1 2008-10-13 Alp Toker <alp@nuanti.com>
3 Fix autotools dist build target by listing recently added header
4 files only. Not reviewed.
8 2008-10-13 Maciej Stachowiak <mjs@apple.com>
10 Rubber stamped by Mark Rowe.
12 - fixed <rdar://problem/5806316> JavaScriptCore should not force building with gcc 4.0
13 - use gcc 4.2 when building with Xcode 3.1 or newer on Leopard, even though this is not the default
15 * Configurations/DebugRelease.xcconfig:
16 * JavaScriptCore.xcodeproj/project.pbxproj:
18 2008-10-13 Cameron Zwarich <zwarich@apple.com>
20 Reviewed by Geoff Garen.
22 Bug 21541: Move RegisterFile growth check to callee
23 <https://bugs.webkit.org/show_bug.cgi?id=21541>
25 Move the RegisterFile growth check to the callee in the common case,
26 where some of the information is known statically at JIT time. There is
27 still a check in the caller in the case where the caller provides too
30 This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
31 the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
32 1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
36 (JSC::CTI::privateCompile):
38 (JSC::Machine::cti_register_file_check):
39 (JSC::Machine::cti_op_call_JSFunction):
40 (JSC::Machine::cti_op_construct_JSConstruct):
43 * masm/X86Assembler.h:
44 (JSC::X86Assembler::):
45 (JSC::X86Assembler::cmpl_mr):
46 (JSC::X86Assembler::emitUnlinkedJg):
48 2008-10-13 Sam Weinig <sam@webkit.org>
50 Reviewed by Dan Bernstein.
52 Fix for https://bugs.webkit.org/show_bug.cgi?id=21577
53 5 false positive StructureID leaks
55 - Add leak ignore set to StructureID to selectively ignore leaking some StructureIDs.
56 - Add create method to JSGlolalData to be used when the data will be intentionally
57 leaked and ignore all leaks caused the StructureIDs stored in it.
60 * kjs/JSGlobalData.cpp:
61 (JSC::JSGlobalData::createLeaked):
63 * kjs/StructureID.cpp:
64 (JSC::StructureID::StructureID):
65 (JSC::StructureID::~StructureID):
66 (JSC::StructureID::startIgnoringLeaks):
67 (JSC::StructureID::stopIgnoringLeaks):
70 2008-10-13 Marco Barisione <marco.barisione@collabora.co.uk>
72 Reviewed by Darin Adler. Landed by Jan Alonzo.
74 WebKit GTK Port needs a smartpointer to handle g_free (GFreePtr?)
75 http://bugs.webkit.org/show_bug.cgi?id=20483
77 Add a GOwnPtr smart pointer (similar to OwnPtr) to handle memory
78 allocated by GLib and start the conversion to use it.
81 * wtf/GOwnPtr.cpp: Added.
88 * wtf/GOwnPtr.h: Added.
90 (WTF::GOwnPtr::GOwnPtr):
91 (WTF::GOwnPtr::~GOwnPtr):
93 (WTF::GOwnPtr::release):
94 (WTF::GOwnPtr::rawPtr):
96 (WTF::GOwnPtr::clear):
97 (WTF::GOwnPtr::operator*):
98 (WTF::GOwnPtr::operator->):
99 (WTF::GOwnPtr::operator!):
100 (WTF::GOwnPtr::operator UnspecifiedBoolType):
101 (WTF::GOwnPtr::swap):
107 * wtf/ThreadingGtk.cpp:
108 (WTF::Mutex::~Mutex):
110 (WTF::Mutex::tryLock):
111 (WTF::Mutex::unlock):
112 (WTF::ThreadCondition::~ThreadCondition):
113 (WTF::ThreadCondition::wait):
114 (WTF::ThreadCondition::timedWait):
115 (WTF::ThreadCondition::signal):
116 (WTF::ThreadCondition::broadcast):
118 2008-10-12 Gabriella Toth <gtoth@inf.u-szeged.hu>
120 Reviewed by Darin Adler.
122 - part of https://bugs.webkit.org/show_bug.cgi?id=21055
123 Bug 21055: not invoked functions
125 * kjs/nodes.cpp: Deleted a function that is not invoked:
126 statementListInitializeVariableAccessStack.
128 2008-10-12 Darin Adler <darin@apple.com>
130 Reviewed by Sam Weinig.
132 * wtf/unicode/icu/UnicodeIcu.h: Fixed indentation to match WebKit coding style.
133 * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
135 2008-10-12 Darin Adler <darin@apple.com>
137 Reviewed by Sam Weinig.
139 - https://bugs.webkit.org/show_bug.cgi?id=21556
140 Bug 21556: non-ASCII digits are allowed in places where only ASCII should be
142 * wtf/unicode/icu/UnicodeIcu.h: Removed isDigit, digitValue, and isFormatChar.
143 * wtf/unicode/qt4/UnicodeQt4.h: Ditto.
145 2008-10-12 Anders Carlsson <andersca@apple.com>
147 Reviewed by Darin Adler.
149 Make the append method that takes a Vector more strict - it now requires the elements
150 of the vector to be appended same type as the elements of the Vector they're being appended to.
152 This would cause problems when dealing with Vectors containing other Vectors.
157 2008-10-11 Cameron Zwarich <zwarich@apple.com>
159 Reviewed by Sam Weinig.
161 Clean up RegExpMatchesArray.h to match our coding style.
163 * kjs/RegExpMatchesArray.h:
164 (JSC::RegExpMatchesArray::getOwnPropertySlot):
165 (JSC::RegExpMatchesArray::put):
166 (JSC::RegExpMatchesArray::deleteProperty):
167 (JSC::RegExpMatchesArray::getPropertyNames):
169 2008-10-11 Cameron Zwarich <zwarich@apple.com>
171 Reviewed by Sam Weinig.
173 Bug 21525: 55 StructureID leaks on Wikitravel's main page
174 <https://bugs.webkit.org/show_bug.cgi?id=21525>
176 Bug 21533: Simple JavaScript code leaks StructureIDs
177 <https://bugs.webkit.org/show_bug.cgi?id=21533>
179 StructureID::getEnumerablePropertyNames() ends up calling back to itself
180 via JSObject::getPropertyNames(), which causes the PropertyNameArray to
181 be cached twice. This leads to a memory leak in almost every use of
182 JSObject::getPropertyNames() on an object. The fix here is based on a
183 suggestion of Sam Weinig.
185 This patch also fixes every StructureID leaks that occurs while running
186 the Mozilla MemBuster test.
188 * kjs/PropertyNameArray.h:
189 (JSC::PropertyNameArray::PropertyNameArray):
190 (JSC::PropertyNameArray::setCacheable):
191 (JSC::PropertyNameArray::cacheable):
192 * kjs/StructureID.cpp:
193 (JSC::StructureID::getEnumerablePropertyNames):
195 2008-10-10 Oliver Hunt <oliver@apple.com>
197 Reviewed by Cameron Zwarich.
199 Use fastcall calling convention on GCC > 4.0
201 Results in a 2-3% improvement in GCC 4.2 performance, so
202 that it is no longer a regression vs. GCC 4.0
208 2008-10-10 Sam Weinig <sam@webkit.org>
210 Reviewed by Darin Adler.
212 - Add a workaround for a bug in ceil in Darwin libc.
213 - Remove old workarounds for JS math functions that are not needed
216 The math functions are heavily tested by fast/js/math.html.
218 * kjs/MathObject.cpp:
219 (JSC::mathProtoFuncAbs): Remove workaround.
220 (JSC::mathProtoFuncCeil): Ditto.
221 (JSC::mathProtoFuncFloor): Ditto.
223 (wtf_ceil): Add ceil workaround for darwin.
225 2008-10-10 Sam Weinig <sam@webkit.org>
227 Reviewed by Darin Adler
229 Add Assertions to JSObject constructor.
232 (JSC::JSObject::JSObject):
234 2008-10-10 Sam Weinig <sam@webkit.org>
236 Reviewed by Cameron Zwarich.
238 Remove now unused m_getterSetterFlag variable from PropertyMap.
240 * kjs/PropertyMap.cpp:
241 (JSC::PropertyMap::operator=):
243 (JSC::PropertyMap::PropertyMap):
245 2008-10-09 Sam Weinig <sam@webkit.org>
247 Reviewed by Maciej Stachowiak.
249 Add leaks checking to StructureID.
251 * kjs/StructureID.cpp:
252 (JSC::StructureID::StructureID):
253 (JSC::StructureID::~StructureID):
255 2008-10-09 Alp Toker <alp@nuanti.com>
257 Reviewed by Mark Rowe.
259 https://bugs.webkit.org/show_bug.cgi?id=20760
260 Implement support for x86 Linux in CTI
262 Prepare to enable CTI/WREC on supported architectures.
264 Make it possible to use the CTI_ARGUMENT workaround with GCC as well
265 as MSVC by fixing some preprocessor conditionals.
267 Note that CTI/WREC no longer requires CTI_ARGUMENT on Linux so we
268 don't actually enable it except when building with MSVC. GCC on Win32
271 Adapt inline ASM code to use the global symbol underscore prefix only
272 on Darwin and to call the properly mangled Machine::cti_vm_throw
273 symbol name depending on CTI_ARGUMENT.
275 Also avoid global inclusion of the JIT infrastructure headers
276 throughout WebCore and WebKit causing recompilation of about ~1500
277 source files after modification to X86Assembler.h, CTI.h, WREC.h,
278 which are only used deep inside JavaScriptCore.
286 (JSC::RegExp::RegExp):
287 (JSC::RegExp::~RegExp):
288 (JSC::RegExp::match):
290 * masm/X86Assembler.h:
291 (JSC::X86Assembler::emitConvertToFastCall):
292 (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
293 (JSC::X86Assembler::emitRestoreArgumentReference):
295 2008-10-09 Gavin Barraclough <barraclough@apple.com>
297 Reviewed by Cameron Zwarich.
299 Fix for bug #21160, x=0;1/(x*-1) == -Infinity
303 (JSC::CTI::emitFastArithDeTagImmediate):
304 (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero):
305 (JSC::CTI::compileBinaryArithOp):
306 (JSC::CTI::compileBinaryArithOpSlowCase):
307 (JSC::CTI::privateCompileMainPass):
308 (JSC::CTI::privateCompileSlowCases):
310 * masm/X86Assembler.h:
311 (JSC::X86Assembler::):
312 (JSC::X86Assembler::emitUnlinkedJs):
314 2008-10-09 Cameron Zwarich <zwarich@apple.com>
316 Reviewed by Oliver Hunt.
318 Bug 21459: REGRESSION (r37324): Safari crashes inside JavaScriptCore while browsing hulu.com
319 <https://bugs.webkit.org/show_bug.cgi?id=21459>
321 After r37324, an Arguments object does not mark an associated activation
322 object. This change was made because Arguments no longer directly used
323 the activation object in any way. However, if an activation is torn off,
324 then the backing store of Arguments becomes the register array of the
325 activation object. Arguments directly marks all of the arguments, but
326 the activation object is being collected, which causes its register
327 array to be freed and new memory to be allocated in its place.
329 Unfortunately, it does not seem possible to reproduce this issue in a
333 (JSC::Arguments::mark):
335 (JSC::Arguments::setActivation):
336 (JSC::Arguments::Arguments):
337 (JSC::JSActivation::copyRegisters):
339 2008-10-09 Ariya Hidayat <ariya.hidayat@trolltech.com>
345 * wtf/AlwaysInline.h:
347 2008-10-08 Cameron Zwarich <zwarich@apple.com>
349 Reviewed by Maciej Stachowiak.
351 Bug 21497: REGRESSION (r37433): Bytecode JSC tests are severely broken
352 <https://bugs.webkit.org/show_bug.cgi?id=21497>
354 Fix a typo in r37433 that causes the failure of a large number of JSC
355 tests with the bytecode interpreter enabled.
358 (JSC::Machine::privateExecute):
360 2008-10-08 Mark Rowe <mrowe@apple.com>
365 (JSC::): Update type of argument to ctiTrampoline.
367 2008-10-08 Darin Adler <darin@apple.com>
369 Reviewed by Cameron Zwarich.
371 - https://bugs.webkit.org/show_bug.cgi?id=21403
372 Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
374 Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
375 client over to the new name.
377 Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
378 as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
379 accessor functions to get at things in the frame.
381 Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
382 JSGlobalData* and in other cases eliminating them entirely.
384 * API/JSObjectRef.cpp:
385 (JSObjectMakeFunctionWithCallback):
386 (JSObjectMakeFunction):
387 (JSObjectHasProperty):
388 (JSObjectGetProperty):
389 (JSObjectSetProperty):
390 (JSObjectDeleteProperty):
391 * API/OpaqueJSString.cpp:
392 * API/OpaqueJSString.h:
394 (JSC::CTI::getConstant):
395 (JSC::CTI::emitGetArg):
396 (JSC::CTI::emitGetPutArg):
397 (JSC::CTI::getConstantImmediateNumericArg):
398 (JSC::CTI::printOpcodeOperandTypes):
400 (JSC::CTI::compileOpCall):
401 (JSC::CTI::compileBinaryArithOp):
402 (JSC::CTI::privateCompileMainPass):
403 (JSC::CTI::privateCompile):
404 (JSC::CTI::privateCompileGetByIdProto):
405 (JSC::CTI::privateCompileGetByIdChain):
406 (JSC::CTI::compileRegExp):
409 * VM/CodeGenerator.cpp:
410 (JSC::CodeGenerator::emitEqualityOp):
411 (JSC::CodeGenerator::emitLoad):
412 (JSC::CodeGenerator::emitUnexpectedLoad):
413 (JSC::CodeGenerator::emitConstruct):
414 * VM/CodeGenerator.h:
418 (JSC::jsAddSlowCase):
420 (JSC::jsTypeStringForValue):
421 (JSC::Machine::resolve):
422 (JSC::Machine::resolveSkip):
423 (JSC::Machine::resolveGlobal):
424 (JSC::inlineResolveBase):
425 (JSC::Machine::resolveBase):
426 (JSC::Machine::resolveBaseAndProperty):
427 (JSC::Machine::resolveBaseAndFunc):
428 (JSC::Machine::slideRegisterWindowForCall):
430 (JSC::Machine::callEval):
431 (JSC::Machine::dumpCallFrame):
432 (JSC::Machine::dumpRegisters):
433 (JSC::Machine::unwindCallFrame):
434 (JSC::Machine::throwException):
435 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
436 (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
437 (JSC::Machine::execute):
438 (JSC::Machine::debug):
439 (JSC::Machine::createExceptionScope):
440 (JSC::cachePrototypeChain):
441 (JSC::Machine::tryCachePutByID):
442 (JSC::Machine::tryCacheGetByID):
443 (JSC::Machine::privateExecute):
444 (JSC::Machine::retrieveArguments):
445 (JSC::Machine::retrieveCaller):
446 (JSC::Machine::retrieveLastCaller):
447 (JSC::Machine::findFunctionCallFrame):
448 (JSC::Machine::getArgumentsData):
449 (JSC::Machine::tryCTICachePutByID):
450 (JSC::Machine::getCTIArrayLengthTrampoline):
451 (JSC::Machine::getCTIStringLengthTrampoline):
452 (JSC::Machine::tryCTICacheGetByID):
453 (JSC::Machine::cti_op_convert_this):
454 (JSC::Machine::cti_op_end):
455 (JSC::Machine::cti_op_add):
456 (JSC::Machine::cti_op_pre_inc):
457 (JSC::Machine::cti_timeout_check):
458 (JSC::Machine::cti_op_loop_if_less):
459 (JSC::Machine::cti_op_loop_if_lesseq):
460 (JSC::Machine::cti_op_new_object):
461 (JSC::Machine::cti_op_put_by_id):
462 (JSC::Machine::cti_op_put_by_id_second):
463 (JSC::Machine::cti_op_put_by_id_generic):
464 (JSC::Machine::cti_op_put_by_id_fail):
465 (JSC::Machine::cti_op_get_by_id):
466 (JSC::Machine::cti_op_get_by_id_second):
467 (JSC::Machine::cti_op_get_by_id_generic):
468 (JSC::Machine::cti_op_get_by_id_fail):
469 (JSC::Machine::cti_op_instanceof):
470 (JSC::Machine::cti_op_del_by_id):
471 (JSC::Machine::cti_op_mul):
472 (JSC::Machine::cti_op_new_func):
473 (JSC::Machine::cti_op_call_JSFunction):
474 (JSC::Machine::cti_vm_compile):
475 (JSC::Machine::cti_op_push_activation):
476 (JSC::Machine::cti_op_call_NotJSFunction):
477 (JSC::Machine::cti_op_create_arguments):
478 (JSC::Machine::cti_op_tear_off_activation):
479 (JSC::Machine::cti_op_tear_off_arguments):
480 (JSC::Machine::cti_op_ret_profiler):
481 (JSC::Machine::cti_op_ret_scopeChain):
482 (JSC::Machine::cti_op_new_array):
483 (JSC::Machine::cti_op_resolve):
484 (JSC::Machine::cti_op_construct_JSConstruct):
485 (JSC::Machine::cti_op_construct_NotJSConstruct):
486 (JSC::Machine::cti_op_get_by_val):
487 (JSC::Machine::cti_op_resolve_func):
488 (JSC::Machine::cti_op_sub):
489 (JSC::Machine::cti_op_put_by_val):
490 (JSC::Machine::cti_op_put_by_val_array):
491 (JSC::Machine::cti_op_lesseq):
492 (JSC::Machine::cti_op_loop_if_true):
493 (JSC::Machine::cti_op_negate):
494 (JSC::Machine::cti_op_resolve_base):
495 (JSC::Machine::cti_op_resolve_skip):
496 (JSC::Machine::cti_op_resolve_global):
497 (JSC::Machine::cti_op_div):
498 (JSC::Machine::cti_op_pre_dec):
499 (JSC::Machine::cti_op_jless):
500 (JSC::Machine::cti_op_not):
501 (JSC::Machine::cti_op_jtrue):
502 (JSC::Machine::cti_op_post_inc):
503 (JSC::Machine::cti_op_eq):
504 (JSC::Machine::cti_op_lshift):
505 (JSC::Machine::cti_op_bitand):
506 (JSC::Machine::cti_op_rshift):
507 (JSC::Machine::cti_op_bitnot):
508 (JSC::Machine::cti_op_resolve_with_base):
509 (JSC::Machine::cti_op_new_func_exp):
510 (JSC::Machine::cti_op_mod):
511 (JSC::Machine::cti_op_less):
512 (JSC::Machine::cti_op_neq):
513 (JSC::Machine::cti_op_post_dec):
514 (JSC::Machine::cti_op_urshift):
515 (JSC::Machine::cti_op_bitxor):
516 (JSC::Machine::cti_op_new_regexp):
517 (JSC::Machine::cti_op_bitor):
518 (JSC::Machine::cti_op_call_eval):
519 (JSC::Machine::cti_op_throw):
520 (JSC::Machine::cti_op_get_pnames):
521 (JSC::Machine::cti_op_next_pname):
522 (JSC::Machine::cti_op_push_scope):
523 (JSC::Machine::cti_op_pop_scope):
524 (JSC::Machine::cti_op_typeof):
525 (JSC::Machine::cti_op_to_jsnumber):
526 (JSC::Machine::cti_op_in):
527 (JSC::Machine::cti_op_push_new_scope):
528 (JSC::Machine::cti_op_jmp_scopes):
529 (JSC::Machine::cti_op_put_by_index):
530 (JSC::Machine::cti_op_switch_imm):
531 (JSC::Machine::cti_op_switch_char):
532 (JSC::Machine::cti_op_switch_string):
533 (JSC::Machine::cti_op_del_by_val):
534 (JSC::Machine::cti_op_put_getter):
535 (JSC::Machine::cti_op_put_setter):
536 (JSC::Machine::cti_op_new_error):
537 (JSC::Machine::cti_op_debug):
538 (JSC::Machine::cti_vm_throw):
543 * kjs/DebuggerCallFrame.cpp:
544 (JSC::DebuggerCallFrame::functionName):
545 (JSC::DebuggerCallFrame::type):
546 (JSC::DebuggerCallFrame::thisObject):
547 (JSC::DebuggerCallFrame::evaluate):
548 * kjs/DebuggerCallFrame.h:
550 (JSC::CallFrame::thisValue):
552 * kjs/FunctionConstructor.cpp:
553 (JSC::constructFunction):
554 * kjs/JSActivation.cpp:
555 (JSC::JSActivation::JSActivation):
556 (JSC::JSActivation::argumentsGetter):
557 * kjs/JSActivation.h:
558 * kjs/JSGlobalObject.cpp:
559 (JSC::JSGlobalObject::init):
560 * kjs/JSGlobalObjectFunctions.cpp:
561 (JSC::globalFuncEval):
562 * kjs/JSVariableObject.h:
564 (JSC::Parser::parse):
565 * kjs/RegExpConstructor.cpp:
566 (JSC::constructRegExp):
567 * kjs/RegExpPrototype.cpp:
568 (JSC::regExpProtoFuncCompile):
571 * kjs/StringPrototype.cpp:
572 (JSC::stringProtoFuncMatch):
573 (JSC::stringProtoFuncSearch):
574 * kjs/identifier.cpp:
575 (JSC::Identifier::checkSameIdentifierTable):
576 * kjs/interpreter.cpp:
577 (JSC::Interpreter::checkSyntax):
578 (JSC::Interpreter::evaluate):
580 (JSC::ThrowableExpressionData::emitThrowError):
581 (JSC::RegExpNode::emitCode):
582 (JSC::ArrayNode::emitCode):
583 (JSC::InstanceOfNode::emitCode):
586 (JSC::RegExp::RegExp):
587 (JSC::RegExp::create):
589 * profiler/HeavyProfile.h:
590 * profiler/Profile.h:
594 2008-10-08 Mark Rowe <mrowe@apple.com>
596 Typed by Maciej Stachowiak, reviewed by Mark Rowe.
598 Fix crash in fast/js/constant-folding.html with CTI disabled.
601 (JSC::Machine::privateExecute):
603 2008-10-08 Timothy Hatcher <timothy@apple.com>
605 Roll out r37427 because it causes an infinite recursion loading about:blank.
607 https://bugs.webkit.org/show_bug.cgi?id=21476
609 2008-10-08 Darin Adler <darin@apple.com>
611 Reviewed by Cameron Zwarich.
613 - https://bugs.webkit.org/show_bug.cgi?id=21403
614 Bug 21403: use new CallFrame class rather than Register* for call frame manipulation
616 Add CallFrame as a synonym for ExecState. Arguably, some day we should switch every
617 client over to the new name.
619 Use CallFrame* consistently rather than Register* or ExecState* in low-level code such
620 as Machine.cpp and CTI.cpp. Similarly, use callFrame rather than r as its name and use
621 accessor functions to get at things in the frame.
623 Eliminate other uses of ExecState* that aren't needed, replacing in some cases with
624 JSGlobalData* and in other cases eliminating them entirely.
626 * API/JSObjectRef.cpp:
627 (JSObjectMakeFunctionWithCallback):
628 (JSObjectMakeFunction):
629 (JSObjectHasProperty):
630 (JSObjectGetProperty):
631 (JSObjectSetProperty):
632 (JSObjectDeleteProperty):
633 * API/OpaqueJSString.cpp:
634 * API/OpaqueJSString.h:
636 (JSC::CTI::getConstant):
637 (JSC::CTI::emitGetArg):
638 (JSC::CTI::emitGetPutArg):
639 (JSC::CTI::getConstantImmediateNumericArg):
640 (JSC::CTI::printOpcodeOperandTypes):
642 (JSC::CTI::compileOpCall):
643 (JSC::CTI::compileBinaryArithOp):
644 (JSC::CTI::privateCompileMainPass):
645 (JSC::CTI::privateCompile):
646 (JSC::CTI::privateCompileGetByIdProto):
647 (JSC::CTI::privateCompileGetByIdChain):
648 (JSC::CTI::compileRegExp):
651 * VM/CodeGenerator.cpp:
652 (JSC::CodeGenerator::emitEqualityOp):
653 (JSC::CodeGenerator::emitLoad):
654 (JSC::CodeGenerator::emitUnexpectedLoad):
655 (JSC::CodeGenerator::emitConstruct):
656 * VM/CodeGenerator.h:
660 (JSC::jsAddSlowCase):
662 (JSC::jsTypeStringForValue):
663 (JSC::Machine::resolve):
664 (JSC::Machine::resolveSkip):
665 (JSC::Machine::resolveGlobal):
666 (JSC::inlineResolveBase):
667 (JSC::Machine::resolveBase):
668 (JSC::Machine::resolveBaseAndProperty):
669 (JSC::Machine::resolveBaseAndFunc):
670 (JSC::Machine::slideRegisterWindowForCall):
672 (JSC::Machine::callEval):
673 (JSC::Machine::dumpCallFrame):
674 (JSC::Machine::dumpRegisters):
675 (JSC::Machine::unwindCallFrame):
676 (JSC::Machine::throwException):
677 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
678 (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
679 (JSC::Machine::execute):
680 (JSC::Machine::debug):
681 (JSC::Machine::createExceptionScope):
682 (JSC::cachePrototypeChain):
683 (JSC::Machine::tryCachePutByID):
684 (JSC::Machine::tryCacheGetByID):
685 (JSC::Machine::privateExecute):
686 (JSC::Machine::retrieveArguments):
687 (JSC::Machine::retrieveCaller):
688 (JSC::Machine::retrieveLastCaller):
689 (JSC::Machine::findFunctionCallFrame):
690 (JSC::Machine::getArgumentsData):
691 (JSC::Machine::tryCTICachePutByID):
692 (JSC::Machine::getCTIArrayLengthTrampoline):
693 (JSC::Machine::getCTIStringLengthTrampoline):
694 (JSC::Machine::tryCTICacheGetByID):
695 (JSC::Machine::cti_op_convert_this):
696 (JSC::Machine::cti_op_end):
697 (JSC::Machine::cti_op_add):
698 (JSC::Machine::cti_op_pre_inc):
699 (JSC::Machine::cti_timeout_check):
700 (JSC::Machine::cti_op_loop_if_less):
701 (JSC::Machine::cti_op_loop_if_lesseq):
702 (JSC::Machine::cti_op_new_object):
703 (JSC::Machine::cti_op_put_by_id):
704 (JSC::Machine::cti_op_put_by_id_second):
705 (JSC::Machine::cti_op_put_by_id_generic):
706 (JSC::Machine::cti_op_put_by_id_fail):
707 (JSC::Machine::cti_op_get_by_id):
708 (JSC::Machine::cti_op_get_by_id_second):
709 (JSC::Machine::cti_op_get_by_id_generic):
710 (JSC::Machine::cti_op_get_by_id_fail):
711 (JSC::Machine::cti_op_instanceof):
712 (JSC::Machine::cti_op_del_by_id):
713 (JSC::Machine::cti_op_mul):
714 (JSC::Machine::cti_op_new_func):
715 (JSC::Machine::cti_op_call_JSFunction):
716 (JSC::Machine::cti_vm_compile):
717 (JSC::Machine::cti_op_push_activation):
718 (JSC::Machine::cti_op_call_NotJSFunction):
719 (JSC::Machine::cti_op_create_arguments):
720 (JSC::Machine::cti_op_tear_off_activation):
721 (JSC::Machine::cti_op_tear_off_arguments):
722 (JSC::Machine::cti_op_ret_profiler):
723 (JSC::Machine::cti_op_ret_scopeChain):
724 (JSC::Machine::cti_op_new_array):
725 (JSC::Machine::cti_op_resolve):
726 (JSC::Machine::cti_op_construct_JSConstruct):
727 (JSC::Machine::cti_op_construct_NotJSConstruct):
728 (JSC::Machine::cti_op_get_by_val):
729 (JSC::Machine::cti_op_resolve_func):
730 (JSC::Machine::cti_op_sub):
731 (JSC::Machine::cti_op_put_by_val):
732 (JSC::Machine::cti_op_put_by_val_array):
733 (JSC::Machine::cti_op_lesseq):
734 (JSC::Machine::cti_op_loop_if_true):
735 (JSC::Machine::cti_op_negate):
736 (JSC::Machine::cti_op_resolve_base):
737 (JSC::Machine::cti_op_resolve_skip):
738 (JSC::Machine::cti_op_resolve_global):
739 (JSC::Machine::cti_op_div):
740 (JSC::Machine::cti_op_pre_dec):
741 (JSC::Machine::cti_op_jless):
742 (JSC::Machine::cti_op_not):
743 (JSC::Machine::cti_op_jtrue):
744 (JSC::Machine::cti_op_post_inc):
745 (JSC::Machine::cti_op_eq):
746 (JSC::Machine::cti_op_lshift):
747 (JSC::Machine::cti_op_bitand):
748 (JSC::Machine::cti_op_rshift):
749 (JSC::Machine::cti_op_bitnot):
750 (JSC::Machine::cti_op_resolve_with_base):
751 (JSC::Machine::cti_op_new_func_exp):
752 (JSC::Machine::cti_op_mod):
753 (JSC::Machine::cti_op_less):
754 (JSC::Machine::cti_op_neq):
755 (JSC::Machine::cti_op_post_dec):
756 (JSC::Machine::cti_op_urshift):
757 (JSC::Machine::cti_op_bitxor):
758 (JSC::Machine::cti_op_new_regexp):
759 (JSC::Machine::cti_op_bitor):
760 (JSC::Machine::cti_op_call_eval):
761 (JSC::Machine::cti_op_throw):
762 (JSC::Machine::cti_op_get_pnames):
763 (JSC::Machine::cti_op_next_pname):
764 (JSC::Machine::cti_op_push_scope):
765 (JSC::Machine::cti_op_pop_scope):
766 (JSC::Machine::cti_op_typeof):
767 (JSC::Machine::cti_op_to_jsnumber):
768 (JSC::Machine::cti_op_in):
769 (JSC::Machine::cti_op_push_new_scope):
770 (JSC::Machine::cti_op_jmp_scopes):
771 (JSC::Machine::cti_op_put_by_index):
772 (JSC::Machine::cti_op_switch_imm):
773 (JSC::Machine::cti_op_switch_char):
774 (JSC::Machine::cti_op_switch_string):
775 (JSC::Machine::cti_op_del_by_val):
776 (JSC::Machine::cti_op_put_getter):
777 (JSC::Machine::cti_op_put_setter):
778 (JSC::Machine::cti_op_new_error):
779 (JSC::Machine::cti_op_debug):
780 (JSC::Machine::cti_vm_throw):
785 * kjs/DebuggerCallFrame.cpp:
786 (JSC::DebuggerCallFrame::functionName):
787 (JSC::DebuggerCallFrame::type):
788 (JSC::DebuggerCallFrame::thisObject):
789 (JSC::DebuggerCallFrame::evaluate):
790 * kjs/DebuggerCallFrame.h:
792 (JSC::CallFrame::thisValue):
794 * kjs/FunctionConstructor.cpp:
795 (JSC::constructFunction):
796 * kjs/JSActivation.cpp:
797 (JSC::JSActivation::JSActivation):
798 (JSC::JSActivation::argumentsGetter):
799 * kjs/JSActivation.h:
800 * kjs/JSGlobalObject.cpp:
801 (JSC::JSGlobalObject::init):
802 * kjs/JSGlobalObjectFunctions.cpp:
803 (JSC::globalFuncEval):
804 * kjs/JSVariableObject.h:
806 (JSC::Parser::parse):
807 * kjs/RegExpConstructor.cpp:
808 (JSC::constructRegExp):
809 * kjs/RegExpPrototype.cpp:
810 (JSC::regExpProtoFuncCompile):
813 * kjs/StringPrototype.cpp:
814 (JSC::stringProtoFuncMatch):
815 (JSC::stringProtoFuncSearch):
816 * kjs/identifier.cpp:
817 (JSC::Identifier::checkSameIdentifierTable):
818 * kjs/interpreter.cpp:
819 (JSC::Interpreter::checkSyntax):
820 (JSC::Interpreter::evaluate):
822 (JSC::ThrowableExpressionData::emitThrowError):
823 (JSC::RegExpNode::emitCode):
824 (JSC::ArrayNode::emitCode):
825 (JSC::InstanceOfNode::emitCode):
828 (JSC::RegExp::RegExp):
829 (JSC::RegExp::create):
831 * profiler/HeavyProfile.h:
832 * profiler/Profile.h:
836 2008-10-08 Prasanth Ullattil <pullatti@trolltech.com>
838 Reviewed by Oliver Hunt.
840 Avoid endless loops when compiling without the computed goto
843 NEXT_OPCODE expands to "continue", which will not work inside
847 (JSC::Machine::privateExecute):
849 2008-10-08 Maciej Stachowiak <mjs@apple.com>
851 Reviewed by Oliver Hunt.
853 Re-landing the following fix with the crashing bug in it fixed (r37405):
855 - optimize away multiplication by constant 1.0
857 2.3% speedup on v8 RayTrace benchmark
859 Apparently it's not uncommon for JavaScript code to multiply by
860 constant 1.0 in the mistaken belief that this converts integer to
861 floating point and that there is any operational difference.
864 (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
865 case where parameter is already number.
866 (JSC::CTI::privateCompileSlowCases): ditto
868 (JSC::Machine::privateExecute): ditto
870 (makeMultNode): Transform as follows:
871 +FOO * BAR ==> FOO * BAR
872 FOO * +BAR ==> FOO * BAR
875 (makeDivNode): Transform as follows:
876 +FOO / BAR ==> FOO / BAR
877 FOO / +BAR ==> FOO / BAR
878 (makeSubNode): Transform as follows:
879 +FOO - BAR ==> FOO - BAR
880 FOO - +BAR ==> FOO - BAR
882 (JSC::ExpressionNode::stripUnaryPlus): Helper for above
884 (JSC::UnaryPlusNode::stripUnaryPlus): ditto
886 2008-10-08 Maciej Stachowiak <mjs@apple.com>
888 Reviewed by Oliver Hunt.
890 - correctly handle appending -0 to a string, it should stringify as just 0
895 2008-10-08 Prasanth Ullattil <pullatti@trolltech.com>
899 Fix WebKit compilation with VC2008SP1
901 Apply the TR1 workaround for JavaScriptCore, too.
903 * JavaScriptCore.pro:
905 2008-10-08 Prasanth Ullattil <pullatti@trolltech.com>
909 Fix compilation errors on VS2008 64Bit
912 (JSC::currentThreadStackBase):
914 2008-10-08 André Pönitz <apoenitz@trolltech.com>
918 Fix compilation with Qt namespaces.
922 2008-10-07 Sam Weinig <sam@webkit.org>
926 2008-10-07 Oliver Hunt <oliver@apple.com>
928 Reviewed by Cameron Zwarich.
930 Switch CTI runtime calls to the fastcall calling convention
932 Basically this means that we get to store the argument for CTI
933 calls in the ECX register, which saves a register->memory write
934 and subsequent memory->register read.
936 This is a 1.7% progression in SunSpider and 2.4% on commandline
941 (JSC::CTI::privateCompilePutByIdTransition):
942 (JSC::CTI::privateCompilePatchGetArrayLength):
945 * masm/X86Assembler.h:
946 (JSC::X86Assembler::emitRestoreArgumentReference):
947 (JSC::X86Assembler::emitRestoreArgumentReferenceForTrampoline):
948 We need this to correctly reload ecx from inside certain property access
952 2008-10-07 Maciej Stachowiak <mjs@apple.com>
954 Reviewed by Mark Rowe.
956 - optimize away multiplication by constant 1.0
958 2.3% speedup on v8 RayTrace benchmark
960 Apparently it's not uncommon for JavaScript code to multiply by
961 constant 1.0 in the mistaken belief that this converts integer to
962 floating point and that there is any operational difference.
965 (JSC::CTI::privateCompileMainPass): Optimize to_jsnumber for
966 case where parameter is already number.
967 (JSC::CTI::privateCompileSlowCases): ditto
969 (JSC::Machine::privateExecute): ditto
971 (makeMultNode): Transform as follows:
972 +FOO * BAR ==> FOO * BAR
973 FOO * +BAR ==> FOO * BAR
976 (makeDivNode): Transform as follows:
977 +FOO / BAR ==> FOO / BAR
978 FOO / +BAR ==> FOO / BAR
979 (makeSubNode): Transform as follows:
980 +FOO - BAR ==> FOO - BAR
981 FOO - +BAR ==> FOO - BAR
983 (JSC::ExpressionNode::stripUnaryPlus): Helper for above
985 (JSC::UnaryPlusNode::stripUnaryPlus): ditto
987 2008-10-07 Maciej Stachowiak <mjs@apple.com>
989 Reviewed by Oliver Hunt.
991 - make constant folding code more consistent
993 Added a makeSubNode to match add, mult and div; use the makeFooNode functions always,
994 instead of allocating nodes directly in other places in the grammar.
998 2008-10-07 Sam Weinig <sam@webkit.org>
1000 Reviewed by Cameron Zwarich.
1002 Move hasGetterSetterProperties flag from PropertyMap to StructureID.
1005 (JSC::JSObject::put):
1006 (JSC::JSObject::defineGetter):
1007 (JSC::JSObject::defineSetter):
1009 (JSC::JSObject::hasGetterSetterProperties):
1010 (JSC::JSObject::getOwnPropertySlotForWrite):
1011 (JSC::JSObject::getOwnPropertySlot):
1012 * kjs/PropertyMap.h:
1013 * kjs/StructureID.cpp:
1014 (JSC::StructureID::StructureID):
1015 (JSC::StructureID::addPropertyTransition):
1016 (JSC::StructureID::toDictionaryTransition):
1017 (JSC::StructureID::changePrototypeTransition):
1018 (JSC::StructureID::getterSetterTransition):
1019 * kjs/StructureID.h:
1020 (JSC::StructureID::hasGetterSetterProperties):
1021 (JSC::StructureID::setHasGetterSetterProperties):
1023 2008-10-07 Sam Weinig <sam@webkit.org>
1025 Reviewed by Cameron Zwarich.
1027 Roll r37370 back in with bug fixes.
1029 - PropertyMap::storageSize() should reflect the number of keys + deletedOffsets
1030 and has nothing to do with the internal deletedSentinel count anymore.
1032 2008-10-07 Gavin Barraclough <barraclough@apple.com>
1034 Reviewed by Oliver Hunt.
1036 Move callframe initialization into JIT code, again.
1038 As a part of the restructuring the second result from functions is now
1039 returned in edx, allowing the new value of 'r' to be returned via a
1040 register, and stored to the stack from JIT code, too.
1042 4.5% progression on v8-tests. (3% in their harness)
1046 (JSC::CTI::emitCall):
1047 (JSC::CTI::compileOpCall):
1048 (JSC::CTI::privateCompileMainPass):
1049 (JSC::CTI::privateCompileSlowCases):
1050 (JSC::CTI::privateCompile):
1052 (JSC::CallRecord::CallRecord):
1054 (JSC::Machine::cti_op_call_JSFunction):
1055 (JSC::Machine::cti_op_construct_JSConstruct):
1056 (JSC::Machine::cti_op_resolve_func):
1057 (JSC::Machine::cti_op_post_inc):
1058 (JSC::Machine::cti_op_resolve_with_base):
1059 (JSC::Machine::cti_op_post_dec):
1064 2008-10-07 Mark Rowe <mrowe@apple.com>
1066 Fix typo in method name.
1071 2008-10-07 Cameron Zwarich <zwarich@apple.com>
1073 Rubber-stamped by Mark Rowe.
1077 2008-10-06 Sam Weinig <sam@webkit.org>
1079 Reviewed by Cameron Zwarich.
1081 Fix for https://bugs.webkit.org/show_bug.cgi?id=21415
1082 Improve the division between PropertyStorageArray and PropertyMap
1084 - Rework ProperyMap to store offsets in the value so that they don't
1085 change when rehashing. This allows us not to have to keep the
1086 PropertyStorageArray in sync and thus not have to pass it in.
1087 - Rename PropertyMap::getOffset -> PropertyMap::get since put/remove
1088 now also return offsets.
1089 - A Vector of deleted offsets is now needed since the storage is out of
1092 1% win on SunSpider. Wash on V8 suite.
1094 * JavaScriptCore.exp:
1096 (JSC::transitionWillNeedStorageRealloc):
1098 (JSC::Machine::privateExecute):
1099 Transition logic can be greatly simplified by the fact that
1100 the storage capacity is always known, and is correct for the
1103 (JSC::JSObject::put): Rename getOffset -> get.
1104 (JSC::JSObject::deleteProperty): Ditto.
1105 (JSC::JSObject::getPropertyAttributes): Ditto.
1106 (JSC::JSObject::removeDirect): Use returned offset to
1107 clear the value in the PropertyNameArray.
1108 (JSC::JSObject::allocatePropertyStorage): Add assert.
1110 (JSC::JSObject::getDirect): Rename getOffset -> get
1111 (JSC::JSObject::getDirectLocation): Rename getOffset -> get
1112 (JSC::JSObject::putDirect): Use propertyStorageCapacity to determine whether
1113 or not to resize. Also, since put now returns an offset (and thus
1114 addPropertyTransition does also) setting of the PropertyStorageArray is
1116 (JSC::JSObject::transitionTo):
1117 * kjs/PropertyMap.cpp:
1118 (JSC::PropertyMap::checkConsistency): PropertyStorageArray is no longer
1120 (JSC::PropertyMap::operator=): Copy the delete offsets vector.
1121 (JSC::PropertyMap::put): Instead of setting the PropertyNameArray
1122 explicitly, return the offset where the value should go.
1123 (JSC::PropertyMap::remove): Instead of removing from the PropertyNameArray
1124 explicitly, return the offset where the value should be removed.
1125 (JSC::PropertyMap::get): Switch to using the stored offset, instead
1126 of the implicit one.
1127 (JSC::PropertyMap::insert):
1128 (JSC::PropertyMap::expand): This is never called when m_table is null,
1129 so remove that branch and add it as an assertion.
1130 (JSC::PropertyMap::createTable): Consistency checks no longer take
1131 a PropertyNameArray.
1132 (JSC::PropertyMap::rehash): No need to rehash the PropertyNameArray
1133 now that it is completely out of band.
1134 * kjs/PropertyMap.h:
1135 (JSC::PropertyMapEntry::PropertyMapEntry): Store offset into PropertyNameArray.
1136 (JSC::PropertyMap::get): Switch to using the stored offset, instead
1137 of the implicit one.
1138 * kjs/StructureID.cpp:
1139 (JSC::StructureID::StructureID): Initialize the propertyStorageCapacity to
1140 JSObject::inlineStorageCapacity.
1141 (JSC::StructureID::growPropertyStorageCapacity): Grow the storage capacity as
1143 (JSC::StructureID::addPropertyTransition): Copy the storage capacity.
1144 (JSC::StructureID::toDictionaryTransition): Ditto.
1145 (JSC::StructureID::changePrototypeTransition): Ditto.
1146 (JSC::StructureID::getterSetterTransition): Ditto.
1147 * kjs/StructureID.h:
1148 (JSC::StructureID::propertyStorageCapacity): Add propertyStorageCapacity
1149 which is the current capacity for the JSObjects PropertyStorageArray.
1150 It starts at the JSObject::inlineStorageCapacity (currently 2), then
1151 when it first needs to be resized moves to the JSObject::nonInlineBaseStorageCapacity
1152 (currently 16), and after that doubles each time.
1154 2008-10-06 Cameron Zwarich <zwarich@apple.com>
1156 Reviewed by Oliver Hunt.
1158 Bug 21396: Remove the OptionalCalleeActivation call frame slot
1159 <https://bugs.webkit.org/show_bug.cgi?id=21396>
1161 Remove the OptionalCalleeActivation call frame slot. We have to be
1162 careful to store the activation object in a register, because objects
1163 in the scope chain do not get marked.
1165 This is a 0.3% speedup on both SunSpider and the V8 benchmark.
1168 (JSC::CTI::privateCompileMainPass):
1170 (JSC::CodeBlock::dump):
1171 * VM/CodeGenerator.cpp:
1172 (JSC::CodeGenerator::CodeGenerator):
1173 (JSC::CodeGenerator::emitReturn):
1174 * VM/CodeGenerator.h:
1176 (JSC::Machine::dumpRegisters):
1177 (JSC::Machine::unwindCallFrame):
1178 (JSC::Machine::privateExecute):
1179 (JSC::Machine::cti_op_call_JSFunction):
1180 (JSC::Machine::cti_op_push_activation):
1181 (JSC::Machine::cti_op_tear_off_activation):
1182 (JSC::Machine::cti_op_construct_JSConstruct):
1184 (JSC::Machine::initializeCallFrame):
1185 * VM/RegisterFile.h:
1186 (JSC::RegisterFile::):
1188 2008-10-06 Tony Chang <tony@chromium.org>
1190 Reviewed by Alexey Proskuryakov.
1192 Chromium doesn't use pthreads on windows, so make its use conditional.
1194 Also convert a WORD to a DWORD to avoid a compiler warning. This
1195 matches the other methods around it.
1197 * wtf/ThreadingWin.cpp:
1198 (WTF::wtfThreadEntryPoint):
1199 (WTF::ThreadCondition::broadcast):
1201 2008-10-06 Mark Mentovai <mark@moxienet.com>
1203 Reviewed by Tim Hatcher.
1205 Allow ENABLE_DASHBOARD_SUPPORT and ENABLE_MAC_JAVA_BRIDGE to be
1206 disabled on the Mac.
1208 https://bugs.webkit.org/show_bug.cgi?id=21333
1212 2008-10-06 Steve Falkenburg <sfalken@apple.com>
1214 https://bugs.webkit.org/show_bug.cgi?id=21416
1215 Pass 0 for size to VirtualAlloc, as documented by MSDN.
1216 Identified by Application Verifier.
1218 Reviewed by Darin Adler.
1220 * kjs/collector.cpp:
1223 2008-10-06 Kevin McCullough <kmccullough@apple.com>
1225 Reviewed by Tim Hatcheri and Oliver Hunt.
1227 https://bugs.webkit.org/show_bug.cgi?id=21412
1228 Bug 21412: Refactor user initiated profile count to be more stable
1229 - Export UString::from for use with creating the profile title.
1231 * JavaScriptCore.exp:
1233 2008-10-06 Maciej Stachowiak <mjs@apple.com>
1235 Not reviewed. Build fix.
1237 - revert toBoolean changes (r37333 and r37335); need to make WebCore work with these
1239 * API/JSValueRef.cpp:
1242 * JavaScriptCore.exp:
1244 (JSC::CodeBlock::dump):
1246 (JSC::Machine::privateExecute):
1247 (JSC::Machine::cti_op_loop_if_true):
1248 (JSC::Machine::cti_op_not):
1249 (JSC::Machine::cti_op_jtrue):
1250 * kjs/ArrayPrototype.cpp:
1251 (JSC::arrayProtoFuncFilter):
1252 (JSC::arrayProtoFuncEvery):
1253 (JSC::arrayProtoFuncSome):
1254 * kjs/BooleanConstructor.cpp:
1255 (JSC::constructBoolean):
1256 (JSC::callBooleanConstructor):
1257 * kjs/GetterSetter.h:
1259 (JSC::JSValue::toBoolean):
1260 * kjs/JSNumberCell.cpp:
1261 (JSC::JSNumberCell::toBoolean):
1262 * kjs/JSNumberCell.h:
1264 (JSC::JSObject::toBoolean):
1267 (JSC::JSString::toBoolean):
1270 * kjs/RegExpConstructor.cpp:
1271 (JSC::setRegExpConstructorMultiline):
1272 * kjs/RegExpObject.cpp:
1273 (JSC::RegExpObject::match):
1274 * kjs/RegExpPrototype.cpp:
1275 (JSC::regExpProtoFuncToString):
1277 2008-10-06 Maciej Stachowiak <mjs@apple.com>
1279 Reviewed by Sam Weinig.
1281 - optimize op_jtrue, op_loop_if_true and op_not in various ways
1282 https://bugs.webkit.org/show_bug.cgi?id=21404
1284 1) Make JSValue::toBoolean nonvirtual and completely inline by
1285 making use of the StructureID type field.
1287 2) Make JSValue::toBoolean not take an ExecState; doesn't need it.
1289 3) Make op_not, op_loop_if_true and op_jtrue not read the
1290 ExecState (toBoolean doesn't need it any more) and not check
1291 exceptions (toBoolean can't throw).
1293 * API/JSValueRef.cpp:
1295 * JavaScriptCore.exp:
1297 (JSC::CodeBlock::dump):
1299 (JSC::Machine::privateExecute):
1300 (JSC::Machine::cti_op_loop_if_true):
1301 (JSC::Machine::cti_op_not):
1302 (JSC::Machine::cti_op_jtrue):
1303 * kjs/ArrayPrototype.cpp:
1304 (JSC::arrayProtoFuncFilter):
1305 (JSC::arrayProtoFuncEvery):
1306 (JSC::arrayProtoFuncSome):
1307 * kjs/BooleanConstructor.cpp:
1308 (JSC::constructBoolean):
1309 (JSC::callBooleanConstructor):
1310 * kjs/GetterSetter.h:
1312 (JSC::JSValue::toBoolean):
1313 * kjs/JSNumberCell.cpp:
1314 * kjs/JSNumberCell.h:
1315 (JSC::JSNumberCell::toBoolean):
1318 (JSC::JSObject::toBoolean):
1319 (JSC::JSCell::toBoolean):
1322 (JSC::JSString::toBoolean):
1324 * kjs/RegExpConstructor.cpp:
1325 (JSC::setRegExpConstructorMultiline):
1326 * kjs/RegExpObject.cpp:
1327 (JSC::RegExpObject::match):
1328 * kjs/RegExpPrototype.cpp:
1329 (JSC::regExpProtoFuncToString):
1331 2008-10-06 Ariya Hidayat <ariya.hidayat@trolltech.com>
1335 Build fix for MinGW.
1337 * JavaScriptCore.pri:
1339 (JSC::highResUpTime):
1341 2008-10-05 Cameron Zwarich <zwarich@apple.com>
1343 Reviewed by Oliver Hunt.
1345 Remove ScopeNode::containsClosures() now that it is unused.
1348 (JSC::ScopeNode::containsClosures):
1350 2008-10-05 Maciej Stachowiak <mjs@apple.com>
1352 Reviewed by Cameron Zwarich.
1354 - fix releas-only test failures caused by the fix to bug 21375
1357 (JSC::Machine::unwindCallFrame): Update ExecState while unwinding call frames;
1358 it now matters more to have a still-valid ExecState, since dynamicGlobalObject
1359 will make use of the ExecState's scope chain.
1362 2008-10-05 Cameron Zwarich <zwarich@apple.com>
1364 Reviewed by Oliver Hunt.
1366 Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
1367 <https://bugs.webkit.org/show_bug.cgi?id=21364>
1369 Use information from the parser to detect whether an activation is
1370 needed or 'arguments' is used, and emit explicit instructions to tear
1371 them off before op_ret. This allows a branch to be removed from op_ret
1372 and simplifies some other code. This does cause a small change in the
1373 behaviour of 'f.arguments'; it is no longer live when 'arguments' is not
1374 mentioned in the lexical scope of the function.
1376 It should now be easy to remove the OptionaCalleeActivation slot in the
1377 call frame, but this will be done in a later patch.
1380 (JSC::CTI::privateCompileMainPass):
1382 (JSC::CodeBlock::dump):
1383 * VM/CodeGenerator.cpp:
1384 (JSC::CodeGenerator::emitReturn):
1385 * VM/CodeGenerator.h:
1387 (JSC::Machine::unwindCallFrame):
1388 (JSC::Machine::privateExecute):
1389 (JSC::Machine::retrieveArguments):
1390 (JSC::Machine::cti_op_create_arguments):
1391 (JSC::Machine::cti_op_tear_off_activation):
1392 (JSC::Machine::cti_op_tear_off_arguments):
1395 * kjs/Arguments.cpp:
1396 (JSC::Arguments::mark):
1398 (JSC::Arguments::isTornOff):
1399 (JSC::Arguments::Arguments):
1400 (JSC::Arguments::copyRegisters):
1401 (JSC::JSActivation::copyRegisters):
1402 * kjs/JSActivation.cpp:
1403 (JSC::JSActivation::argumentsGetter):
1404 * kjs/JSActivation.h:
1406 2008-10-05 Maciej Stachowiak <mjs@apple.com>
1408 Reviewed by Oliver Hunt.
1410 - fixed "REGRESSION (r37297): fast/js/deep-recursion-test takes too long and times out"
1411 https://bugs.webkit.org/show_bug.cgi?id=21375
1413 The problem is that dynamicGlobalObject had become O(N) in number
1414 of call frames, but unwinding the stack for an exception called it
1415 for every call frame, resulting in O(N^2) behavior for an
1416 exception thrown from inside deep recursion.
1418 Instead of doing it that way, stash the dynamic global object in JSGlobalData.
1420 * JavaScriptCore.exp:
1422 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Helper class to temporarily
1423 store and later restore a dynamicGlobalObject in JSGlobalData.
1424 (JSC::DynamicGlobalObjectScope::~DynamicGlobalObjectScope):
1425 (JSC::Machine::execute): In each version, establish a DynamicGlobalObjectScope.
1426 For ProgramNode, always establish set new dynamicGlobalObject, for FunctionBody and Eval,
1427 only if none is currently set.
1430 * kjs/JSGlobalData.cpp:
1431 (JSC::JSGlobalData::JSGlobalData): Ininitalize new dynamicGlobalObject field to 0.
1432 * kjs/JSGlobalData.h:
1433 * kjs/JSGlobalObject.h:
1434 (JSC::ExecState::dynamicGlobalObject): Moved here from ExecState for benefit of inlining.
1435 Return lexical global object if this is a globalExec(), otherwise look in JSGlobalData
1436 for the one stashed there.
1438 2008-10-05 Sam Weinig <sam@webkit.org>
1440 Reviewed by Maciej Stachowiak.
1442 Avoid an extra lookup when transitioning to an existing StructureID
1443 by caching the offset of property that caused the transition.
1445 1% win on V8 suite. Wash on SunSpider.
1447 * kjs/PropertyMap.cpp:
1448 (JSC::PropertyMap::put):
1449 * kjs/PropertyMap.h:
1450 * kjs/StructureID.cpp:
1451 (JSC::StructureID::StructureID):
1452 (JSC::StructureID::addPropertyTransition):
1453 * kjs/StructureID.h:
1454 (JSC::StructureID::setCachedTransistionOffset):
1455 (JSC::StructureID::cachedTransistionOffset):
1457 2008-10-05 Cameron Zwarich <zwarich@apple.com>
1459 Reviewed by Maciej Stachowiak.
1461 Bug 21364: Remove the branch in op_ret for OptionalCalleeActivation and OptionalCalleeArguments
1462 <https://bugs.webkit.org/show_bug.cgi?id=21364>
1464 This patch does not yet remove the branch, but it does a bit of refactoring
1465 so that a CodeGenerator now knows whether the associated CodeBlock will need
1466 a full scope before doing any code generation. This makes it possible to emit
1467 explicit tear-off instructions before every op_ret.
1470 (JSC::CodeBlock::CodeBlock):
1471 * VM/CodeGenerator.cpp:
1472 (JSC::CodeGenerator::generate):
1473 (JSC::CodeGenerator::CodeGenerator):
1474 (JSC::CodeGenerator::emitPushScope):
1475 (JSC::CodeGenerator::emitPushNewScope):
1477 (JSC::ScopeNode::needsActivation):
1479 2008-10-05 Gavin Barraclough <barraclough@apple.com>
1481 Reviewed by Cameron Zwarich.
1483 Fix for bug #21387 - using SamplingTool with CTI.
1485 (1) A repatch offset offset changes due to an additional instruction to update SamplingTool state.
1486 (2) Fix an incusion order problem due to ExecState changes.
1487 (3) Change to a MACHINE_SAMPLING macro, use of exec should now be accessing global data.
1490 (JSC::CTI::execute):
1491 * VM/SamplingTool.h:
1492 (JSC::SamplingTool::privateExecuteReturned):
1495 2008-10-04 Mark Rowe <mrowe@apple.com>
1497 Reviewed by Tim Hatcher.
1499 Add a 'Check For Weak VTables' build phase to catch weak vtables as early as possible.
1501 * JavaScriptCore.xcodeproj/project.pbxproj:
1503 2008-10-04 Sam Weinig <sam@webkit.org>
1505 Reviewed by Oliver Hunt.
1507 Fix https://bugs.webkit.org/show_bug.cgi?id=21320
1508 leaks of PropertyNameArrayData seen on buildbot
1510 - Fix RefPtr cycle by making PropertyNameArrayData's pointer back
1511 to the StructureID a weak pointer.
1513 * kjs/PropertyNameArray.h:
1514 (JSC::PropertyNameArrayData::setCachedStructureID):
1515 (JSC::PropertyNameArrayData::cachedStructureID):
1516 * kjs/StructureID.cpp:
1517 (JSC::StructureID::getEnumerablePropertyNames):
1518 (JSC::StructureID::clearEnumerationCache):
1519 (JSC::StructureID::~StructureID):
1521 2008-10-04 Darin Adler <darin@apple.com>
1523 Reviewed by Cameron Zwarich.
1525 - https://bugs.webkit.org/show_bug.cgi?id=21295
1526 Bug 21295: Replace ExecState with a call frame Register pointer
1528 10% faster on Richards; other v8 benchmarks faster too.
1529 A wash on SunSpider.
1531 This does the minimum necessary to get the speedup. Next step in
1532 cleaning this up is to replace ExecState with a CallFrame class,
1533 and be more judicious about when to pass a call frame and when
1534 to pass a global data pointer, global object pointer, or perhaps
1535 something else entirely.
1537 * VM/CTI.cpp: Remove the debug-only check of the exception in
1538 ctiVMThrowTrampoline -- already checked in the code the trampoline
1539 jumps to, so not all that useful. Removed the exec argument from
1540 ctiTrampoline. Removed emitDebugExceptionCheck -- no longer needed.
1541 (JSC::CTI::emitCall): Removed code to set ExecState::m_callFrame.
1542 (JSC::CTI::privateCompileMainPass): Removed code in catch to extract
1543 the exception from ExecState::m_exception; instead, the code that
1544 jumps into catch will make sure the exception is already in eax.
1545 * VM/CTI.h: Removed exec from the ctiTrampoline. Also removed the
1546 non-helpful "volatile". Temporarily left ARG_exec in as a synonym
1547 for ARG_r; I'll change that on a future cleanup pass when introducing
1548 more use of the CallFrame type.
1549 (JSC::CTI::execute): Removed the ExecState* argument.
1551 * VM/ExceptionHelpers.cpp:
1552 (JSC::InterruptedExecutionError::InterruptedExecutionError): Take
1553 JSGlobalData* instead of ExecState*.
1554 (JSC::createInterruptedExecutionException): Ditto.
1555 * VM/ExceptionHelpers.h: Ditto. Also removed an unneeded include.
1558 (JSC::slideRegisterWindowForCall): Removed the exec and
1559 exceptionValue arguments. Changed to return 0 when there's a stack
1560 overflow rather than using a separate exception argument to cut
1561 down on memory accesses in the calling convention.
1562 (JSC::Machine::unwindCallFrame): Removed the exec argument when
1563 constructing a DebuggerCallFrame. Also removed code to set
1564 ExecState::m_callFrame.
1565 (JSC::Machine::throwException): Removed the exec argument when
1566 construction a DebuggerCallFrame.
1567 (JSC::Machine::execute): Updated to use the register instead of
1568 ExecState and also removed various uses of ExecState.
1569 (JSC::Machine::debug):
1570 (JSC::Machine::privateExecute): Put globalData into a local
1571 variable so it can be used throughout the interpreter. Changed
1572 the VM_CHECK_EXCEPTION to get the exception in globalData instead
1573 of through ExecState.
1574 (JSC::Machine::retrieveLastCaller): Turn exec into a registers
1575 pointer by calling registers() instead of by getting m_callFrame.
1576 (JSC::Machine::callFrame): Ditto.
1577 Tweaked exception macros. Made new versions for when you know
1578 you have an exception. Get at global exception with ARG_globalData.
1579 Got rid of the need to pass in the return value type.
1580 (JSC::Machine::cti_op_add): Update to use new version of exception
1582 (JSC::Machine::cti_op_pre_inc): Ditto.
1583 (JSC::Machine::cti_timeout_check): Ditto.
1584 (JSC::Machine::cti_op_instanceof): Ditto.
1585 (JSC::Machine::cti_op_new_func): Ditto.
1586 (JSC::Machine::cti_op_call_JSFunction): Optimized by using the
1587 ARG values directly instead of through local variables -- this gets
1588 rid of code that just shuffles things around in the stack frame.
1589 Also get rid of ExecState and update for the new way exceptions are
1590 handled in slideRegisterWindowForCall.
1591 (JSC::Machine::cti_vm_compile): Update to make exec out of r since
1592 they are both the same thing now.
1593 (JSC::Machine::cti_op_call_NotJSFunction): Ditto.
1594 (JSC::Machine::cti_op_init_arguments): Ditto.
1595 (JSC::Machine::cti_op_resolve): Ditto.
1596 (JSC::Machine::cti_op_construct_JSConstruct): Ditto.
1597 (JSC::Machine::cti_op_construct_NotJSConstruct): Ditto.
1598 (JSC::Machine::cti_op_resolve_func): Ditto.
1599 (JSC::Machine::cti_op_put_by_val): Ditto.
1600 (JSC::Machine::cti_op_put_by_val_array): Ditto.
1601 (JSC::Machine::cti_op_resolve_skip): Ditto.
1602 (JSC::Machine::cti_op_resolve_global): Ditto.
1603 (JSC::Machine::cti_op_post_inc): Ditto.
1604 (JSC::Machine::cti_op_resolve_with_base): Ditto.
1605 (JSC::Machine::cti_op_post_dec): Ditto.
1606 (JSC::Machine::cti_op_call_eval): Ditto.
1607 (JSC::Machine::cti_op_throw): Ditto. Also rearranged to return
1608 the exception value as the return value so it can be used by
1610 (JSC::Machine::cti_op_push_scope): Ditto.
1611 (JSC::Machine::cti_op_in): Ditto.
1612 (JSC::Machine::cti_op_del_by_val): Ditto.
1613 (JSC::Machine::cti_vm_throw): Ditto. Also rearranged to return
1614 the exception value as the return value so it can be used by
1617 * kjs/DebuggerCallFrame.cpp:
1618 (JSC::DebuggerCallFrame::functionName): Pass globalData.
1619 (JSC::DebuggerCallFrame::evaluate): Eliminated code to make a
1621 * kjs/DebuggerCallFrame.h: Removed ExecState argument from
1624 * kjs/ExecState.h: Eliminated all data members and made ExecState
1625 inherit privately from Register instead. Also added a typedef to
1626 the future name for this class, which is CallFrame. It's just a
1627 Register* that knows it's a pointer at a call frame. The new class
1628 can't be constructed or copied. Changed all functions to use
1629 the this pointer instead of m_callFrame. Changed exception-related
1630 functions to access an exception in JSGlobalData. Removed functions
1631 used by CTI to pass the return address to the throw machinery --
1632 this is now done directly with a global in the global data.
1634 * kjs/FunctionPrototype.cpp:
1635 (JSC::functionProtoFuncToString): Pass globalData instead of exec.
1637 * kjs/InternalFunction.cpp:
1638 (JSC::InternalFunction::name): Take globalData instead of exec.
1639 * kjs/InternalFunction.h: Ditto.
1641 * kjs/JSGlobalData.cpp: Initialize the new exception global to 0.
1642 * kjs/JSGlobalData.h: Declare two new globals. One for the current
1643 exception and another for the return address used by CTI to
1644 implement the throw operation.
1646 * kjs/JSGlobalObject.cpp:
1647 (JSC::JSGlobalObject::init): Removed code to set up globalExec,
1648 which is now the same thing as globalCallFrame.
1649 (JSC::JSGlobalObject::reset): Get globalExec from our globalExec
1650 function so we don't have to repeat the logic twice.
1651 (JSC::JSGlobalObject::mark): Removed code to mark the exception;
1652 the exception is now stored in JSGlobalData and marked there.
1653 (JSC::JSGlobalObject::globalExec): Return a pointer to the end
1654 of the global call frame.
1655 * kjs/JSGlobalObject.h: Removed the globalExec data member.
1658 (JSC::JSObject::putDirectFunction): Pass globalData instead of exec.
1660 * kjs/collector.cpp:
1661 (JSC::Heap::collect): Mark the global exception.
1663 * profiler/ProfileGenerator.cpp:
1664 (JSC::ProfileGenerator::addParentForConsoleStart): Pass globalData
1665 instead of exec to createCallIdentifier.
1667 * profiler/Profiler.cpp:
1668 (JSC::Profiler::willExecute): Pass globalData instead of exec to
1669 createCallIdentifier.
1670 (JSC::Profiler::didExecute): Ditto.
1671 (JSC::Profiler::createCallIdentifier): Take globalData instead of
1673 (JSC::createCallIdentifierFromFunctionImp): Ditto.
1674 * profiler/Profiler.h: Change interface to take a JSGlobalData
1675 instead of an ExecState.
1677 2008-10-04 Cameron Zwarich <zwarich@apple.com>
1679 Reviewed by Darin Adler.
1681 Bug 21369: Add opcode documentation for all undocumented opcodes
1682 <https://bugs.webkit.org/show_bug.cgi?id=21369>
1684 This patch adds opcode documentation for all undocumented opcodes, and
1685 it also renames op_init_arguments to op_create_arguments.
1688 (JSC::CTI::privateCompileMainPass):
1690 (JSC::CodeBlock::dump):
1691 * VM/CodeGenerator.cpp:
1692 (JSC::CodeGenerator::CodeGenerator):
1694 (JSC::Machine::privateExecute):
1695 (JSC::Machine::cti_op_create_arguments):
1699 2008-10-03 Maciej Stachowiak <mjs@apple.com>
1701 Reviewed by Cameron Zwarich.
1703 - "this" object in methods called on primitives should be wrapper object
1704 https://bugs.webkit.org/show_bug.cgi?id=21362
1706 I changed things so that functions which use "this" do a fast
1707 version of toThisObject conversion if needed. Currently we miss
1708 the conversion entirely, at least for primitive types. Using
1709 TypeInfo and the primitive check, I made the fast case bail out
1712 This is inexplicably an 1.007x SunSpider speedup (and a wash on V8 benchmarks).
1714 Also renamed some opcodes for clarity:
1717 init_activation ==> enter_with_activation
1720 (JSC::CTI::privateCompileMainPass):
1721 (JSC::CTI::privateCompileSlowCases):
1723 (JSC::CodeBlock::dump):
1724 * VM/CodeGenerator.cpp:
1725 (JSC::CodeGenerator::generate):
1726 (JSC::CodeGenerator::CodeGenerator):
1728 (JSC::Machine::privateExecute):
1729 (JSC::Machine::cti_op_convert_this):
1732 * kjs/JSActivation.cpp:
1733 (JSC::JSActivation::JSActivation):
1734 * kjs/JSActivation.h:
1735 (JSC::JSActivation::createStructureID):
1737 (JSC::JSValue::needsThisConversion):
1738 * kjs/JSGlobalData.cpp:
1739 (JSC::JSGlobalData::JSGlobalData):
1740 * kjs/JSGlobalData.h:
1741 * kjs/JSNumberCell.h:
1742 (JSC::JSNumberCell::createStructureID):
1743 * kjs/JSStaticScopeObject.h:
1744 (JSC::JSStaticScopeObject::JSStaticScopeObject):
1745 (JSC::JSStaticScopeObject::createStructureID):
1747 (JSC::JSString::createStructureID):
1750 (JSC::TypeInfo::needsThisConversion):
1752 (JSC::ScopeNode::usesThis):
1754 2008-10-03 Cameron Zwarich <zwarich@apple.com>
1756 Reviewed by Maciej Stachowiak.
1758 Bug 21356: The size of the RegisterFile differs depending on 32-bit / 64-bit and Debug / Release
1759 <https://bugs.webkit.org/show_bug.cgi?id=21356>
1761 The RegisterFile decreases in size (measured in terms of numbers of
1762 Registers) as the size of a Register increases. This causes
1764 js1_5/Regress/regress-159334.js
1766 to fail in 64-bit debug builds. This fix makes the RegisterFile on all
1767 platforms the same size that it is in 32-bit Release builds.
1769 * VM/RegisterFile.h:
1770 (JSC::RegisterFile::RegisterFile):
1772 2008-10-03 Maciej Stachowiak <mjs@apple.com>
1774 Reviewed by Cameron Zwarich.
1776 - Some code cleanup to how we handle code features.
1778 1) Rename FeatureInfo typedef to CodeFeatures.
1779 2) Rename NodeFeatureInfo template to NodeInfo.
1780 3) Keep CodeFeature bitmask in ScopeNode instead of trying to break it out into individual bools.
1781 4) Rename misleadingly named "needsClosure" method to "containsClosures", which better describes the meaning
1783 5) Make setUsersArguments() not take an argument since it only goes one way.
1785 * JavaScriptCore.exp:
1787 (JSC::CodeBlock::CodeBlock):
1790 (JSC::Parser::didFinishParsing):
1792 (JSC::Parser::parse):
1795 (JSC::ScopeNode::ScopeNode):
1796 (JSC::ProgramNode::ProgramNode):
1797 (JSC::ProgramNode::create):
1798 (JSC::EvalNode::EvalNode):
1799 (JSC::EvalNode::create):
1800 (JSC::FunctionBodyNode::FunctionBodyNode):
1801 (JSC::FunctionBodyNode::create):
1803 (JSC::ScopeNode::usesEval):
1804 (JSC::ScopeNode::containsClosures):
1805 (JSC::ScopeNode::usesArguments):
1806 (JSC::ScopeNode::setUsesArguments):
1808 2008-10-03 Cameron Zwarich <zwarich@apple.com>
1810 Reviewed by Maciej Stachowiak.
1812 Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
1813 <https://bugs.webkit.org/show_bug.cgi?id=21343>
1815 A fix was landed for this issue in r37253, and the ChangeLog assumes
1816 that it is a compiler bug, but it turns out that it is a subtle issue
1817 with mixing signed and unsigned 32-bit values in a 64-bit environment.
1818 In order to properly fix this bug, we should convert our signed offsets
1819 into the register file to use ptrdiff_t.
1821 This may not be the only instance of this issue, but I will land this
1822 fix first and look for more later.
1825 (JSC::Machine::getArgumentsData):
1827 * kjs/Arguments.cpp:
1828 (JSC::Arguments::getOwnPropertySlot):
1830 (JSC::Arguments::init):
1832 2008-10-03 Darin Adler <darin@apple.com>
1834 * VM/CTI.cpp: Another Windows build fix. Change the args of ctiTrampoline.
1836 * kjs/JSNumberCell.h: A build fix for newer versions of gcc. Added
1837 declarations of JSGlobalData overloads of jsNumberCell.
1839 2008-10-03 Darin Adler <darin@apple.com>
1841 - try to fix Windows build
1843 * kjs/ScopeChain.h: Add forward declaration of JSGlobalData.
1845 2008-10-03 Darin Adler <darin@apple.com>
1847 Reviewed by Geoff Garen.
1849 - next step of https://bugs.webkit.org/show_bug.cgi?id=21295
1850 Turn ExecState into a call frame pointer.
1852 Remove m_globalObject and m_globalData from ExecState.
1854 SunSpider says this is a wash (slightly faster but not statistically
1855 significant); which is good enough since it's a preparation step and
1856 not supposed to be a spedup.
1858 * API/JSCallbackFunction.cpp:
1859 (JSC::JSCallbackFunction::JSCallbackFunction):
1860 * kjs/ArrayConstructor.cpp:
1861 (JSC::ArrayConstructor::ArrayConstructor):
1862 * kjs/BooleanConstructor.cpp:
1863 (JSC::BooleanConstructor::BooleanConstructor):
1864 * kjs/DateConstructor.cpp:
1865 (JSC::DateConstructor::DateConstructor):
1866 * kjs/ErrorConstructor.cpp:
1867 (JSC::ErrorConstructor::ErrorConstructor):
1868 * kjs/FunctionPrototype.cpp:
1869 (JSC::FunctionPrototype::FunctionPrototype):
1870 * kjs/JSFunction.cpp:
1871 (JSC::JSFunction::JSFunction):
1872 * kjs/NativeErrorConstructor.cpp:
1873 (JSC::NativeErrorConstructor::NativeErrorConstructor):
1874 * kjs/NumberConstructor.cpp:
1875 (JSC::NumberConstructor::NumberConstructor):
1876 * kjs/ObjectConstructor.cpp:
1877 (JSC::ObjectConstructor::ObjectConstructor):
1878 * kjs/PrototypeFunction.cpp:
1879 (JSC::PrototypeFunction::PrototypeFunction):
1880 * kjs/RegExpConstructor.cpp:
1881 (JSC::RegExpConstructor::RegExpConstructor):
1882 * kjs/StringConstructor.cpp:
1883 (JSC::StringConstructor::StringConstructor):
1884 Pass JSGlobalData* instead of ExecState* to the InternalFunction
1887 * API/OpaqueJSString.cpp: Added now-needed include.
1889 * JavaScriptCore.exp: Updated.
1892 (JSC::CTI::emitSlowScriptCheck): Changed to use ARGS_globalData
1893 instead of ARGS_exec.
1895 * VM/CTI.h: Added a new argument to the CTI, the global data pointer.
1896 While it's possible to get to the global data pointer using the
1897 ExecState pointer, it's slow enough that it's better to just keep
1898 it around in the CTI arguments.
1900 * VM/CodeBlock.h: Moved the CodeType enum here from ExecState.h.
1903 (JSC::Machine::execute): Pass fewer arguments when constructing
1904 ExecState, and pass the global data pointer when invoking CTI.
1905 (JSC::Machine::firstCallFrame): Added. Used to get the dynamic global
1906 object, which is in the scope chain of the first call frame.
1907 (JSC::Machine::cti_op_add): Use globalData instead of exec when
1908 possible, to keep fast cases fast, since it's now more expensive to
1909 get to it through the exec pointer.
1910 (JSC::Machine::cti_timeout_check): Ditto.
1911 (JSC::Machine::cti_op_put_by_id_second): Ditto.
1912 (JSC::Machine::cti_op_get_by_id_second): Ditto.
1913 (JSC::Machine::cti_op_mul): Ditto.
1914 (JSC::Machine::cti_vm_compile): Ditto.
1915 (JSC::Machine::cti_op_get_by_val): Ditto.
1916 (JSC::Machine::cti_op_sub): Ditto.
1917 (JSC::Machine::cti_op_put_by_val): Ditto.
1918 (JSC::Machine::cti_op_put_by_val_array): Ditto.
1919 (JSC::Machine::cti_op_negate): Ditto.
1920 (JSC::Machine::cti_op_div): Ditto.
1921 (JSC::Machine::cti_op_pre_dec): Ditto.
1922 (JSC::Machine::cti_op_post_inc): Ditto.
1923 (JSC::Machine::cti_op_lshift): Ditto.
1924 (JSC::Machine::cti_op_bitand): Ditto.
1925 (JSC::Machine::cti_op_rshift): Ditto.
1926 (JSC::Machine::cti_op_bitnot): Ditto.
1927 (JSC::Machine::cti_op_mod): Ditto.
1928 (JSC::Machine::cti_op_post_dec): Ditto.
1929 (JSC::Machine::cti_op_urshift): Ditto.
1930 (JSC::Machine::cti_op_bitxor): Ditto.
1931 (JSC::Machine::cti_op_bitor): Ditto.
1932 (JSC::Machine::cti_op_call_eval): Ditto.
1933 (JSC::Machine::cti_op_throw): Ditto.
1934 (JSC::Machine::cti_op_is_string): Ditto.
1935 (JSC::Machine::cti_op_debug): Ditto.
1936 (JSC::Machine::cti_vm_throw): Ditto.
1938 * VM/Machine.h: Added firstCallFrame.
1940 * kjs/DebuggerCallFrame.cpp:
1941 (JSC::DebuggerCallFrame::evaluate): Pass fewer arguments when
1942 constructing ExecState.
1944 * kjs/ExecState.cpp: Deleted contents. Later we'll remove the
1947 * kjs/ExecState.h: Removed m_globalObject and m_globalData.
1948 Moved CodeType into another header.
1949 (JSC::ExecState::ExecState): Take only a single argument, a
1951 (JSC::ExecState::dynamicGlobalObject): Get the object from
1952 the first call frame since it's no longer stored.
1953 (JSC::ExecState::globalData): Get the global data from the
1954 scope chain, since we no longer store a pointer to it here.
1955 (JSC::ExecState::identifierTable): Ditto.
1956 (JSC::ExecState::propertyNames): Ditto.
1957 (JSC::ExecState::emptyList): Ditto.
1958 (JSC::ExecState::lexer): Ditto.
1959 (JSC::ExecState::parser): Ditto.
1960 (JSC::ExecState::machine): Ditto.
1961 (JSC::ExecState::arrayTable): Ditto.
1962 (JSC::ExecState::dateTable): Ditto.
1963 (JSC::ExecState::mathTable): Ditto.
1964 (JSC::ExecState::numberTable): Ditto.
1965 (JSC::ExecState::regExpTable): Ditto.
1966 (JSC::ExecState::regExpConstructorTable): Ditto.
1967 (JSC::ExecState::stringTable): Ditto.
1968 (JSC::ExecState::heap): Ditto.
1970 * kjs/FunctionConstructor.cpp:
1971 (JSC::FunctionConstructor::FunctionConstructor): Pass
1972 JSGlobalData* instead of ExecState* to the InternalFunction
1974 (JSC::constructFunction): Pass the global data pointer when
1975 constructing a new scope chain.
1977 * kjs/InternalFunction.cpp:
1978 (JSC::InternalFunction::InternalFunction): Take a JSGlobalData*
1979 instead of an ExecState*. Later we can change more places to
1980 work this way -- it's more efficient to take the type you need
1981 since the caller might already have it.
1982 * kjs/InternalFunction.h: Ditto.
1985 (JSC::JSCell::operator new): Added an overload that takes a
1986 JSGlobalData* so you can construct without an ExecState*.
1988 * kjs/JSGlobalObject.cpp:
1989 (JSC::JSGlobalObject::init): Moved creation of the global scope
1990 chain in here, since it now requires a pointer to the global data.
1991 Moved the initialization of the call frame in here since it requires
1992 the global scope chain node. Removed the extra argument to ExecState
1993 when creating the global ExecState*.
1994 * kjs/JSGlobalObject.h: Removed initialization of globalScopeChain
1995 and the call frame from the JSGlobalObjectData constructor. Added
1996 a thisValue argument to the init function.
1998 * kjs/JSNumberCell.cpp: Added versions of jsNumberCell that take
1999 JSGlobalData* rather than ExecState*.
2000 * kjs/JSNumberCell.h:
2001 (JSC::JSNumberCell::operator new): Added a version that takes
2003 (JSC::JSNumberCell::JSNumberCell): Ditto.
2004 (JSC::jsNumber): Ditto.
2006 (JSC::jsString): Ditto.
2007 (JSC::jsSubstring): Ditto.
2008 (JSC::jsOwnedString): Ditto.
2010 (JSC::JSString::JSString): Changed to take JSGlobalData*.
2011 (JSC::jsEmptyString): Added a version that takes JSGlobalData*.
2012 (JSC::jsSingleCharacterString): Ditto.
2013 (JSC::jsSingleCharacterSubstring): Ditto.
2014 (JSC::jsNontrivialString): Ditto.
2015 (JSC::JSString::getIndex): Ditto.
2016 (JSC::jsString): Ditto.
2017 (JSC::jsSubstring): Ditto.
2018 (JSC::jsOwnedString): Ditto.
2020 * kjs/ScopeChain.h: Added a globalData pointer to each node.
2021 (JSC::ScopeChainNode::ScopeChainNode): Initialize the globalData
2023 (JSC::ScopeChainNode::push): Set the global data pointer in the
2025 (JSC::ScopeChain::ScopeChain): Take a globalData argument.
2027 * kjs/SmallStrings.cpp:
2028 (JSC::SmallStrings::createEmptyString): Take JSGlobalData* instead of
2030 (JSC::SmallStrings::createSingleCharacterString): Ditto.
2031 * kjs/SmallStrings.h:
2032 (JSC::SmallStrings::emptyString): Ditto.
2033 (JSC::SmallStrings::singleCharacterString): Ditto.
2035 2008-10-03 Cameron Zwarich <zwarich@apple.com>
2037 Reviewed by Geoff Garen.
2039 Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
2040 <https://bugs.webkit.org/show_bug.cgi?id=21343>
2042 Add a workaround for a bug in GCC, which affects GCC 4.0, GCC 4.2, and
2043 llvm-gcc 4.2. I put it in an #ifdef because it was a slight regression
2044 on SunSpider in 32-bit, although that might be entirely random.
2046 * kjs/Arguments.cpp:
2047 (JSC::Arguments::getOwnPropertySlot):
2049 2008-10-03 Darin Adler <darin@apple.com>
2051 Rubber stamped by Alexey Proskuryakov.
2053 * kjs/Shell.cpp: (main): Don't delete JSGlobalData. Later, we need to change
2054 this tool to use public JavaScriptCore API instead.
2056 2008-10-03 Darin Adler <darin@apple.com>
2058 Suggested by Alexey Proskuryakov.
2060 * kjs/JSGlobalData.cpp:
2061 (JSC::JSGlobalData::~JSGlobalData): Remove call to heap.destroy() because
2062 it's too late to ref the JSGlobalData object once it's already being
2063 destroyed. In practice this is not a problem because WebCore's JSGlobalData
2064 is never destroyed and JSGlobalContextRelease takes care of calling
2065 heap.destroy() in advance.
2067 2008-10-02 Oliver Hunt <oliver@apple.com>
2069 Reviewed by Maciej Stachowiak.
2071 Replace SSE3 check with an SSE2 check, and implement SSE2 check on windows.
2073 5.6% win on SunSpider on windows.
2076 (JSC::isSSE2Present):
2077 (JSC::CTI::compileBinaryArithOp):
2078 (JSC::CTI::compileBinaryArithOpSlowCase):
2080 2008-10-03 Maciej Stachowiak <mjs@apple.com>
2082 Rubber stamped by Cameron Zwarich.
2084 - fix mistaken change of | to || which caused a big perf regression on EarleyBoyer
2088 2008-10-02 Darin Adler <darin@apple.com>
2090 Reviewed by Geoff Garen.
2092 - https://bugs.webkit.org/show_bug.cgi?id=21321
2093 Bug 21321: speed up JavaScriptCore by inlining Heap in JSGlobalData
2095 1.019x as fast on SunSpider.
2098 (JSEvaluateScript): Use heap. instead of heap-> to work with the heap.
2099 (JSCheckScriptSyntax): Ditto.
2100 (JSGarbageCollect): Ditto.
2101 (JSReportExtraMemoryCost): Ditto.
2102 * API/JSContextRef.cpp:
2103 (JSGlobalContextRetain): Ditto.
2104 (JSGlobalContextRelease): Destroy the heap with the destroy function instead
2105 of the delete operator.
2106 (JSContextGetGlobalObject): Use heap. instead of heap-> to work with the heap.
2107 * API/JSObjectRef.cpp:
2108 (JSObjectMake): Use heap. instead of heap-> to work with the heap.
2109 (JSObjectMakeFunctionWithCallback): Ditto.
2110 (JSObjectMakeConstructor): Ditto.
2111 (JSObjectMakeFunction): Ditto.
2112 (JSObjectMakeArray): Ditto.
2113 (JSObjectMakeDate): Ditto.
2114 (JSObjectMakeError): Ditto.
2115 (JSObjectMakeRegExp): Ditto.
2116 (JSObjectHasProperty): Ditto.
2117 (JSObjectGetProperty): Ditto.
2118 (JSObjectSetProperty): Ditto.
2119 (JSObjectGetPropertyAtIndex): Ditto.
2120 (JSObjectSetPropertyAtIndex): Ditto.
2121 (JSObjectDeleteProperty): Ditto.
2122 (JSObjectCallAsFunction): Ditto.
2123 (JSObjectCallAsConstructor): Ditto.
2124 (JSObjectCopyPropertyNames): Ditto.
2125 (JSPropertyNameAccumulatorAddName): Ditto.
2126 * API/JSValueRef.cpp:
2127 (JSValueIsEqual): Ditto.
2128 (JSValueIsInstanceOfConstructor): Ditto.
2129 (JSValueMakeNumber): Ditto.
2130 (JSValueMakeString): Ditto.
2131 (JSValueToNumber): Ditto.
2132 (JSValueToStringCopy): Ditto.
2133 (JSValueToObject): Ditto.
2134 (JSValueProtect): Ditto.
2135 (JSValueUnprotect): Ditto.
2138 (JSC::ExecState::heap): Update to use the & operator.
2140 * kjs/JSGlobalData.cpp:
2141 (JSC::JSGlobalData::JSGlobalData): Update to initialize a heap member
2142 instead of calling new to make a heap.
2143 (JSC::JSGlobalData::~JSGlobalData): Destroy the heap with the destroy
2144 function instead of the delete operator.
2145 * kjs/JSGlobalData.h: Change from Heap* to a Heap.
2146 * kjs/JSGlobalObject.cpp:
2147 (JSC::JSGlobalObject::mark): Use the & operator here.
2148 (JSC::JSGlobalObject::operator new): Use heap. instead of heap-> to work
2151 2008-10-02 Cameron Zwarich <zwarich@apple.com>
2153 Reviewed by Geoff Garen.
2155 Bug 21317: Replace RegisterFile size and capacity information with Register pointers
2156 <https://bugs.webkit.org/show_bug.cgi?id=21317>
2158 This is a 2.3% speedup on the V8 DeltaBlue benchmark, a 3.3% speedup on
2159 the V8 Raytrace benchmark, and a 1.0% speedup on SunSpider.
2162 (JSC::slideRegisterWindowForCall):
2163 (JSC::Machine::callEval):
2164 (JSC::Machine::execute):
2165 (JSC::Machine::privateExecute):
2166 (JSC::Machine::cti_op_call_JSFunction):
2167 (JSC::Machine::cti_op_construct_JSConstruct):
2168 * VM/RegisterFile.cpp:
2169 (JSC::RegisterFile::~RegisterFile):
2170 * VM/RegisterFile.h:
2171 (JSC::RegisterFile::RegisterFile):
2172 (JSC::RegisterFile::start):
2173 (JSC::RegisterFile::end):
2174 (JSC::RegisterFile::size):
2175 (JSC::RegisterFile::shrink):
2176 (JSC::RegisterFile::grow):
2177 (JSC::RegisterFile::lastGlobal):
2178 (JSC::RegisterFile::markGlobals):
2179 (JSC::RegisterFile::markCallFrames):
2180 * kjs/JSGlobalObject.cpp:
2181 (JSC::JSGlobalObject::copyGlobalsTo):
2183 2008-10-02 Cameron Zwarich <zwarich@apple.com>
2185 Rubber-stamped by Darin Adler.
2187 Change bitwise operations introduced in r37166 to boolean operations. We
2188 only use bitwise operations over boolean operations for increasing
2189 performance in extremely hot code, but that does not apply to anything
2194 2008-10-02 Gavin Barraclough <barraclough@apple.com>
2196 Reviewed by Darin Adler.
2198 Fix for bug #21232 - should reset m_isPendingDash on flush,
2199 and should allow '\-' as beginning or end of a range (though
2200 not to specifiy a range itself).
2203 * wrec/CharacterClassConstructor.cpp:
2204 (JSC::CharacterClassConstructor::put):
2205 (JSC::CharacterClassConstructor::flush):
2206 * wrec/CharacterClassConstructor.h:
2207 (JSC::CharacterClassConstructor::flushBeforeEscapedHyphen):
2209 (JSC::WRECGenerator::generateDisjunction):
2210 (JSC::WRECParser::parseCharacterClass):
2211 (JSC::WRECParser::parseDisjunction):
2214 2008-10-02 Darin Adler <darin@apple.com>
2216 Reviewed by Sam Weinig.
2218 - remove the "static" from declarations in a header file, since we
2219 don't want them to have internal linkage
2221 * VM/Machine.h: Remove the static keyword from the constant and the
2222 three inline functions that Geoff just moved here.
2224 2008-10-02 Geoffrey Garen <ggaren@apple.com>
2226 Reviewed by Sam Weinig.
2228 Fixed https://bugs.webkit.org/show_bug.cgi?id=21283.
2229 Profiler Crashes When Started
2233 (JSC::makeHostCallFramePointer):
2234 (JSC::isHostCallFrame):
2235 (JSC::stripHostCallFrameBit): Moved some things to the header so
2236 JSGlobalObject could use them.
2238 * kjs/JSGlobalObject.h:
2239 (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData): Call the
2240 new makeHostCallFramePointer API, since 0 no longer indicates a host
2243 2008-10-02 Alexey Proskuryakov <ap@webkit.org>
2245 Reviewed by Darin Adler.
2247 https://bugs.webkit.org/show_bug.cgi?id=21304
2248 Stop using a static wrapper map for WebCore JS bindings
2250 * kjs/JSGlobalData.cpp:
2251 (JSC::JSGlobalData::JSGlobalData):
2252 (JSC::JSGlobalData::~JSGlobalData):
2253 (JSC::JSGlobalData::ClientData::~ClientData):
2254 * kjs/JSGlobalData.h:
2255 Added a client data member to JSGlobalData. WebCore will use it to store bindings-related
2258 * JavaScriptCore.exp: Export virtual ClientData destructor.
2260 2008-10-02 Geoffrey Garen <ggaren@apple.com>
2264 Try to fix Qt build.
2268 2008-10-01 Geoffrey Garen <ggaren@apple.com>
2270 Reviewed by Darin Adler and Cameron Zwarich.
2272 Preliminary step toward dynamic recompilation: Standardized and
2273 simplified the parsing interface.
2275 The main goal in this patch is to make it easy to ask for a duplicate
2276 compilation, and get back a duplicate result -- same source URL, same
2277 debugger / profiler ID, same toString behavior, etc.
2279 The basic unit of compilation and evaluation is now SourceCode, which
2280 encompasses a SourceProvider, a range in that provider, and a starting
2283 A SourceProvider now encompasses a source URL, and *is* a source ID,
2284 since a pointer is a unique identifier.
2288 (JSCheckScriptSyntax): Provide a SourceCode to the Interpreter, since
2289 other APIs are no longer supported.
2292 (JSC::EvalCodeCache::get): Provide a SourceCode to the Interpreter, since
2293 other APIs are no longer supported.
2294 (JSC::CodeBlock::CodeBlock): ASSERT something that used to be ASSERTed
2295 by our caller -- this is a better bottleneck.
2297 * VM/CodeGenerator.cpp:
2298 (JSC::CodeGenerator::CodeGenerator): Updated for the fact that
2299 FunctionBodyNode's parameters are no longer a WTF::Vector.
2301 * kjs/Arguments.cpp:
2302 (JSC::Arguments::Arguments): ditto
2304 * kjs/DebuggerCallFrame.cpp:
2305 (JSC::DebuggerCallFrame::evaluate): Provide a SourceCode to the Parser,
2306 since other APIs are no longer supported.
2308 * kjs/FunctionConstructor.cpp:
2309 (JSC::constructFunction): Provide a SourceCode to the Parser, since
2310 other APIs are no longer supported. Adopt FunctionBodyNode's new
2311 "finishParsing" API.
2313 * kjs/JSFunction.cpp:
2314 (JSC::JSFunction::lengthGetter):
2315 (JSC::JSFunction::getParameterName): Updated for the fact that
2316 FunctionBodyNode's parameters are no longer a wtf::Vector.
2318 * kjs/JSFunction.h: Nixed some cruft.
2320 * kjs/JSGlobalObjectFunctions.cpp:
2321 (JSC::globalFuncEval): Provide a SourceCode to the Parser, since
2322 other APIs are no longer supported.
2325 (JSC::Parser::parse): Require a SourceCode argument, instead of a bunch
2326 of broken out parameters. Stop tracking sourceId as an integer, since we
2327 use the SourceProvider pointer for this now. Don't clamp the
2328 startingLineNumber, since SourceCode does that now.
2331 (JSC::Parser::parse): Standardized the parsing interface to require a
2337 (prettyPrintScript):
2339 (runInteractive): Provide a SourceCode to the Interpreter, since
2340 other APIs are no longer supported.
2342 * kjs/SourceProvider.h:
2343 (JSC::SourceProvider::SourceProvider):
2344 (JSC::SourceProvider::url):
2345 (JSC::SourceProvider::asId):
2346 (JSC::UStringSourceProvider::create):
2347 (JSC::UStringSourceProvider::UStringSourceProvider): Added new
2348 responsibilities described above.
2350 * kjs/SourceRange.h:
2351 (JSC::SourceCode::SourceCode):
2352 (JSC::SourceCode::toString):
2353 (JSC::SourceCode::provider):
2354 (JSC::SourceCode::firstLine):
2355 (JSC::SourceCode::data):
2356 (JSC::SourceCode::length): Added new responsibilities described above.
2357 Renamed SourceRange to SourceCode, based on review feedback. Added
2358 a makeSource function for convenience.
2360 * kjs/debugger.h: Provide a SourceCode to the client, since other APIs
2361 are no longer supported.
2363 * kjs/grammar.y: Provide startingLineNumber when creating a SourceCode.
2365 * kjs/debugger.h: Treat sourceId as intptr_t to avoid loss of precision
2368 * kjs/interpreter.cpp:
2369 (JSC::Interpreter::checkSyntax):
2370 (JSC::Interpreter::evaluate):
2371 * kjs/interpreter.h: Require a SourceCode instead of broken out arguments.
2374 (JSC::Lexer::setCode):
2376 (JSC::Lexer::sourceRange): Fold together the SourceProvider and line number
2377 into a SourceCode. Fixed a bug where the Lexer would accidentally keep
2378 alive the last SourceProvider forever.
2381 (JSC::ScopeNode::ScopeNode):
2382 (JSC::ProgramNode::ProgramNode):
2383 (JSC::ProgramNode::create):
2384 (JSC::EvalNode::EvalNode):
2385 (JSC::EvalNode::generateCode):
2386 (JSC::EvalNode::create):
2387 (JSC::FunctionBodyNode::FunctionBodyNode):
2388 (JSC::FunctionBodyNode::finishParsing):
2389 (JSC::FunctionBodyNode::create):
2390 (JSC::FunctionBodyNode::generateCode):
2391 (JSC::ProgramNode::generateCode):
2392 (JSC::FunctionBodyNode::paramString):
2395 (JSC::ScopeNode::sourceId):
2396 (JSC::FunctionBodyNode::):
2397 (JSC::FunctionBodyNode::parameterCount):
2398 (JSC::FuncExprNode::):
2399 (JSC::FuncDeclNode::): Store a SourceCode in all ScopeNodes, since
2400 SourceCode is now responsible for tracking URL, ID, etc. Streamlined
2401 some ad hoc FunctionBodyNode fixups into a "finishParsing" function, to
2402 help make clear what you need to do in order to finish parsing a
2406 (WTF::::releaseBuffer): Don't ASSERT that releaseBuffer() is only called
2407 when buffer is not 0, since FunctionBodyNode is more than happy
2408 to get back a 0 buffer, and other functions like RefPtr::release() allow
2411 2008-10-01 Cameron Zwarich <zwarich@apple.com>
2413 Reviewed by Maciej Stachowiak.
2415 Bug 21289: REGRESSION (r37160): Inspector crashes on load
2416 <https://bugs.webkit.org/show_bug.cgi?id=21289>
2418 The code in Arguments::mark() in r37160 was wrong. It marks indices in
2419 d->registers, but that makes no sense (they are local variables, not
2420 arguments). It should mark those indices in d->registerArray instead.
2422 This patch also changes Arguments::copyRegisters() to use d->numParameters
2423 instead of recomputing it.
2425 * kjs/Arguments.cpp:
2426 (JSC::Arguments::mark):
2428 (JSC::Arguments::copyRegisters):
2430 2008-09-30 Darin Adler <darin@apple.com>
2432 Reviewed by Eric Seidel.
2434 - https://bugs.webkit.org/show_bug.cgi?id=21214
2435 work on getting rid of ExecState
2437 Eliminate some unneeded uses of dynamicGlobalObject.
2439 * API/JSClassRef.cpp:
2440 (OpaqueJSClass::contextData): Changed to use a map in the global data instead
2441 of on the global object. Also fixed to use only a single hash table lookup.
2443 * API/JSObjectRef.cpp:
2444 (JSObjectMakeConstructor): Use lexicalGlobalObject rather than dynamicGlobalObject
2445 to get the object prototype.
2447 * kjs/ArrayPrototype.cpp:
2448 (JSC::arrayProtoFuncToString): Use arrayVisitedElements set in global data rather
2449 than in the global object.
2450 (JSC::arrayProtoFuncToLocaleString): Ditto.
2451 (JSC::arrayProtoFuncJoin): Ditto.
2453 * kjs/JSGlobalData.cpp:
2454 (JSC::JSGlobalData::JSGlobalData): Don't initialize opaqueJSClassData, since
2455 it's no longer a pointer.
2456 (JSC::JSGlobalData::~JSGlobalData): We still need to delete all the values, but
2457 we don't need to delete the map since it's no longer a pointer.
2459 * kjs/JSGlobalData.h: Made opaqueJSClassData a map instead of a pointer to a map.
2460 Also added arrayVisitedElements.
2462 * kjs/JSGlobalObject.h: Removed arrayVisitedElements.
2465 (functionRun): Use lexicalGlobalObject instead of dynamicGlobalObject.
2466 (functionLoad): Ditto.
2468 2008-10-01 Cameron Zwarich <zwarich@apple.com>
2472 Speculative Windows build fix.
2476 2008-10-01 Cameron Zwarich <zwarich@apple.com>
2478 Reviewed by Darin Adler.
2480 Bug 21123: using "arguments" in a function should not force creation of an activation object
2481 <https://bugs.webkit.org/show_bug.cgi?id=21123>
2483 Make the 'arguments' object not require a JSActivation. We store the
2484 'arguments' object in the OptionalCalleeArguments call frame slot. We
2485 need to be able to get the original 'arguments' object to tear it off
2486 when returning from a function, but 'arguments' may be assigned to in a
2489 Therefore, we use the OptionalCalleeArguments slot when we want to get
2490 the original activation or we know that 'arguments' was not assigned a
2491 different value. When 'arguments' may have been assigned a new value,
2492 we use a new local variable that is initialized with 'arguments'. Since
2493 a function parameter named 'arguments' may overwrite the value of
2494 'arguments', we also need to be careful to look up 'arguments' in the
2495 symbol table, so we get the parameter named 'arguments' instead of the
2496 local variable that we have added for holding the 'arguments' object.
2498 This is a 19.1% win on the V8 Raytrace benchmark using the SunSpider
2499 harness, and a 20.7% win using the V8 harness. This amounts to a 6.5%
2500 total speedup on the V8 benchmark suite using the V8 harness.
2503 (JSC::CTI::privateCompileMainPass):
2505 * VM/CodeGenerator.cpp:
2506 (JSC::CodeGenerator::CodeGenerator):
2508 (JSC::Machine::unwindCallFrame):
2509 (JSC::Machine::privateExecute):
2510 (JSC::Machine::retrieveArguments):
2511 (JSC::Machine::cti_op_init_arguments):
2512 (JSC::Machine::cti_op_ret_activation_arguments):
2514 * VM/RegisterFile.h:
2515 (JSC::RegisterFile::):
2516 * kjs/Arguments.cpp:
2517 (JSC::Arguments::mark):
2518 (JSC::Arguments::fillArgList):
2519 (JSC::Arguments::getOwnPropertySlot):
2520 (JSC::Arguments::put):
2522 (JSC::Arguments::setRegisters):
2523 (JSC::Arguments::init):
2524 (JSC::Arguments::Arguments):
2525 (JSC::Arguments::copyRegisters):
2526 (JSC::JSActivation::copyRegisters):
2527 * kjs/JSActivation.cpp:
2528 (JSC::JSActivation::argumentsGetter):
2529 * kjs/JSActivation.h:
2530 (JSC::JSActivation::JSActivationData::JSActivationData):
2533 (JSC::ScopeNode::setUsesArguments):
2534 * masm/X86Assembler.h:
2535 (JSC::X86Assembler::):
2536 (JSC::X86Assembler::orl_mr):
2538 2008-10-01 Kevin McCullough <kmccullough@apple.com>
2540 Rubberstamped by Geoff Garen.
2542 Remove BreakpointCheckStatement because it's not used anymore.
2543 No effect on sunspider or the jsc tests.
2548 2008-09-30 Oliver Hunt <oliver@apple.com>
2550 Reviewed by Geoff Garen.
2552 Improve performance of CTI on windows.
2554 Currently on platforms where the compiler doesn't allow us to safely
2555 index relative to the address of a parameter we need to actually
2556 provide a pointer to CTI runtime call arguments. This patch improves
2557 performance in this case by making the CTI logic for restoring this
2558 parameter much less conservative by only resetting it before we actually
2559 make a call, rather than between each and every SF bytecode we generate
2562 This results in a 3.6% progression on the v8 benchmark when compiled with MSVC.
2565 (JSC::CTI::emitCall):
2566 (JSC::CTI::compileOpCall):
2567 (JSC::CTI::privateCompileMainPass):
2568 (JSC::CTI::privateCompileSlowCases):
2569 (JSC::CTI::privateCompilePutByIdTransition):
2571 * masm/X86Assembler.h:
2574 2008-09-30 Maciej Stachowiak <mjs@apple.com>
2576 Reviewed by Oliver Hunt.
2578 - track uses of "this", "with" and "catch" in the parser
2580 Knowing this up front will be useful for future optimizations.
2582 Perf and correctness remain the same.
2587 2008-09-30 Sam Weinig <sam@webkit.org>
2589 Reviewed by Mark Rowe.
2591 Add WebKitAvailability macros for JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError,
2592 and JSObjectMakeRegExp
2594 * API/JSObjectRef.h:
2596 2008-09-30 Darin Adler <darin@apple.com>
2598 Reviewed by Geoff Garen.
2600 - https://bugs.webkit.org/show_bug.cgi?id=21214
2601 work on getting rid of ExecState
2603 Replaced the m_prev field of ExecState with a bit in the
2604 call frame pointer to indicate "host" call frames.
2607 (JSC::makeHostCallFramePointer): Added. Sets low bit.
2608 (JSC::isHostCallFrame): Added. Checks low bit.
2609 (JSC::stripHostCallFrameBit): Added. Clears low bit.
2610 (JSC::Machine::unwindCallFrame): Replaced null check that was
2611 formerly used to detect host call frames with an isHostCallFrame check.
2612 (JSC::Machine::execute): Pass in a host call frame pointer rather than
2613 always passing 0 when starting execution from the host. This allows us
2614 to follow the entire call frame pointer chain when desired, or to stop
2615 at the host calls when that's desired.
2616 (JSC::Machine::privateExecute): Replaced null check that was
2617 formerly used to detect host call frames with an isHostCallFrame check.
2618 (JSC::Machine::retrieveCaller): Ditto.
2619 (JSC::Machine::retrieveLastCaller): Ditto.
2620 (JSC::Machine::callFrame): Removed the code to walk up m_prev pointers
2621 and replaced it with code that uses the caller pointer and uses the
2622 stripHostCallFrameBit function.
2624 * kjs/ExecState.cpp: Removed m_prev.
2625 * kjs/ExecState.h: Ditto.
2627 2008-09-30 Cameron Zwarich <zwarich@apple.com>
2629 Reviewed by Geoff Garen.
2631 Move all detection of 'arguments' in a lexical scope to the parser, in
2632 preparation for fixing
2634 Bug 21123: using "arguments" in a function should not force creation of an activation object
2635 <https://bugs.webkit.org/show_bug.cgi?id=21123>
2637 * VM/CodeGenerator.cpp:
2638 (JSC::CodeGenerator::CodeGenerator):
2642 2008-09-30 Geoffrey Garen <ggaren@apple.com>
2647 (runWithScripts): Fixed indentation.
2649 2008-09-30 Mark Rowe <mrowe@apple.com>
2651 Rubber-stamped by Sam Weinig.
2653 Build fix. Move InternalFunction::classInfo implementation into the .cpp
2654 file to prevent the vtable for InternalFunction being generated as a weak symbol.
2655 Has no effect on SunSpider.
2657 * kjs/InternalFunction.cpp:
2658 (JSC::InternalFunction::classInfo):
2659 * kjs/InternalFunction.h:
2661 2008-09-29 Maciej Stachowiak <mjs@apple.com>
2663 Reviewed by Darin Adler.
2665 - optimize appending a number to a string
2666 https://bugs.webkit.org/show_bug.cgi?id=21203
2668 It's pretty common in real-world code (and on some of the v8
2669 benchmarks) to append a number to a string, so I made this one of
2670 the fast cases, and also added support to UString to do it
2671 directly without allocating a temporary UString.
2673 ~1% speedup on v8 benchmark.
2676 (JSC::jsAddSlowCase): Make this NEVER_INLINE because somehow otherwise
2677 the change is a regression.
2678 (JSC::jsAdd): Handle number + string special case.
2679 (JSC::Machine::cti_op_add): Integrate much of the logic of jsAdd to
2680 avoid exception check in the str + str, num + num and str + num cases.
2682 (JSC::expandedSize): Make this a non-member function, since it needs to be
2683 called in non-member functions but not outside this file.
2684 (JSC::expandCapacity): Ditto.
2685 (JSC::UString::expandCapacity): Call the non-member version.
2686 (JSC::createRep): Helper to make a rep from a char*.
2687 (JSC::UString::UString): Use above helper.
2688 (JSC::concatenate): Guts of concatenating constructor for cases where first
2689 item is a UString::Rep, and second is a UChar* and length, or a char*.
2690 (JSC::UString::append): Implement for cases where first item is a UString::Rep,
2691 and second is an int or double. Sadly duplicates logic of UString::from(int)
2692 and UString::from(double).
2695 2008-09-29 Darin Adler <darin@apple.com>
2697 Reviewed by Sam Weinig.
2699 - https://bugs.webkit.org/show_bug.cgi?id=21214
2700 work on getting rid of ExecState
2702 * JavaScriptCore.exp: Updated since JSGlobalObject::init
2703 no longer takes a parameter.
2706 (JSC::Machine::execute): Removed m_registerFile argument
2707 for ExecState constructors.
2709 * kjs/DebuggerCallFrame.cpp:
2710 (JSC::DebuggerCallFrame::evaluate): Removed globalThisValue
2711 argument for ExecState constructor.
2713 * kjs/ExecState.cpp:
2714 (JSC::ExecState::ExecState): Removed globalThisValue and
2715 registerFile arguments to constructors.
2717 * kjs/ExecState.h: Removed m_globalThisValue and
2718 m_registerFile data members.
2720 * kjs/JSGlobalObject.cpp:
2721 (JSC::JSGlobalObject::init): Removed globalThisValue
2722 argument for ExecState constructor.
2724 * kjs/JSGlobalObject.h:
2725 (JSC::JSGlobalObject::JSGlobalObject): Got rid of parameter
2726 for the init function.
2728 2008-09-29 Geoffrey Garen <ggaren@apple.com>
2730 Rubber-stamped by Cameron Zwarich.
2732 Fixed https://bugs.webkit.org/show_bug.cgi?id=21225
2733 Machine::retrieveLastCaller should check for a NULL codeBlock
2735 In order to crash, you would need to call retrieveCaller in a situation
2736 where you had two host call frames in a row in the register file. I
2737 don't know how to make that happen, or if it's even possible, so I don't
2738 have a test case -- but better safe than sorry!
2741 (JSC::Machine::retrieveLastCaller):
2743 2008-09-29 Geoffrey Garen <ggaren@apple.com>
2745 Reviewed by Cameron Zwarich.
2747 Store the callee ScopeChain, not the caller ScopeChain, in the call frame
2748 header. Nix the "scopeChain" local variable and ExecState::m_scopeChain, and
2749 access the callee ScopeChain through the call frame header instead.
2751 Profit: call + return are simpler, because they don't have to update the
2752 "scopeChain" local variable, or ExecState::m_scopeChain.
2754 Because CTI keeps "r" in a register, reading the callee ScopeChain relative
2755 to "r" can be very fast, in any cases we care to optimize.
2757 0% speedup on empty function call benchmark. (5.5% speedup in bytecode.)
2758 0% speedup on SunSpider. (7.5% speedup on controlflow-recursive.)
2759 2% speedup on SunSpider --v8.
2760 2% speedup on v8 benchmark.
2762 * VM/CTI.cpp: Changed scope chain access to read the scope chain from
2763 the call frame header. Sped up op_ret by changing it not to fuss with
2764 the "scopeChain" local variable or ExecState::m_scopeChain.
2766 * VM/CTI.h: Updated CTI trampolines not to take a ScopeChainNode*
2767 argument, since that's stored in the call frame header now.
2769 * VM/Machine.cpp: Access "scopeChain" and "codeBlock" through new helper
2770 functions that read from the call frame header. Updated functions operating
2771 on ExecState::m_callFrame to account for / take advantage of the fact that
2772 Exec:m_callFrame is now never NULL.
2774 Fixed a bug in op_construct, where it would use the caller's default
2775 object prototype, rather than the callee's, when constructing a new object.
2777 * VM/Machine.h: Made some helper functions available. Removed
2778 ScopeChainNode* arguments to a lot of functions, since the ScopeChainNode*
2779 is now stored in the call frame header.
2781 * VM/RegisterFile.h: Renamed "CallerScopeChain" to "ScopeChain", since
2782 that's what it is now.
2784 * kjs/DebuggerCallFrame.cpp: Updated for change to ExecState signature.
2786 * kjs/ExecState.cpp:
2787 * kjs/ExecState.h: Nixed ExecState::m_callFrame, along with the unused
2788 isGlobalObject function.
2790 * kjs/JSGlobalObject.cpp:
2791 * kjs/JSGlobalObject.h: Gave the global object a fake call frame in
2792 which to store the global scope chain, since our code now assumes that
2793 it can always read the scope chain out of the ExecState's call frame.
2795 2008-09-29 Cameron Zwarich <cwzwarich@uwaterloo.ca>
2797 Reviewed by Sam Weinig.
2799 Remove the isActivationObject() virtual method on JSObject and use
2800 StructureID information instead. This should be slightly faster, but
2801 isActivationObject() is only used in assertions and unwinding the stack
2806 (JSC::Machine::unwindCallFrame):
2807 (JSC::Machine::privateExecute):
2808 (JSC::Machine::cti_op_ret_activation):
2809 * kjs/JSActivation.cpp:
2810 * kjs/JSActivation.h:
2813 2008-09-29 Peter Gal <galpeter@inf.u-szeged.hu>
2815 Reviewed and tweaked by Darin Adler.
2817 Fix build for non-all-in-one platforms.
2819 * kjs/StringPrototype.cpp: Added missing ASCIICType.h include.
2821 2008-09-29 Bradley T. Hughes <bradley.hughes@nokia.com>
2823 Reviewed by Simon Hausmann.
2825 Fix compilation with icpc
2831 2008-09-29 Thiago Macieira <thiago.macieira@nokia.com>
2833 Reviewed by Simon Hausmann.
2835 Changed copyright from Trolltech ASA to Nokia.
2837 Nokia acquired Trolltech ASA, assets were transferred on September 26th 2008.
2840 * wtf/qt/MainThreadQt.cpp:
2842 2008-09-29 Simon Hausmann <hausmann@webkit.org>
2844 Reviewed by Lars Knoll.
2846 Don't accidentially install libJavaScriptCore.a for the build inside
2849 * JavaScriptCore.pro:
2851 2008-09-28 Cameron Zwarich <cwzwarich@uwaterloo.ca>
2853 Reviewed by Maciej Stachowiak.
2855 Bug 21200: Allow direct access to 'arguments' without using op_resolve
2856 <https://bugs.webkit.org/show_bug.cgi?id=21200>
2858 Allow fast access to the 'arguments' object by adding an extra slot to
2859 the callframe to store it.
2861 This is a 3.0% speedup on the V8 Raytrace benchmark.
2863 * JavaScriptCore.exp:
2865 (JSC::CTI::privateCompileMainPass):
2867 (JSC::CodeBlock::dump):
2868 * VM/CodeGenerator.cpp:
2869 (JSC::CodeGenerator::CodeGenerator):
2870 (JSC::CodeGenerator::registerFor):
2871 * VM/CodeGenerator.h:
2872 (JSC::CodeGenerator::registerFor):
2874 (JSC::Machine::initializeCallFrame):
2875 (JSC::Machine::dumpRegisters):
2876 (JSC::Machine::privateExecute):
2877 (JSC::Machine::retrieveArguments):
2878 (JSC::Machine::cti_op_call_JSFunction):
2879 (JSC::Machine::cti_op_create_arguments):
2880 (JSC::Machine::cti_op_construct_JSConstruct):
2883 * VM/RegisterFile.h:
2884 (JSC::RegisterFile::):
2885 * kjs/JSActivation.cpp:
2886 (JSC::JSActivation::mark):
2887 (JSC::JSActivation::argumentsGetter):
2888 * kjs/JSActivation.h:
2889 (JSC::JSActivation::JSActivationData::JSActivationData):
2892 (JSC::Parser::didFinishParsing):
2894 (JSC::Parser::parse):
2897 (JSC::ScopeNode::ScopeNode):
2898 (JSC::ProgramNode::ProgramNode):
2899 (JSC::ProgramNode::create):
2900 (JSC::EvalNode::EvalNode):
2901 (JSC::EvalNode::create):
2902 (JSC::FunctionBodyNode::FunctionBodyNode):
2903 (JSC::FunctionBodyNode::create):
2905 (JSC::ScopeNode::usesArguments):
2907 2008-09-28 Mark Rowe <mrowe@apple.com>
2909 Reviewed by Sam Weinig.
2911 Add an ASCII fast-path to toLowerCase and toUpperCase.
2913 The fast path speeds up the common case of an ASCII-only string by up to 60% while adding a less than 5% penalty
2914 to the less common non-ASCII case.
2916 This also removes stringProtoFuncToLocaleLowerCase and stringProtoFuncToLocaleUpperCase, which were identical
2917 to the non-locale variants of the functions. toLocaleLowerCase and toLocaleUpperCase now use the non-locale
2918 variants of the functions directly.
2920 * kjs/StringPrototype.cpp:
2921 (JSC::stringProtoFuncToLowerCase):
2922 (JSC::stringProtoFuncToUpperCase):
2924 2008-09-28 Mark Rowe <mrowe@apple.com>
2926 Reviewed by Cameron Zwarich.
2928 Speed up parseInt and parseFloat.
2930 Repeatedly indexing into a UString is slow, so retrieve a pointer into the underlying buffer once up front
2931 and use that instead. This is a 7% win on a parseInt/parseFloat micro-benchmark.
2933 * kjs/JSGlobalObjectFunctions.cpp:
2937 2008-09-28 Simon Hausmann <hausmann@webkit.org>
2939 Reviewed by David Hyatt.
2941 In Qt's initializeThreading re-use an existing thread identifier for the main
2942 thread if it exists.
2944 currentThread() implicitly creates new identifiers and it could be that
2945 it is called before initializeThreading().
2947 * wtf/ThreadingQt.cpp:
2948 (WTF::initializeThreading):
2950 2008-09-27 Keishi Hattori <casey.hattori@gmail.com>
2952 Added Machine::retrieveCaller to the export list.
2954 Reviewed by Kevin McCullough and Tim Hatcher.
2956 * JavaScriptCore.exp: Added Machine::retrieveCaller.
2958 2008-09-27 Anders Carlsson <andersca@apple.com>
2965 2008-09-27 Geoffrey Garen <ggaren@apple.com>
2967 Reviewed by Cameron Zwarich.
2969 https://bugs.webkit.org/show_bug.cgi?id=21175
2971 Store the callee CodeBlock, not the caller CodeBlock, in the call frame
2972 header. Nix the "codeBlock" local variable, and access the callee
2973 CodeBlock through the call frame header instead.
2975 Profit: call + return are simpler, because they don't have to update the
2976 "codeBlock" local variable.
2978 Because CTI keeps "r" in a register, reading the callee CodeBlock relative
2979 to "r" can be very fast, in any cases we care to optimize. Presently,
2980 no such cases seem important.
2982 Also, stop writing "dst" to the call frame header. CTI doesn't use it.
2984 21.6% speedup on empty function call benchmark.
2985 3.8% speedup on SunSpider --v8.
2986 2.1% speedup on v8 benchmark.
2987 0.7% speedup on SunSpider (6% speedup on controlflow-recursive).
2989 Small regression in bytecode, because currently every op_ret reads the
2990 callee CodeBlock to check needsFullScopeChain, and bytecode does not
2991 keep "r" in a register. On-balance, this is probably OK, since CTI is
2992 our high-performance execution model. Also, this should go away once
2993 we make needsFullScopeChain statically determinable at parse time.
2996 (JSC::CTI::compileOpCall): The speedup!
2997 (JSC::CTI::privateCompileSlowCases): ditto
3000 (JSC::): Fixed up magic trampoline constants to account for the nixed
3001 "codeBlock" argument.
3002 (JSC::CTI::execute): Changed trampoline function not to take a "codeBlock"
3003 argument, since codeBlock is now stored in the call frame header.
3005 * VM/Machine.cpp: Read the callee CodeBlock from the register file. Use
3006 a NULL CallerRegisters in the call frame header to signal a built-in
3007 caller, since CodeBlock is now never NULL.
3009 * VM/Machine.h: Made some stand-alone functions Machine member functions
3010 so they could call the private codeBlock() accessor in the Register
3011 class, of which Machine is a friend. Renamed "CallerCodeBlock" to
3012 "CodeBlock", since it's no longer the caller's CodeBlock.
3014 * VM/RegisterFile.h: Marked some methods const to accommodate a
3015 const RegisterFile* being passed around in Machine.cpp.
3017 2008-09-26 Jan Michael Alonzo <jmalonzo@webkit.org>
3019 Gtk build fix. Not reviewed.
3021 Narrow-down the target of the JavaScriptCore .lut.h generator so
3022 it won't try to create the WebCore .lut.hs.
3026 2008-09-26 Matt Lilek <webkit@mattlilek.com>
3028 Reviewed by Tim Hatcher.
3030 Update FEATURE_DEFINES after ENABLE_CROSS_DOCUMENT_MESSAGING was removed.
3032 * Configurations/JavaScriptCore.xcconfig:
3034 2008-09-26 Cameron Zwarich <cwzwarich@uwaterloo.ca>
3036 Rubber-stamped by Anders Carlson.
3038 Change the name 'sc' to 'scopeChainNode' in a few places.
3041 (JSC::EvalNode::generateCode):
3042 (JSC::FunctionBodyNode::generateCode):
3043 (JSC::ProgramNode::generateCode):
3045 2008-09-26 Sam Weinig <sam@webkit.org>
3047 Reviewed by Darin Adler.
3049 Patch for https://bugs.webkit.org/show_bug.cgi?id=21152
3050 Speedup static property get/put
3052 Convert getting/setting static property values to use static functions
3053 instead of storing an integer and switching in getValueProperty/putValueProperty.
3056 (JSC::JSObject::deleteProperty):
3057 (JSC::JSObject::getPropertyAttributes):
3058 * kjs/MathObject.cpp:
3059 (JSC::MathObject::getOwnPropertySlot):
3060 * kjs/NumberConstructor.cpp:
3061 (JSC::numberConstructorNaNValue):
3062 (JSC::numberConstructorNegInfinity):
3063 (JSC::numberConstructorPosInfinity):
3064 (JSC::numberConstructorMaxValue):
3065 (JSC::numberConstructorMinValue):
3066 * kjs/PropertySlot.h:
3067 (JSC::PropertySlot::):
3068 * kjs/RegExpConstructor.cpp:
3069 (JSC::regExpConstructorDollar1):
3070 (JSC::regExpConstructorDollar2):
3071 (JSC::regExpConstructorDollar3):
3072 (JSC::regExpConstructorDollar4):
3073 (JSC::regExpConstructorDollar5):
3074 (JSC::regExpConstructorDollar6):
3075 (JSC::regExpConstructorDollar7):
3076 (JSC::regExpConstructorDollar8):
3077 (JSC::regExpConstructorDollar9):
3078 (JSC::regExpConstructorInput):
3079 (JSC::regExpConstructorMultiline):
3080 (JSC::regExpConstructorLastMatch):
3081 (JSC::regExpConstructorLastParen):
3082 (JSC::regExpConstructorLeftContext):
3083 (JSC::regExpConstructorRightContext):
3084 (JSC::setRegExpConstructorInput):
3085 (JSC::setRegExpConstructorMultiline):
3086 (JSC::RegExpConstructor::setInput):
3087 (JSC::RegExpConstructor::setMultiline):
3088 (JSC::RegExpConstructor::multiline):
3089 * kjs/RegExpConstructor.h:
3090 * kjs/RegExpObject.cpp:
3091 (JSC::regExpObjectGlobal):
3092 (JSC::regExpObjectIgnoreCase):
3093 (JSC::regExpObjectMultiline):
3094 (JSC::regExpObjectSource):
3095 (JSC::regExpObjectLastIndex):
3096 (JSC::setRegExpObjectLastIndex):
3097 * kjs/RegExpObject.h:
3098 (JSC::RegExpObject::setLastIndex):
3099 (JSC::RegExpObject::lastIndex):
3100 (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
3101 * kjs/StructureID.cpp:
3102 (JSC::StructureID::getEnumerablePropertyNames):
3103 * kjs/create_hash_table:
3107 (JSC::HashTable::createTable):
3108 (JSC::HashTable::deleteTable):
3109 (JSC::setUpStaticFunctionSlot):
3111 (JSC::HashEntry::initialize):
3112 (JSC::HashEntry::setKey):
3113 (JSC::HashEntry::key):
3114 (JSC::HashEntry::attributes):
3115 (JSC::HashEntry::function):
3116 (JSC::HashEntry::functionLength):
3117 (JSC::HashEntry::propertyGetter):
3118 (JSC::HashEntry::propertyPutter):
3119 (JSC::HashEntry::lexerValue):
3121 (JSC::HashTable::entry):
3122 (JSC::getStaticPropertySlot):
3123 (JSC::getStaticValueSlot):
3126 2008-09-26 Gavin Barraclough <barraclough@apple.com>
3128 Reviewed by Maciej Stachowiak & Oliver Hunt.
3130 Add support for reusing temporary JSNumberCells. This change is based on the observation
3131 that if the result of certain operations is a JSNumberCell and is consumed by a subsequent
3132 operation that would produce a JSNumberCell, we can reuse the object rather than allocating
3133 a fresh one. E.g. given the expression ((a * b) * c), we can statically determine that
3134 (a * b) will have a numeric result (or else it will have thrown an exception), so the result
3135 will either be a JSNumberCell or a JSImmediate.
3137 This patch changes three areas of JSC:
3138 * The AST now tracks type information about the result of each node.
3139 * This information is consumed in bytecode compilation, and certain bytecode operations
3140 now carry the statically determined type information about their operands.
3141 * CTI uses the information in a number of fashions:
3142 * Where an operand to certain arithmetic operations is reusable, it will plant code
3143 to try to perform the operation in JIT code & reuse the cell, where appropriate.
3144 * Where it can be statically determined that an operand can only be numeric (typically
3145 the result of another arithmetic operation) the code will not redundantly check that
3146 the JSCell is a JSNumberCell.
3147 * Where either of the operands to an add are non-numeric do not plant an optimized
3148 arithmetic code path, just call straight out to the C function.
3150 +6% Sunspider (10% progression on 3D, 16% progression on math, 60% progression on access-nbody),
3151 +1% v8-tests (improvements in raytrace & crypto)
3153 * VM/CTI.cpp: Add optimized code generation with reuse of temporary JSNumberCells.
3155 * kjs/JSNumberCell.h:
3156 * masm/X86Assembler.h:
3158 * VM/CodeBlock.cpp: Add type information to specific bytecodes.
3159 * VM/CodeGenerator.cpp:
3160 * VM/CodeGenerator.h:
3163 * kjs/nodes.cpp: Track static type information for nodes.
3165 * kjs/ResultDescriptor.h: (Added)
3166 * JavaScriptCore.xcodeproj/project.pbxproj:
3168 2008-09-26 Yichao Yin <yichao.yin@torchmobile.com.cn>
3170 Reviewed by George Staikos, Maciej Stachowiak.
3172 Add utility functions needed for upcoming WML code.
3175 (WTF::isASCIIPrintable):
3177 2008-09-26 Geoffrey Garen <ggaren@apple.com>
3179 Reviewed by Darin Adler.
3181 Reverted the part of r36614 that used static data because static data
3184 2008-09-26 Geoffrey Garen <ggaren@apple.com>
3186 Reviewed by Maciej Stachowiak.
3188 Removed dynamic check for whether the callee needs an activation object.
3189 Replaced with callee code to create the activation object.
3191 0.5% speedup on SunSpider.
3192 No change on v8 benchmark. (Might be a speedup, but it's in range of the
3195 0.7% speedup on v8 benchmark in bytecode.
3196 1.3% speedup on empty call benchmark in bytecode.
3199 (JSC::CTI::privateCompileMainPass): Added support for op_init_activation,
3200 the new opcode that specifies that the callee's initialization should
3201 create an activation object.
3202 (JSC::CTI::privateCompile): Removed previous code that did a similar
3203 thing in an ad-hoc way.
3206 (JSC::CodeBlock::dump): Added a case for dumping op_init_activation.
3208 * VM/CodeGenerator.cpp:
3209 (JSC::CodeGenerator::generate): Added fixup code to change op_init to
3210 op_init_activation if necessary. (With a better parser, we would know
3211 which to use from the beginning.)
3214 (JSC::Instruction::Instruction):
3215 (WTF::): Faster traits for the instruction vector. An earlier version
3216 of this patch relied on inserting at the beginning of the vector, and
3217 depended on this change for speed.
3220 (JSC::Machine::execute): Removed clients of setScopeChain, the old
3221 abstraction for dynamically checking for whether an activation object
3222 needed to be created.
3223 (JSC::Machine::privateExecute): ditto
3225 (JSC::Machine::cti_op_push_activation): Renamed this function from
3226 cti_vm_updateScopeChain, and made it faster by removing the call to
3230 * VM/Opcode.h: Declared op_init_activation.
3232 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3234 Reviewed by Maciej Stachowiak.
3236 Move most of the return code back into the callee, now that the callee
3237 doesn't have to calculate anything dynamically.
3239 11.5% speedup on empty function call benchmark.
3241 SunSpider says 0.3% faster. SunSpider --v8 says no change.
3244 (JSC::CTI::compileOpCall):
3245 (JSC::CTI::privateCompileMainPass):
3246 (JSC::CTI::privateCompileSlowCases):
3248 2008-09-24 Sam Weinig <sam@webkit.org>
3250 Reviewed by Maciej Stachowiak.
3252 Remove staticFunctionGetter. There is only one remaining user of
3253 staticFunctionGetter and it can be converted to use setUpStaticFunctionSlot.
3255 * JavaScriptCore.exp:
3259 2008-09-24 Maciej Stachowiak <mjs@apple.com>
3261 Reviewed by Oliver Hunt.
3263 - inline JIT fast case of op_neq
3264 - remove extra level of function call indirection from slow cases of eq and neq
3266 1% speedup on Richards
3269 (JSC::CTI::privateCompileMainPass):
3270 (JSC::CTI::privateCompileSlowCases):
3272 (JSC::Machine::privateExecute):
3273 (JSC::Machine::cti_op_eq):
3274 (JSC::Machine::cti_op_neq):
3275 * kjs/operations.cpp:
3277 (JSC::equalSlowCase):
3279 (JSC::equalSlowCaseInline):
3281 2008-09-24 Sam Weinig <sam@webkit.org>
3283 Reviewed by Darin Adler.
3285 Fix for https://bugs.webkit.org/show_bug.cgi?id=21080
3286 <rdar://problem/6243534>
3287 Crash below Function.apply when using a runtime array as the argument list
3289 Test: plugins/bindings-array-apply-crash.html
3291 * kjs/FunctionPrototype.cpp:
3292 (JSC::functionProtoFuncApply): Revert to the slow case if the object inherits from
3293 JSArray (via ClassInfo) but is not a JSArray.
3295 2008-09-24 Kevin McCullough <kmccullough@apple.com>
3300 (JSC::statementListEmitCode):
3302 2008-09-24 Kevin McCullough <kmccullough@apple.com>
3306 Bug 21031: Breakpoints in the condition of loops only breaks the first
3308 - Now when setting breakpoints in the condition of a loop (for, while,
3309 for in, and do while) will successfully break each time throught the
3311 - For 'for' loops we need a little more complicated behavior that cannot
3312 be accomplished without some more significant changes:
3313 https://bugs.webkit.org/show_bug.cgi?id=21073
3316 (JSC::statementListEmitCode): We don't want to blindly emit a debug hook
3317 at the first line of loops, instead let the loop emit the debug hooks.
3318 (JSC::DoWhileNode::emitCode):
3319 (JSC::WhileNode::emitCode):
3320 (JSC::ForNode::emitCode):
3321 (JSC::ForInNode::emitCode):
3323 (JSC::StatementNode::):
3324 (JSC::DoWhileNode::):
3328 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3330 Reviewed by Darin Adler.
3332 Fixed <rdar://problem/5605532> Need a SPI for telling JS the size of
3333 the objects it retains
3335 * API/tests/testapi.c: Test the new SPI a little.
3337 * API/JSSPI.cpp: Add the new SPI.
3338 * API/JSSPI.h: Add the new SPI.
3339 * JavaScriptCore.exp: Add the new SPI.
3340 * JavaScriptCore.xcodeproj/project.pbxproj: Add the new SPI.
3342 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3344 Reviewed by Darin Adler.
3346 * API/JSBase.h: Filled in some missing function names.
3348 2008-09-24 Geoffrey Garen <ggaren@apple.com>
3350 Reviewed by Cameron Zwarich.
3352 Fixed https://bugs.webkit.org/show_bug.cgi?id=21057
3353 Crash in RegisterID::deref() running fast/canvas/canvas-putImageData.html
3355 * VM/CodeGenerator.h: Changed declaration order to ensure the
3356 m_lastConstant, which is a RefPtr that points into m_calleeRegisters,
3357 has its destructor called before the destructor for m_calleeRegisters.
3359 2008-09-24 Darin Adler <darin@apple.com>
3361 Reviewed by Sam Weinig.
3363 - https://bugs.webkit.org/show_bug.cgi?id=21047
3364 speed up ret_activation with inlining
3366 About 1% on v8-raytrace.
3368 * JavaScriptCore.exp: Removed JSVariableObject::setRegisters.
3370 * kjs/JSActivation.cpp: Moved copyRegisters to the header to make it inline.
3371 * kjs/JSActivation.h:
3372 (JSC::JSActivation::copyRegisters): Moved here. Also removed the registerArraySize
3373 argument to setRegisters, since the object doesn't need to store the number of
3376 * kjs/JSGlobalObject.cpp:
3377 (JSC::JSGlobalObject::reset): Removed unnecessary clearing left over from when we
3378 used this on objects that weren't brand new. These days, this function is really
3379 just part of the constructor.
3381 * kjs/JSGlobalObject.h: Added registerArraySize to JSGlobalObjectData, since
3382 JSVariableObjectData no longer needs it. Added a setRegisters override here
3383 that handles storing the size.
3385 * kjs/JSStaticScopeObject.h: Removed code to set registerArraySize, since it
3388 * kjs/JSVariableObject.cpp: Moved copyRegisterArray and setRegisters to the
3389 header to make them inline.
3390 * kjs/JSVariableObject.h: Removed registerArraySize from JSVariableObjectData,
3391 since it was only used for the global object.
3392 (JSC::JSVariableObject::copyRegisterArray): Moved here ot make it inline.
3393 (JSC::JSVariableObject::setRegisters): Moved here to make it inline. Also
3394 removed the code to set registerArraySize and changed an if statement into
3395 an assert to save an unnnecessary branch.
3397 2008-09-24 Maciej Stachowiak <mjs@apple.com>
3399 Reviewed by Oliver Hunt.
3401 - inline PropertyMap::getOffset to speed up polymorphic lookups
3403 ~1.5% speedup on v8 benchmark
3404 no effect on SunSpider
3406 * JavaScriptCore.exp:
3407 * kjs/PropertyMap.cpp:
3408 * kjs/PropertyMap.h:
3409 (JSC::PropertyMap::getOffset):
3411 2008-09-24 Jan Michael Alonzo <jmalonzo@webkit.org>
3413 Reviewed by Alp Toker.
3415 https://bugs.webkit.org/show_bug.cgi?id=20992
3416 Build fails on GTK+ Mac OS
3418 * wtf/ThreadingGtk.cpp: Remove platform ifdef as suggested by
3420 (WTF::initializeThreading):
3422 2008-09-23 Oliver Hunt <oliver@apple.com>
3424 Reviewed by Maciej Stachowiak.
3426 Bug 19968: Slow Script at www.huffingtonpost.com
3427 <https://bugs.webkit.org/show_bug.cgi?id=19968>
3429 Finally found the cause of this accursed issue. It is triggered
3430 by synchronous creation of a new global object from JS. The new
3431 global object resets the timer state in this execution group's
3432 Machine, taking timerCheckCount to 0. Then when JS returns the
3433 timerCheckCount is decremented making it non-zero. The next time
3434 we execute JS we will start the timeout counter, however the non-zero
3435 timeoutCheckCount means we don't reset the timer information. This
3436 means that the timeout check is now checking the cumulative time
3437 since the creation of the global object rather than the time since
3438 JS was last entered. At this point the slow script dialog is guaranteed
3439 to eventually be displayed incorrectly unless a page is loaded
3440 asynchronously (which will reset everything into a sane state).
3442 The fix for this is rather trivial -- the JSGlobalObject constructor
3443 should not be resetting the machine timer state.
3446 (JSC::Machine::Machine):
3447 Now that we can't rely on the GlobalObject initialising the timeout
3448 state, we do it in the Machine constructor.
3451 (JSC::Machine::stopTimeoutCheck):
3452 Add assertions to guard against this happening.
3454 * kjs/JSGlobalObject.cpp:
3455 (JSC::JSGlobalObject::init):
3456 Don't reset the timeout state.
3458 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3460 Reviewed by Oliver Hunt.
3462 Fixed https://bugs.webkit.org/show_bug.cgi?id=21038 | <rdar://problem/6240812>
3463 Uncaught exceptions in regex replace callbacks crash webkit
3465 This was a combination of two problems:
3467 (1) the replace function would continue execution after an exception
3470 (2) In some cases, the Machine would return 0 in the case of an exception,
3471 despite the fact that a few clients dereference the Machine's return
3472 value without first checking for an exception.
3475 (JSC::Machine::execute):
3477 ^ Return jsNull() instead of 0 in the case of an exception, since some
3478 clients depend on using our return value.
3480 ^ ASSERT that execution does not continue after an exception has been
3481 thrown, to help catch problems like this in the future.
3483 * kjs/StringPrototype.cpp:
3484 (JSC::stringProtoFuncReplace):
3486 ^ Stop execution if an exception has been thrown.
3488 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3490 Try to fix the windows build.
3493 (JSC::CTI::compileOpCall):
3494 (JSC::CTI::privateCompileMainPass):
3496 2008-09-23 Alp Toker <alp@nuanti.com>
3502 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3504 Reviewed by Darin Adler.
3506 * wtf/Platform.h: Removed duplicate #if.
3508 2008-09-23 Geoffrey Garen <ggaren@apple.com>
3510 Reviewed by Darin Adler.
3512 Changed the layout of the call frame from
3514 { header, parameters, locals | constants, temporaries }
3518 { parameters, header | locals, constants, temporaries }
3520 This simplifies function entry+exit, and enables a number of future
3523 13.5% speedup on empty call benchmark for bytecode; 23.6% speedup on
3524 empty call benchmark for CTI.
3526 SunSpider says no change. SunSpider --v8 says 1% faster.
3530 Added a bit of abstraction for calculating whether a register is a
3531 constant, since this patch changes that calculation:
3532 (JSC::CTI::isConstant):
3533 (JSC::CTI::getConstant):
3534 (JSC::CTI::emitGetArg):
3535 (JSC::CTI::emitGetPutArg):
3536 (JSC::CTI::getConstantImmediateNumericArg):
3538 Updated for changes to callframe header location:
3539 (JSC::CTI::emitPutToCallFrameHeader):
3540 (JSC::CTI::emitGetFromCallFrameHeader):
3541 (JSC::CTI::printOpcodeOperandTypes):
3543 Renamed to spite Oliver:
3544 (JSC::CTI::emitInitRegister):
3546 Added an abstraction for emitting a call through a register, so that
3547 calls through registers generate exception info, too:
3548 (JSC::CTI::emitCall):
3550 Updated to match the new callframe header layout, and to support calls
3551 through registers, which have no destination address:
3552 (JSC::CTI::compileOpCall):
3553 (JSC::CTI::privateCompileMainPass):
3554 (JSC::CTI::privateCompileSlowCases):
3555 (JSC::CTI::privateCompile):
3560 (JSC::CallRecord::CallRecord):
3564 Updated for new register layout:
3565 (JSC::registerName):
3566 (JSC::CodeBlock::dump):
3570 Updated CodeBlock to track slightly different information about the
3571 register frame, and tweaked the style of an ASSERT_NOT_REACHED.
3572 (JSC::CodeBlock::CodeBlock):
3573 (JSC::CodeBlock::getStubInfo):
3575 * VM/CodeGenerator.cpp:
3577 Added some abstraction around constant register allocation, since this
3578 patch changes it, changed codegen to account for the new callframe
3579 layout, and added abstraction around register fetching code
3580 that used to assume that all local registers lived at negative indices,
3581 since vars now live at positive indices:
3582 (JSC::CodeGenerator::generate):
3583 (JSC::CodeGenerator::addVar):
3584 (JSC::CodeGenerator::addGlobalVar):
3585 (JSC::CodeGenerator::allocateConstants):
3586 (JSC::CodeGenerator::CodeGenerator):
3587 (JSC::CodeGenerator::addParameter):
3588 (JSC::CodeGenerator::registerFor):
3589 (JSC::CodeGenerator::constRegisterFor):
3590 (JSC::CodeGenerator::newRegister):
3591 (JSC::CodeGenerator::newTemporary):
3592 (JSC::CodeGenerator::highestUsedRegister):
3593 (JSC::CodeGenerator::addConstant):
3595 ASSERT that our caller referenced the registers it passed to us.
3596 Otherwise, we might overwrite them with parameters:
3597 (JSC::CodeGenerator::emitCall):
3598 (JSC::CodeGenerator::emitConstruct):
3600 * VM/CodeGenerator.h:
3602 Added some abstraction for getting a RegisterID for a given index,
3603 since the rules are a little weird:
3604 (JSC::CodeGenerator::registerFor):
3608 Utility function to transform a machine return PC to a virtual machine
3609 return VPC, for the sake of stack unwinding, since both PCs are stored
3610 in the same location now:
3613 Tweaked to account for new call frame:
3614 (JSC::Machine::initializeCallFrame):
3616 Tweaked to account for registerOffset supplied by caller:
3617 (JSC::slideRegisterWindowForCall):
3619 Tweaked to account for new register layout:
3620 (JSC::scopeChainForCall):
3621 (JSC::Machine::callEval):
3622 (JSC::Machine::dumpRegisters):
3623 (JSC::Machine::unwindCallFrame):
3624 (JSC::Machine::execute):
3626 Changed op_call and op_construct to implement the new calling convention:
3627 (JSC::Machine::privateExecute):
3629 Tweaked to account for the new register layout:
3630 (JSC::Machine::retrieveArguments):
3631 (JSC::Machine::retrieveCaller):
3632 (JSC::Machine::retrieveLastCaller):
3633 (JSC::Machine::callFrame):
3634 (JSC::Machine::getArgumentsData):
3636 Changed CTI call helpers to implement the new calling convention:
3637 (JSC::Machine::cti_op_call_JSFunction):
3638 (JSC::Machine::cti_op_call_NotJSFunction):
3639 (JSC::Machine::cti_op_ret_activation):
3640 (JSC::Machine::cti_op_ret_profiler):
3641 (JSC::Machine::cti_op_construct_JSConstruct):
3642 (JSC::Machine::cti_op_construct_NotJSConstruct):
3643 (JSC::Machine::cti_op_call_eval):
3649 Renamed op_initialise_locals to op_init, because this opcode
3650 doesn't initialize all locals, and it doesn't initialize only locals.
3651 Also, to spite Oliver.
3653 * VM/RegisterFile.h:
3655 New call frame enumeration values:
3656 (JSC::RegisterFile::):
3658 Simplified the calculation of whether a RegisterID is a temporary,
3659 since we can no longer assume that all positive non-constant registers
3662 (JSC::RegisterID::RegisterID):
3663 (JSC::RegisterID::setTemporary):
3664 (JSC::RegisterID::isTemporary):
3666 Renamed firstArgumentIndex to firstParameterIndex because the assumption
3667 that this variable pertained to the actual arguments supplied by the
3668 caller caused me to write some buggy code:
3669 * kjs/Arguments.cpp:
3670 (JSC::ArgumentsData::ArgumentsData):
3671 (JSC::Arguments::Arguments):
3672 (JSC::Arguments::fillArgList):
3673 (JSC::Arguments::getOwnPropertySlot):
3674 (JSC::Arguments::put):
3676 Updated for new call frame layout:
3677 * kjs/DebuggerCallFrame.cpp:
3678 (JSC::DebuggerCallFrame::functionName):
3679 (JSC::DebuggerCallFrame::type):
3680 * kjs/DebuggerCallFrame.h:
3682 Changed the activation object to account for the fact that a call frame
3683 header now sits between parameters and local variables. This change
3684 requires all variable objects to do their own marking, since they
3685 now use their register storage differently:
3686 * kjs/JSActivation.cpp:
3687 (JSC::JSActivation::mark):
3688 (JSC::JSActivation::copyRegisters):
3689 (JSC::JSActivation::createArgumentsObject):
3690 * kjs/JSActivation.h:
3692 Updated global object to use the new interfaces required by the change
3693 to JSActivation above:
3694 * kjs/JSGlobalObject.cpp:
3695 (JSC::JSGlobalObject::reset):
3696 (JSC::JSGlobalObject::mark):
3697 (JSC::JSGlobalObject::copyGlobalsFrom):
3698 (JSC::JSGlobalObject::copyGlobalsTo):
3699 * kjs/JSGlobalObject.h:
3700 (JSC::JSGlobalObject::addStaticGlobals):
3702 Updated static scope object to use the new interfaces required by the
3703 change to JSActivation above:
3704 * kjs/JSStaticScopeObject.cpp:
3705 (JSC::JSStaticScopeObject::mark):
3706 (JSC::JSStaticScopeObject::~JSStaticScopeObject):
3707 * kjs/JSStaticScopeObject.h:
3708 (JSC::JSStaticScopeObject::JSStaticScopeObject):
3709 (JSC::JSStaticScopeObject::d):
3711 Updated variable object to use the new interfaces required by the
3712 change to JSActivation above:
3713 * kjs/JSVariableObject.cpp:
3714 (JSC::JSVariableObject::copyRegisterArray):
3715 (JSC::JSVariableObject::setRegisters):
3716 * kjs/JSVariableObject.h:
3718 Changed the bit twiddling in symbol table not to assume that all indices
3719 are negative, since they can be positive now:
3720 * kjs/SymbolTable.h:
3721 (JSC::SymbolTableEntry::SymbolTableEntry):
3722 (JSC::SymbolTableEntry::isNull):
3723 (JSC::SymbolTableEntry::getIndex):
3724 (JSC::SymbolTableEntry::getAttributes):
3725 (JSC::SymbolTableEntry::setAttributes):
3726 (JSC::SymbolTableEntry::isReadOnly):
3727 (JSC::SymbolTableEntry::pack):
3728 (JSC::SymbolTableEntry::isValidIndex):
3730 Changed call and construct nodes to ref their functions and/or bases,
3731 so that emitCall/emitConstruct doesn't overwrite them with parameters.
3732 Also, updated for rename to registerFor:
3734 (JSC::ResolveNode::emitCode):
3735 (JSC::NewExprNode::emitCode):
3736 (JSC::EvalFunctionCallNode::emitCode):
3737 (JSC::FunctionCallValueNode::emitCode):
3738 (JSC::FunctionCallResolveNode::emitCode):
3739 (JSC::FunctionCallBracketNode::emitCode):
3740 (JSC::FunctionCallDotNode::emitCode):
3741 (JSC::PostfixResolveNode::emitCode):
3742 (JSC::DeleteResolveNode::emitCode):
3743 (JSC::TypeOfResolveNode::emitCode):
3744 (JSC::PrefixResolveNode::emitCode):
3745 (JSC::ReadModifyResolveNode::emitCode):
3746 (JSC::AssignResolveNode::emitCode):
3747 (JSC::ConstDeclNode::emitCodeSingle):
3748 (JSC::ForInNode::emitCode):
3750 Added abstraction for getting exception info out of a call through a
3752 * masm/X86Assembler.h:
3753 (JSC::X86Assembler::emitCall):
3755 Removed duplicate #if:
3758 2008-09-23 Kevin McCullough <kmccullough@apple.com>
3762 Bug 21030: The JS debugger breaks on the do of a do-while not the while
3763 (where the conditional statement is)
3764 https://bugs.webkit.org/show_bug.cgi?id=21030
3765 Now the statementListEmitCode detects if a do-while node is being
3766 emited and emits the debug hook on the last line instead of the first.
3768 This change had no effect on sunspider.
3771 (JSC::statementListEmitCode):
3773 (JSC::StatementNode::isDoWhile):
3774 (JSC::DoWhileNode::isDoWhile):
3776 2008-09-23 Maciej Stachowiak <mjs@apple.com>
3778 Reviewed by Camron Zwarich.
3780 - inline the fast case of instanceof
3781 https://bugs.webkit.org/show_bug.cgi?id=20818
3783 ~2% speedup on EarleyBoyer test.
3786 (JSC::CTI::privateCompileMainPass):
3787 (JSC::CTI::privateCompileSlowCases):
3789 (JSC::Machine::cti_op_instanceof):
3791 2008-09-23 Maciej Stachowiak <mjs@apple.com>
3793 Reviewed by Cameron Zwarich.
3795 - add forgotten slow case logic for !==
3798 (JSC::CTI::privateCompileSlowCases):
3800 2008-09-23 Maciej Stachowiak <mjs@apple.com>
3802 Reviewed by Cameron Zwarich.
3804 - inline the fast cases of !==, same as for ===
3806 2.9% speedup on EarleyBoyer benchmark
3809 (JSC::CTI::compileOpStrictEq): Factored stricteq codegen into this function,
3810 and parameterized so it can do the reverse version as well.
3811 (JSC::CTI::privateCompileMainPass): Use the above for stricteq and nstricteq.
3813 (JSC::CTI::): Declare above stuff.
3815 (JSC::Machine::cti_op_nstricteq): Removed fast cases, now handled inline.
3817 2008-09-23 Cameron Zwarich <cwzwarich@uwaterloo.ca>
3819 Reviewed by Oliver Hunt.
3821 Bug 20989: Aguments constructor should put 'callee' and 'length' properties in a more efficient way
3822 <https://bugs.webkit.org/show_bug.cgi?id=20989>
3824 Make special cases for the 'callee' and 'length' properties in the
3827 This is somewhere between a 7.8% speedup and a 10% speedup on the V8
3828 Raytrace benchmark, depending on whether it is run alone or with the
3829 other V8 benchmarks.
3831 * kjs/Arguments.cpp:
3832 (JSC::ArgumentsData::ArgumentsData):
3833 (JSC::Arguments::Arguments):
3834 (JSC::Arguments::mark):
3835 (JSC::Arguments::getOwnPropertySlot):
3836 (JSC::Arguments::put):
3837 (JSC::Arguments::deleteProperty):
3839 2008-09-23 Maciej Stachowiak <mjs@apple.com>
3843 - speed up instanceof some more
3844 https://bugs.webkit.org/show_bug.cgi?id=20818
3846 ~2% speedup on EarleyBoyer
3848 The idea here is to record in the StructureID whether the class
3849 needs a special hasInstance or if it can use the normal logic from
3852 Based on this I inlined the real work directly into
3853 cti_op_instanceof and put the fastest checks up front and the
3854 error handling at the end (so it should be fairly straightforward
3855 to split off the beginning to be inlined if desired).
3857 I only did this for CTI, not the bytecode interpreter.
3859 * API/JSCallbackObject.h:
3860 (JSC::JSCallbackObject::createStructureID):
3863 (JSC::Machine::cti_op_instanceof):
3864 * kjs/JSImmediate.h:
3865 (JSC::JSImmediate::isAnyImmediate):
3867 (JSC::TypeInfo::overridesHasInstance):
3868 (JSC::TypeInfo::flags):
3870 2008-09-22 Darin Adler <darin@apple.com>
3872 Reviewed by Sam Weinig.
3874 - https://bugs.webkit.org/show_bug.cgi?id=21019
3875 make FunctionBodyNode::ref/deref fast
3877 Speeds up v8-raytrace by 7.2%.
3880 (JSC::FunctionBodyNode::FunctionBodyNode): Initialize m_refCount to 0.
3882 (JSC::FunctionBodyNode::ref): Call base class ref once, and thereafter use
3884 (JSC::FunctionBodyNode::deref): Ditto, but the deref side.
3886 2008-09-22 Darin Adler <darin@apple.com>
3888 Pointed out by Sam Weinig.
3890 * kjs/Arguments.cpp:
3891 (JSC::Arguments::fillArgList): Fix bad copy and paste. Oops!
3893 2008-09-22 Darin Adler <darin@apple.com>
3895 Reviewed by Cameron Zwarich.
3897 - https://bugs.webkit.org/show_bug.cgi?id=20983
3898 ArgumentsData should have some room to allocate some extra arguments inline
3900 Speeds up v8-raytrace by 5%.
3902 * kjs/Arguments.cpp:
3903 (JSC::ArgumentsData::ArgumentsData): Use a fixed buffer if there are 4 or fewer
3905 (JSC::Arguments::Arguments): Use a fixed buffer if there are 4 or fewer
3907 (JSC::Arguments::~Arguments): Delete the buffer if necessary.
3908 (JSC::Arguments::mark): Update since extraArguments are now Register.
3909 (JSC::Arguments::fillArgList): Added special case for the only case that's
3910 actually used in the practice, when there are no parameters. There are some
3911 other special cases in there too, but that's the only one that matters.
3912 (JSC::Arguments::getOwnPropertySlot): Updated to use setValueSlot since there's
3913 no operation to get you at the JSValue* inside a Register as a "slot".
3915 2008-09-22 Sam Weinig <sam@webkit.org>
3917 Reviewed by Maciej Stachowiak.
3919 Patch for https://bugs.webkit.org/show_bug.cgi?id=21014
3920 Speed up for..in by using StructureID to avoid calls to hasProperty
3922 Speeds up fasta by 8%.
3924 * VM/JSPropertyNameIterator.cpp:
3925 (JSC::JSPropertyNameIterator::invalidate):
3926 * VM/JSPropertyNameIterator.h:
3927 (JSC::JSPropertyNameIterator::next):
3928 * kjs/PropertyNameArray.h:
3929 (JSC::PropertyNameArrayData::begin):
3930 (JSC::PropertyNameArrayData::end):
3931 (JSC::PropertyNameArrayData::setCachedStructureID):
3932 (JSC::PropertyNameArrayData::cachedStructureID):
3933 * kjs/StructureID.cpp:
3934 (JSC::StructureID::getEnumerablePropertyNames):
3935 (JSC::structureIDChainsAreEqual):
3936 * kjs/StructureID.h:
3938 2008-09-22 Kelvin Sherlock <ksherlock@gmail.com>
3940 Updated and tweaked by Sam Weinig.
3942 Reviewed by Geoffrey Garen.
3944 Bug 20020: Proposed enhancement to JavaScriptCore API
3945 <https://bugs.webkit.org/show_bug.cgi?id=20020>
3947 Add JSObjectMakeArray, JSObjectMakeDate, JSObjectMakeError, and JSObjectMakeRegExp
3948 functions to create JavaScript Array, Date, Error, and RegExp objects, respectively.
3950 * API/JSObjectRef.cpp: The functions
3951 * API/JSObjectRef.h: Function prototype and documentation
3952 * JavaScriptCore.exp: Added functions to exported function list
3953 * API/tests/testapi.c: Added basic functionality tests.
3955 * kjs/DateConstructor.cpp:
3956 Replaced static JSObject* constructDate(ExecState* exec, JSObject*, const ArgList& args)
3957 with JSObject* constructDate(ExecState* exec, const ArgList& args).
3958 Added static JSObject* constructWithDateConstructor(ExecState* exec, JSObject*, const ArgList& args) function
3960 * kjs/DateConstructor.h:
3961 added prototype for JSObject* constructDate(ExecState* exec, const ArgList& args)
3963 * kjs/ErrorConstructor.cpp:
3964 removed static qualifier from ErrorInstance* constructError(ExecState* exec, const ArgList& args)
3966 * kjs/ErrorConstructor.h:
3967 added prototype for ErrorInstance* constructError(ExecState* exec, const ArgList& args)
3969 * kjs/RegExpConstructor.cpp:
3970 removed static qualifier from JSObject* constructRegExp(ExecState* exec, const ArgList& args)
3972 * kjs/RegExpConstructor.h:
3973 added prototype for JSObject* constructRegExp(ExecState* exec, const ArgList& args)
3975 2008-09-22 Matt Lilek <webkit@mattlilek.com>
3977 Not reviewed, Windows build fix.
3979 * kjs/Arguments.cpp:
3980 * kjs/FunctionPrototype.cpp:
3982 2008-09-22 Sam Weinig <sam@webkit.org>
3984 Reviewed by Darin Adler.
3986 Patch for https://bugs.webkit.org/show_bug.cgi?id=20982
3987 Speed up the apply method of functions by special-casing array and 'arguments' objects
3989 1% speedup on v8-raytrace.
3991 Test: fast/js/function-apply.html
3993 * kjs/Arguments.cpp:
3994 (JSC::Arguments::fillArgList):
3996 * kjs/FunctionPrototype.cpp:
3997 (JSC::functionProtoFuncApply):
3999 (JSC::JSArray::fillArgList):
4002 2008-09-22 Darin Adler <darin@apple.com>
4004 Reviewed by Sam Weinig.
4006 - https://bugs.webkit.org/show_bug.cgi?id=20993
4007 Array.push/pop need optimized cases for JSArray
4009 3% or so speedup on DeltaBlue benchmark.
4011 * kjs/ArrayPrototype.cpp:
4012 (JSC::arrayProtoFuncPop): Call JSArray::pop when appropriate.
4013 (JSC::arrayProtoFuncPush): Call JSArray::push when appropriate.
4016 (JSC::JSArray::putSlowCase): Set m_fastAccessCutoff when appropriate, getting
4017 us into the fast code path.
4018 (JSC::JSArray::pop): Added.
4019 (JSC::JSArray::push): Added.
4020 * kjs/JSArray.h: Added push and pop.
4022 * kjs/operations.cpp:
4023 (JSC::throwOutOfMemoryError): Don't inline this. Helps us avoid PIC branches.
4025 2008-09-22 Maciej Stachowiak <mjs@apple.com>
4027 Reviewed by Cameron Zwarich.
4029 - speed up instanceof operator by replacing implementsHasInstance method with a TypeInfo flag
4031 Partial work towards <https://bugs.webkit.org/show_bug.cgi?id=20818>
4033 2.2% speedup on EarleyBoyer benchmark.
4035 * API/JSCallbackConstructor.cpp:
4036 * API/JSCallbackConstructor.h:
4037 (JSC::JSCallbackConstructor::createStructureID):
4038 * API/JSCallbackFunction.cpp:
4039 * API/JSCallbackFunction.h:
4040 (JSC::JSCallbackFunction::createStructureID):
4041 * API/JSCallbackObject.h:
4042 (JSC::JSCallbackObject::createStructureID):
4043 * API/JSCallbackObjectFunctions.h:
4044 (JSC::::hasInstance):
4045 * API/JSValueRef.cpp:
4046 (JSValueIsInstanceOfConstructor):
4047 * JavaScriptCore.exp:
4049 (JSC::Machine::privateExecute):
4050 (JSC::Machine::cti_op_instanceof):
4051 * kjs/InternalFunction.cpp:
4052 * kjs/InternalFunction.h:
4053 (JSC::InternalFunction::createStructureID):
4057 (JSC::TypeInfo::implementsHasInstance):
4059 2008-09-22 Maciej Stachowiak <mjs@apple.com>
4061 Reviewed by Dave Hyatt.
4063 Based on initial work by Darin Adler.
4065 - replace masqueradesAsUndefined virtual method with a flag in TypeInfo
4066 - use this to JIT inline code for eq_null and neq_null
4067 https://bugs.webkit.org/show_bug.cgi?id=20823
4069 0.5% speedup on SunSpider
4070 ~4% speedup on Richards benchmark
4073 (JSC::CTI::privateCompileMainPass):
4075 (JSC::jsTypeStringForValue):
4076 (JSC::jsIsObjectType):
4077 (JSC::Machine::privateExecute):
4078 (JSC::Machine::cti_op_is_undefined):
4082 * kjs/StringObjectThatMasqueradesAsUndefined.h:
4083 (JSC::StringObjectThatMasqueradesAsUndefined::create):
4084 (JSC::StringObjectThatMasqueradesAsUndefined::createStructureID):
4085 * kjs/StructureID.h:
4086 (JSC::StructureID::mutableTypeInfo):
4088 (JSC::TypeInfo::TypeInfo):
4089 (JSC::TypeInfo::masqueradesAsUndefined):
4090 * kjs/operations.cpp:
4092 * masm/X86Assembler.h:
4093 (JSC::X86Assembler::):
4094 (JSC::X86Assembler::setne_r):
4095 (JSC::X86Assembler::setnz_r):
4096 (JSC::X86Assembler::testl_i32m):
4098 2008-09-22 Tor Arne Vestbø <tavestbo@trolltech.com>
4102 Initialize QCoreApplication in kjs binary/Shell.cpp
4104 This allows us to use QCoreApplication::instance() to
4105 get the main thread in ThreadingQt.cpp
4109 * wtf/ThreadingQt.cpp:
4110 (WTF::initializeThreading):
4112 2008-09-21 Darin Adler <darin@apple.com>
4114 - blind attempt to fix non-all-in-one builds
4116 * kjs/JSGlobalObject.cpp: Added includes of Arguments.h and RegExpObject.h.
4118 2008-09-21 Darin Adler <darin@apple.com>
4122 * kjs/StructureID.cpp:
4123 (JSC::StructureID::addPropertyTransition): Use typeInfo().type() instead of m_type.
4124 (JSC::StructureID::createCachedPrototypeChain): Ditto.
4126 2008-09-21 Maciej Stachowiak <mjs@apple.com>
4128 Reviewed by Darin Adler.
4130 - introduce a TypeInfo class, for holding per-type (in the C++ class sense) date in StructureID
4131 https://bugs.webkit.org/show_bug.cgi?id=20981
4133 * JavaScriptCore.exp:
4134 * JavaScriptCore.xcodeproj/project.pbxproj:
4136 (JSC::CTI::privateCompileMainPass):
4137 (JSC::CTI::privateCompilePutByIdTransition):
4139 (JSC::jsIsObjectType):
4140 (JSC::Machine::Machine):
4141 * kjs/AllInOneFile.cpp:
4143 (JSC::JSCell::isObject):
4144 (JSC::JSCell::isString):
4145 * kjs/JSGlobalData.cpp:
4146 (JSC::JSGlobalData::JSGlobalData):
4147 * kjs/JSGlobalObject.cpp:
4148 (JSC::JSGlobalObject::reset):
4149 * kjs/JSGlobalObject.h:
4150 (JSC::StructureID::prototypeForLookup):
4151 * kjs/JSNumberCell.h:
4152 (JSC::JSNumberCell::createStructureID):
4154 (JSC::JSObject::createInheritorID):
4156 (JSC::JSObject::createStructureID):
4158 (JSC::JSString::createStructureID):
4159 * kjs/NativeErrorConstructor.cpp:
4160 (JSC::NativeErrorConstructor::NativeErrorConstructor):
4161 * kjs/RegExpConstructor.cpp:
4162 * kjs/RegExpMatchesArray.h: Added.
4163 (JSC::RegExpMatchesArray::getOwnPropertySlot):
4164 (JSC::RegExpMatchesArray::put):
4165 (JSC::RegExpMatchesArray::deleteProperty):
4166 (JSC::RegExpMatchesArray::getPropertyNames):
4167 * kjs/StructureID.cpp:
4168 (JSC::StructureID::StructureID):
4169 (JSC::StructureID::addPropertyTransition):
4170 (JSC::StructureID::toDictionaryTransition):
4171 (JSC::StructureID::changePrototypeTransition):
4172 (JSC::StructureID::getterSetterTransition):
4173 * kjs/StructureID.h:
4174 (JSC::StructureID::create):
4175 (JSC::StructureID::typeInfo):
4176 * kjs/TypeInfo.h: Added.
4177 (JSC::TypeInfo::TypeInfo):
4178 (JSC::TypeInfo::type):
4180 2008-09-21 Darin Adler <darin@apple.com>
4182 Reviewed by Cameron Zwarich.
4184 - fix crash logging into Gmail due to recent Arguments change
4186 * kjs/Arguments.cpp:
4187 (JSC::Arguments::Arguments): Fix window where mark() function could
4188 see d->extraArguments with uninitialized contents.
4189 (JSC::Arguments::mark): Check d->extraArguments for 0 to handle two
4190 cases: 1) Inside the constructor before it's initialized.
4191 2) numArguments <= numParameters.
4193 2008-09-21 Darin Adler <darin@apple.com>
4195 - fix loose end from the "duplicate constant values" patch
4197 * VM/CodeGenerator.cpp:
4198 (JSC::CodeGenerator::emitLoad): Add a special case for values the
4199 hash table can't handle.
4201 2008-09-21 Mark Rowe <mrowe@apple.com>
4203 Fix the non-AllInOneFile build.
4205 * kjs/Arguments.cpp: Add missing #include.
4207 2008-09-21 Darin Adler <darin@apple.com>
4209 Reviewed by Cameron Zwarich and Mark Rowe.
4211 - fix test failure caused by my recent IndexToNameMap patch
4213 * kjs/Arguments.cpp:
4214 (JSC::Arguments::deleteProperty): Added the accidentally-omitted
4215 check of the boolean result from toArrayIndex.
4217 2008-09-21 Darin Adler <darin@apple.com>
4219 Reviewed by Maciej Stachowiak.
4221 - https://bugs.webkit.org/show_bug.cgi?id=20975
4222 inline immediate-number case of ==
4224 * VM/CTI.h: Renamed emitJumpSlowCaseIfNotImm to
4225 emitJumpSlowCaseIfNotImmNum, since the old name was incorrect.
4227 * VM/CTI.cpp: Updated for new name.
4228 (JSC::CTI::privateCompileMainPass): Added op_eq.
4229 (JSC::CTI::privateCompileSlowCases): Added op_eq.
4232 (JSC::Machine::cti_op_eq): Removed fast case, since it's
git://git.webkit.org / WebKit.git / blob