Use bloom filter for descendant selector filtering
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2011-02-06  Antti Koivisto  <antti@apple.com>
2
3         Reviewed by Maciej Stachowiak.
4
5         Use bloom filter for descendant selector filtering
6         https://bugs.webkit.org/show_bug.cgi?id=53880
7         
8         Implement a bloom filter with k=2 and 8 bit counting.
9
10         * GNUmakefile.am:
11         * JavaScriptCore.gypi:
12         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
13         * JavaScriptCore.xcodeproj/project.pbxproj:
14         * wtf/BloomFilter.h: Added.
15         (WTF::BloomFilter::maximumCount):
16         (WTF::BloomFilter::BloomFilter):
17         (WTF::BloomFilter::mayContain):
18         (WTF::BloomFilter::add):
19         (WTF::BloomFilter::remove):
20         (WTF::BloomFilter::firstSlot):
21         (WTF::BloomFilter::secondSlot):
22         (WTF::::add):
23         (WTF::::remove):
24         (WTF::::clear):
25         (WTF::::likelyEmpty):
26         (WTF::::isClear):
27
28 2011-02-04  Geoffrey Garen  <ggaren@apple.com>
29
30         Reviewed by Oliver Hunt.
31
32         Rolled back in r77612 with ASSERT/crash fixed.
33         https://bugs.webkit.org/show_bug.cgi?id=53759
34         
35         Don't shrink the heap to 0 unconditionally. Instead, shrink to 1 if
36         necessary. For now, the heap assumes that it always has at least one
37         block live.
38
39         * runtime/Heap.cpp:
40         (JSC::Heap::Heap):
41         (JSC::Heap::reset):
42         * runtime/Heap.h:
43         * runtime/MarkedSpace.cpp:
44         (JSC::MarkedSpace::allocate):
45         (JSC::MarkedSpace::shrinkBlocks):
46         (JSC::MarkedSpace::sweep):
47         (JSC::MarkedSpace::reset):
48         * runtime/MarkedSpace.h:
49         (JSC::MarkedSpace::highWaterMark):
50         (JSC::MarkedSpace::setHighWaterMark):
51
52 2011-02-04  David Kilzer  <ddkilzer@apple.com>
53
54         BUILD FIX: REALLY remove the last vestiges of JSVALUE32!
55
56         <rdar://problem/8957409> Remove last vestiges of JSVALUE32
57         <http://webkit.org/b/53779>
58
59         * DerivedSources.make: Removed dependency on
60         JavaScriptCore.JSVALUE32.exp.
61
62 2011-02-04  David Kilzer  <ddkilzer@apple.com>
63
64         <rdar://problem/8957409> Remove last vestiges of JSVALUE32
65         <http://webkit.org/b/53779>
66
67         Reviewed by Darin Adler.
68
69         Support for JSVALUE32 was originaly removed in r70111.
70
71         * Configurations/JavaScriptCore.xcconfig: Changed armv6 to use
72         JavaScriptCore.JSVALUE32_64.exp and ppc64 to use
73         JavaScriptCore.JSVALUE64.exp to match Platform.h.
74         * DerivedSources.make: Removed rule for
75         JavaScriptCore.JSVALUE32.exp.
76         * JavaScriptCore.JSVALUE32only.exp: Removed.
77         * JavaScriptCore.xcodeproj/project.pbxproj: Removed references
78         to JavaScriptCore.JSVALUE32only.exp.
79
80 2011-02-04  David Kilzer  <ddkilzer@apple.com>
81
82         Use static_cast and other style cleanup in YarrInterpreter.cpp
83         <http://webkit.org/b/53772>
84
85         Reviewed by John Sullivan.
86
87         * yarr/YarrInterpreter.cpp:
88         (JSC::Yarr::Interpreter::InputStream::readChecked): Use
89         static_cast.
90         (JSC::Yarr::Interpreter::InputStream::checkInput): Remove
91         unnecessary else block.
92         (JSC::Yarr::Interpreter::matchAssertionEOL): Ditto.
93         (JSC::Yarr::Interpreter::backtrackBackReference): Ditto.
94         (JSC::Yarr::ByteCompiler::emitDisjunction): Use static_cast.
95
96 2011-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
97
98         Unreviewed, rolling out r77625 and r77626.
99         http://trac.webkit.org/changeset/77625
100         http://trac.webkit.org/changeset/77626
101         https://bugs.webkit.org/show_bug.cgi?id=53765
102
103         It broke Windows builds (Requested by Ossy_ on #webkit).
104
105         * JavaScriptCore.exp:
106         * JavaScriptCore.gyp/JavaScriptCore.gyp:
107         * JavaScriptCore.gypi:
108         * JavaScriptCore.pro:
109         * JavaScriptCore.xcodeproj/project.pbxproj:
110         * create_regex_tables:
111         * runtime/RegExp.cpp:
112         * wtf/Platform.h:
113         * yarr/Yarr.h:
114         * yarr/YarrJIT.cpp:
115         * yarr/YarrJIT.h:
116         * yarr/YarrParser.h:
117         * yarr/YarrPattern.h:
118         * yarr/YarrSyntaxChecker.h:
119         * yarr/yarr.pri: Removed.
120
121 2011-02-04  Jessie Berlin  <jberlin@apple.com>
122
123         Windows build fix. Unreviewed.
124
125         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
126
127 2011-02-04  Peter Varga  <pvarga@webkit.org>
128
129         Reviewed by Gavin Barraclough.
130
131         Replace PCRE with Yarr in WebCore
132         https://bugs.webkit.org/show_bug.cgi?id=53496
133
134         * JavaScriptCore.exp:
135         * JavaScriptCore.gyp/JavaScriptCore.gyp:
136         * JavaScriptCore.gypi:
137         * JavaScriptCore.pro:
138         * JavaScriptCore.xcodeproj/project.pbxproj:
139         * create_regex_tables:
140         * runtime/RegExp.cpp:
141         * wtf/Platform.h:
142         * yarr/Yarr.h:
143         * yarr/YarrJIT.cpp:
144         * yarr/YarrJIT.h:
145         * yarr/YarrParser.h:
146         * yarr/YarrPattern.h:
147         * yarr/YarrSyntaxChecker.h:
148         * yarr/yarr.pri: Added.
149
150 2011-02-04  Ilya Tikhonovsky  <loislo@chromium.org>
151
152         Unreviewed rollout two patches r77614 and r77612.
153
154         REGRESSION: Snow Leopard Intell Release anumber of failing tests.
155
156         * runtime/Heap.cpp:
157         (JSC::Heap::Heap):
158         (JSC::Heap::reset):
159         * runtime/Heap.h:
160         * runtime/MarkedSpace.cpp:
161         (JSC::MarkedSpace::allocate):
162         (JSC::MarkedSpace::sweep):
163         (JSC::MarkedSpace::reset):
164         * runtime/MarkedSpace.h:
165
166 2011-02-04  Geoffrey Garen  <ggaren@apple.com>
167
168         Try to fix 32bit build.
169
170         * runtime/Heap.cpp:
171         (JSC::Heap::reset): Use an explicit cast to avoid shortening warnings,
172         since 1.5 is double (64bit), and the result is size_t (32bit).
173
174 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
175
176         Reviewed by Cameron Zwarich.
177
178         Changed MarkedSpace to delegate grow/shrink decisions to Heap
179         https://bugs.webkit.org/show_bug.cgi?id=53759
180         
181         SunSpider reports no change.
182         
183         * runtime/Heap.cpp:
184         (JSC::Heap::Heap):
185         (JSC::Heap::reset):
186         * runtime/Heap.h: Reorganized a few data members for better cache locality.
187         Added a grow policy.
188         
189         * runtime/MarkedSpace.cpp:
190         (JSC::MarkedSpace::allocate):
191         (JSC::MarkedSpace::sweep):
192         (JSC::MarkedSpace::reset): Don't shrink automatically. Instead, wait for
193         the heap to make an explicit sweep call.
194
195         * runtime/MarkedSpace.h:
196         (JSC::MarkedSpace::highWaterMark):
197         (JSC::MarkedSpace::setHighWaterMark): Use a watermark to determine how
198         many bytes to allocate before failing and giving the heap an opportunity
199         to collect garbage. This also means that we allocate blocks on demand,
200         instead of ahead of time.
201
202 2011-02-03  James Kozianski  <koz@chromium.org>
203
204         Reviewed by Dimitri Glazkov.
205
206         Add navigator.registerProtocolHandler behind a flag.
207         https://bugs.webkit.org/show_bug.cgi?id=52609
208
209         * Configurations/FeatureDefines.xcconfig:
210
211 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
212
213         Reviewed by Oliver Hunt.
214
215         Not all blocks are freed when the heap is freed (counting is hard!)
216         https://bugs.webkit.org/show_bug.cgi?id=53732
217
218         * runtime/MarkedSpace.cpp:
219         (JSC::MarkedSpace::destroy): Freeing a block compacts the list, so just
220         keep freeing block 0 until there are no blocks left.
221
222 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
223
224         Try to fix the Mac build.
225
226         * JavaScriptCore.xcodeproj/project.pbxproj: The new MarkedBlock.h header
227         needs to be private, not project, so other projects can include headers
228         that depend on it.
229
230 2011-02-03  Geoffrey Garen  <ggaren@apple.com>
231
232         Reviewed by Sam Weinig.
233
234         Start using MarkedBlock instead of CollectorBlock
235         https://bugs.webkit.org/show_bug.cgi?id=53693
236         
237         SunSpider reports no change.
238         
239         * runtime/MarkedBlock.h:
240         (JSC::MarkedBlock::blockFor):
241         (JSC::MarkedBlock::setMarked):
242         (JSC::MarkedBlock::isCellAligned):
243         (JSC::MarkedBlock::isPossibleCell): Updated for const-ness.
244
245         * runtime/MarkedSpace.cpp:
246         (JSC::MarkedSpace::allocateBlock):
247         (JSC::MarkedSpace::containsSlowCase):
248         (JSC::MarkedSpace::clearMarkBits): Updated for const-ness.
249
250         * runtime/MarkedSpace.h:
251         (JSC::CollectorHeap::collectorBlock):
252         (JSC::MarkedSpace::heap):
253         (JSC::MarkedSpace::isMarked):
254         (JSC::MarkedSpace::testAndSetMarked):
255         (JSC::MarkedSpace::setMarked):
256         (JSC::MarkedSpace::contains): Switched from CollectorBlock to MarkedBlock,
257         and deleted dead CollectorBlock-related code.
258
259 2011-02-03  Patrick Gansterer  <paroga@webkit.org>
260
261         Reviewed by Darin Adler.
262
263         Avoid strlen() in AtomicString::fromUTF8
264         https://bugs.webkit.org/show_bug.cgi?id=50516
265
266         Add an overload to calculateStringHashFromUTF8 to get
267         strlen() of the input data with only one call.
268
269         This change shows about 3% performance win on the xml-parser benchmark.
270
271         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
272         * wtf/text/AtomicString.cpp:
273         (WTF::AtomicString::fromUTF8):
274         * wtf/unicode/UTF8.cpp:
275         (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
276         (WTF::Unicode::calculateStringHashFromUTF8):
277         (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
278         * wtf/unicode/UTF8.h:
279
280 2011-02-02  Gavin Barraclough  <barraclough@apple.com>
281
282         Windows build fix.
283
284         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
285
286 2011-02-02  Gavin Barraclough  <barraclough@apple.com>
287
288         oops, build fix!
289
290         * wtf/Assertions.cpp:
291
292 2011-02-02  Gavin Barraclough  <barraclough@apple.com>
293
294         Reviewed by Sam Weinig.
295
296         Bug 53650 - Add a BACKTRACE macro to Assertions.h
297
298         Add a BACKTRACE macro to Assertions.h, which will print a backtrace on
299         debug Mac builds, make CRASH (and thus ASSERT) automatically call this.
300
301         * JavaScriptCore.exp:
302         * wtf/Assertions.cpp:
303         * wtf/Assertions.h:
304
305 2011-02-02  Michael Saboff  <msaboff@apple.com>
306
307         Reviewed by Gavin Barraclough.
308
309         Improper backtrack of nested non-capturing greedy paren to prior paren
310         https://bugs.webkit.org/show_bug.cgi?id=53261
311
312         A paren that follows a non-capturing greedy paren nested within a 
313         non-capturing fixed paren was back tracking to the last paren 
314         processed instead of the immediately prior paren.
315         Refactored default backtracking of parens to prior paren to work for
316         both nested (within) and immediately prior (after) parens.
317
318         * yarr/YarrJIT.cpp:
319         (JSC::Yarr::YarrGenerator::GenerationState::addParenthesesTail):
320         (JSC::Yarr::YarrGenerator::TermGenerationState::TermGenerationState):
321         (JSC::Yarr::YarrGenerator::TermGenerationState::setJumpListToPriorParen):
322         (JSC::Yarr::YarrGenerator::TermGenerationState::getJumpListToPriorParen):
323         (JSC::Yarr::YarrGenerator::ParenthesesTail::ParenthesesTail):
324         (JSC::Yarr::YarrGenerator::ParenthesesTail::generateCode):
325         (JSC::Yarr::YarrGenerator::generateParenthesesDisjunction):
326         (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
327         (JSC::Yarr::YarrGenerator::generateDisjunction):
328
329 2011-02-02  Jeff Miller  <jeffm@apple.com>
330
331         Reviewed by Darin Adler and Steve Falkenburg.
332
333         Add DerivedSources.make to some Visual Studio projects
334         https://bugs.webkit.org/show_bug.cgi?id=53607
335
336         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Add DerivedSources.make.
337
338 2011-02-02  Steve Lacey  <sjl@chromium.org>
339
340         Reviewed by Eric Carlson.
341
342         Implement basic media statistics on media elements.
343         https://bugs.webkit.org/show_bug.cgi?id=53322
344
345         * Configurations/FeatureDefines.xcconfig:
346
347 2011-02-02  Kevin Ollivier  <kevino@theolliviers.com>
348
349         [wx] Build fixes for wxWebKit.
350
351         * wtf/wx/StringWx.cpp:
352         (WTF::String::String):
353
354 2011-02-01  Geoffrey Garen  <ggaren@apple.com>
355
356         Reviewed by Sam Weinig.
357
358         A little more Heap refactoring
359         https://bugs.webkit.org/show_bug.cgi?id=53577
360         
361         SunSpider reports no change.
362         
363         Split out MarkedBlock into its own file / class.
364         
365         Did the following renames:
366             isCellMarked => isMarked
367             checkMarkCell => testAndSetMarked
368             markCell => setMarked
369             cellOffset => cellNumber
370             collectorBlock => blockFor
371
372         * Android.mk:
373         * CMakeLists.txt:
374         * GNUmakefile.am:
375         * JavaScriptCore.gypi:
376         * JavaScriptCore.pro:
377         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
378         * JavaScriptCore.xcodeproj/project.pbxproj:
379         * runtime/Heap.cpp:
380         (JSC::WeakGCHandlePool::update):
381         * runtime/Heap.h:
382         (JSC::Heap::isMarked):
383         (JSC::Heap::testAndSetMarked):
384         (JSC::Heap::setMarked):
385         * runtime/JSArray.h:
386         (JSC::MarkStack::markChildren):
387         (JSC::MarkStack::drain):
388         * runtime/JSCell.h:
389         (JSC::JSCell::MarkStack::internalAppend):
390         * runtime/MarkedBlock.cpp: Added.
391         * runtime/MarkedBlock.h: Added.
392         (JSC::MarkedBlock::blockFor):
393         (JSC::MarkedBlock::cellNumber):
394         (JSC::MarkedBlock::isMarked):
395         (JSC::MarkedBlock::testAndSetMarked):
396         (JSC::MarkedBlock::setMarked):
397         (JSC::MarkedBlock::isCellAligned):
398         (JSC::MarkedBlock::isPossibleCell):
399         * runtime/MarkedSpace.h:
400         (JSC::MarkedSpace::isMarked):
401         (JSC::MarkedSpace::testAndSetMarked):
402         (JSC::MarkedSpace::setMarked):
403         * runtime/SmallStrings.cpp:
404         (JSC::isMarked):
405         * runtime/WeakGCMap.h:
406         (JSC::WeakGCMap::isValid):
407         (JSC::::get):
408         (JSC::::take):
409         (JSC::::set):
410
411 2011-02-02  Sam Weinig  <sam@webkit.org>
412
413         Fix windows clean build.
414
415         * DerivedSources.make:
416
417 2011-02-02  Alejandro G. Castro  <alex@igalia.com>
418
419         Reviewed by Martin Robinson.
420
421         [GTK] Fix dist compilation
422         https://bugs.webkit.org/show_bug.cgi?id=53579
423
424         * GNUmakefile.am: Added WriteBarrier.h to the sources, it was
425         added in r77151
426
427 2011-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
428
429         Unreviewed, rolling out r77297.
430         http://trac.webkit.org/changeset/77297
431         https://bugs.webkit.org/show_bug.cgi?id=53538
432
433         caused leopard crashes (Requested by paroga on #webkit).
434
435         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
436         * wtf/text/AtomicString.cpp:
437         (WTF::AtomicString::fromUTF8):
438         * wtf/unicode/UTF8.cpp:
439         (WTF::Unicode::calculateStringHashFromUTF8):
440         * wtf/unicode/UTF8.h:
441
442 2011-02-01  Sam Weinig  <sam@webkit.org>
443
444         Fix Mac production builds.
445
446         * JavaScriptCore.xcodeproj/project.pbxproj:
447
448 2011-02-01  Sam Weinig  <sam@webkit.org>
449
450         Try to fix the windows build.
451
452         * DerivedSources.make:
453
454 2011-02-01  Patrick Gansterer  <paroga@webkit.org>
455
456         Reviewed by Darin Adler.
457
458         Avoid strlen() in AtomicString::fromUTF8
459         https://bugs.webkit.org/show_bug.cgi?id=50516
460
461         Add an overload to calculateStringHashFromUTF8 to get
462         strlen() of the input data with only one call.
463
464         This change shows about 3% performance win on the xml-parser benchmark.
465
466         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
467         * wtf/text/AtomicString.cpp:
468         (WTF::AtomicString::fromUTF8):
469         * wtf/unicode/UTF8.cpp:
470         (WTF::Unicode::calculateStringHashAndLengthFromUTF8Internal):
471         (WTF::Unicode::calculateStringHashFromUTF8):
472         (WTF::Unicode::calculateStringHashAndLengthFromUTF8):
473         * wtf/unicode/UTF8.h:
474
475 2011-02-01  Sam Weinig  <sam@webkit.org>
476
477         Reviewed by Beth Dakin.
478
479         Part 2 for <rdar://problem/8492788>
480         Adopt WKScrollbarPainterController
481
482         Use header detection to define scrollbar painting controller #define.
483
484         * DerivedSources.make:
485         * JavaScriptCore.xcodeproj/project.pbxproj:
486
487 2011-02-01  Geoffrey Garen  <ggaren@apple.com>
488
489         Reviewed by Oliver Hunt.
490
491         Refactor JSGlobalObject-related tear-down
492         https://bugs.webkit.org/show_bug.cgi?id=53478
493         
494         While investigating crashes caused by r77082, I noticed some strange
495         destructor-time behaviors. This patch makes them less strange.
496
497         * bytecode/CodeBlock.cpp:
498         (JSC::CodeBlock::CodeBlock):
499         (JSC::CodeBlock::markAggregate):
500         * bytecode/CodeBlock.h:
501         (JSC::CodeBlock::globalObject):
502         (JSC::GlobalCodeBlock::GlobalCodeBlock):
503         (JSC::GlobalCodeBlock::~GlobalCodeBlock): Store the set of global code
504         blocks on the Heap, instead of on independent global objects. The heap
505         is guaranteed to outlast any GC-owned data structure. The heap is also
506         a natural place to store objects that needs out-of-band marking, since
507         the heap is responsible for marking all roots.
508
509         * runtime/Heap.cpp:
510         (JSC::Heap::markRoots):
511         (JSC::Heap::globalObjectCount):
512         (JSC::Heap::protectedGlobalObjectCount):
513         * runtime/Heap.h:
514         (JSC::Heap::codeBlocks):
515         * runtime/JSGlobalData.cpp:
516         (JSC::JSGlobalData::JSGlobalData):
517         * runtime/JSGlobalData.h:
518         * runtime/JSGlobalObject.cpp:
519         (JSC::JSGlobalObject::~JSGlobalObject):
520         (JSC::JSGlobalObject::init):
521         (JSC::JSGlobalObject::markChildren):
522         * runtime/JSGlobalObject.h:
523         * runtime/MarkedSpace.cpp: Store the set of global objects in a weak map
524         owned by JSGlobalData, instead of an instrusive circular linked list.
525         This is simpler, and it avoids destructor-time access between garbage
526         collected objects, which is hard to get right.
527
528         (JSC::MarkedSpace::destroy): Make sure to clear mark bits before tearing
529         everything down. Otherwise, weak data structures will incorrectly report
530         that objects pending destruction are still alive.
531
532 2011-02-01  Geoffrey Garen  <ggaren@apple.com>
533
534         Reviewed by Oliver Hunt.
535
536         REGRESSION(77082): GC-related crashes seen: on WebKit2 bot; on GTK 32bit
537         bot; loading trac pages; typing in search field
538         https://bugs.webkit.org/show_bug.cgi?id=53519
539         
540         The crashes were all caused by failure to run an object's destructor.
541
542         * runtime/CollectorHeapIterator.h:
543         (JSC::ObjectIterator::ObjectIterator): Don't skip forward upon
544         construction. The iterator class used to do that when it was designed
545         for prior-to-beginning initialization. I forgot to remove this line
546         of code when I changed the iterator to normal initialization.
547         
548         Skipping forward upon construction was causing the heap to skip running
549         the destructor for the very first object in a block when destroying the
550         block. This usually did not crash, since block destruction is rare and
551         most objects have pretty trivial destructors. However, in the rare case
552         when the heap would destroy a block whose first object was a global
553         object or a DOM node, BOOM.
554
555 2011-01-31  Oliver Hunt  <oliver@apple.com>
556
557         Reviewed by Geoffrey Garen.
558
559         Update JSObject storage for new marking API
560         https://bugs.webkit.org/show_bug.cgi?id=53467
561
562         JSObject no longer uses EncodedJSValue for its property storage.
563         This produces a stream of mechanical changes to PropertySlot and
564         anonymous storage APIs.
565
566         * JavaScriptCore.exp:
567         * runtime/ArrayPrototype.cpp:
568         (JSC::ArrayPrototype::ArrayPrototype):
569         * runtime/BooleanConstructor.cpp:
570         (JSC::constructBoolean):
571         (JSC::constructBooleanFromImmediateBoolean):
572         * runtime/BooleanObject.cpp:
573         (JSC::BooleanObject::BooleanObject):
574         * runtime/BooleanObject.h:
575         * runtime/BooleanPrototype.cpp:
576         (JSC::BooleanPrototype::BooleanPrototype):
577         * runtime/DateInstance.cpp:
578         (JSC::DateInstance::DateInstance):
579         * runtime/DatePrototype.cpp:
580         (JSC::DatePrototype::DatePrototype):
581         * runtime/JSActivation.cpp:
582         (JSC::JSActivation::getOwnPropertySlot):
583         * runtime/JSArray.cpp:
584         (JSC::JSArray::getOwnPropertySlot):
585         * runtime/JSFunction.cpp:
586         (JSC::JSFunction::getOwnPropertySlot):
587         * runtime/JSGlobalObject.h:
588         (JSC::JSGlobalObject::JSGlobalObject):
589         * runtime/JSObject.cpp:
590         (JSC::JSObject::fillGetterPropertySlot):
591         * runtime/JSObject.h:
592         (JSC::JSObject::getDirectLocation):
593         (JSC::JSObject::offsetForLocation):
594         (JSC::JSObject::putAnonymousValue):
595         (JSC::JSObject::clearAnonymousValue):
596         (JSC::JSObject::getAnonymousValue):
597         (JSC::JSObject::putThisToAnonymousValue):
598         (JSC::JSObject::locationForOffset):
599         (JSC::JSObject::inlineGetOwnPropertySlot):
600         * runtime/JSObjectWithGlobalObject.cpp:
601         (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
602         * runtime/JSWrapperObject.h:
603         (JSC::JSWrapperObject::JSWrapperObject):
604         (JSC::JSWrapperObject::setInternalValue):
605         * runtime/Lookup.cpp:
606         (JSC::setUpStaticFunctionSlot):
607         * runtime/NumberConstructor.cpp:
608         (JSC::constructWithNumberConstructor):
609         * runtime/NumberObject.cpp:
610         (JSC::NumberObject::NumberObject):
611         (JSC::constructNumber):
612         * runtime/NumberObject.h:
613         * runtime/NumberPrototype.cpp:
614         (JSC::NumberPrototype::NumberPrototype):
615         * runtime/PropertySlot.h:
616         (JSC::PropertySlot::getValue):
617         (JSC::PropertySlot::setValue):
618         (JSC::PropertySlot::setRegisterSlot):
619         * runtime/StringObject.cpp:
620         (JSC::StringObject::StringObject):
621         * runtime/StringPrototype.cpp:
622         (JSC::StringPrototype::StringPrototype):
623         * runtime/WriteBarrier.h:
624         (JSC::WriteBarrierBase::setWithoutWriteBarrier):
625
626 2011-02-01  Daniel Bates  <dbates@rim.com>
627
628         Reviewed by Antonio Gomes.
629
630         Modify RandomNumberSeed.h to use USE(MERSENNE_TWISTER_19937)
631         https://bugs.webkit.org/show_bug.cgi?id=53506
632
633         Currently, use of the Mersenne Twister pseudorandom number generator
634         is hardcoded to the Windows CE port. With the passing of bug #53253,
635         we can generalize support for this PRNG to all ports that use srand(3)
636         and rand(3), including Windows CE.
637
638         * wtf/RandomNumberSeed.h:
639         (WTF::initializeRandomNumberGenerator):
640
641 2011-02-01  Dave Tapuska  <dtapuska@rim.com>
642
643         Reviewed by Gavin Barraclough.
644
645         MacroAssemblerARM would generate code that did 32bit loads
646         on addresses that were not aligned. More specifically it would
647         generate a ldr r8,[r1, #7] which isn't valid on ARMv5 and lower.
648         The intended instruction really is ldrb r8,[r1, #7]; ensure we
649         call load8 instead of load32.
650
651         https://bugs.webkit.org/show_bug.cgi?id=46095
652
653         * assembler/MacroAssemblerARM.h:
654         (JSC::MacroAssemblerARM::set32Test32):
655         (JSC::MacroAssemblerARM::set32Test8):
656
657 2011-02-01  Darin Fisher  <darin@chromium.org>
658
659         Reviewed by Eric Seidel.
660
661         Fix some Visual Studio compiler warnings.
662         https://bugs.webkit.org/show_bug.cgi?id=53476
663
664         * wtf/MathExtras.h:
665         (clampToInteger):
666         (clampToPositiveInteger):
667         * wtf/ThreadingWin.cpp:
668         (WTF::absoluteTimeToWaitTimeoutInterval):
669
670 2011-01-31  Oliver Hunt  <oliver@apple.com>
671
672         Reviewed by Sam Weinig.
673
674         Bogus callframe during stack unwinding
675         https://bugs.webkit.org/show_bug.cgi?id=53454
676
677         Trying to access a callframe's globalData after destroying its
678         ScopeChain is not a good thing.  While we could access the
679         globalData directly through the (known valid) scopechain we're
680         holding on to, it feels fragile.  Instead we push the valid
681         ScopeChain onto the callframe again to ensure that the callframe
682         itself remains valid.
683
684         * interpreter/Interpreter.cpp:
685         (JSC::Interpreter::unwindCallFrame):
686
687 2011-01-31  Michael Saboff  <msaboff@apple.com>
688
689         Reviewed by Geoffrey Garen.
690
691         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
692         https://bugs.webkit.org/show_bug.cgi?id=53271
693
694         Reapplying this change again.
695         Changed isValid() to use .get() as a result of change r77151.
696
697         Added new isValid() methods to check if a contained object in
698         a WeakGCMap is valid when using an unchecked iterator.
699
700         * runtime/WeakGCMap.h:
701         (JSC::WeakGCMap::isValid):
702
703 2011-01-31  Oliver Hunt  <oliver@apple.com>
704
705         Convert markstack to a slot visitor API
706         https://bugs.webkit.org/show_bug.cgi?id=53219
707
708         rolling r77098, r77099, r77100, r77109, and
709         r77111 back in, along with a few more Qt fix attempts.
710
711         * API/JSCallbackObject.h:
712         (JSC::JSCallbackObjectData::setPrivateProperty):
713         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
714         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
715         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
716         (JSC::JSCallbackObject::setPrivateProperty):
717         * API/JSCallbackObjectFunctions.h:
718         (JSC::::put):
719         (JSC::::staticFunctionGetter):
720         * API/JSObjectRef.cpp:
721         (JSObjectMakeConstructor):
722         (JSObjectSetPrivateProperty):
723         * API/JSWeakObjectMapRefInternal.h:
724         * JavaScriptCore.exp:
725         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
726         * JavaScriptCore.xcodeproj/project.pbxproj:
727         * bytecode/CodeBlock.cpp:
728         (JSC::CodeBlock::markAggregate):
729         * bytecode/CodeBlock.h:
730         (JSC::CodeBlock::globalObject):
731         * bytecompiler/BytecodeGenerator.cpp:
732         (JSC::BytecodeGenerator::BytecodeGenerator):
733         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
734         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
735         (JSC::BytecodeGenerator::findScopedProperty):
736         * debugger/Debugger.cpp:
737         (JSC::evaluateInGlobalCallFrame):
738         * debugger/DebuggerActivation.cpp:
739         (JSC::DebuggerActivation::DebuggerActivation):
740         (JSC::DebuggerActivation::markChildren):
741         * debugger/DebuggerActivation.h:
742         * debugger/DebuggerCallFrame.cpp:
743         (JSC::DebuggerCallFrame::evaluate):
744         * interpreter/CallFrame.h:
745         (JSC::ExecState::exception):
746         * interpreter/Interpreter.cpp:
747         (JSC::Interpreter::resolve):
748         (JSC::Interpreter::resolveSkip):
749         (JSC::Interpreter::resolveGlobal):
750         (JSC::Interpreter::resolveGlobalDynamic):
751         (JSC::Interpreter::resolveBaseAndProperty):
752         (JSC::Interpreter::unwindCallFrame):
753         (JSC::appendSourceToError):
754         (JSC::Interpreter::execute):
755         (JSC::Interpreter::tryCacheGetByID):
756         (JSC::Interpreter::privateExecute):
757         * jit/JITStubs.cpp:
758         (JSC::JITThunks::tryCacheGetByID):
759         (JSC::DEFINE_STUB_FUNCTION):
760         * jsc.cpp:
761         (GlobalObject::GlobalObject):
762         * runtime/ArgList.cpp:
763         (JSC::MarkedArgumentBuffer::markLists):
764         * runtime/Arguments.cpp:
765         (JSC::Arguments::markChildren):
766         (JSC::Arguments::getOwnPropertySlot):
767         (JSC::Arguments::getOwnPropertyDescriptor):
768         (JSC::Arguments::put):
769         * runtime/Arguments.h:
770         (JSC::Arguments::setActivation):
771         (JSC::Arguments::Arguments):
772         * runtime/ArrayConstructor.cpp:
773         (JSC::ArrayConstructor::ArrayConstructor):
774         (JSC::constructArrayWithSizeQuirk):
775         * runtime/ArrayPrototype.cpp:
776         (JSC::arrayProtoFuncSplice):
777         * runtime/BatchedTransitionOptimizer.h:
778         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
779         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
780         * runtime/BooleanConstructor.cpp:
781         (JSC::BooleanConstructor::BooleanConstructor):
782         (JSC::constructBoolean):
783         (JSC::constructBooleanFromImmediateBoolean):
784         * runtime/BooleanPrototype.cpp:
785         (JSC::BooleanPrototype::BooleanPrototype):
786         * runtime/ConservativeSet.cpp:
787         (JSC::ConservativeSet::grow):
788         * runtime/ConservativeSet.h:
789         (JSC::ConservativeSet::~ConservativeSet):
790         (JSC::ConservativeSet::mark):
791         * runtime/DateConstructor.cpp:
792         (JSC::DateConstructor::DateConstructor):
793         * runtime/DateInstance.cpp:
794         (JSC::DateInstance::DateInstance):
795         * runtime/DatePrototype.cpp:
796         (JSC::dateProtoFuncSetTime):
797         (JSC::setNewValueFromTimeArgs):
798         (JSC::setNewValueFromDateArgs):
799         (JSC::dateProtoFuncSetYear):
800         * runtime/ErrorConstructor.cpp:
801         (JSC::ErrorConstructor::ErrorConstructor):
802         * runtime/ErrorInstance.cpp:
803         (JSC::ErrorInstance::ErrorInstance):
804         * runtime/ErrorPrototype.cpp:
805         (JSC::ErrorPrototype::ErrorPrototype):
806         * runtime/FunctionConstructor.cpp:
807         (JSC::FunctionConstructor::FunctionConstructor):
808         * runtime/FunctionPrototype.cpp:
809         (JSC::FunctionPrototype::FunctionPrototype):
810         * runtime/GetterSetter.cpp:
811         (JSC::GetterSetter::markChildren):
812         * runtime/GetterSetter.h:
813         (JSC::GetterSetter::GetterSetter):
814         (JSC::GetterSetter::getter):
815         (JSC::GetterSetter::setGetter):
816         (JSC::GetterSetter::setter):
817         (JSC::GetterSetter::setSetter):
818         * runtime/GlobalEvalFunction.cpp:
819         (JSC::GlobalEvalFunction::GlobalEvalFunction):
820         (JSC::GlobalEvalFunction::markChildren):
821         * runtime/GlobalEvalFunction.h:
822         (JSC::GlobalEvalFunction::cachedGlobalObject):
823         * runtime/Heap.cpp:
824         (JSC::Heap::markProtectedObjects):
825         (JSC::Heap::markTempSortVectors):
826         (JSC::Heap::markRoots):
827         * runtime/InternalFunction.cpp:
828         (JSC::InternalFunction::InternalFunction):
829         * runtime/JSAPIValueWrapper.h:
830         (JSC::JSAPIValueWrapper::value):
831         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
832         * runtime/JSActivation.cpp:
833         (JSC::JSActivation::markChildren):
834         (JSC::JSActivation::put):
835         * runtime/JSArray.cpp:
836         (JSC::JSArray::JSArray):
837         (JSC::JSArray::getOwnPropertySlot):
838         (JSC::JSArray::getOwnPropertyDescriptor):
839         (JSC::JSArray::put):
840         (JSC::JSArray::putSlowCase):
841         (JSC::JSArray::deleteProperty):
842         (JSC::JSArray::increaseVectorLength):
843         (JSC::JSArray::setLength):
844         (JSC::JSArray::pop):
845         (JSC::JSArray::push):
846         (JSC::JSArray::unshiftCount):
847         (JSC::JSArray::sort):
848         (JSC::JSArray::fillArgList):
849         (JSC::JSArray::copyToRegisters):
850         (JSC::JSArray::compactForSorting):
851         * runtime/JSArray.h:
852         (JSC::JSArray::getIndex):
853         (JSC::JSArray::setIndex):
854         (JSC::JSArray::uncheckedSetIndex):
855         (JSC::JSArray::markChildrenDirect):
856         * runtime/JSByteArray.cpp:
857         (JSC::JSByteArray::JSByteArray):
858         * runtime/JSCell.h:
859         (JSC::JSCell::MarkStack::append):
860         (JSC::JSCell::MarkStack::internalAppend):
861         (JSC::JSCell::MarkStack::deprecatedAppend):
862         * runtime/JSFunction.cpp:
863         (JSC::JSFunction::JSFunction):
864         (JSC::JSFunction::getOwnPropertySlot):
865         * runtime/JSGlobalData.h:
866         * runtime/JSGlobalObject.cpp:
867         (JSC::markIfNeeded):
868         (JSC::JSGlobalObject::reset):
869         (JSC::JSGlobalObject::resetPrototype):
870         (JSC::JSGlobalObject::markChildren):
871         * runtime/JSGlobalObject.h:
872         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
873         (JSC::JSGlobalObject::regExpConstructor):
874         (JSC::JSGlobalObject::errorConstructor):
875         (JSC::JSGlobalObject::evalErrorConstructor):
876         (JSC::JSGlobalObject::rangeErrorConstructor):
877         (JSC::JSGlobalObject::referenceErrorConstructor):
878         (JSC::JSGlobalObject::syntaxErrorConstructor):
879         (JSC::JSGlobalObject::typeErrorConstructor):
880         (JSC::JSGlobalObject::URIErrorConstructor):
881         (JSC::JSGlobalObject::evalFunction):
882         (JSC::JSGlobalObject::objectPrototype):
883         (JSC::JSGlobalObject::functionPrototype):
884         (JSC::JSGlobalObject::arrayPrototype):
885         (JSC::JSGlobalObject::booleanPrototype):
886         (JSC::JSGlobalObject::stringPrototype):
887         (JSC::JSGlobalObject::numberPrototype):
888         (JSC::JSGlobalObject::datePrototype):
889         (JSC::JSGlobalObject::regExpPrototype):
890         (JSC::JSGlobalObject::methodCallDummy):
891         (JSC::Structure::prototypeForLookup):
892         (JSC::constructArray):
893         * runtime/JSONObject.cpp:
894         (JSC::Stringifier::Holder::object):
895         (JSC::Stringifier::Holder::objectSlot):
896         (JSC::Stringifier::markAggregate):
897         (JSC::Stringifier::stringify):
898         (JSC::Stringifier::Holder::appendNextProperty):
899         (JSC::Walker::callReviver):
900         (JSC::Walker::walk):
901         * runtime/JSObject.cpp:
902         (JSC::JSObject::defineGetter):
903         (JSC::JSObject::defineSetter):
904         (JSC::JSObject::removeDirect):
905         (JSC::JSObject::putDirectFunction):
906         (JSC::JSObject::putDirectFunctionWithoutTransition):
907         (JSC::putDescriptor):
908         (JSC::JSObject::defineOwnProperty):
909         * runtime/JSObject.h:
910         (JSC::JSObject::getDirectOffset):
911         (JSC::JSObject::putDirectOffset):
912         (JSC::JSObject::putUndefinedAtDirectOffset):
913         (JSC::JSObject::flattenDictionaryObject):
914         (JSC::JSObject::putDirectInternal):
915         (JSC::JSObject::putDirect):
916         (JSC::JSObject::putDirectFunction):
917         (JSC::JSObject::putDirectWithoutTransition):
918         (JSC::JSObject::putDirectFunctionWithoutTransition):
919         (JSC::JSValue::putDirect):
920         (JSC::JSObject::allocatePropertyStorageInline):
921         (JSC::JSObject::markChildrenDirect):
922         * runtime/JSPropertyNameIterator.cpp:
923         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
924         (JSC::JSPropertyNameIterator::get):
925         * runtime/JSPropertyNameIterator.h:
926         * runtime/JSStaticScopeObject.cpp:
927         (JSC::JSStaticScopeObject::markChildren):
928         * runtime/JSString.cpp:
929         (JSC::StringObject::create):
930         * runtime/JSValue.h:
931         * runtime/JSWrapperObject.cpp:
932         (JSC::JSWrapperObject::markChildren):
933         * runtime/JSWrapperObject.h:
934         (JSC::JSWrapperObject::internalValue):
935         (JSC::JSWrapperObject::setInternalValue):
936         * runtime/LiteralParser.cpp:
937         (JSC::LiteralParser::parse):
938         * runtime/Lookup.cpp:
939         (JSC::setUpStaticFunctionSlot):
940         * runtime/Lookup.h:
941         (JSC::lookupPut):
942         * runtime/MarkStack.h:
943         (JSC::MarkStack::MarkStack):
944         (JSC::MarkStack::deprecatedAppendValues):
945         (JSC::MarkStack::appendValues):
946         * runtime/MathObject.cpp:
947         (JSC::MathObject::MathObject):
948         * runtime/NativeErrorConstructor.cpp:
949         (JSC::NativeErrorConstructor::NativeErrorConstructor):
950         * runtime/NativeErrorPrototype.cpp:
951         (JSC::NativeErrorPrototype::NativeErrorPrototype):
952         * runtime/NumberConstructor.cpp:
953         (JSC::NumberConstructor::NumberConstructor):
954         (JSC::constructWithNumberConstructor):
955         * runtime/NumberObject.cpp:
956         (JSC::constructNumber):
957         * runtime/NumberPrototype.cpp:
958         (JSC::NumberPrototype::NumberPrototype):
959         * runtime/ObjectConstructor.cpp:
960         (JSC::ObjectConstructor::ObjectConstructor):
961         (JSC::objectConstructorGetOwnPropertyDescriptor):
962         * runtime/Operations.h:
963         (JSC::normalizePrototypeChain):
964         (JSC::resolveBase):
965         * runtime/PrototypeFunction.cpp:
966         (JSC::PrototypeFunction::PrototypeFunction):
967         * runtime/PutPropertySlot.h:
968         (JSC::PutPropertySlot::setExistingProperty):
969         (JSC::PutPropertySlot::setNewProperty):
970         (JSC::PutPropertySlot::base):
971         * runtime/RegExpConstructor.cpp:
972         (JSC::RegExpConstructor::RegExpConstructor):
973         * runtime/ScopeChain.cpp:
974         (JSC::ScopeChainNode::print):
975         * runtime/ScopeChain.h:
976         (JSC::ScopeChainNode::~ScopeChainNode):
977         (JSC::ScopeChainIterator::operator*):
978         (JSC::ScopeChainIterator::operator->):
979         (JSC::ScopeChain::top):
980         * runtime/ScopeChainMark.h:
981         (JSC::ScopeChain::markAggregate):
982         * runtime/SmallStrings.cpp:
983         (JSC::isMarked):
984         (JSC::SmallStrings::markChildren):
985         * runtime/SmallStrings.h:
986         (JSC::SmallStrings::emptyString):
987         (JSC::SmallStrings::singleCharacterString):
988         (JSC::SmallStrings::singleCharacterStrings):
989         * runtime/StringConstructor.cpp:
990         (JSC::StringConstructor::StringConstructor):
991         * runtime/StringObject.cpp:
992         (JSC::StringObject::StringObject):
993         * runtime/StringObject.h:
994         * runtime/StringPrototype.cpp:
995         (JSC::StringPrototype::StringPrototype):
996         * runtime/Structure.cpp:
997         (JSC::Structure::Structure):
998         (JSC::Structure::addPropertyTransition):
999         (JSC::Structure::toDictionaryTransition):
1000         (JSC::Structure::flattenDictionaryStructure):
1001         * runtime/Structure.h:
1002         (JSC::Structure::storedPrototype):
1003         (JSC::Structure::storedPrototypeSlot):
1004         * runtime/WeakGCMap.h:
1005         (JSC::WeakGCMap::uncheckedGet):
1006         (JSC::WeakGCMap::uncheckedGetSlot):
1007         (JSC::::get):
1008         (JSC::::take):
1009         (JSC::::set):
1010         (JSC::::uncheckedRemove):
1011         * runtime/WriteBarrier.h: Added.
1012         (JSC::DeprecatedPtr::DeprecatedPtr):
1013         (JSC::DeprecatedPtr::get):
1014         (JSC::DeprecatedPtr::operator*):
1015         (JSC::DeprecatedPtr::operator->):
1016         (JSC::DeprecatedPtr::slot):
1017         (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
1018         (JSC::DeprecatedPtr::operator!):
1019         (JSC::WriteBarrierBase::set):
1020         (JSC::WriteBarrierBase::get):
1021         (JSC::WriteBarrierBase::operator*):
1022         (JSC::WriteBarrierBase::operator->):
1023         (JSC::WriteBarrierBase::clear):
1024         (JSC::WriteBarrierBase::slot):
1025         (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
1026         (JSC::WriteBarrierBase::operator!):
1027         (JSC::WriteBarrier::WriteBarrier):
1028         (JSC::operator==):
1029
1030 2011-01-31  Dan Winship  <danw@gnome.org>
1031
1032         Reviewed by Gustavo Noronha Silva.
1033
1034         wss (websockets ssl) support for gtk via new gio TLS support
1035         https://bugs.webkit.org/show_bug.cgi?id=50344
1036
1037         Add a GPollableOutputStream typedef for TLS WebSockets support
1038
1039         * wtf/gobject/GTypedefs.h:
1040
1041 2011-01-31  Gavin Barraclough  <barraclough@apple.com>
1042
1043         Reviewed by Geoff Garen.
1044
1045         https://bugs.webkit.org/show_bug.cgi?id=53352
1046         Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
1047
1048         The FixedVMPoolAllocator currently uses a best fix policy -
1049         switch to first fit, this is less prone to external fragmentation.
1050
1051         * jit/ExecutableAllocatorFixedVMPool.cpp:
1052         (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
1053         (JSC::AllocationTableSizeClass::blockSize):
1054         (JSC::AllocationTableSizeClass::blockCount):
1055         (JSC::AllocationTableSizeClass::blockAlignment):
1056         (JSC::AllocationTableSizeClass::size):
1057         (JSC::AllocationTableLeaf::AllocationTableLeaf):
1058         (JSC::AllocationTableLeaf::~AllocationTableLeaf):
1059         (JSC::AllocationTableLeaf::allocate):
1060         (JSC::AllocationTableLeaf::free):
1061         (JSC::AllocationTableLeaf::isEmpty):
1062         (JSC::AllocationTableLeaf::isFull):
1063         (JSC::AllocationTableLeaf::size):
1064         (JSC::AllocationTableLeaf::classForSize):
1065         (JSC::AllocationTableLeaf::dump):
1066         (JSC::LazyAllocationTable::LazyAllocationTable):
1067         (JSC::LazyAllocationTable::~LazyAllocationTable):
1068         (JSC::LazyAllocationTable::allocate):
1069         (JSC::LazyAllocationTable::free):
1070         (JSC::LazyAllocationTable::isEmpty):
1071         (JSC::LazyAllocationTable::isFull):
1072         (JSC::LazyAllocationTable::size):
1073         (JSC::LazyAllocationTable::dump):
1074         (JSC::LazyAllocationTable::classForSize):
1075         (JSC::AllocationTableDirectory::AllocationTableDirectory):
1076         (JSC::AllocationTableDirectory::~AllocationTableDirectory):
1077         (JSC::AllocationTableDirectory::allocate):
1078         (JSC::AllocationTableDirectory::free):
1079         (JSC::AllocationTableDirectory::isEmpty):
1080         (JSC::AllocationTableDirectory::isFull):
1081         (JSC::AllocationTableDirectory::size):
1082         (JSC::AllocationTableDirectory::classForSize):
1083         (JSC::AllocationTableDirectory::dump):
1084         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
1085         (JSC::FixedVMPoolAllocator::alloc):
1086         (JSC::FixedVMPoolAllocator::free):
1087         (JSC::FixedVMPoolAllocator::allocated):
1088         (JSC::FixedVMPoolAllocator::isValid):
1089         (JSC::FixedVMPoolAllocator::classForSize):
1090         (JSC::FixedVMPoolAllocator::offsetToPointer):
1091         (JSC::FixedVMPoolAllocator::pointerToOffset):
1092         (JSC::ExecutableAllocator::committedByteCount):
1093         (JSC::ExecutableAllocator::isValid):
1094         (JSC::ExecutableAllocator::underMemoryPressure):
1095         (JSC::ExecutablePool::systemAlloc):
1096         (JSC::ExecutablePool::systemRelease):
1097         * wtf/PageReservation.h:
1098         (WTF::PageReservation::PageReservation):
1099         (WTF::PageReservation::commit):
1100         (WTF::PageReservation::decommit):
1101         (WTF::PageReservation::committed):
1102
1103 2011-01-31  Sheriff Bot  <webkit.review.bot@gmail.com>
1104
1105         Unreviewed, rolling out r76969.
1106         http://trac.webkit.org/changeset/76969
1107         https://bugs.webkit.org/show_bug.cgi?id=53418
1108
1109         "It is causing crashes in GTK+ and Leopard bots" (Requested by
1110         alexg__ on #webkit).
1111
1112         * runtime/WeakGCMap.h:
1113
1114 2011-01-30  Csaba Osztrogonác  <ossy@webkit.org>
1115
1116         Unreviewed, rolling out r77098, r77099, r77100, r77109, and
1117         r77111.
1118         http://trac.webkit.org/changeset/77098
1119         http://trac.webkit.org/changeset/77099
1120         http://trac.webkit.org/changeset/77100
1121         http://trac.webkit.org/changeset/77109
1122         http://trac.webkit.org/changeset/77111
1123         https://bugs.webkit.org/show_bug.cgi?id=53219
1124
1125         Qt build is broken
1126
1127         * API/JSCallbackObject.h:
1128         (JSC::JSCallbackObjectData::setPrivateProperty):
1129         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
1130         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1131         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
1132         (JSC::JSCallbackObject::setPrivateProperty):
1133         * API/JSCallbackObjectFunctions.h:
1134         (JSC::::put):
1135         (JSC::::staticFunctionGetter):
1136         * API/JSObjectRef.cpp:
1137         (JSObjectMakeConstructor):
1138         (JSObjectSetPrivateProperty):
1139         * API/JSWeakObjectMapRefInternal.h:
1140         * JavaScriptCore.exp:
1141         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1142         * JavaScriptCore.xcodeproj/project.pbxproj:
1143         * bytecode/CodeBlock.cpp:
1144         (JSC::CodeBlock::markAggregate):
1145         * bytecode/CodeBlock.h:
1146         (JSC::CodeBlock::globalObject):
1147         * bytecompiler/BytecodeGenerator.cpp:
1148         (JSC::BytecodeGenerator::BytecodeGenerator):
1149         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1150         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1151         (JSC::BytecodeGenerator::findScopedProperty):
1152         * debugger/Debugger.cpp:
1153         (JSC::evaluateInGlobalCallFrame):
1154         * debugger/DebuggerActivation.cpp:
1155         (JSC::DebuggerActivation::DebuggerActivation):
1156         (JSC::DebuggerActivation::markChildren):
1157         * debugger/DebuggerActivation.h:
1158         * debugger/DebuggerCallFrame.cpp:
1159         (JSC::DebuggerCallFrame::evaluate):
1160         * interpreter/CallFrame.h:
1161         (JSC::ExecState::exception):
1162         * interpreter/Interpreter.cpp:
1163         (JSC::Interpreter::resolve):
1164         (JSC::Interpreter::resolveSkip):
1165         (JSC::Interpreter::resolveGlobal):
1166         (JSC::Interpreter::resolveGlobalDynamic):
1167         (JSC::Interpreter::resolveBaseAndProperty):
1168         (JSC::Interpreter::unwindCallFrame):
1169         (JSC::appendSourceToError):
1170         (JSC::Interpreter::execute):
1171         (JSC::Interpreter::tryCacheGetByID):
1172         (JSC::Interpreter::privateExecute):
1173         * jit/JITStubs.cpp:
1174         (JSC::JITThunks::tryCacheGetByID):
1175         (JSC::DEFINE_STUB_FUNCTION):
1176         * jsc.cpp:
1177         (GlobalObject::GlobalObject):
1178         * runtime/ArgList.cpp:
1179         (JSC::MarkedArgumentBuffer::markLists):
1180         * runtime/Arguments.cpp:
1181         (JSC::Arguments::markChildren):
1182         (JSC::Arguments::getOwnPropertySlot):
1183         (JSC::Arguments::getOwnPropertyDescriptor):
1184         (JSC::Arguments::put):
1185         * runtime/Arguments.h:
1186         (JSC::Arguments::setActivation):
1187         (JSC::Arguments::Arguments):
1188         * runtime/ArrayConstructor.cpp:
1189         (JSC::ArrayConstructor::ArrayConstructor):
1190         (JSC::constructArrayWithSizeQuirk):
1191         * runtime/ArrayPrototype.cpp:
1192         (JSC::arrayProtoFuncSplice):
1193         * runtime/BatchedTransitionOptimizer.h:
1194         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
1195         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
1196         * runtime/BooleanConstructor.cpp:
1197         (JSC::BooleanConstructor::BooleanConstructor):
1198         (JSC::constructBoolean):
1199         (JSC::constructBooleanFromImmediateBoolean):
1200         * runtime/BooleanPrototype.cpp:
1201         (JSC::BooleanPrototype::BooleanPrototype):
1202         * runtime/ConservativeSet.cpp:
1203         (JSC::ConservativeSet::grow):
1204         * runtime/ConservativeSet.h:
1205         (JSC::ConservativeSet::~ConservativeSet):
1206         (JSC::ConservativeSet::mark):
1207         * runtime/DateConstructor.cpp:
1208         (JSC::DateConstructor::DateConstructor):
1209         * runtime/DateInstance.cpp:
1210         (JSC::DateInstance::DateInstance):
1211         * runtime/DatePrototype.cpp:
1212         (JSC::dateProtoFuncSetTime):
1213         (JSC::setNewValueFromTimeArgs):
1214         (JSC::setNewValueFromDateArgs):
1215         (JSC::dateProtoFuncSetYear):
1216         * runtime/ErrorConstructor.cpp:
1217         (JSC::ErrorConstructor::ErrorConstructor):
1218         * runtime/ErrorInstance.cpp:
1219         (JSC::ErrorInstance::ErrorInstance):
1220         * runtime/ErrorPrototype.cpp:
1221         (JSC::ErrorPrototype::ErrorPrototype):
1222         * runtime/FunctionConstructor.cpp:
1223         (JSC::FunctionConstructor::FunctionConstructor):
1224         * runtime/FunctionPrototype.cpp:
1225         (JSC::FunctionPrototype::FunctionPrototype):
1226         * runtime/GetterSetter.cpp:
1227         (JSC::GetterSetter::markChildren):
1228         * runtime/GetterSetter.h:
1229         (JSC::GetterSetter::GetterSetter):
1230         (JSC::GetterSetter::getter):
1231         (JSC::GetterSetter::setGetter):
1232         (JSC::GetterSetter::setter):
1233         (JSC::GetterSetter::setSetter):
1234         * runtime/GlobalEvalFunction.cpp:
1235         (JSC::GlobalEvalFunction::GlobalEvalFunction):
1236         (JSC::GlobalEvalFunction::markChildren):
1237         * runtime/GlobalEvalFunction.h:
1238         (JSC::GlobalEvalFunction::cachedGlobalObject):
1239         * runtime/Heap.cpp:
1240         (JSC::Heap::markProtectedObjects):
1241         (JSC::Heap::markTempSortVectors):
1242         (JSC::Heap::markRoots):
1243         * runtime/InternalFunction.cpp:
1244         (JSC::InternalFunction::InternalFunction):
1245         * runtime/JSAPIValueWrapper.h:
1246         (JSC::JSAPIValueWrapper::value):
1247         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1248         * runtime/JSActivation.cpp:
1249         (JSC::JSActivation::markChildren):
1250         (JSC::JSActivation::put):
1251         * runtime/JSArray.cpp:
1252         (JSC::JSArray::JSArray):
1253         (JSC::JSArray::getOwnPropertySlot):
1254         (JSC::JSArray::getOwnPropertyDescriptor):
1255         (JSC::JSArray::put):
1256         (JSC::JSArray::putSlowCase):
1257         (JSC::JSArray::deleteProperty):
1258         (JSC::JSArray::increaseVectorLength):
1259         (JSC::JSArray::setLength):
1260         (JSC::JSArray::pop):
1261         (JSC::JSArray::push):
1262         (JSC::JSArray::unshiftCount):
1263         (JSC::JSArray::sort):
1264         (JSC::JSArray::fillArgList):
1265         (JSC::JSArray::copyToRegisters):
1266         (JSC::JSArray::compactForSorting):
1267         * runtime/JSArray.h:
1268         (JSC::JSArray::getIndex):
1269         (JSC::JSArray::setIndex):
1270         (JSC::JSArray::uncheckedSetIndex):
1271         (JSC::JSArray::markChildrenDirect):
1272         * runtime/JSByteArray.cpp:
1273         (JSC::JSByteArray::JSByteArray):
1274         * runtime/JSCell.h:
1275         (JSC::JSCell::JSValue::toThisObject):
1276         (JSC::JSCell::MarkStack::append):
1277         * runtime/JSFunction.cpp:
1278         (JSC::JSFunction::JSFunction):
1279         (JSC::JSFunction::getOwnPropertySlot):
1280         * runtime/JSGlobalData.h:
1281         * runtime/JSGlobalObject.cpp:
1282         (JSC::markIfNeeded):
1283         (JSC::JSGlobalObject::reset):
1284         (JSC::JSGlobalObject::resetPrototype):
1285         (JSC::JSGlobalObject::markChildren):
1286         * runtime/JSGlobalObject.h:
1287         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
1288         (JSC::JSGlobalObject::regExpConstructor):
1289         (JSC::JSGlobalObject::errorConstructor):
1290         (JSC::JSGlobalObject::evalErrorConstructor):
1291         (JSC::JSGlobalObject::rangeErrorConstructor):
1292         (JSC::JSGlobalObject::referenceErrorConstructor):
1293         (JSC::JSGlobalObject::syntaxErrorConstructor):
1294         (JSC::JSGlobalObject::typeErrorConstructor):
1295         (JSC::JSGlobalObject::URIErrorConstructor):
1296         (JSC::JSGlobalObject::evalFunction):
1297         (JSC::JSGlobalObject::objectPrototype):
1298         (JSC::JSGlobalObject::functionPrototype):
1299         (JSC::JSGlobalObject::arrayPrototype):
1300         (JSC::JSGlobalObject::booleanPrototype):
1301         (JSC::JSGlobalObject::stringPrototype):
1302         (JSC::JSGlobalObject::numberPrototype):
1303         (JSC::JSGlobalObject::datePrototype):
1304         (JSC::JSGlobalObject::regExpPrototype):
1305         (JSC::JSGlobalObject::methodCallDummy):
1306         (JSC::Structure::prototypeForLookup):
1307         (JSC::constructArray):
1308         * runtime/JSONObject.cpp:
1309         (JSC::Stringifier::Holder::object):
1310         (JSC::Stringifier::markAggregate):
1311         (JSC::Stringifier::stringify):
1312         (JSC::Stringifier::Holder::appendNextProperty):
1313         (JSC::Walker::callReviver):
1314         (JSC::Walker::walk):
1315         * runtime/JSObject.cpp:
1316         (JSC::JSObject::defineGetter):
1317         (JSC::JSObject::defineSetter):
1318         (JSC::JSObject::removeDirect):
1319         (JSC::JSObject::putDirectFunction):
1320         (JSC::JSObject::putDirectFunctionWithoutTransition):
1321         (JSC::putDescriptor):
1322         (JSC::JSObject::defineOwnProperty):
1323         * runtime/JSObject.h:
1324         (JSC::JSObject::getDirectOffset):
1325         (JSC::JSObject::putDirectOffset):
1326         (JSC::JSObject::flattenDictionaryObject):
1327         (JSC::JSObject::putDirectInternal):
1328         (JSC::JSObject::putDirect):
1329         (JSC::JSObject::putDirectFunction):
1330         (JSC::JSObject::putDirectWithoutTransition):
1331         (JSC::JSObject::putDirectFunctionWithoutTransition):
1332         (JSC::JSValue::putDirect):
1333         (JSC::JSObject::allocatePropertyStorageInline):
1334         (JSC::JSObject::markChildrenDirect):
1335         * runtime/JSPropertyNameIterator.cpp:
1336         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1337         (JSC::JSPropertyNameIterator::get):
1338         * runtime/JSPropertyNameIterator.h:
1339         * runtime/JSStaticScopeObject.cpp:
1340         (JSC::JSStaticScopeObject::markChildren):
1341         * runtime/JSString.cpp:
1342         (JSC::StringObject::create):
1343         * runtime/JSValue.h:
1344         * runtime/JSWrapperObject.cpp:
1345         (JSC::JSWrapperObject::markChildren):
1346         * runtime/JSWrapperObject.h:
1347         (JSC::JSWrapperObject::internalValue):
1348         (JSC::JSWrapperObject::setInternalValue):
1349         * runtime/LiteralParser.cpp:
1350         (JSC::LiteralParser::parse):
1351         * runtime/Lookup.cpp:
1352         (JSC::setUpStaticFunctionSlot):
1353         * runtime/Lookup.h:
1354         (JSC::lookupPut):
1355         * runtime/MarkStack.h:
1356         (JSC::MarkStack::appendValues):
1357         * runtime/MathObject.cpp:
1358         (JSC::MathObject::MathObject):
1359         * runtime/NativeErrorConstructor.cpp:
1360         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1361         * runtime/NativeErrorPrototype.cpp:
1362         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1363         * runtime/NumberConstructor.cpp:
1364         (JSC::NumberConstructor::NumberConstructor):
1365         (JSC::constructWithNumberConstructor):
1366         * runtime/NumberObject.cpp:
1367         (JSC::constructNumber):
1368         * runtime/NumberPrototype.cpp:
1369         (JSC::NumberPrototype::NumberPrototype):
1370         * runtime/ObjectConstructor.cpp:
1371         (JSC::ObjectConstructor::ObjectConstructor):
1372         (JSC::objectConstructorGetOwnPropertyDescriptor):
1373         * runtime/Operations.h:
1374         (JSC::normalizePrototypeChain):
1375         (JSC::resolveBase):
1376         * runtime/PrototypeFunction.cpp:
1377         (JSC::PrototypeFunction::PrototypeFunction):
1378         * runtime/PutPropertySlot.h:
1379         (JSC::PutPropertySlot::setExistingProperty):
1380         (JSC::PutPropertySlot::setNewProperty):
1381         (JSC::PutPropertySlot::base):
1382         * runtime/RegExpConstructor.cpp:
1383         (JSC::RegExpConstructor::RegExpConstructor):
1384         * runtime/ScopeChain.cpp:
1385         (JSC::ScopeChainNode::print):
1386         * runtime/ScopeChain.h:
1387         (JSC::ScopeChainNode::~ScopeChainNode):
1388         (JSC::ScopeChainIterator::operator*):
1389         (JSC::ScopeChainIterator::operator->):
1390         (JSC::ScopeChain::top):
1391         * runtime/ScopeChainMark.h:
1392         (JSC::ScopeChain::markAggregate):
1393         * runtime/SmallStrings.cpp:
1394         (JSC::isMarked):
1395         (JSC::SmallStrings::markChildren):
1396         * runtime/SmallStrings.h:
1397         (JSC::SmallStrings::emptyString):
1398         (JSC::SmallStrings::singleCharacterString):
1399         (JSC::SmallStrings::singleCharacterStrings):
1400         * runtime/StringConstructor.cpp:
1401         (JSC::StringConstructor::StringConstructor):
1402         * runtime/StringObject.cpp:
1403         (JSC::StringObject::StringObject):
1404         * runtime/StringObject.h:
1405         * runtime/StringPrototype.cpp:
1406         (JSC::StringPrototype::StringPrototype):
1407         * runtime/Structure.cpp:
1408         (JSC::Structure::Structure):
1409         (JSC::Structure::addPropertyTransition):
1410         (JSC::Structure::toDictionaryTransition):
1411         (JSC::Structure::flattenDictionaryStructure):
1412         * runtime/Structure.h:
1413         (JSC::Structure::storedPrototype):
1414         * runtime/WeakGCMap.h:
1415         (JSC::WeakGCMap::uncheckedGet):
1416         (JSC::WeakGCMap::isValid):
1417         (JSC::::get):
1418         (JSC::::take):
1419         (JSC::::set):
1420         (JSC::::uncheckedRemove):
1421         * runtime/WriteBarrier.h: Removed.
1422
1423 2011-01-30  Simon Fraser  <simon.fraser@apple.com>
1424
1425         Build fix the build fix. I assume Oliver meant m_cell, not m_value.
1426
1427         * runtime/WriteBarrier.h:
1428         (JSC::WriteBarrierBase::clear):
1429
1430 2011-01-30  Oliver Hunt  <oliver@apple.com>
1431
1432         More Qt build fixes
1433
1434         * runtime/WriteBarrier.h:
1435         (JSC::WriteBarrierBase::clear):
1436
1437 2011-01-30  Oliver Hunt  <oliver@apple.com>
1438
1439         Convert markstack to a slot visitor API
1440         https://bugs.webkit.org/show_bug.cgi?id=53219
1441
1442         rolling r77006 and r77020 back in.
1443
1444         * API/JSCallbackObject.h:
1445         (JSC::JSCallbackObjectData::setPrivateProperty):
1446         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
1447         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
1448         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
1449         (JSC::JSCallbackObject::setPrivateProperty):
1450         * API/JSCallbackObjectFunctions.h:
1451         (JSC::::put):
1452         (JSC::::staticFunctionGetter):
1453         * API/JSObjectRef.cpp:
1454         (JSObjectMakeConstructor):
1455         (JSObjectSetPrivateProperty):
1456         * API/JSWeakObjectMapRefInternal.h:
1457         * JavaScriptCore.exp:
1458         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1459         * JavaScriptCore.xcodeproj/project.pbxproj:
1460         * bytecode/CodeBlock.cpp:
1461         (JSC::CodeBlock::markAggregate):
1462         * bytecode/CodeBlock.h:
1463         (JSC::CodeBlock::globalObject):
1464         * bytecompiler/BytecodeGenerator.cpp:
1465         (JSC::BytecodeGenerator::BytecodeGenerator):
1466         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
1467         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
1468         (JSC::BytecodeGenerator::findScopedProperty):
1469         * debugger/Debugger.cpp:
1470         (JSC::evaluateInGlobalCallFrame):
1471         * debugger/DebuggerActivation.cpp:
1472         (JSC::DebuggerActivation::DebuggerActivation):
1473         (JSC::DebuggerActivation::markChildren):
1474         * debugger/DebuggerActivation.h:
1475         * debugger/DebuggerCallFrame.cpp:
1476         (JSC::DebuggerCallFrame::evaluate):
1477         * interpreter/CallFrame.h:
1478         (JSC::ExecState::exception):
1479         * interpreter/Interpreter.cpp:
1480         (JSC::Interpreter::resolve):
1481         (JSC::Interpreter::resolveSkip):
1482         (JSC::Interpreter::resolveGlobal):
1483         (JSC::Interpreter::resolveGlobalDynamic):
1484         (JSC::Interpreter::resolveBaseAndProperty):
1485         (JSC::Interpreter::unwindCallFrame):
1486         (JSC::appendSourceToError):
1487         (JSC::Interpreter::execute):
1488         (JSC::Interpreter::tryCacheGetByID):
1489         (JSC::Interpreter::privateExecute):
1490         * jit/JITStubs.cpp:
1491         (JSC::JITThunks::tryCacheGetByID):
1492         (JSC::DEFINE_STUB_FUNCTION):
1493         * jsc.cpp:
1494         (GlobalObject::GlobalObject):
1495         * runtime/ArgList.cpp:
1496         (JSC::MarkedArgumentBuffer::markLists):
1497         * runtime/Arguments.cpp:
1498         (JSC::Arguments::markChildren):
1499         (JSC::Arguments::getOwnPropertySlot):
1500         (JSC::Arguments::getOwnPropertyDescriptor):
1501         (JSC::Arguments::put):
1502         * runtime/Arguments.h:
1503         (JSC::Arguments::setActivation):
1504         (JSC::Arguments::Arguments):
1505         * runtime/ArrayConstructor.cpp:
1506         (JSC::ArrayConstructor::ArrayConstructor):
1507         (JSC::constructArrayWithSizeQuirk):
1508         * runtime/ArrayPrototype.cpp:
1509         (JSC::arrayProtoFuncSplice):
1510         * runtime/BatchedTransitionOptimizer.h:
1511         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
1512         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
1513         * runtime/BooleanConstructor.cpp:
1514         (JSC::BooleanConstructor::BooleanConstructor):
1515         (JSC::constructBoolean):
1516         (JSC::constructBooleanFromImmediateBoolean):
1517         * runtime/BooleanPrototype.cpp:
1518         (JSC::BooleanPrototype::BooleanPrototype):
1519         * runtime/ConservativeSet.cpp:
1520         (JSC::ConservativeSet::grow):
1521         * runtime/ConservativeSet.h:
1522         (JSC::ConservativeSet::~ConservativeSet):
1523         (JSC::ConservativeSet::mark):
1524         * runtime/DateConstructor.cpp:
1525         (JSC::DateConstructor::DateConstructor):
1526         * runtime/DateInstance.cpp:
1527         (JSC::DateInstance::DateInstance):
1528         * runtime/DatePrototype.cpp:
1529         (JSC::dateProtoFuncSetTime):
1530         (JSC::setNewValueFromTimeArgs):
1531         (JSC::setNewValueFromDateArgs):
1532         (JSC::dateProtoFuncSetYear):
1533         * runtime/ErrorConstructor.cpp:
1534         (JSC::ErrorConstructor::ErrorConstructor):
1535         * runtime/ErrorInstance.cpp:
1536         (JSC::ErrorInstance::ErrorInstance):
1537         * runtime/ErrorPrototype.cpp:
1538         (JSC::ErrorPrototype::ErrorPrototype):
1539         * runtime/FunctionConstructor.cpp:
1540         (JSC::FunctionConstructor::FunctionConstructor):
1541         * runtime/FunctionPrototype.cpp:
1542         (JSC::FunctionPrototype::FunctionPrototype):
1543         * runtime/GetterSetter.cpp:
1544         (JSC::GetterSetter::markChildren):
1545         * runtime/GetterSetter.h:
1546         (JSC::GetterSetter::GetterSetter):
1547         (JSC::GetterSetter::getter):
1548         (JSC::GetterSetter::setGetter):
1549         (JSC::GetterSetter::setter):
1550         (JSC::GetterSetter::setSetter):
1551         * runtime/GlobalEvalFunction.cpp:
1552         (JSC::GlobalEvalFunction::GlobalEvalFunction):
1553         (JSC::GlobalEvalFunction::markChildren):
1554         * runtime/GlobalEvalFunction.h:
1555         (JSC::GlobalEvalFunction::cachedGlobalObject):
1556         * runtime/Heap.cpp:
1557         (JSC::Heap::markProtectedObjects):
1558         (JSC::Heap::markTempSortVectors):
1559         (JSC::Heap::markRoots):
1560         * runtime/InternalFunction.cpp:
1561         (JSC::InternalFunction::InternalFunction):
1562         * runtime/JSAPIValueWrapper.h:
1563         (JSC::JSAPIValueWrapper::value):
1564         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
1565         * runtime/JSActivation.cpp:
1566         (JSC::JSActivation::markChildren):
1567         (JSC::JSActivation::put):
1568         * runtime/JSArray.cpp:
1569         (JSC::JSArray::JSArray):
1570         (JSC::JSArray::getOwnPropertySlot):
1571         (JSC::JSArray::getOwnPropertyDescriptor):
1572         (JSC::JSArray::put):
1573         (JSC::JSArray::putSlowCase):
1574         (JSC::JSArray::deleteProperty):
1575         (JSC::JSArray::increaseVectorLength):
1576         (JSC::JSArray::setLength):
1577         (JSC::JSArray::pop):
1578         (JSC::JSArray::push):
1579         (JSC::JSArray::unshiftCount):
1580         (JSC::JSArray::sort):
1581         (JSC::JSArray::fillArgList):
1582         (JSC::JSArray::copyToRegisters):
1583         (JSC::JSArray::compactForSorting):
1584         * runtime/JSArray.h:
1585         (JSC::JSArray::getIndex):
1586         (JSC::JSArray::setIndex):
1587         (JSC::JSArray::uncheckedSetIndex):
1588         (JSC::JSArray::markChildrenDirect):
1589         * runtime/JSByteArray.cpp:
1590         (JSC::JSByteArray::JSByteArray):
1591         * runtime/JSCell.h:
1592         (JSC::JSCell::MarkStack::append):
1593         (JSC::JSCell::MarkStack::internalAppend):
1594         (JSC::JSCell::MarkStack::deprecatedAppend):
1595         * runtime/JSFunction.cpp:
1596         (JSC::JSFunction::JSFunction):
1597         (JSC::JSFunction::getOwnPropertySlot):
1598         * runtime/JSGlobalData.h:
1599         * runtime/JSGlobalObject.cpp:
1600         (JSC::markIfNeeded):
1601         (JSC::JSGlobalObject::reset):
1602         (JSC::JSGlobalObject::resetPrototype):
1603         (JSC::JSGlobalObject::markChildren):
1604         * runtime/JSGlobalObject.h:
1605         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
1606         (JSC::JSGlobalObject::regExpConstructor):
1607         (JSC::JSGlobalObject::errorConstructor):
1608         (JSC::JSGlobalObject::evalErrorConstructor):
1609         (JSC::JSGlobalObject::rangeErrorConstructor):
1610         (JSC::JSGlobalObject::referenceErrorConstructor):
1611         (JSC::JSGlobalObject::syntaxErrorConstructor):
1612         (JSC::JSGlobalObject::typeErrorConstructor):
1613         (JSC::JSGlobalObject::URIErrorConstructor):
1614         (JSC::JSGlobalObject::evalFunction):
1615         (JSC::JSGlobalObject::objectPrototype):
1616         (JSC::JSGlobalObject::functionPrototype):
1617         (JSC::JSGlobalObject::arrayPrototype):
1618         (JSC::JSGlobalObject::booleanPrototype):
1619         (JSC::JSGlobalObject::stringPrototype):
1620         (JSC::JSGlobalObject::numberPrototype):
1621         (JSC::JSGlobalObject::datePrototype):
1622         (JSC::JSGlobalObject::regExpPrototype):
1623         (JSC::JSGlobalObject::methodCallDummy):
1624         (JSC::Structure::prototypeForLookup):
1625         (JSC::constructArray):
1626         * runtime/JSONObject.cpp:
1627         (JSC::Stringifier::Holder::object):
1628         (JSC::Stringifier::Holder::objectSlot):
1629         (JSC::Stringifier::markAggregate):
1630         (JSC::Stringifier::stringify):
1631         (JSC::Stringifier::Holder::appendNextProperty):
1632         (JSC::Walker::callReviver):
1633         (JSC::Walker::walk):
1634         * runtime/JSObject.cpp:
1635         (JSC::JSObject::defineGetter):
1636         (JSC::JSObject::defineSetter):
1637         (JSC::JSObject::removeDirect):
1638         (JSC::JSObject::putDirectFunction):
1639         (JSC::JSObject::putDirectFunctionWithoutTransition):
1640         (JSC::putDescriptor):
1641         (JSC::JSObject::defineOwnProperty):
1642         * runtime/JSObject.h:
1643         (JSC::JSObject::getDirectOffset):
1644         (JSC::JSObject::putDirectOffset):
1645         (JSC::JSObject::putUndefinedAtDirectOffset):
1646         (JSC::JSObject::flattenDictionaryObject):
1647         (JSC::JSObject::putDirectInternal):
1648         (JSC::JSObject::putDirect):
1649         (JSC::JSObject::putDirectFunction):
1650         (JSC::JSObject::putDirectWithoutTransition):
1651         (JSC::JSObject::putDirectFunctionWithoutTransition):
1652         (JSC::JSValue::putDirect):
1653         (JSC::JSObject::allocatePropertyStorageInline):
1654         (JSC::JSObject::markChildrenDirect):
1655         * runtime/JSPropertyNameIterator.cpp:
1656         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
1657         (JSC::JSPropertyNameIterator::get):
1658         * runtime/JSPropertyNameIterator.h:
1659         * runtime/JSStaticScopeObject.cpp:
1660         (JSC::JSStaticScopeObject::markChildren):
1661         * runtime/JSString.cpp:
1662         (JSC::StringObject::create):
1663         * runtime/JSValue.h:
1664         * runtime/JSWrapperObject.cpp:
1665         (JSC::JSWrapperObject::markChildren):
1666         * runtime/JSWrapperObject.h:
1667         (JSC::JSWrapperObject::internalValue):
1668         (JSC::JSWrapperObject::setInternalValue):
1669         * runtime/LiteralParser.cpp:
1670         (JSC::LiteralParser::parse):
1671         * runtime/Lookup.cpp:
1672         (JSC::setUpStaticFunctionSlot):
1673         * runtime/Lookup.h:
1674         (JSC::lookupPut):
1675         * runtime/MarkStack.h:
1676         (JSC::MarkStack::MarkStack):
1677         (JSC::MarkStack::deprecatedAppendValues):
1678         (JSC::MarkStack::appendValues):
1679         * runtime/MathObject.cpp:
1680         (JSC::MathObject::MathObject):
1681         * runtime/NativeErrorConstructor.cpp:
1682         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1683         * runtime/NativeErrorPrototype.cpp:
1684         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1685         * runtime/NumberConstructor.cpp:
1686         (JSC::NumberConstructor::NumberConstructor):
1687         (JSC::constructWithNumberConstructor):
1688         * runtime/NumberObject.cpp:
1689         (JSC::constructNumber):
1690         * runtime/NumberPrototype.cpp:
1691         (JSC::NumberPrototype::NumberPrototype):
1692         * runtime/ObjectConstructor.cpp:
1693         (JSC::ObjectConstructor::ObjectConstructor):
1694         (JSC::objectConstructorGetOwnPropertyDescriptor):
1695         * runtime/Operations.h:
1696         (JSC::normalizePrototypeChain):
1697         (JSC::resolveBase):
1698         * runtime/PrototypeFunction.cpp:
1699         (JSC::PrototypeFunction::PrototypeFunction):
1700         * runtime/PutPropertySlot.h:
1701         (JSC::PutPropertySlot::setExistingProperty):
1702         (JSC::PutPropertySlot::setNewProperty):
1703         (JSC::PutPropertySlot::base):
1704         * runtime/RegExpConstructor.cpp:
1705         (JSC::RegExpConstructor::RegExpConstructor):
1706         * runtime/ScopeChain.cpp:
1707         (JSC::ScopeChainNode::print):
1708         * runtime/ScopeChain.h:
1709         (JSC::ScopeChainNode::~ScopeChainNode):
1710         (JSC::ScopeChainIterator::operator*):
1711         (JSC::ScopeChainIterator::operator->):
1712         (JSC::ScopeChain::top):
1713         * runtime/ScopeChainMark.h:
1714         (JSC::ScopeChain::markAggregate):
1715         * runtime/SmallStrings.cpp:
1716         (JSC::isMarked):
1717         (JSC::SmallStrings::markChildren):
1718         * runtime/SmallStrings.h:
1719         (JSC::SmallStrings::emptyString):
1720         (JSC::SmallStrings::singleCharacterString):
1721         (JSC::SmallStrings::singleCharacterStrings):
1722         * runtime/StringConstructor.cpp:
1723         (JSC::StringConstructor::StringConstructor):
1724         * runtime/StringObject.cpp:
1725         (JSC::StringObject::StringObject):
1726         * runtime/StringObject.h:
1727         * runtime/StringPrototype.cpp:
1728         (JSC::StringPrototype::StringPrototype):
1729         * runtime/Structure.cpp:
1730         (JSC::Structure::Structure):
1731         (JSC::Structure::addPropertyTransition):
1732         (JSC::Structure::toDictionaryTransition):
1733         (JSC::Structure::flattenDictionaryStructure):
1734         * runtime/Structure.h:
1735         (JSC::Structure::storedPrototype):
1736         (JSC::Structure::storedPrototypeSlot):
1737         * runtime/WeakGCMap.h:
1738         (JSC::WeakGCMap::uncheckedGet):
1739         (JSC::WeakGCMap::uncheckedGetSlot):
1740         (JSC::WeakGCMap::isValid):
1741         (JSC::::get):
1742         (JSC::::take):
1743         (JSC::::set):
1744         (JSC::::uncheckedRemove):
1745         * runtime/WriteBarrier.h: Added.
1746         (JSC::DeprecatedPtr::DeprecatedPtr):
1747         (JSC::DeprecatedPtr::get):
1748         (JSC::DeprecatedPtr::operator*):
1749         (JSC::DeprecatedPtr::operator->):
1750         (JSC::DeprecatedPtr::slot):
1751         (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
1752         (JSC::DeprecatedPtr::operator!):
1753         (JSC::WriteBarrierBase::set):
1754         (JSC::WriteBarrierBase::get):
1755         (JSC::WriteBarrierBase::operator*):
1756         (JSC::WriteBarrierBase::operator->):
1757         (JSC::WriteBarrierBase::slot):
1758         (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
1759         (JSC::WriteBarrierBase::operator!):
1760         (JSC::WriteBarrier::WriteBarrier):
1761         (JSC::operator==):
1762
1763 2011-01-30  Geoffrey Garen  <ggaren@apple.com>
1764
1765         Reviewed by Oliver Hunt.
1766
1767         Filter all Heap collection through a common reset function, in
1768         preparation for adding features triggered by collection.
1769         https://bugs.webkit.org/show_bug.cgi?id=53396
1770         
1771         SunSpider reports no change.
1772
1773         * runtime/Heap.cpp:
1774         (JSC::Heap::reportExtraMemoryCostSlowCase): When we're over the extraCost
1775         limit, just call collectAllGarbage() instead of rolling our own special
1776         way of resetting the heap. In theory, this may be slower in some cases,
1777         but it also fixes cases of pathological heap growth that we've seen,
1778         where the only objects being allocated are temporary and huge
1779         (<rdar://problem/8885843>).
1780
1781         (JSC::Heap::allocate):
1782         (JSC::Heap::collectAllGarbage): Use the shared reset function.
1783
1784         (JSC::Heap::reset):
1785         * runtime/Heap.h: Carved a new shared reset function out of the old
1786         collectAllGarbage.
1787
1788 2011-01-30  Sheriff Bot  <webkit.review.bot@gmail.com>
1789
1790         Unreviewed, rolling out r77025.
1791         http://trac.webkit.org/changeset/77025
1792         https://bugs.webkit.org/show_bug.cgi?id=53401
1793
1794         It made js1_5/Regress/regress-159334.js fail on 64 bit Linux
1795         (Requested by Ossy on #webkit).
1796
1797         * jit/ExecutableAllocatorFixedVMPool.cpp:
1798         (JSC::FreeListEntry::FreeListEntry):
1799         (JSC::AVLTreeAbstractorForFreeList::get_less):
1800         (JSC::AVLTreeAbstractorForFreeList::set_less):
1801         (JSC::AVLTreeAbstractorForFreeList::get_greater):
1802         (JSC::AVLTreeAbstractorForFreeList::set_greater):
1803         (JSC::AVLTreeAbstractorForFreeList::get_balance_factor):
1804         (JSC::AVLTreeAbstractorForFreeList::set_balance_factor):
1805         (JSC::AVLTreeAbstractorForFreeList::null):
1806         (JSC::AVLTreeAbstractorForFreeList::compare_key_key):
1807         (JSC::AVLTreeAbstractorForFreeList::compare_key_node):
1808         (JSC::AVLTreeAbstractorForFreeList::compare_node_node):
1809         (JSC::reverseSortFreeListEntriesByPointer):
1810         (JSC::reverseSortCommonSizedAllocations):
1811         (JSC::FixedVMPoolAllocator::release):
1812         (JSC::FixedVMPoolAllocator::reuse):
1813         (JSC::FixedVMPoolAllocator::addToFreeList):
1814         (JSC::FixedVMPoolAllocator::coalesceFreeSpace):
1815         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
1816         (JSC::FixedVMPoolAllocator::alloc):
1817         (JSC::FixedVMPoolAllocator::free):
1818         (JSC::FixedVMPoolAllocator::isValid):
1819         (JSC::FixedVMPoolAllocator::allocInternal):
1820         (JSC::FixedVMPoolAllocator::isWithinVMPool):
1821         (JSC::FixedVMPoolAllocator::addToCommittedByteCount):
1822         (JSC::ExecutableAllocator::committedByteCount):
1823         (JSC::maybeModifyVMPoolSize):
1824         (JSC::ExecutableAllocator::isValid):
1825         (JSC::ExecutableAllocator::underMemoryPressure):
1826         (JSC::ExecutablePool::systemAlloc):
1827         (JSC::ExecutablePool::systemRelease):
1828         * wtf/PageReservation.h:
1829         (WTF::PageReservation::PageReservation):
1830         (WTF::PageReservation::commit):
1831         (WTF::PageReservation::decommit):
1832
1833 2011-01-30  Leo Yang  <leo.yang@torchmobile.com.cn>
1834
1835         Reviewed by Daniel Bates.
1836
1837         Code style issue in JavaScriptCore/wtf/CurrentTime.h
1838         https://bugs.webkit.org/show_bug.cgi?id=53394
1839
1840         According to rule #3 at http://webkit.org/coding/coding-style.html,
1841         This patch fix style issue in CurrentTime.h.
1842
1843         No functionality change, no new tests.
1844
1845         * wtf/CurrentTime.h:
1846         (WTF::currentTimeMS):
1847         (WTF::getLocalTime):
1848
1849 2011-01-30  Benjamin Poulain  <ikipou@gmail.com>
1850
1851         Reviewed by Kenneth Rohde Christiansen.
1852
1853         [Qt] JavaScriptCore does not link on Mac if building WebKit 2
1854         https://bugs.webkit.org/show_bug.cgi?id=53377
1855
1856         The option "-whole-archive" is not availabe with the libtool of Mac OS X,
1857         instead, we can use "-all_load" on Mac.
1858
1859         * JavaScriptCore.pri:
1860
1861 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1862
1863         Sorry Leopard bot -- I committed a change by accident.
1864
1865         * JavaScriptCore.exp: You may have your symbols back now.
1866
1867 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1868
1869         Reviewed by Cameron Zwarich.
1870
1871         Simplified Heap iteration
1872         https://bugs.webkit.org/show_bug.cgi?id=53393
1873
1874         * runtime/CollectorHeapIterator.h:
1875         (JSC::CollectorHeapIterator::isValid):
1876         (JSC::CollectorHeapIterator::isLive):
1877         (JSC::CollectorHeapIterator::advance): Removed "max" argument to
1878         advance because it's a constant.
1879         (JSC::LiveObjectIterator::LiveObjectIterator):
1880         (JSC::LiveObjectIterator::operator++):
1881         (JSC::DeadObjectIterator::DeadObjectIterator):
1882         (JSC::DeadObjectIterator::operator++):
1883         (JSC::ObjectIterator::ObjectIterator):
1884         (JSC::ObjectIterator::operator++): Factored out common checks into
1885         two helper functions -- isValid() for "Am I past the end?" and isLive()
1886         for "Is the cell I'm pointing to live?".
1887
1888         * runtime/MarkedSpace.cpp:
1889         (JSC::MarkedSpace::freeBlock):
1890         (JSC::MarkedSpace::sweep): Always sweep from the beginning of the heap
1891         to the end, to avoid making sweep subtly reliant on internal Heap state.
1892         (JSC::MarkedSpace::primaryHeapBegin):
1893         (JSC::MarkedSpace::primaryHeapEnd): Always be explicit about where
1894         iteration begins.
1895
1896 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1897
1898         Reviewed by Cameron Zwarich.
1899
1900         Simplified heap destruction
1901         https://bugs.webkit.org/show_bug.cgi?id=53392
1902
1903         * JavaScriptCore.exp:
1904         * runtime/Heap.cpp:
1905         (JSC::Heap::destroy):
1906         * runtime/Heap.h:
1907         * runtime/MarkedSpace.cpp:
1908         (JSC::MarkedSpace::destroy):
1909         * runtime/MarkedSpace.h: Don't go out of our way to destroy GC-protected
1910         cells last -- the difficult contortions required to do so just don't seem
1911         justified. We make no guarantees about GC protection after the client
1912         throws away JSGlobalData, and it doesn't seem like any meaningful
1913         guarantee is even possible.
1914
1915 2011-01-29  Geoffrey Garen  <ggaren@apple.com>
1916
1917         Reviewed by Maciej Stachowiak.
1918
1919         Switched heap to use the Bitmap class and removed CollectorBitmap
1920         https://bugs.webkit.org/show_bug.cgi?id=53391
1921         
1922         SunSpider says 1.005x as fast. Seems like a fluke.
1923
1924         * runtime/MarkedSpace.cpp:
1925         (JSC::MarkedSpace::allocate): Updated for rename and returning a value
1926         rather than taking a value by reference.
1927
1928         * runtime/MarkedSpace.h: Code reuse is good.
1929
1930         * wtf/Bitmap.h:
1931         (WTF::::testAndSet): Added, since this is the one thing Bitmap was missing
1932         which CollectorBitmap had. (Renamed from the less conventional "getset".)
1933
1934         (WTF::::nextPossiblyUnset): Renamed and changed to return a value for
1935         clarity. It's all the same with inlining.
1936
1937 2011-01-28  Geoffrey Garen  <ggaren@apple.com>
1938
1939         Reviewed by Maciej Stachowiak.
1940
1941         Some more Heap cleanup.
1942         https://bugs.webkit.org/show_bug.cgi?id=53357
1943         
1944         * JavaScriptCore.exp:
1945         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated exported symbols.
1946
1947         * runtime/Heap.cpp:
1948         (JSC::Heap::reportExtraMemoryCostSlowCase): Renamed recordExtraCost to 
1949         reportExtraMemoryCostSlowCase to match our naming conventions.
1950
1951         (JSC::Heap::capacity): Renamed size to capacity because this function
1952         returns the capacity of the heap, including unused portions.
1953
1954         * runtime/Heap.h:
1955         (JSC::Heap::globalData):
1956         (JSC::Heap::markedSpace):
1957         (JSC::Heap::machineStackMarker):
1958         (JSC::Heap::reportExtraMemoryCost): Moved statics to the top of the file.
1959         Moved ctor and dtor to the beginning of the class definition. Grouped
1960         functions by purpose.
1961
1962         * runtime/MarkedSpace.cpp:
1963         (JSC::MarkedSpace::capacity): Renamed size to capacity because this
1964         function returns the capacity of the heap, including unused portions.
1965
1966         * runtime/MarkedSpace.h: Removed statistics and the Statistics class because
1967         the same information can be gotten just by calling size() and capacity().
1968
1969         * runtime/MemoryStatistics.cpp:
1970         * runtime/MemoryStatistics.h: Ditto.
1971
1972 2011-01-29  Daniel Bates  <dbates@rim.com>
1973
1974         Reviewed by Eric Seidel.
1975
1976         Move wince/mt19937ar.c to ThirdParty and make it a policy choice
1977         https://bugs.webkit.org/show_bug.cgi?id=53253
1978
1979         Make inclusion of MT19937 a policy decision.
1980
1981         Currently, we hardcoded to  use MT19937 when building for
1982         Windows CE. Instead, we should make this a policy decision
1983         with the Windows CE port using this by default.
1984
1985         * JavaScriptCore.pri: Append Source/ThirdParty to the end
1986         of the list include directories.
1987         * wtf/CMakeLists.txt: Ditto.
1988         * wtf/Platform.h: Defined WTF_USE_MERSENNE_TWISTER_19937 when
1989         building for Windows CE.
1990         * wtf/RandomNumber.cpp:
1991         (WTF::randomNumber): Substituted USE(MERSENNE_TWISTER_19937) for OS(WINCE).
1992
1993 2011-01-29  Cameron Zwarich  <zwarich@apple.com>
1994
1995         Reviewed by David Kilzer.
1996
1997         Bug 53374 - Remove uses of unsafe string functions in debugging code
1998         https://bugs.webkit.org/show_bug.cgi?id=53374
1999
2000         * runtime/RegExp.cpp:
2001         (JSC::RegExp::printTraceData):
2002
2003 2011-01-29  Cameron Zwarich  <zwarich@apple.com>
2004
2005         Reviewed by Oliver Hunt.
2006
2007         JavaScriptCoreUseJIT environment variable broken
2008         https://bugs.webkit.org/show_bug.cgi?id=53372
2009
2010         * runtime/JSGlobalData.cpp:
2011         (JSC::JSGlobalData::JSGlobalData): Check the actual value in the string returned
2012         by getenv() rather than just doing a NULL check on the return value.
2013
2014 2011-01-29  Patrick Gansterer  <paroga@webkit.org>
2015
2016         Reviewed by David Kilzer.
2017
2018         Move CharacterNames.h into WTF directory
2019         https://bugs.webkit.org/show_bug.cgi?id=49618
2020
2021         * GNUmakefile.am:
2022         * JavaScriptCore.gypi:
2023         * JavaScriptCore.vcproj/WTF/WTF.vcproj:
2024         * JavaScriptCore.xcodeproj/project.pbxproj:
2025         * wtf/CMakeLists.txt:
2026         * wtf/unicode/CharacterNames.h: Renamed from WebCore/platform/text/CharacterNames.h.
2027         * wtf/unicode/UTF8.cpp:
2028
2029 2011-01-28  Simon Fraser  <simon.fraser@apple.com>
2030
2031         Reviewed by Gavin Barraclough.
2032
2033         Add various clampToInt() methods to MathExtras.h
2034         https://bugs.webkit.org/show_bug.cgi?id=52910
2035         
2036         Add functions for clamping doubles and floats to valid int
2037         ranges, for signed and positive integers.
2038
2039         * wtf/MathExtras.h:
2040         (clampToInteger):
2041         (clampToPositiveInteger):
2042
2043 2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
2044
2045         Unreviewed, rolling out r77006 and r77020.
2046         http://trac.webkit.org/changeset/77006
2047         http://trac.webkit.org/changeset/77020
2048         https://bugs.webkit.org/show_bug.cgi?id=53360
2049
2050         "Broke Windows tests" (Requested by rniwa on #webkit).
2051
2052         * API/JSCallbackObject.h:
2053         (JSC::JSCallbackObjectData::setPrivateProperty):
2054         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2055         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2056         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
2057         (JSC::JSCallbackObject::setPrivateProperty):
2058         * API/JSCallbackObjectFunctions.h:
2059         (JSC::::put):
2060         (JSC::::staticFunctionGetter):
2061         * API/JSObjectRef.cpp:
2062         (JSObjectMakeConstructor):
2063         (JSObjectSetPrivateProperty):
2064         * API/JSWeakObjectMapRefInternal.h:
2065         * JavaScriptCore.exp:
2066         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2067         * JavaScriptCore.xcodeproj/project.pbxproj:
2068         * bytecode/CodeBlock.cpp:
2069         (JSC::CodeBlock::markAggregate):
2070         * bytecode/CodeBlock.h:
2071         (JSC::CodeBlock::globalObject):
2072         * bytecompiler/BytecodeGenerator.cpp:
2073         (JSC::BytecodeGenerator::BytecodeGenerator):
2074         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2075         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2076         (JSC::BytecodeGenerator::findScopedProperty):
2077         * debugger/Debugger.cpp:
2078         (JSC::evaluateInGlobalCallFrame):
2079         * debugger/DebuggerActivation.cpp:
2080         (JSC::DebuggerActivation::DebuggerActivation):
2081         (JSC::DebuggerActivation::markChildren):
2082         * debugger/DebuggerActivation.h:
2083         * debugger/DebuggerCallFrame.cpp:
2084         (JSC::DebuggerCallFrame::evaluate):
2085         * interpreter/CallFrame.h:
2086         (JSC::ExecState::exception):
2087         * interpreter/Interpreter.cpp:
2088         (JSC::Interpreter::resolve):
2089         (JSC::Interpreter::resolveSkip):
2090         (JSC::Interpreter::resolveGlobal):
2091         (JSC::Interpreter::resolveGlobalDynamic):
2092         (JSC::Interpreter::resolveBaseAndProperty):
2093         (JSC::Interpreter::unwindCallFrame):
2094         (JSC::appendSourceToError):
2095         (JSC::Interpreter::execute):
2096         (JSC::Interpreter::tryCacheGetByID):
2097         (JSC::Interpreter::privateExecute):
2098         * jit/JITStubs.cpp:
2099         (JSC::JITThunks::tryCacheGetByID):
2100         (JSC::DEFINE_STUB_FUNCTION):
2101         * jsc.cpp:
2102         (GlobalObject::GlobalObject):
2103         * runtime/ArgList.cpp:
2104         (JSC::MarkedArgumentBuffer::markLists):
2105         * runtime/Arguments.cpp:
2106         (JSC::Arguments::markChildren):
2107         (JSC::Arguments::getOwnPropertySlot):
2108         (JSC::Arguments::getOwnPropertyDescriptor):
2109         (JSC::Arguments::put):
2110         * runtime/Arguments.h:
2111         (JSC::Arguments::setActivation):
2112         (JSC::Arguments::Arguments):
2113         * runtime/ArrayConstructor.cpp:
2114         (JSC::ArrayConstructor::ArrayConstructor):
2115         (JSC::constructArrayWithSizeQuirk):
2116         * runtime/ArrayPrototype.cpp:
2117         (JSC::arrayProtoFuncSplice):
2118         * runtime/BatchedTransitionOptimizer.h:
2119         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
2120         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
2121         * runtime/BooleanConstructor.cpp:
2122         (JSC::BooleanConstructor::BooleanConstructor):
2123         (JSC::constructBoolean):
2124         (JSC::constructBooleanFromImmediateBoolean):
2125         * runtime/BooleanPrototype.cpp:
2126         (JSC::BooleanPrototype::BooleanPrototype):
2127         * runtime/ConservativeSet.cpp:
2128         (JSC::ConservativeSet::grow):
2129         * runtime/ConservativeSet.h:
2130         (JSC::ConservativeSet::~ConservativeSet):
2131         (JSC::ConservativeSet::mark):
2132         * runtime/DateConstructor.cpp:
2133         (JSC::DateConstructor::DateConstructor):
2134         * runtime/DateInstance.cpp:
2135         (JSC::DateInstance::DateInstance):
2136         * runtime/DatePrototype.cpp:
2137         (JSC::dateProtoFuncSetTime):
2138         (JSC::setNewValueFromTimeArgs):
2139         (JSC::setNewValueFromDateArgs):
2140         (JSC::dateProtoFuncSetYear):
2141         * runtime/ErrorConstructor.cpp:
2142         (JSC::ErrorConstructor::ErrorConstructor):
2143         * runtime/ErrorInstance.cpp:
2144         (JSC::ErrorInstance::ErrorInstance):
2145         * runtime/ErrorPrototype.cpp:
2146         (JSC::ErrorPrototype::ErrorPrototype):
2147         * runtime/FunctionConstructor.cpp:
2148         (JSC::FunctionConstructor::FunctionConstructor):
2149         * runtime/FunctionPrototype.cpp:
2150         (JSC::FunctionPrototype::FunctionPrototype):
2151         * runtime/GetterSetter.cpp:
2152         (JSC::GetterSetter::markChildren):
2153         * runtime/GetterSetter.h:
2154         (JSC::GetterSetter::GetterSetter):
2155         (JSC::GetterSetter::getter):
2156         (JSC::GetterSetter::setGetter):
2157         (JSC::GetterSetter::setter):
2158         (JSC::GetterSetter::setSetter):
2159         * runtime/GlobalEvalFunction.cpp:
2160         (JSC::GlobalEvalFunction::GlobalEvalFunction):
2161         (JSC::GlobalEvalFunction::markChildren):
2162         * runtime/GlobalEvalFunction.h:
2163         (JSC::GlobalEvalFunction::cachedGlobalObject):
2164         * runtime/Heap.cpp:
2165         (JSC::Heap::markProtectedObjects):
2166         (JSC::Heap::markTempSortVectors):
2167         (JSC::Heap::markRoots):
2168         * runtime/InternalFunction.cpp:
2169         (JSC::InternalFunction::InternalFunction):
2170         * runtime/JSAPIValueWrapper.h:
2171         (JSC::JSAPIValueWrapper::value):
2172         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
2173         * runtime/JSActivation.cpp:
2174         (JSC::JSActivation::markChildren):
2175         (JSC::JSActivation::put):
2176         * runtime/JSArray.cpp:
2177         (JSC::JSArray::JSArray):
2178         (JSC::JSArray::getOwnPropertySlot):
2179         (JSC::JSArray::getOwnPropertyDescriptor):
2180         (JSC::JSArray::put):
2181         (JSC::JSArray::putSlowCase):
2182         (JSC::JSArray::deleteProperty):
2183         (JSC::JSArray::increaseVectorLength):
2184         (JSC::JSArray::setLength):
2185         (JSC::JSArray::pop):
2186         (JSC::JSArray::push):
2187         (JSC::JSArray::unshiftCount):
2188         (JSC::JSArray::sort):
2189         (JSC::JSArray::fillArgList):
2190         (JSC::JSArray::copyToRegisters):
2191         (JSC::JSArray::compactForSorting):
2192         * runtime/JSArray.h:
2193         (JSC::JSArray::getIndex):
2194         (JSC::JSArray::setIndex):
2195         (JSC::JSArray::uncheckedSetIndex):
2196         (JSC::JSArray::markChildrenDirect):
2197         * runtime/JSByteArray.cpp:
2198         (JSC::JSByteArray::JSByteArray):
2199         * runtime/JSCell.h:
2200         (JSC::JSCell::JSValue::toThisObject):
2201         (JSC::JSCell::MarkStack::append):
2202         * runtime/JSFunction.cpp:
2203         (JSC::JSFunction::JSFunction):
2204         (JSC::JSFunction::getOwnPropertySlot):
2205         * runtime/JSGlobalData.h:
2206         * runtime/JSGlobalObject.cpp:
2207         (JSC::markIfNeeded):
2208         (JSC::JSGlobalObject::reset):
2209         (JSC::JSGlobalObject::resetPrototype):
2210         (JSC::JSGlobalObject::markChildren):
2211         * runtime/JSGlobalObject.h:
2212         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
2213         (JSC::JSGlobalObject::regExpConstructor):
2214         (JSC::JSGlobalObject::errorConstructor):
2215         (JSC::JSGlobalObject::evalErrorConstructor):
2216         (JSC::JSGlobalObject::rangeErrorConstructor):
2217         (JSC::JSGlobalObject::referenceErrorConstructor):
2218         (JSC::JSGlobalObject::syntaxErrorConstructor):
2219         (JSC::JSGlobalObject::typeErrorConstructor):
2220         (JSC::JSGlobalObject::URIErrorConstructor):
2221         (JSC::JSGlobalObject::evalFunction):
2222         (JSC::JSGlobalObject::objectPrototype):
2223         (JSC::JSGlobalObject::functionPrototype):
2224         (JSC::JSGlobalObject::arrayPrototype):
2225         (JSC::JSGlobalObject::booleanPrototype):
2226         (JSC::JSGlobalObject::stringPrototype):
2227         (JSC::JSGlobalObject::numberPrototype):
2228         (JSC::JSGlobalObject::datePrototype):
2229         (JSC::JSGlobalObject::regExpPrototype):
2230         (JSC::JSGlobalObject::methodCallDummy):
2231         (JSC::Structure::prototypeForLookup):
2232         (JSC::constructArray):
2233         * runtime/JSONObject.cpp:
2234         (JSC::Stringifier::Holder::object):
2235         (JSC::Stringifier::markAggregate):
2236         (JSC::Stringifier::stringify):
2237         (JSC::Stringifier::Holder::appendNextProperty):
2238         (JSC::Walker::callReviver):
2239         (JSC::Walker::walk):
2240         * runtime/JSObject.cpp:
2241         (JSC::JSObject::defineGetter):
2242         (JSC::JSObject::defineSetter):
2243         (JSC::JSObject::removeDirect):
2244         (JSC::JSObject::putDirectFunction):
2245         (JSC::JSObject::putDirectFunctionWithoutTransition):
2246         (JSC::putDescriptor):
2247         (JSC::JSObject::defineOwnProperty):
2248         * runtime/JSObject.h:
2249         (JSC::JSObject::getDirectOffset):
2250         (JSC::JSObject::putDirectOffset):
2251         (JSC::JSObject::flattenDictionaryObject):
2252         (JSC::JSObject::putDirectInternal):
2253         (JSC::JSObject::putDirect):
2254         (JSC::JSObject::putDirectFunction):
2255         (JSC::JSObject::putDirectWithoutTransition):
2256         (JSC::JSObject::putDirectFunctionWithoutTransition):
2257         (JSC::JSValue::putDirect):
2258         (JSC::JSObject::allocatePropertyStorageInline):
2259         (JSC::JSObject::markChildrenDirect):
2260         * runtime/JSPropertyNameIterator.cpp:
2261         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2262         (JSC::JSPropertyNameIterator::get):
2263         * runtime/JSPropertyNameIterator.h:
2264         * runtime/JSStaticScopeObject.cpp:
2265         (JSC::JSStaticScopeObject::markChildren):
2266         * runtime/JSString.cpp:
2267         (JSC::StringObject::create):
2268         * runtime/JSValue.h:
2269         * runtime/JSWrapperObject.cpp:
2270         (JSC::JSWrapperObject::markChildren):
2271         * runtime/JSWrapperObject.h:
2272         (JSC::JSWrapperObject::internalValue):
2273         (JSC::JSWrapperObject::setInternalValue):
2274         * runtime/LiteralParser.cpp:
2275         (JSC::LiteralParser::parse):
2276         * runtime/Lookup.cpp:
2277         (JSC::setUpStaticFunctionSlot):
2278         * runtime/Lookup.h:
2279         (JSC::lookupPut):
2280         * runtime/MarkStack.h:
2281         (JSC::MarkStack::appendValues):
2282         * runtime/MathObject.cpp:
2283         (JSC::MathObject::MathObject):
2284         * runtime/NativeErrorConstructor.cpp:
2285         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2286         * runtime/NativeErrorPrototype.cpp:
2287         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2288         * runtime/NumberConstructor.cpp:
2289         (JSC::NumberConstructor::NumberConstructor):
2290         (JSC::constructWithNumberConstructor):
2291         * runtime/NumberObject.cpp:
2292         (JSC::constructNumber):
2293         * runtime/NumberPrototype.cpp:
2294         (JSC::NumberPrototype::NumberPrototype):
2295         * runtime/ObjectConstructor.cpp:
2296         (JSC::ObjectConstructor::ObjectConstructor):
2297         (JSC::objectConstructorGetOwnPropertyDescriptor):
2298         * runtime/Operations.h:
2299         (JSC::normalizePrototypeChain):
2300         (JSC::resolveBase):
2301         * runtime/PrototypeFunction.cpp:
2302         (JSC::PrototypeFunction::PrototypeFunction):
2303         * runtime/PutPropertySlot.h:
2304         (JSC::PutPropertySlot::setExistingProperty):
2305         (JSC::PutPropertySlot::setNewProperty):
2306         (JSC::PutPropertySlot::base):
2307         * runtime/RegExpConstructor.cpp:
2308         (JSC::RegExpConstructor::RegExpConstructor):
2309         * runtime/ScopeChain.cpp:
2310         (JSC::ScopeChainNode::print):
2311         * runtime/ScopeChain.h:
2312         (JSC::ScopeChainNode::~ScopeChainNode):
2313         (JSC::ScopeChainIterator::operator*):
2314         (JSC::ScopeChainIterator::operator->):
2315         (JSC::ScopeChain::top):
2316         * runtime/ScopeChainMark.h:
2317         (JSC::ScopeChain::markAggregate):
2318         * runtime/SmallStrings.cpp:
2319         (JSC::isMarked):
2320         (JSC::SmallStrings::markChildren):
2321         * runtime/SmallStrings.h:
2322         (JSC::SmallStrings::emptyString):
2323         (JSC::SmallStrings::singleCharacterString):
2324         (JSC::SmallStrings::singleCharacterStrings):
2325         * runtime/StringConstructor.cpp:
2326         (JSC::StringConstructor::StringConstructor):
2327         * runtime/StringObject.cpp:
2328         (JSC::StringObject::StringObject):
2329         * runtime/StringObject.h:
2330         * runtime/StringPrototype.cpp:
2331         (JSC::StringPrototype::StringPrototype):
2332         * runtime/Structure.cpp:
2333         (JSC::Structure::Structure):
2334         (JSC::Structure::addPropertyTransition):
2335         (JSC::Structure::toDictionaryTransition):
2336         (JSC::Structure::flattenDictionaryStructure):
2337         * runtime/Structure.h:
2338         (JSC::Structure::storedPrototype):
2339         * runtime/WeakGCMap.h:
2340         (JSC::WeakGCMap::uncheckedGet):
2341         (JSC::WeakGCMap::isValid):
2342         (JSC::::get):
2343         (JSC::::take):
2344         (JSC::::set):
2345         (JSC::::uncheckedRemove):
2346         * runtime/WriteBarrier.h: Removed.
2347
2348 2011-01-28  Gavin Barraclough  <barraclough@apple.com>
2349
2350         Reviewed by Geoff Garen.
2351
2352         https://bugs.webkit.org/show_bug.cgi?id=53352
2353         Heavy external fragmentation in FixedVMPoolAllocator can lead to a CRASH().
2354
2355         The FixedVMPoolAllocator currently uses a best fix policy -
2356         switch to first fit, this is less prone to external fragmentation.
2357
2358         * jit/ExecutableAllocatorFixedVMPool.cpp:
2359         (JSC::AllocationTableSizeClass::AllocationTableSizeClass):
2360         (JSC::AllocationTableSizeClass::blockSize):
2361         (JSC::AllocationTableSizeClass::blockCount):
2362         (JSC::AllocationTableSizeClass::blockAlignment):
2363         (JSC::AllocationTableSizeClass::size):
2364         (JSC::AllocationTableLeaf::AllocationTableLeaf):
2365         (JSC::AllocationTableLeaf::~AllocationTableLeaf):
2366         (JSC::AllocationTableLeaf::allocate):
2367         (JSC::AllocationTableLeaf::free):
2368         (JSC::AllocationTableLeaf::isEmpty):
2369         (JSC::AllocationTableLeaf::isFull):
2370         (JSC::AllocationTableLeaf::size):
2371         (JSC::AllocationTableLeaf::classForSize):
2372         (JSC::AllocationTableLeaf::dump):
2373         (JSC::LazyAllocationTable::LazyAllocationTable):
2374         (JSC::LazyAllocationTable::~LazyAllocationTable):
2375         (JSC::LazyAllocationTable::allocate):
2376         (JSC::LazyAllocationTable::free):
2377         (JSC::LazyAllocationTable::isEmpty):
2378         (JSC::LazyAllocationTable::isFull):
2379         (JSC::LazyAllocationTable::size):
2380         (JSC::LazyAllocationTable::dump):
2381         (JSC::LazyAllocationTable::classForSize):
2382         (JSC::AllocationTableDirectory::AllocationTableDirectory):
2383         (JSC::AllocationTableDirectory::~AllocationTableDirectory):
2384         (JSC::AllocationTableDirectory::allocate):
2385         (JSC::AllocationTableDirectory::free):
2386         (JSC::AllocationTableDirectory::isEmpty):
2387         (JSC::AllocationTableDirectory::isFull):
2388         (JSC::AllocationTableDirectory::size):
2389         (JSC::AllocationTableDirectory::classForSize):
2390         (JSC::AllocationTableDirectory::dump):
2391         (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
2392         (JSC::FixedVMPoolAllocator::alloc):
2393         (JSC::FixedVMPoolAllocator::free):
2394         (JSC::FixedVMPoolAllocator::allocated):
2395         (JSC::FixedVMPoolAllocator::isValid):
2396         (JSC::FixedVMPoolAllocator::classForSize):
2397         (JSC::FixedVMPoolAllocator::offsetToPointer):
2398         (JSC::FixedVMPoolAllocator::pointerToOffset):
2399         (JSC::ExecutableAllocator::committedByteCount):
2400         (JSC::ExecutableAllocator::isValid):
2401         (JSC::ExecutableAllocator::underMemoryPressure):
2402         (JSC::ExecutablePool::systemAlloc):
2403         (JSC::ExecutablePool::systemRelease):
2404         * wtf/PageReservation.h:
2405         (WTF::PageReservation::PageReservation):
2406         (WTF::PageReservation::commit):
2407         (WTF::PageReservation::decommit):
2408         (WTF::PageReservation::committed):
2409
2410 2011-01-27  Oliver Hunt  <oliver@apple.com>
2411
2412         Reviewed by Geoffrey Garen.
2413
2414         Convert markstack to a slot visitor API
2415         https://bugs.webkit.org/show_bug.cgi?id=53219
2416
2417         Move the MarkStack over to a slot based marking API.
2418
2419         In order to avoiding aliasing concerns there are two new types
2420         that need to be used when holding on to JSValues and JSCell that
2421         need to be marked: WriteBarrier and DeprecatedPtr.  WriteBarrier
2422         is expected to be used for any JSValue or Cell that's lifetime and
2423         marking is controlled by another GC object.  DeprecatedPtr is used
2424         for any value that we need to rework ownership for.
2425
2426         The change over to this model has produced a large amount of
2427         code changes, but they are mostly mechanical (forwarding JSGlobalData,
2428         etc).
2429
2430         * API/JSCallbackObject.h:
2431         (JSC::JSCallbackObjectData::setPrivateProperty):
2432         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::getPrivateProperty):
2433         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
2434         (JSC::JSCallbackObjectData::JSPrivatePropertyMap::markChildren):
2435         (JSC::JSCallbackObject::setPrivateProperty):
2436         * API/JSCallbackObjectFunctions.h:
2437         (JSC::::put):
2438         (JSC::::staticFunctionGetter):
2439         * API/JSObjectRef.cpp:
2440         (JSObjectMakeConstructor):
2441         (JSObjectSetPrivateProperty):
2442         * API/JSWeakObjectMapRefInternal.h:
2443         * JavaScriptCore.exp:
2444         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2445         * JavaScriptCore.xcodeproj/project.pbxproj:
2446         * bytecode/CodeBlock.cpp:
2447         (JSC::CodeBlock::markAggregate):
2448         * bytecode/CodeBlock.h:
2449         (JSC::CodeBlock::globalObject):
2450         * bytecompiler/BytecodeGenerator.cpp:
2451         (JSC::BytecodeGenerator::BytecodeGenerator):
2452         (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
2453         (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
2454         (JSC::BytecodeGenerator::findScopedProperty):
2455         * debugger/DebuggerActivation.cpp:
2456         (JSC::DebuggerActivation::DebuggerActivation):
2457         (JSC::DebuggerActivation::markChildren):
2458         * debugger/DebuggerActivation.h:
2459         * interpreter/Interpreter.cpp:
2460         (JSC::Interpreter::resolve):
2461         (JSC::Interpreter::resolveSkip):
2462         (JSC::Interpreter::resolveGlobalDynamic):
2463         (JSC::Interpreter::resolveBaseAndProperty):
2464         (JSC::Interpreter::unwindCallFrame):
2465         (JSC::appendSourceToError):
2466         (JSC::Interpreter::execute):
2467         (JSC::Interpreter::privateExecute):
2468         * interpreter/Register.h:
2469         (JSC::Register::jsValueSlot):
2470         * jit/JITStubs.cpp:
2471         (JSC::JITThunks::tryCacheGetByID):
2472         (JSC::DEFINE_STUB_FUNCTION):
2473         * jsc.cpp:
2474         (GlobalObject::GlobalObject):
2475         * runtime/Arguments.cpp:
2476         (JSC::Arguments::markChildren):
2477         (JSC::Arguments::getOwnPropertySlot):
2478         (JSC::Arguments::getOwnPropertyDescriptor):
2479         (JSC::Arguments::put):
2480         * runtime/Arguments.h:
2481         (JSC::Arguments::setActivation):
2482         (JSC::Arguments::Arguments):
2483         * runtime/ArrayConstructor.cpp:
2484         (JSC::ArrayConstructor::ArrayConstructor):
2485         (JSC::constructArrayWithSizeQuirk):
2486         * runtime/ArrayPrototype.cpp:
2487         (JSC::arrayProtoFuncSplice):
2488         * runtime/BatchedTransitionOptimizer.h:
2489         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
2490         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
2491         * runtime/BooleanConstructor.cpp:
2492         (JSC::BooleanConstructor::BooleanConstructor):
2493         (JSC::constructBoolean):
2494         (JSC::constructBooleanFromImmediateBoolean):
2495         * runtime/BooleanPrototype.cpp:
2496         (JSC::BooleanPrototype::BooleanPrototype):
2497         * runtime/ConservativeSet.h:
2498         (JSC::ConservativeSet::mark):
2499         * runtime/DateConstructor.cpp:
2500         (JSC::DateConstructor::DateConstructor):
2501         * runtime/DateInstance.cpp:
2502         (JSC::DateInstance::DateInstance):
2503         * runtime/DatePrototype.cpp:
2504         (JSC::dateProtoFuncSetTime):
2505         (JSC::setNewValueFromTimeArgs):
2506         (JSC::setNewValueFromDateArgs):
2507         (JSC::dateProtoFuncSetYear):
2508         * runtime/ErrorConstructor.cpp:
2509         (JSC::ErrorConstructor::ErrorConstructor):
2510         * runtime/ErrorInstance.cpp:
2511         (JSC::ErrorInstance::ErrorInstance):
2512         * runtime/ErrorPrototype.cpp:
2513         (JSC::ErrorPrototype::ErrorPrototype):
2514         * runtime/FunctionConstructor.cpp:
2515         (JSC::FunctionConstructor::FunctionConstructor):
2516         * runtime/FunctionPrototype.cpp:
2517         (JSC::FunctionPrototype::FunctionPrototype):
2518         * runtime/GetterSetter.cpp:
2519         (JSC::GetterSetter::markChildren):
2520         * runtime/GetterSetter.h:
2521         (JSC::GetterSetter::GetterSetter):
2522         (JSC::GetterSetter::getter):
2523         (JSC::GetterSetter::setGetter):
2524         (JSC::GetterSetter::setter):
2525         (JSC::GetterSetter::setSetter):
2526         * runtime/GlobalEvalFunction.cpp:
2527         (JSC::GlobalEvalFunction::GlobalEvalFunction):
2528         (JSC::GlobalEvalFunction::markChildren):
2529         * runtime/GlobalEvalFunction.h:
2530         (JSC::GlobalEvalFunction::cachedGlobalObject):
2531         * runtime/Heap.cpp:
2532         (JSC::Heap::markProtectedObjects):
2533         (JSC::Heap::markTempSortVectors):
2534         (JSC::Heap::markRoots):
2535         * runtime/InternalFunction.cpp:
2536         (JSC::InternalFunction::InternalFunction):
2537         * runtime/JSAPIValueWrapper.h:
2538         (JSC::JSAPIValueWrapper::value):
2539         (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
2540         * runtime/JSActivation.cpp:
2541         (JSC::JSActivation::put):
2542         * runtime/JSArray.cpp:
2543         (JSC::JSArray::JSArray):
2544         (JSC::JSArray::getOwnPropertySlot):
2545         (JSC::JSArray::getOwnPropertyDescriptor):
2546         (JSC::JSArray::put):
2547         (JSC::JSArray::putSlowCase):
2548         (JSC::JSArray::deleteProperty):
2549         (JSC::JSArray::increaseVectorLength):
2550         (JSC::JSArray::setLength):
2551         (JSC::JSArray::pop):
2552         (JSC::JSArray::push):
2553         (JSC::JSArray::unshiftCount):
2554         (JSC::JSArray::sort):
2555         (JSC::JSArray::fillArgList):
2556         (JSC::JSArray::copyToRegisters):
2557         (JSC::JSArray::compactForSorting):
2558         * runtime/JSArray.h:
2559         (JSC::JSArray::getIndex):
2560         (JSC::JSArray::setIndex):
2561         (JSC::JSArray::uncheckedSetIndex):
2562         (JSC::JSArray::markChildrenDirect):
2563         * runtime/JSByteArray.cpp:
2564         (JSC::JSByteArray::JSByteArray):
2565         * runtime/JSCell.h:
2566         (JSC::JSCell::MarkStack::append):
2567         (JSC::JSCell::MarkStack::appendCell):
2568         * runtime/JSFunction.cpp:
2569         (JSC::JSFunction::JSFunction):
2570         (JSC::JSFunction::getOwnPropertySlot):
2571         * runtime/JSGlobalObject.cpp:
2572         (JSC::markIfNeeded):
2573         (JSC::JSGlobalObject::reset):
2574         (JSC::JSGlobalObject::resetPrototype):
2575         (JSC::JSGlobalObject::markChildren):
2576         * runtime/JSGlobalObject.h:
2577         (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
2578         (JSC::JSGlobalObject::regExpConstructor):
2579         (JSC::JSGlobalObject::errorConstructor):
2580         (JSC::JSGlobalObject::evalErrorConstructor):
2581         (JSC::JSGlobalObject::rangeErrorConstructor):
2582         (JSC::JSGlobalObject::referenceErrorConstructor):
2583         (JSC::JSGlobalObject::syntaxErrorConstructor):
2584         (JSC::JSGlobalObject::typeErrorConstructor):
2585         (JSC::JSGlobalObject::URIErrorConstructor):
2586         (JSC::JSGlobalObject::evalFunction):
2587         (JSC::JSGlobalObject::objectPrototype):
2588         (JSC::JSGlobalObject::functionPrototype):
2589         (JSC::JSGlobalObject::arrayPrototype):
2590         (JSC::JSGlobalObject::booleanPrototype):
2591         (JSC::JSGlobalObject::stringPrototype):
2592         (JSC::JSGlobalObject::numberPrototype):
2593         (JSC::JSGlobalObject::datePrototype):
2594         (JSC::JSGlobalObject::regExpPrototype):
2595         (JSC::JSGlobalObject::methodCallDummy):
2596         (JSC::constructArray):
2597         * runtime/JSONObject.cpp:
2598         (JSC::Stringifier::Holder::object):
2599         (JSC::Stringifier::Holder::objectSlot):
2600         (JSC::Stringifier::markAggregate):
2601         (JSC::Stringifier::stringify):
2602         (JSC::Stringifier::Holder::appendNextProperty):
2603         (JSC::Walker::callReviver):
2604         (JSC::Walker::walk):
2605         * runtime/JSObject.cpp:
2606         (JSC::JSObject::defineGetter):
2607         (JSC::JSObject::defineSetter):
2608         (JSC::JSObject::removeDirect):
2609         (JSC::JSObject::putDirectFunction):
2610         (JSC::JSObject::putDirectFunctionWithoutTransition):
2611         (JSC::putDescriptor):
2612         (JSC::JSObject::defineOwnProperty):
2613         * runtime/JSObject.h:
2614         (JSC::JSObject::putDirectOffset):
2615         (JSC::JSObject::putUndefinedAtDirectOffset):
2616         (JSC::JSObject::flattenDictionaryObject):
2617         (JSC::JSObject::putDirectInternal):
2618         (JSC::JSObject::putDirect):
2619         (JSC::JSObject::putDirectFunction):
2620         (JSC::JSObject::putDirectWithoutTransition):
2621         (JSC::JSObject::putDirectFunctionWithoutTransition):
2622         (JSC::JSValue::putDirect):
2623         (JSC::JSObject::allocatePropertyStorageInline):
2624         (JSC::JSObject::markChildrenDirect):
2625         * runtime/JSStaticScopeObject.cpp:
2626         (JSC::JSStaticScopeObject::markChildren):
2627         * runtime/JSString.cpp:
2628         (JSC::StringObject::create):
2629         * runtime/JSValue.h:
2630         * runtime/JSWrapperObject.cpp:
2631         (JSC::JSWrapperObject::markChildren):
2632         * runtime/JSWrapperObject.h:
2633         (JSC::JSWrapperObject::internalValue):
2634         (JSC::JSWrapperObject::setInternalValue):
2635         * runtime/LiteralParser.cpp:
2636         (JSC::LiteralParser::parse):
2637         * runtime/Lookup.cpp:
2638         (JSC::setUpStaticFunctionSlot):
2639         * runtime/Lookup.h:
2640         (JSC::lookupPut):
2641         * runtime/MarkStack.h:
2642         * runtime/MathObject.cpp:
2643         (JSC::MathObject::MathObject):
2644         * runtime/NativeErrorConstructor.cpp:
2645         (JSC::NativeErrorConstructor::NativeErrorConstructor):
2646         * runtime/NativeErrorPrototype.cpp:
2647         (JSC::NativeErrorPrototype::NativeErrorPrototype):
2648         * runtime/NumberConstructor.cpp:
2649         (JSC::NumberConstructor::NumberConstructor):
2650         (JSC::constructWithNumberConstructor):
2651         * runtime/NumberObject.cpp:
2652         (JSC::constructNumber):
2653         * runtime/NumberPrototype.cpp:
2654         (JSC::NumberPrototype::NumberPrototype):
2655         * runtime/ObjectConstructor.cpp:
2656         (JSC::ObjectConstructor::ObjectConstructor):
2657         (JSC::objectConstructorGetOwnPropertyDescriptor):
2658         * runtime/Operations.h:
2659         (JSC::normalizePrototypeChain):
2660         (JSC::resolveBase):
2661         * runtime/PrototypeFunction.cpp:
2662         (JSC::PrototypeFunction::PrototypeFunction):
2663         * runtime/PutPropertySlot.h:
2664         (JSC::PutPropertySlot::setExistingProperty):
2665         (JSC::PutPropertySlot::setNewProperty):
2666         (JSC::PutPropertySlot::base):
2667         * runtime/RegExpConstructor.cpp:
2668         (JSC::RegExpConstructor::RegExpConstructor):
2669         * runtime/ScopeChain.cpp:
2670         (JSC::ScopeChainNode::print):
2671         * runtime/ScopeChain.h:
2672         (JSC::ScopeChainNode::~ScopeChainNode):
2673         (JSC::ScopeChainIterator::operator*):
2674         (JSC::ScopeChainIterator::operator->):
2675         (JSC::ScopeChain::top):
2676         * runtime/ScopeChainMark.h:
2677         (JSC::ScopeChain::markAggregate):
2678         * runtime/SmallStrings.cpp:
2679         (JSC::isMarked):
2680         (JSC::SmallStrings::markChildren):
2681         * runtime/SmallStrings.h:
2682         (JSC::SmallStrings::emptyString):
2683         (JSC::SmallStrings::singleCharacterString):
2684         (JSC::SmallStrings::singleCharacterStrings):
2685         * runtime/StringConstructor.cpp:
2686         (JSC::StringConstructor::StringConstructor):
2687         * runtime/StringObject.cpp:
2688         (JSC::StringObject::StringObject):
2689         * runtime/StringObject.h:
2690         * runtime/StringPrototype.cpp:
2691         (JSC::StringPrototype::StringPrototype):
2692         * runtime/Structure.cpp:
2693         (JSC::Structure::flattenDictionaryStructure):
2694         * runtime/Structure.h:
2695         (JSC::Structure::storedPrototypeSlot):
2696         * runtime/WeakGCMap.h:
2697         (JSC::WeakGCMap::uncheckedGet):
2698         (JSC::WeakGCMap::uncheckedGetSlot):
2699         (JSC::::get):
2700         (JSC::::take):
2701         (JSC::::set):
2702         (JSC::::uncheckedRemove):
2703         * runtime/WriteBarrier.h: Added.
2704         (JSC::DeprecatedPtr::DeprecatedPtr):
2705         (JSC::DeprecatedPtr::get):
2706         (JSC::DeprecatedPtr::operator*):
2707         (JSC::DeprecatedPtr::operator->):
2708         (JSC::DeprecatedPtr::slot):
2709         (JSC::DeprecatedPtr::operator UnspecifiedBoolType*):
2710         (JSC::DeprecatedPtr::operator!):
2711         (JSC::WriteBarrierBase::set):
2712         (JSC::WriteBarrierBase::get):
2713         (JSC::WriteBarrierBase::operator*):
2714         (JSC::WriteBarrierBase::operator->):
2715         (JSC::WriteBarrierBase::slot):
2716         (JSC::WriteBarrierBase::operator UnspecifiedBoolType*):
2717         (JSC::WriteBarrierBase::operator!):
2718         (JSC::WriteBarrier::WriteBarrier):
2719         (JSC::operator==):
2720
2721 2011-01-28  Adam Roben  <aroben@apple.com>
2722
2723         Chromium build fix after r76967
2724
2725         * wtf/ThreadingPrimitives.h: Use OS(WINDOWS) instead of PLATFORM(WIN), to match other
2726         similar macros in this file.
2727
2728 2011-01-28  Michael Saboff  <msaboff@apple.com>
2729
2730         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
2731         https://bugs.webkit.org/show_bug.cgi?id=53271
2732
2733         Reapplying this this change.  No change from prior patch in
2734         JavaScriptCore.
2735
2736         Added new isValid() methods to check if a contained object in
2737         a WeakGCMap is valid when using an unchecked iterator.
2738
2739         * runtime/WeakGCMap.h:
2740         (JSC::WeakGCMap::isValid):
2741
2742 2011-01-27  Adam Roben  <aroben@apple.com>
2743
2744         Extract code to convert a WTF absolute time to a Win32 wait interval into a separate
2745         function
2746
2747         Fixes <http://webkit.org/b/53208> <rdar://problem/8922490> BinarySemaphore should wrap a
2748         Win32 event
2749
2750         Reviewed by Dave Hyatt.
2751
2752         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export the new function.
2753
2754         * wtf/ThreadingPrimitives.h: Declare the new function.
2755
2756         * wtf/ThreadingWin.cpp:
2757         (WTF::ThreadCondition::timedWait): Moved code to convert the absolute time to a wait
2758         interval from here...
2759         (WTF::absoluteTimeToWaitTimeoutInterval): ...to here.
2760
2761 2011-01-28  Sam Weinig  <sam@webkit.org>
2762
2763         Reviewed by Maciej Stachowiak.
2764
2765         Add basic rubber banding support
2766         <rdar://problem/8219429>
2767         https://bugs.webkit.org/show_bug.cgi?id=53277
2768
2769         * wtf/Platform.h: Add ENABLE for rubber banding.
2770
2771 2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
2772
2773         Unreviewed, rolling out r76893.
2774         http://trac.webkit.org/changeset/76893
2775         https://bugs.webkit.org/show_bug.cgi?id=53287
2776
2777         It made some tests crash on GTK and Qt debug bots (Requested
2778         by Ossy on #webkit).
2779
2780         * runtime/WeakGCMap.h:
2781
2782 2011-01-27  Adam Barth  <abarth@webkit.org>
2783
2784         Reviewed by Eric Seidel.
2785
2786         Add WTFString method to compare equality with Vector<UChar>
2787         https://bugs.webkit.org/show_bug.cgi?id=53266
2788
2789         I'm planning to use this method in the new XSS filter implementation,
2790         but it seems generally useful.
2791
2792         * wtf/text/StringImpl.h:
2793         (WTF::equalIgnoringNullity):
2794         * wtf/text/WTFString.h:
2795         (WTF::equalIgnoringNullity):
2796
2797 2011-01-27  Michael Saboff  <msaboff@apple.com>
2798
2799         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
2800         https://bugs.webkit.org/show_bug.cgi?id=53271
2801
2802         Added new isValid() methods to check if a contained object in
2803         a WeakGCMap is valid when using an unchecked iterator.
2804
2805         * runtime/WeakGCMap.h:
2806         (JSC::WeakGCMap::isValid):
2807
2808 2011-01-26  Sam Weinig  <sam@webkit.org>
2809
2810         Reviewed by Maciej Stachowiak.
2811
2812         Add events to represent the start/end of a gesture scroll
2813         https://bugs.webkit.org/show_bug.cgi?id=53215
2814
2815         * wtf/Platform.h: Add ENABLE for gesture events. 
2816
2817 2011-01-26  Yael Aharon  <yael.aharon@nokia.com>
2818
2819         Reviewed by Laszlo Gombos.
2820
2821         [Qt][Symbian] Fix --minimal build
2822         https://bugs.webkit.org/show_bug.cgi?id=52839
2823
2824         Move definition of USE_SYSTEM_MALLOC out of pri file.
2825         Put it in platform.h instead.
2826
2827         * wtf/Platform.h:
2828         * wtf/TCSystemAlloc.cpp:
2829         * wtf/wtf.pri:
2830
2831 2011-01-26  Patrick Gansterer  <paroga@webkit.org>
2832
2833         Reviewed by Andreas Kling.
2834
2835         [WINCE] Add JIT support to build system
2836         https://bugs.webkit.org/show_bug.cgi?id=53079
2837
2838         * CMakeListsWinCE.txt:
2839
2840 2011-01-25  Adam Roben  <aroben@apple.com>
2841
2842         Windows Production build fix
2843
2844         Reviewed by Steve Falkenburg.
2845
2846         * JavaScriptCore.vcproj/JavaScriptCore.make: Set BUILDSTYLE to Release_PGO at the very start
2847         of the file so that ConfigurationBuildDir takes that into account. Also set it the right way
2848         (by redefining the macro) rather than the wrong way (by modifying the environment variable).
2849
2850 2011-01-25  Steve Falkenburg  <sfalken@apple.com>
2851
2852         Rubber-stamped by Adam Roben.
2853
2854         Windows production build fix.
2855         Use correct environment variable escaping
2856
2857         * JavaScriptCore.vcproj/JavaScriptCore.make:
2858         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
2859
2860 2011-01-25  Oliver Hunt  <oliver@apple.com>
2861
2862         Reviewed by Gavin Barraclough.
2863
2864         JSON.stringify processing time exponentially grows with size of object
2865         https://bugs.webkit.org/show_bug.cgi?id=51922
2866
2867         Remove last use of reserveCapacity from JSON stringification, as it results
2868         in appalling append behaviour when there are a large number of property names
2869         and nothing else.
2870
2871         * runtime/JSONObject.cpp:
2872         (JSC::Stringifier::appendQuotedString):
2873
2874 2011-01-25  Antti Koivisto  <antti@apple.com>
2875
2876         Not reviewed.
2877         
2878         Try to fix windows build.
2879
2880         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2881
2882 2011-01-25  Antti Koivisto  <antti@apple.com>
2883
2884         Reviewed by Oliver Hunt.
2885
2886         REGRESSION: Leak in JSParser::Scope::copyCapturedVariablesToVector()
2887         https://bugs.webkit.org/show_bug.cgi?id=53061
2888          
2889         Cache did not know about the subclass so failed to fully delete the items. 
2890         Got rid of the subclass and moved the classes to separate files.
2891
2892         * CMakeLists.txt:
2893         * GNUmakefile.am:
2894         * JavaScriptCore.exp:
2895         * JavaScriptCore.gypi:
2896         * JavaScriptCore.pro:
2897         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2898         * JavaScriptCore.xcodeproj/project.pbxproj:
2899         * parser/JSParser.cpp:
2900         (JSC::JSParser::Scope::saveFunctionInfo):
2901         (JSC::JSParser::Scope::restoreFunctionInfo):
2902         (JSC::JSParser::findCachedFunctionInfo):
2903         (JSC::JSParser::parseFunctionInfo):
2904         * parser/SourceProvider.h:
2905         * parser/SourceProviderCache.cpp: Added.
2906         (JSC::SourceProviderCache::~SourceProviderCache):
2907         (JSC::SourceProviderCache::byteSize):
2908         * parser/SourceProviderCache.h: Added.
2909         (JSC::SourceProviderCache::SourceProviderCache):
2910         (JSC::SourceProviderCache::add):
2911         (JSC::SourceProviderCache::get):
2912         * parser/SourceProviderCacheItem.h: Added.
2913         (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
2914         (JSC::SourceProviderCacheItem::approximateByteSize):
2915         (JSC::SourceProviderCacheItem::closeBraceToken):
2916
2917 2011-01-25  Marcilio Mendonca  <mamendonca@rim.com>
2918
2919         Reviewed by Darin Adler.
2920
2921         Bug 53087: Refactoring: replaced a hanging "else" with a "return"
2922         statement
2923         https://bugs.webkit.org/show_bug.cgi?id=53087.
2924
2925         Refactoring work: Replaced a hanging "else" within an #if PLATFORM(M
2926         with a "return" so that the code is more readable and less error pro
2927         (e.g., "else" doesn't use braces so adding extra lines to the else
2928         block won't have any effect; even worse, code still compiles
2929         successfully.
2930
2931         * wtf/Assertions.cpp:
2932
2933 2011-01-24  Chris Marrin  <cmarrin@apple.com>
2934
2935         Reviewed by Eric Seidel.
2936
2937         Change ENABLE_3D_CANVAS to ENABLE_WEBGL
2938         https://bugs.webkit.org/show_bug.cgi?id=53041
2939
2940         * Configurations/FeatureDefines.xcconfig:
2941
2942 2011-01-25  Adam Roben  <aroben@apple.com>
2943
2944         Windows Production build fix
2945
2946         * JavaScriptCore.vcproj/JavaScriptCore.make: Added a missing "set".
2947
2948 2011-01-25  Patrick Gansterer  <paroga@webkit.org>
2949
2950         Reviewed by Eric Seidel.
2951
2952         Add missing defines for COMPILER(RVCT) && CPU(ARM_THUMB2)
2953         https://bugs.webkit.org/show_bug.cgi?id=52949
2954
2955         * jit/JITStubs.cpp:
2956
2957 2011-01-24  Adam Roben  <aroben@apple.com>
2958
2959         Windows Production build fix
2960
2961         * JavaScriptCore.vcproj/JavaScriptCore.make: Update for move of JavaScriptCore into Source.
2962
2963 2011-01-24  Peter Varga  <pvarga@webkit.org>
2964
2965         Reviewed by Oliver Hunt.
2966
2967         Optimize regex patterns which contain empty alternatives
2968         https://bugs.webkit.org/show_bug.cgi?id=51395
2969
2970         Eliminate the empty alternatives from the regex pattern and convert it to do
2971         the matching in an easier way.
2972
2973         * yarr/YarrPattern.cpp:
2974         (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
2975
2976 2011-01-24  Andras Becsi  <abecsi@webkit.org>
2977
2978         Reviewed by Csaba Osztrogonác.
2979
2980         [Qt] Move project files into Source
2981         https://bugs.webkit.org/show_bug.cgi?id=52891
2982
2983         * JavaScriptCore.pri:
2984         * JavaScriptCore.pro:
2985         * jsc.pro:
2986
2987 2011-01-23  Mark Rowe  <mrowe@apple.com>
2988
2989         Follow-up to r76477.
2990
2991         Fix the scripts that detect problematic code such as static initializers
2992         and destructors, weak vtables, inappropriate files in the framework wrappers,
2993         and public headers including private headers. These had all been broken
2994         since the projects were moved in to the Source directory as the paths to the
2995         scripts were not updated at that time.
2996
2997         * JavaScriptCore.xcodeproj/project.pbxproj:
2998
2999 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
3000
3001         Reviewed by Darin Adler.
3002
3003         Use WTF::StringHasher in WebCore
3004         https://bugs.webkit.org/show_bug.cgi?id=52934
3005
3006         Add an additional function to calculate the hash
3007         of data with a runtimedependent size.
3008
3009         * wtf/StringHasher.h:
3010         (WTF::StringHasher::createBlobHash):
3011
3012 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
3013
3014         Reviewed by David Kilzer.
3015
3016         Fix comment in String::ascii()
3017         https://bugs.webkit.org/show_bug.cgi?id=52980
3018
3019         * wtf/text/WTFString.cpp:
3020         (WTF::String::ascii):
3021
3022 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
3023
3024         Reviewed by David Kilzer.
3025
3026         Add String::containsOnlyLatin1()
3027         https://bugs.webkit.org/show_bug.cgi?id=52979
3028
3029         * wtf/text/WTFString.h:
3030         (WTF::String::containsOnlyLatin1):
3031         (WTF::charactersAreAllLatin1):
3032
3033 2011-01-23  Patrick Gansterer  <paroga@webkit.org>
3034
3035         Reviewed by Oliver Hunt.
3036
3037         Remove obsolete JSVALUE32 code
3038         https://bugs.webkit.org/show_bug.cgi?id=52948
3039
3040         r70111 removed support for JSVALUE32.
3041         ARM, MIPS and X86 support JSVALUE32_64 only.
3042
3043         * jit/JITStubs.cpp:
3044
3045 2011-01-22  Geoffrey Garen  <ggaren@apple.com>
3046
3047         Reviewed by Dan Bernstein.
3048
3049         ASSERT running run-webkit-tests --threaded.
3050         https://bugs.webkit.org/show_bug.cgi?id=52971
3051         
3052         SunSpider and v8 report no change.
3053
3054         * runtime/ConservativeSet.cpp:
3055         (JSC::ConservativeSet::grow):
3056         (JSC::ConservativeSet::add):
3057         * runtime/ConservativeSet.h: Tweaked the inline capacity to 128, and
3058         the growth policy to 2X, to make SunSpider and v8 happy.
3059         (JSC::ConservativeSet::ConservativeSet):
3060         (JSC::ConservativeSet::~ConservativeSet):
3061         (JSC::ConservativeSet::mark): Use OSAllocator directly, instead of malloc.
3062         Malloc is forbidden during a multi-threaded mark phase because it can
3063         cause deadlock.
3064
3065 2011-01-22  Geoffrey Garen  <ggaren@apple.com>
3066
3067         Reviewed by Geoffrey Garen.
3068
3069         Rubber-stamped by Maciej Stachowiak.
3070
3071         A few of Maciej's review suggestions for my last patch.
3072         https://bugs.webkit.org/show_bug.cgi?id=52946        
3073
3074         SunSpider reports no change.
3075
3076         * Android.mk:
3077         * CMakeLists.txt:
3078         * GNUmakefile.am:
3079         * JavaScriptCore.gypi:
3080         * JavaScriptCore.pro:
3081         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3082         * JavaScriptCore.xcodeproj/project.pbxproj: Updated build systems.
3083
3084         * runtime/ConservativeSet.cpp: Added.
3085         (JSC::isPointerAligned):
3086         (JSC::ConservativeSet::add):
3087         * runtime/ConservativeSet.h: Added.
3088         (JSC::ConservativeSet::ConservativeSet):
3089         (JSC::ConservativeSet::mark): Split ConservativeSet out into its own
3090         file, and moved the conservative check into ConservativeSet::add, making
3091         ConservativeSet's responsibility clearer.
3092
3093         * runtime/Heap.cpp:
3094         (JSC::Heap::markRoots):
3095         * runtime/MachineStackMarker.cpp:
3096         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
3097         (JSC::MachineStackMarker::markOtherThreadConservatively):
3098         * runtime/MachineStackMarker.h:
3099         * runtime/MarkStack.h: Updated for changes above.
3100
3101 2011-01-22  Patrick Gansterer  <paroga@webkit.org>
3102
3103         Unreviewed WinCE build fix for r76430.
3104
3105         * runtime/MachineStackMarker.cpp:
3106         (JSC::swapIfBackwards):
3107
3108 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3109
3110         Reviewed by Beth Dakin.
3111
3112         Reorganized MarkedSpace, making many of its functions private.
3113
3114         * runtime/JSCell.h:
3115         (JSC::JSCell::Heap::heap):
3116         * runtime/MarkedSpace.h:
3117         (JSC::MarkedSpace::globalData):
3118         (JSC::MarkedSpace::heap):
3119
3120 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3121
3122         Try to fix build: moved helper function out of #ifdef.
3123
3124         * runtime/MachineStackMarker.cpp:
3125         (JSC::swapIfBackwards):
3126
3127 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3128
3129         Rubber-stamped by Maciej Stachowiak.
3130
3131         A few of Maciej's review suggestions for my last patch.
3132         https://bugs.webkit.org/show_bug.cgi?id=52946        
3133
3134         SunSpider reports no change.
3135
3136         * runtime/MachineStackMarker.cpp:
3137         (JSC::swapIfBackwards): Added a helper function for handling platforms
3138         where the stack can grow in any direction.
3139
3140         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
3141         (JSC::MachineStackMarker::markOtherThreadConservatively): Use the helper
3142         function.
3143
3144         (JSC::isPointerAligned): Use "!" instead of "==0" because a robot told me to.
3145
3146         (JSC::MachineStackMarker::markConservatively): Changed to use a more
3147         standard looping idiom, and to use the helper function above.
3148
3149         * runtime/MarkedSpace.h:
3150         (JSC::MarkedSpace::isCellAligned): Use "!" instead of "==0" because a robot told me to.
3151
3152 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3153
3154         Reviewed by Maciej Stachowiak.
3155
3156         Cleaned up some conservative marking code.
3157         https://bugs.webkit.org/show_bug.cgi?id=52946
3158         
3159         SunSpider reports no change.
3160
3161         * interpreter/RegisterFile.h: No need for a special marking function,
3162         since we already expose a start() and end().
3163
3164         * runtime/Heap.cpp:
3165         (JSC::Heap::registerFile):
3166         (JSC::Heap::markRoots):
3167         * runtime/Heap.h:
3168         (JSC::Heap::contains): Migrated markConservatively() to the machine stack
3169         marker class. Now, Heap just provides a contains() function, which the
3170         machine stack marker uses for checking whether a pointer points into the heap.
3171
3172         * runtime/MachineStackMarker.cpp:
3173         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
3174         (JSC::MachineStackMarker::markOtherThreadConservatively):
3175         (JSC::isPointerAligned):
3176         (JSC::MachineStackMarker::markConservatively):
3177         * runtime/MachineStackMarker.h: Move the conservative marking code here.
3178
3179         * runtime/MarkStack.h:
3180         (JSC::ConservativeSet::add):
3181         (JSC::ConservativeSet::mark): Changed to using a vector instead of hash
3182         set. Vector seems to be a bit faster, and it generates smaller code.
3183
3184         * runtime/MarkedSpace.cpp:
3185         (JSC::MarkedSpace::containsSlowCase):
3186         * runtime/MarkedSpace.h:
3187         (JSC::MarkedSpace::isCellAligned):
3188         (JSC::MarkedSpace::isPossibleCell):
3189         (JSC::MarkedSpace::contains): Kept the code for determining whether a
3190         pointer pointed into marked space, and moved the code for marking
3191         a set of conservative pointers into the machine stack marker.
3192
3193         * wtf/HashSet.h:
3194         (WTF::::add): Added two missing inlines that I noticed while testing
3195         vector vs hash set.
3196
3197 2011-01-21  Mark Rowe  <mrowe@apple.com>
3198
3199         Reviewed by Sam Weinig.
3200
3201         Work around a Clang bug <rdar://problem/8876150> that leads to it incorrectly emitting an access
3202         control warning when a client tries to use operator bool exposed above via "using PageBlock::operator bool".
3203
3204         * wtf/PageAllocation.h:
3205         (WTF::PageAllocation::operator bool):
3206         * wtf/PageReservation.h:
3207         (WTF::PageReservation::operator bool):
3208
3209 2011-01-21  Michael Saboff  <msaboff@apple.com>
3210
3211         Reviewed by Oliver Hunt.
3212
3213         [RegexFuzz] Hang with forward assertion
3214         https://bugs.webkit.org/show_bug.cgi?id=52825
3215         <rdar://problem/8894332>
3216
3217         The backtrackTo label from the first term in a list of terms is
3218         being overwritten by processing of subsequent terms.  Changed
3219         copyBacktrackToLabel() to check for an existing bcaktrackTo label
3220         before copying and renamed it to propagateBacktrackToLabel() since
3221         it no longer copies.
3222
3223         * yarr/YarrJIT.cpp:
3224         (JSC::Yarr::YarrGenerator::BacktrackDestination::propagateBacktrackToLabel):
3225         (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
3226
3227 2011-01-21  Geoffrey Garen  <ggaren@apple.com>
3228
3229         Reviewed by Sam Weinig.
3230
3231         Moved the mark stack from global data to the heap, since it pertains
3232         to the heap, and not the virtual machine as a whole.
3233         https://bugs.webkit.org/show_bug.cgi?id=52930
3234         
3235         SunSpider reports no change.
3236
3237         * runtime/Heap.cpp:
3238         (JSC::Heap::Heap):
3239         (JSC::Heap::markRoots):
3240         * runtime/Heap.h:
3241         * runtime/JSGlobalData.cpp:
3242         (JSC::JSGlobalData::JSGlobalData):
3243         * runtime/JSGlobalData.h:
3244
3245 2011-01-21  Peter Gal  <galpeter@inf.u-szeged.hu>
3246
3247         Reviewed by Darin Adler.
3248
3249         REGRESSION(r76177): All JavaScriptCore tests fail on ARM
3250         https://bugs.webkit.org/show_bug.cgi?id=52814
3251
3252         Get the approximateByteSize value before releasing the OwnPtr.
3253
3254         * parser/JSParser.cpp:
3255         (JSC::JSParser::parseFunctionInfo):
3256
3257 2011-01-21  Xan Lopez  <xlopez@igalia.com>
3258
3259         Reviewed by Martin Robinson.
3260
3261         Remove unnecessary <stdio.h> include
3262         https://bugs.webkit.org/show_bug.cgi?id=52884
3263
3264         * jit/JIT.cpp: remove unnecessary include.
3265
3266 2011-01-20  Ryosuke Niwa  <rniwa@webkit.org>
3267
3268         Reviewed by Maciej Stachowiak.
3269
3270         Added OwnPtrCommon.h because OwnArrayPtr::set calls deleteOwnedPtr.
3271
3272         * wtf/OwnArrayPtr.h:
3273
3274 2011-01-20  Patrick Gansterer  <paroga@webkit.org>
3275
3276         Reviewed by Oliver Hunt.
3277
3278         [WINCE] Remove obsolete JSVALUE32 code
3279         https://bugs.webkit.org/show_bug.cgi?id=52450
3280
3281         Remove the "offset hack" in create_jit_stubs, since we
3282         only support JSVALUE32_64 in the meantime.
3283
3284         * create_jit_stubs: Removed offset argument
3285         * jit/JITStubs.cpp:
3286
3287 2011-01-20  Geoffrey Garen  <ggaren@apple.com>
3288
3289         Reviewed by Oliver Hunt.
3290
3291         When marking conservatively, guard against reviving dead objects.
3292         https://bugs.webkit.org/show_bug.cgi?id=52840
3293         
3294         SunSpider and v8 say no change.
3295
3296         * interpreter/RegisterFile.h:
3297         (JSC::RegisterFile::markCallFrames): Updated to use the ConservativeSet API.
3298
3299         * runtime/Heap.cpp:
3300         (JSC::Heap::recordExtraCost): No need to guard against conservative
3301         marking reviving dead objects anymore, since the conservative marking
3302         mechanism guards against this now.
3303
3304         (JSC::Heap::markConservatively):
3305         (JSC::Heap::markProtectedObjects):
3306         (JSC::Heap::markTempSortVectors): Don't drain the mark stack inside a
3307         marking function. We want to establish a separation of concerns between
3308         visiting roots and draining the mark stack.
3309
3310         (JSC::Heap::markRoots): Gather the set of conservative references before
3311         clearning mark bits, because conservative marking now uses the mark bits
3312         to determine if a reference is valid, and avoid reviving dead objects.
3313
3314         (JSC::Heap::collectAllGarbage): No need to guard against conservative
3315         marking reviving dead objects anymore, since the conservative marking
3316         mechanism guards against this now.
3317
3318         * runtime/Heap.h: Updated to use the ConservativeSet API.
3319
3320         * runtime/MachineStackMarker.cpp:
3321         (JSC::MachineStackMarker::markCurrentThreadConservativelyInternal):
3322         (JSC::MachineStackMarker::markCurrentThreadConservatively):
3323         (JSC::MachineStackMarker::markOtherThreadConservatively):
3324         (JSC::MachineStackMarker::markMachineStackConservatively):
3325         * runtime/MachineStackMarker.h: Ditto.
3326
3327         * runtime/MarkStack.h:
3328         (JSC::ConservativeSet::add):
3329         (JSC::ConservativeSet::mark): Added ConservativeSet, for gathering the
3330         set of conservative references. This is different from MarkStack, since
3331         we don't mark the set until it is completely gathered.
3332
3333         * runtime/MarkedSpace.cpp:
3334         (JSC::MarkedSpace::freeBlock):
3335         (JSC::MarkedSpace::resizeBlocks):
3336         (JSC::MarkedSpace::markConservatively):
3337         * runtime/MarkedSpace.h: When marking conservatively, guard against
3338         reviving dead objects.
3339
3340 2011-01-20  Siddharth Mathur  <siddharth.mathur@nokia.com>
3341
3342         Reviewed by Geoffrey Garen.
3343
3344         [Symbian] Fix StackBounds::initialize()
3345         https://bugs.webkit.org/show_bug.cgi?id=52842
3346
3347         * wtf/StackBounds.cpp:
3348         (WTF::StackBounds::initialize): Use TThreadStackInfo.iLimit for stack limit
3349
3350 2011-01-20  Michael Saboff  <msaboff@apple.com>
3351
3352         Reviewed by Oliver Hunt.
3353
3354         <rdar://problem/8890203> [RegexFuzz] Crash in generated code (52773)
3355         https://bugs.webkit.org/show_bug.cgi?id=52773
3356
3357         Fixed case where an existing DataLabelPtr is overwritten.  The
3358         replacing DataLabelPtr is now resolved immediately in
3359         linkDataLabelToBacktrackIfExists().  Cleanup - eliminated bool
3360         return value for the routine as it was never used.
3361
3362         * yarr/YarrJIT.cpp:
3363         (JSC::Yarr::YarrGenerator::TermGenerationState::linkDataLabelToBacktrackIfExists):
3364
3365 2011-01-20  Andras Becsi  <abecsi@webkit.org>
3366
3367         Reviewed by Csaba Osztrogonác.
3368
3369         [Qt][WK2] WebKit2 enabled build fails to link
3370
3371         Work around undefined reference linking issues until the buildsystem gets redesigned.
3372         These issues first occured in minimal builds (see BUG 50519).
3373
3374         * JavaScriptCore.pri: link as whole-archive for WebKit2 builds
3375
3376 2011-01-20  Zoltan Horvath  <zoltan@webkit.org>
3377
3378         Reviewed by Csaba Osztrogonác.
3379
3380         Refactoring of the custom allocation framework
3381         https://bugs.webkit.org/show_bug.cgi?id=49897
3382
3383         Inheriting from FastAllocBase can result in objects getting larger (bug #33896, #46589).
3384         The modification replaces Noncopyable and FastAllocBase classes and these inherits with their
3385         equivalent macro implementation at the necessary places.
3386
3387         * wtf/FastAllocBase.h: Turn FastAllocBase's implementation into a macro.
3388
3389 2011-01-20  Mark Rowe  <mrowe@apple.com>
3390
3391         Reviewed by Maciej Stachowiak.
3392
3393         Follow-up to r75766 / <rdar://problem/5469576>.
3394
3395         We were failing to initialize the key, causing all sorts of unexpected behavior.
3396
3397         * wtf/FastMalloc.cpp:
3398         (WTF::setThreadHeap):
3399         (WTF::TCMalloc_ThreadCache::GetThreadHeap):
3400         (WTF::TCMalloc_ThreadCache::InitTSD): Ensure that the key is initialized.
3401
3402 2011-01-18  Geoffrey Garen  <ggaren@apple.com>
3403
3404         Reviewed by Darin Adler.
3405
3406         Rolled back in r76078, with crash fixed.
3407         https://bugs.webkit.org/show_bug.cgi?id=52668
3408         
3409         * runtime/JSGlobalObject.cpp:
3410         (JSC::JSGlobalObject::markChildren): Account for the fact that the global
3411         object moves its variables into and out of the register file. While out
3412         of the register file, the symbol table's size is not an accurate count
3413         for the size of the register array, since the BytecodeGenerator might
3414         be compiling, adding items to the symbol table.
3415         
3416 2011-01-18  Darin Adler  <darin@apple.com>
3417
3418         Reviewed by Geoffrey Garen.
3419
3420         Stack overflow when converting an Error object to string
3421         https://bugs.webkit.org/show_bug.cgi?id=46410
3422
3423         * Android.mk: Added StringRecursionChecker.cpp and
3424         StringRecursionChecker.h.
3425         * CMakeLists.txt: Ditto.
3426         * GNUmakefile.am: Ditto.
3427         * JavaScriptCore.gypi: Ditto.
3428         * JavaScriptCore.pro: Ditto.
3429         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: Ditto.
3430         * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
3431
3432         * runtime/ArrayPrototype.cpp:
3433         (JSC::arrayProtoFuncToString): Use StringRecursionChecker instead
3434         of the older hand-written code to do the same thing.
3435         (JSC::arrayProtoFuncToLocaleString): Ditto.
3436         (JSC::arrayProtoFuncJoin): Ditto.
3437
3438         * runtime/ErrorPrototype.cpp:
3439         (JSC::errorProtoFuncToString): Use StringRecursionChecker.
3440
3441         * runtime/JSGlobalData.h: Renamed arrayVisitedElements to
3442         stringRecursionCheckVisitedObjects.
3443
3444         * runtime/RegExpPrototype.cpp:
3445         (JSC::regExpProtoFuncToString): Use StringRecursionChecker.
3446
3447         * runtime/StringRecursionChecker.cpp: Added.
3448         * runtime/StringRecursionChecker.h: Added.
3449
3450 2011-01-19  Oliver Hunt  <oliver@apple.com>
3451
3452         Reviewed by Gavin Barraclough.
3453
3454         Remove non-spec support for callable RegExp
3455         https://bugs.webkit.org/show_bug.cgi?id=28285
3456
3457         Remove support for callable regexps.  If it breaks sites we can
3458         just roll this out.
3459
3460         * runtime/RegExpObject.cpp:
3461         * runtime/RegExpObject.h:
3462         * tests/mozilla/expected.html: update results.
3463
3464 2011-01-19  Antti Koivisto  <antti@apple.com>
3465
3466         Reviewed by Oliver Hunt.
3467
3468         Cache function offsets to speed up javascript parsing
3469         https://bugs.webkit.org/show_bug.cgi?id=52622
3470         
3471         Use cache to save function offsets and some other info.
3472         This avoids quite a bit of work when reparsing the source.
3473
3474         * parser/ASTBuilder.h:
3475         * parser/JSParser.cpp:
3476         (JSC::JSParser::CachedFunctionInfo::CachedFunctionInfo):
3477         (JSC::JSParser::CachedFunctionInfo::approximateByteSize):
3478         (JSC::JSParser::CachedFunctionInfo::closeBraceToken):
3479         (JSC::JSParser::Scope::copyCapturedVariablesToVector):
3480         (JSC::JSParser::Scope::saveFunctionInfo):
3481         (JSC::JSParser::Scope::restoreFunctionInfo):
3482         (JSC::JSParser::findCachedFunctionInfo):
3483         (JSC::JSParser::JSParser):
3484         (JSC::JSParser::parseProgram):
3485         (JSC::JSParser::parseFunctionInfo):
3486         * parser/Lexer.h:
3487         (JSC::Lexer::setOffset):
3488         (JSC::Lexer::setLineNumber):
3489         (JSC::Lexer::sourceProvider):
3490         * parser/SourceProvider.h:
3491         (JSC::SourceProviderCache::SourceProviderCache):
3492         (JSC::SourceProviderCache::~SourceProviderCache):
3493         (JSC::SourceProviderCache::byteSize):
3494         (JSC::SourceProviderCache::add):
3495         (JSC::SourceProviderCache::get):
3496         (JSC::SourceProvider::SourceProvider):
3497         (JSC::SourceProvider::~SourceProvider):
3498         (JSC::SourceProvider::cache):
3499         (JSC::SourceProvider::notifyCacheSizeChanged):
3500         (JSC::SourceProvider::cacheSizeChanged):
3501         * parser/SyntaxChecker.h:
3502
3503 2011-01-19  Mark Rowe  <mrowe@apple.com>
3504
3505         Reviewed by Darin Adler.
3506
3507         Follow-up to r75766 / <rdar://problem/5469576>.
3508
3509         * DerivedSources.make: Evaluate the SDKROOT variable correctly.
3510
3511 2011-01-19  Oliver Hunt  <oliver@apple.com>
3512
3513         Reviewed by Gavin Barraclough.
3514
3515         [jsfunfuzz] Defining a function called __proto__ inside an eval triggers an assertion
3516         https://bugs.webkit.org/show_bug.cgi?id=52672
3517
3518         Rather than coming up with a somewhat convoluted mechanism to ensure that
3519         developers can override the global objects prototype with a function named
3520         __proto__ and expect it to work, we just disallow it at the syntax level.
3521
3522         * parser/JSParser.cpp:
3523         (JSC::JSParser::parseFunctionInfo):
3524
3525 2011-01-19  Michael Saboff  <msaboff@apple.com>
3526
3527         Reviewed by Darin Adler.
3528
3529         <rdar://problem/8882994> Regression: Simple nested backtrack hangs
3530         https://bugs.webkit.org/show_bug.cgi?id=52675
3531
3532         The changeset (r76076) for https://bugs.webkit.org/show_bug.cgi?id=52540
3533         broke simple backtracking in some cases.  Reworked that change to 
3534         link both jumps and labels.
3535
3536         * yarr/YarrJIT.cpp:
3537         (JSC::Yarr::YarrGenerator::BacktrackDestination::hasBacktrackToLabel):
3538         (JSC::Yarr::YarrGenerator::TermGenerationState::propagateBacktrackingFrom):
3539         (JSC::Yarr::YarrGenerator::generateParenthesesSingle):
3540