2e4b5cba8934c833dcdb88b61ff93e110608f6a8
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2011-09-14  Sheriff Bot  <webkit.review.bot@gmail.com>
2
3         Unreviewed, rolling out r95145.
4         http://trac.webkit.org/changeset/95145
5         https://bugs.webkit.org/show_bug.cgi?id=68139
6
7         The GTK+ build is working now, so revert this trial build fix.
8         (Requested by mrobinson on #webkit).
9
10         * GNUmakefile.list.am:
11
12 2011-09-14  Patrick Gansterer  <paroga@webkit.org>
13
14         Port MachineStackMarker to Windows ARM and MIPS
15         https://bugs.webkit.org/show_bug.cgi?id=68068
16
17         Reviewed by Geoffrey Garen.
18
19         Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
20         Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
21         CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
22         CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
23
24         * heap/MachineStackMarker.cpp:
25         (JSC::getPlatformThreadRegisters):
26         (JSC::otherThreadStackPointer):
27
28 2011-09-12  Filip Pizlo  <fpizlo@apple.com>
29
30         DFG JIT always speculates that ValueAdd is a numeric addition
31         https://bugs.webkit.org/show_bug.cgi?id=67956
32
33         Reviewed by Geoffrey Garen.
34
35         * dfg/DFGJITCodeGenerator.cpp:
36         (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
37         * dfg/DFGJITCodeGenerator.h:
38         * dfg/DFGNonSpeculativeJIT.cpp:
39         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
40         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
41         * dfg/DFGOperations.cpp:
42         * dfg/DFGOperations.h:
43         * dfg/DFGSpeculativeJIT.cpp:
44         (JSC::DFG::SpeculativeJIT::compile):
45         * dfg/DFGSpeculativeJIT.h:
46         (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
47
48 2011-09-14  Anders Carlsson  <andersca@apple.com>
49
50         Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
51
52         * GNUmakefile.list.am:
53
54 2011-09-14  Anders Carlsson  <andersca@apple.com>
55
56         This is getting old. Yet another build fix attempt.
57
58         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
59
60 2011-09-14  Anders Carlsson  <andersca@apple.com>
61
62         Yet another build fix attempt.
63
64         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
65
66 2011-09-14  Anders Carlsson  <andersca@apple.com>
67
68         How I &quot;love&quot; Visual Studio...
69
70         Try to fix build again.
71
72         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
73
74 2011-09-14  Anders Carlsson  <andersca@apple.com>
75
76         Try to fix Windows build.
77
78         * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
79
80 2011-09-14  Anders Carlsson  <andersca@apple.com>
81
82         Add BinarySemaphore class from WebKit2 to WTF
83         https://bugs.webkit.org/show_bug.cgi?id=68132
84
85         Reviewed by Sam Weinig.
86
87         * GNUmakefile.list.am:
88         * JavaScriptCore.gypi:
89         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
90         * JavaScriptCore.xcodeproj/project.pbxproj:
91         * wtf/CMakeLists.txt:
92         Update build systems.
93
94         * wtf/threads: Added.
95         * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
96         * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
97         * wtf/threads/win: Added.
98         * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
99
100 2011-09-14  Filip Pizlo  <fpizlo@apple.com>
101
102         Unreviewed build fix for Interpreter.
103
104         * interpreter/Interpreter.cpp:
105         (JSC::Interpreter::privateExecute):
106
107 2011-09-14  Anders Carlsson  <andersca@apple.com>
108
109         Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
110         bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
111
112         Rubber-stamped by Sam Weinig.
113
114         * wtf/threads: Added.
115         * wtf/threads/win: Added.
116
117 2011-09-14  Filip Pizlo  <fpizlo@apple.com>
118
119         DFG JIT should not speculate integer if the value is always going to be
120         used as a double anyway
121         https://bugs.webkit.org/show_bug.cgi?id=68127
122
123         Reviewed by Oliver Hunt.
124         
125         Added a ValueToDouble node, which is a variant of ValueToNumber that
126         hints that it will only be used as a double and never as an integer.
127         Thus, it turns off integer speculation even if the value profiler
128         told us that the value source is an int. The logic for converting a
129         ValueToNumber into a ValueToDouble is found in Propagator.
130         
131         This appears to be a 22% speed-up in imaging-darkroom.
132
133         * dfg/DFGNode.h:
134         * dfg/DFGNonSpeculativeJIT.cpp:
135         (JSC::DFG::NonSpeculativeJIT::compile):
136         * dfg/DFGPropagator.cpp:
137         (JSC::DFG::Propagator::fixpoint):
138         (JSC::DFG::Propagator::toDouble):
139         (JSC::DFG::Propagator::fixupNode):
140         (JSC::DFG::Propagator::fixup):
141         * dfg/DFGSpeculativeJIT.cpp:
142         (JSC::DFG::SpeculativeJIT::compile):
143         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
144
145 2011-09-14  Filip Pizlo  <fpizlo@apple.com>
146
147         Tiered compilation heuristics do not account for value profile fullness
148         https://bugs.webkit.org/show_bug.cgi?id=68116
149
150         Reviewed by Oliver Hunt.
151         
152         Tiered compilation avoids invoking the DFG JIT if it finds that value
153         profiles contain insufficient information. Instead, it produces a
154         prediction from the current value profile, and then clears the value
155         profile. This allows the value profile to heat up from scratch for
156         some number of additional executions. The new profiles will then be
157         merged with the previous prediction. Once the amount of information
158         in predictions is enough according to heuristics in CodeBlock.cpp,
159         DFG optimization is allowed to proceed.
160
161         * CMakeLists.txt:
162         * GNUmakefile.list.am:
163         * JavaScriptCore.pro:
164         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
165         * JavaScriptCore.xcodeproj/project.pbxproj:
166         * bytecode/CodeBlock.cpp:
167         (JSC::CodeBlock::CodeBlock):
168         (JSC::CodeBlock::~CodeBlock):
169         (JSC::CodeBlock::visitAggregate):
170         (JSC::CodeBlock::visitWeakReferences):
171         (JSC::CodeBlock::shouldOptimizeNow):
172         (JSC::CodeBlock::dumpValueProfiles):
173         * bytecode/CodeBlock.h:
174         * bytecode/PredictedType.cpp:
175         (JSC::predictionToString):
176         * bytecode/PredictedType.h:
177         * bytecode/ValueProfile.cpp: Added.
178         (JSC::ValueProfile::computeStatistics):
179         (JSC::ValueProfile::computeUpdatedPrediction):
180         * bytecode/ValueProfile.h:
181         (JSC::ValueProfile::ValueProfile):
182         (JSC::ValueProfile::classInfo):
183         (JSC::ValueProfile::numberOfSamples):
184         (JSC::ValueProfile::totalNumberOfSamples):
185         (JSC::ValueProfile::isLive):
186         (JSC::ValueProfile::numberOfInt32s):
187         (JSC::ValueProfile::numberOfDoubles):
188         (JSC::ValueProfile::numberOfBooleans):
189         (JSC::ValueProfile::dump):
190         (JSC::getValueProfileBytecodeOffset):
191         * dfg/DFGByteCodeParser.cpp:
192         (JSC::DFG::ByteCodeParser::stronglyPredict):
193         * dfg/DFGGraph.cpp:
194         (JSC::DFG::Graph::predictArgumentTypes):
195         * dfg/DFGJITCompiler.cpp:
196         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
197         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
198         * jit/JIT.cpp:
199         (JSC::JIT::emitOptimizationCheck):
200         * jit/JITInlineMethods.h:
201         (JSC::JIT::emitValueProfilingSite):
202         * jit/JITStubs.cpp:
203         (JSC::DEFINE_STUB_FUNCTION):
204
205 2011-09-14  Filip Pizlo  <fpizlo@apple.com>
206
207         DFG should not speculate that the child of LogicalNot is a boolean if
208         predictions tell us otherwise
209         https://bugs.webkit.org/show_bug.cgi?id=68118
210
211         Reviewed by Geoffrey Garen.
212
213         * dfg/DFGJITCodeGenerator.cpp:
214         (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
215         * dfg/DFGJITCodeGenerator.h:
216         * dfg/DFGNonSpeculativeJIT.cpp:
217         (JSC::DFG::NonSpeculativeJIT::compile):
218         * dfg/DFGSpeculativeJIT.cpp:
219         (JSC::DFG::SpeculativeJIT::compile):
220
221 2011-09-14  Filip Pizlo  <fpizlo@apple.com>
222
223         Unreviewed build fix.  Turn off tiered compilation.
224
225         * wtf/Platform.h:
226
227 2011-09-13  Filip Pizlo  <fpizlo@apple.com>
228
229         Prediction tracking is not precise enough
230         https://bugs.webkit.org/show_bug.cgi?id=67993
231
232         Reviewed by Oliver Hunt.
233         
234         Added a richer set of type predictions, including JSFinalObject, JSString,
235         object that is not a JSFinalObject or JSArray (ObjectOther), some object
236         but we don't or care know what kind (SomeObject), definitely an object,
237         cell that is not an object or JSString, an value that is none of the above
238         (so either Undefined or Null). Made the propagator and value profiler work
239         with the new types.
240         
241         Performance is neutral, because the DFG JIT does not take advantage of this
242         new knowledge yet.
243         
244         In the process of writing predictionToString() (which is now considerably
245         more complex) I decided to finally add a BoundsCheckedPointer, which
246         should come in handy in other places, like at least the OSR scratch buffer
247         and the CompactJITCodeMap. It's great for cases where you want to
248         do pointer arithmetic, you want to have assertions about the
249         pointer not going out of bounds, but you don't want to write those
250         assertions yourself.
251         
252         This also required refactoring inherits(), since the ValueProfiler may
253         want to do the equivalent of inherits() but given two ClassInfo's.
254
255         * GNUmakefile.list.am:
256         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
257         * JavaScriptCore.xcodeproj/project.pbxproj:
258         * bytecode/PredictedType.cpp: Added.
259         (JSC::predictionToString):
260         (JSC::makePrediction):
261         (JSC::predictionFromValue):
262         * bytecode/PredictedType.h:
263         (JSC::isCellPrediction):
264         (JSC::isObjectPrediction):
265         (JSC::isFinalObjectPrediction):
266         (JSC::isStringPrediction):
267         (JSC::mergePredictions):
268         * bytecode/ValueProfile.h:
269         (JSC::ValueProfile::numberOfObjects):
270         (JSC::ValueProfile::numberOfFinalObjects):
271         (JSC::ValueProfile::numberOfStrings):
272         (JSC::ValueProfile::probabilityOfObject):
273         (JSC::ValueProfile::probabilityOfFinalObject):
274         (JSC::ValueProfile::probabilityOfString):
275         (JSC::ValueProfile::dump):
276         (JSC::ValueProfile::Statistics::Statistics):
277         (JSC::ValueProfile::computeStatistics):
278         * dfg/DFGByteCodeParser.cpp:
279         (JSC::DFG::ByteCodeParser::stronglyPredict):
280         * dfg/DFGGraph.cpp:
281         (JSC::DFG::Graph::dump):
282         (JSC::DFG::Graph::predictArgumentTypes):
283         * dfg/DFGNode.h:
284         (JSC::DFG::Node::predict):
285         * dfg/DFGPropagator.cpp:
286         (JSC::DFG::Propagator::propagateNode):
287         * runtime/ClassInfo.h:
288         (JSC::ClassInfo::isSubClassOf):
289         * runtime/JSObject.h:
290         (JSC::JSCell::inherits):
291         * wtf/BoundsCheckedPointer.h: Added.
292         (WTF::BoundsCheckedPointer::BoundsCheckedPointer):
293         (WTF::BoundsCheckedPointer::operator=):
294         (WTF::BoundsCheckedPointer::operator+=):
295         (WTF::BoundsCheckedPointer::operator-=):
296         (WTF::BoundsCheckedPointer::operator+):
297         (WTF::BoundsCheckedPointer::operator-):
298         (WTF::BoundsCheckedPointer::operator++):
299         (WTF::BoundsCheckedPointer::operator--):
300         (WTF::BoundsCheckedPointer::operator<):
301         (WTF::BoundsCheckedPointer::operator<=):
302         (WTF::BoundsCheckedPointer::operator>):
303         (WTF::BoundsCheckedPointer::operator>=):
304         (WTF::BoundsCheckedPointer::operator==):
305         (WTF::BoundsCheckedPointer::operator!=):
306         (WTF::BoundsCheckedPointer::operator!):
307         (WTF::BoundsCheckedPointer::get):
308         (WTF::BoundsCheckedPointer::operator*):
309         (WTF::BoundsCheckedPointer::operator[]):
310         (WTF::BoundsCheckedPointer::strcat):
311         (WTF::BoundsCheckedPointer::validate):
312         * wtf/CMakeLists.txt:
313
314 2011-09-14  Csaba Osztrogonác  <ossy@webkit.org>
315
316         [Qt] Win32 builds with threads turned off
317         https://bugs.webkit.org/show_bug.cgi?id=67864
318
319         Reviewed by Geoffrey Garen.
320
321         * JavaScriptCore.pri: Link pthread library on Windows platform.
322         * wtf/Platform.h: Enable multiple threads.
323
324 2011-09-14  Mark Hahnenberg  <mhahnenberg@apple.com>
325
326         Unzip initialization lists and constructors in JSCell hierarchy (6/7)
327         https://bugs.webkit.org/show_bug.cgi?id=67692
328
329         Reviewed by Geoffrey Garen.
330
331         Completed the sixth level of the refactoring to add finishCreation() 
332         methods to all classes within the JSCell hierarchy with non-trivial 
333         constructor bodies.
334
335         This primarily consists of pushing the calls to finishCreation() down 
336         into the constructors of the subclasses of the fifth level of the hierarchy 
337         as well as pulling the finishCreation() calls out into the class's corresponding
338         create() method if it has one.  Doing both simultaneously allows us to 
339         maintain the invariant that the finishCreation() method chain is called exactly 
340         once during the creation of an object, since calling it any other number of 
341         times (0, 2, or more) will cause an assertion failure.
342
343         * API/JSCallbackFunction.cpp:
344         (JSC::JSCallbackFunction::JSCallbackFunction):
345         * API/JSCallbackFunction.h:
346         (JSC::JSCallbackFunction::create):
347         * jsc.cpp:
348         (GlobalObject::create):
349         (GlobalObject::GlobalObject):
350         * runtime/ArrayConstructor.cpp:
351         (JSC::ArrayConstructor::ArrayConstructor):
352         * runtime/ArrayConstructor.h:
353         (JSC::ArrayConstructor::create):
354         * runtime/BooleanConstructor.cpp:
355         (JSC::BooleanConstructor::BooleanConstructor):
356         * runtime/BooleanConstructor.h:
357         (JSC::BooleanConstructor::create):
358         * runtime/BooleanPrototype.cpp:
359         (JSC::BooleanPrototype::BooleanPrototype):
360         * runtime/BooleanPrototype.h:
361         (JSC::BooleanPrototype::create):
362         * runtime/DateConstructor.cpp:
363         (JSC::DateConstructor::DateConstructor):
364         * runtime/DateConstructor.h:
365         (JSC::DateConstructor::create):
366         * runtime/DatePrototype.cpp:
367         (JSC::DatePrototype::DatePrototype):
368         * runtime/DatePrototype.h:
369         (JSC::DatePrototype::create):
370         * runtime/Error.cpp:
371         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
372         (JSC::StrictModeTypeErrorFunction::create):
373         * runtime/ErrorConstructor.cpp:
374         (JSC::ErrorConstructor::ErrorConstructor):
375         * runtime/ErrorConstructor.h:
376         (JSC::ErrorConstructor::create):
377         * runtime/FunctionConstructor.cpp:
378         (JSC::FunctionConstructor::FunctionConstructor):
379         * runtime/FunctionConstructor.h:
380         (JSC::FunctionConstructor::create):
381         * runtime/FunctionPrototype.cpp:
382         (JSC::FunctionPrototype::FunctionPrototype):
383         * runtime/FunctionPrototype.h:
384         (JSC::FunctionPrototype::create):
385         * runtime/NativeErrorConstructor.cpp:
386         (JSC::NativeErrorConstructor::NativeErrorConstructor):
387         * runtime/NativeErrorConstructor.h:
388         (JSC::NativeErrorConstructor::create):
389         * runtime/NativeErrorPrototype.cpp:
390         (JSC::NativeErrorPrototype::NativeErrorPrototype):
391         (JSC::NativeErrorPrototype::finishCreation):
392         * runtime/NativeErrorPrototype.h:
393         (JSC::NativeErrorPrototype::create):
394         * runtime/NumberConstructor.cpp:
395         (JSC::NumberConstructor::NumberConstructor):
396         * runtime/NumberConstructor.h:
397         (JSC::NumberConstructor::create):
398         * runtime/NumberPrototype.cpp:
399         (JSC::NumberPrototype::NumberPrototype):
400         * runtime/NumberPrototype.h:
401         (JSC::NumberPrototype::create):
402         * runtime/ObjectConstructor.cpp:
403         (JSC::ObjectConstructor::ObjectConstructor):
404         * runtime/ObjectConstructor.h:
405         (JSC::ObjectConstructor::create):
406         * runtime/RegExpConstructor.cpp:
407         (JSC::RegExpConstructor::RegExpConstructor):
408         * runtime/RegExpConstructor.h:
409         (JSC::RegExpConstructor::create):
410         * runtime/RegExpPrototype.cpp:
411         (JSC::RegExpPrototype::RegExpPrototype):
412         * runtime/RegExpPrototype.h:
413         (JSC::RegExpPrototype::create):
414         * runtime/StringConstructor.cpp:
415         (JSC::StringConstructor::StringConstructor):
416         * runtime/StringConstructor.h:
417         (JSC::StringConstructor::create):
418         * runtime/StringObjectThatMasqueradesAsUndefined.h:
419         (JSC::StringObjectThatMasqueradesAsUndefined::create):
420         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
421         * runtime/StringPrototype.cpp:
422         (JSC::StringPrototype::StringPrototype):
423         * runtime/StringPrototype.h:
424         (JSC::StringPrototype::create):
425
426 2011-09-13  Eric Seidel  <eric@webkit.org>
427
428         Remove ENABLE_SVG_USE as <use> is required by HTML5
429         https://bugs.webkit.org/show_bug.cgi?id=68019
430
431         Reviewed by Ryosuke Niwa.
432
433         * Configurations/FeatureDefines.xcconfig:
434
435 2011-09-14  Iain Merrick  <husky@google.com>
436
437         HashTraits.h should include template specialization for WTF::String
438         https://bugs.webkit.org/show_bug.cgi?id=67851
439
440         Ensure that the template specialization for HashTraits<String> is always
441         picked up. (Previously it was possible to include HashSet and String but
442         not the correct HashTraits, so you would get an inefficient template
443         instantiation.)
444
445         Reviewed by Darin Adler.
446
447         * wtf/HashTraits.h:
448         * wtf/text/StringHash.h:
449
450 2011-09-13  Filip Pizlo  <fpizlo@apple.com>
451
452         SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
453         return false if either node can be double
454         https://bugs.webkit.org/show_bug.cgi?id=67985
455
456         Reviewed by Geoffrey Garen.
457         
458         This is a 17% speed-up on 3d-cube.
459         
460         This required allowing us to check if a constant is double but not
461         integer, and making the shouldSpeculateInteger() check test for
462         any hints of doubly-ness in its operands. This also required
463         changing some terminology: previously "isDouble" often meant
464         "isDouble or isInt32".  Now "isDouble" means exactly what the name
465         suggests, and "isNumber" means "isDouble or isInt32".
466
467         * dfg/DFGByteCodeParser.cpp:
468         (JSC::DFG::ByteCodeParser::toNumber):
469         (JSC::DFG::ByteCodeParser::parseBlock):
470         * dfg/DFGGenerationInfo.h:
471         (JSC::DFG::isJSFormat):
472         (JSC::DFG::isJSInteger):
473         (JSC::DFG::isJSDouble):
474         (JSC::DFG::isJSCell):
475         (JSC::DFG::isJSBoolean):
476         (JSC::DFG::GenerationInfo::isJSFormat):
477         (JSC::DFG::GenerationInfo::isJSInteger):
478         (JSC::DFG::GenerationInfo::isJSDouble):
479         (JSC::DFG::GenerationInfo::isJSCell):
480         (JSC::DFG::GenerationInfo::isJSBoolean):
481         * dfg/DFGGraph.h:
482         (JSC::DFG::Graph::isNumberConstant):
483         (JSC::DFG::Graph::valueOfNumberConstant):
484         * dfg/DFGJITCodeGenerator.cpp:
485         (JSC::DFG::JITCodeGenerator::fillInteger):
486         (JSC::DFG::JITCodeGenerator::fillDouble):
487         (JSC::DFG::JITCodeGenerator::fillJSValue):
488         (JSC::DFG::JITCodeGenerator::isKnownInteger):
489         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
490         (JSC::DFG::JITCodeGenerator::isKnownCell):
491         (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
492         (JSC::DFG::JITCodeGenerator::isKnownBoolean):
493         * dfg/DFGJITCodeGenerator.h:
494         (JSC::DFG::JITCodeGenerator::silentFillFPR):
495         (JSC::DFG::JITCodeGenerator::isNumberConstant):
496         (JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
497         (JSC::DFG::JITCodeGenerator::initConstantInfo):
498         * dfg/DFGJITCompiler.cpp:
499         (JSC::DFG::JITCompiler::fillNumericToDouble):
500         (JSC::DFG::JITCompiler::fillToJS):
501         * dfg/DFGJITCompiler.h:
502         (JSC::DFG::JITCompiler::isNumberConstant):
503         (JSC::DFG::JITCompiler::valueOfNumberConstant):
504         * dfg/DFGNode.h:
505         (JSC::DFG::Node::isDoubleConstant):
506         (JSC::DFG::Node::isNumberConstant):
507         (JSC::DFG::Node::valueOfNumberConstant):
508         (JSC::DFG::Node::hasNumberResult):
509         * dfg/DFGNonSpeculativeJIT.cpp:
510         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
511         (JSC::DFG::NonSpeculativeJIT::compile):
512         * dfg/DFGSpeculativeJIT.cpp:
513         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
514         * dfg/DFGSpeculativeJIT.h:
515         (JSC::DFG::SpeculativeJIT::isInteger):
516         (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
517         (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
518         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
519
520 2011-09-13  Anders Carlsson  <andersca@apple.com>
521
522         Disable C++ exceptions when building with clang
523         https://bugs.webkit.org/show_bug.cgi?id=68031
524         <rdar://problem/9556880>
525
526         Reviewed by Mark Rowe.
527
528         * Configurations/Base.xcconfig:
529
530 2011-09-13  Eric Seidel  <eric@webkit.org>
531
532         Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
533         https://bugs.webkit.org/show_bug.cgi?id=68018
534
535         Reviewed by Ryosuke Niwa.
536
537         * Configurations/FeatureDefines.xcconfig:
538
539 2011-09-13  Sam Weinig  <sam@webkit.org>
540
541         Object.getPrototypeOf should use JSValue::get()
542         https://bugs.webkit.org/show_bug.cgi?id=67973
543
544         Reviewed by Darin Adler.
545
546         * runtime/ObjectConstructor.cpp:
547         (JSC::objectConstructorGetPrototypeOf):
548         Pipe through JSValue::get() to allow overrides.
549
550 2011-09-12  Filip Pizlo  <fpizlo@apple.com>
551
552         JavaScriptCore does not have baseline->speculative OSR
553         https://bugs.webkit.org/show_bug.cgi?id=67920
554
555         Reviewed by Oliver Hunt.
556         
557         This adds the ability to on-stack-replace (OSR) from code that is
558         running hot in the old JIT to code compiled by the new JIT.  This
559         ensures that long-running loops benefit from DFG optimization.
560         It also ensures that if code experiences a speculation failure
561         in DFG code, it has an opportunity to reenter the DFG once every
562         1,000 loop iterations or so.
563         
564         This results in a 2.88x speed-up on Kraken/imaging-desaturate,
565         and is a pure win on the main three benchmark suites (SunSpider,
566         V8, Kraken), when tiered compilation is enabled.
567
568         * JavaScriptCore.xcodeproj/project.pbxproj:
569         * bytecode/CodeBlock.cpp:
570         (JSC::CodeBlock::dump):
571         (JSC::CodeBlock::CodeBlock):
572         (JSC::ProgramCodeBlock::compileOptimized):
573         (JSC::EvalCodeBlock::compileOptimized):
574         (JSC::FunctionCodeBlock::compileOptimized):
575         * bytecode/CodeBlock.h:
576         * bytecode/Opcode.h:
577         * bytecode/PredictedType.h: Added.
578         (JSC::isCellPrediction):
579         (JSC::isArrayPrediction):
580         (JSC::isInt32Prediction):
581         (JSC::isDoublePrediction):
582         (JSC::isNumberPrediction):
583         (JSC::isBooleanPrediction):
584         (JSC::isStrongPrediction):
585         (JSC::predictionToString):
586         (JSC::mergePredictions):
587         (JSC::mergePrediction):
588         (JSC::makePrediction):
589         * bytecode/PredictionTracker.h: Added.
590         (JSC::operandIsArgument):
591         (JSC::PredictionSlot::PredictionSlot):
592         (JSC::PredictionTracker::PredictionTracker):
593         (JSC::PredictionTracker::initializeSimilarTo):
594         (JSC::PredictionTracker::copyLocalsFrom):
595         (JSC::PredictionTracker::numberOfArguments):
596         (JSC::PredictionTracker::numberOfVariables):
597         (JSC::PredictionTracker::argumentIndexForOperand):
598         (JSC::PredictionTracker::predictArgument):
599         (JSC::PredictionTracker::predict):
600         (JSC::PredictionTracker::predictGlobalVar):
601         (JSC::PredictionTracker::getArgumentPrediction):
602         (JSC::PredictionTracker::getPrediction):
603         (JSC::PredictionTracker::getGlobalVarPrediction):
604         * bytecompiler/BytecodeGenerator.cpp:
605         (JSC::BytecodeGenerator::emitLoopHint):
606         * bytecompiler/BytecodeGenerator.h:
607         * bytecompiler/NodesCodegen.cpp:
608         (JSC::DoWhileNode::emitBytecode):
609         (JSC::WhileNode::emitBytecode):
610         (JSC::ForNode::emitBytecode):
611         (JSC::ForInNode::emitBytecode):
612         * dfg/DFGByteCodeParser.cpp:
613         (JSC::DFG::ByteCodeParser::parseBlock):
614         * dfg/DFGCapabilities.h:
615         (JSC::DFG::canCompileOpcode):
616         * dfg/DFGDriver.cpp:
617         (JSC::DFG::compile):
618         * dfg/DFGGraph.cpp:
619         (JSC::DFG::Graph::dump):
620         * dfg/DFGGraph.h:
621         (JSC::DFG::BasicBlock::BasicBlock):
622         (JSC::DFG::Graph::predict):
623         (JSC::DFG::Graph::getPrediction):
624         * dfg/DFGJITCompiler.cpp:
625         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
626         (JSC::DFG::JITCompiler::compileEntry):
627         (JSC::DFG::JITCompiler::compileBody):
628         * dfg/DFGJITCompiler.h:
629         (JSC::DFG::JITCompiler::noticeOSREntry):
630         * dfg/DFGNode.h:
631         * dfg/DFGOSREntry.cpp: Added.
632         (JSC::DFG::predictionIsValid):
633         (JSC::DFG::prepareOSREntry):
634         * dfg/DFGOSREntry.h: Added.
635         (JSC::DFG::prepareOSREntry):
636         * dfg/DFGPredictionTracker.h: Removed.
637         * dfg/DFGPropagator.cpp:
638         (JSC::DFG::Propagator::mergeUse):
639         (JSC::DFG::Propagator::mergePrediction):
640         * dfg/DFGSpeculativeJIT.cpp:
641         (JSC::DFG::SpeculativeJIT::compile):
642         * jit/CompactJITCodeMap.h:
643         (JSC::CompactJITCodeMap::numberOfEntries):
644         (JSC::CompactJITCodeMap::decode):
645         (JSC::CompactJITCodeMap::Decoder::Decoder):
646         (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
647         (JSC::CompactJITCodeMap::Decoder::read):
648         * jit/JIT.cpp:
649         (JSC::JIT::emitOptimizationCheck):
650         (JSC::JIT::emitTimeoutCheck):
651         (JSC::JIT::privateCompileMainPass):
652         * jit/JIT.h:
653         (JSC::JIT::emit_op_loop_hint):
654         * jit/JITStubs.cpp:
655         (JSC::DEFINE_STUB_FUNCTION):
656         * runtime/Executable.cpp:
657         (JSC::EvalExecutable::compileInternal):
658         (JSC::ProgramExecutable::compileInternal):
659         (JSC::FunctionExecutable::compileForCallInternal):
660         (JSC::FunctionExecutable::compileForConstructInternal):
661
662 2011-09-12  Sam Weinig  <sam@webkit.org>
663
664         Don't allow setting __proto__ to be a getter or setter
665         https://bugs.webkit.org/show_bug.cgi?id=67982
666
667         Reviewed by Gavin Barraclough.
668
669         * runtime/JSObject.cpp:
670         (JSC::JSObject::defineGetter):
671         (JSC::JSObject::defineSetter):
672         Disallow setting a getter or setter on __proto__.
673
674 2011-09-12  James Robinson  <jamesr@chromium.org>
675
676         Unreviewed build fix for chromium.
677
678         Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
679         is currently only compiled in by ports that use JavaScriptCore.  This code is currently unreachable in builds so
680         no change in functionality.
681
682         * yarr/YarrInterpreter.cpp:
683         (JSC::Yarr::Interpreter::CharAccess::CharAccess):
684
685 2011-09-09  Filip Pizlo  <fpizlo@apple.com>
686
687         JavaScriptCore does not have speculative->baseline OSR
688         https://bugs.webkit.org/show_bug.cgi?id=67826
689
690         Reviewed by Oliver Hunt.
691         
692         This adds the ability to bail out of DFG speculative JIT execution by
693         performing an on-stack replacement (OSR) that results in the control
694         flow going to the equivalent code generated by the old JIT.
695         
696         This required a number of new features, as well as taking advantage of
697         some features that happened to already be present:
698         
699         We already had a policy of storing the bytecode index for which a DFG
700         node was generated inside the DFG::Node class. This was previously
701         called exceptionInfo. It's now renamed to codeOrigin to reflect that
702         it's used for more than just excpetions. OSR uses this to figure out
703         which bytecode index to use to look up the machine code location in
704         the code generated by the old JIT that we should be jumping to.
705         
706         CodeBlock now stores a mapping between bytecode indices and machine
707         code offsets for code generated by the old JIT. This is implemented
708         by CompactJITCodeMap, which tries to compress this data a bit.  The
709         OSR compiler decodes this and uses it to find the machine code
710         locations it should be jumping to.
711         
712         We already had a mechanism that emitted SetLocal nodes in the DFG graph
713         that told us the time at which the old JIT would have stored something
714         into its register file, and the DFG::Node that corresponds to the value
715         that it would have stored. These SetLocal's were mostly dead-code-
716         eliminated, but our DCE leaves the nodes intact except for making them
717         have 0 as the ref count. This allows the OSR compiler to construct a
718         mapping between the state as it would have been seen by the old JIT
719         and the state as the DFG JIT sees it. The OSR compiler uses this to
720         generate code that reshapes the call frame so that it is like what the
721         old JIT would expect.
722         
723         Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
724         we no longer emit the non-speculative path.
725
726         * JavaScriptCore.xcodeproj/project.pbxproj:
727         * bytecode/CodeBlock.h:
728         * dfg/DFGByteCodeParser.cpp:
729         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
730         (JSC::DFG::ByteCodeParser::addToGraph):
731         * dfg/DFGGPRInfo.h:
732         * dfg/DFGGenerationInfo.h:
733         (JSC::DFG::GenerationInfo::alive):
734         * dfg/DFGGraph.cpp:
735         (JSC::DFG::Graph::dump):
736         * dfg/DFGJITCodeGenerator.cpp:
737         (JSC::DFG::JITCodeGenerator::emitCall):
738         * dfg/DFGJITCodeGenerator.h:
739         (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
740         * dfg/DFGJITCompiler.cpp:
741         (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
742         (JSC::DFG::JITCompiler::linkOSRExits):
743         (JSC::DFG::JITCompiler::compileBody):
744         (JSC::DFG::JITCompiler::link):
745         * dfg/DFGJITCompiler.h:
746         (JSC::DFG::CallRecord::CallRecord):
747         (JSC::DFG::JITCompiler::notifyCall):
748         (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
749         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
750         (JSC::DFG::JITCompiler::addJSCall):
751         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
752         * dfg/DFGNode.h:
753         (JSC::DFG::CodeOrigin::CodeOrigin):
754         (JSC::DFG::CodeOrigin::isSet):
755         (JSC::DFG::CodeOrigin::bytecodeIndex):
756         (JSC::DFG::Node::Node):
757         (JSC::DFG::Node::child1Unchecked):
758         * dfg/DFGNonSpeculativeJIT.cpp:
759         (JSC::DFG::NonSpeculativeJIT::compile):
760         * dfg/DFGSpeculativeJIT.cpp:
761         (JSC::DFG::ValueSource::dump):
762         (JSC::DFG::ValueRecovery::dump):
763         (JSC::DFG::OSRExit::OSRExit):
764         (JSC::DFG::SpeculativeJIT::compile):
765         (JSC::DFG::SpeculativeJIT::compileMovHint):
766         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
767         * dfg/DFGSpeculativeJIT.h:
768         (JSC::DFG::ValueSource::ValueSource):
769         (JSC::DFG::ValueSource::isSet):
770         (JSC::DFG::ValueSource::nodeIndex):
771         (JSC::DFG::ValueRecovery::ValueRecovery):
772         (JSC::DFG::ValueRecovery::alreadyInRegisterFile):
773         (JSC::DFG::ValueRecovery::inGPR):
774         (JSC::DFG::ValueRecovery::inFPR):
775         (JSC::DFG::ValueRecovery::displacedInRegisterFile):
776         (JSC::DFG::ValueRecovery::constant):
777         (JSC::DFG::ValueRecovery::technique):
778         (JSC::DFG::ValueRecovery::gpr):
779         (JSC::DFG::ValueRecovery::fpr):
780         (JSC::DFG::ValueRecovery::virtualRegister):
781         (JSC::DFG::OSRExit::numberOfRecoveries):
782         (JSC::DFG::OSRExit::valueRecovery):
783         (JSC::DFG::OSRExit::isArgument):
784         (JSC::DFG::OSRExit::argumentForIndex):
785         (JSC::DFG::OSRExit::variableForIndex):
786         (JSC::DFG::OSRExit::operandForIndex):
787         (JSC::DFG::SpeculativeJIT::osrExits):
788         (JSC::DFG::SpeculativeJIT::speculationCheck):
789         (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
790         (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
791         (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
792         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
793         (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
794         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
795         * jit/CompactJITCodeMap.h: Added.
796         (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
797         (JSC::BytecodeAndMachineOffset::getBytecodeIndex):
798         (JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
799         (JSC::CompactJITCodeMap::~CompactJITCodeMap):
800         (JSC::CompactJITCodeMap::decode):
801         (JSC::CompactJITCodeMap::CompactJITCodeMap):
802         (JSC::CompactJITCodeMap::at):
803         (JSC::CompactJITCodeMap::decodeNumber):
804         (JSC::CompactJITCodeMap::Encoder::Encoder):
805         (JSC::CompactJITCodeMap::Encoder::~Encoder):
806         (JSC::CompactJITCodeMap::Encoder::append):
807         (JSC::CompactJITCodeMap::Encoder::finish):
808         (JSC::CompactJITCodeMap::Encoder::appendByte):
809         (JSC::CompactJITCodeMap::Encoder::encodeNumber):
810         (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
811         * jit/JIT.cpp:
812         (JSC::JIT::privateCompileMainPass):
813         (JSC::JIT::privateCompile):
814         * jit/JIT.h:
815         * runtime/JSGlobalData.cpp:
816         (JSC::JSGlobalData::JSGlobalData):
817         (JSC::JSGlobalData::~JSGlobalData):
818         * runtime/JSGlobalData.h:
819         (JSC::JSGlobalData::osrScratchBufferForSize):
820         * runtime/JSValue.cpp:
821         (JSC::JSValue::description):
822
823 2011-09-12  Geoffrey Garen  <ggaren@apple.com>
824
825         Re-enabled ENABLE(LAZY_BLOCK_FREEING).
826         
827         Reviewed by Stephanie Lewis.
828
829         I accidentally disabled this in r94890, causing a big performance regression.
830
831         * wtf/Platform.h:
832
833 2011-09-12  Michael Saboff  <msaboff@apple.com>
834
835         Broken Build for ARM - lshift32() needs TrustedImm32 arg
836         https://bugs.webkit.org/show_bug.cgi?id=67965
837
838         Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
839
840         Reviewed by Anders Carlsson.
841
842         * assembler/MacroAssemblerARM.h:
843         (JSC::MacroAssemblerARM::branch16):
844
845 2011-09-12  Michael Saboff  <msaboff@apple.com>
846
847         Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
848         https://bugs.webkit.org/show_bug.cgi?id=67961
849
850         Added missing semicolon.
851
852         Reviewed by Ryosuke Niwa.
853
854         * assembler/MacroAssemblerARM.h:
855         (JSC::MacroAssemblerARM::branch16):
856
857 2011-09-12  Michael Saboff  <msaboff@apple.com>
858
859         Update RegExp and related classes to use 8 bit strings when available
860         https://bugs.webkit.org/show_bug.cgi?id=67337
861
862         Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
863         The code paths are triggered by the UString::is8bit() method which currently
864         returns false.  Implemented JIT changes for all current architectures.
865         Tested X86_64 and ARM v7.
866
867         This includes some code that will likely change as we complete the
868         8 bit string changes.  This includes the way the raw buffer pointers
869         are accessed as well as replacing the CharAccess class with a
870         string interator returned from UString.
871
872         Fixed build breakage in testRegExp.cpp due to globalObject construction
873         changes.
874
875         Reviewed by Gavin Barraclough.
876
877         * JavaScriptCore.exp:
878         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
879         * testRegExp.cpp:
880         (GlobalObject::finishCreation):
881         (GlobalObject::GlobalObject):
882         * assembler/ARMAssembler.cpp:
883         (JSC::ARMAssembler::baseIndexTransfer32):
884         * assembler/ARMAssembler.h:
885         * assembler/ARMv7Assembler.h:
886         (JSC::ARMv7Assembler::ubfx):
887         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
888         * assembler/MacroAssemblerARM.h:
889         (JSC::MacroAssemblerARM::load8):
890         (JSC::MacroAssemblerARM::branch8):
891         (JSC::MacroAssemblerARM::branch16):
892         * assembler/MacroAssemblerARMv7.h:
893         (JSC::MacroAssemblerARMv7::load8):
894         (JSC::MacroAssemblerARMv7::branch16):
895         (JSC::MacroAssemblerARMv7::branch8):
896         * assembler/MacroAssemblerMIPS.h:
897         (JSC::MacroAssemblerMIPS::load8):
898         (JSC::MacroAssemblerMIPS::branch8):
899         (JSC::MacroAssemblerMIPS::branch16):
900         * assembler/MacroAssemblerSH4.h:
901         (JSC::MacroAssemblerSH4::load8):
902         (JSC::MacroAssemblerSH4::branch8):
903         (JSC::MacroAssemblerSH4::branch16):
904         * assembler/MacroAssemblerX86Common.h:
905         (JSC::MacroAssemblerX86Common::load8):
906         (JSC::MacroAssemblerX86Common::branch16):
907         (JSC::MacroAssemblerX86Common::branch8):
908         * assembler/SH4Assembler.h:
909         (JSC::SH4Assembler::extub):
910         (JSC::SH4Assembler::printInstr):
911         * assembler/X86Assembler.h:
912         (JSC::X86Assembler::cmpw_ir):
913         (JSC::X86Assembler::movzbl_mr):
914         * runtime/RegExp.cpp:
915         (JSC::RegExp::compile):
916         (JSC::RegExp::compileIfNecessary):
917         (JSC::RegExp::match):
918         (JSC::RegExp::matchCompareWithInterpreter):
919         * runtime/RegExp.h:
920         * runtime/UString.h:
921         (JSC::UString::is8Bit):
922         * yarr/Yarr.h:
923         * yarr/YarrInterpreter.cpp:
924         (JSC::Yarr::Interpreter::CharAccess::CharAccess):
925         (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
926         (JSC::Yarr::Interpreter::CharAccess::operator[]):
927         (JSC::Yarr::Interpreter::InputStream::InputStream):
928         (JSC::Yarr::Interpreter::Interpreter):
929         (JSC::Yarr::interpret):
930         * yarr/YarrJIT.cpp:
931         (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
932         (JSC::Yarr::YarrGenerator::readCharacter):
933         (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
934         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
935         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
936         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
937         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
938         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
939         (JSC::Yarr::YarrGenerator::YarrGenerator):
940         (JSC::Yarr::YarrGenerator::compile):
941         (JSC::Yarr::jitCompile):
942         (JSC::Yarr::execute):
943         * yarr/YarrJIT.h:
944         (JSC::Yarr::YarrCodeBlock::has8BitCode):
945         (JSC::Yarr::YarrCodeBlock::has16BitCode):
946         (JSC::Yarr::YarrCodeBlock::set8BitCode):
947         (JSC::Yarr::YarrCodeBlock::set16BitCode):
948         (JSC::Yarr::YarrCodeBlock::execute):
949         * yarr/YarrParser.h:
950         (JSC::Yarr::Parser::Parser):
951
952 2011-09-12  Andras Becsi  <andras.becsi@nokia.com>
953
954         [Qt] Build fails after r94920 with strict compiler
955         https://bugs.webkit.org/show_bug.cgi?id=67928
956
957         Reviewed by Csaba Osztrogonác.
958
959         * wtf/RedBlackTree.h:
960         (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
961
962 2011-09-12  Patrick Gansterer  <paroga@webkit.org>
963
964         Unreviewed build fix after r94871.
965
966         * runtime/InitializeThreading.cpp:
967         (JSC::initializeThreadingOnce):
968         * wtf/FastMalloc.cpp:
969         * wtf/RefCountedLeakCounter.h:
970
971 2011-09-11  Filip Pizlo  <fpizlo@apple.com>
972
973         DFGNode.h has macros that indicate the enabling of a feature, but
974         they do not use the ENABLE() idiom.
975         https://bugs.webkit.org/show_bug.cgi?id=67907
976
977         Reviewed by Oliver Hunt.
978
979         * dfg/DFGByteCodeParser.cpp:
980         (JSC::DFG::ByteCodeParser::stronglyPredict):
981         (JSC::DFG::ByteCodeParser::parse):
982         * dfg/DFGGraph.cpp:
983         (JSC::DFG::Graph::predictArgumentTypes):
984         * dfg/DFGJITCodeGenerator.cpp:
985         * dfg/DFGJITCodeGenerator.h:
986         * dfg/DFGJITCompiler.cpp:
987         (JSC::DFG::JITCompiler::fillInt32ToInteger):
988         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
989         (JSC::DFG::JITCompiler::compileBody):
990         (JSC::DFG::JITCompiler::link):
991         * dfg/DFGJITCompiler.h:
992         * dfg/DFGNode.h:
993         * dfg/DFGNonSpeculativeJIT.cpp:
994         (JSC::DFG::NonSpeculativeJIT::compile):
995         * dfg/DFGOperations.cpp:
996         * dfg/DFGOperations.h:
997         * dfg/DFGPropagator.cpp:
998         (JSC::DFG::Propagator::fixpoint):
999         (JSC::DFG::Propagator::propagateNode):
1000         (JSC::DFG::Propagator::propagateForward):
1001         (JSC::DFG::Propagator::propagateBackward):
1002         (JSC::DFG::propagate):
1003         * dfg/DFGScoreBoard.h:
1004         * dfg/DFGSpeculativeJIT.cpp:
1005         (JSC::DFG::SpeculativeJIT::compile):
1006         * dfg/DFGSpeculativeJIT.h:
1007         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1008         * jit/JIT.cpp:
1009         (JSC::JIT::privateCompile):
1010
1011 2011-09-11  Fumitoshi Ukai  <ukai@chromium.org>
1012
1013         Unreviewed build fix for chromium/mac & clang.
1014
1015         Fix the macro redefinition error by r94927, because chromium set
1016         ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
1017         it is not PLATFORM(QT).
1018          ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
1019          #define ENABLE_JSC_MULTIPLE_THREADS 1
1020          <command line>:43:9: note: previous definition is here
1021          #define ENABLE_JSC_MULTIPLE_THREADS 0
1022          1 error generated.
1023
1024         * wtf/Platform.h:
1025
1026 2011-09-11  Sam Weinig  <sam@webkit.org>
1027
1028         Remove JSCell::isPropertyNameIterator(), it is unused
1029         https://bugs.webkit.org/show_bug.cgi?id=67911
1030
1031         Reviewed by Oliver Hunt.
1032
1033         * runtime/JSCell.h:
1034         * runtime/JSPropertyNameIterator.h:
1035
1036 2011-09-11  Sam Weinig  <sam@webkit.org>
1037
1038         De-virtualize JSCell::isAPIValueWrapper
1039         https://bugs.webkit.org/show_bug.cgi?id=67909
1040
1041         Reviewed by Oliver Hunt.
1042
1043         * runtime/JSAPIValueWrapper.h:
1044         (JSC::JSAPIValueWrapper::createStructure):
1045         Set the correct type on structure creation.
1046
1047         * runtime/JSCell.h:
1048         Remove virtual keyword and default implementation.
1049
1050         * runtime/JSType.h:
1051         Add type for APIValueWrapper. It must come after CompoundType since
1052         the APIValueWrapper has children in need of marking.
1053
1054         * runtime/Structure.h:
1055         (JSC::JSCell::isAPIValueWrapper):
1056         Implement predicate using type info.
1057
1058 2011-09-10  Sam Weinig  <sam@webkit.org>
1059
1060         De-virtualize JSCell::isGetterSetter, type information is available for it
1061         https://bugs.webkit.org/show_bug.cgi?id=67902
1062
1063         Reviewed by Dan Bernstein.
1064
1065         * runtime/GetterSetter.cpp:
1066         * runtime/GetterSetter.h:
1067         Remove override of isGetterSetter.
1068
1069         * runtime/JSCell.cpp:
1070         * runtime/JSCell.h:
1071         De-virtualize and remove silly base implementation.
1072
1073         * runtime/Structure.h:
1074         (JSC::JSCell::isGetterSetter):
1075         Use type info to determine getter-setter-hood.
1076
1077 2011-09-09  Oliver Hunt  <oliver@apple.com>
1078
1079         Remove support for anonymous storage from jsobjects
1080         https://bugs.webkit.org/show_bug.cgi?id=67881
1081
1082         Reviewed by Sam Weinig.
1083
1084         Remove all use of anonymous slots, essentially a mechanical change
1085         in JavaScriptCore
1086
1087         * API/JSCallbackConstructor.h:
1088         (JSC::JSCallbackConstructor::createStructure):
1089         * API/JSCallbackFunction.h:
1090         (JSC::JSCallbackFunction::createStructure):
1091         * API/JSCallbackObject.h:
1092         (JSC::JSCallbackObject::createStructure):
1093         * JavaScriptCore.exp:
1094         * debugger/DebuggerActivation.h:
1095         (JSC::DebuggerActivation::createStructure):
1096         * heap/MarkStack.cpp:
1097         (JSC::MarkStack::validateValue):
1098         * heap/MarkStack.h:
1099         * runtime/Arguments.h:
1100         (JSC::Arguments::createStructure):
1101         * runtime/ArrayConstructor.h:
1102         (JSC::ArrayConstructor::createStructure):
1103         * runtime/ArrayPrototype.cpp:
1104         (JSC::ArrayPrototype::finishCreation):
1105         * runtime/ArrayPrototype.h:
1106         (JSC::ArrayPrototype::createStructure):
1107         * runtime/BooleanObject.h:
1108         (JSC::BooleanObject::createStructure):
1109         * runtime/BooleanPrototype.cpp:
1110         (JSC::BooleanPrototype::BooleanPrototype):
1111         * runtime/BooleanPrototype.h:
1112         (JSC::BooleanPrototype::createStructure):
1113         * runtime/DateConstructor.h:
1114         (JSC::DateConstructor::createStructure):
1115         * runtime/DateInstance.h:
1116         (JSC::DateInstance::createStructure):
1117         * runtime/DatePrototype.cpp:
1118         (JSC::DatePrototype::DatePrototype):
1119         * runtime/DatePrototype.h:
1120         (JSC::DatePrototype::createStructure):
1121         * runtime/ErrorInstance.h:
1122         (JSC::ErrorInstance::createStructure):
1123         * runtime/ErrorPrototype.cpp:
1124         (JSC::ErrorPrototype::finishCreation):
1125         * runtime/ErrorPrototype.h:
1126         (JSC::ErrorPrototype::createStructure):
1127         * runtime/ExceptionHelpers.h:
1128         (JSC::InterruptedExecutionError::createStructure):
1129         (JSC::TerminatedExecutionError::createStructure):
1130         * runtime/Executable.h:
1131         (JSC::ExecutableBase::createStructure):
1132         (JSC::NativeExecutable::createStructure):
1133         (JSC::EvalExecutable::createStructure):
1134         (JSC::ProgramExecutable::createStructure):
1135         (JSC::FunctionExecutable::createStructure):
1136         * runtime/FunctionPrototype.h:
1137         (JSC::FunctionPrototype::createStructure):
1138         * runtime/GetterSetter.h:
1139         (JSC::GetterSetter::createStructure):
1140         * runtime/InternalFunction.h:
1141         (JSC::InternalFunction::createStructure):
1142         * runtime/JSAPIValueWrapper.h:
1143         (JSC::JSAPIValueWrapper::createStructure):
1144         * runtime/JSActivation.h:
1145         (JSC::JSActivation::createStructure):
1146         * runtime/JSArray.h:
1147         (JSC::JSArray::createStructure):
1148         * runtime/JSByteArray.cpp:
1149         (JSC::JSByteArray::createStructure):
1150         * runtime/JSCell.h:
1151         * runtime/JSFunction.h:
1152         (JSC::JSFunction::createStructure):
1153         * runtime/JSGlobalObject.h:
1154         (JSC::JSGlobalObject::finishCreation):
1155         (JSC::JSGlobalObject::createStructure):
1156         * runtime/JSNotAnObject.h:
1157         (JSC::JSNotAnObject::createStructure):
1158         * runtime/JSONObject.h:
1159         (JSC::JSONObject::createStructure):
1160         * runtime/JSObject.h:
1161         (JSC::JSObject::createStructure):
1162         (JSC::JSNonFinalObject::createStructure):
1163         (JSC::JSFinalObject::createStructure):
1164         * runtime/JSPropertyNameIterator.cpp:
1165         (JSC::JSPropertyNameIterator::create):
1166         * runtime/JSPropertyNameIterator.h:
1167         (JSC::JSPropertyNameIterator::createStructure):
1168         * runtime/JSStaticScopeObject.h:
1169         (JSC::JSStaticScopeObject::createStructure):
1170         * runtime/JSString.h:
1171         (JSC::RopeBuilder::createStructure):
1172         * runtime/JSVariableObject.h:
1173         (JSC::JSVariableObject::createStructure):
1174         * runtime/JSWrapperObject.h:
1175         (JSC::JSWrapperObject::createStructure):
1176         * runtime/MathObject.h:
1177         (JSC::MathObject::createStructure):
1178         * runtime/NativeErrorConstructor.h:
1179         (JSC::NativeErrorConstructor::createStructure):
1180         * runtime/NumberConstructor.h:
1181         (JSC::NumberConstructor::createStructure):
1182         * runtime/NumberObject.h:
1183         (JSC::NumberObject::createStructure):
1184         * runtime/NumberPrototype.cpp:
1185         (JSC::NumberPrototype::NumberPrototype):
1186         * runtime/NumberPrototype.h:
1187         (JSC::NumberPrototype::createStructure):
1188         * runtime/ObjectConstructor.h:
1189         (JSC::ObjectConstructor::createStructure):
1190         * runtime/ObjectPrototype.cpp:
1191         (JSC::ObjectPrototype::finishCreation):
1192         * runtime/ObjectPrototype.h:
1193         (JSC::ObjectPrototype::createStructure):
1194         * runtime/RegExp.h:
1195         (JSC::RegExp::createStructure):
1196         * runtime/RegExpConstructor.h:
1197         (JSC::RegExpConstructor::createStructure):
1198         * runtime/RegExpObject.h:
1199         (JSC::RegExpObject::createStructure):
1200         * runtime/RegExpPrototype.h:
1201         (JSC::RegExpPrototype::createStructure):
1202         * runtime/ScopeChain.h:
1203         (JSC::ScopeChainNode::createStructure):
1204         * runtime/StrictEvalActivation.h:
1205         (JSC::StrictEvalActivation::createStructure):
1206         * runtime/StringConstructor.h:
1207         (JSC::StringConstructor::createStructure):
1208         * runtime/StringObject.h:
1209         (JSC::StringObject::createStructure):
1210         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1211         (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
1212         * runtime/StringPrototype.cpp:
1213         (JSC::StringPrototype::StringPrototype):
1214         * runtime/StringPrototype.h:
1215         (JSC::StringPrototype::createStructure):
1216         * runtime/Structure.cpp:
1217         (JSC::Structure::Structure):
1218         (JSC::Structure::materializePropertyMap):
1219         (JSC::Structure::addPropertyTransitionToExistingStructure):
1220         (JSC::Structure::addPropertyTransition):
1221         (JSC::Structure::removePropertyTransition):
1222         (JSC::Structure::changePrototypeTransition):
1223         (JSC::Structure::despecifyFunctionTransition):
1224         (JSC::Structure::getterSetterTransition):
1225         (JSC::Structure::toDictionaryTransition):
1226         (JSC::Structure::preventExtensionsTransition):
1227         (JSC::Structure::flattenDictionaryStructure):
1228         (JSC::Structure::addPropertyWithoutTransition):
1229         (JSC::Structure::removePropertyWithoutTransition):
1230         (JSC::Structure::get):
1231         (JSC::Structure::putSpecificValue):
1232         (JSC::Structure::remove):
1233         (JSC::Structure::checkConsistency):
1234         * runtime/Structure.h:
1235         (JSC::Structure::create):
1236         (JSC::Structure::propertyStorageSize):
1237         (JSC::Structure::get):
1238         * runtime/StructureChain.h:
1239         (JSC::StructureChain::createStructure):
1240
1241 2011-09-11  Jarred Nicholls  <jarred@sencha.com>
1242
1243         [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
1244         https://bugs.webkit.org/show_bug.cgi?id=67864
1245         
1246         Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
1247
1248         Reviewed by Csaba Osztrogonác.
1249
1250         * wtf/Platform.h:
1251
1252 2011-09-11  Filip Pizlo  <fpizlo@apple.com>
1253
1254         ARM and MIPS assemblers still refer to executable pools.
1255         https://bugs.webkit.org/show_bug.cgi?id=67903
1256
1257         Reviewed by Csaba Osztrogonác.
1258
1259         * assembler/ARMAssembler.cpp:
1260         (JSC::ARMAssembler::executableCopy):
1261         * assembler/ARMAssembler.h:
1262         * assembler/AssemblerBufferWithConstantPool.h:
1263         * assembler/MIPSAssembler.h:
1264         (JSC::MIPSAssembler::executableCopy):
1265
1266 2011-09-08  Filip Pizlo  <fpizlo@apple.com>
1267
1268         The executable allocator makes it difficult to free individual
1269         chunks of executable memory
1270         https://bugs.webkit.org/show_bug.cgi?id=66363
1271
1272         Reviewed by Oliver Hunt.
1273         
1274         Introduced a best-fit, balanced-tree based allocator. The allocator
1275         required a balanced tree that does not allocate memory and that
1276         permits the removal of individual nodes directly (as opposed to by
1277         key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
1278         Changed all references to executable code to use a reference counted
1279         handle.
1280
1281         * GNUmakefile.list.am:
1282         * JavaScriptCore.exp:
1283         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
1284         * JavaScriptCore.xcodeproj/project.pbxproj:
1285         * assembler/AssemblerBuffer.h:
1286         (JSC::AssemblerBuffer::executableCopy):
1287         * assembler/LinkBuffer.h:
1288         (JSC::LinkBuffer::LinkBuffer):
1289         (JSC::LinkBuffer::finalizeCode):
1290         (JSC::LinkBuffer::linkCode):
1291         * assembler/MacroAssemblerCodeRef.h:
1292         (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
1293         (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
1294         (JSC::MacroAssemblerCodeRef::executableMemory):
1295         (JSC::MacroAssemblerCodeRef::code):
1296         (JSC::MacroAssemblerCodeRef::size):
1297         (JSC::MacroAssemblerCodeRef::operator!):
1298         * assembler/X86Assembler.h:
1299         (JSC::X86Assembler::executableCopy):
1300         (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
1301         * bytecode/CodeBlock.h:
1302         * bytecode/Instruction.h:
1303         * bytecode/StructureStubInfo.h:
1304         * dfg/DFGJITCompiler.cpp:
1305         (JSC::DFG::JITCompiler::compile):
1306         (JSC::DFG::JITCompiler::compileFunction):
1307         * dfg/DFGRepatch.cpp:
1308         (JSC::DFG::generateProtoChainAccessStub):
1309         (JSC::DFG::tryCacheGetByID):
1310         (JSC::DFG::tryBuildGetByIDList):
1311         (JSC::DFG::tryBuildGetByIDProtoList):
1312         (JSC::DFG::tryCachePutByID):
1313         * jit/ExecutableAllocator.cpp:
1314         (JSC::ExecutableAllocator::initializeAllocator):
1315         (JSC::ExecutableAllocator::ExecutableAllocator):
1316         (JSC::ExecutableAllocator::allocate):
1317         (JSC::ExecutableAllocator::committedByteCount):
1318         (JSC::ExecutableAllocator::dumpProfile):
1319         * jit/ExecutableAllocator.h:
1320         (JSC::ExecutableAllocator::dumpProfile):
1321         * jit/ExecutableAllocatorFixedVMPool.cpp:
1322         (JSC::ExecutableAllocator::initializeAllocator):
1323         (JSC::ExecutableAllocator::ExecutableAllocator):
1324         (JSC::ExecutableAllocator::isValid):
1325         (JSC::ExecutableAllocator::underMemoryPressure):
1326         (JSC::ExecutableAllocator::allocate):
1327         (JSC::ExecutableAllocator::committedByteCount):
1328         (JSC::ExecutableAllocator::dumpProfile):
1329         * jit/JIT.cpp:
1330         (JSC::JIT::privateCompile):
1331         * jit/JIT.h:
1332         (JSC::JIT::compileCTIMachineTrampolines):
1333         (JSC::JIT::compileCTINativeCall):
1334         * jit/JITCode.h:
1335         (JSC::JITCode::operator !):
1336         (JSC::JITCode::addressForCall):
1337         (JSC::JITCode::offsetOf):
1338         (JSC::JITCode::execute):
1339         (JSC::JITCode::start):
1340         (JSC::JITCode::size):
1341         (JSC::JITCode::getExecutableMemory):
1342         (JSC::JITCode::HostFunction):
1343         (JSC::JITCode::JITCode):
1344         * jit/JITOpcodes.cpp:
1345         (JSC::JIT::privateCompileCTIMachineTrampolines):
1346         (JSC::JIT::privateCompileCTINativeCall):
1347         * jit/JITOpcodes32_64.cpp:
1348         (JSC::JIT::privateCompileCTIMachineTrampolines):
1349         (JSC::JIT::privateCompileCTINativeCall):
1350         * jit/JITPropertyAccess.cpp:
1351         (JSC::JIT::stringGetByValStubGenerator):
1352         (JSC::JIT::emitSlow_op_get_by_val):
1353         (JSC::JIT::privateCompilePutByIdTransition):
1354         (JSC::JIT::privateCompilePatchGetArrayLength):
1355         (JSC::JIT::privateCompileGetByIdProto):
1356         (JSC::JIT::privateCompileGetByIdSelfList):
1357         (JSC::JIT::privateCompileGetByIdProtoList):
1358         (JSC::JIT::privateCompileGetByIdChainList):
1359         (JSC::JIT::privateCompileGetByIdChain):
1360         * jit/JITPropertyAccess32_64.cpp:
1361         (JSC::JIT::stringGetByValStubGenerator):
1362         (JSC::JIT::emitSlow_op_get_by_val):
1363         (JSC::JIT::privateCompilePutByIdTransition):
1364         (JSC::JIT::privateCompilePatchGetArrayLength):
1365         (JSC::JIT::privateCompileGetByIdProto):
1366         (JSC::JIT::privateCompileGetByIdSelfList):
1367         (JSC::JIT::privateCompileGetByIdProtoList):
1368         (JSC::JIT::privateCompileGetByIdChainList):
1369         (JSC::JIT::privateCompileGetByIdChain):
1370         * jit/JITStubs.cpp:
1371         (JSC::JITThunks::JITThunks):
1372         (JSC::DEFINE_STUB_FUNCTION):
1373         (JSC::getPolymorphicAccessStructureListSlot):
1374         (JSC::JITThunks::ctiStub):
1375         (JSC::JITThunks::hostFunctionStub):
1376         * jit/JITStubs.h:
1377         * jit/SpecializedThunkJIT.h:
1378         (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
1379         (JSC::SpecializedThunkJIT::finalize):
1380         * jit/ThunkGenerators.cpp:
1381         (JSC::charCodeAtThunkGenerator):
1382         (JSC::charAtThunkGenerator):
1383         (JSC::fromCharCodeThunkGenerator):
1384         (JSC::sqrtThunkGenerator):
1385         (JSC::floorThunkGenerator):
1386         (JSC::ceilThunkGenerator):
1387         (JSC::roundThunkGenerator):
1388         (JSC::expThunkGenerator):
1389         (JSC::logThunkGenerator):
1390         (JSC::absThunkGenerator):
1391         (JSC::powThunkGenerator):
1392         * jit/ThunkGenerators.h:
1393         * runtime/Executable.h:
1394         (JSC::NativeExecutable::create):
1395         * runtime/InitializeThreading.cpp:
1396         (JSC::initializeThreadingOnce):
1397         * runtime/JSGlobalData.cpp:
1398         (JSC::JSGlobalData::JSGlobalData):
1399         (JSC::JSGlobalData::dumpSampleData):
1400         * runtime/JSGlobalData.h:
1401         (JSC::JSGlobalData::getCTIStub):
1402         * wtf/CMakeLists.txt:
1403         * wtf/MetaAllocator.cpp: Added.
1404         (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
1405         (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
1406         (WTF::MetaAllocatorHandle::shrink):
1407         (WTF::MetaAllocator::MetaAllocator):
1408         (WTF::MetaAllocator::allocate):
1409         (WTF::MetaAllocator::currentStatistics):
1410         (WTF::MetaAllocator::findAndRemoveFreeSpace):
1411         (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
1412         (WTF::MetaAllocator::addFreshFreeSpace):
1413         (WTF::MetaAllocator::debugFreeSpaceSize):
1414         (WTF::MetaAllocator::addFreeSpace):
1415         (WTF::MetaAllocator::incrementPageOccupancy):
1416         (WTF::MetaAllocator::decrementPageOccupancy):
1417         (WTF::MetaAllocator::roundUp):
1418         (WTF::MetaAllocator::allocFreeSpaceNode):
1419         (WTF::MetaAllocator::freeFreeSpaceNode):
1420         (WTF::MetaAllocator::dumpProfile):
1421         * wtf/MetaAllocator.h: Added.
1422         (WTF::MetaAllocator::bytesAllocated):
1423         (WTF::MetaAllocator::bytesReserved):
1424         (WTF::MetaAllocator::bytesCommitted):
1425         (WTF::MetaAllocator::dumpProfile):
1426         (WTF::MetaAllocator::~MetaAllocator):
1427         * wtf/MetaAllocatorHandle.h: Added.
1428         * wtf/RedBlackTree.h: Added.
1429         (WTF::RedBlackTree::Node::Node):
1430         (WTF::RedBlackTree::Node::successor):
1431         (WTF::RedBlackTree::Node::predecessor):
1432         (WTF::RedBlackTree::Node::reset):
1433         (WTF::RedBlackTree::Node::parent):
1434         (WTF::RedBlackTree::Node::setParent):
1435         (WTF::RedBlackTree::Node::left):
1436         (WTF::RedBlackTree::Node::setLeft):
1437         (WTF::RedBlackTree::Node::right):
1438         (WTF::RedBlackTree::Node::setRight):
1439         (WTF::RedBlackTree::Node::color):
1440         (WTF::RedBlackTree::Node::setColor):
1441         (WTF::RedBlackTree::RedBlackTree):
1442         (WTF::RedBlackTree::insert):
1443         (WTF::RedBlackTree::remove):
1444         (WTF::RedBlackTree::findExact):
1445         (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
1446         (WTF::RedBlackTree::findGreatestLessThanOrEqual):
1447         (WTF::RedBlackTree::first):
1448         (WTF::RedBlackTree::last):
1449         (WTF::RedBlackTree::size):
1450         (WTF::RedBlackTree::isEmpty):
1451         (WTF::RedBlackTree::treeMinimum):
1452         (WTF::RedBlackTree::treeMaximum):
1453         (WTF::RedBlackTree::treeInsert):
1454         (WTF::RedBlackTree::leftRotate):
1455         (WTF::RedBlackTree::rightRotate):
1456         (WTF::RedBlackTree::removeFixup):
1457         * wtf/wtf.pri:
1458         * yarr/YarrJIT.cpp:
1459         (JSC::Yarr::YarrGenerator::compile):
1460         * yarr/YarrJIT.h:
1461         (JSC::Yarr::YarrCodeBlock::execute):
1462         (JSC::Yarr::YarrCodeBlock::getAddr):
1463
1464 2011-09-10  Sam Weinig  <sam@webkit.org>
1465
1466         Remove JSC::isZombie() function, it did nothing and was called by no-one.
1467         https://bugs.webkit.org/show_bug.cgi?id=67901
1468
1469         Reviewed by Andy Estes.
1470
1471         * JavaScriptCore.exp:
1472         * runtime/JSCell.cpp:
1473         * runtime/JSValue.h:
1474
1475 2011-09-10  Sam Weinig  <sam@webkit.org>
1476
1477         Add isInterruptedExecutionException and isTerminatedExecutionException predicates
1478         https://bugs.webkit.org/show_bug.cgi?id=67892
1479
1480         Reviewed by Andy "First Time Reviewer" Estes.
1481
1482         * JavaScriptCore.exp:
1483         Add symbols.
1484
1485         * interpreter/Interpreter.cpp:
1486         (JSC::Interpreter::throwException):
1487         Use new predicates.
1488
1489         * runtime/ExceptionHelpers.cpp:
1490         (JSC::createInterruptedExecutionException):
1491         (JSC::isInterruptedExecutionException):
1492         (JSC::createTerminatedExecutionException):
1493         (JSC::isTerminatedExecutionException):
1494         * runtime/ExceptionHelpers.h:
1495         (JSC::InterruptedExecutionError::InterruptedExecutionError):
1496         Add predicates.
1497
1498 2011-09-10  Filip Pizlo  <fpizlo@apple.com>
1499
1500         DFG JIT completely undoes speculative compilation even in the case of
1501         a partial static speculation failure
1502         https://bugs.webkit.org/show_bug.cgi?id=67798
1503
1504         Reviewed by Geoffrey Garen.
1505         
1506         This is a regression with static speculation, so it is turned off by
1507         default.  But it is a necessary prerequisite for further work on
1508         dynamic speculation.
1509
1510         * dfg/DFGJITCodeGenerator.cpp:
1511         (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
1512         * dfg/DFGJITCodeGenerator.h:
1513         * dfg/DFGSpeculativeJIT.cpp:
1514         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
1515         (JSC::DFG::SpeculativeJIT::compile):
1516         * dfg/DFGSpeculativeJIT.h:
1517         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1518
1519 2011-09-09  Chris Marrin  <cmarrin@apple.com>
1520
1521         requestAnimationFrame doesn't throttle on Mac
1522         https://bugs.webkit.org/show_bug.cgi?id=67171
1523
1524         Reviewed by Simon Fraser.
1525
1526         Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
1527         requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
1528         Currently only enabled for PLATFORM(MAC)
1529
1530         * wtf/Platform.h:
1531
1532 2011-09-09  Geoffrey Garen  <ggaren@apple.com>
1533
1534         Reviewed by Dan Bernstein.
1535
1536         Removed ENABLE(SINGLE_THREADED) support, since it is always false
1537         https://bugs.webkit.org/show_bug.cgi?id=67862
1538
1539         Next step toward making the baseline platform assumption that threads exist.
1540
1541         * wtf/wtf.pri:
1542         * JavaScriptCore.gypi:
1543         * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
1544         ThreadingNone.cpp, which was only compiled in single-threaded mode.
1545
1546         * wtf/Platform.h:
1547         * wtf/ThreadSpecific.h:
1548         (WTF::::destroy):
1549         * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
1550
1551         * wtf/ThreadingNone.cpp: Removed.
1552
1553 2011-09-09  Mark Hahnenberg  <mhahnenberg@apple.com>
1554
1555         Unzip initialization lists and constructors in JSCell hierarchy (5/7)
1556         https://bugs.webkit.org/show_bug.cgi?id=67420
1557
1558         Reviewed by Geoffrey Garen.
1559
1560         Completed the fifth level of the refactoring to add finishCreation() 
1561         methods to all classes within the JSCell hierarchy with non-trivial 
1562         constructor bodies.
1563
1564         This primarily consists of pushing the calls to finishCreation() down 
1565         into the constructors of the subclasses of the second level of the hierarchy 
1566         as well as pulling the finishCreation() calls out into the class's corresponding
1567         create() method if it has one.  Doing both simultaneously allows us to 
1568         maintain the invariant that the finishCreation() method chain is called exactly 
1569         once during the creation of an object, since calling it any other number of 
1570         times (0, 2, or more) will cause an assertion failure.
1571
1572         * API/JSCallbackConstructor.cpp:
1573         (JSC::JSCallbackConstructor::JSCallbackConstructor):
1574         * API/JSCallbackConstructor.h:
1575         (JSC::JSCallbackConstructor::create):
1576         * API/JSCallbackFunction.cpp:
1577         (JSC::JSCallbackFunction::JSCallbackFunction):
1578         (JSC::JSCallbackFunction::finishCreation):
1579         * API/JSCallbackFunction.h:
1580         * API/JSCallbackObject.h:
1581         * API/JSCallbackObjectFunctions.h:
1582         (JSC::::JSCallbackObject):
1583         (JSC::::finishCreation):
1584         * JavaScriptCore.exp:
1585         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1586         * debugger/DebuggerActivation.cpp:
1587         * debugger/DebuggerActivation.h:
1588         (JSC::DebuggerActivation::create):
1589         * jsc.cpp:
1590         (GlobalObject::finishCreation):
1591         (GlobalObject::GlobalObject):
1592         * runtime/ArrayConstructor.cpp:
1593         (JSC::ArrayConstructor::ArrayConstructor):
1594         (JSC::ArrayConstructor::finishCreation):
1595         * runtime/ArrayConstructor.h:
1596         * runtime/ArrayPrototype.cpp:
1597         (JSC::ArrayPrototype::ArrayPrototype):
1598         * runtime/ArrayPrototype.h:
1599         (JSC::ArrayPrototype::create):
1600         * runtime/BooleanConstructor.cpp:
1601         (JSC::BooleanConstructor::BooleanConstructor):
1602         (JSC::BooleanConstructor::finishCreation):
1603         * runtime/BooleanConstructor.h:
1604         * runtime/BooleanObject.cpp:
1605         (JSC::BooleanObject::BooleanObject):
1606         * runtime/BooleanObject.h:
1607         (JSC::BooleanObject::create):
1608         * runtime/BooleanPrototype.cpp:
1609         (JSC::BooleanPrototype::BooleanPrototype):
1610         (JSC::BooleanPrototype::finishCreation):
1611         * runtime/BooleanPrototype.h:
1612         * runtime/DateConstructor.cpp:
1613         (JSC::DateConstructor::DateConstructor):
1614         (JSC::DateConstructor::finishCreation):
1615         * runtime/DateConstructor.h:
1616         * runtime/DateInstance.cpp:
1617         (JSC::DateInstance::DateInstance):
1618         * runtime/DateInstance.h:
1619         (JSC::DateInstance::create):
1620         * runtime/DatePrototype.cpp:
1621         (JSC::DatePrototype::DatePrototype):
1622         (JSC::DatePrototype::finishCreation):
1623         * runtime/DatePrototype.h:
1624         * runtime/Error.cpp:
1625         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
1626         * runtime/ErrorConstructor.cpp:
1627         (JSC::ErrorConstructor::ErrorConstructor):
1628         (JSC::ErrorConstructor::finishCreation):
1629         * runtime/ErrorConstructor.h:
1630         * runtime/ErrorPrototype.cpp:
1631         (JSC::ErrorPrototype::ErrorPrototype):
1632         * runtime/ErrorPrototype.h:
1633         (JSC::ErrorPrototype::create):
1634         * runtime/FunctionConstructor.cpp:
1635         (JSC::FunctionConstructor::FunctionConstructor):
1636         (JSC::FunctionConstructor::finishCreation):
1637         * runtime/FunctionConstructor.h:
1638         * runtime/FunctionPrototype.cpp:
1639         (JSC::FunctionPrototype::FunctionPrototype):
1640         (JSC::FunctionPrototype::finishCreation):
1641         * runtime/FunctionPrototype.h:
1642         * runtime/InternalFunction.cpp:
1643         (JSC::InternalFunction::InternalFunction):
1644         * runtime/InternalFunction.h:
1645         * runtime/JSActivation.cpp:
1646         (JSC::JSActivation::JSActivation):
1647         * runtime/JSActivation.h:
1648         (JSC::JSActivation::create):
1649         * runtime/JSGlobalObject.h:
1650         (JSC::JSGlobalObject::create):
1651         (JSC::JSGlobalObject::JSGlobalObject):
1652         * runtime/JSONObject.cpp:
1653         (JSC::JSONObject::JSONObject):
1654         * runtime/JSONObject.h:
1655         (JSC::JSONObject::create):
1656         * runtime/JSStaticScopeObject.h:
1657         (JSC::JSStaticScopeObject::create):
1658         (JSC::JSStaticScopeObject::JSStaticScopeObject):
1659         * runtime/JSString.cpp:
1660         (JSC::StringObject::create):
1661         * runtime/MathObject.cpp:
1662         (JSC::MathObject::MathObject):
1663         * runtime/MathObject.h:
1664         (JSC::MathObject::create):
1665         * runtime/NativeErrorConstructor.cpp:
1666         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1667         * runtime/NativeErrorConstructor.h:
1668         (JSC::NativeErrorConstructor::finishCreation):
1669         * runtime/NativeErrorPrototype.cpp:
1670         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1671         (JSC::NativeErrorPrototype::finishCreation):
1672         * runtime/NativeErrorPrototype.h:
1673         * runtime/NumberConstructor.cpp:
1674         (JSC::NumberConstructor::NumberConstructor):
1675         (JSC::NumberConstructor::finishCreation):
1676         * runtime/NumberConstructor.h:
1677         * runtime/NumberObject.cpp:
1678         (JSC::NumberObject::NumberObject):
1679         * runtime/NumberObject.h:
1680         (JSC::NumberObject::create):
1681         * runtime/NumberPrototype.cpp:
1682         (JSC::NumberPrototype::NumberPrototype):
1683         (JSC::NumberPrototype::finishCreation):
1684         * runtime/NumberPrototype.h:
1685         * runtime/ObjectConstructor.cpp:
1686         (JSC::ObjectConstructor::ObjectConstructor):
1687         (JSC::ObjectConstructor::finishCreation):
1688         * runtime/ObjectConstructor.h:
1689         * runtime/RegExpConstructor.cpp:
1690         (JSC::RegExpConstructor::RegExpConstructor):
1691         (JSC::RegExpConstructor::finishCreation):
1692         (JSC::RegExpMatchesArray::RegExpMatchesArray):
1693         * runtime/RegExpConstructor.h:
1694         * runtime/RegExpMatchesArray.h:
1695         (JSC::RegExpMatchesArray::create):
1696         * runtime/RegExpObject.cpp:
1697         (JSC::RegExpObject::RegExpObject):
1698         * runtime/RegExpObject.h:
1699         (JSC::RegExpObject::create):
1700         * runtime/RegExpPrototype.cpp:
1701         (JSC::RegExpPrototype::RegExpPrototype):
1702         * runtime/StringConstructor.cpp:
1703         (JSC::StringConstructor::StringConstructor):
1704         (JSC::StringConstructor::finishCreation):
1705         * runtime/StringConstructor.h:
1706         * runtime/StringObject.cpp:
1707         (JSC::StringObject::StringObject):
1708         * runtime/StringObject.h:
1709         (JSC::StringObject::create):
1710         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1711         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
1712         * runtime/StringPrototype.cpp:
1713         (JSC::StringPrototype::StringPrototype):
1714         (JSC::StringPrototype::finishCreation):
1715         * runtime/StringPrototype.h:
1716
1717 2011-09-09  Geoffrey Garen  <ggaren@apple.com>
1718
1719         Build fix: Guard against double-#define for something already #defined
1720         by the build system.
1721
1722         * wtf/Platform.h:
1723
1724 2011-09-09  Geoffrey Garen  <ggaren@apple.com>
1725
1726         Reviewed by Dan Bernstein.
1727
1728         Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
1729         !ENABLE_WTF_MULTIPLE_THREADS
1730         https://bugs.webkit.org/show_bug.cgi?id=67860
1731
1732         First step toward making the baseline platform assumption that threads
1733         exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
1734         or !ENABLE_WTF_MULTIPLE_THREADS.
1735
1736         * wtf/Platform.h:
1737
1738 2011-09-09  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
1739
1740         [Qt] Remove common.pri
1741         https://bugs.webkit.org/show_bug.cgi?id=67814
1742
1743         Reviewed by Andreas Kling.
1744
1745         * JavaScriptCore.pri:
1746
1747 2011-09-08  Mark Hahnenberg  <mhahnenberg@apple.com>
1748
1749         REGRESSION(r94811): Assertion failure in 2 worker tests
1750         https://bugs.webkit.org/show_bug.cgi?id=67829
1751
1752         Reviewed by Sam Weinig.
1753
1754         Fixing a couple tests that were broken due to the wrong values being 
1755         set in the parent class pointers in the ClassInfo structs for 
1756         TerminatedExecutionError and InterruptedExecutionError.
1757
1758         * runtime/ExceptionHelpers.cpp:
1759
1760 2011-09-08  Oliver Hunt  <oliver@apple.com>
1761
1762         Use bump allocator for initial property storage
1763         https://bugs.webkit.org/show_bug.cgi?id=67494
1764
1765         Reviewed by Geoffrey Garen.
1766
1767         Use a bump allocator for initial allocation of property storage,
1768         and promote to fastMalloc memory only if it survives a GC pass.
1769
1770         Comes out as a 1% win on v8, and is a useful step on the way to
1771         GC allocation of all property storage.
1772
1773         * JavaScriptCore.exp:
1774         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1775         * JavaScriptCore.xcodeproj/project.pbxproj:
1776         * heap/Heap.cpp:
1777         (JSC::Heap::collect):
1778         * heap/Heap.h:
1779         (JSC::Heap::allocatePropertyStorage):
1780         (JSC::Heap::inPropertyStorageNursery):
1781         * heap/MarkedBlock.h:
1782         * heap/NewSpace.cpp:
1783         (JSC::NewSpace::NewSpace):
1784         * heap/NewSpace.h:
1785         (JSC::NewSpace::resetPropertyStorageNursery):
1786         (JSC::NewSpace::allocatePropertyStorage):
1787         (JSC::NewSpace::inPropertyStorageNursery):
1788         * jit/JITStubs.cpp:
1789         (JSC::DEFINE_STUB_FUNCTION):
1790         * runtime/JSObject.cpp:
1791         (JSC::JSObject::allocatePropertyStorage):
1792         * runtime/JSObject.h:
1793         (JSC::JSObject::isUsingInlineStorage):
1794         (JSC::JSObject::JSObject):
1795         (JSC::JSObject::propertyStorage):
1796         (JSC::JSObject::~JSObject):
1797         (JSC::JSObject::putDirectInternal):
1798         (JSC::JSObject::putDirectWithoutTransition):
1799         (JSC::JSObject::putDirectFunctionWithoutTransition):
1800         (JSC::JSObject::transitionTo):
1801         (JSC::JSObject::visitChildrenDirect):
1802         * runtime/StorageBarrier.h: Added.
1803         (JSC::StorageBarrier::StorageBarrier):
1804         (JSC::StorageBarrier::set):
1805         (JSC::StorageBarrier::operator->):
1806         (JSC::StorageBarrier::operator*):
1807         (JSC::StorageBarrier::operator[]):
1808         (JSC::StorageBarrier::get):
1809
1810 2011-09-08  Sam Weinig  <sam@webkit.org>
1811
1812         Remove the Completion object from JSC, I have never liked it
1813         https://bugs.webkit.org/show_bug.cgi?id=67755
1814
1815         Reviewed by Gavin Barraclough.
1816
1817         - Removes the Completion object and replaces its use with out parameter exceptions.
1818         - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
1819           ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
1820
1821         * API/JSBase.cpp:
1822         (JSEvaluateScript):
1823         (JSCheckScriptSyntax):
1824         * JavaScriptCore.exp:
1825         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1826         * interpreter/Interpreter.cpp:
1827         (JSC::Interpreter::throwException):
1828         * jsc.cpp:
1829         (functionLoad):
1830         (functionCheckSyntax):
1831         (runWithScripts):
1832         (runInteractive):
1833         * runtime/Completion.cpp:
1834         (JSC::checkSyntax):
1835         (JSC::evaluate):
1836         * runtime/Completion.h:
1837         * runtime/ExceptionHelpers.cpp:
1838         (JSC::InterruptedExecutionError::toString):
1839         (JSC::TerminatedExecutionError::toString):
1840         (JSC::createInterruptedExecutionException):
1841         * runtime/ExceptionHelpers.h:
1842         (JSC::InterruptedExecutionError::InterruptedExecutionError):
1843         (JSC::InterruptedExecutionError::create):
1844         (JSC::InterruptedExecutionError::createStructure):
1845         (JSC::TerminatedExecutionError::TerminatedExecutionError):
1846         (JSC::TerminatedExecutionError::create):
1847         (JSC::TerminatedExecutionError::createStructure):
1848         * runtime/JSGlobalData.cpp:
1849         (JSC::JSGlobalData::JSGlobalData):
1850         * runtime/JSObject.h:
1851
1852 2011-09-08  Ryosuke Niwa  <rniwa@webkit.org>
1853
1854         Build fix.
1855
1856         * dfg/DFGCapabilities.cpp:
1857
1858 2011-09-08  Filip Pizlo  <fpizlo@apple.com>
1859
1860         Value profling and execution count profiling is performed even for
1861         code that cannot be optimized
1862         https://bugs.webkit.org/show_bug.cgi?id=67694
1863
1864         Reviewed by Gavin Barraclough.
1865         
1866         This is a 2% speed-up on V8 when tiered compilation is enabled.
1867
1868         * JavaScriptCore.xcodeproj/project.pbxproj:
1869         * bytecode/CodeBlock.cpp:
1870         (JSC::ProgramCodeBlock::canCompileWithDFG):
1871         (JSC::EvalCodeBlock::canCompileWithDFG):
1872         (JSC::FunctionCodeBlock::canCompileWithDFG):
1873         * bytecode/CodeBlock.h:
1874         * dfg/DFGCapabilities.cpp: Added.
1875         (JSC::DFG::canCompileOpcodes):
1876         * dfg/DFGCapabilities.h: Added.
1877         (JSC::DFG::mightCompileEval):
1878         (JSC::DFG::mightCompileProgram):
1879         (JSC::DFG::mightCompileFunctionForCall):
1880         (JSC::DFG::mightCompileFunctionForConstruct):
1881         (JSC::DFG::canCompileOpcode):
1882         (JSC::DFG::canCompileEval):
1883         (JSC::DFG::canCompileProgram):
1884         (JSC::DFG::canCompileFunctionForCall):
1885         (JSC::DFG::canCompileFunctionForConstruct):
1886         * jit/JIT.cpp:
1887         (JSC::JIT::emitOptimizationCheck):
1888         (JSC::JIT::privateCompile):
1889         * jit/JIT.h:
1890         (JSC::JIT::shouldEmitProfiling):
1891         * jit/JITInlineMethods.h:
1892         (JSC::JIT::emitValueProfilingSite):
1893
1894 2011-09-08  Filip Pizlo  <fpizlo@apple.com>
1895
1896         DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
1897         https://bugs.webkit.org/show_bug.cgi?id=67840
1898
1899         Reviewed by Gavin Barraclough.
1900
1901         * dfg/DFGSpeculativeJIT.cpp:
1902         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
1903
1904 2011-09-08  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
1905
1906         https://bugs.webkit.org/show_bug.cgi?id=67771
1907
1908         Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
1909         and patchOffsetGetByIdSlowCaseCall
1910         and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
1911
1912         Reviewed by Gavin Barraclough.
1913
1914         * jit/JIT.h:
1915         * wtf/dtoa/utils.h:
1916
1917 2011-09-08  Mark Hahnenberg  <mhahnenberg@apple.com>
1918
1919         Remove getUInt32 from JSCell
1920         https://bugs.webkit.org/show_bug.cgi?id=67691
1921
1922         Reviewed by Oliver Hunt.
1923
1924          We don't use JSCell::getUInt32 anymore, so it has been removed.
1925
1926         * JavaScriptCore.exp:
1927         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1928         * runtime/JSCell.cpp:
1929         * runtime/JSCell.h:
1930
1931 2011-09-07  Filip Pizlo  <fpizlo@apple.com>
1932
1933         PPC build fix.
1934
1935         * bytecode/CodeBlock.cpp:
1936         (JSC::CodeBlock::~CodeBlock):
1937
1938 2011-09-07  Oliver Hunt  <oliver@apple.com>
1939
1940         Release mode build fix.
1941
1942         * API/JSCallbackObject.h:
1943         (JSC::JSCallbackObject::create):
1944
1945 2011-09-06  Oliver Hunt  <oliver@apple.com>
1946
1947         Remove JSObjectWithGlobalObject
1948         https://bugs.webkit.org/show_bug.cgi?id=67689
1949
1950         Reviewed by Geoff Garen.
1951
1952         Remove JSObjectWithGlobalObject, and update code to stop using anonymous
1953         storage to access the global object that a JSObject comes from.  Largely
1954         mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
1955
1956         * API/JSCallbackConstructor.cpp:
1957         (JSC::JSCallbackConstructor::JSCallbackConstructor):
1958         (JSC::JSCallbackConstructor::finishCreation):
1959         * API/JSCallbackConstructor.h:
1960         * API/JSCallbackObject.cpp:
1961         * API/JSCallbackObject.h:
1962         (JSC::JSCallbackObject::create):
1963         * API/JSCallbackObjectFunctions.h:
1964         (JSC::::JSCallbackObject):
1965         (JSC::::finishCreation):
1966         (JSC::::staticFunctionGetter):
1967         * API/JSClassRef.cpp:
1968         (OpaqueJSClass::prototype):
1969         * API/JSObjectRef.cpp:
1970         (JSObjectMake):
1971         (JSObjectGetPrivate):
1972         (JSObjectSetPrivate):
1973         (JSObjectGetPrivateProperty):
1974         (JSObjectSetPrivateProperty):
1975         (JSObjectDeletePrivateProperty):
1976         * API/JSValueRef.cpp:
1977         (JSValueIsObjectOfClass):
1978         * API/JSWeakObjectMapRefPrivate.cpp:
1979         * JavaScriptCore.exp:
1980         * JavaScriptCore.xcodeproj/project.pbxproj:
1981         * bytecode/CodeBlock.h:
1982         * dfg/DFGRepatch.cpp:
1983         (JSC::DFG::dfgRepatchGetMethodFast):
1984         (JSC::DFG::tryCacheGetMethod):
1985         * jit/JIT.h:
1986         * jit/JITInlineMethods.h:
1987         (JSC::JIT::emitAllocateJSFunction):
1988         * jit/JITPropertyAccess.cpp:
1989         (JSC::JIT::patchMethodCallProto):
1990         * jit/JITStubs.cpp:
1991         (JSC::DEFINE_STUB_FUNCTION):
1992         * runtime/DatePrototype.cpp:
1993         * runtime/InternalFunction.cpp:
1994         (JSC::InternalFunction::InternalFunction):
1995         (JSC::InternalFunction::finishCreation):
1996         * runtime/InternalFunction.h:
1997         * runtime/JSFunction.cpp:
1998         (JSC::JSFunction::JSFunction):
1999         (JSC::JSFunction::finishCreation):
2000         * runtime/JSFunction.h:
2001         (JSC::JSFunction::create):
2002         (JSC::JSFunction::createStructure):
2003         * runtime/JSGlobalObject.cpp:
2004         (JSC::JSGlobalObject::reset):
2005         * runtime/JSONObject.cpp:
2006         (JSC::JSONObject::JSONObject):
2007         (JSC::JSONObject::finishCreation):
2008         * runtime/JSONObject.h:
2009         * runtime/JSObject.h:
2010         (JSC::JSObject::globalObject):
2011         * runtime/JSObjectWithGlobalObject.cpp: Removed.
2012         * runtime/JSObjectWithGlobalObject.h: Removed.
2013         * runtime/JSValue.cpp:
2014         (JSC::JSValue::isValidCallee):
2015         * runtime/Lookup.cpp:
2016         (JSC::setUpStaticFunctionSlot):
2017         * runtime/Lookup.h:
2018         * runtime/MathObject.cpp:
2019         (JSC::MathObject::MathObject):
2020         (JSC::MathObject::finishCreation):
2021         * runtime/MathObject.h:
2022         * runtime/NumberPrototype.cpp:
2023         * runtime/RegExpObject.cpp:
2024         (JSC::RegExpObject::RegExpObject):
2025         (JSC::RegExpObject::finishCreation):
2026         * runtime/RegExpObject.h:
2027         * runtime/Structure.cpp:
2028         (JSC::Structure::Structure):
2029         * runtime/Structure.h:
2030         (JSC::Structure::create):
2031         (JSC::Structure::globalObject):
2032
2033 2011-09-07  Gavin Barraclough  <barraclough@apple.com>
2034
2035         Refactor JIT checks for ObjectType into helper functions.
2036
2037         Rubber stamped by Sam Weinig.
2038
2039         * dfg/DFGJITCompiler.h:
2040         (JSC::DFG::JITCompiler::branchIfNotObject):
2041         * dfg/DFGNonSpeculativeJIT.cpp:
2042         (JSC::DFG::NonSpeculativeJIT::compile):
2043         * dfg/DFGSpeculativeJIT.cpp:
2044         (JSC::DFG::SpeculativeJIT::compile):
2045         * jit/JIT.h:
2046         * jit/JITCall32_64.cpp:
2047         (JSC::JIT::emit_op_ret_object_or_this):
2048         * jit/JITInlineMethods.h:
2049         (JSC::JIT::emitJumpIfNotObject):
2050         * jit/JITOpcodes.cpp:
2051         (JSC::JIT::emit_op_instanceof):
2052         (JSC::JIT::emit_op_ret_object_or_this):
2053         (JSC::JIT::emit_op_get_pnames):
2054         (JSC::JIT::emit_op_create_this):
2055         * jit/JITOpcodes32_64.cpp:
2056         (JSC::JIT::emit_op_instanceof):
2057         (JSC::JIT::emit_op_get_pnames):
2058         (JSC::JIT::emit_op_create_this):
2059
2060 2011-09-07  Sheriff Bot  <webkit.review.bot@gmail.com>
2061
2062         Unreviewed, rolling out r94627 and r94632.
2063         http://trac.webkit.org/changeset/94627
2064         http://trac.webkit.org/changeset/94632
2065         https://bugs.webkit.org/show_bug.cgi?id=67698
2066
2067         It broke tests on GTK and Qt (Requested by Ossy on #webkit).
2068
2069         * API/JSCallbackConstructor.cpp:
2070         (JSC::JSCallbackConstructor::JSCallbackConstructor):
2071         * API/JSCallbackConstructor.h:
2072         (JSC::JSCallbackConstructor::create):
2073         * API/JSCallbackFunction.cpp:
2074         (JSC::JSCallbackFunction::JSCallbackFunction):
2075         * API/JSCallbackFunction.h:
2076         * JavaScriptCore.exp:
2077         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2078         * debugger/DebuggerActivation.cpp:
2079         (JSC::DebuggerActivation::create):
2080         * debugger/DebuggerActivation.h:
2081         * jsc.cpp:
2082         (GlobalObject::constructorBody):
2083         (GlobalObject::GlobalObject):
2084         * runtime/ArrayConstructor.cpp:
2085         (JSC::ArrayConstructor::ArrayConstructor):
2086         * runtime/ArrayConstructor.h:
2087         * runtime/ArrayPrototype.cpp:
2088         (JSC::ArrayPrototype::ArrayPrototype):
2089         * runtime/ArrayPrototype.h:
2090         (JSC::ArrayPrototype::create):
2091         * runtime/BooleanConstructor.cpp:
2092         (JSC::BooleanConstructor::BooleanConstructor):
2093         * runtime/BooleanConstructor.h:
2094         * runtime/BooleanObject.cpp:
2095         (JSC::BooleanObject::BooleanObject):
2096         * runtime/BooleanObject.h:
2097         (JSC::BooleanObject::create):
2098         * runtime/BooleanPrototype.cpp:
2099         (JSC::BooleanPrototype::BooleanPrototype):
2100         * runtime/BooleanPrototype.h:
2101         * runtime/DateConstructor.cpp:
2102         (JSC::DateConstructor::DateConstructor):
2103         * runtime/DateConstructor.h:
2104         * runtime/DateInstance.cpp:
2105         (JSC::DateInstance::DateInstance):
2106         * runtime/DateInstance.h:
2107         (JSC::DateInstance::create):
2108         * runtime/DatePrototype.cpp:
2109         (JSC::DatePrototype::DatePrototype):
2110         * runtime/DatePrototype.h:
2111         * runtime/Error.cpp:
2112         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
2113         * runtime/ErrorConstructor.cpp:
2114         (JSC::ErrorConstructor::ErrorConstructor):
2115         * runtime/ErrorConstructor.h:
2116         (JSC::ErrorConstructor::create):
2117         * runtime/ErrorPrototype.cpp:
2118         (JSC::ErrorPrototype::ErrorPrototype):
2119         * runtime/ErrorPrototype.h:
2120         (JSC::ErrorPrototype::create):
2121         * runtime/FunctionConstructor.cpp:
2122         (JSC::FunctionConstructor::FunctionConstructor):
2123         * runtime/FunctionConstructor.h:
2124         * runtime/FunctionPrototype.cpp:
2125         (JSC::FunctionPrototype::FunctionPrototype):
2126         * runtime/FunctionPrototype.h:
2127         * runtime/InternalFunction.cpp:
2128         (JSC::InternalFunction::InternalFunction):
2129         * runtime/InternalFunction.h:
2130         * runtime/JSActivation.cpp:
2131         (JSC::JSActivation::JSActivation):
2132         * runtime/JSActivation.h:
2133         (JSC::JSActivation::create):
2134         * runtime/JSGlobalObject.h:
2135         (JSC::JSGlobalObject::create):
2136         (JSC::JSGlobalObject::JSGlobalObject):
2137         * runtime/JSONObject.cpp:
2138         (JSC::JSONObject::JSONObject):
2139         * runtime/JSONObject.h:
2140         (JSC::JSONObject::create):
2141         * runtime/JSStaticScopeObject.h:
2142         (JSC::JSStaticScopeObject::create):
2143         (JSC::JSStaticScopeObject::JSStaticScopeObject):
2144         * runtime/JSString.cpp:
2145         (JSC::StringObject::create):
2146         * runtime/MathObject.cpp:
2147         (JSC::MathObject::MathObject):
2148         * runtime/MathObject.h:
2149         (JSC::MathObject::create):
2150         * runtime/NativeErrorConstructor.cpp:
2151         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2152         * runtime/NativeErrorConstructor.h:
2153         (JSC::NativeErrorConstructor::constructorBody):
2154         * runtime/NativeErrorPrototype.cpp:
2155         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2156         (JSC::NativeErrorPrototype::constructorBody):
2157         * runtime/NativeErrorPrototype.h:
2158         * runtime/NumberConstructor.cpp:
2159         (JSC::NumberConstructor::NumberConstructor):
2160         * runtime/NumberConstructor.h:
2161         * runtime/NumberObject.cpp:
2162         (JSC::NumberObject::NumberObject):
2163         * runtime/NumberObject.h:
2164         (JSC::NumberObject::create):
2165         * runtime/NumberPrototype.cpp:
2166         (JSC::NumberPrototype::NumberPrototype):
2167         * runtime/NumberPrototype.h:
2168         * runtime/ObjectConstructor.cpp:
2169         (JSC::ObjectConstructor::ObjectConstructor):
2170         * runtime/ObjectConstructor.h:
2171         * runtime/RegExpConstructor.cpp:
2172         (JSC::RegExpConstructor::RegExpConstructor):
2173         (JSC::RegExpMatchesArray::RegExpMatchesArray):
2174         * runtime/RegExpConstructor.h:
2175         * runtime/RegExpMatchesArray.h:
2176         (JSC::RegExpMatchesArray::create):
2177         * runtime/RegExpObject.cpp:
2178         (JSC::RegExpObject::RegExpObject):
2179         * runtime/RegExpObject.h:
2180         (JSC::RegExpObject::create):
2181         * runtime/RegExpPrototype.cpp:
2182         (JSC::RegExpPrototype::RegExpPrototype):
2183         * runtime/StringConstructor.cpp:
2184         (JSC::StringConstructor::StringConstructor):
2185         * runtime/StringConstructor.h:
2186         * runtime/StringObject.cpp:
2187         (JSC::StringObject::StringObject):
2188         * runtime/StringObject.h:
2189         (JSC::StringObject::create):
2190         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2191         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
2192         * runtime/StringPrototype.cpp:
2193         (JSC::StringPrototype::StringPrototype):
2194         * runtime/StringPrototype.h:
2195
2196 2011-09-06  Xianzhu Wang  <wangxianzhu@chromium.org>
2197
2198         Replace usages of Vector<UChar> with existing StringBuilder
2199         https://bugs.webkit.org/show_bug.cgi?id=67079
2200
2201         Reviewed by Gavin Barraclough.
2202
2203         This is part of work to support 8-bit string buffers.
2204         Adds StringBuilder::characters() because the original Vector<UChar>::data()
2205         is widely used.
2206         Sets the minimum size of buffer to 16 to prevent possible performance
2207         regression. Further performance investigation should be done in
2208         https://bugs.webkit.org/show_bug.cgi?id=67084.
2209
2210         * wtf/Forward.h:
2211         * wtf/text/StringBuilder.cpp:
2212         (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
2213         * wtf/text/StringBuilder.h:
2214         (WTF::StringBuilder::operator[]):
2215         (WTF::StringBuilder::characters): Added.
2216
2217 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2218
2219         Fix broken snow leopard build
2220         https://bugs.webkit.org/show_bug.cgi?id=67693
2221
2222         Reviewed by Daniel Bates.
2223
2224         Removed unnecessary symbol export.
2225
2226         * JavaScriptCore.exp:
2227
2228 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
2229
2230         DFG JIT does not optimize booleans
2231         https://bugs.webkit.org/show_bug.cgi?id=67670
2232
2233         Reviewed by Gavin Barraclough.
2234         
2235         This adds boolean value profiling, boolean prediction in the DFG,
2236         boolean forward flow propagation in the DFGPropagator, boolean
2237         data format in DFG generation info, and comprehensive optimizations
2238         based on both boolean prediction and boolean generation info.
2239         This is brings the speed-up on v8-richards to 12%, and gives slight
2240         speed-ups elsewhere as well.
2241         
2242         Making this work right required navigating some subtleties in
2243         value profiling.  Some functions get compiled with insufficient
2244         information because some important path of the function never
2245         executed.  In these cases, we wish to fall back on static
2246         speculation.  But to do so, we need to ensure that predictions that
2247         are inherent in the code (like that GetById almost certainly takes
2248         a cell operand) are reflected in predictions that we make in
2249         DFGPropagator.  Thus, DFGPropagator now does both backward and
2250         forward flow, using a both forward and backward fixpoint.
2251         
2252         The backward flow in DFGPropagator is a separate static analysis,
2253         and needs to keep a set of backward flow abstract values for
2254         variables, arguments, and globals.  To make this easy, this patch
2255         factors out DFGGraph's prediction tracking capability into
2256         DFGPredictionTracker, which now gets used by both DFGGraph (for
2257         forward flow predictions) and DFGPropagator (for backward flow
2258         predictions).  Backward flow predictions eventually get merged
2259         into forward flow ones, but the two are not equivalent: a forward
2260         flow prediction is a superset of the backward flow prediction.
2261         
2262         Debugging these prediction issues required a better understanding
2263         of where we fail speculation, and what our value predictions look
2264         like.  This patch also adds optional verbose speculation failure
2265         (so an informative printf fires whenever speculation failure occurs)
2266         and slight improvements to the verbosity in other places.
2267
2268         * bytecode/ValueProfile.h:
2269         (JSC::ValueProfile::numberOfBooleans):
2270         (JSC::ValueProfile::probabilityOfBoolean):
2271         (JSC::ValueProfile::dump):
2272         (JSC::ValueProfile::computeStatistics):
2273         * dfg/DFGByteCodeParser.cpp:
2274         (JSC::DFG::ByteCodeParser::stronglyPredict):
2275         (JSC::DFG::ByteCodeParser::parseBlock):
2276         * dfg/DFGGenerationInfo.h:
2277         (JSC::DFG::dataFormatToString):
2278         (JSC::DFG::needDataFormatConversion):
2279         * dfg/DFGGraph.cpp:
2280         (JSC::DFG::Graph::dump):
2281         (JSC::DFG::Graph::predictArgumentTypes):
2282         * dfg/DFGGraph.h:
2283         (JSC::DFG::Graph::Graph):
2284         (JSC::DFG::Graph::predictions):
2285         (JSC::DFG::Graph::predict):
2286         (JSC::DFG::Graph::predictGlobalVar):
2287         (JSC::DFG::Graph::getPrediction):
2288         (JSC::DFG::Graph::getGlobalVarPrediction):
2289         (JSC::DFG::Graph::isBooleanConstant):
2290         (JSC::DFG::Graph::valueOfBooleanConstant):
2291         * dfg/DFGJITCodeGenerator.cpp:
2292         (JSC::DFG::JITCodeGenerator::fillInteger):
2293         (JSC::DFG::JITCodeGenerator::fillDouble):
2294         (JSC::DFG::JITCodeGenerator::fillJSValue):
2295         (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
2296         (JSC::DFG::JITCodeGenerator::isKnownBoolean):
2297         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
2298         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
2299         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
2300         (JSC::DFG::JITCodeGenerator::emitBranch):
2301         (JSC::DFG::JITCodeGenerator::speculationCheck):
2302         (JSC::DFG::GPRTemporary::GPRTemporary):
2303         * dfg/DFGJITCodeGenerator.h:
2304         (JSC::DFG::JITCodeGenerator::isBooleanConstant):
2305         (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
2306         * dfg/DFGJITCompiler.cpp:
2307         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
2308         (JSC::DFG::JITCompiler::link):
2309         * dfg/DFGJITCompiler.h:
2310         (JSC::DFG::JITCompiler::debugCall):
2311         (JSC::DFG::JITCompiler::isBooleanConstant):
2312         (JSC::DFG::JITCompiler::valueOfBooleanConstant):
2313         * dfg/DFGNode.h:
2314         (JSC::DFG::isBooleanPrediction):
2315         (JSC::DFG::predictionToString):
2316         (JSC::DFG::mergePredictions):
2317         (JSC::DFG::makePrediction):
2318         (JSC::DFG::Node::isBooleanConstant):
2319         (JSC::DFG::Node::valueOfBooleanConstant):
2320         (JSC::DFG::Node::hasBooleanResult):
2321         (JSC::DFG::Node::hasNumericResult):
2322         (JSC::DFG::Node::predict):
2323         * dfg/DFGOperations.cpp:
2324         * dfg/DFGOperations.h:
2325         * dfg/DFGPredictionTracker.h: Added.
2326         (JSC::DFG::operandIsArgument):
2327         (JSC::DFG::PredictionSlot::PredictionSlot):
2328         (JSC::DFG::PredictionTracker::PredictionTracker):
2329         (JSC::DFG::PredictionTracker::initializeSimilarTo):
2330         (JSC::DFG::PredictionTracker::numberOfArguments):
2331         (JSC::DFG::PredictionTracker::numberOfVariables):
2332         (JSC::DFG::PredictionTracker::argumentIndexForOperand):
2333         (JSC::DFG::PredictionTracker::predictArgument):
2334         (JSC::DFG::PredictionTracker::predict):
2335         (JSC::DFG::PredictionTracker::predictGlobalVar):
2336         (JSC::DFG::PredictionTracker::getArgumentPrediction):
2337         (JSC::DFG::PredictionTracker::getPrediction):
2338         (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
2339         * dfg/DFGPropagator.cpp:
2340         (JSC::DFG::Propagator::Propagator):
2341         (JSC::DFG::Propagator::fixpoint):
2342         (JSC::DFG::Propagator::setPrediction):
2343         (JSC::DFG::Propagator::mergeUse):
2344         (JSC::DFG::Propagator::mergePrediction):
2345         (JSC::DFG::Propagator::propagateNode):
2346         * dfg/DFGSpeculativeJIT.cpp:
2347         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2348         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2349         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2350         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2351         (JSC::DFG::SpeculativeJIT::compare):
2352         (JSC::DFG::SpeculativeJIT::compile):
2353         * dfg/DFGSpeculativeJIT.h:
2354         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
2355         (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
2356         (JSC::DFG::SpeculateBooleanOperand::index):
2357         (JSC::DFG::SpeculateBooleanOperand::gpr):
2358         (JSC::DFG::SpeculateBooleanOperand::use):
2359         * runtime/JSGlobalData.h:
2360         * runtime/JSValue.cpp:
2361         (JSC::JSValue::description):
2362
2363 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2364
2365         Unzip initialization lists and constructors in JSCell hierarchy (5/7)
2366         https://bugs.webkit.org/show_bug.cgi?id=67420
2367
2368         Reviewed by Geoffrey Garen.
2369
2370         Completed the fifth level of the refactoring to add finishCreation() 
2371         methods to all classes within the JSCell hierarchy with non-trivial 
2372         constructor bodies.
2373
2374         This primarily consists of pushing the calls to finishCreation() down 
2375         into the constructors of the subclasses of the second level of the hierarchy 
2376         as well as pulling the finishCreation() calls out into the class's corresponding
2377         create() method if it has one.  Doing both simultaneously allows us to 
2378         maintain the invariant that the finishCreation() method chain is called exactly 
2379         once during the creation of an object, since calling it any other number of 
2380         times (0, 2, or more) will cause an assertion failure.
2381
2382         * API/JSCallbackConstructor.cpp:
2383         (JSC::JSCallbackConstructor::JSCallbackConstructor):
2384         * API/JSCallbackConstructor.h:
2385         (JSC::JSCallbackConstructor::create):
2386         * API/JSCallbackFunction.cpp:
2387         (JSC::JSCallbackFunction::JSCallbackFunction):
2388         (JSC::JSCallbackFunction::finishCreation):
2389         * API/JSCallbackFunction.h:
2390         * JavaScriptCore.exp:
2391         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2392         * debugger/DebuggerActivation.cpp:
2393         * debugger/DebuggerActivation.h:
2394         (JSC::DebuggerActivation::create):
2395         * jsc.cpp:
2396         (GlobalObject::finishCreation):
2397         (GlobalObject::GlobalObject):
2398         * runtime/ArrayConstructor.cpp:
2399         (JSC::ArrayConstructor::ArrayConstructor):
2400         (JSC::ArrayConstructor::finishCreation):
2401         * runtime/ArrayConstructor.h:
2402         * runtime/ArrayPrototype.cpp:
2403         (JSC::ArrayPrototype::ArrayPrototype):
2404         * runtime/ArrayPrototype.h:
2405         (JSC::ArrayPrototype::create):
2406         * runtime/BooleanConstructor.cpp:
2407         (JSC::BooleanConstructor::BooleanConstructor):
2408         (JSC::BooleanConstructor::finishCreation):
2409         * runtime/BooleanConstructor.h:
2410         * runtime/BooleanObject.cpp:
2411         (JSC::BooleanObject::BooleanObject):
2412         * runtime/BooleanObject.h:
2413         (JSC::BooleanObject::create):
2414         * runtime/BooleanPrototype.cpp:
2415         (JSC::BooleanPrototype::BooleanPrototype):
2416         (JSC::BooleanPrototype::finishCreation):
2417         * runtime/BooleanPrototype.h:
2418         * runtime/DateConstructor.cpp:
2419         (JSC::DateConstructor::DateConstructor):
2420         (JSC::DateConstructor::finishCreation):
2421         * runtime/DateConstructor.h:
2422         * runtime/DateInstance.cpp:
2423         (JSC::DateInstance::DateInstance):
2424         * runtime/DateInstance.h:
2425         (JSC::DateInstance::create):
2426         * runtime/DatePrototype.cpp:
2427         (JSC::DatePrototype::DatePrototype):
2428         (JSC::DatePrototype::finishCreation):
2429         * runtime/DatePrototype.h:
2430         * runtime/Error.cpp:
2431         (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
2432         * runtime/ErrorConstructor.cpp:
2433         (JSC::ErrorConstructor::ErrorConstructor):
2434         (JSC::ErrorConstructor::finishCreation):
2435         * runtime/ErrorConstructor.h:
2436         * runtime/ErrorPrototype.cpp:
2437         (JSC::ErrorPrototype::ErrorPrototype):
2438         * runtime/ErrorPrototype.h:
2439         (JSC::ErrorPrototype::create):
2440         * runtime/FunctionConstructor.cpp:
2441         (JSC::FunctionConstructor::FunctionConstructor):
2442         (JSC::FunctionConstructor::finishCreation):
2443         * runtime/FunctionConstructor.h:
2444         * runtime/FunctionPrototype.cpp:
2445         (JSC::FunctionPrototype::FunctionPrototype):
2446         (JSC::FunctionPrototype::finishCreation):
2447         * runtime/FunctionPrototype.h:
2448         * runtime/InternalFunction.cpp:
2449         (JSC::InternalFunction::InternalFunction):
2450         * runtime/InternalFunction.h:
2451         * runtime/JSActivation.cpp:
2452         (JSC::JSActivation::JSActivation):
2453         * runtime/JSActivation.h:
2454         (JSC::JSActivation::create):
2455         * runtime/JSGlobalObject.h:
2456         (JSC::JSGlobalObject::create):
2457         (JSC::JSGlobalObject::JSGlobalObject):
2458         * runtime/JSONObject.cpp:
2459         (JSC::JSONObject::JSONObject):
2460         * runtime/JSONObject.h:
2461         (JSC::JSONObject::create):
2462         * runtime/JSStaticScopeObject.h:
2463         (JSC::JSStaticScopeObject::create):
2464         (JSC::JSStaticScopeObject::JSStaticScopeObject):
2465         * runtime/JSString.cpp:
2466         (JSC::StringObject::create):
2467         * runtime/MathObject.cpp:
2468         (JSC::MathObject::MathObject):
2469         * runtime/MathObject.h:
2470         (JSC::MathObject::create):
2471         * runtime/NativeErrorConstructor.cpp:
2472         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2473         * runtime/NativeErrorConstructor.h:
2474         (JSC::NativeErrorConstructor::finishCreation):
2475         * runtime/NativeErrorPrototype.cpp:
2476         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2477         (JSC::NativeErrorPrototype::finishCreation):
2478         * runtime/NativeErrorPrototype.h:
2479         * runtime/NumberConstructor.cpp:
2480         (JSC::NumberConstructor::NumberConstructor):
2481         (JSC::NumberConstructor::finishCreation):
2482         * runtime/NumberConstructor.h:
2483         * runtime/NumberObject.cpp:
2484         (JSC::NumberObject::NumberObject):
2485         * runtime/NumberObject.h:
2486         (JSC::NumberObject::create):
2487         * runtime/NumberPrototype.cpp:
2488         (JSC::NumberPrototype::NumberPrototype):
2489         (JSC::NumberPrototype::finishCreation):
2490         * runtime/NumberPrototype.h:
2491         * runtime/ObjectConstructor.cpp:
2492         (JSC::ObjectConstructor::ObjectConstructor):
2493         (JSC::ObjectConstructor::finishCreation):
2494         * runtime/ObjectConstructor.h:
2495         * runtime/RegExpConstructor.cpp:
2496         (JSC::RegExpConstructor::RegExpConstructor):
2497         (JSC::RegExpConstructor::finishCreation):
2498         (JSC::RegExpMatchesArray::RegExpMatchesArray):
2499         * runtime/RegExpConstructor.h:
2500         * runtime/RegExpMatchesArray.h:
2501         (JSC::RegExpMatchesArray::create):
2502         * runtime/RegExpObject.cpp:
2503         (JSC::RegExpObject::RegExpObject):
2504         * runtime/RegExpObject.h:
2505         (JSC::RegExpObject::create):
2506         * runtime/RegExpPrototype.cpp:
2507         (JSC::RegExpPrototype::RegExpPrototype):
2508         * runtime/StringConstructor.cpp:
2509         (JSC::StringConstructor::StringConstructor):
2510         (JSC::StringConstructor::finishCreation):
2511         * runtime/StringConstructor.h:
2512         * runtime/StringObject.cpp:
2513         (JSC::StringObject::StringObject):
2514         * runtime/StringObject.h:
2515         (JSC::StringObject::create):
2516         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2517         (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
2518         * runtime/StringPrototype.cpp:
2519         (JSC::StringPrototype::StringPrototype):
2520         (JSC::StringPrototype::finishCreation):
2521         * runtime/StringPrototype.h:
2522
2523 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
2524
2525         Accessibility tests crashing in BasicRawSentinelNode code
2526         https://bugs.webkit.org/show_bug.cgi?id=67682
2527
2528         Reviewed by Geoffrey Garen.
2529         
2530         A CodeBlock should ensure that no other CodeBlocks have references to it after
2531         it is destroyed.
2532
2533         * bytecode/CodeBlock.cpp:
2534         (JSC::CodeBlock::~CodeBlock):
2535
2536 2011-09-06  Yong Li  <yoli@rim.com>
2537
2538         https://bugs.webkit.org/show_bug.cgi?id=67486
2539         This reverts r65993 which gives wrong results for rshift
2540         in some corner cases (see the test).
2541
2542         Reviewed by Gavin Barraclough.
2543
2544         New test: fast/js/floating-point-truncate-rshift.html
2545
2546         * assembler/ARMAssembler.h:
2547         * assembler/MacroAssemblerARM.h:
2548         (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
2549         (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
2550
2551 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
2552
2553         Unreviewed build fix for r94559.
2554         
2555         Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
2556         new out-of-line JIT-specific method definitions with !ENABLE(JIT).
2557
2558         * bytecode/CodeBlock.cpp:
2559         * runtime/Executable.cpp:
2560         (JSC::EvalExecutable::compileInternal):
2561         (JSC::ProgramExecutable::compileInternal):
2562         (JSC::FunctionExecutable::compileForCallInternal):
2563
2564 2011-09-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2565
2566         Fix broken PPC build due to new dtoa library
2567         https://bugs.webkit.org/show_bug.cgi?id=67654
2568
2569         Reviewed by Dan Bernstein.
2570
2571         Added condition for PPC in the new dtoa compatibility check so that
2572         building won't fail.
2573
2574         * wtf/dtoa/utils.h:
2575
2576 2011-09-05  Oliver Hunt  <oliver@apple.com>
2577
2578         An object's structure should reference the global object responsible for its creation
2579         https://bugs.webkit.org/show_bug.cgi?id=67624
2580
2581         Reviewed by Gavin Barraclough.
2582
2583         Add a reference to a GlobalObject to Structure, and update all calls to
2584         Structure::create() to pass the global object that is the origin for that
2585         structure.  For objects where the appropriate global object isn't available
2586         at construction time (global object prototypes, etc), or objects that
2587         logically don't have a global object (strings, etc) we just pass null.
2588
2589         This change is largely mechanical (passing a new globalObject parameter
2590         around).
2591
2592         * API/JSCallbackConstructor.h:
2593         (JSC::JSCallbackConstructor::createStructure):
2594         * API/JSCallbackFunction.h:
2595         (JSC::JSCallbackFunction::createStructure):
2596         * API/JSCallbackObject.h:
2597         (JSC::JSCallbackObject::createStructure):
2598         * API/JSContextRef.cpp:
2599         * JavaScriptCore.exp:
2600         * debugger/DebuggerActivation.h:
2601         (JSC::DebuggerActivation::createStructure):
2602         * runtime/Arguments.h:
2603         (JSC::Arguments::createStructure):
2604         * runtime/ArrayConstructor.h:
2605         (JSC::ArrayConstructor::createStructure):
2606         * runtime/ArrayPrototype.h:
2607         (JSC::ArrayPrototype::createStructure):
2608         * runtime/BooleanObject.h:
2609         (JSC::BooleanObject::createStructure):
2610         * runtime/BooleanPrototype.h:
2611         (JSC::BooleanPrototype::createStructure):
2612         * runtime/DateConstructor.h:
2613         (JSC::DateConstructor::createStructure):
2614         * runtime/DateInstance.h:
2615         (JSC::DateInstance::createStructure):
2616         * runtime/DatePrototype.h:
2617         (JSC::DatePrototype::createStructure):
2618         * runtime/ErrorInstance.h:
2619         (JSC::ErrorInstance::createStructure):
2620         * runtime/ErrorPrototype.h:
2621         (JSC::ErrorPrototype::createStructure):
2622         * runtime/Executable.h:
2623         (JSC::ExecutableBase::createStructure):
2624         (JSC::NativeExecutable::createStructure):
2625         (JSC::EvalExecutable::createStructure):
2626         (JSC::ProgramExecutable::createStructure):
2627         (JSC::FunctionExecutable::createStructure):
2628         * runtime/FunctionPrototype.h:
2629         (JSC::FunctionPrototype::createStructure):
2630         * runtime/GetterSetter.h:
2631         (JSC::GetterSetter::createStructure):
2632         * runtime/InternalFunction.h:
2633         (JSC::InternalFunction::createStructure):
2634         * runtime/JSAPIValueWrapper.h:
2635         (JSC::JSAPIValueWrapper::createStructure):
2636         * runtime/JSActivation.h:
2637         (JSC::JSActivation::createStructure):
2638         * runtime/JSArray.h:
2639         (JSC::JSArray::createStructure):
2640         * runtime/JSByteArray.cpp:
2641         (JSC::JSByteArray::createStructure):
2642         * runtime/JSByteArray.h:
2643         * runtime/JSFunction.h:
2644         (JSC::JSFunction::createStructure):
2645         * runtime/JSGlobalData.cpp:
2646         (JSC::JSGlobalData::JSGlobalData):
2647         * runtime/JSGlobalObject.cpp:
2648         (JSC::JSGlobalObject::reset):
2649         * runtime/JSGlobalObject.h:
2650         (JSC::JSGlobalObject::finishCreation):
2651         (JSC::JSGlobalObject::createStructure):
2652         * runtime/JSNotAnObject.h:
2653         (JSC::JSNotAnObject::createStructure):
2654         * runtime/JSONObject.h:
2655         (JSC::JSONObject::createStructure):
2656         * runtime/JSObject.cpp:
2657         (JSC::JSObject::createInheritorID):
2658         * runtime/JSObject.h:
2659         (JSC::JSObject::createStructure):
2660         (JSC::JSNonFinalObject::createStructure):
2661         (JSC::JSFinalObject::createStructure):
2662         (JSC::createEmptyObjectStructure):
2663         * runtime/JSObjectWithGlobalObject.h:
2664         (JSC::JSObjectWithGlobalObject::createStructure):
2665         * runtime/JSPropertyNameIterator.h:
2666         (JSC::JSPropertyNameIterator::createStructure):
2667         * runtime/JSStaticScopeObject.h:
2668         (JSC::JSStaticScopeObject::createStructure):
2669         * runtime/JSString.h:
2670         (JSC::RopeBuilder::createStructure):
2671         * runtime/JSVariableObject.h:
2672         (JSC::JSVariableObject::createStructure):
2673         * runtime/JSWrapperObject.h:
2674         (JSC::JSWrapperObject::createStructure):
2675         * runtime/MathObject.h:
2676         (JSC::MathObject::createStructure):
2677         * runtime/NativeErrorConstructor.h:
2678         (JSC::NativeErrorConstructor::createStructure):
2679         (JSC::NativeErrorConstructor::constructorBody):
2680         * runtime/NumberConstructor.h:
2681         (JSC::NumberConstructor::createStructure):
2682         * runtime/NumberObject.h:
2683         (JSC::NumberObject::createStructure):
2684         * runtime/NumberPrototype.h:
2685         (JSC::NumberPrototype::createStructure):
2686         * runtime/ObjectConstructor.h:
2687         (JSC::ObjectConstructor::createStructure):
2688         * runtime/ObjectPrototype.h:
2689         (JSC::ObjectPrototype::createStructure):
2690         * runtime/RegExp.h:
2691         (JSC::RegExp::createStructure):
2692         * runtime/RegExpConstructor.h:
2693         (JSC::RegExpConstructor::createStructure):
2694         * runtime/RegExpObject.h:
2695         (JSC::RegExpObject::createStructure):
2696         * runtime/RegExpPrototype.h:
2697         (JSC::RegExpPrototype::createStructure):
2698         * runtime/ScopeChain.h:
2699         (JSC::ScopeChainNode::createStructure):
2700         * runtime/StrictEvalActivation.h:
2701         (JSC::StrictEvalActivation::createStructure):
2702         * runtime/StringConstructor.h:
2703         (JSC::StringConstructor::createStructure):
2704         * runtime/StringObject.h:
2705         (JSC::StringObject::createStructure):
2706         * runtime/StringObjectThatMasqueradesAsUndefined.h:
2707         (JSC::StringObjectThatMasqueradesAsUndefined::create):
2708         (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
2709         * runtime/StringPrototype.h:
2710         (JSC::StringPrototype::createStructure):
2711         * runtime/Structure.cpp:
2712         (JSC::Structure::Structure):
2713         (JSC::Structure::visitChildren):
2714         * runtime/Structure.h:
2715         (JSC::Structure::create):
2716         (JSC::Structure::globalObject):
2717         (JSC::Structure::setGlobalObject):
2718         * runtime/StructureChain.h:
2719         (JSC::StructureChain::createStructure):
2720
2721 2011-09-06  Michael Saboff  <msaboff@apple.com>
2722
2723         Add windows changes for JSC:RegExp functional tests
2724         https://bugs.webkit.org/show_bug.cgi?id=67521
2725
2726         Windows build changes for regular expression functional test.
2727
2728         Rubber-stamped by Gavin Barraclough.
2729
2730         * JavaScriptCore.vcproj/JavaScriptCore.sln:
2731         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2732         * JavaScriptCore.vcproj/testRegExp: Added.
2733         * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
2734         * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
2735         * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
2736         * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
2737         * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
2738         * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
2739         * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
2740         * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
2741         * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
2742         * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
2743         * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
2744         * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
2745
2746 2011-09-06  Filip Pizlo  <fpizlo@apple.com>
2747
2748         JavaScriptCore does not have tiered compilation
2749         https://bugs.webkit.org/show_bug.cgi?id=67176
2750
2751         Reviewed by Gavin Barraclough.
2752         
2753         This adds the ability to have multiple CodeBlocks associated with
2754         a particular role in an Executable.  These are stored in
2755         descending order of compiler tier.  CodeBlocks are optimized when
2756         a counter (m_executeCounter) that is incremented in loops and
2757         epilogues becomes positive.  Optimizing means that all calls to
2758         the old CodeBlock are unlinked.
2759         
2760         The DFG can now pull in predictions from ValueProfiles, and
2761         propagate them along the graph.  To support the new phase while
2762         maintaing some level of abstraction, a DFGDriver was introduced
2763         that encapsulates how to run the DFG compiler.
2764         
2765         This is turned off by default because it's not yet a performance
2766         win on all benchmarks.  It speeds up crypto and richards by
2767         10% and 6% respectively, but still does not do as good of a job
2768         as it could.  Notably, the DFG backend has not changed, and
2769         is largely oblivious to the new information being made available
2770         to it.
2771         
2772         When turned off (the default), this patch is performance neutral.
2773
2774         * CMakeLists.txt:
2775         * GNUmakefile.am:
2776         * GNUmakefile.list.am:
2777         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2778         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
2779         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
2780         * JavaScriptCore.xcodeproj/project.pbxproj:
2781         * assembler/MacroAssemblerX86.h:
2782         (JSC::MacroAssemblerX86::branchAdd32):
2783         * assembler/MacroAssemblerX86_64.h:
2784         (JSC::MacroAssemblerX86_64::branchAdd32):
2785         * bytecode/CodeBlock.cpp:
2786         (JSC::CodeBlock::CodeBlock):
2787         (JSC::CodeBlock::~CodeBlock):
2788         (JSC::CodeBlock::visitAggregate):
2789         (JSC::CallLinkInfo::unlink):
2790         (JSC::CodeBlock::unlinkCalls):
2791         (JSC::CodeBlock::unlinkIncomingCalls):
2792         (JSC::CodeBlock::clearEvalCache):
2793         (JSC::replaceExistingEntries):
2794         (JSC::CodeBlock::copyDataFromAlternative):
2795         (JSC::ProgramCodeBlock::replacement):
2796         (JSC::EvalCodeBlock::replacement):
2797         (JSC::FunctionCodeBlock::replacement):
2798         (JSC::ProgramCodeBlock::compileOptimized):
2799         (JSC::EvalCodeBlock::compileOptimized):
2800         (JSC::FunctionCodeBlock::compileOptimized):
2801         * bytecode/CodeBlock.h:
2802         (JSC::GlobalCodeBlock::GlobalCodeBlock):
2803         (JSC::ProgramCodeBlock::ProgramCodeBlock):
2804         (JSC::EvalCodeBlock::EvalCodeBlock):
2805         (JSC::FunctionCodeBlock::FunctionCodeBlock):
2806         * bytecode/ValueProfile.h:
2807         (JSC::ValueProfile::dump):
2808         (JSC::ValueProfile::computeStatistics):
2809         * bytecompiler/BytecodeGenerator.cpp:
2810         (JSC::BytecodeGenerator::BytecodeGenerator):
2811         * bytecompiler/BytecodeGenerator.h:
2812         * dfg/DFGByteCodeParser.cpp:
2813         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2814         (JSC::DFG::ByteCodeParser::addCall):
2815         (JSC::DFG::ByteCodeParser::dynamicallyPredict):
2816         (JSC::DFG::ByteCodeParser::parseBlock):
2817         (JSC::DFG::parse):
2818         * dfg/DFGDriver.cpp: Added.
2819         (JSC::DFG::compile):
2820         (JSC::DFG::tryCompile):
2821         (JSC::DFG::tryCompileFunction):
2822         * dfg/DFGDriver.h: Added.
2823         (JSC::DFG::tryCompile):
2824         (JSC::DFG::tryCompileFunction):
2825         * dfg/DFGGraph.cpp:
2826         (JSC::DFG::Graph::dump):
2827         (JSC::DFG::Graph::predictArgumentTypes):
2828         * dfg/DFGGraph.h:
2829         (JSC::DFG::Graph::predict):
2830         (JSC::DFG::Graph::predictGlobalVar):
2831         (JSC::DFG::Graph::isConstant):
2832         (JSC::DFG::Graph::isJSConstant):
2833         (JSC::DFG::Graph::isInt32Constant):
2834         (JSC::DFG::Graph::isDoubleConstant):
2835         (JSC::DFG::Graph::valueOfJSConstant):
2836         (JSC::DFG::Graph::valueOfInt32Constant):
2837         (JSC::DFG::Graph::valueOfDoubleConstant):
2838         * dfg/DFGJITCompiler.cpp:
2839         (JSC::DFG::JITCompiler::link):
2840         * dfg/DFGJITCompiler.h:
2841         (JSC::DFG::JITCompiler::isConstant):
2842         (JSC::DFG::JITCompiler::isJSConstant):
2843         (JSC::DFG::JITCompiler::isInt32Constant):
2844         (JSC::DFG::JITCompiler::isDoubleConstant):
2845         (JSC::DFG::JITCompiler::valueOfJSConstant):
2846         (JSC::DFG::JITCompiler::valueOfInt32Constant):
2847         (JSC::DFG::JITCompiler::valueOfDoubleConstant):
2848         * dfg/DFGNode.h:
2849         (JSC::DFG::isCellPrediction):
2850         (JSC::DFG::isNumberPrediction):
2851         (JSC::DFG::predictionToString):
2852         (JSC::DFG::mergePrediction):
2853         (JSC::DFG::makePrediction):
2854         (JSC::DFG::Node::valueOfJSConstant):
2855         (JSC::DFG::Node::isInt32Constant):
2856         (JSC::DFG::Node::isDoubleConstant):
2857         (JSC::DFG::Node::valueOfInt32Constant):
2858         (JSC::DFG::Node::valueOfDoubleConstant):
2859         (JSC::DFG::Node::predict):
2860         * dfg/DFGPropagation.cpp: Added.
2861         (JSC::DFG::Propagator::Propagator):
2862         (JSC::DFG::Propagator::fixpoint):
2863         (JSC::DFG::Propagator::setPrediction):
2864         (JSC::DFG::Propagator::mergePrediction):
2865         (JSC::DFG::Propagator::propagateNode):
2866         (JSC::DFG::Propagator::propagateForward):
2867         (JSC::DFG::Propagator::propagateBackward):
2868         (JSC::DFG::propagate):
2869         * dfg/DFGPropagation.h: Added.
2870         (JSC::DFG::propagate):
2871         * dfg/DFGRepatch.cpp:
2872         (JSC::DFG::dfgLinkFor):
2873         * heap/HandleHeap.h:
2874         (JSC::HandleHeap::Node::Node):
2875         * jit/JIT.cpp:
2876         (JSC::JIT::emitOptimizationCheck):
2877         (JSC::JIT::emitTimeoutCheck):
2878         (JSC::JIT::privateCompile):
2879         (JSC::JIT::linkFor):
2880         * jit/JIT.h:
2881         (JSC::JIT::emitOptimizationCheck):
2882         * jit/JITCall32_64.cpp:
2883         (JSC::JIT::emit_op_ret):
2884         (JSC::JIT::emit_op_ret_object_or_this):
2885         * jit/JITCode.h:
2886         (JSC::JITCode::JITCode):
2887         (JSC::JITCode::bottomTierJIT):
2888         (JSC::JITCode::topTierJIT):
2889         (JSC::JITCode::nextTierJIT):
2890         * jit/JITOpcodes.cpp:
2891         (JSC::JIT::emit_op_ret):
2892         (JSC::JIT::emit_op_ret_object_or_this):
2893         * jit/JITStubs.cpp:
2894         (JSC::DEFINE_STUB_FUNCTION):
2895         * jit/JITStubs.h:
2896         * runtime/Executable.cpp:
2897         (JSC::EvalExecutable::compileOptimized):
2898         (JSC::EvalExecutable::compileInternal):
2899         (JSC::ProgramExecutable::compileOptimized):
2900         (JSC::ProgramExecutable::compileInternal):
2901         (JSC::FunctionExecutable::compileOptimizedForCall):
2902         (JSC::FunctionExecutable::compileOptimizedForConstruct):
2903         (JSC::FunctionExecutable::compileForCallInternal):
2904         (JSC::FunctionExecutable::compileForConstructInternal):
2905         * runtime/Executable.h:
2906         (JSC::EvalExecutable::compile):
2907         (JSC::ProgramExecutable::compile):
2908         (JSC::FunctionExecutable::compileForCall):
2909         (JSC::FunctionExecutable::compileForConstruct):
2910         (JSC::FunctionExecutable::compileOptimizedFor):
2911         * wtf/Platform.h:
2912         * wtf/SentinelLinkedList.h:
2913         (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
2914         (WTF::BasicRawSentinelNode::setPrev):
2915         (WTF::BasicRawSentinelNode::setNext):
2916         (WTF::BasicRawSentinelNode::prev):
2917         (WTF::BasicRawSentinelNode::next):
2918         (WTF::BasicRawSentinelNode::isOnList):
2919         (WTF::::remove):
2920         (WTF::::SentinelLinkedList):
2921         (WTF::::begin):
2922         (WTF::::end):
2923         (WTF::::push):
2924
2925 2011-09-05  Sheriff Bot  <webkit.review.bot@gmail.com>
2926
2927         Unreviewed, rolling out r94445 and r94448.
2928         http://trac.webkit.org/changeset/94445
2929         http://trac.webkit.org/changeset/94448
2930         https://bugs.webkit.org/show_bug.cgi?id=67595
2931
2932         It broke everything (Requested by ossy on #webkit).
2933
2934         * JavaScriptCore.exp:
2935         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2936         * heap/Heap.cpp:
2937         (JSC::Heap::collect):
2938         * heap/Heap.h:
2939         * heap/NewSpace.cpp:
2940         (JSC::NewSpace::NewSpace):
2941         * heap/NewSpace.h:
2942         * jit/JITStubs.cpp:
2943         (JSC::DEFINE_STUB_FUNCTION):
2944         * runtime/JSObject.cpp:
2945         (JSC::JSObject::allocatePropertyStorage):
2946         * runtime/JSObject.h:
2947         (JSC::JSObject::~JSObject):
2948         (JSC::JSObject::putDirectInternal):
2949         (JSC::JSObject::putDirectWithoutTransition):
2950         (JSC::JSObject::putDirectFunctionWithoutTransition):
2951         (JSC::JSObject::transitionTo):
2952         (JSC::JSObject::visitChildrenDirect):
2953
2954 2011-09-05  Patrick Gansterer  <paroga@webkit.org>
2955
2956         Unreviewed build fix for r94452.
2957
2958         Add config.h as the first header to the cc files as required by the coding style.
2959         Reuse macros from Assertions.h instead of adding addional #ifdefs.
2960
2961         * wtf/dtoa/bignum-dtoa.cc:
2962         * wtf/dtoa/bignum.cc:
2963         * wtf/dtoa/cached-powers.cc:
2964         * wtf/dtoa/diy-fp.cc:
2965         * wtf/dtoa/double-conversion.cc:
2966         * wtf/dtoa/fast-dtoa.cc:
2967         * wtf/dtoa/fixed-dtoa.cc:
2968         * wtf/dtoa/strtod.cc:
2969         * wtf/dtoa/utils.h:
2970
2971 2011-09-05  Andras Becsi  <andras.becsi@nokia.com>
2972
2973         [Qt][WK2] Fix the build
2974
2975         Rubber-stamped by Csaba Osztrogonác.
2976
2977         * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
2978         The variable fractional_part is only set but never used.
2979
2980 2011-09-04  Mark Hahnenberg  <mhahnenberg@apple.com>
2981
2982         REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
2983         https://bugs.webkit.org/show_bug.cgi?id=67562
2984
2985         Reviewed by Darin Adler.
2986
2987         Fixing the build (again which was broken by the dtoa patch.  Needed 
2988         to make sure WTF::double_conversion::initialize() is called for Qt
2989         as well as adding a check for WinCE in dtoa/utils.h
2990
2991         * runtime/InitializeThreading.cpp:
2992         (JSC::initializeThreadingOnce):
2993         * wtf/dtoa/cached-powers.cc:
2994         * wtf/dtoa/utils.h:
2995
2996 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
2997
2998         ThunkGenerators does not convert positive double zero into integer zero
2999         https://bugs.webkit.org/show_bug.cgi?id=67553
3000
3001         Reviewed by Gavin Barraclough.
3002         
3003         This is an 0.5% speed-up on V8 and neutral elsewhere.
3004
3005         * jit/SpecializedThunkJIT.h:
3006         (JSC::SpecializedThunkJIT::returnDouble):
3007
3008 2011-09-03  Kevin Ollivier  <kevino@theolliviers.com>
3009
3010         [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
3011
3012         * wscript:
3013
3014 2011-09-03  Filip Pizlo  <fpizlo@apple.com>
3015
3016         DFG variable predictions only work for local variables, not temporaries
3017         https://bugs.webkit.org/show_bug.cgi?id=67554
3018
3019         Reviewed by Gavin Barraclough.
3020         
3021         This appears to be a slight speed-up in Kraken (0.3% but significant)
3022         and neutral elsewhere.
3023
3024         * dfg/DFGGraph.h:
3025         (JSC::DFG::Graph::predict):
3026
3027 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
3028
3029         DFG JIT speculation failure does recovery of additions in reverse and
3030         doesn't rebox
3031         https://bugs.webkit.org/show_bug.cgi?id=67551
3032
3033         Reviewed by Sam Weinig.
3034
3035         * dfg/DFGJITCompiler.cpp:
3036         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
3037
3038 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
3039
3040         ValueProfile does not make it safe to introspect cell values
3041         after garbage collection
3042         https://bugs.webkit.org/show_bug.cgi?id=67354
3043
3044         Reviewed by Gavin Barraclough.
3045         
3046         ValueProfile buckets are now weak references, implemented using a
3047         light-weight weak reference mechanism that this patch also adds (the
3048         WeakReferenceHarvester).  If a cell stored in a ValueProfile bucket
3049         is not marked, then the bucket is transformed into a Structure
3050         pointer.  If the Structure is not marked either, then it is turned
3051         into a ClassInfo pointer.
3052
3053         * JavaScriptCore.xcodeproj/project.pbxproj:
3054         * bytecode/CodeBlock.cpp:
3055         (JSC::CodeBlock::~CodeBlock):
3056         (JSC::CodeBlock::visitAggregate):
3057         (JSC::CodeBlock::visitWeakReferences):
3058         * bytecode/CodeBlock.h:
3059         * bytecode/ValueProfile.h:
3060         (JSC::ValueProfile::ValueProfile):
3061         (JSC::ValueProfile::classInfo):
3062         (JSC::ValueProfile::numberOfInt32s):
3063         (JSC::ValueProfile::numberOfDoubles):
3064         (JSC::ValueProfile::numberOfCells):
3065         (JSC::ValueProfile::numberOfArrays):
3066         (JSC::ValueProfile::probabilityOfArray):
3067         (JSC::ValueProfile::WeakBucket::WeakBucket):
3068         (JSC::ValueProfile::WeakBucket::operator!):
3069         (JSC::ValueProfile::WeakBucket::isEmpty):
3070         (JSC::ValueProfile::WeakBucket::isClassInfo):
3071         (JSC::ValueProfile::WeakBucket::isStructure):
3072         (JSC::ValueProfile::WeakBucket::asStructure):
3073         (JSC::ValueProfile::WeakBucket::asClassInfo):
3074         (JSC::ValueProfile::WeakBucket::getClassInfo):
3075         * heap/Heap.cpp:
3076         (JSC::Heap::harvestWeakReferences):
3077         (JSC::Heap::markRoots):
3078         * heap/Heap.h:
3079         * heap/MarkStack.cpp:
3080         (JSC::SlotVisitor::drain):
3081         (JSC::SlotVisitor::harvestWeakReferences):
3082         * heap/MarkStack.h:
3083         (JSC::MarkStack::addWeakReferenceHarvester):
3084         (JSC::MarkStack::MarkStack):
3085         (JSC::MarkStack::appendUnbarrieredPointer):
3086         * heap/SlotVisitor.h:
3087         * heap/WeakReferenceHarvester.h: Added.
3088         (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
3089         (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
3090
3091 2011-09-02  Michael Saboff  <msaboff@apple.com>
3092
3093         Replace local implementation of string equals() methods with UString versions
3094         https://bugs.webkit.org/show_bug.cgi?id=67342
3095
3096         In preparation to allowing StringImpl to be backed by 8 bit 
3097         characters when appropriate, we need to eliminate or change the
3098         usage of StringImpl::characters(). Change the uses of characters()
3099         that are used to implement redundant equals() methods.
3100
3101         Reviewed by Gavin Barraclough.
3102
3103         * runtime/Identifier.cpp:
3104         (JSC::Identifier::equal):
3105         * runtime/Identifier.h:
3106         (JSC::Identifier::equal):
3107         * wtf/text/AtomicString.cpp:
3108         (WTF::CStringTranslator::equal): Moved an optimized method to here.
3109         (WTF::operator==):
3110         * wtf/text/StringImpl.cpp:
3111         (WTF::equal):
3112         * wtf/text/StringImpl.h:
3113
3114 2011-09-02  Michael Saboff  <msaboff@apple.com>
3115
3116         Add JSC:RegExp functional tests
3117         https://bugs.webkit.org/show_bug.cgi?id=67339
3118
3119         Added new test driver program (testRegExp) and corresponding data file
3120         along with build scripts changes.
3121
3122         Reviewed by Gavin Barraclough.
3123
3124         * JavaScriptCore.exp:
3125         * JavaScriptCore.xcodeproj/project.pbxproj:
3126         * testRegExp.cpp: Added.
3127         (Options::Options):
3128         (StopWatch::start):
3129         (StopWatch::stop):
3130         (StopWatch::getElapsedMS):
3131         (RegExpTest::RegExpTest):
3132         (GlobalObject::create):
3133         (GlobalObject::className):
3134         (GlobalObject::GlobalObject):
3135         (main):
3136         (cleanupGlobalData):
3137         (testOneRegExp):
3138         (scanString):
3139         (parseRegExpLine):
3140         (parseTestLine):
3141         (runFromFiles):
3142         (printUsageStatement):
3143         (parseArguments):
3144         (realMain):
3145         * tests/regexp: Added.
3146         * tests/regexp/RegExpTest.data: Added.
3147
3148 2011-09-02  Michael Saboff  <msaboff@apple.com>
3149
3150         Add JSC:RegExp functional test data generator
3151         https://bugs.webkit.org/show_bug.cgi?id=67519
3152
3153         Add a data generator for regular expressions.  To enable, change the
3154         #undef REGEXP_FUNC_TEST_DATA_GEN to #define.  Then compile and use
3155         regular expressions.  The resulting data will be in /tmp/RegExpTestsData.
3156
3157         Reviewed by Gavin Barraclough.
3158
3159         * runtime/RegExp.cpp:
3160         (JSC::regExpFlags):
3161         (JSC::RegExpFunctionalTestCollector::clearRegExp):
3162         (JSC::RegExpFunctionalTestCollector::get):
3163         (JSC::RegExpFunctionalTestCollector::outputOneTest):
3164         (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
3165         (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
3166         (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
3167         (JSC::RegExp::~RegExp):
3168         (JSC::RegExp::compile):
3169         (JSC::RegExp::match):
3170         (JSC::RegExp::matchCompareWithInterpreter):
3171
3172 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
3173
3174         Fix the broken build due to dtoa patch
3175         https://bugs.webkit.org/show_bug.cgi?id=67534
3176
3177         Reviewed by Oliver Hunt.
3178
3179         Fixing the build.
3180
3181         * GNUmakefile.list.am:
3182         * wtf/dtoa/bignum.cc:
3183         * wtf/dtoa/fast-dtoa.cc:
3184         * wtf/dtoa/utils.h:
3185
3186 2011-09-02  Oliver Hunt  <oliver@apple.com>
3187
3188         Remove OldSpace classes
3189         https://bugs.webkit.org/show_bug.cgi?id=67533
3190
3191         Reviewed by Gavin Barraclough.
3192
3193         Remove the unused OldSpace classes
3194
3195         * CMakeLists.txt:
3196         * GNUmakefile.list.am:
3197         * JavaScriptCore.gypi:
3198         * JavaScriptCore.pro:
3199         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3200         * JavaScriptCore.xcodeproj/project.pbxproj:
3201         * heap/Heap.cpp:
3202         (JSC::Heap::writeBarrierSlowCase):
3203         * heap/MarkedBlock.h:
3204         * heap/OldSpace.cpp: Removed.
3205         * heap/OldSpace.h: Removed.
3206
3207 2011-09-02  James Robinson  <jamesr@chromium.org>
3208
3209         Compile fix for mac build.
3210
3211         * wtf/CheckedArithmetic.h:
3212         (WTF::operator+):
3213         (WTF::operator-):
3214         (WTF::operator*):
3215
3216 2011-08-30  Matthew Delaney  <mdelaney@apple.com>
3217
3218         Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
3219         https://bugs.webkit.org/show_bug.cgi?id=65352
3220
3221         Reviewed by Simon Fraser.
3222
3223         New test: fast/canvas/canvas-getImageData-large-crash.html
3224
3225         This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
3226         calls that specify widths and heights that end up overflowing the ints that we store those values in
3227         as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
3228         arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
3229         is just to add a new helper method described below.
3230
3231         * wtf/MathExtras.h:
3232         (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
3233
3234 2011-09-02  Mark Hahnenberg  <mhahnenberg@apple.com>
3235
3236         Incorporate newer, faster dtoa library
3237         https://bugs.webkit.org/show_bug.cgi?id=66346
3238
3239         Reviewed by Oliver Hunt.
3240
3241         Added new dtoa library at http://code.google.com/p/double-conversion/.
3242         Replaced old call to dtoa.  The new library is much faster than the old one.
3243         We still use the old dtoa for some stuff in WebCore as well as the old strtod, 
3244         but we can phase these out eventually as well.
3245
3246         * GNUmakefile.list.am:
3247         * JavaScriptCore.exp:
3248         * JavaScriptCore.gypi:
3249         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3250         * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
3251         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3252         * JavaScriptCore.xcodeproj/project.pbxproj:
3253         * runtime/InitializeThreading.cpp:
3254         * runtime/NumberPrototype.cpp:
3255         (JSC::numberProtoFuncToExponential):
3256         (JSC::numberProtoFuncToFixed):
3257         (JSC::numberProtoFuncToPrecision):
3258         * runtime/UString.cpp:
3259         (JSC::UString::number):
3260         * wtf/CMakeLists.txt:
3261         * wtf/ThreadingPthreads.cpp:
3262         (WTF::initializeThreading):
3263         * wtf/ThreadingWin.cpp:
3264         (WTF::initializeThreading):
3265         * wtf/dtoa.cpp:
3266         (WTF::dtoa):
3267         * wtf/dtoa.h:
3268         * wtf/dtoa/COPYING: Added.
3269         * wtf/dtoa/LICENSE: Added.
3270         * wtf/dtoa/README: Added.
3271         * wtf/dtoa/bignum-dtoa.cc: Added.
3272         * wtf/dtoa/bignum-dtoa.h: Added.
3273         * wtf/dtoa/bignum.cc: Added.
3274         * wtf/dtoa/bignum.h: Added.
3275         (WTF::double_conversion::Bignum::Times10):
3276         (WTF::double_conversion::Bignum::Equal):
3277         (WTF::double_conversion::Bignum::LessEqual):
3278         (WTF::double_conversion::Bignum::Less):
3279         (WTF::double_conversion::Bignum::PlusEqual):
3280         (WTF::double_conversion::Bignum::PlusLessEqual):
3281         (WTF::double_conversion::Bignum::PlusLess):
3282         (WTF::double_conversion::Bignum::EnsureCapacity):
3283         (WTF::double_conversion::Bignum::BigitLength):
3284         * wtf/dtoa/cached-powers.cc: Added.
3285         * wtf/dtoa/cached-powers.h: Added.
3286         * wtf/dtoa/diy-fp.cc: Added.
3287         * wtf/dtoa/diy-fp.h: Added.
3288         (WTF::double_conversion::DiyFp::DiyFp):
3289         (WTF::double_conversion::DiyFp::Subtract):
3290         (WTF::double_conversion::DiyFp::Minus):
3291         (WTF::double_conversion::DiyFp::Times):
3292         (WTF::double_conversion::DiyFp::Normalize):
3293         (WTF::double_conversion::DiyFp::f):
3294         (WTF::double_conversion::DiyFp::e):
3295         (WTF::double_conversion::DiyFp::set_f):
3296         (WTF::double_conversion::DiyFp::set_e):
3297         * wtf/dtoa/double-conversion.cc: Added.
3298         * wtf/dtoa/double-conversion.h: Added.
3299         (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
3300         (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
3301         * wtf/dtoa/double.h: Added.
3302         (WTF::double_conversion::double_to_uint64):
3303         (WTF::double_conversion::uint64_to_double):
3304         (WTF::double_conversion::Double::Double):
3305         (WTF::double_conversion::Double::AsDiyFp):
3306         (WTF::double_conversion::Double::AsNormalizedDiyFp):
3307         (WTF::double_conversion::Double::AsUint64):
3308         (WTF::double_conversion::Double::NextDouble):
3309         (WTF::double_conversion::Double::Exponent):
3310         (WTF::double_conversion::Double::Significand):
3311         (WTF::double_conversion::Double::IsDenormal):
3312         (WTF::double_conversion::Double::IsSpecial):
3313         (WTF::double_conversion::Double::IsNan):
3314         (WTF::double_conversion::Double::IsInfinite):
3315         (WTF::double_conversion::Double::Sign):
3316         (WTF::double_conversion::Double::UpperBoundary):
3317         (WTF::double_conversion::Double::NormalizedBoundaries):
3318         (WTF::double_conversion::Double::value):
3319         (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
3320         (WTF::double_conversion::Double::Infinity):
3321         (WTF::double_conversion::Double::NaN):
3322         (WTF::double_conversion::Double::DiyFpToUint64):
3323         * wtf/dtoa/fast-dtoa.cc: Added.
3324         * wtf/dtoa/fast-dtoa.h: Added.
3325         * wtf/dtoa/fixed-dtoa.cc: Added.
3326         * wtf/dtoa/fixed-dtoa.h: Added.
3327         * wtf/dtoa/strtod.cc: Added.
3328         * wtf/dtoa/strtod.h: Added.
3329         * wtf/dtoa/utils.h: Added.
3330         (WTF::double_conversion::Max):
3331         (WTF::double_conversion::Min):
3332         (WTF::double_conversion::StrLength):
3333         (WTF::double_conversion::Vector::Vector):
3334         (WTF::double_conversion::Vector::SubVector):
3335         (WTF::double_conversion::Vector::length):
3336         (WTF::double_conversion::Vector::is_empty):
3337         (WTF::double_conversion::Vector::start):
3338         (WTF::double_conversion::Vector::operator[]):
3339         (WTF::double_conversion::Vector::first):
3340         (WTF::double_conversion::Vector::last):
3341         (WTF::double_conversion::StringBuilder::StringBuilder):
3342         (WTF::double_conversion::StringBuilder::~StringBuilder):
3343         (WTF::double_conversion::StringBuilder::size):
3344         (WTF::double_conversion::StringBuilder::position):
3345         (WTF::double_conversion::StringBuilder::Reset):
3346         (WTF::double_conversion::StringBuilder::AddCharacter):
3347         (WTF::double_conversion::StringBuilder::AddString):
3348         (WTF::double_conversion::StringBuilder::AddSubstring):
3349         (WTF::double_conversion::StringBuilder::AddPadding):
3350         (WTF::double_conversion::StringBuilder::Finalize):
3351         (WTF::double_conversion::StringBuilder::is_finalized):
3352         (WTF::double_conversion::BitCast):
3353         * wtf/wtf.pri:
3354
3355 2011-09-02  Filip Pizlo  <fpizlo@apple.com>
3356
3357         DFG graph has no way of distinguishing or reconciling between static
3358         and dynamic predictions
3359         https://bugs.webkit.org/show_bug.cgi?id=67343
3360
3361         Reviewed by Gavin Barraclough.
3362         
3363         PredictedType now stores the source of the prediction.  Merging predictions,
3364         which was previously done with a bitwise or, is now done via the
3365         mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
3366         functions, which correctly handle combinations of static and dynamic.
3367         
3368         This is performance-neutral, since all predictions are currently static and
3369         so the code has no visible effects.
3370
3371         * dfg/DFGByteCodeParser.cpp:
3372         (JSC::DFG::ByteCodeParser::set):
3373         (JSC::DFG::ByteCodeParser::staticallyPredictArray):
3374         (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
3375         (JSC::DFG::ByteCodeParser::parseBlock):
3376         * dfg/DFGGraph.h:
3377         (JSC::DFG::Graph::predict):
3378         (JSC::DFG::Graph::predictGlobalVar):
3379         * dfg/DFGNode.h:
3380         (JSC::DFG::isArrayPrediction):
3381         (JSC::DFG::isInt32Prediction):
3382         (JSC::DFG::isDoublePrediction):
3383         (JSC::DFG::isDynamicPrediction):
3384         (JSC::DFG::mergePredictions):
3385         (JSC::DFG::mergePrediction):
3386         (JSC::DFG::makePrediction):
3387         (JSC::DFG::Node::predict):
3388
3389 2011-09-02  Oliver Hunt  <oliver@apple.com>
3390
3391         Fix 32bit build.
3392
3393         * heap/NewSpace.h:
3394         (JSC::NewSpace::allocatePropertyStorage):
3395         (JSC::NewSpace::inPropertyStorageNursery):
3396
3397 2011-09-02  Oliver Hunt  <oliver@apple.com>
3398
3399         Use bump allocator for initial property storage
3400         https://bugs.webkit.org/show_bug.cgi?id=67494
3401
3402         Reviewed by Gavin Barraclough.
3403
3404         Switch to a bump allocator for the initial out of line
3405         property storage.  This gives us slightly faster allocation
3406         for short lived objects that need out of line storage at
3407         the cost of an additional memcpy when the object survives
3408         a GC pass.
3409
3410         No performance impact.
3411
3412         * JavaScriptCore.exp:
3413         * heap/Heap.cpp:
3414         (JSC::Heap::collect):
3415         * heap/Heap.h:
3416         (JSC::Heap::allocatePropertyStorage):
3417         (JSC::Heap::inPropertyStorageNursary):
3418         * heap/NewSpace.cpp:
3419         (JSC::NewSpace::NewSpace):
3420         * heap/NewSpace.h:
3421         (JSC::NewSpace::resetPropertyStorageNursary):
3422         (JSC::NewSpace::allocatePropertyStorage):
3423         (JSC::NewSpace::inPropertyStorageNursary):
3424         * jit/JITStubs.cpp:
3425         (JSC::DEFINE_STUB_FUNCTION):
3426         * runtime/JSObject.cpp:
3427         (JSC::JSObject::allocatePropertyStorage):
3428         * runtime/JSObject.h:
3429         (JSC::JSObject::~JSObject):
3430         (JSC::JSObject::putDirectInternal):
3431         (JSC::JSObject::putDirectWithoutTransition):
3432         (JSC::JSObject::putDirectFunctionWithoutTransition):
3433         (JSC::JSObject::transitionTo):
3434         (JSC::JSObject::visitChildrenDirect):
3435
3436 2011-09-01  Mark Rowe  <mrowe@apple.com>
3437
3438         Fix the build.
3439
3440         * JavaScriptCore.JSVALUE32_64only.exp:
3441         * JavaScriptCore.JSVALUE64only.exp:
3442         * JavaScriptCore.exp:
3443
3444 2011-09-01  Mark Hahnenberg  <mhahnenberg@apple.com>
3445
3446         Unzip initialization lists and constructors in JSCell hierarchy (4/7)
3447         https://bugs.webkit.org/show_bug.cgi?id=67174
3448
3449         Reviewed by Oliver Hunt.
3450
3451         Completed the fourth level of the refactoring to add finishCreation() 
3452         methods to all classes within the JSCell hierarchy with non-trivial 
3453         constructor bodies.
3454
3455         This primarily consists of pushing the calls to finishCreation() down 
3456         into the constructors of the subclasses of the second level of the hierarchy 
3457         as well as pulling the finishCreation() calls out into the class's corresponding
3458         create() method if it has one.  Doing both simultaneously allows us to 
3459         maintain the invariant that the finishCreation() method chain is called exactly 
3460         once during the creation of an object, since calling it any other number of 
3461         times (0, 2, or more) will cause an assertion failure.
3462
3463         * API/JSCallbackConstructor.cpp:
3464         (JSC::JSCallbackConstructor::JSCallbackConstructor):
3465         (JSC::JSCallbackConstructor::finishCreation):
3466         * API/JSCallbackConstructor.h:
3467         * API/JSCallbackObject.h:
3468         (JSC::JSCallbackObject::create):
3469         * API/JSCallbackObjectFunctions.h:
3470         (JSC::::JSCallbackObject):
3471         (JSC::::finishCreation):
3472         * JavaScriptCore.JSVALUE64only.exp:
3473         * JavaScriptCore.exp:
3474         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3475         * debugger/DebuggerActivation.cpp:
3476         (JSC::DebuggerActivation::DebuggerActivation):
3477         (JSC::DebuggerActivation::create):
3478         * debugger/DebuggerActivation.h:
3479         * runtime/Arguments.h:
3480         (JSC::Arguments::create):
3481         (JSC::Arguments::createNoParameters):
3482         (JSC::Arguments::Arguments):
3483         * runtime/ArrayPrototype.cpp:
3484         (JSC::ArrayPrototype::ArrayPrototype):
3485         (JSC::ArrayPrototype::finishCreation):
3486         * runtime/ArrayPrototype.h:
3487         * runtime/BooleanObject.cpp:
3488         (JSC::BooleanObject::BooleanObject):
3489         (JSC::BooleanObject::finishCreation):
3490         * runtime/BooleanObject.h:
3491         * runtime/DateInstance.cpp:
3492         (JSC::DateInstance::DateInstance):
3493         (JSC::DateInstance::finishCreation):
3494         * runtime/DateInstance.h:
3495         * runtime/ErrorInstance.cpp:
3496         (JSC::ErrorInstance::ErrorInstance):
3497         * runtime/ErrorInstance.h:
3498         (JSC::ErrorInstance::create):
3499         * runtime/ErrorPrototype.cpp:
3500         (JSC::ErrorPrototype::ErrorPrototype):
3501         (JSC::ErrorPrototype::finishCreation):
3502         * runtime/ErrorPrototype.h:
3503         * runtime/ExceptionHelpers.cpp:
3504         (JSC::InterruptedExecutionError::InterruptedExecutionError):
3505         (JSC::InterruptedExecutionError::create):
3506         (JSC::TerminatedExecutionError::TerminatedExecutionError):
3507         (JSC::TerminatedExecutionError::create):
3508         * runtime/Executable.cpp:
3509         (JSC::EvalExecutable::EvalExecutable):
3510         (JSC::ProgramExecutable::ProgramExecutable):
3511         (JSC::FunctionExecutable::FunctionExecutable):
3512         * runtime/Executable.h:
3513         (JSC::NativeExecutable::create):
3514         (JSC::NativeExecutable::NativeExecutable):
3515         (JSC::EvalExecutable::create):
3516         (JSC::ProgramExecutable::create):
3517         (JSC::FunctionExecutable::create):
3518         * runtime/InternalFunction.cpp:
3519         (JSC::InternalFunction::InternalFunction):
3520         (JSC::InternalFunction::finishCreation):
3521         * runtime/InternalFunction.h:
3522         * runtime/JSActivation.cpp:
3523         (JSC::JSActivation::JSActivation):
3524         (JSC::JSActivation::finishCreation):
3525         * runtime/JSActivation.h:
3526         * runtime/JSArray.cpp:
3527         (JSC::JSArray::JSArray):
3528         * runtime/JSArray.h:
3529         (JSC::JSArray::create):
3530         * runtime/JSByteArray.cpp:
3531         (JSC::JSByteArray::JSByteArray):
3532         * runtime/JSByteArray.h:
3533         (JSC::JSByteArray::create):
3534         * runtime/JSFunction.cpp:
3535         (JSC::JSFunction::JSFunction):
3536         (JSC::JSFunction::finishCreation):
3537         * runtime/JSFunction.h:
3538         (JSC::JSFunction::create):
3539         * runtime/JSGlobalObject.h:
3540         (JSC::JSGlobalObject::JSGlobalObject):
3541         (JSC::JSGlobalObject::finishCreation):
3542         * runtime/JSNotAnObject.h:
3543         (JSC::JSNotAnObject::JSNotAnObject):
3544         (JSC::JSNotAnObject::create):
3545         * runtime/JSONObject.cpp:
3546         (JSC::JSONObject::JSONObject):
3547         (JSC::JSONObject::finishCreation):
3548         * runtime/JSONObject.h:
3549         * runtime/JSObjectWithGlobalObject.cpp:
3550         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
3551         * runtime/JSObjectWithGlobalObject.h:
3552         * runtime/JSStaticScopeObject.h:
3553         (JSC::JSStaticScopeObject::create):
3554         (JSC::JSStaticScopeObject::finishCreation):
3555         (JSC::JSStaticScopeObject::JSStaticScopeObject):
3556         * runtime/JSVariableObject.h:
3557         (JSC::JSVariableObject::JSVariableObject):
3558         * runtime/JSWrapperObject.h:
3559         (JSC::JSWrapperObject::JSWrapperObject):
3560         * runtime/MathObject.cpp:
3561         (JSC::MathObject::MathObject):
3562         (JSC::MathObject::finishCreation):
3563         * runtime/MathObject.h:
3564         * runtime/NumberObject.cpp:
3565         (JSC::NumberObject::NumberObject):
3566         (JSC::NumberObject::finishCreation):
3567         * runtime/NumberObject.h:
3568         * runtime/ObjectPrototype.cpp:
3569         (JSC::ObjectPrototype::ObjectPrototype):
3570         * runtime/ObjectPrototype.h:
3571         (JSC::ObjectPrototype::create):
3572         * runtime/RegExpConstructor.cpp:
3573         (JSC::RegExpMatchesArray::RegExpMatchesArray):
3574         (JSC::RegExpMatchesArray::finishCreation):
3575         * runtime/RegExpMatchesArray.h:
3576         * runtime/RegExpObject.cpp:
3577         (JSC::RegExpObject::RegExpObject):
3578         (JSC::RegExpObject::finishCreation):
3579         * runtime/RegExpObject.h:
3580         * runtime/StrictEvalActivation.cpp:
3581         (JSC::StrictEvalActivation::StrictEvalActivation):
3582         * runtime/StrictEvalActivation.h:
3583         (JSC::StrictEvalActivation::create):
3584         * runtime/StringObject.cpp:
3585         (JSC::StringObject::StringObject):
3586         (JSC::StringObject::finishCreation):
3587         * runtime/StringObject.h:
3588
3589 2011-09-01  Daniel Bates  <dbates@rim.com>
3590
3591         QNX GCC distribution doesn't support vasprintf()
3592         https://bugs.webkit.org/show_bug.cgi?id=67423
3593
3594         Reviewed by Antonio Gomes.
3595
3596         * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
3597
3598 2011-09-01  Michael Saboff  <msaboff@apple.com>
3599
3600         Remove simple usage of UString::characters() from JavaScriptCore
3601         https://bugs.webkit.org/show_bug.cgi?id=67340
3602
3603         In preparation to allowing StringImpl to be backed by 8 bit 
3604         characters when appropriate, we need to eliminate or change the
3605         usage of StringImpl::characters().  Most of the changes below
3606         change s->characters()[0] to s[0].
3607
3608         Reviewed by Geoffrey Garen.
3609
3610         * bytecompiler/BytecodeGenerator.cpp:
3611         (JSC::keyForCharacterSwitch):
3612         * bytecompiler/NodesCodegen.cpp:
3613         (JSC::processClauseList):
3614         * interpreter/Interpreter.cpp:
3615         (JSC::Interpreter::privateExecute):
3616         * jit/JITStubs.cpp:
3617         (JSC::DEFINE_STUB_FUNCTION):
3618         * runtime/Identifier.cpp:
3619         (JSC::Identifier::addSlowCase):
3620         * runtime/JSGlobalObjectFunctions.cpp:
3621         (JSC::jsToNumber):
3622         (JSC::parseFloat):
3623         * runtime/JSString.cpp:
3624         (JSC::JSString::substringFromRope):
3625         * runtime/JSString.h:
3626         (JSC::jsSingleCharacterSubstring):
3627         (JSC::jsString):
3628         (JSC::jsSubstring):
3629         (JSC::jsOwnedString):
3630         * runtime/RegExp.cpp:
3631         (JSC::regExpFlags):
3632         * wtf/text/StringBuilder.h:
3633         (WTF::StringBuilder::operator[]):
3634
3635 2011-09-01  Ada Chan  <adachan@apple.com>
3636
3637         Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
3638
3639         Reviewed by Darin Adler.
3640
3641         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3642
3643 2011-09-01  Hao Zheng  <zhenghao@chromium.org>
3644
3645         Define PTHREAD_KEYS_MAX to fix Android port build.
3646         https://bugs.webkit.org/show_bug.cgi?id=67362
3647
3648         Reviewed by Adam Barth.
3649
3650         PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
3651
3652         * wtf/ThreadIdentifierDataPthreads.cpp:
3653
3654 2011-08-31  Oliver Hunt  <oliver@apple.com>
3655
3656         Fix build.
3657
3658         * wtf/CheckedArithmetic.h:
3659         (WTF::Checked::Checked):
3660         (WTF::Checked::operator=):
3661
3662 2011-08-31  Oliver Hunt  <oliver@apple.com>
3663
3664         fast/regex/overflow.html asserts in debug builds
3665         https://bugs.webkit.org/show_bug.cgi?id=67326
3666
3667         Reviewed by Gavin Barraclough.
3668
3669         The deliberate overflows in these expressions don't interact nicely
3670         with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
3671         intermediate calculations.
3672
3673         * yarr/YarrJIT.cpp:
3674         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
3675         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
3676
3677 2011-08-31  Jeff Miller  <jeffm@apple.com>
3678
3679         REGRESSION(92210): AVFoundation media engine is disabled on OS X
3680         https://bugs.webkit.org/show_bug.cgi?id=67316
3681
3682         Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
3683         since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
3684         changes that were made in r92210.
3685
3686         Reviewed by Darin Adler.
3687
3688         * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
3689
3690 2011-08-31  Peter Beverloo  <peter@chromium.org>
3691
3692         Add Android's platform specification and the right atomic functions.
3693         https://bugs.webkit.org/show_bug.cgi?id=66687
3694
3695         Reviewed by Adam Barth.
3696
3697         * wtf/Atomics.h:
3698         (WTF::atomicIncrement):
3699         (WTF::atomicDecrement):
3700         * wtf/Platform.h:
3701
3702 2011-08-30  Oliver Hunt  <oliver@apple.com>
3703
3704         Add support for checked arithmetic
3705         https://bugs.webkit.org/show_bug.cgi?id=67095
3706
3707         Reviewed by Sam Weinig.
3708
3709         Add a checked arithmetic class Checked<T> that provides overflow-safe
3710         arithmetic over all integral types.  Checked<T> supports addition, subtraction
3711         and multiplication, along with "bool" conversions and equality operators.
3712
3713         Checked<> can be used in either CRASH() on overflow or delayed failure modes,
3714         although the default is to CRASH().
3715
3716         To ensure the code is actually in use (rather than checking in dead code) I've
3717         made a couple of properties in YARR use Checked<int> and Checked<unsigned>
3718         instead of raw value arithmetic.  This has resulted in a moderate set of changes,
3719         to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
3720         to unsigned for some uses of sizeof, as Checked<> currently does not support
3721         mixed signed-ness of types wider that 32 bits.
3722
3723         Happily the increased type safety of Checked<> means that it's not possible to
3724         accidentally assign away precision, nor accidentally call integer overload of
3725         a function instead of the bool version.
3726
3727         No measurable regression in performance, and SunSpider claims this patch to be
3728         a progression of 0.3%.
3729
3730         * GNUmakefile.list.am:
3731         * JavaScriptCore.gypi:
3732         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
3733         * JavaScriptCore.xcodeproj/project.pbxproj:
3734         * wtf/CheckedArithmetic.h: Added.
3735         (WTF::CrashOnOverflow::overflowed):
3736         (WTF::CrashOnOverflow::clearOverflow):
3737         (WTF::CrashOnOverflow::hasOverflowed):
3738         (WTF::RecordOverflow::RecordOverflow):
3739         (WTF::RecordOverflow::overflowed):
3740         (WTF::RecordOverflow::clearOverflow):
3741         (WTF::RecordOverflow::hasOverflowed):
3742         (WTF::isInBounds):
3743         (WTF::safeAdd):
3744         (WTF::safeSub):
3745         (WTF::safeMultiply):
3746         (WTF::safeEquals):
3747         (WTF::workAroundClangBug):
3748         (WTF::Checked::Checked):
3749         (WTF::Checked::operator=):
3750         (WTF::Checked::operator++):
3751         (WTF::Checked::operator--):
3752         (WTF::Checked::operator!):
3753         (WTF::Checked::operator UnspecifiedBoolType*):
3754         (WTF::Checked::get):
3755         (WTF::Checked::operator+=):
3756         (WTF::Checked::operator-=):
3757         (WTF::Checked::operator*=):
3758         (WTF::Checked::operator==):
3759         (WTF::Checked::operator!=):
3760         (WTF::operator+):
3761         (WTF::operator-):
3762         (WTF::operator*):
3763         * yarr/YarrInterpreter.cpp:
3764         (JSC::Yarr::ByteCompiler::atomPatternCharacter):
3765         (JSC::Yarr::ByteCompiler::atomCharacterClass):
3766         (JSC::Yarr::ByteCompiler::atomBackReference):
3767         (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
3768         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
3769         (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
3770         (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
3771         * yarr/YarrInterpreter.h:
3772         (JSC::Yarr::ByteTerm::ByteTerm):
3773         (JSC::Yarr::ByteTerm::CheckInput):
3774         (JSC::Yarr::ByteTerm::UncheckInput):
3775         * yarr/YarrJIT.cpp:
3776         (JSC::Yarr::YarrGenerator::generateAssertionEOL):
3777         (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
3778         (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
3779         (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
3780         (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
3781         (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
3782         (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
3783         (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
3784         * yarr/YarrPattern.cpp:
3785         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
3786         * yarr/YarrPattern.h:
3787
3788 2011-08-31  Andrei Popescu  <andreip@google.com>
3789
3790         Investigate current uses of OS(ANDROID)
3791         https://bugs.webkit.org/show_bug.cgi?id=66761
3792
3793         Unreviewed, build fix for ARM platforms.
3794
3795         * wtf/Platform.h:
3796
3797 2011-08-31  Andrei Popescu  <andreip@google.com>
3798
3799         Investigate current uses of OS(ANDROID)
3800         https://bugs.webkit.org/show_bug.cgi?id=66761
3801
3802         Reviewed by Darin Adler.
3803
3804         Remove the last legacy Android code.
3805
3806         No new tests needed as the code wasn't tested in the first place.
3807
3808         * wtf/Atomics.h:
3809         * wtf/Platform.h:
3810         * wtf/ThreadingPthreads.cpp:
3811         (WTF::createThreadInternal):
3812
3813 2011-08-30  Aaron Colwell  <acolwell@chromium.org>
3814
3815         Add MediaSource API to HTMLMediaElement
3816         https://bugs.webkit.org/show_bug.cgi?id=64731
3817
3818         Reviewed by Eric Carlson.
3819
3820         * Configurations/FeatureDefines.xcconfig:
3821
3822 2011-08-30  Oliver Hunt  <oliver@apple.com>
3823
3824         TypedArrays don't ensure that denormalised values are normalised
3825         https://bugs.webkit.org/show_bug.cgi?id=67178
3826
3827         Reviewed by Gavin Barraclough.
3828
3829         Add a couple of assertions to jsNumber() to ensure that
3830         we block signaling NaNs
3831
3832         * runtime/JSValue.h:
3833         (JSC::jsDoubleNumber):
3834         (JSC::jsNumber):
3835
3836 2011-08-30  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
3837
3838         [Qt] Do not unconditionally use pkg-config in .pro files
3839         https://bugs.webkit.org/show_bug.cgi?id=67055
3840
3841         Reviewed by Andreas Kling.
3842
3843         Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
3844
3845         Using the first pkg-config in PATH is prone to errors when cross
3846         compiling inside the Qt repository (using Qt's build-system).
3847
3848         This patch protect calls for pkg-config with
3849         !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
3850         QT_CONFIG by Qt's 'configure' when cross-compiling on systems
3851         without pkg-config.
3852
3853         The respective change in Qt's configure has been submited already.
3854
3855         No new tests as this is just a build change.
3856
3857         * wtf/wtf.pri: protect pkg-config calls
3858
3859 2011-08-29  Daniel Bates  <dbates@webkit.org>
3860
3861         Add HAVE(VASPRINTF) macro to test for vasprintf() support
3862         https://bugs.webkit.org/show_bug.cgi?id=67156
3863
3864         Reviewed by Darin Adler.
3865
3866         Encapsulate testing of vasprintf() support in a HAVE macro
3867         instead of hardcoding the list of supported/unsupported
3868         compilers at the call site.
3869
3870         * wtf/Platform.h:
3871
3872 2011-08-29  Mark Hahnenberg  <mhahnenberg@apple.com>
3873
3874         Unzip initialization lists and constructors in JSCell hierarchy (3/7)
3875         https://bugs.webkit.org/show_bug.cgi?id=67064
3876
3877         Reviewed by Darin Adler.
3878
3879         Completed the third level of the refactoring to add finishCreation() 
3880         methods to all classes within the JSCell hierarchy with non-trivial 
3881         constructor bodies.
3882
3883         This primarily consists of pushing the calls to finishCreation() down 
3884         into the constructors of the subclasses of the second level of the hierarchy 
3885         as well as pulling the finishCreation() calls out into the class's corresponding
3886         create() method if it has one.  Doing both simultaneously allows us to 
3887         maintain the invariant that the finishCreation() method chain is called exactly 
3888         once during the creation of an object, since calling it any other number of 
3889         times (0, 2, or more) will cause an assertion failure.
3890
3891         * debugger/DebuggerActivation.cpp:
3892         (JSC::DebuggerActivation::DebuggerActivation):
3893         (JSC::DebuggerActivation::finishCreation):
3894         * debugger/DebuggerActivation.h:
3895         (JSC::DebuggerActivation::create):
3896         * runtime/Arguments.h:
3897         (JSC::Arguments::create):
3898         (JSC::Arguments::createNoParameters):
3899         (JSC::Arguments::Arguments):
3900         (JSC::Arguments::finishCreation):
3901         * runtime/ErrorInstance.cpp:
3902         (JSC::ErrorInstance::ErrorInstance):
3903         * runtime/ErrorInstance.h:
3904         (JSC::ErrorInstance::finishCreation):
3905         * runtime/ExceptionHelpers.cpp:
3906         (JSC::InterruptedExecutionError::InterruptedExecutionError):
3907         (JSC::TerminatedExecutionError::TerminatedExecutionError):
3908         * runtime/Executable.cpp:
3909         (JSC::EvalExecutable::EvalExecutable):
3910         (JSC::ProgramExecutable::ProgramExecutable):
3911         (JSC::FunctionExecutable::FunctionExecutable):
3912         Moved the assignment of m_firstLine and m_lastLine into the 
3913         FunctionExecutable::finishCreation() method in Executable.h
3914         * runtime/Executable.h:
3915         (JSC::ScriptExecutable::ScriptExecutable):
3916         (JSC::EvalExecutable::create):
3917         (JSC::ProgramExecutable::create):
3918         (JSC::FunctionExecutable::create):
3919         (JSC::FunctionExecutable::finishCreation):
3920         * runtime/JSArray.cpp:
3921         (JSC::JSArray::JSArray):
3922         (JSC::JSArray::finishCreation):
3923         * runtime/JSArray.h:
3924         * runtime/JSByteArray.cpp:
3925         (JSC::JSByteArray::JSByteArray):
3926         * runtime/JSByteArray.h:
3927         (JSC::JSByteArray::finishCreation):
3928         * runtime/JSNotAnObject.h:
3929         (JSC::JSNotAnObject::JSNotAnObject):
3930         * runtime/JSObject.h:
3931         (JSC::JSNonFinalObject::JSNonFinalObject):
3932         * runtime/JSObjectWithGlobalObject.cpp:
3933         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
3934         (JSC::JSObjectWithGlobalObject::finishCreation):
3935         * runtime/JSObjectWithGlobalObject.h:
3936         * runtime/JSVariableObject.h:
3937         (JSC::JSVariableObject::JSVariableObject):
3938         (JSC::JSVariableObject::finishCreation):
3939         * runtime/JSWrapperObject.h:
3940         (JSC::JSWrapperObject::JSWrapperObject):
3941         * runtime/ObjectPrototype.cpp:
3942         (JSC::ObjectPrototype::ObjectPrototype):
3943         (JSC::ObjectPrototype::finishCreation):
3944         * runtime/ObjectPrototype.h:
3945         * runtime/StrictEvalActivation.cpp:
3946         (JSC::StrictEvalActivation::StrictEvalActivation):
3947
3948 2011-08-29  Andreas Kling  <kling@webkit.org>
3949
3950         Unreviewed build fix after r93990.
3951
3952         * wtf/HashTable.h:
3953
3954 2011-08-29  Andreas Kling  <kling@webkit.org>
3955
3956         Viewing a post on reddit.com wastes a lot of memory on event listeners.
3957         https://bugs.webkit.org/show_bug.cgi?id=67133
3958
3959         Reviewed by Darin Adler.
3960
3961         Add a minimum table size to the HashTraits, instead of having it hard coded.
3962         The default value remains at 64, but can now be specialized.
3963
3964         * runtime/StructureTransitionTable.h:
3965         * wtf/HashTable.h:
3966         (WTF::HashTable::shouldShrink):
3967         (WTF::::expand):
3968         (WTF::::checkTableConsistencyExceptSize):
3969         * wtf/HashTraits.h:
3970
3971 2011-08-28  Jonathan Liu  <net147@gmail.com>
3972
3973         Fix build error when compiling with MinGW-w64 by disabling JIT
3974         on Windows 64-bit
3975         https://bugs.webkit.org/show_bug.cgi?id=61235
3976
3977         Reviewed by Gavin Barraclough.
3978
3979         The fixed mmap executable allocator for JIT on x86_64 requires
3980         sys/mman.h which is not available on Windows.
3981
3982         * wtf/Platform.h:
3983
3984 2011-08-27  Filip Pizlo  <fpizlo@apple.com>
3985
3986         JSC::Executable is inconsistent about using weak handle finalizers
3987         and destructors for releasing memory
3988         https://bugs.webkit.org/show_bug.cgi?id=67072
3989
3990         Reviewed by Darin Adler.
3991         
3992         Moved more of the destruction of Executable state into the finalizer,
3993         which also resulted in an opportunity to mostly combine this with
3994         discardCode().  This also means that the finalizer is now enabled even
3995         when the JIT is turned off.  This is performance neutral on SunSpider,
3996         V8, and Kraken.
3997
3998         * runtime/Executable.cpp:
3999         (JSC::ExecutableBase::clearCode):
4000         (JSC::ExecutableFinalizer::finalize):
4001         (JSC::EvalExecutable::clearCode):
4002         (JSC::ProgramExecutable::clearCode):
4003         (JSC::FunctionExecutable::discardCode):
4004         (JSC::FunctionExecutable::clearCode):
4005         * runtime/Executable.h:
4006         (JSC::ExecutableBase::finishCreation):
4007
4008 2011-08-26  Gavin Barraclough  <barraclough@apple.com>
4009
4010         DFG JIT - ArithMod may clobber operands.
4011         https://bugs.webkit.org/show_bug.cgi?id=67085
4012
4013         Reviewed by Sam Weinig.
4014
4015         unboxDouble must be called on a temporary.
4016
4017         * dfg/DFGJITCodeGenerator.cpp:
4018         (JSC::DFG::JITCodeGenerator::fillDouble):
4019         * dfg/DFGJITCodeGenerator.h:
4020         (JSC::DFG::JITCodeGenerator::boxDouble):
4021         * dfg/DFGNonSpeculativeJIT.cpp:
4022         (JSC::DFG::NonSpeculativeJIT::compile):
4023         * dfg/DFGSpeculativeJIT.cpp:
4024         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
4025
4026 2011-08-26  Mark Hahnenberg  <mhahnenberg@apple.com>
4027
4028         Unzip initialization lists and constructors in JSCell hierarchy (2/7)
4029         https://bugs.webkit.org/show_bug.cgi?id=66957
4030
4031         Reviewed by Darin Adler.
4032
4033         Completed the second level of the refactoring to add finishCreation()
4034         methods to all classes within the JSCell hierarchy with non-trivial 
4035         constructor bodies.
4036
4037         * runtime/Executable.h:
4038         (JSC::ExecutableBase::ExecutableBase):
4039         (JSC::ExecutableBase::create):
4040         (JSC::NativeExecutable::create):
4041         (JSC::NativeExecutable::finishCreation):
4042         (JSC::NativeExecutable::NativeExecutable):
4043         (JSC::ScriptExecutable::ScriptExecutable):
4044         (JSC::ScriptExecutable::finishCreation):
4045         * runtime/GetterSetter.h:
4046         (JSC::GetterSetter::GetterSetter):
4047         (JSC::GetterSetter::create):
4048         * runtime/JSAPIValueWrapper.h:
4049         (JSC::JSAPIValueWrapper::create):
4050         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
4051         * runtime/JSObject.h:
4052         (JSC::JSNonFinalObject::JSNonFinalObject):
4053         (JSC::JSNonFinalObject::finishCreation):
4054         (JSC::JSFinalObject::create):
4055         (JSC::JSFinalObject::finishCreation):
4056         (JSC::JSFinalObject::JSFinalObject):
4057         (JSC::JSObject::JSObject):
4058         * runtime/JSPropertyNameIterator.cpp:
4059         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
4060         (JSC::JSPropertyNameIterator::create):
4061         * runtime/JSPropertyNameIterator.h:
4062         (JSC::JSPropertyNameIterator::create):
4063         * runtime/RegExp.cpp:
4064         (JSC::RegExp::RegExp):
4065         (JSC::RegExp::createWithoutCaching):
4066         * runtime/ScopeChain.h:
4067         (JSC::ScopeChainNode::ScopeChainNode):
4068         (JSC::ScopeChainNode::create):
4069         * runtime/Structure.cpp:
4070         (JSC::Structure::Structure):
4071         * runtime/Structure.h:
4072         (JSC::Structure::create):
4073         (JSC::Structure::finishCreation):
4074         (JSC::Structure::createStructure):
4075         * runtime/StructureChain.cpp:
4076         (JSC::StructureChain::StructureChain):
4077         * runtime/StructureChain.h:
4078         (JSC::StructureChain::create):
4079
4080 2011-08-26  Filip Pizlo  <fpizlo@apple.com>
4081
4082         The GC does not have a facility for profiling the kinds of objects
4083         that occupy the heap
4084         https://bugs.webkit.org/show_bug.cgi?id=66849
4085
4086         Reviewed by Geoffrey Garen.
4087         
4088         Destructor calls and object scans are now optionally counted, per
4089         vtable. When the heap is destroyed and profiling is enabled, the
4090         counts are dumped, with care taken to print the names of classes
4091         (modulo C++ mangling) sorted in descending commonality.
4092
4093         * GNUmakefile.list.am:
4094         * JavaScriptCore.exp:
4095         * JavaScriptCore.pro:
4096         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
4097         * JavaScriptCore.xcodeproj/project.pbxproj:
4098         * heap/Heap.cpp:
4099         (JSC::Heap::destroy):
4100         * heap/Heap.h:
4101         * heap/MarkStack.cpp:
4102         (JSC::SlotVisitor::visitChildren):
4103         (JSC::SlotVisitor::drain):
4104         * heap/MarkStack.h:
4105         * heap/MarkedBlock.cpp:
4106         (JSC::MarkedBlock::callDestructor):
4107         * heap/MarkedBlock.h:
4108         * heap/VTableSpectrum.cpp: Added.
4109         (JSC::VTableSpectrum::VTableSpectrum):
4110         (JSC::VTableSpectrum::~VTableSpectrum):
4111         (JSC::VTableSpectrum::countVPtr):
4112         (JSC::VTableSpectrum::count):
4113         (JSC::VTableAndCount::VTableAndCount):