71f648acdc12d78072e4b1c889b440f8dd980583
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-28  Kent Tamura  <tkent@chromium.org>
2
3         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
4         https://bugs.webkit.org/show_bug.cgi?id=65300
5
6         Reviewed by Darin Adler.
7
8         r91837 had performance regression of StringImpl::stripWhiteSpace()
9         and simplifyWhiteSpace(). This changes the code so that compilers
10         generates code equivalent to r91836 or piror.
11
12         * wtf/text/StringImpl.cpp:
13         (WTF::StringImpl::stripMatchedCharacters):
14         A template member function for stripWhiteSpace(). This function takes a functor.
15         (WTF::UCharPredicate):
16         A functor for generic predicate for single UChar argument.
17         (WTF::SpaceOrNewlinePredicate):
18         A special functor for isSpaceOrNewline().
19         (WTF::StringImpl::stripWhiteSpace):
20         Use stripmatchedCharacters().
21         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
22         A template member function for simplifyWhiteSpace().
23         (WTF::StringImpl::simplifyWhiteSpace):
24         Use simplifyMatchedCharactersToSpace().
25         * wtf/text/StringImpl.h:
26
27 2011-07-27  Dmitry Lomov  <dslomov@google.com>
28
29         [chromium] Turn on WTF_MULTIPLE_THREADS.
30         https://bugs.webkit.org/show_bug.cgi?id=61017
31         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
32         pushes some relevant initializations from JSC::initializeThreading
33         to WTF::initializeThreading.
34
35         Reviewed by David Levin.
36
37         * runtime/InitializeThreading.cpp:
38         (JSC::initializeThreadingOnce):
39         * wtf/FastMalloc.cpp:
40         (WTF::isForbidden):
41         (WTF::fastMallocForbid):
42         (WTF::fastMallocAllow):
43         * wtf/Platform.h:
44         * wtf/ThreadingPthreads.cpp:
45         (WTF::initializeThreading):
46         * wtf/ThreadingWin.cpp:
47         (WTF::initializeThreading):
48         * wtf/gtk/ThreadingGtk.cpp:
49         (WTF::initializeThreading):
50         * wtf/qt/ThreadingQt.cpp:
51         (WTF::initializeThreading):
52
53 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
54
55         Remove operator new from JSCell
56         https://bugs.webkit.org/show_bug.cgi?id=64999
57
58         Reviewed by Oliver Hunt.
59
60         Removed the implementation of operator new in JSCell, so any further uses
61         will not successfully link.  Also removed any remaining uses of operator new.
62
63         * API/JSContextRef.cpp:
64         * debugger/DebuggerActivation.h:
65         (JSC::DebuggerActivation::create):
66         * interpreter/Interpreter.cpp:
67         (JSC::Interpreter::execute):
68         (JSC::Interpreter::createExceptionScope):
69         (JSC::Interpreter::privateExecute):
70         * jit/JITStubs.cpp:
71         (JSC::DEFINE_STUB_FUNCTION):
72         * runtime/JSCell.h:
73         * runtime/JSGlobalObject.h:
74         (JSC::JSGlobalObject::create):
75         * runtime/JSStaticScopeObject.h:
76         (JSC::JSStaticScopeObject::create):
77         (JSC::JSStaticScopeObject::JSStaticScopeObject):
78         * runtime/StrictEvalActivation.h:
79         (JSC::StrictEvalActivation::create):
80
81 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
82
83         DFG graph has no notion of double prediction.
84         https://bugs.webkit.org/show_bug.cgi?id=65234
85
86         Reviewed by Gavin Barraclough.
87         
88         Added the notion of PredictDouble, and PredictNumber, which is the least
89         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
90         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
91         and Top is defined as all bits being set.  Added the ability to explicitly
92         distinguish between a node having had a prediction associated with it,
93         and that prediction still being valid (i.e. no conflicting predictions
94         have also been added).  Used this to guard the speculative JIT from
95         speculating Int32 in cases where the graph knows that the value is
96         double, which currently only happens for GetLocal nodes on arguments
97         which were double at compile-time.
98
99         * dfg/DFGGraph.cpp:
100         (JSC::DFG::Graph::predictArgumentTypes):
101         * dfg/DFGGraph.h:
102         (JSC::DFG::isCellPrediction):
103         (JSC::DFG::isArrayPrediction):
104         (JSC::DFG::isInt32Prediction):
105         (JSC::DFG::isDoublePrediction):
106         (JSC::DFG::isNumberPrediction):
107         * dfg/DFGSpeculativeJIT.cpp:
108         (JSC::DFG::SpeculativeJIT::compile):
109         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
110         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
111         * dfg/DFGSpeculativeJIT.h:
112         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
113
114 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
115
116         https://bugs.webkit.org/show_bug.cgi?id=65294
117         DFG JIT - may speculate based on wrong arguments.
118
119         Reviewed by Oliver Hunt
120
121         In the case of a DFG compiled function calling to and compiling a second function that
122         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
123         we call compileFor passing the caller functions exec state, rather than the callee's.
124         This may lead to mis-optimization, since the DFG compiler will example the exec state's
125         arguments on the assumption that these will be passed to the callee - it is wanting the
126         callee exec state, not the caller's exec state.
127
128         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
129         function is compiled, & the structure of the calls in the Interpreter::execute methods.
130         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
131         for now.
132
133         * dfg/DFGOperations.cpp:
134         * runtime/Executable.cpp:
135         (JSC::tryDFGCompile):
136         (JSC::tryDFGCompileFunction):
137         (JSC::FunctionExecutable::compileForCallInternal):
138         * runtime/Executable.h:
139         (JSC::FunctionExecutable::compileForCall):
140         (JSC::FunctionExecutable::compileFor):
141
142 2011-07-27  Oliver Hunt  <oliver@apple.com>
143
144         Handle callback oriented JSONP
145         https://bugs.webkit.org/show_bug.cgi?id=65271
146
147         Reviewed by Gavin Barraclough.
148
149         Handle the callback oriented versions of JSONP.  The Literal parser
150         now handles <Identifier> (. <Identifier>)* (jsonData).
151
152         * interpreter/Interpreter.cpp:
153         (JSC::Interpreter::execute):
154         * runtime/LiteralParser.cpp:
155         (JSC::LiteralParser::tryJSONPParse):
156         (JSC::LiteralParser::Lexer::lex):
157         * runtime/LiteralParser.h:
158
159 2011-07-27  Stephanie Lewis  <slewis@apple.com>
160
161         Revert http://trac.webkit.org/changeset/90415.
162         Caused a 5% sunspider regression in-browser.
163
164         Unreviewed rollout.
165
166         * bytecode/CodeBlock.cpp:
167         (JSC::CodeBlock::visitAggregate):
168         * heap/Heap.cpp:
169         (JSC::Heap::collectAllGarbage):
170         * heap/MarkStack.h:
171         (JSC::MarkStack::MarkStack):
172         * runtime/JSGlobalData.cpp:
173         (JSC::JSGlobalData::releaseExecutableMemory):
174         * runtime/RegExp.cpp:
175         (JSC::RegExp::compile):
176         (JSC::RegExp::invalidateCode):
177         * runtime/RegExp.h:
178
179 2011-07-27  Shinya Kawanaka  <shinyak@google.com>
180
181         Added an interface to take IsWhiteSpaceFunctionPtr.
182         https://bugs.webkit.org/show_bug.cgi?id=57746
183
184         Reviewed by Kent Tamura.
185
186         * wtf/text/StringImpl.cpp:
187         (WTF::StringImpl::stripWhiteSpace):
188           Added an interface to take IsWhiteSpaceFunctionPtr.
189         (WTF::StringImpl::simplifyWhiteSpace): ditto.
190         * wtf/text/StringImpl.h:
191         * wtf/text/WTFString.cpp:
192         (WTF::String::stripWhiteSpace): ditto.
193         (WTF::String::simplifyWhiteSpace): ditto.
194         * wtf/text/WTFString.h:
195
196 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
197
198         DFG JIT speculation failure code performs incorrect conversions in
199         the case where two registers need to be swapped.
200         https://bugs.webkit.org/show_bug.cgi?id=65233
201
202         Reviewed by Gavin Barraclough.
203         
204         * dfg/DFGJITCompiler.cpp:
205         (JSC::DFG::GeneralizedRegister::swapWith):
206
207 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
208
209         reduce and reduceRight bind callback's this to null rather than undefined
210         https://bugs.webkit.org/show_bug.cgi?id=62264
211
212         Reviewed by Oliver Hunt.
213
214         Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
215         when calling the callback function without an argument for this, which means it should 
216         be undefined according to ES 15.4.4.21 and 15.4.4.22.
217
218         * runtime/ArrayPrototype.cpp:
219         (JSC::arrayProtoFuncReduce):
220         (JSC::arrayProtoFuncReduceRight):
221
222 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
223
224         JSC command-line tool does not come with any facility for
225         measuring time precisely.
226         https://bugs.webkit.org/show_bug.cgi?id=65223
227
228         Reviewed by Gavin Barraclough.
229         
230         Exposed WTF::currentTime() as currentTimePrecise().
231
232         * jsc.cpp:
233         (GlobalObject::GlobalObject):
234         (functionPreciseTime):
235
236 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
237
238         DFG speculative JIT never emits inline double comparisons, even when it
239         would be obvious more efficient to do so.
240         https://bugs.webkit.org/show_bug.cgi?id=65212
241
242         Reviewed by Gavin Barraclough.
243         
244         This handles the obvious case of inlining double comparisons: it only addresses
245         the speculative JIT, and only for fused compare/branch sequences.  But it does
246         handle the case where both operands are double (and there is no slow path),
247         or where one operand is double and the other is unknown type (in which case it
248         attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
249         speed-up on SunSpider.
250
251         * dfg/DFGSpeculativeJIT.cpp:
252         (JSC::DFG::SpeculativeJIT::convertToDouble):
253         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
254         (JSC::DFG::SpeculativeJIT::compare):
255         (JSC::DFG::SpeculativeJIT::compile):
256         * dfg/DFGSpeculativeJIT.h:
257         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
258         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
259
260 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
261
262         https://bugs.webkit.org/show_bug.cgi?id=64969
263         DFG JIT generates inefficient code for speculation failures.
264
265         Reviewed by Gavin Barraclough.
266         
267         This implements a speculation failure strategy where (1) values spilled on
268         non-speculative but not spilled on speculative are spilled, (2) values that
269         are in registers on both paths are rearranged without ever touching memory,
270         and (3) values spilled on speculative but not spilled on non-speculative are
271         filled.
272         
273         The register shuffling is the most interesting part of this patch.  It
274         constructs a permutation graph for registers.  Each node represents a
275         register, and each directed edge corresponds to the register's value having
276         to be moved to a different register as part of the shuffling.  This is a
277         directed graph where each node may only have 0 or 1 incoming edges, and
278         0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
279         subgraphs where all nodes in the subgraph are reachable from a start node.
280         Such subgraphs always resemble linked lists, and correspond to simply
281         moving the value in the second-to-last register into the last register, and
282         then moving the value in the third-to-last register into the second-to-last
283         register, and so on.  Once these subgraphs are taken care of, the remaining
284         subgraphs are cycles, and are handled using either (a) conversion or no-op
285         if the cycle involves one node, (b) swap if it involves two nodes, or (c)
286         a cyclic shuffle involving a scratch register if there are three or more
287         nodes.
288         
289         * dfg/DFGGenerationInfo.h:
290         (JSC::DFG::needDataFormatConversion):
291         * dfg/DFGJITCompiler.cpp:
292         (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
293         (JSC::DFG::GeneralizedRegister::createGPR):
294         (JSC::DFG::GeneralizedRegister::createFPR):
295         (JSC::DFG::GeneralizedRegister::dump):
296         (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
297         (JSC::DFG::GeneralizedRegister::findInEntryLocation):
298         (JSC::DFG::GeneralizedRegister::previousDataFormat):
299         (JSC::DFG::GeneralizedRegister::nextDataFormat):
300         (JSC::DFG::GeneralizedRegister::convert):
301         (JSC::DFG::GeneralizedRegister::moveTo):
302         (JSC::DFG::GeneralizedRegister::swapWith):
303         (JSC::DFG::ShuffledRegister::ShuffledRegister):
304         (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
305         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
306         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
307         (JSC::DFG::ShuffledRegister::lookup):
308         (JSC::DFG::lookupForRegister):
309         (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
310         (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
311         (JSC::DFG::NodeToRegisterMap::set):
312         (JSC::DFG::NodeToRegisterMap::end):
313         (JSC::DFG::NodeToRegisterMap::find):
314         (JSC::DFG::NodeToRegisterMap::clear):
315         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
316         (JSC::DFG::JITCompiler::linkSpeculationChecks):
317         * dfg/DFGJITCompiler.h:
318         * dfg/DFGNonSpeculativeJIT.cpp:
319         (JSC::DFG::EntryLocation::EntryLocation):
320         * dfg/DFGNonSpeculativeJIT.h:
321         * dfg/DFGSpeculativeJIT.cpp:
322         (JSC::DFG::SpeculationCheck::SpeculationCheck):
323         * dfg/DFGSpeculativeJIT.h:
324
325 2011-07-26  Oliver Hunt  <oliver@apple.com>
326
327         Buffer overflow creating error messages for JSON.parse
328         https://bugs.webkit.org/show_bug.cgi?id=65211
329
330         Reviewed by Darin Adler.
331
332         Parse string length to the UString constructor.
333
334         * runtime/LiteralParser.cpp:
335         (JSC::LiteralParser::parse):
336
337 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
338
339         Refactor automatically generated JS DOM bindings to replace operator new with static create methods
340         https://bugs.webkit.org/show_bug.cgi?id=64732
341
342         Reviewed by Oliver Hunt.
343
344         Replacing the public constructors in the automatically generated JS DOM bindings with static 
345         create methods.  JSByteArray is used by several of these bindings in WebCore.
346
347         * JavaScriptCore.exp:
348         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
349         * runtime/JSByteArray.cpp:
350         (JSC::JSByteArray::create):
351         * runtime/JSByteArray.h:
352
353 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
354
355         Unreviewed build fix for Qt/Linux.
356
357         On platforms with no glib and gstreamer we should not build javascriptcore
358         with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
359
360         * wtf/wtf.pri:
361
362 2011-07-26  Juan C. Montemayor  <jmont@apple.com>
363
364         JSON errors should be informative
365         https://bugs.webkit.org/show_bug.cgi?id=63339
366
367         Added error messages to the JSON Parser.
368
369         Reviewed by Oliver Hunt.
370
371         * runtime/JSONObject.cpp:
372         (JSC::JSONProtoFuncParse):
373         * runtime/LiteralParser.cpp:
374         (JSC::LiteralParser::Lexer::lex):
375         (JSC::LiteralParser::Lexer::lexString):
376         (JSC::LiteralParser::Lexer::lexNumber):
377         (JSC::LiteralParser::parse):
378         * runtime/LiteralParser.h:
379         (JSC::LiteralParser::getErrorMessage):
380         (JSC::LiteralParser::Lexer::sawError):
381         (JSC::LiteralParser::Lexer::getErrorMessage):
382
383 2011-07-26  Sheriff Bot  <webkit.review.bot@gmail.com>
384
385         Unreviewed, rolling out r91746.
386         http://trac.webkit.org/changeset/91746
387         https://bugs.webkit.org/show_bug.cgi?id=65180
388
389         It broke SL build (Requested by Ossy on #webkit).
390
391         * wtf/text/StringImpl.cpp:
392         (WTF::StringImpl::stripWhiteSpace):
393         (WTF::StringImpl::simplifyWhiteSpace):
394         * wtf/text/StringImpl.h:
395         * wtf/text/WTFString.cpp:
396         * wtf/text/WTFString.h:
397
398 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
399
400         Reviewed by Andreas Kling.
401
402         [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
403         https://bugs.webkit.org/show_bug.cgi?id=63472
404
405         Enable the bits needed for GStreamer only when QtMultimedia is not used.
406
407         * wtf/wtf.pri:
408
409 2011-07-26  Shinya Kawanaka  <shinyak@google.com>
410
411         Added an interface to take IsWhiteSpaceFunctionPtr.
412         https://bugs.webkit.org/show_bug.cgi?id=57746
413
414         Reviewed by Kent Tamura.
415
416         * wtf/text/StringImpl.cpp:
417         (WTF::StringImpl::stripWhiteSpace):
418           Added an interface to take IsWhiteSpaceFunctionPtr.
419         (WTF::StringImpl::simplifyWhiteSpace): ditto.
420         * wtf/text/StringImpl.h:
421         * wtf/text/WTFString.cpp:
422         (WTF::String::stripWhiteSpace): ditto.
423         (WTF::String::simplifyWhiteSpace): ditto.
424         * wtf/text/WTFString.h:
425
426 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
427
428         DFG non-speculative JIT emits inefficient code for arithmetic
429         involving two registers
430         https://bugs.webkit.org/show_bug.cgi?id=65160
431
432         Reviewed by Gavin Barraclough.
433         
434         The non-speculative JIT now emits inline code for double arithmetic, but
435         still attempts integer arithmetic first.  This is a speed-up on SunSpider
436         (albeit a small one), and a large speed-up on Kraken.
437
438         * dfg/DFGNonSpeculativeJIT.cpp:
439         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
440
441 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
442
443         [EFL] Build break with --debug after r89153.
444         https://bugs.webkit.org/show_bug.cgi?id=65150
445
446         Unreviewed build fix.
447
448         * wtf/CMakeListsEfl.txt: Add missing libraries.
449
450 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
451
452         DFG non-speculative JIT emits obviously inefficient code for arithmetic
453         where one operand is a constant.
454         https://bugs.webkit.org/show_bug.cgi?id=65146
455
456         Reviewed by Gavin Barraclough.
457         
458         Changed the code to emit double arithmetic inline.
459
460         * dfg/DFGNonSpeculativeJIT.cpp:
461         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
462
463 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
464
465         DFG JIT bytecode parser misuses pointers into objects allocated as part of a
466         WTF::Vector.
467         https://bugs.webkit.org/show_bug.cgi?id=65128
468
469         Reviewed by Gavin Barraclough.
470         
471         The bytecode parser code seems to be right to have a DFGNode& phiNode reference
472         into the graph, since this makes the code greatly more readable.  This patch
473         thus makes the minimal change necessary to make the code right: it uses a
474         pointer (to disambiguate between reloading the pointer and performing a
475         copy from one location of the vector to another) and reloads it after the
476         calls to addToGraph().
477
478         * dfg/DFGByteCodeParser.cpp:
479         (JSC::DFG::ByteCodeParser::processPhiStack):
480
481 2011-07-25  Sheriff Bot  <webkit.review.bot@gmail.com>
482
483         Unreviewed, rolling out r91686.
484         http://trac.webkit.org/changeset/91686
485         https://bugs.webkit.org/show_bug.cgi?id=65144
486
487         1.5% regression in JSC (Requested by jmontemayor on #webkit).
488
489         * runtime/JSONObject.cpp:
490         (JSC::JSONProtoFuncParse):
491         * runtime/LiteralParser.cpp:
492         (JSC::LiteralParser::Lexer::lex):
493         (JSC::LiteralParser::Lexer::lexString):
494         (JSC::LiteralParser::Lexer::lexNumber):
495         (JSC::LiteralParser::parse):
496         * runtime/LiteralParser.h:
497
498 2011-07-25  Jon Lee  <jonlee@apple.com>
499
500         Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
501         https://bugs.webkit.org/show_bug.cgi?id=65132
502         <rdar://problem/9836297>
503         
504         Reviewed by Oliver Hunt.
505         
506         Make sure the JIT is available to use before running the following calls:
507
508         * bytecode/CodeBlock.cpp:
509         (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
510         * bytecode/CodeBlock.h:
511         (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
512
513 2011-07-25  Juan C. Montemayor  <jmont@apple.com>
514
515         JSON errors should be informative
516         https://bugs.webkit.org/show_bug.cgi?id=63339
517
518         Added error messages to the JSON Parser.
519
520         Reviewed by Oliver Hunt.
521
522         * runtime/JSONObject.cpp:
523         (JSC::JSONProtoFuncParse):
524         * runtime/LiteralParser.cpp:
525         (JSC::LiteralParser::Lexer::lex):
526         (JSC::LiteralParser::Lexer::lexString):
527         (JSC::LiteralParser::Lexer::lexNumber):
528         (JSC::LiteralParser::parse):
529         * runtime/LiteralParser.h:
530         (JSC::LiteralParser::getErrorMessage):
531         (JSC::LiteralParser::Lexer::sawError):
532         (JSC::LiteralParser::Lexer::getErrorMessage):
533
534 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
535
536         X86-64 assembler emits three instructions instead of two for certain
537         loads and stores.
538         https://bugs.webkit.org/show_bug.cgi?id=65095
539
540         Reviewed by Gavin Barraclough.
541         
542         Simply made these four methods in the assembler use the scratch register,
543         which they were previously avoiding.  It still optimizes for the case where
544         an absolute address memory accesses is using EAX.  This results in a slight
545         performance improvement.
546
547         * assembler/MacroAssemblerX86_64.h:
548         (JSC::MacroAssemblerX86_64::load32):
549         (JSC::MacroAssemblerX86_64::store32):
550         (JSC::MacroAssemblerX86_64::loadPtr):
551         (JSC::MacroAssemblerX86_64::storePtr):
552
553 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
554
555         [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
556         https://bugs.webkit.org/show_bug.cgi?id=64354
557
558         Use ecore_time_unix_get which returns unix time as double type for currentTime
559         and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
560
561         Reviewed by Kent Tamura.
562
563         * wtf/CurrentTime.cpp:
564         (WTF::currentTime):
565         (WTF::monotonicallyIncreasingTime):
566
567 2011-07-22  Sommer Panage  <panage@apple.com>
568
569         Reviewed by Oliver Hunt.
570
571         export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
572         https://bugs.webkit.org/show_bug.cgi?id=64981
573
574         UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
575         Currently, the C API does not provide the tools to do this. However, the private API
576         does expose the necessary functionality to get a backtrace
577         (via Interpreter::retrieveLastCaller). We recognize this information may result in
578         failure in the cases of programs run by 'eval', stack frames beneath host function
579         call frames, and in programs run from other programs. Thus, we propose exporting our
580         JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
581         we need while not advertising an API that isn't really ready for full use.
582
583         * API/JSContextRef.cpp:
584         * API/JSContextRefPrivate.h:
585         * JavaScriptCore.exp:
586
587
588 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
589
590         https://bugs.webkit.org/show_bug.cgi?id=65051
591         DFG JIT - Enable by default for mac platform on x86-64.
592
593         Rubber Stamped by Geoff Garen.
594
595         This is now a performance progression.
596
597         * wtf/Platform.h:
598             - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
599
600 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
601
602         https://bugs.webkit.org/show_bug.cgi?id=65047
603         DFG JIT - Add support for op_resolve/op_resolve_base
604
605         Reviewed by Sam Weinig.
606
607         These are necessary for any significant eval code coverage
608         (and as such increase LayoutTest coverage).
609
610         * dfg/DFGAliasTracker.h:
611         (JSC::DFG::AliasTracker::recordResolve):
612             - Conservatively blow aliasing optimizations for now.
613         * dfg/DFGByteCodeParser.cpp:
614         (JSC::DFG::ByteCodeParser::parseBlock):
615             - Add support for op_resolve/op_resolve_base.
616         * dfg/DFGJITCodeGenerator.h:
617         (JSC::DFG::JITCodeGenerator::callOperation):
618             - Add call with exec, identifer aguments.
619         * dfg/DFGNode.h:
620             - Add new node types.
621         (JSC::DFG::Node::hasIdentifier):
622             - Resolve nodes have identifiers, too!
623         * dfg/DFGNonSpeculativeJIT.cpp:
624         (JSC::DFG::NonSpeculativeJIT::compile):
625             - Add generation for new Nodes.
626         * dfg/DFGOperations.cpp:
627         * dfg/DFGOperations.h:
628             - Added new operations.
629         * dfg/DFGSpeculativeJIT.cpp:
630         (JSC::DFG::SpeculativeJIT::compile):
631             - Add generation for new Nodes.
632
633 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
634
635         https://bugs.webkit.org/show_bug.cgi?id=65036
636         Messing with the register allocation within flow control = badness.
637
638         Reviewed by Sam Weinig.
639
640         * dfg/DFGNonSpeculativeJIT.cpp:
641         (JSC::DFG::NonSpeculativeJIT::compile):
642             - Fix register allocation.
643
644 2011-07-22  Mark Hahnenberg  <mhahnenberg@apple.com>
645
646         Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
647         https://bugs.webkit.org/show_bug.cgi?id=63986
648
649         Reviewed by Geoffrey Garen.
650
651         Changed the implementation of Date.prototype.toISOString() to use the extended year
652         format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
653
654         * runtime/DatePrototype.cpp:
655         (JSC::dateProtoFuncToISOString):
656
657 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
658
659         Windows build fix
660
661         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
662
663 2011-07-21  Ryosuke Niwa  <rniwa@webkit.org>
664
665         Build fix after r91555.
666
667         * JavaScriptCore.exp:
668
669 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
670
671         https://bugs.webkit.org/show_bug.cgi?id=19271
672         eliminate PIC branches by changing NaN handling in JSValue::toNumber
673
674         Reviewed by Sam Weinig.
675
676         Moving the non-numeric cases out of line seems to be a consistent
677         win on SunSpider for me, to the order of about 0.5%.
678
679         * runtime/JSCell.h:
680         (JSC::JSCell::JSValue::toNumber):
681             - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
682         * runtime/JSValue.cpp:
683         (JSC::JSValue::toNumberSlowCase):
684             - Added toNumberSlowCase, handling non-numeric cases.
685         * runtime/JSValue.h:
686             - Add declaration of toNumberSlowCase.
687
688 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
689
690         https://bugs.webkit.org/show_bug.cgi?id=64875
691         Use of `yield` keyword is broken
692
693         Reviewed by Sam Weinig.
694
695         * parser/Lexer.cpp:
696         (JSC::Lexer::parseIdentifier):
697             - The bug here is that a successful match of a RESERVED_IF_STRICT token from
698               parseKeyword is being nullified back to IDENT. The problem is that in the
699               case of IDENT matches parseKeyword should not move the lexer's input
700               position, but in the case of RESERVED_IF_STRICT it has done so.
701
702 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
703
704         https://bugs.webkit.org/show_bug.cgi?id=64900
705         Function.prototype.apply should accept an array-like object as its second argument
706
707         Reviewed by Sam Weinig.
708
709         * interpreter/Interpreter.cpp:
710         (JSC::Interpreter::privateExecute):
711         * jit/JITStubs.cpp:
712         (JSC::DEFINE_STUB_FUNCTION):
713         * runtime/FunctionPrototype.cpp:
714         (JSC::functionProtoFuncApply):
715             - Remove the type error if object is not an array.
716
717 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
718
719         https://bugs.webkit.org/show_bug.cgi?id=64964
720         DFG JIT - Enable support for eval code
721
722         Reviewed by Sam Weinig.
723
724         This is basically the same as program code, to the JIT!
725
726         * bytecode/Opcode.cpp:
727         * bytecode/Opcode.h:
728             - Enable opcodeNames in !NDEBUG builds.
729         * dfg/DFGOperations.cpp:
730             - Fix a bug exposed by eval support, throw correct type error for new.
731         * runtime/Executable.cpp:
732         (JSC::EvalExecutable::compileInternal):
733             - Enable DFG JIT for eval code.
734
735 2011-07-20  Sheriff Bot  <webkit.review.bot@gmail.com>
736
737         Unreviewed, rolling out r91380.
738         http://trac.webkit.org/changeset/91380
739         https://bugs.webkit.org/show_bug.cgi?id=64924
740
741         Caused assertion failures in Chromium's IndexedDB tests
742         (Requested by rniwa on #webkit).
743
744         * wtf/ThreadIdentifierDataPthreads.cpp:
745         (WTF::ThreadIdentifierData::identifier):
746         (WTF::ThreadIdentifierData::initialize):
747         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
748         (WTF::ThreadIdentifierData::initializeKeyOnce):
749         * wtf/ThreadIdentifierDataPthreads.h:
750         * wtf/ThreadingPthreads.cpp:
751         (WTF::initializeThreading):
752
753 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
754
755         DFG non-speculative JIT does not use() the aliased GetByVal,
756         resulting in bloated use counts.
757         https://bugs.webkit.org/show_bug.cgi?id=64911
758
759         Reviewed by Gavin Barraclough.
760         
761         Inserted a call to use() for the aliased GetByVal.
762
763         * dfg/DFGNonSpeculativeJIT.cpp:
764         (JSC::DFG::NonSpeculativeJIT::compile):
765
766 2011-07-20  Gavin Barraclough  <barraclough@apple.com>
767
768         https://bugs.webkit.org/show_bug.cgi?id=64909
769         DFG JIT - Missing ToInt32 conversions for double constants.
770
771         Reviewed by Sam Weinig.
772
773         * dfg/DFGByteCodeParser.cpp:
774         (JSC::DFG::ByteCodeParser::toInt32):
775             - We cannot trivially omit ToInt32 conversions on double constants.
776
777 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
778
779         DFG speculative JIT sometimes claims to use compare operands twice, leading to
780         use count corruption.
781         https://bugs.webkit.org/show_bug.cgi?id=64903
782
783         Reviewed by Gavin Barraclough.
784         
785         Move the calls to use() in SpeculativeJIT::compare() so that they only happen
786         if the JITCodeGenerator's helper method (which also calls use()) is not called.
787
788         * dfg/DFGSpeculativeJIT.cpp:
789         (JSC::DFG::SpeculativeJIT::compare):
790
791 2011-07-20  Oliver Hunt  <oliver@apple.com>
792
793         Don't throw away code when JSGarbageCollect API is called
794         https://bugs.webkit.org/show_bug.cgi?id=64894
795
796         Reviewed by Sam Weinig.
797
798         Just call collectAllGarbage.  That will clean up all unneeded
799         code without causing any pathological recompilation problems.
800
801         * API/JSBase.cpp:
802         (JSGarbageCollect):
803
804 2011-07-20  Oliver Hunt  <oliver@apple.com>
805
806         Codeblock doesn't visit cached structures in global resolve instructions
807         https://bugs.webkit.org/show_bug.cgi?id=64889
808
809         Reviewed by Sam Weinig.
810
811         Visit the global resolve instructions.  This fixes a couple
812         of random crashes seen in the jquery tests when using the
813         interpreter.
814
815         * bytecode/CodeBlock.cpp:
816         (JSC::CodeBlock::visitAggregate):
817
818 2011-07-20  James Robinson  <jamesr@chromium.org>
819
820         Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
821         https://bugs.webkit.org/show_bug.cgi?id=64841
822
823         Reviewed by Mark Rowe.
824
825         http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
826         monotonic clock instead of WTF::currentTime().  This broke many plugin tests on WebKit2 for reasons that are
827         unclear.  This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
828
829         * wtf/ThreadingPthreads.cpp:
830         (WTF::ThreadCondition::timedWait):
831         * wtf/ThreadingWin.cpp:
832         (WTF::absoluteTimeToWaitTimeoutInterval):
833         * wtf/gtk/ThreadingGtk.cpp:
834         (WTF::ThreadCondition::timedWait):
835         * wtf/qt/ThreadingQt.cpp:
836         (WTF::ThreadCondition::timedWait):
837
838 2011-07-14  David Levin  <levin@chromium.org>
839
840         currentThread is too slow!
841         https://bugs.webkit.org/show_bug.cgi?id=64577
842
843         Reviewed by Darin Adler and Dmitry Titov.
844
845         The problem is that currentThread results in a pthread_once call which always takes a lock.
846         With this change, currentThread is 10% faster than isMainThread in release mode and only
847         5% slower than isMainThread in debug.
848
849         * wtf/ThreadIdentifierDataPthreads.cpp:
850         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
851         which is no longer needed because this is called from initializeThreading().
852         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
853         intialization of the pthread key should already be done.
854         (WTF::ThreadIdentifierData::initialize): Ditto.
855         * wtf/ThreadIdentifierDataPthreads.h:
856         * wtf/ThreadingPthreads.cpp:
857         (WTF::initializeThreading): Acquire the pthread key here.
858
859 2011-07-20  Mark Rowe  <mrowe@apple.com>
860
861         Fix the 32-bit build.
862
863         * runtime/ObjectPrototype.cpp:
864         (JSC::objectProtoFuncToString):
865
866 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
867
868         https://bugs.webkit.org/show_bug.cgi?id=64678
869         Fix bugs in Object.prototype this handling.
870
871         Reviewed by Darin Adler.
872
873         Fix ES5.1 correctness issues identified by Mads Ager.
874
875         * runtime/ObjectPrototype.cpp:
876         (JSC::objectProtoFuncToString):
877             - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
878
879 2011-07-19  Mark Hahnenberg  <mhahnenberg@apple.com>
880
881         [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
882         https://bugs.webkit.org/show_bug.cgi?id=63918
883
884         Reviewed by Darin Adler.
885
886         When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
887         method due to additional string copying within several of the constructors when dealing with 
888         UStrings.  This has been added to the UString version of the appendStringInConstruct method 
889         within the JSString class.
890
891         * runtime/JSString.h:
892         (JSC::RopeBuilder::JSString):
893         (JSC::RopeBuilder::appendStringInConstruct):
894
895 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
896
897         https://bugs.webkit.org/show_bug.cgi?id=64679
898         Fix bugs in Array.prototype this handling.
899
900         Reviewed by Oliver Hunt.
901
902         * runtime/ArrayPrototype.cpp:
903         (JSC::arrayProtoFuncJoin):
904         (JSC::arrayProtoFuncConcat):
905         (JSC::arrayProtoFuncPop):
906         (JSC::arrayProtoFuncPush):
907         (JSC::arrayProtoFuncReverse):
908         (JSC::arrayProtoFuncShift):
909         (JSC::arrayProtoFuncSlice):
910         (JSC::arrayProtoFuncSort):
911         (JSC::arrayProtoFuncSplice):
912         (JSC::arrayProtoFuncUnShift):
913         (JSC::arrayProtoFuncFilter):
914         (JSC::arrayProtoFuncMap):
915         (JSC::arrayProtoFuncEvery):
916         (JSC::arrayProtoFuncForEach):
917         (JSC::arrayProtoFuncSome):
918         (JSC::arrayProtoFuncReduce):
919         (JSC::arrayProtoFuncReduceRight):
920         (JSC::arrayProtoFuncIndexOf):
921         (JSC::arrayProtoFuncLastIndexOf):
922             - These methods should throw if this value is undefined.
923
924 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
925
926         https://bugs.webkit.org/show_bug.cgi?id=64677
927         Fix bugs in String.prototype this handling.
928
929         Reviewed by Oliver Hunt.
930
931         undefined/null this values should throw TypeErrors, not convert to
932         the global object, and primitive values should not be converted via
933         object types.
934
935         * runtime/StringPrototype.cpp:
936         (JSC::stringProtoFuncReplace):
937         (JSC::stringProtoFuncCharAt):
938         (JSC::stringProtoFuncCharCodeAt):
939         (JSC::stringProtoFuncIndexOf):
940         (JSC::stringProtoFuncLastIndexOf):
941         (JSC::stringProtoFuncMatch):
942         (JSC::stringProtoFuncSearch):
943         (JSC::stringProtoFuncSlice):
944         (JSC::stringProtoFuncSplit):
945         (JSC::stringProtoFuncSubstr):
946         (JSC::stringProtoFuncSubstring):
947         (JSC::stringProtoFuncToLowerCase):
948         (JSC::stringProtoFuncToUpperCase):
949         (JSC::stringProtoFuncLocaleCompare):
950         (JSC::stringProtoFuncBig):
951         (JSC::stringProtoFuncSmall):
952         (JSC::stringProtoFuncBlink):
953         (JSC::stringProtoFuncBold):
954         (JSC::stringProtoFuncFixed):
955         (JSC::stringProtoFuncItalics):
956         (JSC::stringProtoFuncStrike):
957         (JSC::stringProtoFuncSub):
958         (JSC::stringProtoFuncSup):
959         (JSC::stringProtoFuncFontcolor):
960         (JSC::stringProtoFuncFontsize):
961         (JSC::stringProtoFuncAnchor):
962         (JSC::stringProtoFuncLink):
963         (JSC::trimString):
964             - These methods should throw if this value is undefined,
965               convert ToString directly, not via ToObject.
966
967 2011-07-19  Filip Pizlo  <fpizlo@apple.com>
968
969         DFG JIT sometimes emits spill code even when the respective values
970         are never needed.
971         https://bugs.webkit.org/show_bug.cgi?id=64774
972
973         Reviewed by Gavin Barraclough.
974         
975         The main high-level change is that it is now easier to call use() on a
976         virtual register.  JSValueOperand and its other-typed relatives now have
977         a handy use() method, and jsValueResult() and friends now make it easier to
978         pass UseChildrenCalledExplicitly.
979         
980         The rest of this patch hoists the call to use() as high as possible for
981         all of those cases where either flushRegisters() or silentSpillAllRegisters()
982         may be called.
983
984         * dfg/DFGJITCodeGenerator.cpp:
985         (JSC::DFG::JITCodeGenerator::cachedGetById):
986         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
987         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
988         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
989         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
990         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
991         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
992         (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
993         (JSC::DFG::JITCodeGenerator::emitBranch):
994         * dfg/DFGJITCodeGenerator.h:
995         (JSC::DFG::JITCodeGenerator::use):
996         (JSC::DFG::JITCodeGenerator::integerResult):
997         (JSC::DFG::JITCodeGenerator::jsValueResult):
998         (JSC::DFG::IntegerOperand::use):
999         (JSC::DFG::DoubleOperand::use):
1000         (JSC::DFG::JSValueOperand::use):
1001         * dfg/DFGNonSpeculativeJIT.cpp:
1002         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1003         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
1004         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1005         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1006         (JSC::DFG::NonSpeculativeJIT::compile):
1007         * dfg/DFGSpeculativeJIT.cpp:
1008         (JSC::DFG::SpeculativeJIT::compile):
1009         * dfg/DFGSpeculativeJIT.h:
1010         (JSC::DFG::SpeculateStrictInt32Operand::use):
1011         (JSC::DFG::SpeculateCellOperand::use):
1012
1013 2011-07-19  Xan Lopez  <xlopez@igalia.com>
1014
1015         ARMv7 backend broken, lacks 3 parameter rshift32 method
1016         https://bugs.webkit.org/show_bug.cgi?id=64571
1017
1018         Reviewed by Zoltan Herczeg.
1019
1020         * assembler/MacroAssemblerARMv7.h:
1021         (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
1022
1023 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1024
1025         DFG JIT does not optimize strict equality as effectively as the old JIT does.
1026         https://bugs.webkit.org/show_bug.cgi?id=64759
1027
1028         Reviewed by Gavin Barraclough.
1029         
1030         This adds a more complete set of strict equality optimizations.  If either
1031         operand is known numeric, then the code reverts to the old style of optimizing
1032         (first try integer comparison).  Otherwise it uses the old JIT's trick of
1033         first simultaneously checking if both operands are either numbers or cells;
1034         if not then a fast path is taken.
1035
1036         * dfg/DFGJITCodeGenerator.cpp:
1037         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
1038         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
1039         (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
1040         * dfg/DFGJITCodeGenerator.h:
1041         * dfg/DFGNonSpeculativeJIT.cpp:
1042         (JSC::DFG::NonSpeculativeJIT::compile):
1043         * dfg/DFGOperations.cpp:
1044         * dfg/DFGOperations.h:
1045         * dfg/DFGSpeculativeJIT.cpp:
1046         (JSC::DFG::SpeculativeJIT::compile):
1047
1048 2011-07-18  Gavin Barraclough  <barraclough@apple.com>
1049
1050         https://bugs.webkit.org/show_bug.cgi?id=64760
1051         DFG JIT - Should be able to compile program code.
1052
1053         Reviewed by Geoff Garen.
1054
1055         Add support for op_end, hooks to compile program code in Executable.cpp.
1056
1057         * dfg/DFGByteCodeParser.cpp:
1058         (JSC::DFG::ByteCodeParser::parseBlock):
1059             - Add support for op_end
1060         * dfg/DFGJITCompiler.cpp:
1061         (JSC::DFG::JITCompiler::compileEntry):
1062         (JSC::DFG::JITCompiler::compileBody):
1063         (JSC::DFG::JITCompiler::link):
1064             - Added, separate out steps of compileFunction.
1065         (JSC::DFG::JITCompiler::compile):
1066             - Added, compile program code.
1067         (JSC::DFG::JITCompiler::compileFunction):
1068             - Sections separated out to helper functions.
1069         * dfg/DFGJITCompiler.h:
1070         (JSC::DFG::JITCompiler::JITCompiler):
1071             - Added m_exceptionCheckCount.
1072         * runtime/Executable.cpp:
1073         (JSC::tryDFGCompile):
1074         (JSC::tryDFGCompileFunction):
1075         (JSC::ProgramExecutable::compileInternal):
1076         (JSC::FunctionExecutable::compileForCallInternal):
1077             - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
1078
1079 2011-07-18  Gavin Barraclough  <barraclough@apple.com>
1080
1081         https://bugs.webkit.org/show_bug.cgi?id=64678
1082         Fix bugs in Object.prototype this handling.
1083
1084         Reviewed by Oliver Hunt.
1085
1086         undefined/null this values should throw TypeErrors, not convert to the global object,
1087         also, to toLocaleString should be calling the ToObject & invoking the object's toString
1088         function, even for values that are already strings.
1089
1090         * runtime/ObjectPrototype.cpp:
1091         (JSC::objectProtoFuncValueOf):
1092         (JSC::objectProtoFuncHasOwnProperty):
1093         (JSC::objectProtoFuncIsPrototypeOf):
1094         (JSC::objectProtoFuncPropertyIsEnumerable):
1095         (JSC::objectProtoFuncToLocaleString):
1096         (JSC::objectProtoFuncToString):
1097
1098 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1099
1100         JSC GC lazy sweep does not inline the common cases of cell destruction.
1101         https://bugs.webkit.org/show_bug.cgi?id=64745
1102
1103         Reviewed by Oliver Hunt.
1104         
1105         This inlines the case of JSFinalObject destruction.
1106
1107         * heap/MarkedBlock.cpp:
1108         (JSC::MarkedBlock::lazySweep):
1109
1110 2011-07-18  Oliver Hunt  <oliver@apple.com>
1111
1112         Interpreter build-fix
1113
1114         * interpreter/Interpreter.cpp:
1115         (JSC::Interpreter::privateExecute):
1116
1117 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1118
1119         DFG JIT does not optimize equal-null comparisons and branches.
1120         https://bugs.webkit.org/show_bug.cgi?id=64659
1121
1122         Reviewed by Gavin Barraclough.
1123         
1124         Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
1125         which is used by both the speculative and non-speculative JIT.  Through
1126         the use of the new isNullConstant helper, the two JITs invoke the
1127         nonSpecualtiveCompareNull() helper instead of their regular comparison
1128         helpers when compiling CompareEq.  Through the use of the new isKnownCell
1129         helper, the compare-null code will skip the is-a-cell check if the
1130         speculative JIT had been speculating cell.
1131
1132         * dfg/DFGJITCodeGenerator.cpp:
1133         (JSC::DFG::JITCodeGenerator::isKnownCell):
1134         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
1135         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
1136         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
1137         * dfg/DFGJITCodeGenerator.h:
1138         (JSC::DFG::JITCodeGenerator::isNullConstant):
1139         * dfg/DFGNonSpeculativeJIT.cpp:
1140         (JSC::DFG::NonSpeculativeJIT::compile):
1141         * dfg/DFGOperations.cpp:
1142         * dfg/DFGSpeculativeJIT.cpp:
1143         (JSC::DFG::SpeculativeJIT::compile):
1144
1145 2011-07-18  James Robinson  <jamesr@chromium.org>
1146
1147         Timer scheduling should be based off the monotonic clock
1148         https://bugs.webkit.org/show_bug.cgi?id=64544
1149
1150         Reviewed by Darin Adler.
1151
1152         Switches ThreadCondition::timedWait and related utility functions from currentTime() to
1153         monotonicallyIncreasingTime().
1154
1155         Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
1156
1157         * JavaScriptCore.exp:
1158         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1159         * wtf/ThreadingPthreads.cpp:
1160         (WTF::ThreadCondition::timedWait):
1161         * wtf/ThreadingWin.cpp:
1162         (WTF::absoluteTimeToWaitTimeoutInterval):
1163         * wtf/gtk/ThreadingGtk.cpp:
1164         (WTF::ThreadCondition::timedWait):
1165         * wtf/qt/ThreadingQt.cpp:
1166         (WTF::ThreadCondition::timedWait):
1167
1168 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1169
1170         JSC JIT does not inline GC allocation fast paths
1171         https://bugs.webkit.org/show_bug.cgi?id=64582
1172
1173         Reviewed by Oliver Hunt.
1174
1175         This addresses inlining allocation for the easiest-to-allocate cases:
1176         op_new_object and op_create_this.  Inlining GC allocation fast paths
1177         required three changes.  First, the JSGlobalData now saves the vtable
1178         pointer of JSFinalObject, since that's what op_new_object and
1179         op_create_this allocate.  Second, the Heap exposes a reference to
1180         the appropriate SizeClass, so that the JIT may inline accesses
1181         directly to the SizeClass for JSFinalObject allocations.  And third,
1182         the JIT is extended with code to emit inline fast paths for GC
1183         allocation.  A stub call is emitted in the case where the inline fast
1184         path fails.
1185
1186         * heap/Heap.h:
1187         (JSC::Heap::sizeClassFor):
1188         (JSC::Heap::allocate):
1189         * jit/JIT.cpp:
1190         (JSC::JIT::privateCompileSlowCases):
1191         * jit/JIT.h:
1192         * jit/JITInlineMethods.h:
1193         (JSC::JIT::emitAllocateJSFinalObject):
1194         * jit/JITOpcodes.cpp:
1195         (JSC::JIT::emit_op_new_object):
1196         (JSC::JIT::emitSlow_op_new_object):
1197         (JSC::JIT::emit_op_create_this):
1198         (JSC::JIT::emitSlow_op_create_this):
1199         * jit/JITOpcodes32_64.cpp:
1200         (JSC::JIT::emit_op_new_object):
1201         (JSC::JIT::emitSlow_op_new_object):
1202         (JSC::JIT::emit_op_create_this):
1203         (JSC::JIT::emitSlow_op_create_this):
1204         * runtime/JSGlobalData.cpp:
1205         (JSC::JSGlobalData::storeVPtrs):
1206         * runtime/JSGlobalData.h:
1207         * runtime/JSObject.h:
1208         (JSC::JSFinalObject::JSFinalObject):
1209         (JSC::JSObject::offsetOfInheritorID):
1210
1211 2011-07-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1212
1213         Refactor JSC to replace JSCell::operator new with static create method
1214         https://bugs.webkit.org/show_bug.cgi?id=64466
1215
1216         Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
1217
1218         First step in a longer refactoring process to remove the use of
1219         operator new overloading in order to allocate GC objects and to replace
1220         this method with static create methods for each individual type of heap-allocated
1221         JS object.  This particular patch only deals with replacing uses of
1222         operator new within JSC proper.  Future patches will remove it from the
1223         parts that interface with the DOM.  Due to the DOM's continued dependence
1224         on it, operator new has not actually been removed from JSCell.
1225
1226         * API/JSCallbackConstructor.h:
1227         (JSC::JSCallbackConstructor::create):
1228         * API/JSCallbackFunction.h:
1229         (JSC::JSCallbackFunction::create):
1230         * API/JSCallbackObject.h:
1231         (JSC::JSCallbackObject::operator new):
1232         (JSC::JSCallbackObject::create):
1233         * API/JSCallbackObjectFunctions.h:
1234         (JSC::::staticFunctionGetter):
1235         * API/JSClassRef.cpp:
1236         (OpaqueJSClass::prototype):
1237         * API/JSContextRef.cpp:
1238         * API/JSObjectRef.cpp:
1239         (JSObjectMake):
1240         (JSObjectMakeFunctionWithCallback):
1241         (JSObjectMakeConstructor):
1242         * JavaScriptCore.exp:
1243         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1244         * bytecode/CodeBlock.cpp:
1245         (JSC::CodeBlock::createActivation):
1246         * bytecompiler/BytecodeGenerator.cpp:
1247         (JSC::BytecodeGenerator::BytecodeGenerator):
1248         * bytecompiler/BytecodeGenerator.h:
1249         (JSC::BytecodeGenerator::makeFunction):
1250         * bytecompiler/NodesCodegen.cpp:
1251         (JSC::RegExpNode::emitBytecode):
1252         * interpreter/Interpreter.cpp:
1253         (JSC::Interpreter::privateExecute):
1254         (JSC::Interpreter::retrieveArguments):
1255         * jit/JITStubs.cpp:
1256         (JSC::DEFINE_STUB_FUNCTION):
1257         * jsc.cpp:
1258         (GlobalObject::create):
1259         (GlobalObject::GlobalObject):
1260         (functionRun):
1261         (jscmain):
1262         * runtime/Arguments.h:
1263         (JSC::Arguments::create):
1264         (JSC::Arguments::createNoParameters):
1265         * runtime/ArrayConstructor.cpp:
1266         (JSC::constructArrayWithSizeQuirk):
1267         * runtime/ArrayConstructor.h:
1268         (JSC::ArrayConstructor::create):
1269         * runtime/ArrayPrototype.cpp:
1270         (JSC::arrayProtoFuncSplice):
1271         * runtime/ArrayPrototype.h:
1272         (JSC::ArrayPrototype::create):
1273         * runtime/BooleanConstructor.cpp:
1274         (JSC::constructBoolean):
1275         (JSC::constructBooleanFromImmediateBoolean):
1276         * runtime/BooleanConstructor.h:
1277         (JSC::BooleanConstructor::create):
1278         * runtime/BooleanObject.h:
1279         (JSC::BooleanObject::create):
1280         * runtime/BooleanPrototype.h:
1281         (JSC::BooleanPrototype::create):
1282         * runtime/DateConstructor.cpp:
1283         (JSC::constructDate):
1284         * runtime/DateConstructor.h:
1285         (JSC::DateConstructor::create):
1286         * runtime/DateInstance.h:
1287         (JSC::DateInstance::create):
1288         * runtime/DatePrototype.h:
1289         (JSC::DatePrototype::create):
1290         * runtime/Error.cpp:
1291         (JSC::createError):
1292         (JSC::createEvalError):
1293         (JSC::createRangeError):
1294         (JSC::createReferenceError):
1295         (JSC::createSyntaxError):
1296         (JSC::createTypeError):
1297         (JSC::createURIError):
1298         (JSC::StrictModeTypeErrorFunction::create):
1299         (JSC::createTypeErrorFunction):
1300         * runtime/ErrorConstructor.h:
1301         (JSC::ErrorConstructor::create):
1302         * runtime/ErrorInstance.cpp:
1303         (JSC::ErrorInstance::ErrorInstance):
1304         (JSC::ErrorInstance::create):
1305         * runtime/ErrorInstance.h:
1306         * runtime/ErrorPrototype.cpp:
1307         (JSC::ErrorPrototype::ErrorPrototype):
1308         * runtime/ErrorPrototype.h:
1309         (JSC::ErrorPrototype::create):
1310         * runtime/ExceptionHelpers.cpp:
1311         (JSC::InterruptedExecutionError::InterruptedExecutionError):
1312         (JSC::InterruptedExecutionError::create):
1313         (JSC::createInterruptedExecutionException):
1314         (JSC::TerminatedExecutionError::TerminatedExecutionError):
1315         (JSC::TerminatedExecutionError::create):
1316         (JSC::createTerminatedExecutionException):
1317         * runtime/Executable.cpp:
1318         (JSC::FunctionExecutable::FunctionExecutable):
1319         (JSC::FunctionExecutable::fromGlobalCode):
1320         * runtime/Executable.h:
1321         (JSC::ExecutableBase::create):
1322         (JSC::NativeExecutable::create):
1323         (JSC::ScriptExecutable::ScriptExecutable):
1324         (JSC::EvalExecutable::create):
1325         (JSC::ProgramExecutable::create):
1326         (JSC::FunctionExecutable::create):
1327         (JSC::FunctionExecutable::make):
1328         * runtime/FunctionConstructor.cpp:
1329         (JSC::constructFunctionSkippingEvalEnabledCheck):
1330         * runtime/FunctionConstructor.h:
1331         (JSC::FunctionConstructor::create):
1332         * runtime/FunctionPrototype.cpp:
1333         (JSC::FunctionPrototype::addFunctionProperties):
1334         * runtime/FunctionPrototype.h:
1335         (JSC::FunctionPrototype::create):
1336         * runtime/GetterSetter.h:
1337         (JSC::GetterSetter::create):
1338         * runtime/JSAPIValueWrapper.h:
1339         (JSC::JSAPIValueWrapper::create):
1340         (JSC::jsAPIValueWrapper):
1341         * runtime/JSActivation.cpp:
1342         (JSC::JSActivation::argumentsGetter):
1343         * runtime/JSActivation.h:
1344         (JSC::JSActivation::create):
1345         * runtime/JSArray.h:
1346         (JSC::JSArray::create):
1347         * runtime/JSCell.h:
1348         (JSC::JSCell::allocateCell):
1349         * runtime/JSFunction.h:
1350         (JSC::JSFunction::create):
1351         * runtime/JSGlobalObject.cpp:
1352         (JSC::JSGlobalObject::init):
1353         (JSC::JSGlobalObject::reset):
1354         * runtime/JSGlobalObject.h:
1355         (JSC::constructEmptyArray):
1356         (JSC::constructArray):
1357         * runtime/JSNotAnObject.h:
1358         (JSC::JSNotAnObject::create):
1359         * runtime/JSONObject.h:
1360         (JSC::JSONObject::create):
1361         * runtime/JSObject.cpp:
1362         (JSC::JSObject::defineGetter):
1363         (JSC::JSObject::defineSetter):
1364         (JSC::putDescriptor):
1365         * runtime/JSObject.h:
1366         (JSC::JSFinalObject::create):
1367         * runtime/JSPropertyNameIterator.cpp:
1368         (JSC::JSPropertyNameIterator::create):
1369         * runtime/JSPropertyNameIterator.h:
1370         (JSC::JSPropertyNameIterator::create):
1371         * runtime/JSString.cpp:
1372         (JSC::JSString::substringFromRope):
1373         (JSC::JSString::replaceCharacter):
1374         (JSC::StringObject::create):
1375         * runtime/JSString.h:
1376         (JSC::RopeBuilder::JSString):
1377         (JSC::RopeBuilder::create):
1378         (JSC::RopeBuilder::createHasOtherOwner):
1379         (JSC::jsSingleCharacterString):
1380         (JSC::jsSingleCharacterSubstring):
1381         (JSC::jsNontrivialString):
1382         (JSC::jsString):
1383         (JSC::jsSubstring):
1384         (JSC::jsOwnedString):
1385         * runtime/JSValue.cpp:
1386         (JSC::JSValue::toObjectSlowCase):
1387         (JSC::JSValue::synthesizeObject):
1388         (JSC::JSValue::synthesizePrototype):
1389         * runtime/Lookup.cpp:
1390         (JSC::setUpStaticFunctionSlot):
1391         * runtime/MathObject.h:
1392         (JSC::MathObject::create):
1393         * runtime/NativeErrorConstructor.cpp:
1394         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1395         * runtime/NativeErrorConstructor.h:
1396         (JSC::NativeErrorConstructor::create):
1397         * runtime/NativeErrorPrototype.h:
1398         (JSC::NativeErrorPrototype::create):
1399         * runtime/NumberConstructor.cpp:
1400         (JSC::constructWithNumberConstructor):
1401         * runtime/NumberConstructor.h:
1402         (JSC::NumberConstructor::create):
1403         * runtime/NumberObject.cpp:
1404         (JSC::constructNumber):
1405         * runtime/NumberObject.h:
1406         (JSC::NumberObject::create):
1407         * runtime/NumberPrototype.h:
1408         (JSC::NumberPrototype::create):
1409         * runtime/ObjectConstructor.h:
1410         (JSC::ObjectConstructor::create):
1411         * runtime/ObjectPrototype.h:
1412         (JSC::ObjectPrototype::create):
1413         * runtime/Operations.h:
1414         (JSC::jsString):
1415         * runtime/RegExp.cpp:
1416         (JSC::RegExp::RegExp):
1417         (JSC::RegExp::createWithoutCaching):
1418         (JSC::RegExp::create):
1419         * runtime/RegExp.h:
1420         * runtime/RegExpCache.cpp:
1421         (JSC::RegExpCache::lookupOrCreate):
1422         * runtime/RegExpConstructor.cpp:
1423         (JSC::RegExpConstructor::arrayOfMatches):
1424         (JSC::constructRegExp):
1425         * runtime/RegExpConstructor.h:
1426         (JSC::RegExpConstructor::create):
1427         * runtime/RegExpMatchesArray.h:
1428         (JSC::RegExpMatchesArray::create):
1429         * runtime/RegExpObject.h:
1430         (JSC::RegExpObject::create):
1431         * runtime/RegExpPrototype.cpp:
1432         (JSC::regExpProtoFuncCompile):
1433         * runtime/RegExpPrototype.h:
1434         (JSC::RegExpPrototype::create):
1435         * runtime/ScopeChain.h:
1436         (JSC::ScopeChainNode::create):
1437         (JSC::ScopeChainNode::push):
1438         * runtime/SmallStrings.cpp:
1439         (JSC::SmallStrings::createEmptyString):
1440         (JSC::SmallStrings::createSingleCharacterString):
1441         * runtime/StringConstructor.cpp:
1442         (JSC::constructWithStringConstructor):
1443         * runtime/StringConstructor.h:
1444         (JSC::StringConstructor::create):
1445         * runtime/StringObject.h:
1446         (JSC::StringObject::create):
1447         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1448         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1449         * runtime/StringPrototype.cpp:
1450         (JSC::stringProtoFuncMatch):
1451         (JSC::stringProtoFuncSearch):
1452         * runtime/StringPrototype.h:
1453         (JSC::StringPrototype::create):
1454         * runtime/Structure.h:
1455         (JSC::Structure::create):
1456         (JSC::Structure::createStructure):
1457         * runtime/StructureChain.h:
1458         (JSC::StructureChain::create):
1459
1460 2011-07-17  Ryuan Choi  <ryuan.choi@samsung.com>
1461
1462         [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
1463         https://bugs.webkit.org/show_bug.cgi?id=64337
1464
1465         Replace ecore_timer_add to Ecore_Pipe.
1466         This is needed because ecore_timer should not be called in a child thread,
1467         but in the main thread.
1468
1469         Reviewed by Antonio Gomes.
1470
1471         * wtf/efl/MainThreadEfl.cpp:
1472         (WTF::pipeObject):
1473         (WTF::monitorDispatchFunctions):
1474         (WTF::initializeMainThreadPlatform):
1475         (WTF::scheduleDispatchFunctionsOnMainThread):
1476
1477 2011-07-17  Filip Pizlo  <fpizlo@apple.com>
1478
1479         DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
1480         https://bugs.webkit.org/show_bug.cgi?id=64637
1481
1482         Reviewed by Gavin Barraclough.
1483
1484         * dfg/DFGOperations.cpp:
1485
1486 2011-07-16  Gavin Barraclough  <barraclough@apple.com>
1487
1488         https://bugs.webkit.org/show_bug.cgi?id=64657
1489         Converted this value not preserved when accessed via direct eval.
1490
1491         Reviewed by Oliver Hunt.
1492
1493         Upon entry into a non-strict function, primitive this values should be boxed as Object types
1494         (or substituted with the global object) - which is done by op_convert_this. However we only
1495         do so where this is used lexically within the function (we omit the conversion op if not).
1496         The problem comes if a direct eval (running within the function's scope) accesses the this
1497         value.
1498
1499         We are safe in the case of a single eval, since the this object will be converted within
1500         callEval, however the converted value is not preserved, and a new wrapper object is allocated
1501         each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
1502         object will be lost between eval statements.
1503
1504         * bytecompiler/BytecodeGenerator.cpp:
1505         (JSC::BytecodeGenerator::BytecodeGenerator):
1506             - If a function uses eval, we always need to convert this.
1507         * interpreter/Interpreter.cpp:
1508         (JSC::Interpreter::execute):
1509             - Don't convert primitive values here - this is too late!
1510         (JSC::Interpreter::privateExecute):
1511             - Changed op_convert_this to call new isPrimitive method.
1512         * jit/JITStubs.cpp:
1513         (JSC::DEFINE_STUB_FUNCTION):
1514             - Changed op_convert_this to call new isPrimitive method.
1515         * runtime/JSCell.h:
1516         (JSC::JSCell::JSValue::isPrimitive):
1517             - Added JSValue::isPrimitive.
1518         * runtime/JSValue.h:
1519             - Added JSValue::isPrimitive.
1520
1521 2011-07-16  Filip Pizlo  <fpizlo@apple.com>
1522
1523         DFG JIT compare/branch code emits is-integer tests even when a value is
1524         definitely not an integer.
1525         https://bugs.webkit.org/show_bug.cgi?id=64654
1526
1527         Reviewed by Gavin Barraclough.
1528         
1529         Added the isKnownNotInteger() method, which returns true if a node is
1530         definitely not an integer and will always fail any is-integer test.  Then
1531         modified the compare and branch code to use this method; if it returns
1532         true then is-int tests are omitted and the compiler always emits a slow
1533         call.
1534
1535         * dfg/DFGJITCodeGenerator.cpp:
1536         (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
1537         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
1538         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
1539         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
1540         * dfg/DFGJITCodeGenerator.h:
1541         * dfg/DFGSpeculativeJIT.cpp:
1542         (JSC::DFG::SpeculativeJIT::compare):
1543
1544 2011-07-16  Filip Pizlo  <fpizlo@apple.com>
1545
1546         DFG speculative JIT has dead code for slow calls for branches.
1547         https://bugs.webkit.org/show_bug.cgi?id=64653
1548
1549         Reviewed by Gavin Barraclough.
1550         
1551         Removed SpeculativeJIT::compilePeepHoleCall.
1552
1553         * dfg/DFGSpeculativeJIT.cpp:
1554         * dfg/DFGSpeculativeJIT.h:
1555
1556 2011-07-15  Mark Rowe  <mrowe@apple.com>
1557
1558         Fix the build.
1559
1560         * dfg/DFGGraph.h:
1561
1562 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
1563
1564         NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
1565         https://bugs.webkit.org/show_bug.cgi?id=55346
1566
1567         Reviewed by Sam Weinig.
1568
1569         * runtime/ErrorPrototype.cpp:
1570         (JSC::ErrorPrototype::ErrorPrototype):
1571             - Switch to putDirect since we're not the only ones tranitioning this Structure now.
1572         * runtime/NativeErrorPrototype.cpp:
1573         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1574         * runtime/NativeErrorPrototype.h:
1575             - Switch base class to ErrorPrototype.
1576
1577 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
1578
1579         DFG JIT - Where arguments passed are integers, speculate this.
1580         https://bugs.webkit.org/show_bug.cgi?id=64630
1581
1582         Reviewed by Sam Weinig.
1583
1584         Presently the DFG JIT is overly aggressively predicting double.
1585         Use a bit of dynamic information, and curtail this a little.
1586
1587         * dfg/DFGGraph.cpp:
1588         (JSC::DFG::Graph::predictArgumentTypes):
1589             - Check for integer arguments.
1590         * dfg/DFGGraph.h:
1591             - Function declaration.
1592         * runtime/Executable.cpp:
1593         (JSC::tryDFGCompile):
1594         (JSC::FunctionExecutable::compileForCallInternal):
1595             - Add call to predictArgumentTypes.
1596
1597 2011-07-15  Filip Pizlo  <fpizlo@apple.com>
1598
1599         DFG JIT is inconsistent about fusing branches and speculating
1600         integer comparisons for branches.
1601         https://bugs.webkit.org/show_bug.cgi?id=64573
1602
1603         Reviewed by Gavin Barraclough.
1604         
1605         This patch moves some of NonSpeculativeJIT's functionality up into the
1606         JITCodeGenerator superclass so that it can be used from both JITs.  Now,
1607         in cases where the speculative JIT doesn't want to speculate but still
1608         wants to emit good code, it can reliably emit the same code sequence as
1609         the non-speculative JIT.  This patch also extends the non-speculative
1610         JIT's compare optimizations to include compare/branch fusing, and
1611         extends the speculative JIT's compare optimizations to cover StrictEqual.
1612
1613         * dfg/DFGJITCodeGenerator.cpp:
1614         (JSC::DFG::JITCodeGenerator::isKnownInteger):
1615         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
1616         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
1617         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
1618         * dfg/DFGJITCodeGenerator.h:
1619         (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
1620         * dfg/DFGNonSpeculativeJIT.cpp:
1621         (JSC::DFG::NonSpeculativeJIT::compile):
1622         * dfg/DFGNonSpeculativeJIT.h:
1623         * dfg/DFGOperations.cpp:
1624         * dfg/DFGSpeculativeJIT.cpp:
1625         (JSC::DFG::SpeculativeJIT::compare):
1626         (JSC::DFG::SpeculativeJIT::compile):
1627         * dfg/DFGSpeculativeJIT.h:
1628         * wtf/Platform.h:
1629
1630 2011-07-14  Gavin Barraclough  <barraclough@apple.com>
1631
1632         https://bugs.webkit.org/show_bug.cgi?id=64250
1633         Global strict mode function leaking global object as "this".
1634
1635         Reviewed by Oliver Hunt.
1636
1637         The root problem here is that we pass the wrong values into
1638         calls, and then try to fix them up in the callee. Correct
1639         behaviour per the spec is to pass in the value undefined,
1640         as this unless either (1) the function call is based on an
1641         explicit property access or (2) the base of the call comes
1642         directly from a 'with'.
1643
1644         This change does away with the need for this conversion of
1645         objects (non strict code should only box primitives), and
1646         does away with all this conversion for strict functions.
1647
1648         This patch may have web compatibility ramifications, and may
1649         require some advocacy.
1650
1651         * bytecode/CodeBlock.cpp:
1652         (JSC::CodeBlock::dump):
1653             - Removed op_convert_this_strict, added op_resolve_with_this.
1654         * bytecode/Opcode.h:
1655             - Removed op_convert_this_strict, added op_resolve_with_this.
1656         * bytecompiler/BytecodeGenerator.cpp:
1657         (JSC::BytecodeGenerator::BytecodeGenerator):
1658         (JSC::BytecodeGenerator::emitResolveWithThis):
1659             - Removed op_convert_this_strict, added op_resolve_with_this.
1660         * bytecompiler/BytecodeGenerator.h:
1661             - Removed op_convert_this_strict, added op_resolve_with_this.
1662         * bytecompiler/NodesCodegen.cpp:
1663         (JSC::EvalFunctionCallNode::emitBytecode):
1664         (JSC::FunctionCallResolveNode::emitBytecode):
1665             - Removed op_convert_this_strict, added op_resolve_with_this.
1666         * dfg/DFGSpeculativeJIT.cpp:
1667         (JSC::DFG::SpeculativeJIT::compile):
1668             - Change NeedsThisConversion check to test for JSString's vptr
1669               (objects no longer need conversion).
1670         * interpreter/Interpreter.cpp:
1671         (JSC::Interpreter::resolveThisAndProperty):
1672             - Based on resolveBaseAndProperty, but produce correct this value.
1673         (JSC::Interpreter::privateExecute):
1674             - Removed op_convert_this_strict, added op_resolve_with_this.
1675         * interpreter/Interpreter.h:
1676         * jit/JIT.cpp:
1677         (JSC::JIT::privateCompileMainPass):
1678         (JSC::JIT::privateCompileSlowCases):
1679             - Removed op_convert_this_strict, added op_resolve_with_this.
1680         * jit/JIT.h:
1681         * jit/JITOpcodes.cpp:
1682         (JSC::JIT::emit_op_resolve_with_this):
1683             - Removed op_convert_this_strict, added op_resolve_with_this.
1684         (JSC::JIT::emit_op_convert_this):
1685         (JSC::JIT::emitSlow_op_convert_this):
1686             - Change NeedsThisConversion check to test for JSString's vptr
1687               (objects no longer need conversion).
1688         * jit/JITOpcodes32_64.cpp:
1689         (JSC::JIT::emit_op_resolve_with_this):
1690             - Removed op_convert_this_strict, added op_resolve_with_this.
1691         (JSC::JIT::emit_op_convert_this):
1692         (JSC::JIT::emitSlow_op_convert_this):
1693             - Change NeedsThisConversion check to test for JSString's vptr
1694               (objects no longer need conversion).
1695         * jit/JITStubs.cpp:
1696         (JSC::DEFINE_STUB_FUNCTION):
1697             - Removed op_convert_this_strict, added op_resolve_with_this.
1698         * jit/JITStubs.h:
1699             - Removed op_convert_this_strict, added op_resolve_with_this.
1700         * runtime/JSActivation.h:
1701             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
1702         * runtime/JSStaticScopeObject.h:
1703             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
1704         * runtime/JSString.h:
1705         (JSC::RopeBuilder::createStructure):
1706             - removed NeedsThisConversion.
1707         * runtime/JSTypeInfo.h:
1708         (JSC::TypeInfo::isEnvironmentRecord):
1709         (JSC::TypeInfo::overridesHasInstance):
1710             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
1711         * runtime/JSValue.h:
1712             - removed NeedsThisConversion.
1713         * runtime/JSVariableObject.h:
1714             - Corrected StructureFlags inheritance.
1715         * runtime/StrictEvalActivation.h:
1716         (JSC::StrictEvalActivation::createStructure):
1717             - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
1718         * runtime/Structure.h:
1719             - removed NeedsThisConversion.
1720         * tests/mozilla/ecma/String/15.5.4.6-2.js:
1721         (getTestCases):
1722             - Removed invalid test case.
1723
1724 2011-07-15  Sheriff Bot  <webkit.review.bot@gmail.com>
1725
1726         Unreviewed, rolling out r91082, r91087, and r91089.
1727         http://trac.webkit.org/changeset/91082
1728         http://trac.webkit.org/changeset/91087
1729         http://trac.webkit.org/changeset/91089
1730         https://bugs.webkit.org/show_bug.cgi?id=64616
1731
1732         gtk tests are failing a lot after this change. (Requested by
1733         dave_levin on #webkit).
1734
1735         * wtf/ThreadIdentifierDataPthreads.cpp:
1736         (WTF::ThreadIdentifierData::identifier):
1737         (WTF::ThreadIdentifierData::initialize):
1738         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
1739         (WTF::ThreadIdentifierData::initializeKeyOnce):
1740         * wtf/ThreadIdentifierDataPthreads.h:
1741         * wtf/ThreadingPthreads.cpp:
1742         (WTF::initializeThreading):
1743
1744 2011-07-15  David Levin  <levin@chromium.org>
1745
1746         Another attempted build fix.
1747
1748         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
1749         up the definition of PTHREAD_KEYS_MAX.
1750
1751 2011-07-15  David Levin  <levin@chromium.org>
1752
1753         Chromium build fix.
1754
1755         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
1756         up the definition of PTHREAD_KEYS_MAX.
1757
1758 2011-07-14  David Levin  <levin@chromium.org>
1759
1760         currentThread is too slow!
1761         https://bugs.webkit.org/show_bug.cgi?id=64577
1762
1763         Reviewed by Darin Adler and Dmitry Titov.
1764
1765         The problem is that currentThread results in a pthread_once call which always takes a lock.
1766         With this change, currentThread is 10% faster than isMainThread in release mode and only
1767         5% slower than isMainThread in debug.
1768
1769         * wtf/ThreadIdentifierDataPthreads.cpp:
1770         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
1771         which is no longer needed because this is called from initializeThreading().
1772         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
1773         intialization of the pthread key should already be done.
1774         (WTF::ThreadIdentifierData::initialize): Ditto.
1775         * wtf/ThreadIdentifierDataPthreads.h:
1776         * wtf/ThreadingPthreads.cpp:
1777         (WTF::initializeThreading): Acquire the pthread key here.
1778
1779 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1780
1781         DFG JIT does not optimize Branch as well as it could.
1782         https://bugs.webkit.org/show_bug.cgi?id=64574
1783
1784         Reviewed by Gavin Barraclough.
1785         
1786         This creates a common code path for emitting unfused branches, which does
1787         no speculation, and only performs a slow call if absolutely necessary.
1788
1789         * dfg/DFGJITCodeGenerator.cpp:
1790         (JSC::DFG::JITCodeGenerator::emitBranch):
1791         * dfg/DFGJITCodeGenerator.h:
1792         * dfg/DFGNonSpeculativeJIT.cpp:
1793         (JSC::DFG::NonSpeculativeJIT::compile):
1794         * dfg/DFGSpeculativeJIT.cpp:
1795         (JSC::DFG::SpeculativeJIT::compile):
1796
1797 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1798
1799         GC allocation fast path has too many operations.
1800         https://bugs.webkit.org/show_bug.cgi?id=64493
1801
1802         Reviewed by Darin Adler.
1803         
1804         Changed the timing of the lazy sweep so that it occurs when we land on
1805         a previously-unsweeped block, rather than whenever we land on an unsweeped
1806         cell.  After the per-block lazy sweep occurs, the block is turned into a
1807         singly linked list of free cells.  The allocation fast path is now just a
1808         load-branch-store to remove a cell from the head of the list.
1809         
1810         Additionally, this changes the way new blocks are allocated.  Previously,
1811         they would be populated with dummy cells.  With this patch, they are
1812         turned into a free list, which means that there will never be destructor
1813         calls for allocations in fresh blocks.
1814         
1815         These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
1816         SunSpider.  There are no observed statistically significant slow-downs
1817         on any individual benchmark.
1818
1819         * JavaScriptCore.exp:
1820         * heap/Heap.cpp:
1821         (JSC::Heap::allocateSlowCase):
1822         (JSC::Heap::collect):
1823         (JSC::Heap::canonicalizeBlocks):
1824         (JSC::Heap::resetAllocator):
1825         * heap/Heap.h:
1826         (JSC::Heap::forEachProtectedCell):
1827         (JSC::Heap::forEachCell):
1828         (JSC::Heap::forEachBlock):
1829         (JSC::Heap::allocate):
1830         * heap/MarkedBlock.cpp:
1831         (JSC::MarkedBlock::MarkedBlock):
1832         (JSC::MarkedBlock::lazySweep):
1833         (JSC::MarkedBlock::blessNewBlockForFastPath):
1834         (JSC::MarkedBlock::blessNewBlockForSlowPath):
1835         (JSC::MarkedBlock::canonicalizeBlock):
1836         * heap/MarkedBlock.h:
1837         * heap/NewSpace.cpp:
1838         (JSC::NewSpace::addBlock):
1839         (JSC::NewSpace::canonicalizeBlocks):
1840         * heap/NewSpace.h:
1841         (JSC::NewSpace::allocate):
1842         (JSC::NewSpace::SizeClass::SizeClass):
1843         (JSC::NewSpace::SizeClass::canonicalizeBlock):
1844         * heap/OldSpace.cpp:
1845         (JSC::OldSpace::addBlock):
1846
1847 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1848
1849         DFG JIT crashes on host constructor calls in debug mode.
1850         https://bugs.webkit.org/show_bug.cgi?id=64562
1851         
1852         Reviewed by Gavin Barraclough.
1853         
1854         Fixed the relevant ASSERT.
1855
1856         * dfg/DFGOperations.cpp:
1857
1858 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1859
1860         DFG speculative JIT contains a FIXME for rewinding speculative code generation that
1861         has already been fixed.
1862         https://bugs.webkit.org/show_bug.cgi?id=64022
1863
1864         Reviewed by Gavin Barraclough.
1865
1866         * dfg/DFGSpeculativeJIT.h:
1867         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1868
1869 2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
1870
1871         [EFL] Add OwnPtr specialization for Ecore_Pipe.
1872         https://bugs.webkit.org/show_bug.cgi?id=64515
1873
1874         Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
1875
1876         Reviewed by Xan Lopez.
1877
1878         * wtf/OwnPtrCommon.h:
1879         * wtf/efl/OwnPtrEfl.cpp:
1880         (WTF::deleteOwnedPtr):
1881
1882 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1883
1884         DFG JIT unnecessarily boxes and unboxes values during silent spilling.
1885         https://bugs.webkit.org/show_bug.cgi?id=64068
1886
1887         Reviewed by Gavin Barraclough.
1888         
1889         Silent spilling and filling of registers is done during slow-path C
1890         function calls.  The silent spill/fill logic does not affect register
1891         allocation on paths that don't involve the C function call.
1892         
1893         This changes the silent spilling code to spill in unboxed form.  The
1894         silent fill will refill in whatever form the register was spilled in.
1895         For example, the silent spill code may choose not to spill the register
1896         because it was already spilled previously, which would imply that it
1897         was spilled in boxed form.  The filling code detects this and either
1898         unboxes, or not, depending on what is appropriate.
1899         
1900         This change also results in a simplification of the silent spill/fill
1901         API: silent spilling no longer needs to know about the set of registers
1902         that cannot be trampled, since it never does boxing and hence does not
1903         need a temporary register.
1904
1905         * dfg/DFGJITCodeGenerator.cpp:
1906         (JSC::DFG::JITCodeGenerator::cachedGetById):
1907         (JSC::DFG::JITCodeGenerator::cachedPutById):
1908         * dfg/DFGJITCodeGenerator.h:
1909         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
1910         (JSC::DFG::JITCodeGenerator::silentSpillFPR):
1911         (JSC::DFG::JITCodeGenerator::silentFillFPR):
1912         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1913         * dfg/DFGNonSpeculativeJIT.cpp:
1914         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1915         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
1916         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1917         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1918         (JSC::DFG::NonSpeculativeJIT::compare):
1919         (JSC::DFG::NonSpeculativeJIT::compile):
1920         * dfg/DFGSpeculativeJIT.cpp:
1921         (JSC::DFG::SpeculativeJIT::compile):
1922
1923 2011-07-13  Michael Saboff  <msaboff@apple.com>
1924
1925         https://bugs.webkit.org/show_bug.cgi?id=64202
1926         Enh: Improve handling of RegExp in the form of /.*blah.*/
1927
1928         Reviewed by Gavin Barraclough.
1929
1930         Added code to both the Yarr interpreter and JIT to handle
1931         these expressions a little differently.  First off, the terms
1932         in between the leading and trailing .*'s cannot capture and
1933         also this enhancement is limited to single alternative expressions.
1934         If an expression is of the right form with the aforementioned
1935         restrictions, we process the inner terms and then look for the
1936         beginning of the string and end of the string.  There is handling 
1937         for multiline expressions to allow the beginning and end to be 
1938         right after and right before newlines.
1939
1940         This enhancement speeds up expressions of this type 12x on
1941         a MacBookPro.
1942
1943         Cleaned up 'case' statement indentation.
1944
1945         A new set of tests was added as LayoutTests/fast/regex/dotstar.html
1946
1947         * yarr/YarrInterpreter.cpp:
1948         (JSC::Yarr::Interpreter::InputStream::end):
1949         (JSC::Yarr::Interpreter::matchDotStarEnclosure):
1950         (JSC::Yarr::Interpreter::matchDisjunction):
1951         (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
1952         (JSC::Yarr::ByteCompiler::emitDisjunction):
1953         * yarr/YarrInterpreter.h:
1954         (JSC::Yarr::ByteTerm::DotStarEnclosure):
1955         * yarr/YarrJIT.cpp:
1956         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
1957         (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
1958         (JSC::Yarr::YarrGenerator::generateTerm):
1959         (JSC::Yarr::YarrGenerator::backtrackTerm):
1960         * yarr/YarrPattern.cpp:
1961         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
1962         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
1963         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1964         (JSC::Yarr::YarrPattern::compile):
1965         * yarr/YarrPattern.h:
1966         (JSC::Yarr::PatternTerm::PatternTerm):
1967
1968 2011-07-13  Xan Lopez  <xlopez@igalia.com>
1969
1970         [GTK] Fix distcheck
1971
1972         Reviewed by Martin Robinson.
1973
1974         * GNUmakefile.list.am: add missing files.
1975
1976 2011-07-13  Filip Pizlo  <fpizlo@apple.com>
1977
1978         DFG JIT does not implement prototype chain or list caching for get_by_id.
1979         https://bugs.webkit.org/show_bug.cgi?id=64147
1980
1981         Reviewed by Gavin Barraclough.
1982         
1983         This implements unified support for prototype caching, prototype chain
1984         caching, and polymorphic (i.e. list) prototype and prototype chain
1985         caching.  This is done by creating common code for emitting prototype
1986         or chain access stubs, and having it factored out into
1987         generateProtoChainAccessStub().  This function is called by
1988         tryCacheGetByID once the latter determines that some form of prototype
1989         access caching is necessary (i.e. the slot being accessed is not on the
1990         base value but on some other object).
1991         
1992         Direct prototype list, and prototype chain list, caching is implemented by
1993         linking the slow path to operationGetByIdProtoBuildList(), which uses the
1994         same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
1995         
1996         This change required ensuring that the value in the scratchGPR field in
1997         StructureStubInfo is preserved even after the stub info is in the
1998         chain, or proto_list, states.  Hence scratchGPR was moved out of the union
1999         and into the top-level of StructureStubInfo.
2000         
2001         * bytecode/StructureStubInfo.h:
2002         * dfg/DFGJITCompiler.cpp:
2003         (JSC::DFG::JITCompiler::compileFunction):
2004         * dfg/DFGOperations.cpp:
2005         * dfg/DFGOperations.h:
2006         * dfg/DFGRepatch.cpp:
2007         (JSC::DFG::emitRestoreScratch):
2008         (JSC::DFG::linkRestoreScratch):
2009         (JSC::DFG::generateProtoChainAccessStub):
2010         (JSC::DFG::tryCacheGetByID):
2011         (JSC::DFG::tryBuildGetByIDProtoList):
2012         (JSC::DFG::dfgBuildGetByIDProtoList):
2013         (JSC::DFG::tryCachePutByID):
2014         * dfg/DFGRepatch.h:
2015
2016 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
2017
2018         Standardize WinCairo conditionalized code under PLATFORM macro.
2019         https://bugs.webkit.org/show_bug.cgi?id=64377
2020
2021         Reviewed by Maciej Stachowiak.
2022
2023         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
2024
2025 2011-07-13  David Levin  <levin@chromium.org>
2026
2027         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
2028         https://bugs.webkit.org/show_bug.cgi?id=64465
2029
2030         Reviewed by Dmitry Titov.
2031
2032         There isn't a good way to test this as it is very highly unlikely to occur.
2033
2034         * wtf/ThreadIdentifierDataPthreads.cpp:
2035         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
2036         isn't thread-safe, change the initialization to be global.
2037
2038 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
2039
2040         https://bugs.webkit.org/show_bug.cgi?id=64424
2041         Our direct eval behaviour deviates slightly from the spec.
2042
2043         Reviewed by Oliver Hunt.
2044
2045         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
2046         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
2047         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
2048         may be introduced into the caller's environment.
2049
2050         ES5 direct calls are any call where the callee function is provided by a reference, a base
2051         of that Reference is an EnvironmentRecord (this corresponds to all productions
2052         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
2053         of the reference is "eval". This means any expression of the form "eval(...)", and that
2054         calls the standard built in eval method from on the Global Object, is considered to be
2055         direct.
2056
2057         In JavaScriptCore we are currently overly restrictive. We also check that the
2058         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
2059         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
2060         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
2061         not emanate from the spec, and is incorrect.
2062
2063         * interpreter/Interpreter.cpp:
2064         (JSC::Interpreter::privateExecute):
2065             - Fixed direct eval check in op_call_eval.
2066         * jit/JITStubs.cpp:
2067         (JSC::DEFINE_STUB_FUNCTION):
2068             - Fixed direct eval check in op_call_eval.
2069         * runtime/Executable.h:
2070         (JSC::isHostFunction):
2071             - Added check for host function with specific NativeFunction.
2072
2073 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
2074
2075         Reviewed by Andreas Kling.
2076
2077         Broken build on QNX
2078         https://bugs.webkit.org/show_bug.cgi?id=63717
2079
2080         QNX doesn't support pthread's SA_RESTART (required by
2081         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
2082         few minor compilation errors here and there.
2083
2084         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
2085         tested by him on QNX v6.5 (x86)
2086
2087         * wtf/DateMath.cpp: fix usage of abs/labs
2088         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
2089         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
2090
2091 2011-07-12  Anders Carlsson  <andersca@apple.com>
2092
2093         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
2094         https://bugs.webkit.org/show_bug.cgi?id=64429
2095
2096         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
2097
2098         * wtf/NullPtr.h:
2099
2100 2011-07-13  MORITA Hajime  <morrita@google.com>
2101
2102         Refactoring: Ignored ExceptionCode value should be less annoying.
2103         https://bugs.webkit.org/show_bug.cgi?id=63688
2104
2105         Added ASSERT_AT macro.
2106
2107         Reviewed by Darin Adler.
2108
2109         * wtf/Assertions.h:
2110
2111 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2112
2113         DFG JIT does not implement op_construct.
2114         https://bugs.webkit.org/show_bug.cgi?id=64066
2115
2116         Reviewed by Gavin Barraclough.
2117         
2118         This is a fixed implementation of op_construct.  Constructor calls are implemented
2119         by reusing almost all of the code for Call, with care taken to make sure that
2120         where the are differences (like selecting different code blocks), those differences
2121         are respected.  The two fixes over the last patch are: (1) make sure the
2122         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
2123         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
2124         (either CodeForCall or CodeForConstruct) when invoking the compiler.
2125
2126         * dfg/DFGAliasTracker.h:
2127         (JSC::DFG::AliasTracker::recordConstruct):
2128         * dfg/DFGByteCodeParser.cpp:
2129         (JSC::DFG::ByteCodeParser::addCall):
2130         (JSC::DFG::ByteCodeParser::parseBlock):
2131         * dfg/DFGJITCodeGenerator.cpp:
2132         (JSC::DFG::JITCodeGenerator::emitCall):
2133         * dfg/DFGNode.h:
2134         * dfg/DFGNonSpeculativeJIT.cpp:
2135         (JSC::DFG::NonSpeculativeJIT::compile):
2136         * dfg/DFGOperations.cpp:
2137         * dfg/DFGOperations.h:
2138         * dfg/DFGRepatch.cpp:
2139         (JSC::DFG::dfgLinkFor):
2140         * dfg/DFGRepatch.h:
2141         * dfg/DFGSpeculativeJIT.cpp:
2142         (JSC::DFG::SpeculativeJIT::compile):
2143         * runtime/CodeBlock.cpp:
2144         (JSC::CodeBlock::unlinkCalls):
2145
2146 2011-07-12  Oliver Hunt  <oliver@apple.com>
2147
2148         Overzealous type validation in method_check
2149         https://bugs.webkit.org/show_bug.cgi?id=64415
2150
2151         Reviewed by Gavin Barraclough.
2152
2153         method_check is essentially just a value look up
2154         optimisation, but it internally stores the value
2155         as a JSFunction, even though it never relies on
2156         this fact.  Under GC validation however we end up
2157         trying to enforce that assumption.  The fix is
2158         simply to store the value as a correct supertype.
2159
2160         * bytecode/CodeBlock.h:
2161         * dfg/DFGRepatch.cpp:
2162         (JSC::DFG::dfgRepatchGetMethodFast):
2163         (JSC::DFG::tryCacheGetMethod):
2164         * jit/JIT.h:
2165         * jit/JITPropertyAccess.cpp:
2166         (JSC::JIT::patchMethodCallProto):
2167         * jit/JITStubs.cpp:
2168         (JSC::DEFINE_STUB_FUNCTION):
2169
2170 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2171
2172         COLLECT_ON_EVERY_ALLOCATION no longer works.
2173         https://bugs.webkit.org/show_bug.cgi?id=64388
2174
2175         Reviewed by Oliver Hunt.
2176         
2177         Added a flag to Heap that determines if it's safe to collect (which for now means that
2178         JSGlobalObject has actually been initialized, but it should work for other things, too).
2179         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
2180         GCing it just grows the heap, if necessary.
2181         
2182         Then changed Heap::allocate() to not recurse ad infinitum when
2183         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
2184         resilient against bugs; this change allowed me to put in handy assertions, such as that
2185         an allocation must succeed after either a collection or after a new block was added.
2186
2187         * heap/Heap.cpp:
2188         (JSC::Heap::Heap):
2189         (JSC::Heap::tryAllocate):
2190         (JSC::Heap::allocate):
2191         (JSC::Heap::collectAllGarbage):
2192         (JSC::Heap::collect):
2193         * heap/Heap.h:
2194         (JSC::Heap::notifyIsSafeToCollect):
2195         * runtime/JSGlobalData.cpp:
2196         (JSC::JSGlobalData::JSGlobalData):
2197
2198 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2199
2200         DFG JIT put_by_id transition caching does not inform the GC about the structure and
2201         prototype chain that it is referencing.
2202         https://bugs.webkit.org/show_bug.cgi?id=64387
2203
2204         Reviewed by Gavin Barraclough.
2205         
2206         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
2207
2208         * dfg/DFGRepatch.cpp:
2209         (JSC::DFG::tryCachePutByID):
2210
2211 2011-07-12  Adam Roben  <aroben@apple.com>
2212
2213         Ensure no intermediate WTF::Strings are created when concatenating with string literals
2214
2215         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
2216         operator+ is suboptimal
2217
2218         Reviewed by Darin Adler.
2219
2220         * wtf/text/StringConcatenate.h:
2221         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
2222         many WTF::Strings get copied while evaluating an operator+ expression.
2223
2224         * wtf/text/StringOperators.h:
2225         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
2226         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
2227         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
2228         multiple calls to operator+. Added some more overloads for that take a left-hand side of
2229         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
2230         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
2231         literals don't first have to be converted to a WTF::String in operator+ expressions.
2232
2233 2011-07-12  Adam Roben  <aroben@apple.com>
2234
2235         Unreviewed, rolling out r90811.
2236         http://trac.webkit.org/changeset/90811
2237         https://bugs.webkit.org/show_bug.cgi?id=61025
2238
2239         Several svg tests failing assertions beneath
2240         SVGSMILElement::findInstanceTime
2241
2242         * wtf/StdLibExtras.h:
2243         (WTF::binarySearch):
2244
2245 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
2246
2247         Reviewed by Nikolas Zimmermann.
2248
2249         Speed up SVGSMILElement::findInstanceTime.
2250         https://bugs.webkit.org/show_bug.cgi?id=61025
2251
2252         Add a new parameter to StdlibExtras.h::binarySerarch function
2253         to also handle cases when the array does not contain the key value.
2254         This is needed for an svg function.
2255
2256         * wtf/StdLibExtras.h:
2257         (WTF::binarySearch):
2258
2259 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
2260
2261         DFG speculative JIT does not guard itself against floating point speculation
2262         failures on non-floating-point constants.
2263         https://bugs.webkit.org/show_bug.cgi?id=64330
2264
2265         Reviewed by Gavin Barraclough.
2266         
2267         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
2268         soon as it notices that it's speculating on something that is a non-numeric
2269         JSConstant.
2270
2271         * dfg/DFGSpeculativeJIT.cpp:
2272         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2273
2274 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
2275
2276         DFG Speculative JIT does not always insert speculation checks when speculating
2277         arrays.
2278         https://bugs.webkit.org/show_bug.cgi?id=64254
2279
2280         Reviewed by Gavin Barraclough.
2281         
2282         Changed the SetLocal instruction to always validate that the value being stored
2283         into the local variable is an array, if that variable was marked PredictArray.
2284         This is necessary since uses of arrays assume that if a PredictArray value is
2285         in a local variable then the speculation check validating that the value is an
2286         array was already performed.
2287
2288         * dfg/DFGSpeculativeJIT.cpp:
2289         (JSC::DFG::SpeculativeJIT::compile):
2290
2291 2011-07-11  Gabor Loki  <loki@webkit.org>
2292
2293         Fix the condition of the optimized code in doubleTransfer
2294         https://bugs.webkit.org/show_bug.cgi?id=64261
2295
2296         Reviewed by Zoltan Herczeg.
2297
2298         The condition of the optimized code in doubleTransfer is wrong. The
2299         data transfer should be executed with four bytes aligned address.
2300         VFP cannot perform unaligned memory access.
2301
2302         Reported by Jacob Bramley.
2303
2304         * assembler/ARMAssembler.cpp:
2305         (JSC::ARMAssembler::doubleTransfer):
2306
2307 2011-07-11  Gabor Loki  <loki@webkit.org>
2308
2309         Signed arithmetic bug in dataTransfer32.
2310         https://bugs.webkit.org/show_bug.cgi?id=64257
2311
2312         Reviewed by Zoltan Herczeg.
2313
2314         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
2315         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
2316         a load instruction is emitted with a wrong zero offset.
2317
2318         Inspired by Jacob Bramley's patch from JaegerMonkey.
2319
2320         * assembler/ARMAssembler.cpp:
2321         (JSC::ARMAssembler::dataTransfer32):
2322
2323 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
2324
2325         Fix unaligned userspace access for SH4 platforms. 
2326         https://bugs.webkit.org/show_bug.cgi?id=62993
2327
2328         * wtf/Platform.h:
2329
2330 2011-07-09  Chao-ying Fu  <fu@mips.com>
2331
2332         Fix MIPS build due to readInt32 and readPointer
2333         https://bugs.webkit.org/show_bug.cgi?id=63962
2334
2335         * assembler/MIPSAssembler.h:
2336         (JSC::MIPSAssembler::readInt32):
2337         (JSC::MIPSAssembler::readPointer):
2338         * assembler/MacroAssemblerMIPS.h:
2339         (JSC::MacroAssemblerMIPS::rshift32):
2340
2341 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
2342
2343         https://bugs.webkit.org/show_bug.cgi?id=64181
2344         REGRESSION (r90602): Gmail doesn't load
2345
2346         Rolling out r90601, r90602.
2347
2348         * dfg/DFGAliasTracker.h:
2349         * dfg/DFGByteCodeParser.cpp:
2350         (JSC::DFG::ByteCodeParser::addVarArgChild):
2351         (JSC::DFG::ByteCodeParser::parseBlock):
2352         * dfg/DFGJITCodeGenerator.cpp:
2353         (JSC::DFG::JITCodeGenerator::emitCall):
2354         * dfg/DFGNode.h:
2355         * dfg/DFGNonSpeculativeJIT.cpp:
2356         (JSC::DFG::NonSpeculativeJIT::compile):
2357         * dfg/DFGOperations.cpp:
2358         * dfg/DFGOperations.h:
2359         * dfg/DFGRepatch.cpp:
2360         (JSC::DFG::tryCacheGetByID):
2361         (JSC::DFG::dfgLinkCall):
2362         * dfg/DFGRepatch.h:
2363         * dfg/DFGSpeculativeJIT.cpp:
2364         (JSC::DFG::SpeculativeJIT::compile):
2365         * runtime/JSObject.h:
2366         (JSC::JSObject::isUsingInlineStorage):
2367
2368 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
2369
2370         Reviewed by Adam Roben.
2371
2372         Add missing _WIN32_WINNT and WINVER definitions
2373         https://bugs.webkit.org/show_bug.cgi?id=59702
2374
2375         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
2376         available for all source files.
2377
2378         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
2379         DeleteTimerQueueTimer which are both guarded by
2380         #if (_WIN32_WINNT >= 0x0500)
2381         in MinGW headers.
2382
2383         * config.h:
2384         * wtf/Assertions.cpp:
2385
2386 2011-07-08  Chang Shu  <cshu@webkit.org>
2387
2388         Rename "makeSecure" to "fill" and remove the support for displaying last character
2389         to avoid layering violatation.
2390         https://bugs.webkit.org/show_bug.cgi?id=59114
2391
2392         Reviewed by Alexey Proskuryakov.
2393
2394         * JavaScriptCore.exp:
2395         * JavaScriptCore.order:
2396         * wtf/text/StringImpl.cpp:
2397         (WTF::StringImpl::fill):
2398         * wtf/text/StringImpl.h:
2399         * wtf/text/WTFString.h:
2400         (WTF::String::fill):
2401
2402 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
2403
2404         [WK2] Do not forward touch events to the web process when it does not need them
2405         https://bugs.webkit.org/show_bug.cgi?id=64164
2406
2407         Reviewed by Kenneth Rohde Christiansen.
2408
2409         Add a convenience function to obtain a reference to the last element of a Deque.
2410
2411         * wtf/Deque.h:
2412         (WTF::Deque::last):
2413
2414 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2415
2416         DFG JIT does not implement op_construct.
2417         https://bugs.webkit.org/show_bug.cgi?id=64066
2418
2419         Reviewed by Gavin Barraclough.
2420
2421         * dfg/DFGAliasTracker.h:
2422         (JSC::DFG::AliasTracker::recordConstruct):
2423         * dfg/DFGByteCodeParser.cpp:
2424         (JSC::DFG::ByteCodeParser::addCall):
2425         (JSC::DFG::ByteCodeParser::parseBlock):
2426         * dfg/DFGJITCodeGenerator.cpp:
2427         (JSC::DFG::JITCodeGenerator::emitCall):
2428         * dfg/DFGNode.h:
2429         * dfg/DFGNonSpeculativeJIT.cpp:
2430         (JSC::DFG::NonSpeculativeJIT::compile):
2431         * dfg/DFGOperations.cpp:
2432         * dfg/DFGOperations.h:
2433         * dfg/DFGRepatch.cpp:
2434         (JSC::DFG::dfgLinkFor):
2435         * dfg/DFGRepatch.h:
2436         * dfg/DFGSpeculativeJIT.cpp:
2437         (JSC::DFG::SpeculativeJIT::compile):
2438
2439 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2440
2441         DFG JIT does not implement get_by_id prototype caching.
2442         https://bugs.webkit.org/show_bug.cgi?id=64077
2443
2444         Reviewed by Gavin Barraclough.
2445
2446         * dfg/DFGRepatch.cpp:
2447         (JSC::DFG::emitRestoreScratch):
2448         (JSC::DFG::linkRestoreScratch):
2449         (JSC::DFG::tryCacheGetByID):
2450         * runtime/JSObject.h:
2451         (JSC::JSObject::addressOfPropertyAtOffset):
2452
2453 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2454
2455         DFG JIT method_check implementation does not link to optimized get_by_id
2456         slow path.
2457         https://bugs.webkit.org/show_bug.cgi?id=64073
2458
2459         Reviewed by Gavin Barraclough.
2460
2461         * dfg/DFGRepatch.cpp:
2462         (JSC::DFG::dfgRepatchGetMethodFast):
2463
2464 2011-07-07  Oliver Hunt  <oliver@apple.com>
2465
2466         Encode jump and link sizes into the appropriate enums
2467         https://bugs.webkit.org/show_bug.cgi?id=64123
2468
2469         Reviewed by Sam Weinig.
2470
2471         Finally kill off the out of line jump and link size arrays, 
2472         so we can avoid icky loads and constant fold the linking arithmetic.
2473
2474         * assembler/ARMv7Assembler.cpp:
2475         * assembler/ARMv7Assembler.h:
2476         (JSC::ARMv7Assembler::jumpSizeDelta):
2477         (JSC::ARMv7Assembler::computeJumpType):
2478
2479 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
2480
2481         ASSERT_NOT_REACHED running test 262
2482         https://bugs.webkit.org/show_bug.cgi?id=63951
2483         
2484         Added a case to the switch statement where the code was failing. Fixed
2485         some logic as well that gave faulty error messages.
2486
2487         Reviewed by Gavin Barraclough.
2488
2489         * parser/JSParser.cpp:
2490         (JSC::JSParser::getTokenName):
2491         (JSC::JSParser::updateErrorMessageSpecialCase):
2492         (JSC::JSParser::updateErrorMessage):
2493
2494 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2495
2496         DFG JIT implementation of op_call results in regressions on sunspider
2497         controlflow-recursive.
2498         https://bugs.webkit.org/show_bug.cgi?id=64039
2499
2500         Reviewed by Gavin Barraclough.
2501
2502         * dfg/DFGByteCodeParser.cpp:
2503         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
2504         (JSC::DFG::ByteCodeParser::parseBlock):
2505         * dfg/DFGSpeculativeJIT.h:
2506         (JSC::DFG::SpeculativeJIT::isInteger):
2507
2508 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2509
2510         DFG JIT does not support method_check
2511         https://bugs.webkit.org/show_bug.cgi?id=63972
2512
2513         Reviewed by Gavin Barraclough.
2514
2515         * assembler/CodeLocation.h:
2516         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
2517         * bytecode/CodeBlock.cpp:
2518         (JSC::CodeBlock::visitAggregate):
2519         * bytecode/CodeBlock.h:
2520         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
2521         (JSC::MethodCallLinkInfo::seenOnce):
2522         (JSC::MethodCallLinkInfo::setSeen):
2523         * dfg/DFGAliasTracker.h:
2524         (JSC::DFG::AliasTracker::recordGetMethod):
2525         * dfg/DFGByteCodeParser.cpp:
2526         (JSC::DFG::ByteCodeParser::parseBlock):
2527         * dfg/DFGJITCodeGenerator.cpp:
2528         (JSC::DFG::JITCodeGenerator::cachedGetById):
2529         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
2530         * dfg/DFGJITCodeGenerator.h:
2531         * dfg/DFGJITCompiler.cpp:
2532         (JSC::DFG::JITCompiler::compileFunction):
2533         * dfg/DFGJITCompiler.h:
2534         (JSC::DFG::JITCompiler::addMethodGet):
2535         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
2536         * dfg/DFGNode.h:
2537         (JSC::DFG::Node::hasIdentifier):
2538         * dfg/DFGNonSpeculativeJIT.cpp:
2539         (JSC::DFG::NonSpeculativeJIT::compile):
2540         * dfg/DFGOperations.cpp:
2541         * dfg/DFGOperations.h:
2542         * dfg/DFGRepatch.cpp:
2543         (JSC::DFG::dfgRepatchGetMethodFast):
2544         (JSC::DFG::tryCacheGetMethod):
2545         (JSC::DFG::dfgRepatchGetMethod):
2546         * dfg/DFGRepatch.h:
2547         * dfg/DFGSpeculativeJIT.cpp:
2548         (JSC::DFG::SpeculativeJIT::compile):
2549         * jit/JITWriteBarrier.h:
2550         (JSC::JITWriteBarrier::set):
2551
2552 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2553
2554         DFG JIT op_call implementation will flush registers even when those registers are dead
2555         https://bugs.webkit.org/show_bug.cgi?id=64023
2556
2557         Reviewed by Gavin Barraclough.
2558
2559         * dfg/DFGJITCodeGenerator.cpp:
2560         (JSC::DFG::JITCodeGenerator::emitCall):
2561         * dfg/DFGJITCodeGenerator.h:
2562         (JSC::DFG::JITCodeGenerator::integerResult):
2563         (JSC::DFG::JITCodeGenerator::noResult):
2564         (JSC::DFG::JITCodeGenerator::cellResult):
2565         (JSC::DFG::JITCodeGenerator::jsValueResult):
2566         (JSC::DFG::JITCodeGenerator::doubleResult):
2567         * dfg/DFGNonSpeculativeJIT.cpp:
2568         (JSC::DFG::NonSpeculativeJIT::compile):
2569         * dfg/DFGSpeculativeJIT.cpp:
2570         (JSC::DFG::SpeculativeJIT::compile):
2571
2572 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2573
2574         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
2575         https://bugs.webkit.org/show_bug.cgi?id=64017
2576
2577         Reviewed by Gavin Barraclough.
2578
2579         * dfg/DFGSpeculativeJIT.cpp:
2580         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2581         (JSC::DFG::SpeculativeJIT::compile):
2582
2583 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
2584
2585         Reviewed by David Levin.
2586
2587         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
2588         https://bugs.webkit.org/show_bug.cgi?id=62443
2589
2590         * wtf/DynamicAnnotations.cpp:
2591         (WTFAnnotateBenignRaceSized):
2592         (WTFAnnotateHappensBefore):
2593         (WTFAnnotateHappensAfter):
2594
2595 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
2596
2597         Calls on 32 bit machines are failed after r90423
2598         https://bugs.webkit.org/show_bug.cgi?id=63980
2599
2600         Reviewed by Gavin Barraclough.
2601
2602         Copy the necessary lines from JITCall.cpp.
2603
2604         * jit/JITCall32_64.cpp:
2605         (JSC::JIT::compileOpCall):
2606
2607 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
2608
2609         DFG JIT virtual call implementation is inefficient.
2610         https://bugs.webkit.org/show_bug.cgi?id=63974
2611
2612         Reviewed by Gavin Barraclough.
2613
2614         * dfg/DFGOperations.cpp:
2615         * runtime/Executable.h:
2616         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
2617         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
2618         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
2619         (JSC::ExecutableBase::hasJITCodeForCall):
2620         (JSC::ExecutableBase::hasJITCodeForConstruct):
2621         (JSC::ExecutableBase::hasJITCodeFor):
2622         * runtime/JSFunction.h:
2623         (JSC::JSFunction::scopeUnchecked):
2624
2625 2011-07-05  Oliver Hunt  <oliver@apple.com>
2626
2627         Force inlining of simple functions that show up as not being inlined
2628         https://bugs.webkit.org/show_bug.cgi?id=63964
2629
2630         Reviewed by Gavin Barraclough.
2631
2632         Looking at profile data indicates the gcc is failing to inline a
2633         number of trivial functions.  This patch hits the ones that show
2634         up in profiles with the ALWAYS_INLINE hammer.
2635
2636         We also replace the memcpy() call in linking with a manual loop.
2637         Apparently memcpy() is almost never faster than an inlined loop.
2638
2639         * assembler/ARMv7Assembler.h:
2640         (JSC::ARMv7Assembler::add):
2641         (JSC::ARMv7Assembler::add_S):
2642         (JSC::ARMv7Assembler::ARM_and):
2643         (JSC::ARMv7Assembler::asr):
2644         (JSC::ARMv7Assembler::b):
2645         (JSC::ARMv7Assembler::blx):
2646         (JSC::ARMv7Assembler::bx):
2647         (JSC::ARMv7Assembler::clz):
2648         (JSC::ARMv7Assembler::cmn):
2649         (JSC::ARMv7Assembler::cmp):
2650         (JSC::ARMv7Assembler::eor):
2651         (JSC::ARMv7Assembler::it):
2652         (JSC::ARMv7Assembler::ldr):
2653         (JSC::ARMv7Assembler::ldrCompact):
2654         (JSC::ARMv7Assembler::ldrh):
2655         (JSC::ARMv7Assembler::ldrb):
2656         (JSC::ARMv7Assembler::lsl):
2657         (JSC::ARMv7Assembler::lsr):
2658         (JSC::ARMv7Assembler::movT3):
2659         (JSC::ARMv7Assembler::mov):
2660         (JSC::ARMv7Assembler::movt):
2661         (JSC::ARMv7Assembler::mvn):
2662         (JSC::ARMv7Assembler::neg):
2663         (JSC::ARMv7Assembler::orr):
2664         (JSC::ARMv7Assembler::orr_S):
2665         (JSC::ARMv7Assembler::ror):
2666         (JSC::ARMv7Assembler::smull):
2667         (JSC::ARMv7Assembler::str):
2668         (JSC::ARMv7Assembler::sub):
2669         (JSC::ARMv7Assembler::sub_S):
2670         (JSC::ARMv7Assembler::tst):
2671         (JSC::ARMv7Assembler::linkRecordSourceComparator):
2672         (JSC::ARMv7Assembler::link):
2673         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
2674         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
2675         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
2676         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
2677         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
2678         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
2679         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
2680         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
2681         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
2682         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
2683         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
2684         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
2685         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
2686         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
2687         * assembler/LinkBuffer.h:
2688         (JSC::LinkBuffer::linkCode):
2689         * assembler/MacroAssemblerARMv7.h:
2690         (JSC::MacroAssemblerARMv7::nearCall):
2691         (JSC::MacroAssemblerARMv7::call):
2692         (JSC::MacroAssemblerARMv7::ret):
2693         (JSC::MacroAssemblerARMv7::moveWithPatch):
2694         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
2695         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
2696         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
2697         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
2698         (JSC::MacroAssemblerARMv7::jump):
2699         (JSC::MacroAssemblerARMv7::makeBranch):
2700
2701 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
2702
2703         Make "Add optimised paths for a few maths functions" work on Qt
2704         https://bugs.webkit.org/show_bug.cgi?id=63893
2705
2706         Reviewed by Oliver Hunt.
2707
2708         Move the generated code to the .text section instead of .data section.
2709         Fix alignment for the 32 bit thunk code.
2710
2711         * jit/ThunkGenerators.cpp:
2712
2713 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
2714
2715         DFG JIT does not implement op_call.
2716         https://bugs.webkit.org/show_bug.cgi?id=63858
2717
2718         Reviewed by Gavin Barraclough.
2719
2720         * bytecode/CodeBlock.cpp:
2721         (JSC::CodeBlock::unlinkCalls):
2722         * bytecode/CodeBlock.h:
2723         (JSC::CodeBlock::setNumberOfCallLinkInfos):
2724         (JSC::CodeBlock::numberOfCallLinkInfos):
2725         * bytecompiler/BytecodeGenerator.cpp:
2726         (JSC::BytecodeGenerator::emitCall):
2727         (JSC::BytecodeGenerator::emitConstruct):
2728         * dfg/DFGAliasTracker.h:
2729         (JSC::DFG::AliasTracker::lookupGetByVal):
2730         (JSC::DFG::AliasTracker::recordCall):
2731         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
2732         * dfg/DFGByteCodeParser.cpp:
2733         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2734         (JSC::DFG::ByteCodeParser::getLocal):
2735         (JSC::DFG::ByteCodeParser::getArgument):
2736         (JSC::DFG::ByteCodeParser::toInt32):
2737         (JSC::DFG::ByteCodeParser::addToGraph):
2738         (JSC::DFG::ByteCodeParser::addVarArgChild):
2739         (JSC::DFG::ByteCodeParser::predictInt32):
2740         (JSC::DFG::ByteCodeParser::parseBlock):
2741         (JSC::DFG::ByteCodeParser::processPhiStack):
2742         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
2743         * dfg/DFGGraph.cpp:
2744         (JSC::DFG::Graph::opName):
2745         (JSC::DFG::Graph::dump):
2746         (JSC::DFG::Graph::refChildren):
2747         * dfg/DFGGraph.h:
2748         * dfg/DFGJITCodeGenerator.cpp:
2749         (JSC::DFG::JITCodeGenerator::useChildren):
2750         (JSC::DFG::JITCodeGenerator::emitCall):
2751         * dfg/DFGJITCodeGenerator.h:
2752         (JSC::DFG::JITCodeGenerator::addressOfCallData):
2753         * dfg/DFGJITCompiler.cpp:
2754         (JSC::DFG::JITCompiler::compileFunction):
2755         * dfg/DFGJITCompiler.h:
2756         (JSC::DFG::CallRecord::CallRecord):
2757         (JSC::DFG::JITCompiler::notifyCall):
2758         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
2759         (JSC::DFG::JITCompiler::addJSCall):
2760         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2761         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
2762         * dfg/DFGNode.h:
2763         (JSC::DFG::Node::Node):
2764         (JSC::DFG::Node::child1):
2765         (JSC::DFG::Node::child2):
2766         (JSC::DFG::Node::child3):
2767         (JSC::DFG::Node::firstChild):
2768         (JSC::DFG::Node::numChildren):
2769         * dfg/DFGNonSpeculativeJIT.cpp:
2770         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2771         (JSC::DFG::NonSpeculativeJIT::compare):
2772         (JSC::DFG::NonSpeculativeJIT::compile):
2773         * dfg/DFGOperations.cpp:
2774         * dfg/DFGOperations.h:
2775         * dfg/DFGRepatch.cpp:
2776         (JSC::DFG::dfgLinkCall):
2777         * dfg/DFGRepatch.h:
2778         * dfg/DFGSpeculativeJIT.cpp:
2779         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2780         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
2781         (JSC::DFG::SpeculativeJIT::compile):
2782         * dfg/DFGSpeculativeJIT.h:
2783         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2784         * interpreter/CallFrame.h:
2785         (JSC::ExecState::calleeAsValue):
2786         * jit/JIT.cpp:
2787         (JSC::JIT::JIT):
2788         (JSC::JIT::privateCompileMainPass):
2789         (JSC::JIT::privateCompileSlowCases):
2790         (JSC::JIT::privateCompile):
2791         (JSC::JIT::linkCall):
2792         (JSC::JIT::linkConstruct):
2793         * jit/JITCall.cpp:
2794         (JSC::JIT::compileOpCall):
2795         * jit/JITCode.h:
2796         (JSC::JITCode::JITCode):
2797         (JSC::JITCode::jitType):
2798         (JSC::JITCode::HostFunction):
2799         * runtime/JSFunction.h:
2800         * runtime/JSGlobalData.h:
2801
2802 2011-07-05  Oliver Hunt  <oliver@apple.com>
2803
2804         Initialize new MarkStack member
2805
2806         * heap/MarkStack.h:
2807         (JSC::MarkStack::MarkStack):
2808
2809 2011-07-05  Oliver Hunt  <oliver@apple.com>
2810
2811         Don't throw out compiled code repeatedly
2812         https://bugs.webkit.org/show_bug.cgi?id=63960
2813
2814         Reviewed by Gavin Barraclough.
2815
2816         Stop throwing away all compiled code every time
2817         we're told to do a full GC.  Instead unlink all
2818         callsites during such GC passes to maximise the
2819         number of collectable functions, but otherwise
2820         leave compiled functions alone.
2821
2822         * API/JSBase.cpp:
2823         (JSGarbageCollect):
2824         * bytecode/CodeBlock.cpp:
2825         (JSC::CodeBlock::visitAggregate):
2826         * heap/Heap.cpp:
2827         (JSC::Heap::collectAllGarbage):
2828         * heap/MarkStack.h:
2829         (JSC::MarkStack::shouldUnlinkCalls):
2830         (JSC::MarkStack::setShouldUnlinkCalls):
2831         * runtime/JSGlobalData.cpp:
2832         (JSC::JSGlobalData::recompileAllJSFunctions):
2833         (JSC::JSGlobalData::releaseExecutableMemory):
2834         * runtime/RegExp.cpp:
2835         (JSC::RegExp::compile):
2836         (JSC::RegExp::invalidateCode):
2837         * runtime/RegExp.h:
2838
2839 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
2840
2841         JSC JIT has code duplication for the handling of call and construct
2842         https://bugs.webkit.org/show_bug.cgi?id=63957
2843
2844         Reviewed by Gavin Barraclough.
2845
2846         * jit/JIT.cpp:
2847         (JSC::JIT::linkFor):
2848         * jit/JIT.h:
2849         * jit/JITStubs.cpp:
2850         (JSC::jitCompileFor):
2851         (JSC::DEFINE_STUB_FUNCTION):
2852         (JSC::arityCheckFor):
2853         (JSC::lazyLinkFor):
2854         * runtime/Executable.h:
2855         (JSC::ExecutableBase::generatedJITCodeFor):
2856         (JSC::FunctionExecutable::compileFor):
2857         (JSC::FunctionExecutable::isGeneratedFor):
2858         (JSC::FunctionExecutable::generatedBytecodeFor):
2859         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
2860
2861 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
2862
2863         Build fix following last patch.
2864
2865         * runtime/JSFunction.cpp:
2866         (JSC::createPrototypeProperty):
2867
2868 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
2869
2870         https://bugs.webkit.org/show_bug.cgi?id=63947
2871         ASSERT running Object.preventExtensions(Math.sin)
2872
2873         Reviewed by Oliver Hunt.
2874
2875         This is due to calling scope() on a hostFunction as a part of
2876         calling createPrototypeProperty to reify the prototype property.
2877         But host functions don't have a prototype property anyway!
2878
2879         Prevent callling createPrototypeProperty on a host function.
2880
2881         * runtime/JSFunction.cpp:
2882         (JSC::JSFunction::createPrototypeProperty):
2883         (JSC::JSFunction::preventExtensions):
2884
2885 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
2886
2887         https://bugs.webkit.org/show_bug.cgi?id=63880
2888         Evaluation order of conversions of operands to >, >= incorrect.
2889
2890         Reviewed by Sam Weinig.
2891
2892         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
2893         spec. This allows these methods to be reused to perform >, >= relational compares
2894         with correct ordering of type conversions.
2895
2896         * dfg/DFGOperations.cpp:
2897         * interpreter/Interpreter.cpp:
2898         (JSC::Interpreter::privateExecute):
2899         * jit/JITStubs.cpp:
2900         (JSC::DEFINE_STUB_FUNCTION):
2901         * runtime/Operations.h:
2902         (JSC::jsLess):
2903         (JSC::jsLessEq):
2904
2905 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
2906
2907         Reviewed by Sam Weinig.
2908
2909         https://bugs.webkit.org/show_bug.cgi?id=16652
2910         Firefox and JavaScriptCore differ in Number.toString(integer)
2911
2912         Our arbitrary radix (2..36) toString conversion is inaccurate.
2913         This is partly because it uses doubles to perform math that requires
2914         higher accuracy, and partly becasue it does not attempt to correctly
2915         detect where to terminate, instead relying on a simple 'epsilon'.
2916
2917         * runtime/NumberPrototype.cpp:
2918         (JSC::decomposeDouble):
2919             - helper function to extract sign, exponent, mantissa from IEEE doubles.
2920         (JSC::Uint16WithFraction::Uint16WithFraction):
2921             - helper class, u16int with infinite precision fraction, used to convert
2922               the fractional part of the number to a string.
2923         (JSC::Uint16WithFraction::operator*=):
2924             - Multiply by a uint16.
2925         (JSC::Uint16WithFraction::operator<):
2926             - Compare two Uint16WithFractions.
2927         (JSC::Uint16WithFraction::floorAndSubtract):
2928             - Extract the integer portion of the number, and subtract it (clears the integer portion).
2929         (JSC::Uint16WithFraction::comparePoint5):
2930             - Compare to 0.5.
2931         (JSC::Uint16WithFraction::sumGreaterThanOne):
2932             - Passed a second Uint16WithFraction, returns true if the result of adding
2933               the two values would be greater than one.
2934         (JSC::Uint16WithFraction::isNormalized):
2935             - Used by ASSERTs to consistency check internal representation.
2936         (JSC::BigInteger::BigInteger):
2937             - helper class, unbounded integer value, used to convert the integer part
2938               of the number to a string.
2939         (JSC::BigInteger::divide):
2940             - Divide this value through by a uint32.
2941         (JSC::BigInteger::operator!):
2942             - test for zero.
2943         (JSC::toStringWithRadix):
2944             - Performs number to string conversion, with the given radix (2..36).
2945         (JSC::numberProtoFuncToString):
2946             - Changed to use toStringWithRadix.
2947
2948 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
2949
2950         https://bugs.webkit.org/show_bug.cgi?id=63881
2951         Need separate bytecodes for handling >, >= comparisons.
2952
2953         Reviewed by Oliver Hunt.
2954
2955         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
2956         as being using the corresponding op_less, etc opcodes.  This is incorrect with
2957         respect to evaluation ordering of the implicit conversions performed on operands -
2958         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
2959         but instead convert RHS then LHS.
2960
2961         This patch adds opcodes for greater-than comparisons mirroring existing ones used
2962         for less-than.
2963
2964         * bytecode/CodeBlock.cpp:
2965         (JSC::CodeBlock::dump):
2966         * bytecode/Opcode.h:
2967         * bytecompiler/BytecodeGenerator.cpp:
2968         (JSC::BytecodeGenerator::emitJumpIfTrue):
2969         (JSC::BytecodeGenerator::emitJumpIfFalse):
2970         * bytecompiler/NodesCodegen.cpp:
2971         * dfg/DFGByteCodeParser.cpp:
2972         (JSC::DFG::ByteCodeParser::parseBlock):
2973         * dfg/DFGNode.h:
2974         * dfg/DFGNonSpeculativeJIT.cpp:
2975         (JSC::DFG::NonSpeculativeJIT::compare):
2976         (JSC::DFG::NonSpeculativeJIT::compile):
2977         * dfg/DFGNonSpeculativeJIT.h:
2978         * dfg/DFGOperations.cpp:
2979         * dfg/DFGOperations.h:
2980         * dfg/DFGSpeculativeJIT.cpp:
2981         (JSC::DFG::SpeculativeJIT::compare):
2982         (JSC::DFG::SpeculativeJIT::compile):
2983         * dfg/DFGSpeculativeJIT.h:
2984         * interpreter/Interpreter.cpp:
2985         (JSC::Interpreter::privateExecute):
2986         * jit/JIT.cpp:
2987         (JSC::JIT::privateCompileMainPass):
2988         (JSC::JIT::privateCompileSlowCases):
2989         * jit/JIT.h:
2990         (JSC::JIT::emit_op_loop_if_greater):
2991         (JSC::JIT::emitSlow_op_loop_if_greater):
2992         (JSC::JIT::emit_op_loop_if_greatereq):
2993         (JSC::JIT::emitSlow_op_loop_if_greatereq):
2994         * jit/JITArithmetic.cpp:
2995         (JSC::JIT::emit_op_jgreater):
2996         (JSC::JIT::emit_op_jgreatereq):
2997         (JSC::JIT::emit_op_jngreater):
2998         (JSC::JIT::emit_op_jngreatereq):
2999         (JSC::JIT::emitSlow_op_jgreater):
3000         (JSC::JIT::emitSlow_op_jgreatereq):
3001         (JSC::JIT::emitSlow_op_jngreater):
3002         (JSC::JIT::emitSlow_op_jngreatereq):
3003         (JSC::JIT::emit_compareAndJumpSlow):
3004         * jit/JITArithmetic32_64.cpp:
3005         (JSC::JIT::emitBinaryDoubleOp):
3006         * jit/JITStubs.cpp:
3007         (JSC::DEFINE_STUB_FUNCTION):
3008         * jit/JITStubs.h:
3009         * parser/NodeConstructors.h:
3010         (JSC::GreaterNode::GreaterNode):
3011         (JSC::GreaterEqNode::GreaterEqNode):
3012         * parser/Nodes.h:
3013
3014 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
3015
3016         https://bugs.webkit.org/show_bug.cgi?id=63879
3017         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
3018
3019         Reviewed by Sam Weinig.
3020         
3021         There is a lot of copy & paste code here; we can reduce duplication by making
3022         a shared implementation.
3023
3024         * assembler/MacroAssembler.h:
3025         (JSC::MacroAssembler::branch32):
3026         (JSC::MacroAssembler::commute):
3027             - Make these function platform agnostic.
3028         * assembler/MacroAssemblerX86Common.h:
3029             - Moved branch32/commute up to MacroAssembler.
3030         * jit/JIT.h:
3031         (JSC::JIT::emit_op_loop_if_lesseq):
3032         (JSC::JIT::emitSlow_op_loop_if_lesseq):
3033             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
3034         * jit/JITArithmetic.cpp:
3035         (JSC::JIT::emit_op_jless):
3036         (JSC::JIT::emit_op_jlesseq):
3037         (JSC::JIT::emit_op_jnless):
3038         (JSC::JIT::emit_op_jnlesseq):
3039         (JSC::JIT::emitSlow_op_jless):
3040         (JSC::JIT::emitSlow_op_jlesseq):
3041         (JSC::JIT::emitSlow_op_jnless):
3042         (JSC::JIT::emitSlow_op_jnlesseq):
3043             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
3044         (JSC::JIT::emit_compareAndJump):
3045         (JSC::JIT::emit_compareAndJumpSlow):
3046             - Internal implmementation of jless etc for JSVALUE64.
3047         * jit/JITArithmetic32_64.cpp:
3048         (JSC::JIT::emit_compareAndJump):
3049         (JSC::JIT::emit_compareAndJumpSlow):
3050             - Internal implmementation of jless etc for JSVALUE32_64.
3051         * jit/JITOpcodes.cpp:
3052         * jit/JITOpcodes32_64.cpp:
3053         * jit/JITStubs.cpp:
3054         * jit/JITStubs.h:
3055             - Remove old implementation of emit_op_loop_if_lesseq.
3056
3057 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
3058
3059         Unreviewed, rolling out r90347.
3060         http://trac.webkit.org/changeset/90347
3061         https://bugs.webkit.org/show_bug.cgi?id=63886
3062
3063         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
3064         (Requested by tkent on #webkit).
3065
3066         * JavaScriptCore.xcodeproj/project.pbxproj:
3067         * runtime/BigInteger.h: Removed.
3068         * runtime/NumberPrototype.cpp:
3069         (JSC::numberProtoFuncToPrecision):
3070         (JSC::numberProtoFuncToString):
3071         * runtime/Uint16WithFraction.h: Removed.
3072         * wtf/MathExtras.h:
3073
3074 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
3075
3076         Reviewed by Sam Weinig.
3077
3078         https://bugs.webkit.org/show_bug.cgi?id=16652
3079         Firefox and JavaScriptCore differ in Number.toString(integer)
3080
3081         Our arbitrary radix (2..36) toString conversion is inaccurate.
3082         This is partly because it uses doubles to perform math that requires
3083         higher accuracy, and partly becasue it does not attempt to correctly
3084         detect where to terminate, instead relying on a simple 'epsilon'.
3085
3086         * runtime/NumberPrototype.cpp:
3087         (JSC::decomposeDouble):
3088             - helper function to extract sign, exponent, mantissa from IEEE doubles.
3089         (JSC::Uint16WithFraction::Uint16WithFraction):
3090             - helper class, u16int with infinite precision fraction, used to convert
3091               the fractional part of the number to a string.
3092         (JSC::Uint16WithFraction::operator*=):
3093             - Multiply by a uint16.
3094         (JSC::Uint16WithFraction::operator<):
3095             - Compare two Uint16WithFractions.
3096         (JSC::Uint16WithFraction::floorAndSubtract):
3097             - Extract the integer portion of the number, and subtract it (clears the integer portion).
3098         (JSC::Uint16WithFraction::comparePoint5):
3099             - Compare to 0.5.
3100         (JSC::Uint16WithFraction::sumGreaterThanOne):
3101             - Passed a second Uint16WithFraction, returns true if the result of adding
3102               the two values would be greater than one.
3103         (JSC::Uint16WithFraction::isNormalized):
3104             - Used by ASSERTs to consistency check internal representation.
3105         (JSC::BigInteger::BigInteger):
3106             - helper class, unbounded integer value, used to convert the integer part
3107               of the number to a string.
3108         (JSC::BigInteger::divide):
3109             - Divide this value through by a uint32.
3110         (JSC::BigInteger::operator!):
3111             - test for zero.
3112         (JSC::toStringWithRadix):
3113             - Performs number to string conversion, with the given radix (2..36).
3114         (JSC::numberProtoFuncToString):
3115             - Changed to use toStringWithRadix.
3116
3117 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
3118
3119         https://bugs.webkit.org/show_bug.cgi?id=63866
3120         DFG JIT - implement instanceof
3121
3122         Reviewed by Sam Weinig.
3123
3124         Add ops CheckHasInstance & InstanceOf to implement bytecodes
3125         op_check_has_instance & op_instanceof. This is an initial
3126         functional implementation, performance is a wash. We can
3127         follow up with changes to fuse the InstanceOf node with
3128         a subsequant branch, as we do with other comparisons.
3129
3130         * dfg/DFGByteCodeParser.cpp:
3131         (JSC::DFG::ByteCodeParser::parseBlock):
3132         * dfg/DFGJITCompiler.cpp:
3133         (JSC::DFG::JITCompiler::jitAssertIsCell):
3134         * dfg/DFGJITCompiler.h:
3135         (JSC::DFG::JITCompiler::jitAssertIsCell):
3136         * dfg/DFGNode.h:
3137         * dfg/DFGNonSpeculativeJIT.cpp:
3138         (JSC::DFG::NonSpeculativeJIT::compile):
3139         * dfg/DFGOperations.cpp:
3140         * dfg/DFGOperations.h:
3141         * dfg/DFGSpeculativeJIT.cpp:
3142         (JSC::DFG::SpeculativeJIT::compile):
3143
3144 2011-07-01  Oliver Hunt  <oliver@apple.com>
3145
3146         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
3147         https://bugs.webkit.org/show_bug.cgi?id=63732
3148
3149         Reviewed by Gavin Barraclough.
3150
3151         Initialise the memory at the head of the new storage so that
3152         GC is safe if triggered by reportExtraMemoryCost.
3153
3154         * runtime/JSArray.cpp:
3155         (JSC::JSArray::increaseVectorPrefixLength):
3156
3157 2011-07-01  Oliver Hunt  <oliver@apple.com>
3158
3159         GC sweep can occur before an object is completely initialised
3160         https://bugs.webkit.org/show_bug.cgi?id=63836
3161
3162         Reviewed by Gavin Barraclough.
3163
3164         In rare cases it's possible for a GC sweep to occur while a
3165         live, but not completely initialised object is on the stack.
3166         In such a case we may incorrectly choose to mark it, even
3167         though it has no children that need marking.
3168
3169         We resolve this by always zeroing out the structure of any
3170         value returned from JSCell::operator new(), and making the
3171         markstack tolerant of a null structure. 
3172
3173         * runtime/JSCell.h:
3174         (JSC::JSCell::JSCell::~JSCell):
3175         (JSC::JSCell::JSCell::operator new):
3176         * runtime/Structure.h:
3177         (JSC::MarkStack::internalAppend):
3178
3179 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
3180
3181         Reviewed by Gavin Barraclough.
3182
3183         DFG non-speculative JIT always performs slow C calls for div and mod.
3184         https://bugs.webkit.org/show_bug.cgi?id=63684
3185
3186         * dfg/DFGNonSpeculativeJIT.cpp:
3187         (JSC::DFG::NonSpeculativeJIT::compile):
3188
3189 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
3190
3191         Reviewed by Oliver Hunt.
3192
3193         Lexer error messages are currently appalling
3194         https://bugs.webkit.org/show_bug.cgi?id=63340
3195
3196         Added error messages for the Lexer. These messages will be displayed
3197         instead of the lexer error messages from the parser that are currently
3198         shown.
3199
3200         * parser/Lexer.cpp:
3201         (JSC::Lexer::getInvalidCharMessage):
3202         (JSC::Lexer::setCode):
3203         (JSC::Lexer::parseString):
3204         (JSC::Lexer::lex):
3205         (JSC::Lexer::clear):
3206         * parser/Lexer.h:
3207         (JSC::Lexer::getErrorMessage):
3208         (JSC::Lexer::setOffset):
3209         * parser/Parser.cpp:
3210         (JSC::Parser::parse):
3211
3212 2011-07-01  Jungshik Shin  <jshin@chromium.org>
3213
3214         Reviewed by Alexey Proskuryakov.
3215
3216         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
3217         build files for ports not using ICU.
3218         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
3219         ICU 3.6 (the version used on Mac OS 10.5)
3220
3221         http://bugs.webkit.org/show_bug.cgi?id=20797
3222
3223         * GNUmakefile.list.am:
3224         * JavaScriptCore.gypi:
3225         * icu/unicode/uscript.h: Added for UScriptCode enum.
3226         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
3227         * wtf/unicode/icu/UnicodeIcu.h:
3228         * wtf/unicode/brew/UnicodeBrew.h:
3229         * wtf/unicode/glib/UnicodeGLib.h:
3230         * wtf/unicode/qt4/UnicodeQt4.h:
3231         * wtf/unicode/wince/UnicodeWinCE.h:
3232
3233 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
3234
3235         Reviewed by Sam Weinig.
3236
3237         https://bugs.webkit.org/show_bug.cgi?id=63819
3238         Escaping of forwardslashes in strings incorrect if multiple exist.
3239
3240         The bug is in the parameters passed to a substring - should be
3241         start & length, but we're passing start & end indices!
3242
3243         * runtime/RegExpObject.cpp:
3244         (JSC::regExpObjectSource):
3245
3246 2011-07-01  Adam Roben  <aroben@apple.com>
3247
3248         Roll out r90194
3249         http://trac.webkit.org/changeset/90194
3250         https://bugs.webkit.org/show_bug.cgi?id=63778
3251
3252         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
3253         assertions in WriteBarrierBase<JSC::Structure>::get
3254
3255         * runtime/JSCell.h:
3256         (JSC::JSCell::JSCell::~JSCell):
3257
3258 2011-06-30  Oliver Hunt  <oliver@apple.com>
3259
3260         Reviewed by Gavin Barraclough.
3261
3262         Add optimised paths for a few maths functions
3263         https://bugs.webkit.org/show_bug.cgi?id=63757
3264
3265         Relanding as a Mac only patch.
3266
3267         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
3268         Math.floor, Math.log, and Math.exp as they are apparently more
3269         important in real web content than we thought, which is somewhat
3270         mind-boggling.  On average doubles the performance of the common
3271         cases (eg. actually passing numbers in).  They're not as efficient
3272         as they could be, but this way gives them the most portability.
3273
3274         * assembler/MacroAssemblerARM.h:
3275         (JSC::MacroAssemblerARM::supportsDoubleBitops):
3276         (JSC::MacroAssemblerARM::andnotDouble):
3277         * assembler/MacroAssemblerARMv7.h:
3278         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
3279         (JSC::MacroAssemblerARMv7::andnotDouble):
3280         * assembler/MacroAssemblerMIPS.h:
3281         (JSC::MacroAssemblerMIPS::andnotDouble):
3282         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
3283         * assembler/MacroAssemblerSH4.h:
3284         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
3285         (JSC::MacroAssemblerSH4::andnotDouble):
3286         * assembler/MacroAssemblerX86.h:
3287         (JSC::MacroAssemblerX86::supportsDoubleBitops):
3288         * assembler/MacroAssemblerX86Common.h:
3289         (JSC::MacroAssemblerX86Common::andnotDouble):
3290         * assembler/MacroAssemblerX86_64.h:
3291         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
3292         * assembler/X86Assembler.h:
3293         (JSC::X86Assembler::andnpd_rr):
3294         * create_hash_table:
3295         * jit/SpecializedThunkJIT.h:
3296         (JSC::SpecializedThunkJIT::finalize):
3297         (JSC::SpecializedThunkJIT::callDoubleToDouble):
3298         * jit/ThunkGenerators.cpp:
3299         (JSC::floorThunkGenerator):
3300         (JSC::ceilThunkGenerator):
3301         (JSC::roundThunkGenerator):
3302         (JSC::expThunkGenerator):
3303         (JSC::logThunkGenerator):
3304         (JSC::absThunkGenerator):
3305         * jit/ThunkGenerators.h:
3306
3307 2011-07-01  David Kilzer  <ddkilzer@apple.com>
3308
3309         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
3310
3311         Fixes the following build error in clang:
3312
3313             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
3314                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
3315                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
3316             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
3317                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
3318                                                 ^
3319                      (                         )
3320             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
3321             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
3322             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
3323                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
3324                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3325             1 error generated.
3326
3327         * jit/JITOpcodes32_64.cpp:
3328         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
3329         tertiary expression evaluate first.
3330
3331 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
3332
3333         Unreviewed, rolling out r90177 and r90179.
3334         http://trac.webkit.org/changeset/90177
3335         http://trac.webkit.org/changeset/90179
3336         https://bugs.webkit.org/show_bug.cgi?id=63790
3337
3338         It caused crashes on Qt in debug mode (Requested by Ossy on
3339         #webkit).
3340
3341         * assembler/MacroAssemblerARM.h:
3342         (JSC::MacroAssemblerARM::rshift32):
3343         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
3344         (JSC::MacroAssemblerARM::sqrtDouble):
3345         * assembler/MacroAssemblerARMv7.h:
3346         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
3347         (JSC::MacroAssemblerARMv7::sqrtDouble):
3348         * assembler/MacroAssemblerMIPS.h:
3349         (JSC::MacroAssemblerMIPS::sqrtDouble):
3350         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
3351         * assembler/MacroAssemblerSH4.h:
3352         (JSC::MacroAssemblerSH4::sqrtDouble):
3353         * assembler/MacroAssemblerX86.h:
3354         * assembler/MacroAssemblerX86Common.h:
3355         * assembler/MacroAssemblerX86_64.h:
3356         * assembler/X86Assembler.h:
3357         * create_hash_table:
3358         * jit/JSInterfaceJIT.h:
3359         (JSC::JSInterfaceJIT::emitLoadDouble):
3360         * jit/SpecializedThunkJIT.h:
3361         (JSC::SpecializedThunkJIT::finalize):
3362         * jit/ThunkGenerators.cpp:
3363         * jit/ThunkGenerators.h:
3364
3365 2011-06-30  Oliver Hunt  <oliver@apple.com>
3366
3367         Reviewed by Beth Dakin.
3368
3369         Make GC validation clear cell structure on destruction
3370         https://bugs.webkit.org/show_bug.cgi?id=63778
3371
3372         * runtime/JSCell.h:
3373         (JSC::JSCell::JSCell::~JSCell):
3374
3375 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
3376
3377         Reviewed by Gavin Barraclough.
3378
3379         Added write barrier that was missing from put_by_id_transition
3380         https://bugs.webkit.org/show_bug.cgi?id=63775
3381
3382         * dfg/DFGJITCodeGenerator.cpp:
3383         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
3384         MacroAssembler& argument so our patching functions could use it.
3385
3386         (JSC::DFG::JITCodeGenerator::cachedPutById):
3387         * dfg/DFGJITCodeGenerator.h:
3388         * dfg/DFGNonSpeculativeJIT.cpp:
3389         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
3390
3391         * dfg/DFGRepatch.cpp:
3392         (JSC::DFG::tryCachePutByID): Missing barrier!
3393
3394         * dfg/DFGSpeculativeJIT.cpp:
3395         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
3396
3397         * jit/JITPropertyAccess.cpp:
3398         (JSC::JIT::privateCompilePutByIdTransition):
3399         * jit/JITPropertyAccess32_64.cpp:
3400         (JSC::JIT::privateCompilePutByIdTransition):
3401         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
3402         because its meaning isn't clear -- maybe in the future we'll have a
3403         clear way to pass all stores through a common function that guarantees
3404         a write barrier, but that's not the case right now.
3405
3406 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
3407
3408         Reviewed by Gavin Barraclough.
3409
3410         DFG non-speculative JIT does not reuse registers when compiling comparisons.
3411         https://bugs.webkit.org/show_bug.cgi?id=63565
3412
3413         * dfg/DFGNonSpeculativeJIT.cpp:
3414         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
3415         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
3416         (JSC::DFG::NonSpeculativeJIT::compare):
3417
3418 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
3419
3420         Reviewed by Gavin Barraclough.
3421
3422         Added empty write barrier stubs in all the right places in the DFG JIT
3423         https://bugs.webkit.org/show_bug.cgi?id=63764
3424         
3425         SunSpider thinks this might be a 0.5% speedup. Meh.
3426
3427         * dfg/DFGJITCodeGenerator.cpp:
3428         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
3429
3430         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
3431         for the case where base == scratch, since we now require base and scratch
3432         to be not equal, for the sake of the write barrier.
3433
3434         * dfg/DFGJITCodeGenerator.h: Le stub.
3435
3436         * dfg/DFGNonSpeculativeJIT.cpp:
3437         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
3438         as the scratch register, since that's incompatible with the write barrier,
3439         which needs a distinct base and scratch.
3440         
3441         Do put the global object into a register before loading its var storage,
3442         since it needs to be in a register for the write barrier to operate on it.
3443
3444         * dfg/DFGSpeculativeJIT.cpp:
3445         (JSC::DFG::SpeculativeJIT::compile):
3446         * jit/JITPropertyAccess.cpp:
3447         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
3448
3449         * jit/JITPropertyAccess.cpp:
3450         (JSC::JIT::emit_op_get_scoped_var):
3451         (JSC::JIT::emit_op_put_scoped_var):
3452         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
3453         places.
3454
3455         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
3456         is a little more than meaningless.
3457
3458         * jit/JITPropertyAccess32_64.cpp:
3459         (JSC::JIT::emit_op_get_scoped_var):
3460         (JSC::JIT::emit_op_put_scoped_var):
3461         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
3462         places.
3463
3464         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
3465         is a little more than meaningless.
3466
3467         * runtime/JSVariableObject.h:
3468         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
3469         we put the global object in a register and only then load its var storage
3470         by offset.
3471
3472         (JSC::JIT::emitWriteBarrier):
3473
3474 2011-06-30  Oliver Hunt  <oliver@apple.com>
3475
3476         Fix ARMv6 build
3477
3478         * assembler/MacroAssemblerARM.h:
3479         (JSC::MacroAssemblerARM::rshift32):
3480
3481 2011-06-30  Oliver Hunt  <oliver@apple.com>
3482
3483         Reviewed by Gavin Barraclough.
3484
3485         Add optimised paths for a few maths functions
3486         https://bugs.webkit.org/show_bug.cgi?id=63757
3487
3488         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
3489         Math.floor, Math.log, and Math.exp as they are apparently more
3490         important in real web content than we thought, which is somewhat
3491         mind-boggling.  On average doubles the performance of the common
3492         cases (eg. actually passing numbers in).  They're not as efficient
3493         as they could be, but this way gives them the most portability.
3494
3495         * assembler/MacroAssemblerARM.h:
3496         (JSC::MacroAssemblerARM::supportsDoubleBitops):
3497         (JSC::MacroAssemblerARM::andnotDouble):
3498         * assembler/MacroAssemblerARMv7.h:
3499         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
3500         (JSC::MacroAssemblerARMv7::andnotDouble):
3501         * assembler/MacroAssemblerMIPS.h:
3502         (JSC::MacroAssemblerMIPS::andnotDouble):
3503         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
3504         * assembler/MacroAssemblerSH4.h:
3505         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
3506         (JSC::MacroAssemblerSH4::andnotDouble):
3507         * assembler/MacroAssemblerX86.h:
3508         (JSC::MacroAssemblerX86::supportsDoubleBitops):
3509         * assembler/MacroAssemblerX86Common.h:
3510         (JSC::MacroAssemblerX86Common::andnotDouble):
3511         * assembler/MacroAssemblerX86_64.h:
3512         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
3513         * assembler/X86Assembler.h:
3514         (JSC::X86Assembler::andnpd_rr):
3515         * create_hash_table:
3516         * jit/SpecializedThunkJIT.h:
3517         (JSC::SpecializedThunkJIT::finalize):
3518         (JSC::SpecializedThunkJIT::callDoubleToDouble):
3519         * jit/ThunkGenerators.cpp:
3520         (JSC::floorThunkGenerator):
3521         (JSC::ceilThunkGenerator):
3522         (JSC::roundThunkGenerator):
3523         (JSC::expThunkGenerator):
3524         (JSC::logThunkGenerator):
3525         (JSC::absThunkGenerator):
3526         * jit/ThunkGenerators.h:
3527
3528 2011-06-30  Cary Clark  <caryclark@google.com>
3529
3530         Reviewed by James Robinson.
3531
3532         Use Skia if Skia on Mac Chrome is enabled
3533         https://bugs.webkit.org/show_bug.cgi?id=62999
3534
3535         * wtf/Platform.h:
3536         Add switch to use Skia if, externally,
3537         Skia has been enabled by a gyp define.
3538
3539 2011-06-30  Juan C. Montemayor  <jmont@apple.com>
3540
3541         Reviewed by Geoffrey Garen.
3542
3543         Web Inspector fails to display source for eval with syntax error
3544         https://bugs.webkit.org/show_bug.cgi?id=63583
3545
3546         Web Inspector now displays a link to an eval statement that contains
3547         a syntax error.
3548
3549         * parser/Parser.h:
3550         (JSC::isEvalNode):
3551         (JSC::EvalNode):
3552         (JSC::Parser::parse):
3553
3554 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
3555
3556         Reviewed by Gavin Barraclough.
3557
3558         X86Assembler does not encode byte registers in 64-bit mode correctly.
3559         https://bugs.webkit.org/show_bug.cgi?id=63665
3560
3561         * assembler/X86Assembler.h:
3562         (JSC::X86Assembler::testb_rr):
3563         (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
3564
3565 2011-06-30  Sheriff Bot  <webkit.review.bot@gmail.com>
3566
3567         Unreviewed, rolling out r90102.
3568         http://trac.webkit.org/changeset/90102
3569         https://bugs.webkit.org/show_bug.cgi?id=63714
3570
3571         Lots of tests asserting beneath
3572         SVGSMILElement::findInstanceTime (Requested by aroben on
3573         #webkit).
3574
3575         * wtf/StdLibExtras.h:
3576         (WTF::binarySearch):
3577
3578 2011-06-30  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
3579
3580         Reviewed by Nikolas Zimmermann.
3581
3582         Speed up SVGSMILElement::findInstanceTime.
3583         https://bugs.webkit.org/show_bug.cgi?id=61025
3584
3585         Add a new parameter to StdlibExtras.h::binarySerarch function
3586         to also handle cases when the array does not contain the key value.
3587         This is needed for an svg function.
3588
3589         * wtf/StdLibExtras.h:
3590         (WTF::binarySearch):
3591
3592 2011-06-29  Gavin Barraclough  <barraclough@apple.com>
3593
3594         Reviewed by Geoff Garen.
3595
3596         https://bugs.webkit.org/show_bug.cgi?id=63669
3597         DFG JIT - fix spectral-norm regression
3598
3599         The problem is a mis-speculation leading to us falling off the speculative path.
3600         Make the speculation logic slightly smarter, don't predict int if one of the
3601         operands is already loaded as a double (we use this logic already for compares).
3602
3603         * dfg/DFGSpeculativeJIT.cpp:
3604         (JSC::DFG::SpeculativeJIT::compile):
3605         * dfg/DFGSpeculativeJIT.h:
3606         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
3607
3608 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
3609
3610         Reviewed by Gavin Barraclough.
3611
3612         DFG JIT does not do put_by_id transition caching.
3613         https://bugs.webkit.org/show_bug.cgi?id=63662
3614
3615         * dfg/DFGJITCodeGenerator.cpp:
3616         (JSC::DFG::JITCodeGenerator::cachedPutById):
3617         * dfg/DFGJITCompiler.h:
3618         (JSC::DFG::JITCompiler::addPropertyAccess):
3619         * dfg/DFGRepatch.cpp:
3620         (JSC::DFG::testPrototype):
3621         (JSC::DFG::tryCachePutByID):
3622
3623 2011-06-29  Geoffrey Garen  <ggaren@apple.com>
3624
3625         Reviewed by Oliver Hunt.
3626
3627         Added a dummy write barrier emitting function in all the right places in the old JIT
3628         https://bugs.webkit.org/show_bug.cgi?id=63667
3629         
3630         SunSpider reports no change.
3631
3632         * jit/JIT.h:
3633         * jit/JITPropertyAccess.cpp:
3634         (JSC::JIT::emit_op_put_by_id):
3635         (JSC::JIT::emit_op_put_scoped_var): Do it.
3636
3637         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
3638         for the sake of the write barrier.
3639
3640         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
3641
3642         * jit/JITPropertyAccess32_64.cpp:
3643         (JSC::JIT::emit_op_put_by_val):
3644         (JSC::JIT::emit_op_put_by_id):
3645         (JSC::JIT::emit_op_put_scoped_var): Do it.
3646
3647         (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
3648         for the sake of the write barrier.
3649
3650         (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
3651
3652 2011-06-29  Filip Pizlo  <fpizlo@apple.com>
3653
3654         Reviewed by Gavin Barraclough.
3655
3656         DFG JIT does not perform get_by_id self list caching.
3657         https://bugs.webkit.org/show_bug.cgi?id=63605
3658
3659         * bytecode/StructureStubInfo.h:
3660         * dfg/DFGJITCompiler.cpp:
3661         (JSC::DFG::JITCompiler::compileFunction):
3662         * dfg/DFGOperations.cpp:
3663         * dfg/DFGOperations.h:
3664         * dfg/DFGRepatch.cpp:
3665         (JSC::DFG::tryCacheGetByID):
3666         (JSC::DFG::tryBuildGetByIDList):
3667         (JSC::DFG::dfgBuildGetByIDList):
3668         * dfg/DFGRepatch.h:
3669
3670 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
3671
3672         Reviewed by Gavin Barraclough.
3673
3674         DFG JIT lacks array.length caching.
3675         https://bugs.webkit.org/show_bug.cgi?id=63505
3676
3677         * bytecode/StructureStubInfo.h:
3678         * dfg/DFGJITCodeGenerator.cpp:
3679         (JSC::DFG::JITCodeGenerator::cachedGetById):
3680         (JSC::DFG::JITCodeGenerator::cachedPutById):
3681         * dfg/DFGJITCodeGenerator.h:
3682         (JSC::DFG::JITCodeGenerator::tryAllocate):
3683         (JSC::DFG::JITCodeGenerator::selectScratchGPR):
3684         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
3685         * dfg/DFGJITCompiler.cpp:
3686         (JSC::DFG::JITCompiler::compileFunction):
3687         * dfg/DFGJITCompiler.h:
3688         (JSC::DFG::JITCompiler::addPropertyAccess):
3689         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
3690         * dfg/DFGRegisterBank.h:
3691         (JSC::DFG::RegisterBank::tryAllocate):
3692         * dfg/DFGRepatch.cpp:
3693         (JSC::DFG::tryCacheGetByID):
3694
3695 2011-06-28  Pierre Rossi  <pierre.rossi@gmail.com>
3696
3697         Reviewed by Eric Seidel.
3698
3699         Warnings in JSC's JIT on 32 bit
3700         https://bugs.webkit.org/show_bug.cgi?id=63259
3701
3702         Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
3703
3704         * jit/JITPropertyAccess32_64.cpp:
3705         (JSC::JIT::emit_op_method_check):
3706         (JSC::JIT::compileGetByIdHotPath):
3707         (JSC::JIT::emit_op_put_by_id):
3708
3709 2011-06-28  Sheriff Bot  <webkit.review.bot@gmail.com>
3710
3711         Unreviewed, rolling out r89968.
3712         http://trac.webkit.org/changeset/89968
3713         https://bugs.webkit.org/show_bug.cgi?id=63581
3714
3715         Broke chromium windows compile (Requested by jamesr on
3716         #webkit).
3717
3718         * wtf/Platform.h:
3719
3720 2011-06-28  Oliver Hunt  <oliver@apple.com>
3721
3722         Reviewed by Gavin Barraclough.
3723
3724         Fix sampling build
3725         https://bugs.webkit.org/show_bug.cgi?id=63579
3726
3727         Gets opcode sampling building again, doesn't seem to work alas
3728
3729         * bytecode/SamplingTool.cpp:
3730         (JSC::SamplingTool::notifyOfScope):
3731         * bytecode/SamplingTool.h:
3732         (JSC::SamplingTool::SamplingTool):
3733         * interpreter/Interpreter.cpp:
3734         (JSC::Interpreter::enableSampler):
3735         * runtime/Executable.h:
3736         (JSC::ScriptExecutable::ScriptExecutable):
3737
3738 2011-06-28  Cary Clark  <caryclark@google.com>
3739
3740         Reviewed by James Robinson.
3741
3742         Use Skia if Skia on Mac Chrome is enabled
3743         https://bugs.webkit.org/show_bug.cgi?id=62999
3744
3745         * wtf/Platform.h:
3746         Add switch to use Skia if, externally,
3747         Skia has been enabled by a gyp define.
3748
3749 2011-06-28  Oliver Hunt  <oliver@apple.com>
3750
3751         Reviewed by Gavin Barraclough.
3752
3753         ASSERT when launching debug builds with interpreter and jit enabled
3754         https://bugs.webkit.org/show_bug.cgi?id=63566
3755
3756         Add appropriate guards to the various Executable's memory reporting
3757         logic.
3758
3759         * runtime/Executable.cpp:
3760         (JSC::EvalExecutable::compileInternal):
3761         (JSC::ProgramExecutable::compileInternal):
3762         (JSC::FunctionExecutable::compileForCallInternal):
3763         (JSC::FunctionExecutable::compileForConstructInternal):
3764
3765 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
3766
3767         Reviewed by Oliver Hunt.
3768
3769         https://bugs.webkit.org/show_bug.cgi?id=63563
3770         DFG JIT - add support for double arith to speculative path
3771
3772         Add integer support for div & mod, add double support for div, mod,
3773         add, sub & mul, dynamically selecting based on operand types.
3774
3775         * dfg/DFGJITCodeGenerator.cpp:
3776         (JSC::DFG::FPRTemporary::FPRTemporary):
3777         * dfg/DFGJITCodeGenerator.h:
3778         * dfg/DFGJITCompiler.h:
3779         (JSC::DFG::JITCompiler::assembler):
3780         * dfg/DFGSpeculativeJIT.cpp:
3781         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3782         (JSC::DFG::SpeculativeJIT::compile):
3783         * dfg/DFGSpeculativeJIT.h:
3784         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
3785         (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
3786         (JSC::DFG::SpeculateDoubleOperand::index):
3787         (JSC::DFG::SpeculateDoubleOperand::fpr):
3788
3789 2011-06-28  Oliver Hunt  <oliver@apple.com>
3790
3791         Fix interpreter build.
3792
3793         * interpreter/Interpreter.cpp:
3794         (JSC::Interpreter::privateExecute):
3795
3796 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
3797
3798         Reviewed by Oliver Hunt.
3799
3800         https://bugs.webkit.org/show_bug.cgi?id=63561
3801         DFG JIT - don't always assume integer in relational compare
3802
3803         If neither operand is known integer, or either is in double representation,
3804         then at least use a function call (don't bail off the speculative path).
3805
3806         * dfg/DFGSpeculativeJIT.cpp:
3807         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
3808         (JSC::DFG::SpeculativeJIT::compile):
3809         * dfg/DFGSpeculativeJIT.h:
3810         (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
3811         (JSC::DFG::SpeculativeJIT::compareIsInteger):
3812
3813 2011-06-28  Oliver Hunt  <oliver@apple.com>
3814
3815         Reviewed by Gavin Barraclough.
3816
3817         Make constant array optimisation less strict about what constitutes a constant
3818         https://bugs.webkit.org/show_bug.cgi?id=63554
3819
3820         Now allow string constants in array literals to actually be considered constant,
3821         and so avoid codegen in array literals with strings in them.
3822
3823         * bytecode/CodeBlock.h:
3824         (JSC::CodeBlock::addConstantBuffer):
3825         (JSC::CodeBlock::constantBuffer):
3826         * bytecompiler/BytecodeGenerator.cpp:
3827         (JSC::BytecodeGenerator::addConstantBuffer):
3828         (JSC::BytecodeGenerator::addStringConstant):
3829         (JSC::BytecodeGenerator::emitNewArray):
3830         * bytecompiler/BytecodeGenerator.h:
3831         * interpreter/Interpreter.cpp:
3832         (JSC::Interpreter::privateExecute):
3833         * jit/JITStubs.cpp:
3834         (JSC::DEFINE_STUB_FUNCTION):
3835
3836 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
3837
3838         Reviewed by Oliver Hunt.
3839
3840         https://bugs.webkit.org/show_bug.cgi?id=63560
3841         DFG_JIT allow allocation of specific machine registers
3842
3843         This allow us to allocate the registers necessary to perform x86
3844         idiv instructions for div/mod, and may be useful for shifts, too.
3845
3846         * dfg/DFGJITCodeGenerator.cpp:
3847         (JSC::DFG::GPRTemporary::GPRTemporary):
3848         * dfg/DFGJITCodeGenerator.h:
3849         (JSC::DFG::JITCodeGenerator::allocate):
3850         (JSC::DFG::GPRResult::GPRResult):
3851         * dfg/DFGRegisterBank.h:
3852         (JSC::DFG::RegisterBank::allocateSpecific):
3853         * dfg/DFGSpeculativeJIT.h:
3854         (JSC::DFG::SpeculativeJIT::isInteger):
3855
3856 2011-06-28  Gavin Barraclough  <barraclough@apple.com>
3857
3858         Reviewed by Oliver Hunt.
3859
3860         https://bugs.webkit.org/show_bug.cgi?id=55040
3861         RegExp constructor returns the argument regexp instead of a new object
3862
3863         Per 15.10.3.1, our current behaviour is correct if called as a function,
3864         but incorrect when called as a constructor.
3865
3866         * runtime/RegExpConstructor.cpp:
3867         (JSC::constructRegExp):
3868         (JSC::constructWithRegExpConstructor):
3869         * runtime/RegExpConstructor.h:
3870
3871 2011-06-28  Luke Macpherson   <macpherson@chromium.org>
3872
3873         Reviewed by Darin Adler.
3874
3875         Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
3876         https://bugs.webkit.org/show_bug.cgi?id=63469
3877
3878         * wtf/MathExtras.h:
3879         (defaultMinimumForClamp):
3880         Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
3881         (defaultMaximumForClamp):
3882         Symmetric alias for std::numeric_limits::max()
3883         (clampTo):
3884         New templated clamping function that supports arbitrary output types.
3885         (clampToInteger):
3886         Use new clampTo template.
3887         (clampToFloat):
3888         Use new clampTo template.
3889         (clampToPositiveInteger):
3890         Use new clampTo template.
3891
3892 2011-06-28  Adam Roben  <aroben@apple.com>
3893
3894         Windows Debug build fix after r89885
3895
3896         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
3897         JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
3898
3899 2011-06-28  Shinya Kawanaka  <shinyak@google.com>
3900
3901         Reviewed by Kent Tamura.
3902
3903         Add const to show() method in WTFString and AtomicString.
3904         https://bugs.webkit.org/show_bug.cgi?id=63515
3905
3906         The lack of const in show() method is painful when
3907         doing something like printf-debug.
3908
3909         * wtf/text/AtomicString.cpp:
3910         (WTF::AtomicString::show):
3911         * wtf/text/AtomicString.h:
3912         * wtf/text/WTFString.cpp:
3913         (String::show):
3914         * wtf/text/WTFString.h:
3915
3916 2011-06-27  Ryosuke Niwa  <rniwa@webkit.org>
3917
3918         Build fix attempt after r89885.
3919
3920         * JavaScriptCore.exp:
3921         * jsc.cpp:
3922
3923 2011-06-27  Oliver Hunt  <oliver@apple.com>
3924
3925         Reviewed by Geoffrey Garen.
3926
3927         Support throwing away non-running code even while other code is running
3928         https://bugs.webkit.org/show_bug.cgi?id=63485
3929
3930         Add a function to CodeBlock to support unlinking direct linked callsites,
3931         and then with that in place add logic to discard code from any function
3932         that is not currently on the stack.
3933
3934         The unlinking completely reverts any optimized call sites, such that they
3935         may be relinked again in future.
3936
3937         * JavaScriptCore.exp:
3938         * bytecode/CodeBlock.cpp:
3939         (JSC::CodeBlock::unlinkCalls):
3940         (JSC::CodeBlock::clearEvalCache):
3941         * bytecode/CodeBlock.h:
3942         (JSC::CallLinkInfo::CallLinkInfo):
3943         (JSC::CallLinkInfo::unlink):
3944         * bytecode/EvalCodeCache.h:
3945         (JSC::EvalCodeCache::clear):
3946         * heap/Heap.cpp:
3947         (JSC::Heap::getConservativeRegisterRoots):
3948         * heap/Heap.h:
3949         * jit/JIT.cpp:
3950         (JSC::JIT::privateCompile):
3951         * jit/JIT.h:
3952         * jit/JITCall.cpp:
3953         (JSC::JIT::compileOpCall):
3954         * jit/JITWriteBarrier.h:
3955         (JSC::JITWriteBarrierBase::clear):
3956         * jsc.cpp:
3957         (GlobalObject::GlobalObject):
3958         (functionReleaseExecutableMemory):
3959         * runtime/Executable.cpp:
3960         (JSC::EvalExecutable::unlinkCalls):
3961         (JSC::ProgramExecutable::unlinkCalls):
3962         (JSC::FunctionExecutable::discardCode):
3963         (JSC::FunctionExecutable::unlinkCalls):
3964         * runtime/Executable.h:
3965         * runtime/JSGlobalData.cpp:
3966         (JSC::SafeRecompiler::returnValue):
3967         (JSC::SafeRecompiler::operator()):
3968         (JSC::JSGlobalData::releaseExecutableMemory):
3969
3970 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
3971
3972         Reviewed by Darin Adler & Oliver Hunt.
3973
3974         https://bugs.webkit.org/show_bug.cgi?id=50554
3975         RegExp.prototype.toString does not escape slashes
3976
3977         The problem here is that we don't escape forwards slashes when converting
3978         a RegExp to a string. This means that RegExp("/").toString() is "///",
3979         which is not a valid RegExp literal. Also, we return an invalid literal
3980         for RegExp.prototype.toString() ("//", which is an empty single-line comment).
3981
3982         From ES5:
3983         "NOTE: The returned String has the form of a RegularExpressionLiteral that
3984         evaluates to another RegExp object with the same behaviour as this object."
3985
3986         * runtime/RegExpObject.cpp:
3987         (JSC::regExpObjectSource):
3988             - Escape forward slashes when getting the source of a RegExp.
3989         * runtime/RegExpPrototype.cpp:
3990         (JSC::regExpProtoFuncToString):
3991             - Remove unnecessary and erroneous hack to return "//" as the string
3992             representation of RegExp.prototype. This is not a valid RegExp literal
3993             (it is an empty single-line comment).
3994
3995 2011-06-27  Gavin Barraclough  <barraclough@apple.com>
3996
3997         Reviewed by Oliver Hunt.
3998
3999         https://bugs.webkit.org/show_bug.cgi?id=63497
4000         Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
4001
4002         * dfg/DFGByteCodeParser.cpp:
4003         (JSC::DFG::ByteCodeParser::parseBlock):
4004         * dfg/DFGNode.h:
4005         * dfg/DFGNonSpeculativeJIT.cpp:
4006         (JSC::DFG::NonSpeculativeJIT::compile):
4007         * dfg/DFGSpeculativeJIT.cpp:
4008         (JSC::DFG::SpeculativeJIT::compile):
4009
4010 2011-06-27  Juan C. Montemayor  <jmont@apple.com>
4011
4012         Reviewed by Mark Rowe.
4013
4014         Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
4015         https://bugs.webkit.org/show_bug.cgi?id=63392
4016         
4017         When both TextPosition.h and XPathGrammar.h are included a compile-error
4018         is caused, since XPathGrammar.h defines a macro called NUMBER and 
4019         TextPosition has a typedef named NUMBER.
4020
4021         * wtf/text/TextPosition.h:
4022         (WTF::TextPosition::TextPosition):
4023         (WTF::TextPosition::minimumPosition):
4024         (WTF::TextPosition::belowRangePosition):
4025
4026 2011-06-27  Filip Pizlo  <fpizlo@apple.com>
4027
4028         Reviewed by Gavin Barraclough.
4029
4030         DFG JIT does not perform put_by_id caching.
4031         https://bugs.webkit.org/show_bug.cgi?id=63409
4032
4033         * bytecode/StructureStubInfo.h:
4034         * dfg/DFGJITCodeGenerator.cpp:
4035         (JSC::DFG::JITCodeGenerator::cachedPutById):
4036         * dfg/DFGJITCodeGenerator.h:
4037         * dfg/DFGJITCompiler.cpp:
4038         (JSC::DFG::JITCompiler::compileFunction):
4039         * dfg/DFGJITCompiler.h:
4040         (JSC::DFG::JITCompiler::addPropertyAccess):
4041         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
4042         * dfg/DFGNonSpeculativeJIT.cpp:
4043         (JSC::DFG::NonSpeculativeJIT::compile):
4044         * dfg/DFGOperations.cpp:
4045         * dfg/DFGOperations.h:
4046         * dfg/DFGRepatch.cpp:
4047         (JSC::DFG::dfgRepatchByIdSelfAccess):
4048         (JSC::DFG::tryCacheGetByID):
4049         (JSC::DFG::appropriatePutByIdFunction):
4050         (JSC::DFG::tryCachePutByID):
4051         (JSC::DFG::dfgRepatchPutByID):
4052         * dfg/DFGRepatch.h:
4053         * dfg/DFGSpeculativeJIT.cpp:
4054         (JSC::DFG::SpeculativeJIT::compile):
4055
4056 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
4057
4058         Unreviewed build fix. One more filed missing during distcheck, for
4059         the MIPS build.
4060
4061         * GNUmakefile.list.am:
4062
4063 2011-06-26  Filip Pizlo  <fpizlo@apple.com>
4064
4065         Reviewed by Gavin Barraclough.
4066
4067         DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
4068         https://bugs.webkit.org/show_bug.cgi?id=63347
4069
4070         * dfg/DFGNonSpeculativeJIT.cpp:
4071             - Changed arithmetic operations to speculate in favor of integers.
4072         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
4073         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
4074         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
4075         (JSC::DFG::NonSpeculativeJIT::compile):
4076         * dfg/DFGNonSpeculativeJIT.h:
4077         * dfg/DFGOperations.cpp:
4078             - Added slow-path routines for arithmetic that perform no speculation; the
4079               non-speculative JIT will generate calls to these in cases where its
4080               speculation fails.
4081         * dfg/DFGOperations.h:
4082
4083 2011-06-24  Nikolas Zimmermann  <nzimmermann@rim.com>
4084
4085         Reviewed by Rob Buis.
4086
4087         Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
4088         https://bugs.webkit.org/show_bug.cgi?id=59085
4089
4090         * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
4091
4092 2011-06-24  Michael Saboff  <msaboff@apple.com>
4093
4094         Reviewed by Gavin Barraclough.
4095
4096         Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
4097         https://bugs.webkit.org/show_bug.cgi?id=63345
4098
4099         The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
4100         return 9 and 10 bit quantities, therefore changed their return type from
4101         uint8_t to uint16_t.  Also casted the places where they are used as they
4102         are currently shifted and used as 7 or 8 bit values.
4103
4104         These methods are currently used for literals for stack offsets, 
4105         including creating and destroying stack frames.  The prior truncation of
4106         the upper bits caused stack frames to be too small, thus allowing a
4107         JIT'ed function to access and overwrite stack space outside of the
4108         incorrectly sized stack frame.
4109
4110         * assembler/ARMv7Assembler.h:
4111         (JSC::ARMThumbImmediate::getUInt9):
4112         (JSC::ARMThumbImmediate::getUInt10):
4113