARG_globalData.
        Got rid of the need to pass in the return value type.
        (JSC::Machine::cti_op_add): Update to use new version of exception
        macros.
        (JSC::Machine::cti_op_pre_inc): Ditto.
        (JSC::Machine::cti_timeout_check): Ditto.
        (JSC::Machine::cti_op_instanceof): Ditto.
        (JSC::Machine::cti_op_new_func): Ditto.
        (JSC::Machine::cti_op_call_JSFunction): Optimized by using the
        ARG values directly instead of through local variables -- this gets
        rid of code that just shuffles things around in the stack frame.
        Also get rid of ExecState and update for the new way exceptions are
        handled in slideRegisterWindowForCall.
        (JSC::Machine::cti_vm_compile): Update to make exec out of r since
        they are both the same thing now.
        (JSC::Machine::cti_op_call_NotJSFunction): Ditto.
        (JSC::Machine::cti_op_init_arguments): Ditto.
        (JSC::Machine::cti_op_resolve): Ditto.
        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
        (JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
        (JSC::Machine::cti_op_resolve_func): Ditto.
        (JSC::Machine::cti_op_put_by_val): Ditto.
        (JSC::Machine::cti_op_put_by_val_array): Ditto.
        (JSC::Machine::cti_op_resolve_skip): Ditto.
        (JSC::Machine::cti_op_resolve_global): Ditto.
        (JSC::Machine::cti_op_post_inc): Ditto.
        (JSC::Machine::cti_op_resolve_with_base): Ditto.
        (JSC::Machine::cti_op_post_dec): Ditto.
        (JSC::Machine::cti_op_call_eval): Ditto.
        (JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
        the exception value as the return value so it can be used by
        op_catch.
        (JSC::Machine::cti_op_push_scope): Ditto.
        (JSC::Machine::cti_op_in): Ditto.
        (JSC::Machine::cti_op_del_by_val): Ditto.
        (JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
        the exception value as the return value so it can be used by
        op_catch.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::functionName): Pass globalData.
        (JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
        new ExecState.
        * kjs/DebuggerCallFrame.h: Removed ExecState argument from
        constructor.

        * kjs/ExecState.h: Eliminated all data members and made ExecState
        inherit privately from Register instead. Also added a typedef to
        the future name for this class, which is CallFrame. It's just a
        Register* that knows it's a pointer at a call frame. The new class
        can't be constructed or copied. Changed all functions to use
        the this pointer instead of m_callFrame. Changed exception-related
        functions to access an exception in JSGlobalData. Removed functions
        used by CTI to pass the return address to the throw machinery --
        this is now done directly with a global in the global data.

        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncToString): Pass globalData instead of exec.

        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::name): Take globalData instead of exec.
        * kjs/InternalFunction.h: Ditto.

        * kjs/JSGlobalData.cpp: Initialize the new exception global to 0.
        * kjs/JSGlobalData.h: Declare two new globals. One for the current
        exception and another for the return address used by CTI to
        implement the throw operation.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init): Removed code to set up globalExec,
        which is now the same thing as globalCallFrame.
        (JSC::JSGlobalObject::reset): Get globalExec from our globalExec
        function so we don't have to repeat the logic twice.
        (JSC::JSGlobalObject::mark): Removed code to mark the exception;
        the exception is now stored in JSGlobalData and marked there.
        (JSC::JSGlobalObject::globalExec): Return a pointer to the end
        of the global call frame.
        * kjs/JSGlobalObject.h: Removed the globalExec data member.

        * kjs/JSObject.cpp:
        (JSC::JSObject::putDirectFunction): Pass globalData instead of exec.

        * kjs/collector.cpp:
        (JSC::Heap::collect): Mark the global exception.

        * profiler/ProfileGenerator.cpp:
        (JSC::ProfileGenerator::addParentForConsoleStart): Pass globalData
        instead of exec to createCallIdentifier.

        * profiler/Profiler.cpp:
        (JSC::Profiler::willExecute): Pass globalData instead of exec to
        createCallIdentifier.
        (JSC::Profiler::didExecute): Ditto.
        (JSC::Profiler::createCallIdentifier): Take globalData instead of
        exec.
        (JSC::createCallIdentifierFromFunctionImp): Ditto.
        * profiler/Profiler.h: Change interface to take a JSGlobalData
        instead of an ExecState.

2008-10-04  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Darin Adler.

        Bug 21369: Add opcode documentation for all undocumented opcodes
        <https://bugs.webkit.org/show_bug.cgi?id=21369>

        This patch adds opcode documentation for all undocumented opcodes, and
        it also renames op_init_arguments to op_create_arguments.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_create_arguments):
        * VM/Machine.h:
        * VM/Opcode.h:

2008-10-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - "this" object in methods called on primitives should be wrapper object
        https://bugs.webkit.org/show_bug.cgi?id=21362

        I changed things so that functions which use "this" do a fast
        version of toThisObject conversion if needed. Currently we miss
        the conversion entirely, at least for primitive types. Using
        TypeInfo and the primitive check, I made the fast case bail out
        pretty fast.
        
        This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).
     
        Also renamed some opcodes for clarity:
        
        init ==> enter
        init_activation ==> enter_with_activation
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::generate):
        (JSC::CodeGenerator::CodeGenerator):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_convert_this):
        * VM/Machine.h:
        * VM/Opcode.h:
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::JSActivation):
        * kjs/JSActivation.h:
        (JSC::JSActivation::createStructureID):
        * kjs/JSCell.h:
        (JSC::JSValue::needsThisConversion):
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * kjs/JSGlobalData.h:
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::createStructureID):
        * kjs/JSStaticScopeObject.h:
        (JSC::JSStaticScopeObject::JSStaticScopeObject):
        (JSC::JSStaticScopeObject::createStructureID):
        * kjs/JSString.h:
        (JSC::JSString::createStructureID):
        * kjs/JSValue.h:
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::needsThisConversion):
        * kjs/nodes.h:
        (JSC::ScopeNode::usesThis):

2008-10-03  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21356: The size of the RegisterFile differs depending on 32-bit / 64-bit and Debug / Release
        <https://bugs.webkit.org/show_bug.cgi?id=21356>

        The RegisterFile decreases in size (measured in terms of numbers of
        Registers) as the size of a Register increases. This causes

            js1_5/Regress/regress-159334.js

        to fail in 64-bit debug builds. This fix makes the RegisterFile on all
        platforms the same size that it is in 32-bit Release builds.

        * VM/RegisterFile.h:
        (JSC::RegisterFile::RegisterFile):

2008-10-03  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - Some code cleanup to how we handle code features.
        
        1) Rename FeatureInfo typedef to CodeFeatures.
        2) Rename NodeFeatureInfo template to NodeInfo.
        3) Keep CodeFeature bitmask in ScopeNode instead of trying to break it out into individual bools.
        4) Rename misleadingly named "needsClosure" method to "containsClosures", which better describes the meaning
        of ClosureFeature.
        5) Make setUsersArguments() not take an argument since it only goes one way.

        * JavaScriptCore.exp:
        * VM/CodeBlock.h:
        (JSC::CodeBlock::CodeBlock):
        * kjs/NodeInfo.h:
        * kjs/Parser.cpp:
        (JSC::Parser::didFinishParsing):
        * kjs/Parser.h:
        (JSC::Parser::parse):
        * kjs/grammar.y:
        * kjs/nodes.cpp:
        (JSC::ScopeNode::ScopeNode):
        (JSC::ProgramNode::ProgramNode):
        (JSC::ProgramNode::create):
        (JSC::EvalNode::EvalNode):
        (JSC::EvalNode::create):
        (JSC::FunctionBodyNode::FunctionBodyNode):
        (JSC::FunctionBodyNode::create):
        * kjs/nodes.h:
        (JSC::ScopeNode::usesEval):
        (JSC::ScopeNode::containsClosures):
        (JSC::ScopeNode::usesArguments):
        (JSC::ScopeNode::setUsesArguments):

2008-10-03  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
        <https://bugs.webkit.org/show_bug.cgi?id=21343>

        A fix was landed for this issue in r37253, and the ChangeLog assumes
        that it is a compiler bug, but it turns out that it is a subtle issue
        with mixing signed and unsigned 32-bit values in a 64-bit environment.
        In order to properly fix this bug, we should convert our signed offsets
        into the register file to use ptrdiff_t.

        This may not be the only instance of this issue, but I will land this
        fix first and look for more later.

        * VM/Machine.cpp:
        (JSC::Machine::getArgumentsData):
        * VM/Machine.h:
        * kjs/Arguments.cpp:
        (JSC::Arguments::getOwnPropertySlot):
        * kjs/Arguments.h:
        (JSC::Arguments::init):

2008-10-03  Darin Adler  <darin@apple.com>

        * VM/CTI.cpp: Another Windows build fix. Change the args of ctiTrampoline.

        * kjs/JSNumberCell.h: A build fix for newer versions of gcc. Added
        declarations of JSGlobalData overloads of jsNumberCell.

2008-10-03  Darin Adler  <darin@apple.com>

        - try to fix Windows build

        * kjs/ScopeChain.h: Add forward declaration of JSGlobalData.

2008-10-03  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        - next step of https://bugs.webkit.org/show_bug.cgi?id=21295
          Turn ExecState into a call frame pointer.

        Remove m_globalObject and m_globalData from ExecState.

        SunSpider says this is a wash (slightly faster but not statistically
        significant); which is good enough since it's a preparation step and
        not supposed to be a spedup.

        * API/JSCallbackFunction.cpp:
        (JSC::JSCallbackFunction::JSCallbackFunction):
        * kjs/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        * kjs/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        * kjs/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        * kjs/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        * kjs/FunctionPrototype.cpp:
        (JSC::FunctionPrototype::FunctionPrototype):
        * kjs/JSFunction.cpp:
        (JSC::JSFunction::JSFunction):
        * kjs/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * kjs/NumberConstructor.cpp:
        (JSC::NumberConstructor::NumberConstructor):
        * kjs/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::ObjectConstructor):
        * kjs/PrototypeFunction.cpp:
        (JSC::PrototypeFunction::PrototypeFunction):
        * kjs/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::RegExpConstructor):
        * kjs/StringConstructor.cpp:
        (JSC::StringConstructor::StringConstructor):
        Pass JSGlobalData* instead of ExecState* to the InternalFunction
        constructor.

        * API/OpaqueJSString.cpp: Added now-needed include.

        * JavaScriptCore.exp: Updated.

        * VM/CTI.cpp:
        (JSC::CTI::emitSlowScriptCheck): Changed to use ARGS_globalData
        instead of ARGS_exec.

        * VM/CTI.h: Added a new argument to the CTI, the global data pointer.
        While it's possible to get to the global data pointer using the
        ExecState pointer, it's slow enough that it's better to just keep
        it around in the CTI arguments.

        * VM/CodeBlock.h: Moved the CodeType enum here from ExecState.h.

        * VM/Machine.cpp:
        (JSC::Machine::execute): Pass fewer arguments when constructing
        ExecState, and pass the global data pointer when invoking CTI.
        (JSC::Machine::firstCallFrame): Added. Used to get the dynamic global
        object, which is in the scope chain of the first call frame.
        (JSC::Machine::cti_op_add): Use globalData instead of exec when
        possible, to keep fast cases fast, since it's now more expensive to
        get to it through the exec pointer.
        (JSC::Machine::cti_timeout_check): Ditto.
        (JSC::Machine::cti_op_put_by_id_second): Ditto.
        (JSC::Machine::cti_op_get_by_id_second): Ditto.
        (JSC::Machine::cti_op_mul): Ditto.
        (JSC::Machine::cti_vm_compile): Ditto.
        (JSC::Machine::cti_op_get_by_val): Ditto.
        (JSC::Machine::cti_op_sub): Ditto.
        (JSC::Machine::cti_op_put_by_val): Ditto.
        (JSC::Machine::cti_op_put_by_val_array): Ditto.
        (JSC::Machine::cti_op_negate): Ditto.
        (JSC::Machine::cti_op_div): Ditto.
        (JSC::Machine::cti_op_pre_dec): Ditto.
        (JSC::Machine::cti_op_post_inc): Ditto.
        (JSC::Machine::cti_op_lshift): Ditto.
        (JSC::Machine::cti_op_bitand): Ditto.
        (JSC::Machine::cti_op_rshift): Ditto.
        (JSC::Machine::cti_op_bitnot): Ditto.
        (JSC::Machine::cti_op_mod): Ditto.
        (JSC::Machine::cti_op_post_dec): Ditto.
        (JSC::Machine::cti_op_urshift): Ditto.
        (JSC::Machine::cti_op_bitxor): Ditto.
        (JSC::Machine::cti_op_bitor): Ditto.
        (JSC::Machine::cti_op_call_eval): Ditto.
        (JSC::Machine::cti_op_throw): Ditto.
        (JSC::Machine::cti_op_is_string): Ditto.
        (JSC::Machine::cti_op_debug): Ditto.
        (JSC::Machine::cti_vm_throw): Ditto.

        * VM/Machine.h: Added firstCallFrame.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate): Pass fewer arguments when
        constructing ExecState.

        * kjs/ExecState.cpp: Deleted contents. Later we'll remove the
        file altogether.

        * kjs/ExecState.h: Removed m_globalObject and m_globalData.
        Moved CodeType into another header.
        (JSC::ExecState::ExecState): Take only a single argument, a
        call frame pointer.
        (JSC::ExecState::dynamicGlobalObject): Get the object from
        the first call frame since it's no longer stored.
        (JSC::ExecState::globalData): Get the global data from the
        scope chain, since we no longer store a pointer to it here.
        (JSC::ExecState::identifierTable): Ditto.
        (JSC::ExecState::propertyNames): Ditto.
        (JSC::ExecState::emptyList): Ditto.
        (JSC::ExecState::lexer): Ditto.
        (JSC::ExecState::parser): Ditto.
        (JSC::ExecState::machine): Ditto.
        (JSC::ExecState::arrayTable): Ditto.
        (JSC::ExecState::dateTable): Ditto.
        (JSC::ExecState::mathTable): Ditto.
        (JSC::ExecState::numberTable): Ditto.
        (JSC::ExecState::regExpTable): Ditto.
        (JSC::ExecState::regExpConstructorTable): Ditto.
        (JSC::ExecState::stringTable): Ditto.
        (JSC::ExecState::heap): Ditto.

        * kjs/FunctionConstructor.cpp:
        (JSC::FunctionConstructor::FunctionConstructor): Pass
        JSGlobalData* instead of ExecState* to the InternalFunction
        constructor.
        (JSC::constructFunction): Pass the global data pointer when
        constructing a new scope chain.

        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::InternalFunction): Take a JSGlobalData*
        instead of an ExecState*. Later we can change more places to
        work this way -- it's more efficient to take the type you need
        since the caller might already have it.
        * kjs/InternalFunction.h: Ditto.

        * kjs/JSCell.h:
        (JSC::JSCell::operator new): Added an overload that takes a
        JSGlobalData* so you can construct without an ExecState*.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init): Moved creation of the global scope
        chain in here, since it now requires a pointer to the global data.
        Moved the initialization of the call frame in here since it requires
        the global scope chain node. Removed the extra argument to ExecState
        when creating the global ExecState*.
        * kjs/JSGlobalObject.h: Removed initialization of globalScopeChain
        and the call frame from the JSGlobalObjectData constructor. Added
        a thisValue argument to the init function.

        * kjs/JSNumberCell.cpp: Added versions of jsNumberCell that take
        JSGlobalData* rather than ExecState*.
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::operator new): Added a version that takes
        JSGlobalData*.
        (JSC::JSNumberCell::JSNumberCell): Ditto.
        (JSC::jsNumber): Ditto.
        * kjs/JSString.cpp:
        (JSC::jsString): Ditto.
        (JSC::jsSubstring): Ditto.
        (JSC::jsOwnedString): Ditto.
        * kjs/JSString.h:
        (JSC::JSString::JSString): Changed to take JSGlobalData*.
        (JSC::jsEmptyString): Added a version that takes JSGlobalData*.
        (JSC::jsSingleCharacterString): Ditto.
        (JSC::jsSingleCharacterSubstring): Ditto.
        (JSC::jsNontrivialString): Ditto.
        (JSC::JSString::getIndex): Ditto.
        (JSC::jsString): Ditto.
        (JSC::jsSubstring): Ditto.
        (JSC::jsOwnedString): Ditto.

        * kjs/ScopeChain.h: Added a globalData pointer to each node.
        (JSC::ScopeChainNode::ScopeChainNode): Initialize the globalData
        pointer.
        (JSC::ScopeChainNode::push): Set the global data pointer in the
        new node.
        (JSC::ScopeChain::ScopeChain): Take a globalData argument.

        * kjs/SmallStrings.cpp:
        (JSC::SmallStrings::createEmptyString): Take JSGlobalData* instead of
        ExecState*.
        (JSC::SmallStrings::createSingleCharacterString): Ditto.
        * kjs/SmallStrings.h:
        (JSC::SmallStrings::emptyString): Ditto.
        (JSC::SmallStrings::singleCharacterString): Ditto.

2008-10-03  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
        <https://bugs.webkit.org/show_bug.cgi?id=21343>

        Add a workaround for a bug in GCC, which affects GCC 4.0, GCC 4.2, and
        llvm-gcc 4.2. I put it in an #ifdef because it was a slight regression
        on SunSpider in 32-bit, although that might be entirely random.

        * kjs/Arguments.cpp:
        (JSC::Arguments::getOwnPropertySlot):

2008-10-03  Darin Adler  <darin@apple.com>

        Rubber stamped by Alexey Proskuryakov.

        * kjs/Shell.cpp: (main): Don't delete JSGlobalData. Later, we need to change
        this tool to use public JavaScriptCore API instead.

2008-10-03  Darin Adler  <darin@apple.com>

        Suggested by Alexey Proskuryakov.

        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::~JSGlobalData): Remove call to heap.destroy() because
        it's too late to ref the JSGlobalData object once it's already being
        destroyed. In practice this is not a problem because WebCore's JSGlobalData
        is never destroyed and JSGlobalContextRelease takes care of calling
        heap.destroy() in advance.

2008-10-02  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Replace SSE3 check with an SSE2 check, and implement SSE2 check on windows.

        5.6% win on SunSpider on windows.

        * VM/CTI.cpp:
        (JSC::isSSE2Present):
        (JSC::CTI::compileBinaryArithOp):
        (JSC::CTI::compileBinaryArithOpSlowCase):

2008-10-03  Maciej Stachowiak  <mjs@apple.com>

        Rubber stamped by Cameron Zwarich.
        
        - fix mistaken change of | to || which caused a big perf regression on EarleyBoyer

        * kjs/grammar.y:

2008-10-02  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        - https://bugs.webkit.org/show_bug.cgi?id=21321
          Bug 21321: speed up JavaScriptCore by inlining Heap in JSGlobalData

        1.019x as fast on SunSpider.

        * API/JSBase.cpp:
        (JSEvaluateScript): Use heap. instead of heap-> to work with the heap.
        (JSCheckScriptSyntax): Ditto.
        (JSGarbageCollect): Ditto.
        (JSReportExtraMemoryCost): Ditto.
        * API/JSContextRef.cpp:
        (JSGlobalContextRetain): Ditto.
        (JSGlobalContextRelease): Destroy the heap with the destroy function instead
        of the delete operator.
        (JSContextGetGlobalObject): Use heap. instead of heap-> to work with the heap.
        * API/JSObjectRef.cpp:
        (JSObjectMake): Use heap. instead of heap-> to work with the heap.
        (JSObjectMakeFunctionWithCallback): Ditto.
        (JSObjectMakeConstructor): Ditto.
        (JSObjectMakeFunction): Ditto.
        (JSObjectMakeArray): Ditto.
        (JSObjectMakeDate): Ditto.
        (JSObjectMakeError): Ditto.
        (JSObjectMakeRegExp): Ditto.
        (JSObjectHasProperty): Ditto.
        (JSObjectGetProperty): Ditto.
        (JSObjectSetProperty): Ditto.
        (JSObjectGetPropertyAtIndex): Ditto.
        (JSObjectSetPropertyAtIndex): Ditto.
        (JSObjectDeleteProperty): Ditto.
        (JSObjectCallAsFunction): Ditto.
        (JSObjectCallAsConstructor): Ditto.
        (JSObjectCopyPropertyNames): Ditto.
        (JSPropertyNameAccumulatorAddName): Ditto.
        * API/JSValueRef.cpp:
        (JSValueIsEqual): Ditto.
        (JSValueIsInstanceOfConstructor): Ditto.
        (JSValueMakeNumber): Ditto.
        (JSValueMakeString): Ditto.
        (JSValueToNumber): Ditto.
        (JSValueToStringCopy): Ditto.
        (JSValueToObject): Ditto.
        (JSValueProtect): Ditto.
        (JSValueUnprotect): Ditto.

        * kjs/ExecState.h:
        (JSC::ExecState::heap): Update to use the & operator.

        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Update to initialize a heap member
        instead of calling new to make a heap.
        (JSC::JSGlobalData::~JSGlobalData): Destroy the heap with the destroy
        function instead of the delete operator.
        * kjs/JSGlobalData.h: Change from Heap* to a Heap.
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::mark): Use the & operator here.
        (JSC::JSGlobalObject::operator new): Use heap. instead of heap-> to work
        with the heap.

2008-10-02  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Bug 21317: Replace RegisterFile size and capacity information with Register pointers
        <https://bugs.webkit.org/show_bug.cgi?id=21317>

        This is a 2.3% speedup on the V8 DeltaBlue benchmark, a 3.3% speedup on
        the V8 Raytrace benchmark, and a 1.0% speedup on SunSpider.

        * VM/Machine.cpp:
        (JSC::slideRegisterWindowForCall):
        (JSC::Machine::callEval):
        (JSC::Machine::execute):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/RegisterFile.cpp:
        (JSC::RegisterFile::~RegisterFile):
        * VM/RegisterFile.h:
        (JSC::RegisterFile::RegisterFile):
        (JSC::RegisterFile::start):
        (JSC::RegisterFile::end):
        (JSC::RegisterFile::size):
        (JSC::RegisterFile::shrink):
        (JSC::RegisterFile::grow):
        (JSC::RegisterFile::lastGlobal):
        (JSC::RegisterFile::markGlobals):
        (JSC::RegisterFile::markCallFrames):
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::copyGlobalsTo):

2008-10-02  Cameron Zwarich  <zwarich@apple.com>

        Rubber-stamped by Darin Adler.

        Change bitwise operations introduced in r37166 to boolean operations. We
        only use bitwise operations over boolean operations for increasing
        performance in extremely hot code, but that does not apply to anything
        in the parser.

        * kjs/grammar.y:

2008-10-02  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Darin Adler.

        Fix for bug #21232 - should reset m_isPendingDash on flush,
        and should allow '\-' as beginning or end of a range (though
        not to specifiy a range itself).

        * ChangeLog:
        * wrec/CharacterClassConstructor.cpp:
        (JSC::CharacterClassConstructor::put):
        (JSC::CharacterClassConstructor::flush):
        * wrec/CharacterClassConstructor.h:
        (JSC::CharacterClassConstructor::flushBeforeEscapedHyphen):
        * wrec/WREC.cpp:
        (JSC::WRECGenerator::generateDisjunction):
        (JSC::WRECParser::parseCharacterClass):
        (JSC::WRECParser::parseDisjunction):
        * wrec/WREC.h:

2008-10-02  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - remove the "static" from declarations in a header file, since we
          don't want them to have internal linkage

        * VM/Machine.h: Remove the static keyword from the constant and the
        three inline functions that Geoff just moved here.

2008-10-02  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=21283.
        Profiler Crashes When Started

        * VM/Machine.cpp:
        * VM/Machine.h:
        (JSC::makeHostCallFramePointer):
        (JSC::isHostCallFrame):
        (JSC::stripHostCallFrameBit): Moved some things to the header so
        JSGlobalObject could use them.

        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Call the
        new makeHostCallFramePointer API, since 0 no longer indicates a host
        call frame.

2008-10-02  Alexey Proskuryakov  <ap@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=21304
        Stop using a static wrapper map for WebCore JS bindings

        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        (JSC::JSGlobalData::~JSGlobalData):
        (JSC::JSGlobalData::ClientData::~ClientData):
        * kjs/JSGlobalData.h:
        Added a client data member to JSGlobalData. WebCore will use it to store bindings-related
        global data.

        * JavaScriptCore.exp: Export virtual ClientData destructor.

2008-10-02  Geoffrey Garen  <ggaren@apple.com>

        Not reviewed.
        
        Try to fix Qt build.

        * kjs/Error.h:

2008-10-01  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler and Cameron Zwarich.

        Preliminary step toward dynamic recompilation: Standardized and
        simplified the parsing interface.
        
        The main goal in this patch is to make it easy to ask for a duplicate
        compilation, and get back a duplicate result -- same source URL, same
        debugger / profiler ID, same toString behavior, etc.
        
        The basic unit of compilation and evaluation is now SourceCode, which
        encompasses a SourceProvider, a range in that provider, and a starting
        line number.

        A SourceProvider now encompasses a source URL, and *is* a source ID,
        since a pointer is a unique identifier.

        * API/JSBase.cpp:
        (JSEvaluateScript):
        (JSCheckScriptSyntax): Provide a SourceCode to the Interpreter, since
        other APIs are no longer supported.
        
        * VM/CodeBlock.h:
        (JSC::EvalCodeCache::get): Provide a SourceCode to the Interpreter, since
        other APIs are no longer supported.
        (JSC::CodeBlock::CodeBlock): ASSERT something that used to be ASSERTed
        by our caller -- this is a better bottleneck.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator): Updated for the fact that
        FunctionBodyNode's parameters are no longer a WTF::Vector.

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments): ditto

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate): Provide a SourceCode to the Parser,
        since other APIs are no longer supported.

        * kjs/FunctionConstructor.cpp:
        (JSC::constructFunction): Provide a SourceCode to the Parser, since
        other APIs are no longer supported. Adopt FunctionBodyNode's new
        "finishParsing" API.

        * kjs/JSFunction.cpp:
        (JSC::JSFunction::lengthGetter):
        (JSC::JSFunction::getParameterName): Updated for the fact that
        FunctionBodyNode's parameters are no longer a wtf::Vector.

        * kjs/JSFunction.h: Nixed some cruft.

        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::globalFuncEval): Provide a SourceCode to the Parser, since
        other APIs are no longer supported. 

        * kjs/Parser.cpp:
        (JSC::Parser::parse): Require a SourceCode argument, instead of a bunch
        of broken out parameters. Stop tracking sourceId as an integer, since we
        use the SourceProvider pointer for this now. Don't clamp the
        startingLineNumber, since SourceCode does that now.

        * kjs/Parser.h:
        (JSC::Parser::parse): Standardized the parsing interface to require a
        SourceCode.

        * kjs/Shell.cpp:
        (functionRun):
        (functionLoad):
        (prettyPrintScript):
        (runWithScripts):
        (runInteractive): Provide a SourceCode to the Interpreter, since
        other APIs are no longer supported.

        * kjs/SourceProvider.h:
        (JSC::SourceProvider::SourceProvider):
        (JSC::SourceProvider::url):
        (JSC::SourceProvider::asId):
        (JSC::UStringSourceProvider::create):
        (JSC::UStringSourceProvider::UStringSourceProvider): Added new
        responsibilities described above.

        * kjs/SourceRange.h:
        (JSC::SourceCode::SourceCode):
        (JSC::SourceCode::toString):
        (JSC::SourceCode::provider):
        (JSC::SourceCode::firstLine):
        (JSC::SourceCode::data):
        (JSC::SourceCode::length): Added new responsibilities described above.
        Renamed SourceRange to SourceCode, based on review feedback. Added
        a makeSource function for convenience.

        * kjs/debugger.h: Provide a SourceCode to the client, since other APIs
        are no longer supported.

        * kjs/grammar.y: Provide startingLineNumber when creating a SourceCode.

        * kjs/debugger.h: Treat sourceId as intptr_t to avoid loss of precision
        on 64bit platforms.

        * kjs/interpreter.cpp:
        (JSC::Interpreter::checkSyntax):
        (JSC::Interpreter::evaluate):
        * kjs/interpreter.h: Require a SourceCode instead of broken out arguments.

        * kjs/lexer.cpp:
        (JSC::Lexer::setCode):
        * kjs/lexer.h:
        (JSC::Lexer::sourceRange): Fold together the SourceProvider and line number
        into a SourceCode. Fixed a bug where the Lexer would accidentally keep
        alive the last SourceProvider forever.

        * kjs/nodes.cpp:
        (JSC::ScopeNode::ScopeNode):
        (JSC::ProgramNode::ProgramNode):
        (JSC::ProgramNode::create):
        (JSC::EvalNode::EvalNode):
        (JSC::EvalNode::generateCode):
        (JSC::EvalNode::create):
        (JSC::FunctionBodyNode::FunctionBodyNode):
        (JSC::FunctionBodyNode::finishParsing):
        (JSC::FunctionBodyNode::create):
        (JSC::FunctionBodyNode::generateCode):
        (JSC::ProgramNode::generateCode):
        (JSC::FunctionBodyNode::paramString):
        * kjs/nodes.h:
        (JSC::ScopeNode::):
        (JSC::ScopeNode::sourceId):
        (JSC::FunctionBodyNode::):
        (JSC::FunctionBodyNode::parameterCount):
        (JSC::FuncExprNode::):
        (JSC::FuncDeclNode::): Store a SourceCode in all ScopeNodes, since
        SourceCode is now responsible for tracking URL, ID, etc. Streamlined
        some ad hoc FunctionBodyNode fixups into a "finishParsing" function, to
        help make clear what you need to do in order to finish parsing a
        FunctionBodyNode.

        * wtf/Vector.h:
        (WTF::::releaseBuffer): Don't ASSERT that releaseBuffer() is only called
        when buffer is not 0, since FunctionBodyNode is more than happy
        to get back a 0 buffer, and other functions like RefPtr::release() allow
        for 0, too.

2008-10-01  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 21289: REGRESSION (r37160): Inspector crashes on load
        <https://bugs.webkit.org/show_bug.cgi?id=21289>

        The code in Arguments::mark() in r37160 was wrong. It marks indices in
        d->registers, but that makes no sense (they are local variables, not
        arguments). It should mark those indices in d->registerArray instead.

        This patch also changes Arguments::copyRegisters() to use d->numParameters
        instead of recomputing it.

        * kjs/Arguments.cpp:
        (JSC::Arguments::mark):
        * kjs/Arguments.h:
        (JSC::Arguments::copyRegisters):

2008-09-30  Darin Adler  <darin@apple.com>

        Reviewed by Eric Seidel.

        - https://bugs.webkit.org/show_bug.cgi?id=21214
          work on getting rid of ExecState

        Eliminate some unneeded uses of dynamicGlobalObject.

        * API/JSClassRef.cpp:
        (OpaqueJSClass::contextData): Changed to use a map in the global data instead
        of on the global object. Also fixed to use only a single hash table lookup.

        * API/JSObjectRef.cpp:
        (JSObjectMakeConstructor): Use lexicalGlobalObject rather than dynamicGlobalObject
        to get the object prototype.

        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncToString): Use arrayVisitedElements set in global data rather
        than in the global object.
        (JSC::arrayProtoFuncToLocaleString): Ditto.
        (JSC::arrayProtoFuncJoin): Ditto.

        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData): Don't initialize opaqueJSClassData, since
        it's no longer a pointer.
        (JSC::JSGlobalData::~JSGlobalData): We still need to delete all the values, but
        we don't need to delete the map since it's no longer a pointer.

        * kjs/JSGlobalData.h: Made opaqueJSClassData a map instead of a pointer to a map.
        Also added arrayVisitedElements.

        * kjs/JSGlobalObject.h: Removed arrayVisitedElements.

        * kjs/Shell.cpp:
        (functionRun): Use lexicalGlobalObject instead of dynamicGlobalObject.
        (functionLoad): Ditto.

2008-10-01  Cameron Zwarich  <zwarich@apple.com>

        Not reviewed.

        Speculative Windows build fix.

        * kjs/grammar.y:

2008-10-01  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Darin Adler.

        Bug 21123: using "arguments" in a function should not force creation of an activation object
        <https://bugs.webkit.org/show_bug.cgi?id=21123>

        Make the 'arguments' object not require a JSActivation. We store the
        'arguments' object in the OptionalCalleeArguments call frame slot. We
        need to be able to get the original 'arguments' object to tear it off
        when returning from a function, but 'arguments' may be assigned to in a
        number of ways.

        Therefore, we use the OptionalCalleeArguments slot when we want to get
        the original activation or we know that 'arguments' was not assigned a
        different value. When 'arguments' may have been assigned a new value,
        we use a new local variable that is initialized with 'arguments'. Since
        a function parameter named 'arguments' may overwrite the value of
        'arguments', we also need to be careful to look up 'arguments' in the
        symbol table, so we get the parameter named 'arguments' instead of the
        local variable that we have added for holding the 'arguments' object.

        This is a 19.1% win on the V8 Raytrace benchmark using the SunSpider
        harness, and a 20.7% win using the V8 harness. This amounts to a 6.5%
        total speedup on the V8 benchmark suite using the V8 harness.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.h:
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        * VM/Machine.cpp:
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::privateExecute):
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::cti_op_init_arguments):
        (JSC::Machine::cti_op_ret_activation_arguments):
        * VM/Machine.h:
        * VM/RegisterFile.h:
        (JSC::RegisterFile::):
        * kjs/Arguments.cpp:
        (JSC::Arguments::mark):
        (JSC::Arguments::fillArgList):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):
        * kjs/Arguments.h:
        (JSC::Arguments::setRegisters):
        (JSC::Arguments::init):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::copyRegisters):
        (JSC::JSActivation::copyRegisters):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::argumentsGetter):
        * kjs/JSActivation.h:
        (JSC::JSActivation::JSActivationData::JSActivationData):
        * kjs/grammar.y:
        * kjs/nodes.h:
        (JSC::ScopeNode::setUsesArguments):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::orl_mr):

2008-10-01  Kevin McCullough  <kmccullough@apple.com>

        Rubberstamped by Geoff Garen.

        Remove BreakpointCheckStatement because it's not used anymore.
        No effect on sunspider or the jsc tests.

        * kjs/nodes.cpp:
        * kjs/nodes.h:

2008-09-30  Oliver Hunt  <oliver@apple.com>

        Reviewed by Geoff Garen.

        Improve performance of CTI on windows.

        Currently on platforms where the compiler doesn't allow us to safely
        index relative to the address of a parameter we need to actually
        provide a pointer to CTI runtime call arguments.  This patch improves
        performance in this case by making the CTI logic for restoring this
        parameter much less conservative by only resetting it before we actually
        make a call, rather than between each and every SF bytecode we generate
        code for.

        This results in a 3.6% progression on the v8 benchmark when compiled with MSVC.

        * VM/CTI.cpp:
        (JSC::CTI::emitCall):
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompilePutByIdTransition):
        * VM/CTI.h:
        * masm/X86Assembler.h:
        * wtf/Platform.h:

2008-09-30  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.

        - track uses of "this", "with" and "catch" in the parser
        
        Knowing this up front will be useful for future optimizations.
        
        Perf and correctness remain the same.
        
        * kjs/NodeInfo.h:
        * kjs/grammar.y:

2008-09-30  Sam Weinig  <sam@webkit.org>

        Reviewed by Mark Rowe.

        Add WebKitAvailability macros for JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError,
        and JSObjectMakeRegExp

        * API/JSObjectRef.h:

2008-09-30  Darin Adler  <darin@apple.com>

        Reviewed by Geoff Garen.

        - https://bugs.webkit.org/show_bug.cgi?id=21214
          work on getting rid of ExecState

        Replaced the m_prev field of ExecState with a bit in the
        call frame pointer to indicate "host" call frames.

        * VM/Machine.cpp:
        (JSC::makeHostCallFramePointer): Added. Sets low bit.
        (JSC::isHostCallFrame): Added. Checks low bit.
        (JSC::stripHostCallFrameBit): Added. Clears low bit.
        (JSC::Machine::unwindCallFrame): Replaced null check that was
        formerly used to detect host call frames with an isHostCallFrame check.
        (JSC::Machine::execute): Pass in a host call frame pointer rather than
        always passing 0 when starting execution from the host. This allows us
        to follow the entire call frame pointer chain when desired, or to stop
        at the host calls when that's desired.
        (JSC::Machine::privateExecute): Replaced null check that was
        formerly used to detect host call frames with an isHostCallFrame check.
        (JSC::Machine::retrieveCaller): Ditto.
        (JSC::Machine::retrieveLastCaller): Ditto.
        (JSC::Machine::callFrame): Removed the code to walk up m_prev pointers
        and replaced it with code that uses the caller pointer and uses the
        stripHostCallFrameBit function.

        * kjs/ExecState.cpp: Removed m_prev.
        * kjs/ExecState.h: Ditto.

2008-09-30  Cameron Zwarich  <zwarich@apple.com>

        Reviewed by Geoff Garen.

        Move all detection of 'arguments' in a lexical scope to the parser, in
        preparation for fixing

        Bug 21123: using "arguments" in a function should not force creation of an activation object
        <https://bugs.webkit.org/show_bug.cgi?id=21123>

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        * kjs/NodeInfo.h:
        * kjs/grammar.y:

2008-09-30  Geoffrey Garen  <ggaren@apple.com>

        Not reviewed.

        * kjs/Shell.cpp:
        (runWithScripts): Fixed indentation.

2008-09-30  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by Sam Weinig.

        Build fix.  Move InternalFunction::classInfo implementation into the .cpp
        file to prevent the vtable for InternalFunction being generated as a weak symbol.
        Has no effect on SunSpider.

        * kjs/InternalFunction.cpp:
        (JSC::InternalFunction::classInfo):
        * kjs/InternalFunction.h:

2008-09-29  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        - optimize appending a number to a string
        https://bugs.webkit.org/show_bug.cgi?id=21203
        
        It's pretty common in real-world code (and on some of the v8
        benchmarks) to append a number to a string, so I made this one of
        the fast cases, and also added support to UString to do it
        directly without allocating a temporary UString.
        
        ~1% speedup on v8 benchmark.

        * VM/Machine.cpp:
        (JSC::jsAddSlowCase): Make this NEVER_INLINE because somehow otherwise
        the change is a regression.
        (JSC::jsAdd): Handle number + string special case.
        (JSC::Machine::cti_op_add): Integrate much of the logic of jsAdd to
        avoid exception check in the str + str, num + num and str + num cases.
        * kjs/ustring.cpp:
        (JSC::expandedSize): Make this a non-member function, since it needs to be 
        called in non-member functions but not outside this file.
        (JSC::expandCapacity): Ditto.
        (JSC::UString::expandCapacity): Call the non-member version. 
        (JSC::createRep): Helper to make a rep from a char*.
        (JSC::UString::UString): Use above helper.
        (JSC::concatenate): Guts of concatenating constructor for cases where first
        item is a UString::Rep, and second is a UChar* and length, or a char*.
        (JSC::UString::append): Implement for cases where first item is a UString::Rep,
        and second is an int or double. Sadly duplicates logic of UString::from(int)
        and UString::from(double).
        * kjs/ustring.h:

2008-09-29  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=21214
          work on getting rid of ExecState

        * JavaScriptCore.exp: Updated since JSGlobalObject::init
        no longer takes a parameter.

        * VM/Machine.cpp:
        (JSC::Machine::execute): Removed m_registerFile argument
        for ExecState constructors.

        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluate): Removed globalThisValue
        argument for ExecState constructor.

        * kjs/ExecState.cpp:
        (JSC::ExecState::ExecState): Removed globalThisValue and
        registerFile arguments to constructors.

        * kjs/ExecState.h: Removed m_globalThisValue and
        m_registerFile data members.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init): Removed globalThisValue
        argument for ExecState constructor.

        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::JSGlobalObject): Got rid of parameter
        for the init function.

2008-09-29  Geoffrey Garen  <ggaren@apple.com>

        Rubber-stamped by Cameron Zwarich.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=21225
        Machine::retrieveLastCaller should check for a NULL codeBlock
        
        In order to crash, you would need to call retrieveCaller in a situation
        where you had two host call frames in a row in the register file. I
        don't know how to make that happen, or if it's even possible, so I don't
        have a test case -- but better safe than sorry!

        * VM/Machine.cpp:
        (JSC::Machine::retrieveLastCaller):

2008-09-29  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.
        
        Store the callee ScopeChain, not the caller ScopeChain, in the call frame
        header. Nix the "scopeChain" local variable and ExecState::m_scopeChain, and
        access the callee ScopeChain through the call frame header instead.

        Profit: call + return are simpler, because they don't have to update the
        "scopeChain" local variable, or ExecState::m_scopeChain.
        
        Because CTI keeps "r" in a register, reading the callee ScopeChain relative
        to "r" can be very fast, in any cases we care to optimize.

        0% speedup on empty function call benchmark. (5.5% speedup in bytecode.)
        0% speedup on SunSpider. (7.5% speedup on controlflow-recursive.)
        2% speedup on SunSpider --v8.
        2% speedup on v8 benchmark.

        * VM/CTI.cpp: Changed scope chain access to read the scope chain from
        the call frame header. Sped up op_ret by changing it not to fuss with
        the "scopeChain" local variable or ExecState::m_scopeChain.

        * VM/CTI.h: Updated CTI trampolines not to take a ScopeChainNode*
        argument, since that's stored in the call frame header now.

        * VM/Machine.cpp: Access "scopeChain" and "codeBlock" through new helper
        functions that read from the call frame header. Updated functions operating
        on ExecState::m_callFrame to account for / take advantage of the fact that
        Exec:m_callFrame is now never NULL.
        
        Fixed a bug in op_construct, where it would use the caller's default
        object prototype, rather than the callee's, when constructing a new object.

        * VM/Machine.h: Made some helper functions available. Removed
        ScopeChainNode* arguments to a lot of functions, since the ScopeChainNode*
        is now stored in the call frame header.

        * VM/RegisterFile.h: Renamed "CallerScopeChain" to "ScopeChain", since
        that's what it is now.

        * kjs/DebuggerCallFrame.cpp: Updated for change to ExecState signature.

        * kjs/ExecState.cpp:
        * kjs/ExecState.h: Nixed ExecState::m_callFrame, along with the unused
        isGlobalObject function.

        * kjs/JSGlobalObject.cpp:
        * kjs/JSGlobalObject.h: Gave the global object a fake call frame in
        which to store the global scope chain, since our code now assumes that
        it can always read the scope chain out of the ExecState's call frame.

2008-09-29  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Sam Weinig.

        Remove the isActivationObject() virtual method on JSObject and use
        StructureID information instead. This should be slightly faster, but
        isActivationObject() is only used in assertions and unwinding the stack
        for exceptions.

        * VM/Machine.cpp:
        (JSC::depth):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_ret_activation):
        * kjs/JSActivation.cpp:
        * kjs/JSActivation.h:
        * kjs/JSObject.h:

2008-09-29  Peter Gal  <galpeter@inf.u-szeged.hu>

        Reviewed and tweaked by Darin Adler.

        Fix build for non-all-in-one platforms.

        * kjs/StringPrototype.cpp: Added missing ASCIICType.h include.

2008-09-29  Bradley T. Hughes  <bradley.hughes@nokia.com>

        Reviewed by Simon Hausmann.

        Fix compilation with icpc

        * wtf/HashSet.h:
        (WTF::::find):
        (WTF::::contains):

2008-09-29  Thiago Macieira  <thiago.macieira@nokia.com>

        Reviewed by Simon Hausmann.

        Changed copyright from Trolltech ASA to Nokia.
        
        Nokia acquired Trolltech ASA, assets were transferred on September 26th 2008.
        

        * wtf/qt/MainThreadQt.cpp:

2008-09-29  Simon Hausmann  <hausmann@webkit.org>

        Reviewed by Lars Knoll.

        Don't accidentially install libJavaScriptCore.a for the build inside
        Qt.

        * JavaScriptCore.pro:

2008-09-28  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 21200: Allow direct access to 'arguments' without using op_resolve
        <https://bugs.webkit.org/show_bug.cgi?id=21200>

        Allow fast access to the 'arguments' object by adding an extra slot to
        the callframe to store it.

        This is a 3.0% speedup on the V8 Raytrace benchmark.

        * JavaScriptCore.exp:
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump):
        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::registerFor):
        * VM/CodeGenerator.h:
        (JSC::CodeGenerator::registerFor):
        * VM/Machine.cpp:
        (JSC::Machine::initializeCallFrame):
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::privateExecute):
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_create_arguments):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/Machine.h:
        * VM/Opcode.h:
        * VM/RegisterFile.h:
        (JSC::RegisterFile::):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::mark):
        (JSC::JSActivation::argumentsGetter):
        * kjs/JSActivation.h:
        (JSC::JSActivation::JSActivationData::JSActivationData):
        * kjs/NodeInfo.h:
        * kjs/Parser.cpp:
        (JSC::Parser::didFinishParsing):
        * kjs/Parser.h:
        (JSC::Parser::parse):
        * kjs/grammar.y:
        * kjs/nodes.cpp:
        (JSC::ScopeNode::ScopeNode):
        (JSC::ProgramNode::ProgramNode):
        (JSC::ProgramNode::create):
        (JSC::EvalNode::EvalNode):
        (JSC::EvalNode::create):
        (JSC::FunctionBodyNode::FunctionBodyNode):
        (JSC::FunctionBodyNode::create):
        * kjs/nodes.h:
        (JSC::ScopeNode::usesArguments):

2008-09-28  Mark Rowe  <mrowe@apple.com>

        Reviewed by Sam Weinig.

        Add an ASCII fast-path to toLowerCase and toUpperCase.

        The fast path speeds up the common case of an ASCII-only string by up to 60% while adding a less than 5% penalty
        to the less common non-ASCII case.

        This also removes stringProtoFuncToLocaleLowerCase and stringProtoFuncToLocaleUpperCase, which were identical
        to the non-locale variants of the functions.  toLocaleLowerCase and toLocaleUpperCase now use the non-locale
        variants of the functions directly.

        * kjs/StringPrototype.cpp:
        (JSC::stringProtoFuncToLowerCase):
        (JSC::stringProtoFuncToUpperCase):

2008-09-28  Mark Rowe  <mrowe@apple.com>

        Reviewed by Cameron Zwarich.

        Speed up parseInt and parseFloat.

        Repeatedly indexing into a UString is slow, so retrieve a pointer into the underlying buffer once up front
        and use that instead.  This is a 7% win on a parseInt/parseFloat micro-benchmark.

        * kjs/JSGlobalObjectFunctions.cpp:
        (JSC::parseInt):
        (JSC::parseFloat):

2008-09-28  Simon Hausmann  <hausmann@webkit.org>

        Reviewed by David Hyatt.

        In Qt's initializeThreading re-use an existing thread identifier for the main
        thread if it exists.

        currentThread() implicitly creates new identifiers and it could be that
        it is called before initializeThreading().

        * wtf/ThreadingQt.cpp:
        (WTF::initializeThreading):

2008-09-27  Keishi Hattori  <casey.hattori@gmail.com>

        Added Machine::retrieveCaller to the export list.

        Reviewed by Kevin McCullough and Tim Hatcher.

        * JavaScriptCore.exp: Added Machine::retrieveCaller.

2008-09-27  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * VM/CTI.cpp:
        (JSC::):

2008-09-27  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.
        
        https://bugs.webkit.org/show_bug.cgi?id=21175

        Store the callee CodeBlock, not the caller CodeBlock, in the call frame
        header. Nix the "codeBlock" local variable, and access the callee
        CodeBlock through the call frame header instead.
        
        Profit: call + return are simpler, because they don't have to update the
        "codeBlock" local variable.
        
        Because CTI keeps "r" in a register, reading the callee CodeBlock relative
        to "r" can be very fast, in any cases we care to optimize. Presently,
        no such cases seem important.
        
        Also, stop writing "dst" to the call frame header. CTI doesn't use it.
        
        21.6% speedup on empty function call benchmark.
        3.8% speedup on SunSpider --v8.
        2.1% speedup on v8 benchmark.
        0.7% speedup on SunSpider (6% speedup on controlflow-recursive).
        
        Small regression in bytecode, because currently every op_ret reads the
        callee CodeBlock to check needsFullScopeChain, and bytecode does not
        keep "r" in a register. On-balance, this is probably OK, since CTI is
        our high-performance execution model. Also, this should go away once
        we make needsFullScopeChain statically determinable at parse time.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall): The speedup!
        (JSC::CTI::privateCompileSlowCases): ditto

        * VM/CTI.h:
        (JSC::): Fixed up magic trampoline constants to account for the nixed
        "codeBlock" argument.
        (JSC::CTI::execute): Changed trampoline function not to take a "codeBlock"
        argument, since codeBlock is now stored in the call frame header.
        
        * VM/Machine.cpp: Read the callee CodeBlock from the register file. Use
        a NULL CallerRegisters in the call frame header to signal a built-in
        caller, since CodeBlock is now never NULL.

        * VM/Machine.h: Made some stand-alone functions Machine member functions
        so they could call the private codeBlock() accessor in the Register
        class, of which Machine is a friend. Renamed "CallerCodeBlock" to
        "CodeBlock", since it's no longer the caller's CodeBlock.

        * VM/RegisterFile.h: Marked some methods const to accommodate a 
        const RegisterFile* being passed around in Machine.cpp.

2008-09-26  Jan Michael Alonzo  <jmalonzo@webkit.org>

        Gtk build fix. Not reviewed.

        Narrow-down the target of the JavaScriptCore .lut.h generator so
        it won't try to create the WebCore .lut.hs.

        * GNUmakefile.am:

2008-09-26  Matt Lilek  <webkit@mattlilek.com>

        Reviewed by Tim Hatcher.

        Update FEATURE_DEFINES after ENABLE_CROSS_DOCUMENT_MESSAGING was removed.

        * Configurations/JavaScriptCore.xcconfig:

2008-09-26  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Rubber-stamped by Anders Carlson.

        Change the name 'sc' to 'scopeChainNode' in a few places.

        * kjs/nodes.cpp:
        (JSC::EvalNode::generateCode):
        (JSC::FunctionBodyNode::generateCode):
        (JSC::ProgramNode::generateCode):

2008-09-26  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=21152
        Speedup static property get/put

        Convert getting/setting static property values to use static functions
        instead of storing an integer and switching in getValueProperty/putValueProperty.

        * kjs/JSObject.cpp:
        (JSC::JSObject::deleteProperty):
        (JSC::JSObject::getPropertyAttributes):
        * kjs/MathObject.cpp:
        (JSC::MathObject::getOwnPropertySlot):
        * kjs/NumberConstructor.cpp:
        (JSC::numberConstructorNaNValue):
        (JSC::numberConstructorNegInfinity):
        (JSC::numberConstructorPosInfinity):
        (JSC::numberConstructorMaxValue):
        (JSC::numberConstructorMinValue):
        * kjs/PropertySlot.h:
        (JSC::PropertySlot::):
        * kjs/RegExpConstructor.cpp:
        (JSC::regExpConstructorDollar1):
        (JSC::regExpConstructorDollar2):
        (JSC::regExpConstructorDollar3):
        (JSC::regExpConstructorDollar4):
        (JSC::regExpConstructorDollar5):
        (JSC::regExpConstructorDollar6):
        (JSC::regExpConstructorDollar7):
        (JSC::regExpConstructorDollar8):
        (JSC::regExpConstructorDollar9):
        (JSC::regExpConstructorInput):
        (JSC::regExpConstructorMultiline):
        (JSC::regExpConstructorLastMatch):
        (JSC::regExpConstructorLastParen):
        (JSC::regExpConstructorLeftContext):
        (JSC::regExpConstructorRightContext):
        (JSC::setRegExpConstructorInput):
        (JSC::setRegExpConstructorMultiline):
        (JSC::RegExpConstructor::setInput):
        (JSC::RegExpConstructor::setMultiline):
        (JSC::RegExpConstructor::multiline):
        * kjs/RegExpConstructor.h:
        * kjs/RegExpObject.cpp:
        (JSC::regExpObjectGlobal):
        (JSC::regExpObjectIgnoreCase):
        (JSC::regExpObjectMultiline):
        (JSC::regExpObjectSource):
        (JSC::regExpObjectLastIndex):
        (JSC::setRegExpObjectLastIndex):
        * kjs/RegExpObject.h:
        (JSC::RegExpObject::setLastIndex):
        (JSC::RegExpObject::lastIndex):
        (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):
        * kjs/create_hash_table:
        * kjs/lexer.cpp:
        (JSC::Lexer::lex):
        * kjs/lookup.cpp:
        (JSC::HashTable::createTable):
        (JSC::HashTable::deleteTable):
        (JSC::setUpStaticFunctionSlot):
        * kjs/lookup.h:
        (JSC::HashEntry::initialize):
        (JSC::HashEntry::setKey):
        (JSC::HashEntry::key):
        (JSC::HashEntry::attributes):
        (JSC::HashEntry::function):
        (JSC::HashEntry::functionLength):
        (JSC::HashEntry::propertyGetter):
        (JSC::HashEntry::propertyPutter):
        (JSC::HashEntry::lexerValue):
        (JSC::HashEntry::):
        (JSC::HashTable::entry):
        (JSC::getStaticPropertySlot):
        (JSC::getStaticValueSlot):
        (JSC::lookupPut):

2008-09-26  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Maciej Stachowiak & Oliver Hunt.

        Add support for reusing temporary JSNumberCells.  This change is based on the observation
        that if the result of certain operations is a JSNumberCell and is consumed by a subsequent
        operation that would produce a JSNumberCell, we can reuse the object rather than allocating
        a fresh one.  E.g. given the expression ((a * b) * c), we can statically determine that
        (a * b) will have a numeric result (or else it will have thrown an exception), so the result
        will either be a JSNumberCell or a JSImmediate.

        This patch changes three areas of JSC:
            * The AST now tracks type information about the result of each node.
            * This information is consumed in bytecode compilation, and certain bytecode operations
              now carry the statically determined type information about their operands.
            * CTI uses the information in a number of fashions:
                * Where an operand to certain arithmetic operations is reusable, it will plant code
                  to try to perform the operation in JIT code & reuse the cell, where appropriate.
                * Where it can be statically determined that an operand can only be numeric (typically
                  the result of another arithmetic operation) the code will not redundantly check that
                  the JSCell is a JSNumberCell.
                * Where either of the operands to an add are non-numeric do not plant an optimized
                  arithmetic code path, just call straight out to the C function.

        +6% Sunspider (10% progression on 3D, 16% progression on math, 60% progression on access-nbody),
        +1% v8-tests (improvements in raytrace & crypto)

        * VM/CTI.cpp: Add optimized code generation with reuse of temporary JSNumberCells.
        * VM/CTI.h:
        * kjs/JSNumberCell.h:
        * masm/X86Assembler.h:

        * VM/CodeBlock.cpp: Add type information to specific bytecodes.
        * VM/CodeGenerator.cpp:
        * VM/CodeGenerator.h:
        * VM/Machine.cpp:

        * kjs/nodes.cpp: Track static type information for nodes.
        * kjs/nodes.h:
        * kjs/ResultDescriptor.h: (Added)
        * JavaScriptCore.xcodeproj/project.pbxproj:

2008-09-26  Yichao Yin  <yichao.yin@torchmobile.com.cn>

        Reviewed by George Staikos, Maciej Stachowiak.

        Add utility functions needed for upcoming WML code.

        * wtf/ASCIICType.h:
        (WTF::isASCIIPrintable):

2008-09-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Reverted the part of r36614 that used static data because static data
        is not thread-safe.

2008-09-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Removed dynamic check for whether the callee needs an activation object.
        Replaced with callee code to create the activation object.

        0.5% speedup on SunSpider.
        No change on v8 benchmark. (Might be a speedup, but it's in range of the
        variance.)

        0.7% speedup on v8 benchmark in bytecode.
        1.3% speedup on empty call benchmark in bytecode.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass): Added support for op_init_activation,
        the new opcode that specifies that the callee's initialization should
        create an activation object.
        (JSC::CTI::privateCompile): Removed previous code that did a similar
        thing in an ad-hoc way.

        * VM/CodeBlock.cpp:
        (JSC::CodeBlock::dump): Added a case for dumping op_init_activation.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::generate): Added fixup code to change op_init to
        op_init_activation if necessary. (With a better parser, we would know
        which to use from the beginning.)

        * VM/Instruction.h:
        (JSC::Instruction::Instruction):
        (WTF::): Faster traits for the instruction vector. An earlier version
        of this patch relied on inserting at the beginning of the vector, and
        depended on this change for speed.

        * VM/Machine.cpp:
        (JSC::Machine::execute): Removed clients of setScopeChain, the old
        abstraction for dynamically checking for whether an activation object
        needed to be created.
        (JSC::Machine::privateExecute): ditto

        (JSC::Machine::cti_op_push_activation): Renamed this function from
        cti_vm_updateScopeChain, and made it faster by removing the call to 
        setScopeChain.
        * VM/Machine.h:

        * VM/Opcode.h: Declared op_init_activation.

2008-09-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Maciej Stachowiak.
        
        Move most of the return code back into the callee, now that the callee
        doesn't have to calculate anything dynamically.
        
        11.5% speedup on empty function call benchmark.
        
        SunSpider says 0.3% faster. SunSpider --v8 says no change.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):

2008-09-24  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Remove staticFunctionGetter.  There is only one remaining user of
        staticFunctionGetter and it can be converted to use setUpStaticFunctionSlot.

        * JavaScriptCore.exp:
        * kjs/lookup.cpp:
        * kjs/lookup.h:

2008-09-24  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - inline JIT fast case of op_neq
        - remove extra level of function call indirection from slow cases of eq and neq
        
        1% speedup on Richards

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_eq):
        (JSC::Machine::cti_op_neq):
        * kjs/operations.cpp:
        (JSC::equal):
        (JSC::equalSlowCase):
        * kjs/operations.h:
        (JSC::equalSlowCaseInline):

2008-09-24  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
        <rdar://problem/6243534>
        Crash below Function.apply when using a runtime array as the argument list

        Test: plugins/bindings-array-apply-crash.html

        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncApply): Revert to the slow case if the object inherits from 
        JSArray (via ClassInfo) but is not a JSArray.

2008-09-24  Kevin McCullough  <kmccullough@apple.com>

        Style change.

        * kjs/nodes.cpp:
        (JSC::statementListEmitCode):

2008-09-24  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Geoff.

        Bug 21031: Breakpoints in the condition of loops only breaks the first
        time
        - Now when setting breakpoints in the condition of a loop (for, while,
        for in, and do while) will successfully break each time throught the
        loop.
        - For 'for' loops we need a little more complicated behavior that cannot
        be accomplished without some more significant changes:
        https://bugs.webkit.org/show_bug.cgi?id=21073

        * kjs/nodes.cpp:
        (JSC::statementListEmitCode): We don't want to blindly emit a debug hook
        at the first line of loops, instead let the loop emit the debug hooks.
        (JSC::DoWhileNode::emitCode):
        (JSC::WhileNode::emitCode):
        (JSC::ForNode::emitCode):
        (JSC::ForInNode::emitCode):
        * kjs/nodes.h:
        (JSC::StatementNode::):
        (JSC::DoWhileNode::):
        (JSC::WhileNode::):
        (JSC::ForInNode::):

2008-09-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Fixed <rdar://problem/5605532> Need a SPI for telling JS the size of
        the objects it retains

        * API/tests/testapi.c: Test the new SPI a little.

        * API/JSSPI.cpp: Add the new SPI.
        * API/JSSPI.h: Add the new SPI.
        * JavaScriptCore.exp: Add the new SPI.
        * JavaScriptCore.xcodeproj/project.pbxproj: Add the new SPI.

2008-09-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        * API/JSBase.h: Filled in some missing function names.

2008-09-24  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Cameron Zwarich.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=21057
        Crash in RegisterID::deref() running fast/canvas/canvas-putImageData.html

        * VM/CodeGenerator.h: Changed declaration order to ensure the
        m_lastConstant, which is a RefPtr that points into m_calleeRegisters,
        has its destructor called before the destructor for m_calleeRegisters.

2008-09-24  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=21047
          speed up ret_activation with inlining

        About 1% on v8-raytrace.

        * JavaScriptCore.exp: Removed JSVariableObject::setRegisters.

        * kjs/JSActivation.cpp: Moved copyRegisters to the header to make it inline.
        * kjs/JSActivation.h:
        (JSC::JSActivation::copyRegisters): Moved here. Also removed the registerArraySize
        argument to setRegisters, since the object doesn't need to store the number of
        registers.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset): Removed unnecessary clearing left over from when we
        used this on objects that weren't brand new. These days, this function is really
        just part of the constructor.

        * kjs/JSGlobalObject.h: Added registerArraySize to JSGlobalObjectData, since
        JSVariableObjectData no longer needs it. Added a setRegisters override here
        that handles storing the size.

        * kjs/JSStaticScopeObject.h: Removed code to set registerArraySize, since it
        no longer exists.

        * kjs/JSVariableObject.cpp: Moved copyRegisterArray and setRegisters to the
        header to make them inline.
        * kjs/JSVariableObject.h: Removed registerArraySize from JSVariableObjectData,
        since it was only used for the global object.
        (JSC::JSVariableObject::copyRegisterArray): Moved here ot make it inline.
        (JSC::JSVariableObject::setRegisters): Moved here to make it inline. Also
        removed the code to set registerArraySize and changed an if statement into
        an assert to save an unnnecessary branch.

2008-09-24  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver Hunt.
        
        - inline PropertyMap::getOffset to speed up polymorphic lookups
        
        ~1.5% speedup on v8 benchmark
        no effect on SunSpider

        * JavaScriptCore.exp:
        * kjs/PropertyMap.cpp:
        * kjs/PropertyMap.h:
        (JSC::PropertyMap::getOffset):

2008-09-24  Jan Michael Alonzo  <jmalonzo@webkit.org>

        Reviewed by Alp Toker.

        https://bugs.webkit.org/show_bug.cgi?id=20992
        Build fails on GTK+ Mac OS

        * wtf/ThreadingGtk.cpp: Remove platform ifdef as suggested by
          Richard Hult.
        (WTF::initializeThreading):

2008-09-23  Oliver Hunt  <oliver@apple.com>

        Reviewed by Maciej Stachowiak.

        Bug 19968: Slow Script at www.huffingtonpost.com
        <https://bugs.webkit.org/show_bug.cgi?id=19968>

        Finally found the cause of this accursed issue.  It is triggered
        by synchronous creation of a new global object from JS.  The new
        global object resets the timer state in this execution group's
        Machine, taking timerCheckCount to 0.  Then when JS returns the
        timerCheckCount is decremented making it non-zero.  The next time
        we execute JS we will start the timeout counter, however the non-zero
        timeoutCheckCount means we don't reset the timer information. This
        means that the timeout check is now checking the cumulative time
        since the creation of the global object rather than the time since
        JS was last entered.  At this point the slow script dialog is guaranteed
        to eventually be displayed incorrectly unless a page is loaded
        asynchronously (which will reset everything into a sane state).

        The fix for this is rather trivial -- the JSGlobalObject constructor
        should not be resetting the machine timer state.

        * VM/Machine.cpp:
        (JSC::Machine::Machine):
          Now that we can't rely on the GlobalObject initialising the timeout
          state, we do it in the Machine constructor.

        * VM/Machine.h:
        (JSC::Machine::stopTimeoutCheck):
          Add assertions to guard against this happening.

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::init):
          Don't reset the timeout state.

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.
        
        Fixed https://bugs.webkit.org/show_bug.cgi?id=21038 | <rdar://problem/6240812>
        Uncaught exceptions in regex replace callbacks crash webkit
        
        This was a combination of two problems:
        
        (1) the replace function would continue execution after an exception
        had been thrown.
        
        (2) In some cases, the Machine would return 0 in the case of an exception,
        despite the fact that a few clients dereference the Machine's return
        value without first checking for an exception.
        
        * VM/Machine.cpp:
        (JSC::Machine::execute):
        
        ^ Return jsNull() instead of 0 in the case of an exception, since some
        clients depend on using our return value.
        
        ^ ASSERT that execution does not continue after an exception has been
        thrown, to help catch problems like this in the future.

        * kjs/StringPrototype.cpp:
        (JSC::stringProtoFuncReplace):
        
        ^ Stop execution if an exception has been thrown.

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Try to fix the windows build.

        * VM/CTI.cpp:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):

2008-09-23  Alp Toker  <alp@nuanti.com>

        Build fix.

        * VM/CTI.h:

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.

        * wtf/Platform.h: Removed duplicate #if.

2008-09-23  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Darin Adler.
        
        Changed the layout of the call frame from
        
        { header, parameters, locals | constants, temporaries }
        
        to
        
        { parameters, header | locals, constants, temporaries }
        
        This simplifies function entry+exit, and enables a number of future
        optimizations.
        
        13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
        empty call benchmark for CTI.
        
        SunSpider says no change. SunSpider --v8 says 1% faster.

        * VM/CTI.cpp:
        
        Added a bit of abstraction for calculating whether a register is a
        constant, since this patch changes that calculation:
        (JSC::CTI::isConstant):
        (JSC::CTI::getConstant):
        (JSC::CTI::emitGetArg):
        (JSC::CTI::emitGetPutArg):
        (JSC::CTI::getConstantImmediateNumericArg):

        Updated for changes to callframe header location:
        (JSC::CTI::emitPutToCallFrameHeader):
        (JSC::CTI::emitGetFromCallFrameHeader):
        (JSC::CTI::printOpcodeOperandTypes):
        
        Renamed to spite Oliver:
        (JSC::CTI::emitInitRegister):
        
        Added an abstraction for emitting a call through a register, so that
        calls through registers generate exception info, too:
        (JSC::CTI::emitCall):

        Updated to match the new callframe header layout, and to support calls
        through registers, which have no destination address:
        (JSC::CTI::compileOpCall):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        (JSC::CTI::privateCompile):

        * VM/CTI.h:

        More of the above:
        (JSC::CallRecord::CallRecord):

        * VM/CodeBlock.cpp:

        Updated for new register layout:
        (JSC::registerName):
        (JSC::CodeBlock::dump):

        * VM/CodeBlock.h:
        
        Updated CodeBlock to track slightly different information about the
        register frame, and tweaked the style of an ASSERT_NOT_REACHED.
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::getStubInfo):

        * VM/CodeGenerator.cpp:
        
        Added some abstraction around constant register allocation, since this
        patch changes it, changed codegen to account for the new callframe
        layout, and added abstraction around register fetching code
        that used to assume that all local registers lived at negative indices,
        since vars now live at positive indices:
        (JSC::CodeGenerator::generate):
        (JSC::CodeGenerator::addVar):
        (JSC::CodeGenerator::addGlobalVar):
        (JSC::CodeGenerator::allocateConstants):
        (JSC::CodeGenerator::CodeGenerator):
        (JSC::CodeGenerator::addParameter):
        (JSC::CodeGenerator::registerFor):
        (JSC::CodeGenerator::constRegisterFor):
        (JSC::CodeGenerator::newRegister):
        (JSC::CodeGenerator::newTemporary):
        (JSC::CodeGenerator::highestUsedRegister):
        (JSC::CodeGenerator::addConstant):
        
        ASSERT that our caller referenced the registers it passed to us.
        Otherwise, we might overwrite them with parameters:
        (JSC::CodeGenerator::emitCall):
        (JSC::CodeGenerator::emitConstruct):

        * VM/CodeGenerator.h:
        
        Added some abstraction for getting a RegisterID for a given index,
        since the rules are a little weird:
        (JSC::CodeGenerator::registerFor):

        * VM/Machine.cpp:

        Utility function to transform a machine return PC to a virtual machine
        return VPC, for the sake of stack unwinding, since both PCs are stored
        in the same location now:
        (JSC::vPCForPC):

        Tweaked to account for new call frame:
        (JSC::Machine::initializeCallFrame):
        
        Tweaked to account for registerOffset supplied by caller:
        (JSC::slideRegisterWindowForCall):

        Tweaked to account for new register layout:
        (JSC::scopeChainForCall):
        (JSC::Machine::callEval):
        (JSC::Machine::dumpRegisters):
        (JSC::Machine::unwindCallFrame):
        (JSC::Machine::execute):

        Changed op_call and op_construct to implement the new calling convention:
        (JSC::Machine::privateExecute):

        Tweaked to account for the new register layout:
        (JSC::Machine::retrieveArguments):
        (JSC::Machine::retrieveCaller):
        (JSC::Machine::retrieveLastCaller):
        (JSC::Machine::callFrame):
        (JSC::Machine::getArgumentsData):

        Changed CTI call helpers to implement the new calling convention:
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_call_NotJSFunction):
        (JSC::Machine::cti_op_ret_activation):
        (JSC::Machine::cti_op_ret_profiler):
        (JSC::Machine::cti_op_construct_JSConstruct):
        (JSC::Machine::cti_op_construct_NotJSConstruct):
        (JSC::Machine::cti_op_call_eval):

        * VM/Machine.h:

        * VM/Opcode.h:
        
        Renamed op_initialise_locals to op_init, because this opcode
        doesn't initialize all locals, and it doesn't initialize only locals.
        Also, to spite Oliver.
        
        * VM/RegisterFile.h:
        
        New call frame enumeration values:
        (JSC::RegisterFile::):

        Simplified the calculation of whether a RegisterID is a temporary,
        since we can no longer assume that all positive non-constant registers
        are temporaries:
        * VM/RegisterID.h:
        (JSC::RegisterID::RegisterID):
        (JSC::RegisterID::setTemporary):
        (JSC::RegisterID::isTemporary):

        Renamed firstArgumentIndex to firstParameterIndex because the assumption
        that this variable pertained to the actual arguments supplied by the
        caller caused me to write some buggy code:
        * kjs/Arguments.cpp:
        (JSC::ArgumentsData::ArgumentsData):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::fillArgList):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):

        Updated for new call frame layout:
        * kjs/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::functionName):
        (JSC::DebuggerCallFrame::type):
        * kjs/DebuggerCallFrame.h:

        Changed the activation object to account for the fact that a call frame
        header now sits between parameters and local variables. This change
        requires all variable objects to do their own marking, since they
        now use their register storage differently:
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::mark):
        (JSC::JSActivation::copyRegisters):
        (JSC::JSActivation::createArgumentsObject):
        * kjs/JSActivation.h:

        Updated global object to use the new interfaces required by the change
        to JSActivation above:
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::mark):
        (JSC::JSGlobalObject::copyGlobalsFrom):
        (JSC::JSGlobalObject::copyGlobalsTo):
        * kjs/JSGlobalObject.h:
        (JSC::JSGlobalObject::addStaticGlobals):

        Updated static scope object to use the new interfaces required by the 
        change to JSActivation above:
        * kjs/JSStaticScopeObject.cpp:
        (JSC::JSStaticScopeObject::mark):
        (JSC::JSStaticScopeObject::~JSStaticScopeObject):
        * kjs/JSStaticScopeObject.h:
        (JSC::JSStaticScopeObject::JSStaticScopeObject):
        (JSC::JSStaticScopeObject::d):

        Updated variable object to use the new interfaces required by the 
        change to JSActivation above:
        * kjs/JSVariableObject.cpp:
        (JSC::JSVariableObject::copyRegisterArray):
        (JSC::JSVariableObject::setRegisters):
        * kjs/JSVariableObject.h:

        Changed the bit twiddling in symbol table not to assume that all indices
        are negative, since they can be positive now:
        * kjs/SymbolTable.h:
        (JSC::SymbolTableEntry::SymbolTableEntry):
        (JSC::SymbolTableEntry::isNull):
        (JSC::SymbolTableEntry::getIndex):
        (JSC::SymbolTableEntry::getAttributes):
        (JSC::SymbolTableEntry::setAttributes):
        (JSC::SymbolTableEntry::isReadOnly):
        (JSC::SymbolTableEntry::pack):
        (JSC::SymbolTableEntry::isValidIndex):

        Changed call and construct nodes to ref their functions and/or bases,
        so that emitCall/emitConstruct doesn't overwrite them with parameters.
        Also, updated for rename to registerFor:
        * kjs/nodes.cpp:
        (JSC::ResolveNode::emitCode):
        (JSC::NewExprNode::emitCode):
        (JSC::EvalFunctionCallNode::emitCode):
        (JSC::FunctionCallValueNode::emitCode):
        (JSC::FunctionCallResolveNode::emitCode):
        (JSC::FunctionCallBracketNode::emitCode):
        (JSC::FunctionCallDotNode::emitCode):
        (JSC::PostfixResolveNode::emitCode):
        (JSC::DeleteResolveNode::emitCode):
        (JSC::TypeOfResolveNode::emitCode):
        (JSC::PrefixResolveNode::emitCode):
        (JSC::ReadModifyResolveNode::emitCode):
        (JSC::AssignResolveNode::emitCode):
        (JSC::ConstDeclNode::emitCodeSingle):
        (JSC::ForInNode::emitCode):

        Added abstraction for getting exception info out of a call through a
        register:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::emitCall):
        
        Removed duplicate #if:
        * wtf/Platform.h:

2008-09-23  Kevin McCullough  <kmccullough@apple.com>

        Reviewed by Darin.

        Bug 21030: The JS debugger breaks on the do of a do-while not the while
        (where the conditional statement is)
        https://bugs.webkit.org/show_bug.cgi?id=21030
        Now the statementListEmitCode detects if a do-while node is being
        emited and emits the debug hook on the last line instead of the first.

        This change had no effect on sunspider.

        * kjs/nodes.cpp:
        (JSC::statementListEmitCode):
        * kjs/nodes.h:
        (JSC::StatementNode::isDoWhile):
        (JSC::DoWhileNode::isDoWhile):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Camron Zwarich.

        - inline the fast case of instanceof
        https://bugs.webkit.org/show_bug.cgi?id=20818

        ~2% speedup on EarleyBoyer test.
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_instanceof):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - add forgotten slow case logic for !==

        * VM/CTI.cpp:
        (JSC::CTI::privateCompileSlowCases):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.

        - inline the fast cases of !==, same as for ===
        
        2.9% speedup on EarleyBoyer benchmark

        * VM/CTI.cpp:
        (JSC::CTI::compileOpStrictEq): Factored stricteq codegen into this function,
        and parameterized so it can do the reverse version as well.
        (JSC::CTI::privateCompileMainPass): Use the above for stricteq and nstricteq.
        * VM/CTI.h:
        (JSC::CTI::): Declare above stuff.
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_nstricteq): Removed fast cases, now handled inline.

2008-09-23  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Oliver Hunt.

        Bug 20989: Aguments constructor should put 'callee' and 'length' properties in a more efficient way
        <https://bugs.webkit.org/show_bug.cgi?id=20989>

        Make special cases for the 'callee' and 'length' properties in the
        Arguments object.

        This is somewhere between a 7.8% speedup and a 10% speedup on the V8
        Raytrace benchmark, depending on whether it is run alone or with the
        other V8 benchmarks.

        * kjs/Arguments.cpp:
        (JSC::ArgumentsData::ArgumentsData):
        (JSC::Arguments::Arguments):
        (JSC::Arguments::mark):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):
        (JSC::Arguments::deleteProperty):

2008-09-23  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin.

        - speed up instanceof some more
        https://bugs.webkit.org/show_bug.cgi?id=20818
        
        ~2% speedup on EarleyBoyer

        The idea here is to record in the StructureID whether the class
        needs a special hasInstance or if it can use the normal logic from
        JSObject. 
        
        Based on this I inlined the real work directly into
        cti_op_instanceof and put the fastest checks up front and the
        error handling at the end (so it should be fairly straightforward
        to split off the beginning to be inlined if desired).

        I only did this for CTI, not the bytecode interpreter.
        
        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::createStructureID):
        * ChangeLog:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_instanceof):
        * kjs/JSImmediate.h:
        (JSC::JSImmediate::isAnyImmediate):
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::overridesHasInstance):
        (JSC::TypeInfo::flags):

2008-09-22  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=21019
          make FunctionBodyNode::ref/deref fast

        Speeds up v8-raytrace by 7.2%.

        * kjs/nodes.cpp:
        (JSC::FunctionBodyNode::FunctionBodyNode): Initialize m_refCount to 0.
        * kjs/nodes.h:
        (JSC::FunctionBodyNode::ref): Call base class ref once, and thereafter use
        m_refCount.
        (JSC::FunctionBodyNode::deref): Ditto, but the deref side.

2008-09-22  Darin Adler  <darin@apple.com>

        Pointed out by Sam Weinig.

        * kjs/Arguments.cpp:
        (JSC::Arguments::fillArgList): Fix bad copy and paste. Oops!

2008-09-22  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - https://bugs.webkit.org/show_bug.cgi?id=20983
          ArgumentsData should have some room to allocate some extra arguments inline

        Speeds up v8-raytrace by 5%.

        * kjs/Arguments.cpp:
        (JSC::ArgumentsData::ArgumentsData): Use a fixed buffer if there are 4 or fewer
        extra arguments.
        (JSC::Arguments::Arguments): Use a fixed buffer if there are 4 or fewer
        extra arguments.
        (JSC::Arguments::~Arguments): Delete the buffer if necessary.
        (JSC::Arguments::mark): Update since extraArguments are now Register.
        (JSC::Arguments::fillArgList): Added special case for the only case that's
        actually used in the practice, when there are no parameters. There are some
        other special cases in there too, but that's the only one that matters.
        (JSC::Arguments::getOwnPropertySlot): Updated to use setValueSlot since there's
        no operation to get you at the JSValue* inside a Register as a "slot".

2008-09-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=21014
        Speed up for..in by using StructureID to avoid calls to hasProperty

        Speeds up fasta by 8%.

        * VM/JSPropertyNameIterator.cpp:
        (JSC::JSPropertyNameIterator::invalidate):
        * VM/JSPropertyNameIterator.h:
        (JSC::JSPropertyNameIterator::next):
        * kjs/PropertyNameArray.h:
        (JSC::PropertyNameArrayData::begin):
        (JSC::PropertyNameArrayData::end):
        (JSC::PropertyNameArrayData::setCachedStructureID):
        (JSC::PropertyNameArrayData::cachedStructureID):
        * kjs/StructureID.cpp:
        (JSC::StructureID::getEnumerablePropertyNames):
        (JSC::structureIDChainsAreEqual):
        * kjs/StructureID.h:

2008-09-22  Kelvin Sherlock  <ksherlock@gmail.com>

        Updated and tweaked by Sam Weinig.

        Reviewed by Geoffrey Garen.

        Bug 20020: Proposed enhancement to JavaScriptCore API
        <https://bugs.webkit.org/show_bug.cgi?id=20020>

        Add JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError, and JSObjectMakeRegExp
        functions to create JavaScript Array, Date, Error, and RegExp objects, respectively.

        * API/JSObjectRef.cpp: The functions
        * API/JSObjectRef.h: Function prototype and documentation
        * JavaScriptCore.exp: Added functions to exported function list
        * API/tests/testapi.c: Added basic functionality tests.

        * kjs/DateConstructor.cpp:
        Replaced static JSObject* constructDate(ExecState* exec, JSObject*, const ArgList& args)
        with JSObject* constructDate(ExecState* exec, const ArgList& args).
        Added static JSObject* constructWithDateConstructor(ExecState* exec, JSObject*, const ArgList& args) function

        * kjs/DateConstructor.h:
        added prototype for JSObject* constructDate(ExecState* exec, const ArgList& args)

        * kjs/ErrorConstructor.cpp:
        removed static qualifier from ErrorInstance* constructError(ExecState* exec, const ArgList& args)

        * kjs/ErrorConstructor.h:
        added prototype for ErrorInstance* constructError(ExecState* exec, const ArgList& args)

        * kjs/RegExpConstructor.cpp:
        removed static qualifier from JSObject* constructRegExp(ExecState* exec, const ArgList& args)

        * kjs/RegExpConstructor.h:
        added prototype for JSObject* constructRegExp(ExecState* exec, const ArgList& args)

2008-09-22  Matt Lilek  <webkit@mattlilek.com>

        Not reviewed, Windows build fix.

        * kjs/Arguments.cpp:
        * kjs/FunctionPrototype.cpp:

2008-09-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Patch for https://bugs.webkit.org/show_bug.cgi?id=20982
        Speed up the apply method of functions by special-casing array and 'arguments' objects

        1% speedup on v8-raytrace.

        Test: fast/js/function-apply.html

        * kjs/Arguments.cpp:
        (JSC::Arguments::fillArgList):
        * kjs/Arguments.h:
        * kjs/FunctionPrototype.cpp:
        (JSC::functionProtoFuncApply):
        * kjs/JSArray.cpp:
        (JSC::JSArray::fillArgList):
        * kjs/JSArray.h:

2008-09-22  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=20993
          Array.push/pop need optimized cases for JSArray

        3% or so speedup on DeltaBlue benchmark.

        * kjs/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncPop): Call JSArray::pop when appropriate.
        (JSC::arrayProtoFuncPush): Call JSArray::push when appropriate.

        * kjs/JSArray.cpp:
        (JSC::JSArray::putSlowCase): Set m_fastAccessCutoff when appropriate, getting
        us into the fast code path.
        (JSC::JSArray::pop): Added.
        (JSC::JSArray::push): Added.
        * kjs/JSArray.h: Added push and pop.

        * kjs/operations.cpp:
        (JSC::throwOutOfMemoryError): Don't inline this. Helps us avoid PIC branches.

2008-09-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Cameron Zwarich.
        
        - speed up instanceof operator by replacing implementsHasInstance method with a TypeInfo flag

        Partial work towards <https://bugs.webkit.org/show_bug.cgi?id=20818>
        
        2.2% speedup on EarleyBoyer benchmark.

        * API/JSCallbackConstructor.cpp:
        * API/JSCallbackConstructor.h:
        (JSC::JSCallbackConstructor::createStructureID):
        * API/JSCallbackFunction.cpp:
        * API/JSCallbackFunction.h:
        (JSC::JSCallbackFunction::createStructureID):
        * API/JSCallbackObject.h:
        (JSC::JSCallbackObject::createStructureID):
        * API/JSCallbackObjectFunctions.h:
        (JSC::::hasInstance):
        * API/JSValueRef.cpp:
        (JSValueIsInstanceOfConstructor):
        * JavaScriptCore.exp:
        * VM/Machine.cpp:
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_instanceof):
        * kjs/InternalFunction.cpp:
        * kjs/InternalFunction.h:
        (JSC::InternalFunction::createStructureID):
        * kjs/JSObject.cpp:
        * kjs/JSObject.h:
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::implementsHasInstance):

2008-09-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Dave Hyatt.
        
        Based on initial work by Darin Adler.
        
        - replace masqueradesAsUndefined virtual method with a flag in TypeInfo
        - use this to JIT inline code for eq_null and neq_null
        https://bugs.webkit.org/show_bug.cgi?id=20823

        0.5% speedup on SunSpider
        ~4% speedup on Richards benchmark
        
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        * VM/Machine.cpp:
        (JSC::jsTypeStringForValue):
        (JSC::jsIsObjectType):
        (JSC::Machine::privateExecute):
        (JSC::Machine::cti_op_is_undefined):
        * VM/Machine.h:
        * kjs/JSCell.h:
        * kjs/JSValue.h:
        * kjs/StringObjectThatMasqueradesAsUndefined.h:
        (JSC::StringObjectThatMasqueradesAsUndefined::create):
        (JSC::StringObjectThatMasqueradesAsUndefined::createStructureID):
        * kjs/StructureID.h:
        (JSC::StructureID::mutableTypeInfo):
        * kjs/TypeInfo.h:
        (JSC::TypeInfo::TypeInfo):
        (JSC::TypeInfo::masqueradesAsUndefined):
        * kjs/operations.cpp:
        (JSC::equal):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::setne_r):
        (JSC::X86Assembler::setnz_r):
        (JSC::X86Assembler::testl_i32m):

2008-09-22  Tor Arne Vestbø  <tavestbo@trolltech.com>

        Reviewed by Simon.

        Initialize QCoreApplication in kjs binary/Shell.cpp
        
        This allows us to use QCoreApplication::instance() to
        get the main thread in ThreadingQt.cpp

        * kjs/Shell.cpp:
        (main):
        * wtf/ThreadingQt.cpp:
        (WTF::initializeThreading):

2008-09-21  Darin Adler  <darin@apple.com>

        - blind attempt to fix non-all-in-one builds

        * kjs/JSGlobalObject.cpp: Added includes of Arguments.h and RegExpObject.h.

2008-09-21  Darin Adler  <darin@apple.com>

        - fix debug build

        * kjs/StructureID.cpp:
        (JSC::StructureID::addPropertyTransition): Use typeInfo().type() instead of m_type.
        (JSC::StructureID::createCachedPrototypeChain): Ditto.

2008-09-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        - introduce a TypeInfo class, for holding per-type (in the C++ class sense) date in StructureID
        https://bugs.webkit.org/show_bug.cgi?id=20981

        * JavaScriptCore.exp:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * VM/CTI.cpp:
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompilePutByIdTransition):
        * VM/Machine.cpp:
        (JSC::jsIsObjectType):
        (JSC::Machine::Machine):
        * kjs/AllInOneFile.cpp:
        * kjs/JSCell.h:
        (JSC::JSCell::isObject):
        (JSC::JSCell::isString):
        * kjs/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        * kjs/JSGlobalObject.h:
        (JSC::StructureID::prototypeForLookup):
        * kjs/JSNumberCell.h:
        (JSC::JSNumberCell::createStructureID):
        * kjs/JSObject.cpp:
        (JSC::JSObject::createInheritorID):
        * kjs/JSObject.h:
        (JSC::JSObject::createStructureID):
        * kjs/JSString.h:
        (JSC::JSString::createStructureID):
        * kjs/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::NativeErrorConstructor):
        * kjs/RegExpConstructor.cpp:
        * kjs/RegExpMatchesArray.h: Added.
        (JSC::RegExpMatchesArray::getOwnPropertySlot):
        (JSC::RegExpMatchesArray::put):
        (JSC::RegExpMatchesArray::deleteProperty):
        (JSC::RegExpMatchesArray::getPropertyNames):
        * kjs/StructureID.cpp:
        (JSC::StructureID::StructureID):
        (JSC::StructureID::addPropertyTransition):
        (JSC::StructureID::toDictionaryTransition):
        (JSC::StructureID::changePrototypeTransition):
        (JSC::StructureID::getterSetterTransition):
        * kjs/StructureID.h:
        (JSC::StructureID::create):
        (JSC::StructureID::typeInfo):
        * kjs/TypeInfo.h: Added.
        (JSC::TypeInfo::TypeInfo):
        (JSC::TypeInfo::type):

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich.

        - fix crash logging into Gmail due to recent Arguments change

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments): Fix window where mark() function could
        see d->extraArguments with uninitialized contents.
        (JSC::Arguments::mark): Check d->extraArguments for 0 to handle two
        cases: 1) Inside the constructor before it's initialized.
        2) numArguments <= numParameters.

2008-09-21  Darin Adler  <darin@apple.com>

        - fix loose end from the "duplicate constant values" patch

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitLoad): Add a special case for values the
        hash table can't handle.

2008-09-21  Mark Rowe  <mrowe@apple.com>

        Fix the non-AllInOneFile build.

        * kjs/Arguments.cpp: Add missing #include.

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Cameron Zwarich and Mark Rowe.

        - fix test failure caused by my recent IndexToNameMap patch

        * kjs/Arguments.cpp:
        (JSC::Arguments::deleteProperty): Added the accidentally-omitted
        check of the boolean result from toArrayIndex.

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - https://bugs.webkit.org/show_bug.cgi?id=20975
          inline immediate-number case of ==

        * VM/CTI.h: Renamed emitJumpSlowCaseIfNotImm to
        emitJumpSlowCaseIfNotImmNum, since the old name was incorrect.

        * VM/CTI.cpp: Updated for new name.
        (JSC::CTI::privateCompileMainPass): Added op_eq.
        (JSC::CTI::privateCompileSlowCases): Added op_eq.

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_eq): Removed fast case, since it's now
        compiled.

2008-09-21  Peter Gal  <galpter@inf.u-szeged.hu>

        Reviewed by Tim Hatcher and Eric Seidel.

        Fix the QT/Linux JavaScriptCore segmentation fault.
        https://bugs.webkit.org/show_bug.cgi?id=20914

        * wtf/ThreadingQt.cpp:
        (WTF::initializeThreading): Use currentThread() if
        platform is not a MAC (like in pre 36541 revisions)

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        * kjs/debugger.h: Removed some unneeded includes and declarations.

2008-09-21  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        - https://bugs.webkit.org/show_bug.cgi?id=20972
          speed up Arguments further by eliminating the IndexToNameMap

        No change on SunSpider. 1.29x as fast on V8 Raytrace.

        * kjs/Arguments.cpp: Moved ArgumentsData in here. Eliminated the
        indexToNameMap and hadDeletes data members. Changed extraArguments into
        an OwnArrayPtr and added deletedArguments, another OwnArrayPtr.
        Replaced numExtraArguments with numParameters, since that's what's
        used more directly in hot code paths.
        (JSC::Arguments::Arguments): Pass in argument count instead of ArgList.
        Initialize ArgumentsData the new way.
        (JSC::Arguments::mark): Updated.
        (JSC::Arguments::getOwnPropertySlot): Overload for the integer form so
        we don't have to convert integers to identifiers just to get an argument.
        Integrated the deleted case with the fast case.
        (JSC::Arguments::put): Ditto.
        (JSC::Arguments::deleteProperty): Ditto.

        * kjs/Arguments.h: Minimized includes. Made everything private. Added
        overloads for the integral property name case. Eliminated mappedIndexSetter.
        Moved ArgumentsData into the .cpp file.

        * kjs/IndexToNameMap.cpp: Emptied out and prepared for deletion.
        * kjs/IndexToNameMap.h: Ditto.

        * kjs/JSActivation.cpp:
        (JSC::JSActivation::createArgumentsObject): Elminated ArgList.

        * GNUmakefile.am:
        * JavaScriptCore.pri:
        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * JavaScriptCoreSources.bkl:
        * kjs/AllInOneFile.cpp:
        Removed IndexToNameMap.

2008-09-21  Darin Adler  <darin@apple.com>

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitLoad): One more tweak: Wrote this in a slightly
        clearer style.

2008-09-21  Judit Jasz  <jasy@inf.u-szeged.hu>

        Reviewed and tweaked by Darin Adler.

        - https://bugs.webkit.org/show_bug.cgi?id=20645
          Elminate duplicate constant values in CodeBlocks.

        Seems to be a wash on SunSpider.

        * VM/CodeGenerator.cpp:
        (JSC::CodeGenerator::emitLoad): Use m_numberMap and m_stringMap to guarantee
        we emit the same JSValue* for identical numbers and strings.
        * VM/CodeGenerator.h: Added overload of emitLoad for const Identifier&.
        Add NumberMap and IdentifierStringMap types and m_numberMap and m_stringMap.
        * kjs/nodes.cpp:
        (JSC::StringNode::emitCode): Call the new emitLoad and let it do the
        JSString creation.

2008-09-21  Paul Pedriana  <webkit@pedriana.com>

        Reviewed and tweaked by Darin Adler.

        - https://bugs.webkit.org/show_bug.cgi?id=16925
          Fixed lack of Vector buffer alignment for both GCC and MSVC.
          Since there's no portable way to do this, for now we don't support
          other compilers.

        * wtf/Vector.h: Added WTF_ALIGH_ON, WTF_ALIGNED, AlignedBufferChar, and AlignedBuffer.
        Use AlignedBuffer insteadof an array of char in VectorBuffer.

2008-09-21  Gabor Loki  <loki@inf.u-szeged.hu>

        Reviewed by Darin Adler.

        - https://bugs.webkit.org/show_bug.cgi?id=19408
          Add lightweight constant folding to the parser for *, /, + (only for numbers), <<, >>, ~ operators.

        1.008x as fast on SunSpider.

        * kjs/grammar.y:
        (makeNegateNode): Fold if expression is a number > 0.
        (makeBitwiseNotNode): Fold if expression is a number.
        (makeMultNode): Fold if expressions are both numbers.
        (makeDivNode): Fold if expressions are both numbers.
        (makeAddNode): Fold if expressions are both numbers.
        (makeLeftShiftNode): Fold if expressions are both numbers.
        (makeRightShiftNode): Fold if expressions are both numbers.

2008-09-21  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Oliver.
        
        - speed up === operator by generating inline machine code for the fast paths
        https://bugs.webkit.org/show_bug.cgi?id=20820

        * VM/CTI.cpp:
        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumber):
        (JSC::CTI::emitJumpSlowCaseIfNotImmediateNumbers):
        (JSC::CTI::emitJumpSlowCaseIfNotImmediates):
        (JSC::CTI::emitTagAsBoolImmediate):
        (JSC::CTI::privateCompileMainPass):
        (JSC::CTI::privateCompileSlowCases):
        * VM/CTI.h:
        * VM/Machine.cpp:
        (JSC::Machine::cti_op_stricteq):
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::sete_r):
        (JSC::X86Assembler::setz_r):
        (JSC::X86Assembler::movzbl_rr):
        (JSC::X86Assembler::emitUnlinkedJnz):

2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Free memory allocated for extra arguments in the destructor of the
        Arguments object.

        * kjs/Arguments.cpp:
        (JSC::Arguments::~Arguments):
        * kjs/Arguments.h:

2008-09-21  Cameron Zwarich  <cwzwarich@uwaterloo.ca>

        Reviewed by Maciej Stachowiak.

        Bug 20815: 'arguments' object creation is non-optimal
        <https://bugs.webkit.org/show_bug.cgi?id=20815>

        Fix our inefficient way of creating the arguments object by only
        creating named properties for each of the arguments after a use of the
        'delete' statement. This patch also speeds up access to the 'arguments'
        object slightly, but it still does not use the array fast path for
        indexed access that exists for many opcodes.

        This is about a 20% improvement on the V8 Raytrace benchmark, and a 1.5%
        improvement on the Earley-Boyer benchmark, which gives a 4% improvement
        overall.

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments):
        (JSC::Arguments::mark):
        (JSC::Arguments::getOwnPropertySlot):
        (JSC::Arguments::put):
        (JSC::Arguments::deleteProperty):
        * kjs/Arguments.h:
        (JSC::Arguments::ArgumentsData::ArgumentsData):
        * kjs/IndexToNameMap.h:
        (JSC::IndexToNameMap::size):
        * kjs/JSActivation.cpp:
        (JSC::JSActivation::createArgumentsObject):
        * kjs/JSActivation.h:
        (JSC::JSActivation::uncheckedSymbolTableGet):
        (JSC::JSActivation::uncheckedSymbolTableGetValue):
        (JSC::JSActivation::uncheckedSymbolTablePut):
        * kjs/JSFunction.h:
        (JSC::JSFunction::numParameters):

2008-09-20  Darin Adler  <darin@apple.com>

        Reviewed by Mark Rowe.

        - fix crash seen on buildbot

        * kjs/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::mark): Add back mark of arrayPrototype,
        deleted by accident in my recent check-in.

2008-09-20  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed, build fix.
        
        - speculative fix for non-AllInOne builds

        * kjs/operations.h:

2008-09-20  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.
        
        - assorted optimizations to === and !== operators
        (work towards <https://bugs.webkit.org/show_bug.cgi?id=20820>)
        
        2.5% speedup on earley-boyer test

        * VM/Machine.cpp:
        (JSC::Machine::cti_op_stricteq): Use inline version of
        strictEqualSlowCase; remove unneeded exception check.
        (JSC::Machine::cti_op_nstricteq): ditto
        * kjs/operations.cpp:
        (JSC::strictEqual): Use strictEqualSlowCaseInline
        (JSC::strictEqualSlowCase): ditto
        * kjs/operations.h:
        (JSC::strictEqualSlowCaseInline): Version of strictEqualSlowCase that can be inlined,
        since the extra function call indirection is a lose for CTI.

2008-09-20  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        - finish https://bugs.webkit.org/show_bug.cgi?id=20858
          make each distinct C++ class get a distinct JSC::Structure

        This also includes some optimizations that make the change an overall
        small speedup. Without those it was a bit of a slowdown.

        * API/JSCallbackConstructor.cpp:
        (JSC::JSCallbackConstructor::JSCallbackConstructor): Take a structure.
        * API/JSCallbackConstructor.h: Ditto.
        * API/JSCallbackFunction.cpp:
        (JSC::JSCallbackFunction::JSCallbackFunction): Pass a structure.
        * API/JSCallbackObject.h: Take a structure.
        * API/JSCallbackObjectFunctions.h:
        (JSC::JSCallbackObject::JSCallbackObject): Ditto.

        * API/JSClassRef.cpp:
        (OpaqueJSClass::prototype): Pass in a structure. Call setPrototype
        if there's a custom prototype involved.
        * API/JSObjectRef.cpp:
        (JSObjectMake): Ditto.
        (JSObjectMakeConstructor): Pass in a structure.

        * JavaScriptCore.exp: Updated.

        * VM/Machine.cpp:
        (JSC::jsLess): Added a special case for when both arguments are strings.
        This avoids converting both strings to with UString::toDouble.
        (JSC::jsLessEq): Ditto.
        (JSC::Machine::privateExecute): Pass in a structure.
        (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
        (JSC::Machine::cti_op_new_regexp): Ditto.
        (JSC::Machine::cti_op_is_string): Ditto.
        * VM/Machine.h: Made isJSString public so it can be used in the CTI.

        * kjs/Arguments.cpp:
        (JSC::Arguments::Arguments): Pass in a structure.

        * kjs/JSCell.h: Mark constructor explicit.

        * kjs/JSGlobalObject.cpp:
        (JSC::markIfNeeded): Added an overload for marking structures.
        (JSC::JSGlobalObject::reset): Eliminate code to set data members to
        zero. We now do that in the constructor, and we no longer use this
        anywhere except in the constructor. Added code to create structures.
        Pass structures rather than prototypes when creating objects.
        (JSC::JSGlobalObject::mark): Mark the structures.

        * kjs/JSGlobalObject.h: Removed unneeded class declarations.
        Added initializers for raw pointers in JSGlobalObjectData so
        everything starts with a 0. Added structure data and accessor
        functions.

        * kjs/JSImmediate.cpp:
        (JSC::JSImmediate::nonInlineNaN): Added.
        * kjs/JSImmediate.h:
        (JSC::JSImmediate::toDouble): Rewrote to avoid PIC branches.

        * kjs/JSNumberCell.cpp:
        (JSC::jsNumberCell): Made non-inline to avoid PIC branches
        in functions that call this one.
        (JSC::jsNaN): Ditto.
        * kjs/JSNumberCell.h: Ditto.

        * kjs/JSObject.h: Removed constructor that takes a prototype.
        All callers now pass structures.

        * kjs/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::ArrayConstructor):
        (JSC::constructArrayWithSizeQuirk):
        * kjs/ArrayConstructor.h:
        * kjs/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::ArrayPrototype):
        * kjs/ArrayPrototype.h:
        * kjs/BooleanConstructor.cpp:
        (JSC::BooleanConstructor::BooleanConstructor):
        (JSC::constructBoolean):
        (JSC::constructBooleanFromImmediateBoolean):
        * kjs/BooleanConstructor.h:
        * kjs/BooleanObject.cpp:
        (JSC::BooleanObject::BooleanObject):
        * kjs/BooleanObject.h:
        * kjs/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::BooleanPrototype):
        * kjs/BooleanPrototype.h:
        * kjs/DateConstructor.cpp:
        (JSC::DateConstructor::DateConstructor):
        (JSC::constructDate):
        * kjs/DateConstructor.h:
        * kjs/DateInstance.cpp:
        (JSC::DateInstance::DateInstance):
        * kjs/DateInstance.h:
        * kjs/DatePrototype.cpp:
        (JSC::DatePrototype::DatePrototype):
        * kjs/DatePrototype.h:
        * kjs/ErrorConstructor.cpp:
        (JSC::ErrorConstructor::ErrorConstructor):
        (JSC::constructError):
        * kjs/ErrorConstructor.h:
        * kjs/ErrorInstance.cpp:
        (JSC::Er