Build fix.
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2011-07-28  Dan Bernstein  <mitz@apple.com>
2
3         Build fix.
4
5         * runtime/Executable.cpp:
6         (JSC::FunctionExecutable::compileForCallInternal):
7
8 2011-07-28  Kent Tamura  <tkent@chromium.org>
9
10         Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
11         https://bugs.webkit.org/show_bug.cgi?id=65300
12
13         Reviewed by Darin Adler.
14
15         r91837 had performance regression of StringImpl::stripWhiteSpace()
16         and simplifyWhiteSpace(). This changes the code so that compilers
17         generates code equivalent to r91836 or piror.
18
19         * wtf/text/StringImpl.cpp:
20         (WTF::StringImpl::stripMatchedCharacters):
21         A template member function for stripWhiteSpace(). This function takes a functor.
22         (WTF::UCharPredicate):
23         A functor for generic predicate for single UChar argument.
24         (WTF::SpaceOrNewlinePredicate):
25         A special functor for isSpaceOrNewline().
26         (WTF::StringImpl::stripWhiteSpace):
27         Use stripmatchedCharacters().
28         (WTF::StringImpl::simplifyMatchedCharactersToSpace):
29         A template member function for simplifyWhiteSpace().
30         (WTF::StringImpl::simplifyWhiteSpace):
31         Use simplifyMatchedCharactersToSpace().
32         * wtf/text/StringImpl.h:
33
34 2011-07-27  Dmitry Lomov  <dslomov@google.com>
35
36         [chromium] Turn on WTF_MULTIPLE_THREADS.
37         https://bugs.webkit.org/show_bug.cgi?id=61017
38         The patch turns on WTF_MULTIPLE_THREADS in chromium and 
39         pushes some relevant initializations from JSC::initializeThreading
40         to WTF::initializeThreading.
41
42         Reviewed by David Levin.
43
44         * runtime/InitializeThreading.cpp:
45         (JSC::initializeThreadingOnce):
46         * wtf/FastMalloc.cpp:
47         (WTF::isForbidden):
48         (WTF::fastMallocForbid):
49         (WTF::fastMallocAllow):
50         * wtf/Platform.h:
51         * wtf/ThreadingPthreads.cpp:
52         (WTF::initializeThreading):
53         * wtf/ThreadingWin.cpp:
54         (WTF::initializeThreading):
55         * wtf/gtk/ThreadingGtk.cpp:
56         (WTF::initializeThreading):
57         * wtf/qt/ThreadingQt.cpp:
58         (WTF::initializeThreading):
59
60 2011-07-27  Mark Hahnenberg  <mhahnenberg@apple.com>
61
62         Remove operator new from JSCell
63         https://bugs.webkit.org/show_bug.cgi?id=64999
64
65         Reviewed by Oliver Hunt.
66
67         Removed the implementation of operator new in JSCell, so any further uses
68         will not successfully link.  Also removed any remaining uses of operator new.
69
70         * API/JSContextRef.cpp:
71         * debugger/DebuggerActivation.h:
72         (JSC::DebuggerActivation::create):
73         * interpreter/Interpreter.cpp:
74         (JSC::Interpreter::execute):
75         (JSC::Interpreter::createExceptionScope):
76         (JSC::Interpreter::privateExecute):
77         * jit/JITStubs.cpp:
78         (JSC::DEFINE_STUB_FUNCTION):
79         * runtime/JSCell.h:
80         * runtime/JSGlobalObject.h:
81         (JSC::JSGlobalObject::create):
82         * runtime/JSStaticScopeObject.h:
83         (JSC::JSStaticScopeObject::create):
84         (JSC::JSStaticScopeObject::JSStaticScopeObject):
85         * runtime/StrictEvalActivation.h:
86         (JSC::StrictEvalActivation::create):
87
88 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
89
90         DFG graph has no notion of double prediction.
91         https://bugs.webkit.org/show_bug.cgi?id=65234
92
93         Reviewed by Gavin Barraclough.
94         
95         Added the notion of PredictDouble, and PredictNumber, which is the least
96         upper bound of PredictInt32 and PredictDouble.  Least upper bound is
97         defined as the bitwise-or of two predictions.  Bottom is defined as 0,
98         and Top is defined as all bits being set.  Added the ability to explicitly
99         distinguish between a node having had a prediction associated with it,
100         and that prediction still being valid (i.e. no conflicting predictions
101         have also been added).  Used this to guard the speculative JIT from
102         speculating Int32 in cases where the graph knows that the value is
103         double, which currently only happens for GetLocal nodes on arguments
104         which were double at compile-time.
105
106         * dfg/DFGGraph.cpp:
107         (JSC::DFG::Graph::predictArgumentTypes):
108         * dfg/DFGGraph.h:
109         (JSC::DFG::isCellPrediction):
110         (JSC::DFG::isArrayPrediction):
111         (JSC::DFG::isInt32Prediction):
112         (JSC::DFG::isDoublePrediction):
113         (JSC::DFG::isNumberPrediction):
114         * dfg/DFGSpeculativeJIT.cpp:
115         (JSC::DFG::SpeculativeJIT::compile):
116         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
117         (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
118         * dfg/DFGSpeculativeJIT.h:
119         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
120
121 2011-07-27  Gavin Barraclough  <barraclough@apple.com>
122
123         https://bugs.webkit.org/show_bug.cgi?id=65294
124         DFG JIT - may speculate based on wrong arguments.
125
126         Reviewed by Oliver Hunt
127
128         In the case of a DFG compiled function calling to and compiling a second function that
129         also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
130         we call compileFor passing the caller functions exec state, rather than the callee's.
131         This may lead to mis-optimization, since the DFG compiler will example the exec state's
132         arguments on the assumption that these will be passed to the callee - it is wanting the
133         callee exec state, not the caller's exec state.
134
135         Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
136         function is compiled, & the structure of the calls in the Interpreter::execute methods.
137         Only fix for compilation from the JIT, in other calls don't speculate based on arguments
138         for now.
139
140         * dfg/DFGOperations.cpp:
141         * runtime/Executable.cpp:
142         (JSC::tryDFGCompile):
143         (JSC::tryDFGCompileFunction):
144         (JSC::FunctionExecutable::compileForCallInternal):
145         * runtime/Executable.h:
146         (JSC::FunctionExecutable::compileForCall):
147         (JSC::FunctionExecutable::compileFor):
148
149 2011-07-27  Oliver Hunt  <oliver@apple.com>
150
151         Handle callback oriented JSONP
152         https://bugs.webkit.org/show_bug.cgi?id=65271
153
154         Reviewed by Gavin Barraclough.
155
156         Handle the callback oriented versions of JSONP.  The Literal parser
157         now handles <Identifier> (. <Identifier>)* (jsonData).
158
159         * interpreter/Interpreter.cpp:
160         (JSC::Interpreter::execute):
161         * runtime/LiteralParser.cpp:
162         (JSC::LiteralParser::tryJSONPParse):
163         (JSC::LiteralParser::Lexer::lex):
164         * runtime/LiteralParser.h:
165
166 2011-07-27  Stephanie Lewis  <slewis@apple.com>
167
168         Revert http://trac.webkit.org/changeset/90415.
169         Caused a 5% sunspider regression in-browser.
170
171         Unreviewed rollout.
172
173         * bytecode/CodeBlock.cpp:
174         (JSC::CodeBlock::visitAggregate):
175         * heap/Heap.cpp:
176         (JSC::Heap::collectAllGarbage):
177         * heap/MarkStack.h:
178         (JSC::MarkStack::MarkStack):
179         * runtime/JSGlobalData.cpp:
180         (JSC::JSGlobalData::releaseExecutableMemory):
181         * runtime/RegExp.cpp:
182         (JSC::RegExp::compile):
183         (JSC::RegExp::invalidateCode):
184         * runtime/RegExp.h:
185
186 2011-07-27  Shinya Kawanaka  <shinyak@google.com>
187
188         Added an interface to take IsWhiteSpaceFunctionPtr.
189         https://bugs.webkit.org/show_bug.cgi?id=57746
190
191         Reviewed by Kent Tamura.
192
193         * wtf/text/StringImpl.cpp:
194         (WTF::StringImpl::stripWhiteSpace):
195           Added an interface to take IsWhiteSpaceFunctionPtr.
196         (WTF::StringImpl::simplifyWhiteSpace): ditto.
197         * wtf/text/StringImpl.h:
198         * wtf/text/WTFString.cpp:
199         (WTF::String::stripWhiteSpace): ditto.
200         (WTF::String::simplifyWhiteSpace): ditto.
201         * wtf/text/WTFString.h:
202
203 2011-07-27  Filip Pizlo  <fpizlo@apple.com>
204
205         DFG JIT speculation failure code performs incorrect conversions in
206         the case where two registers need to be swapped.
207         https://bugs.webkit.org/show_bug.cgi?id=65233
208
209         Reviewed by Gavin Barraclough.
210         
211         * dfg/DFGJITCompiler.cpp:
212         (JSC::DFG::GeneralizedRegister::swapWith):
213
214 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
215
216         reduce and reduceRight bind callback's this to null rather than undefined
217         https://bugs.webkit.org/show_bug.cgi?id=62264
218
219         Reviewed by Oliver Hunt.
220
221         Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
222         when calling the callback function without an argument for this, which means it should 
223         be undefined according to ES 15.4.4.21 and 15.4.4.22.
224
225         * runtime/ArrayPrototype.cpp:
226         (JSC::arrayProtoFuncReduce):
227         (JSC::arrayProtoFuncReduceRight):
228
229 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
230
231         JSC command-line tool does not come with any facility for
232         measuring time precisely.
233         https://bugs.webkit.org/show_bug.cgi?id=65223
234
235         Reviewed by Gavin Barraclough.
236         
237         Exposed WTF::currentTime() as currentTimePrecise().
238
239         * jsc.cpp:
240         (GlobalObject::GlobalObject):
241         (functionPreciseTime):
242
243 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
244
245         DFG speculative JIT never emits inline double comparisons, even when it
246         would be obvious more efficient to do so.
247         https://bugs.webkit.org/show_bug.cgi?id=65212
248
249         Reviewed by Gavin Barraclough.
250         
251         This handles the obvious case of inlining double comparisons: it only addresses
252         the speculative JIT, and only for fused compare/branch sequences.  But it does
253         handle the case where both operands are double (and there is no slow path),
254         or where one operand is double and the other is unknown type (in which case it
255         attempts to unbox the double, otherwise taking slow path).  This is an 0.8%
256         speed-up on SunSpider.
257
258         * dfg/DFGSpeculativeJIT.cpp:
259         (JSC::DFG::SpeculativeJIT::convertToDouble):
260         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
261         (JSC::DFG::SpeculativeJIT::compare):
262         (JSC::DFG::SpeculativeJIT::compile):
263         * dfg/DFGSpeculativeJIT.h:
264         (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
265         (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
266
267 2011-07-26  Filip Pizlo  <fpizlo@apple.com>
268
269         https://bugs.webkit.org/show_bug.cgi?id=64969
270         DFG JIT generates inefficient code for speculation failures.
271
272         Reviewed by Gavin Barraclough.
273         
274         This implements a speculation failure strategy where (1) values spilled on
275         non-speculative but not spilled on speculative are spilled, (2) values that
276         are in registers on both paths are rearranged without ever touching memory,
277         and (3) values spilled on speculative but not spilled on non-speculative are
278         filled.
279         
280         The register shuffling is the most interesting part of this patch.  It
281         constructs a permutation graph for registers.  Each node represents a
282         register, and each directed edge corresponds to the register's value having
283         to be moved to a different register as part of the shuffling.  This is a
284         directed graph where each node may only have 0 or 1 incoming edges, and
285         0 or 1 outgoing edges.  The algorithm then first finds maximal non-cyclic
286         subgraphs where all nodes in the subgraph are reachable from a start node.
287         Such subgraphs always resemble linked lists, and correspond to simply
288         moving the value in the second-to-last register into the last register, and
289         then moving the value in the third-to-last register into the second-to-last
290         register, and so on.  Once these subgraphs are taken care of, the remaining
291         subgraphs are cycles, and are handled using either (a) conversion or no-op
292         if the cycle involves one node, (b) swap if it involves two nodes, or (c)
293         a cyclic shuffle involving a scratch register if there are three or more
294         nodes.
295         
296         * dfg/DFGGenerationInfo.h:
297         (JSC::DFG::needDataFormatConversion):
298         * dfg/DFGJITCompiler.cpp:
299         (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
300         (JSC::DFG::GeneralizedRegister::createGPR):
301         (JSC::DFG::GeneralizedRegister::createFPR):
302         (JSC::DFG::GeneralizedRegister::dump):
303         (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
304         (JSC::DFG::GeneralizedRegister::findInEntryLocation):
305         (JSC::DFG::GeneralizedRegister::previousDataFormat):
306         (JSC::DFG::GeneralizedRegister::nextDataFormat):
307         (JSC::DFG::GeneralizedRegister::convert):
308         (JSC::DFG::GeneralizedRegister::moveTo):
309         (JSC::DFG::GeneralizedRegister::swapWith):
310         (JSC::DFG::ShuffledRegister::ShuffledRegister):
311         (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
312         (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
313         (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
314         (JSC::DFG::ShuffledRegister::lookup):
315         (JSC::DFG::lookupForRegister):
316         (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
317         (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
318         (JSC::DFG::NodeToRegisterMap::set):
319         (JSC::DFG::NodeToRegisterMap::end):
320         (JSC::DFG::NodeToRegisterMap::find):
321         (JSC::DFG::NodeToRegisterMap::clear):
322         (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
323         (JSC::DFG::JITCompiler::linkSpeculationChecks):
324         * dfg/DFGJITCompiler.h:
325         * dfg/DFGNonSpeculativeJIT.cpp:
326         (JSC::DFG::EntryLocation::EntryLocation):
327         * dfg/DFGNonSpeculativeJIT.h:
328         * dfg/DFGSpeculativeJIT.cpp:
329         (JSC::DFG::SpeculationCheck::SpeculationCheck):
330         * dfg/DFGSpeculativeJIT.h:
331
332 2011-07-26  Oliver Hunt  <oliver@apple.com>
333
334         Buffer overflow creating error messages for JSON.parse
335         https://bugs.webkit.org/show_bug.cgi?id=65211
336
337         Reviewed by Darin Adler.
338
339         Parse string length to the UString constructor.
340
341         * runtime/LiteralParser.cpp:
342         (JSC::LiteralParser::parse):
343
344 2011-07-26  Mark Hahnenberg  <mhahnenberg@apple.com>
345
346         Refactor automatically generated JS DOM bindings to replace operator new with static create methods
347         https://bugs.webkit.org/show_bug.cgi?id=64732
348
349         Reviewed by Oliver Hunt.
350
351         Replacing the public constructors in the automatically generated JS DOM bindings with static 
352         create methods.  JSByteArray is used by several of these bindings in WebCore.
353
354         * JavaScriptCore.exp:
355         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
356         * runtime/JSByteArray.cpp:
357         (JSC::JSByteArray::create):
358         * runtime/JSByteArray.h:
359
360 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
361
362         Unreviewed build fix for Qt/Linux.
363
364         On platforms with no glib and gstreamer we should not build javascriptcore
365         with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
366
367         * wtf/wtf.pri:
368
369 2011-07-26  Juan C. Montemayor  <jmont@apple.com>
370
371         JSON errors should be informative
372         https://bugs.webkit.org/show_bug.cgi?id=63339
373
374         Added error messages to the JSON Parser.
375
376         Reviewed by Oliver Hunt.
377
378         * runtime/JSONObject.cpp:
379         (JSC::JSONProtoFuncParse):
380         * runtime/LiteralParser.cpp:
381         (JSC::LiteralParser::Lexer::lex):
382         (JSC::LiteralParser::Lexer::lexString):
383         (JSC::LiteralParser::Lexer::lexNumber):
384         (JSC::LiteralParser::parse):
385         * runtime/LiteralParser.h:
386         (JSC::LiteralParser::getErrorMessage):
387         (JSC::LiteralParser::Lexer::sawError):
388         (JSC::LiteralParser::Lexer::getErrorMessage):
389
390 2011-07-26  Sheriff Bot  <webkit.review.bot@gmail.com>
391
392         Unreviewed, rolling out r91746.
393         http://trac.webkit.org/changeset/91746
394         https://bugs.webkit.org/show_bug.cgi?id=65180
395
396         It broke SL build (Requested by Ossy on #webkit).
397
398         * wtf/text/StringImpl.cpp:
399         (WTF::StringImpl::stripWhiteSpace):
400         (WTF::StringImpl::simplifyWhiteSpace):
401         * wtf/text/StringImpl.h:
402         * wtf/text/WTFString.cpp:
403         * wtf/text/WTFString.h:
404
405 2011-07-26  Alexis Menard  <alexis.menard@openbossa.org>
406
407         Reviewed by Andreas Kling.
408
409         [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
410         https://bugs.webkit.org/show_bug.cgi?id=63472
411
412         Enable the bits needed for GStreamer only when QtMultimedia is not used.
413
414         * wtf/wtf.pri:
415
416 2011-07-26  Shinya Kawanaka  <shinyak@google.com>
417
418         Added an interface to take IsWhiteSpaceFunctionPtr.
419         https://bugs.webkit.org/show_bug.cgi?id=57746
420
421         Reviewed by Kent Tamura.
422
423         * wtf/text/StringImpl.cpp:
424         (WTF::StringImpl::stripWhiteSpace):
425           Added an interface to take IsWhiteSpaceFunctionPtr.
426         (WTF::StringImpl::simplifyWhiteSpace): ditto.
427         * wtf/text/StringImpl.h:
428         * wtf/text/WTFString.cpp:
429         (WTF::String::stripWhiteSpace): ditto.
430         (WTF::String::simplifyWhiteSpace): ditto.
431         * wtf/text/WTFString.h:
432
433 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
434
435         DFG non-speculative JIT emits inefficient code for arithmetic
436         involving two registers
437         https://bugs.webkit.org/show_bug.cgi?id=65160
438
439         Reviewed by Gavin Barraclough.
440         
441         The non-speculative JIT now emits inline code for double arithmetic, but
442         still attempts integer arithmetic first.  This is a speed-up on SunSpider
443         (albeit a small one), and a large speed-up on Kraken.
444
445         * dfg/DFGNonSpeculativeJIT.cpp:
446         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
447
448 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
449
450         [EFL] Build break with --debug after r89153.
451         https://bugs.webkit.org/show_bug.cgi?id=65150
452
453         Unreviewed build fix.
454
455         * wtf/CMakeListsEfl.txt: Add missing libraries.
456
457 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
458
459         DFG non-speculative JIT emits obviously inefficient code for arithmetic
460         where one operand is a constant.
461         https://bugs.webkit.org/show_bug.cgi?id=65146
462
463         Reviewed by Gavin Barraclough.
464         
465         Changed the code to emit double arithmetic inline.
466
467         * dfg/DFGNonSpeculativeJIT.cpp:
468         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
469
470 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
471
472         DFG JIT bytecode parser misuses pointers into objects allocated as part of a
473         WTF::Vector.
474         https://bugs.webkit.org/show_bug.cgi?id=65128
475
476         Reviewed by Gavin Barraclough.
477         
478         The bytecode parser code seems to be right to have a DFGNode& phiNode reference
479         into the graph, since this makes the code greatly more readable.  This patch
480         thus makes the minimal change necessary to make the code right: it uses a
481         pointer (to disambiguate between reloading the pointer and performing a
482         copy from one location of the vector to another) and reloads it after the
483         calls to addToGraph().
484
485         * dfg/DFGByteCodeParser.cpp:
486         (JSC::DFG::ByteCodeParser::processPhiStack):
487
488 2011-07-25  Sheriff Bot  <webkit.review.bot@gmail.com>
489
490         Unreviewed, rolling out r91686.
491         http://trac.webkit.org/changeset/91686
492         https://bugs.webkit.org/show_bug.cgi?id=65144
493
494         1.5% regression in JSC (Requested by jmontemayor on #webkit).
495
496         * runtime/JSONObject.cpp:
497         (JSC::JSONProtoFuncParse):
498         * runtime/LiteralParser.cpp:
499         (JSC::LiteralParser::Lexer::lex):
500         (JSC::LiteralParser::Lexer::lexString):
501         (JSC::LiteralParser::Lexer::lexNumber):
502         (JSC::LiteralParser::parse):
503         * runtime/LiteralParser.h:
504
505 2011-07-25  Jon Lee  <jonlee@apple.com>
506
507         Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
508         https://bugs.webkit.org/show_bug.cgi?id=65132
509         <rdar://problem/9836297>
510         
511         Reviewed by Oliver Hunt.
512         
513         Make sure the JIT is available to use before running the following calls:
514
515         * bytecode/CodeBlock.cpp:
516         (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
517         * bytecode/CodeBlock.h:
518         (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
519
520 2011-07-25  Juan C. Montemayor  <jmont@apple.com>
521
522         JSON errors should be informative
523         https://bugs.webkit.org/show_bug.cgi?id=63339
524
525         Added error messages to the JSON Parser.
526
527         Reviewed by Oliver Hunt.
528
529         * runtime/JSONObject.cpp:
530         (JSC::JSONProtoFuncParse):
531         * runtime/LiteralParser.cpp:
532         (JSC::LiteralParser::Lexer::lex):
533         (JSC::LiteralParser::Lexer::lexString):
534         (JSC::LiteralParser::Lexer::lexNumber):
535         (JSC::LiteralParser::parse):
536         * runtime/LiteralParser.h:
537         (JSC::LiteralParser::getErrorMessage):
538         (JSC::LiteralParser::Lexer::sawError):
539         (JSC::LiteralParser::Lexer::getErrorMessage):
540
541 2011-07-25  Filip Pizlo  <fpizlo@apple.com>
542
543         X86-64 assembler emits three instructions instead of two for certain
544         loads and stores.
545         https://bugs.webkit.org/show_bug.cgi?id=65095
546
547         Reviewed by Gavin Barraclough.
548         
549         Simply made these four methods in the assembler use the scratch register,
550         which they were previously avoiding.  It still optimizes for the case where
551         an absolute address memory accesses is using EAX.  This results in a slight
552         performance improvement.
553
554         * assembler/MacroAssemblerX86_64.h:
555         (JSC::MacroAssemblerX86_64::load32):
556         (JSC::MacroAssemblerX86_64::store32):
557         (JSC::MacroAssemblerX86_64::loadPtr):
558         (JSC::MacroAssemblerX86_64::storePtr):
559
560 2011-07-25  Ryuan Choi  <ryuan.choi@samsung.com>
561
562         [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
563         https://bugs.webkit.org/show_bug.cgi?id=64354
564
565         Use ecore_time_unix_get which returns unix time as double type for currentTime
566         and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
567
568         Reviewed by Kent Tamura.
569
570         * wtf/CurrentTime.cpp:
571         (WTF::currentTime):
572         (WTF::monotonicallyIncreasingTime):
573
574 2011-07-22  Sommer Panage  <panage@apple.com>
575
576         Reviewed by Oliver Hunt.
577
578         export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
579         https://bugs.webkit.org/show_bug.cgi?id=64981
580
581         UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
582         Currently, the C API does not provide the tools to do this. However, the private API
583         does expose the necessary functionality to get a backtrace
584         (via Interpreter::retrieveLastCaller). We recognize this information may result in
585         failure in the cases of programs run by 'eval', stack frames beneath host function
586         call frames, and in programs run from other programs. Thus, we propose exporting our
587         JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
588         we need while not advertising an API that isn't really ready for full use.
589
590         * API/JSContextRef.cpp:
591         * API/JSContextRefPrivate.h:
592         * JavaScriptCore.exp:
593
594
595 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
596
597         https://bugs.webkit.org/show_bug.cgi?id=65051
598         DFG JIT - Enable by default for mac platform on x86-64.
599
600         Rubber Stamped by Geoff Garen.
601
602         This is now a performance progression.
603
604         * wtf/Platform.h:
605             - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
606
607 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
608
609         https://bugs.webkit.org/show_bug.cgi?id=65047
610         DFG JIT - Add support for op_resolve/op_resolve_base
611
612         Reviewed by Sam Weinig.
613
614         These are necessary for any significant eval code coverage
615         (and as such increase LayoutTest coverage).
616
617         * dfg/DFGAliasTracker.h:
618         (JSC::DFG::AliasTracker::recordResolve):
619             - Conservatively blow aliasing optimizations for now.
620         * dfg/DFGByteCodeParser.cpp:
621         (JSC::DFG::ByteCodeParser::parseBlock):
622             - Add support for op_resolve/op_resolve_base.
623         * dfg/DFGJITCodeGenerator.h:
624         (JSC::DFG::JITCodeGenerator::callOperation):
625             - Add call with exec, identifer aguments.
626         * dfg/DFGNode.h:
627             - Add new node types.
628         (JSC::DFG::Node::hasIdentifier):
629             - Resolve nodes have identifiers, too!
630         * dfg/DFGNonSpeculativeJIT.cpp:
631         (JSC::DFG::NonSpeculativeJIT::compile):
632             - Add generation for new Nodes.
633         * dfg/DFGOperations.cpp:
634         * dfg/DFGOperations.h:
635             - Added new operations.
636         * dfg/DFGSpeculativeJIT.cpp:
637         (JSC::DFG::SpeculativeJIT::compile):
638             - Add generation for new Nodes.
639
640 2011-07-22  Gavin Barraclough  <barraclough@apple.com>
641
642         https://bugs.webkit.org/show_bug.cgi?id=65036
643         Messing with the register allocation within flow control = badness.
644
645         Reviewed by Sam Weinig.
646
647         * dfg/DFGNonSpeculativeJIT.cpp:
648         (JSC::DFG::NonSpeculativeJIT::compile):
649             - Fix register allocation.
650
651 2011-07-22  Mark Hahnenberg  <mhahnenberg@apple.com>
652
653         Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
654         https://bugs.webkit.org/show_bug.cgi?id=63986
655
656         Reviewed by Geoffrey Garen.
657
658         Changed the implementation of Date.prototype.toISOString() to use the extended year
659         format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
660
661         * runtime/DatePrototype.cpp:
662         (JSC::dateProtoFuncToISOString):
663
664 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
665
666         Windows build fix
667
668         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
669
670 2011-07-21  Ryosuke Niwa  <rniwa@webkit.org>
671
672         Build fix after r91555.
673
674         * JavaScriptCore.exp:
675
676 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
677
678         https://bugs.webkit.org/show_bug.cgi?id=19271
679         eliminate PIC branches by changing NaN handling in JSValue::toNumber
680
681         Reviewed by Sam Weinig.
682
683         Moving the non-numeric cases out of line seems to be a consistent
684         win on SunSpider for me, to the order of about 0.5%.
685
686         * runtime/JSCell.h:
687         (JSC::JSCell::JSValue::toNumber):
688             - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
689         * runtime/JSValue.cpp:
690         (JSC::JSValue::toNumberSlowCase):
691             - Added toNumberSlowCase, handling non-numeric cases.
692         * runtime/JSValue.h:
693             - Add declaration of toNumberSlowCase.
694
695 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
696
697         https://bugs.webkit.org/show_bug.cgi?id=64875
698         Use of `yield` keyword is broken
699
700         Reviewed by Sam Weinig.
701
702         * parser/Lexer.cpp:
703         (JSC::Lexer::parseIdentifier):
704             - The bug here is that a successful match of a RESERVED_IF_STRICT token from
705               parseKeyword is being nullified back to IDENT. The problem is that in the
706               case of IDENT matches parseKeyword should not move the lexer's input
707               position, but in the case of RESERVED_IF_STRICT it has done so.
708
709 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
710
711         https://bugs.webkit.org/show_bug.cgi?id=64900
712         Function.prototype.apply should accept an array-like object as its second argument
713
714         Reviewed by Sam Weinig.
715
716         * interpreter/Interpreter.cpp:
717         (JSC::Interpreter::privateExecute):
718         * jit/JITStubs.cpp:
719         (JSC::DEFINE_STUB_FUNCTION):
720         * runtime/FunctionPrototype.cpp:
721         (JSC::functionProtoFuncApply):
722             - Remove the type error if object is not an array.
723
724 2011-07-21  Gavin Barraclough  <barraclough@apple.com>
725
726         https://bugs.webkit.org/show_bug.cgi?id=64964
727         DFG JIT - Enable support for eval code
728
729         Reviewed by Sam Weinig.
730
731         This is basically the same as program code, to the JIT!
732
733         * bytecode/Opcode.cpp:
734         * bytecode/Opcode.h:
735             - Enable opcodeNames in !NDEBUG builds.
736         * dfg/DFGOperations.cpp:
737             - Fix a bug exposed by eval support, throw correct type error for new.
738         * runtime/Executable.cpp:
739         (JSC::EvalExecutable::compileInternal):
740             - Enable DFG JIT for eval code.
741
742 2011-07-20  Sheriff Bot  <webkit.review.bot@gmail.com>
743
744         Unreviewed, rolling out r91380.
745         http://trac.webkit.org/changeset/91380
746         https://bugs.webkit.org/show_bug.cgi?id=64924
747
748         Caused assertion failures in Chromium's IndexedDB tests
749         (Requested by rniwa on #webkit).
750
751         * wtf/ThreadIdentifierDataPthreads.cpp:
752         (WTF::ThreadIdentifierData::identifier):
753         (WTF::ThreadIdentifierData::initialize):
754         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
755         (WTF::ThreadIdentifierData::initializeKeyOnce):
756         * wtf/ThreadIdentifierDataPthreads.h:
757         * wtf/ThreadingPthreads.cpp:
758         (WTF::initializeThreading):
759
760 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
761
762         DFG non-speculative JIT does not use() the aliased GetByVal,
763         resulting in bloated use counts.
764         https://bugs.webkit.org/show_bug.cgi?id=64911
765
766         Reviewed by Gavin Barraclough.
767         
768         Inserted a call to use() for the aliased GetByVal.
769
770         * dfg/DFGNonSpeculativeJIT.cpp:
771         (JSC::DFG::NonSpeculativeJIT::compile):
772
773 2011-07-20  Gavin Barraclough  <barraclough@apple.com>
774
775         https://bugs.webkit.org/show_bug.cgi?id=64909
776         DFG JIT - Missing ToInt32 conversions for double constants.
777
778         Reviewed by Sam Weinig.
779
780         * dfg/DFGByteCodeParser.cpp:
781         (JSC::DFG::ByteCodeParser::toInt32):
782             - We cannot trivially omit ToInt32 conversions on double constants.
783
784 2011-07-20  Filip Pizlo  <fpizlo@apple.com>
785
786         DFG speculative JIT sometimes claims to use compare operands twice, leading to
787         use count corruption.
788         https://bugs.webkit.org/show_bug.cgi?id=64903
789
790         Reviewed by Gavin Barraclough.
791         
792         Move the calls to use() in SpeculativeJIT::compare() so that they only happen
793         if the JITCodeGenerator's helper method (which also calls use()) is not called.
794
795         * dfg/DFGSpeculativeJIT.cpp:
796         (JSC::DFG::SpeculativeJIT::compare):
797
798 2011-07-20  Oliver Hunt  <oliver@apple.com>
799
800         Don't throw away code when JSGarbageCollect API is called
801         https://bugs.webkit.org/show_bug.cgi?id=64894
802
803         Reviewed by Sam Weinig.
804
805         Just call collectAllGarbage.  That will clean up all unneeded
806         code without causing any pathological recompilation problems.
807
808         * API/JSBase.cpp:
809         (JSGarbageCollect):
810
811 2011-07-20  Oliver Hunt  <oliver@apple.com>
812
813         Codeblock doesn't visit cached structures in global resolve instructions
814         https://bugs.webkit.org/show_bug.cgi?id=64889
815
816         Reviewed by Sam Weinig.
817
818         Visit the global resolve instructions.  This fixes a couple
819         of random crashes seen in the jquery tests when using the
820         interpreter.
821
822         * bytecode/CodeBlock.cpp:
823         (JSC::CodeBlock::visitAggregate):
824
825 2011-07-20  James Robinson  <jamesr@chromium.org>
826
827         Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
828         https://bugs.webkit.org/show_bug.cgi?id=64841
829
830         Reviewed by Mark Rowe.
831
832         http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
833         monotonic clock instead of WTF::currentTime().  This broke many plugin tests on WebKit2 for reasons that are
834         unclear.  This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
835
836         * wtf/ThreadingPthreads.cpp:
837         (WTF::ThreadCondition::timedWait):
838         * wtf/ThreadingWin.cpp:
839         (WTF::absoluteTimeToWaitTimeoutInterval):
840         * wtf/gtk/ThreadingGtk.cpp:
841         (WTF::ThreadCondition::timedWait):
842         * wtf/qt/ThreadingQt.cpp:
843         (WTF::ThreadCondition::timedWait):
844
845 2011-07-14  David Levin  <levin@chromium.org>
846
847         currentThread is too slow!
848         https://bugs.webkit.org/show_bug.cgi?id=64577
849
850         Reviewed by Darin Adler and Dmitry Titov.
851
852         The problem is that currentThread results in a pthread_once call which always takes a lock.
853         With this change, currentThread is 10% faster than isMainThread in release mode and only
854         5% slower than isMainThread in debug.
855
856         * wtf/ThreadIdentifierDataPthreads.cpp:
857         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
858         which is no longer needed because this is called from initializeThreading().
859         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
860         intialization of the pthread key should already be done.
861         (WTF::ThreadIdentifierData::initialize): Ditto.
862         * wtf/ThreadIdentifierDataPthreads.h:
863         * wtf/ThreadingPthreads.cpp:
864         (WTF::initializeThreading): Acquire the pthread key here.
865
866 2011-07-20  Mark Rowe  <mrowe@apple.com>
867
868         Fix the 32-bit build.
869
870         * runtime/ObjectPrototype.cpp:
871         (JSC::objectProtoFuncToString):
872
873 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
874
875         https://bugs.webkit.org/show_bug.cgi?id=64678
876         Fix bugs in Object.prototype this handling.
877
878         Reviewed by Darin Adler.
879
880         Fix ES5.1 correctness issues identified by Mads Ager.
881
882         * runtime/ObjectPrototype.cpp:
883         (JSC::objectProtoFuncToString):
884             - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
885
886 2011-07-19  Mark Hahnenberg  <mhahnenberg@apple.com>
887
888         [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
889         https://bugs.webkit.org/show_bug.cgi?id=63918
890
891         Reviewed by Darin Adler.
892
893         When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
894         method due to additional string copying within several of the constructors when dealing with 
895         UStrings.  This has been added to the UString version of the appendStringInConstruct method 
896         within the JSString class.
897
898         * runtime/JSString.h:
899         (JSC::RopeBuilder::JSString):
900         (JSC::RopeBuilder::appendStringInConstruct):
901
902 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
903
904         https://bugs.webkit.org/show_bug.cgi?id=64679
905         Fix bugs in Array.prototype this handling.
906
907         Reviewed by Oliver Hunt.
908
909         * runtime/ArrayPrototype.cpp:
910         (JSC::arrayProtoFuncJoin):
911         (JSC::arrayProtoFuncConcat):
912         (JSC::arrayProtoFuncPop):
913         (JSC::arrayProtoFuncPush):
914         (JSC::arrayProtoFuncReverse):
915         (JSC::arrayProtoFuncShift):
916         (JSC::arrayProtoFuncSlice):
917         (JSC::arrayProtoFuncSort):
918         (JSC::arrayProtoFuncSplice):
919         (JSC::arrayProtoFuncUnShift):
920         (JSC::arrayProtoFuncFilter):
921         (JSC::arrayProtoFuncMap):
922         (JSC::arrayProtoFuncEvery):
923         (JSC::arrayProtoFuncForEach):
924         (JSC::arrayProtoFuncSome):
925         (JSC::arrayProtoFuncReduce):
926         (JSC::arrayProtoFuncReduceRight):
927         (JSC::arrayProtoFuncIndexOf):
928         (JSC::arrayProtoFuncLastIndexOf):
929             - These methods should throw if this value is undefined.
930
931 2011-07-19  Gavin Barraclough  <barraclough@apple.com>
932
933         https://bugs.webkit.org/show_bug.cgi?id=64677
934         Fix bugs in String.prototype this handling.
935
936         Reviewed by Oliver Hunt.
937
938         undefined/null this values should throw TypeErrors, not convert to
939         the global object, and primitive values should not be converted via
940         object types.
941
942         * runtime/StringPrototype.cpp:
943         (JSC::stringProtoFuncReplace):
944         (JSC::stringProtoFuncCharAt):
945         (JSC::stringProtoFuncCharCodeAt):
946         (JSC::stringProtoFuncIndexOf):
947         (JSC::stringProtoFuncLastIndexOf):
948         (JSC::stringProtoFuncMatch):
949         (JSC::stringProtoFuncSearch):
950         (JSC::stringProtoFuncSlice):
951         (JSC::stringProtoFuncSplit):
952         (JSC::stringProtoFuncSubstr):
953         (JSC::stringProtoFuncSubstring):
954         (JSC::stringProtoFuncToLowerCase):
955         (JSC::stringProtoFuncToUpperCase):
956         (JSC::stringProtoFuncLocaleCompare):
957         (JSC::stringProtoFuncBig):
958         (JSC::stringProtoFuncSmall):
959         (JSC::stringProtoFuncBlink):
960         (JSC::stringProtoFuncBold):
961         (JSC::stringProtoFuncFixed):
962         (JSC::stringProtoFuncItalics):
963         (JSC::stringProtoFuncStrike):
964         (JSC::stringProtoFuncSub):
965         (JSC::stringProtoFuncSup):
966         (JSC::stringProtoFuncFontcolor):
967         (JSC::stringProtoFuncFontsize):
968         (JSC::stringProtoFuncAnchor):
969         (JSC::stringProtoFuncLink):
970         (JSC::trimString):
971             - These methods should throw if this value is undefined,
972               convert ToString directly, not via ToObject.
973
974 2011-07-19  Filip Pizlo  <fpizlo@apple.com>
975
976         DFG JIT sometimes emits spill code even when the respective values
977         are never needed.
978         https://bugs.webkit.org/show_bug.cgi?id=64774
979
980         Reviewed by Gavin Barraclough.
981         
982         The main high-level change is that it is now easier to call use() on a
983         virtual register.  JSValueOperand and its other-typed relatives now have
984         a handy use() method, and jsValueResult() and friends now make it easier to
985         pass UseChildrenCalledExplicitly.
986         
987         The rest of this patch hoists the call to use() as high as possible for
988         all of those cases where either flushRegisters() or silentSpillAllRegisters()
989         may be called.
990
991         * dfg/DFGJITCodeGenerator.cpp:
992         (JSC::DFG::JITCodeGenerator::cachedGetById):
993         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
994         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
995         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
996         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
997         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
998         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
999         (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
1000         (JSC::DFG::JITCodeGenerator::emitBranch):
1001         * dfg/DFGJITCodeGenerator.h:
1002         (JSC::DFG::JITCodeGenerator::use):
1003         (JSC::DFG::JITCodeGenerator::integerResult):
1004         (JSC::DFG::JITCodeGenerator::jsValueResult):
1005         (JSC::DFG::IntegerOperand::use):
1006         (JSC::DFG::DoubleOperand::use):
1007         (JSC::DFG::JSValueOperand::use):
1008         * dfg/DFGNonSpeculativeJIT.cpp:
1009         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1010         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
1011         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1012         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1013         (JSC::DFG::NonSpeculativeJIT::compile):
1014         * dfg/DFGSpeculativeJIT.cpp:
1015         (JSC::DFG::SpeculativeJIT::compile):
1016         * dfg/DFGSpeculativeJIT.h:
1017         (JSC::DFG::SpeculateStrictInt32Operand::use):
1018         (JSC::DFG::SpeculateCellOperand::use):
1019
1020 2011-07-19  Xan Lopez  <xlopez@igalia.com>
1021
1022         ARMv7 backend broken, lacks 3 parameter rshift32 method
1023         https://bugs.webkit.org/show_bug.cgi?id=64571
1024
1025         Reviewed by Zoltan Herczeg.
1026
1027         * assembler/MacroAssemblerARMv7.h:
1028         (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
1029
1030 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1031
1032         DFG JIT does not optimize strict equality as effectively as the old JIT does.
1033         https://bugs.webkit.org/show_bug.cgi?id=64759
1034
1035         Reviewed by Gavin Barraclough.
1036         
1037         This adds a more complete set of strict equality optimizations.  If either
1038         operand is known numeric, then the code reverts to the old style of optimizing
1039         (first try integer comparison).  Otherwise it uses the old JIT's trick of
1040         first simultaneously checking if both operands are either numbers or cells;
1041         if not then a fast path is taken.
1042
1043         * dfg/DFGJITCodeGenerator.cpp:
1044         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
1045         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
1046         (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
1047         * dfg/DFGJITCodeGenerator.h:
1048         * dfg/DFGNonSpeculativeJIT.cpp:
1049         (JSC::DFG::NonSpeculativeJIT::compile):
1050         * dfg/DFGOperations.cpp:
1051         * dfg/DFGOperations.h:
1052         * dfg/DFGSpeculativeJIT.cpp:
1053         (JSC::DFG::SpeculativeJIT::compile):
1054
1055 2011-07-18  Gavin Barraclough  <barraclough@apple.com>
1056
1057         https://bugs.webkit.org/show_bug.cgi?id=64760
1058         DFG JIT - Should be able to compile program code.
1059
1060         Reviewed by Geoff Garen.
1061
1062         Add support for op_end, hooks to compile program code in Executable.cpp.
1063
1064         * dfg/DFGByteCodeParser.cpp:
1065         (JSC::DFG::ByteCodeParser::parseBlock):
1066             - Add support for op_end
1067         * dfg/DFGJITCompiler.cpp:
1068         (JSC::DFG::JITCompiler::compileEntry):
1069         (JSC::DFG::JITCompiler::compileBody):
1070         (JSC::DFG::JITCompiler::link):
1071             - Added, separate out steps of compileFunction.
1072         (JSC::DFG::JITCompiler::compile):
1073             - Added, compile program code.
1074         (JSC::DFG::JITCompiler::compileFunction):
1075             - Sections separated out to helper functions.
1076         * dfg/DFGJITCompiler.h:
1077         (JSC::DFG::JITCompiler::JITCompiler):
1078             - Added m_exceptionCheckCount.
1079         * runtime/Executable.cpp:
1080         (JSC::tryDFGCompile):
1081         (JSC::tryDFGCompileFunction):
1082         (JSC::ProgramExecutable::compileInternal):
1083         (JSC::FunctionExecutable::compileForCallInternal):
1084             - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
1085
1086 2011-07-18  Gavin Barraclough  <barraclough@apple.com>
1087
1088         https://bugs.webkit.org/show_bug.cgi?id=64678
1089         Fix bugs in Object.prototype this handling.
1090
1091         Reviewed by Oliver Hunt.
1092
1093         undefined/null this values should throw TypeErrors, not convert to the global object,
1094         also, to toLocaleString should be calling the ToObject & invoking the object's toString
1095         function, even for values that are already strings.
1096
1097         * runtime/ObjectPrototype.cpp:
1098         (JSC::objectProtoFuncValueOf):
1099         (JSC::objectProtoFuncHasOwnProperty):
1100         (JSC::objectProtoFuncIsPrototypeOf):
1101         (JSC::objectProtoFuncPropertyIsEnumerable):
1102         (JSC::objectProtoFuncToLocaleString):
1103         (JSC::objectProtoFuncToString):
1104
1105 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1106
1107         JSC GC lazy sweep does not inline the common cases of cell destruction.
1108         https://bugs.webkit.org/show_bug.cgi?id=64745
1109
1110         Reviewed by Oliver Hunt.
1111         
1112         This inlines the case of JSFinalObject destruction.
1113
1114         * heap/MarkedBlock.cpp:
1115         (JSC::MarkedBlock::lazySweep):
1116
1117 2011-07-18  Oliver Hunt  <oliver@apple.com>
1118
1119         Interpreter build-fix
1120
1121         * interpreter/Interpreter.cpp:
1122         (JSC::Interpreter::privateExecute):
1123
1124 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1125
1126         DFG JIT does not optimize equal-null comparisons and branches.
1127         https://bugs.webkit.org/show_bug.cgi?id=64659
1128
1129         Reviewed by Gavin Barraclough.
1130         
1131         Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
1132         which is used by both the speculative and non-speculative JIT.  Through
1133         the use of the new isNullConstant helper, the two JITs invoke the
1134         nonSpecualtiveCompareNull() helper instead of their regular comparison
1135         helpers when compiling CompareEq.  Through the use of the new isKnownCell
1136         helper, the compare-null code will skip the is-a-cell check if the
1137         speculative JIT had been speculating cell.
1138
1139         * dfg/DFGJITCodeGenerator.cpp:
1140         (JSC::DFG::JITCodeGenerator::isKnownCell):
1141         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
1142         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
1143         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
1144         * dfg/DFGJITCodeGenerator.h:
1145         (JSC::DFG::JITCodeGenerator::isNullConstant):
1146         * dfg/DFGNonSpeculativeJIT.cpp:
1147         (JSC::DFG::NonSpeculativeJIT::compile):
1148         * dfg/DFGOperations.cpp:
1149         * dfg/DFGSpeculativeJIT.cpp:
1150         (JSC::DFG::SpeculativeJIT::compile):
1151
1152 2011-07-18  James Robinson  <jamesr@chromium.org>
1153
1154         Timer scheduling should be based off the monotonic clock
1155         https://bugs.webkit.org/show_bug.cgi?id=64544
1156
1157         Reviewed by Darin Adler.
1158
1159         Switches ThreadCondition::timedWait and related utility functions from currentTime() to
1160         monotonicallyIncreasingTime().
1161
1162         Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
1163
1164         * JavaScriptCore.exp:
1165         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1166         * wtf/ThreadingPthreads.cpp:
1167         (WTF::ThreadCondition::timedWait):
1168         * wtf/ThreadingWin.cpp:
1169         (WTF::absoluteTimeToWaitTimeoutInterval):
1170         * wtf/gtk/ThreadingGtk.cpp:
1171         (WTF::ThreadCondition::timedWait):
1172         * wtf/qt/ThreadingQt.cpp:
1173         (WTF::ThreadCondition::timedWait):
1174
1175 2011-07-18  Filip Pizlo  <fpizlo@apple.com>
1176
1177         JSC JIT does not inline GC allocation fast paths
1178         https://bugs.webkit.org/show_bug.cgi?id=64582
1179
1180         Reviewed by Oliver Hunt.
1181
1182         This addresses inlining allocation for the easiest-to-allocate cases:
1183         op_new_object and op_create_this.  Inlining GC allocation fast paths
1184         required three changes.  First, the JSGlobalData now saves the vtable
1185         pointer of JSFinalObject, since that's what op_new_object and
1186         op_create_this allocate.  Second, the Heap exposes a reference to
1187         the appropriate SizeClass, so that the JIT may inline accesses
1188         directly to the SizeClass for JSFinalObject allocations.  And third,
1189         the JIT is extended with code to emit inline fast paths for GC
1190         allocation.  A stub call is emitted in the case where the inline fast
1191         path fails.
1192
1193         * heap/Heap.h:
1194         (JSC::Heap::sizeClassFor):
1195         (JSC::Heap::allocate):
1196         * jit/JIT.cpp:
1197         (JSC::JIT::privateCompileSlowCases):
1198         * jit/JIT.h:
1199         * jit/JITInlineMethods.h:
1200         (JSC::JIT::emitAllocateJSFinalObject):
1201         * jit/JITOpcodes.cpp:
1202         (JSC::JIT::emit_op_new_object):
1203         (JSC::JIT::emitSlow_op_new_object):
1204         (JSC::JIT::emit_op_create_this):
1205         (JSC::JIT::emitSlow_op_create_this):
1206         * jit/JITOpcodes32_64.cpp:
1207         (JSC::JIT::emit_op_new_object):
1208         (JSC::JIT::emitSlow_op_new_object):
1209         (JSC::JIT::emit_op_create_this):
1210         (JSC::JIT::emitSlow_op_create_this):
1211         * runtime/JSGlobalData.cpp:
1212         (JSC::JSGlobalData::storeVPtrs):
1213         * runtime/JSGlobalData.h:
1214         * runtime/JSObject.h:
1215         (JSC::JSFinalObject::JSFinalObject):
1216         (JSC::JSObject::offsetOfInheritorID):
1217
1218 2011-07-18  Mark Hahnenberg  <mhahnenberg@apple.com>
1219
1220         Refactor JSC to replace JSCell::operator new with static create method
1221         https://bugs.webkit.org/show_bug.cgi?id=64466
1222
1223         Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
1224
1225         First step in a longer refactoring process to remove the use of
1226         operator new overloading in order to allocate GC objects and to replace
1227         this method with static create methods for each individual type of heap-allocated
1228         JS object.  This particular patch only deals with replacing uses of
1229         operator new within JSC proper.  Future patches will remove it from the
1230         parts that interface with the DOM.  Due to the DOM's continued dependence
1231         on it, operator new has not actually been removed from JSCell.
1232
1233         * API/JSCallbackConstructor.h:
1234         (JSC::JSCallbackConstructor::create):
1235         * API/JSCallbackFunction.h:
1236         (JSC::JSCallbackFunction::create):
1237         * API/JSCallbackObject.h:
1238         (JSC::JSCallbackObject::operator new):
1239         (JSC::JSCallbackObject::create):
1240         * API/JSCallbackObjectFunctions.h:
1241         (JSC::::staticFunctionGetter):
1242         * API/JSClassRef.cpp:
1243         (OpaqueJSClass::prototype):
1244         * API/JSContextRef.cpp:
1245         * API/JSObjectRef.cpp:
1246         (JSObjectMake):
1247         (JSObjectMakeFunctionWithCallback):
1248         (JSObjectMakeConstructor):
1249         * JavaScriptCore.exp:
1250         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1251         * bytecode/CodeBlock.cpp:
1252         (JSC::CodeBlock::createActivation):
1253         * bytecompiler/BytecodeGenerator.cpp:
1254         (JSC::BytecodeGenerator::BytecodeGenerator):
1255         * bytecompiler/BytecodeGenerator.h:
1256         (JSC::BytecodeGenerator::makeFunction):
1257         * bytecompiler/NodesCodegen.cpp:
1258         (JSC::RegExpNode::emitBytecode):
1259         * interpreter/Interpreter.cpp:
1260         (JSC::Interpreter::privateExecute):
1261         (JSC::Interpreter::retrieveArguments):
1262         * jit/JITStubs.cpp:
1263         (JSC::DEFINE_STUB_FUNCTION):
1264         * jsc.cpp:
1265         (GlobalObject::create):
1266         (GlobalObject::GlobalObject):
1267         (functionRun):
1268         (jscmain):
1269         * runtime/Arguments.h:
1270         (JSC::Arguments::create):
1271         (JSC::Arguments::createNoParameters):
1272         * runtime/ArrayConstructor.cpp:
1273         (JSC::constructArrayWithSizeQuirk):
1274         * runtime/ArrayConstructor.h:
1275         (JSC::ArrayConstructor::create):
1276         * runtime/ArrayPrototype.cpp:
1277         (JSC::arrayProtoFuncSplice):
1278         * runtime/ArrayPrototype.h:
1279         (JSC::ArrayPrototype::create):
1280         * runtime/BooleanConstructor.cpp:
1281         (JSC::constructBoolean):
1282         (JSC::constructBooleanFromImmediateBoolean):
1283         * runtime/BooleanConstructor.h:
1284         (JSC::BooleanConstructor::create):
1285         * runtime/BooleanObject.h:
1286         (JSC::BooleanObject::create):
1287         * runtime/BooleanPrototype.h:
1288         (JSC::BooleanPrototype::create):
1289         * runtime/DateConstructor.cpp:
1290         (JSC::constructDate):
1291         * runtime/DateConstructor.h:
1292         (JSC::DateConstructor::create):
1293         * runtime/DateInstance.h:
1294         (JSC::DateInstance::create):
1295         * runtime/DatePrototype.h:
1296         (JSC::DatePrototype::create):
1297         * runtime/Error.cpp:
1298         (JSC::createError):
1299         (JSC::createEvalError):
1300         (JSC::createRangeError):
1301         (JSC::createReferenceError):
1302         (JSC::createSyntaxError):
1303         (JSC::createTypeError):
1304         (JSC::createURIError):
1305         (JSC::StrictModeTypeErrorFunction::create):
1306         (JSC::createTypeErrorFunction):
1307         * runtime/ErrorConstructor.h:
1308         (JSC::ErrorConstructor::create):
1309         * runtime/ErrorInstance.cpp:
1310         (JSC::ErrorInstance::ErrorInstance):
1311         (JSC::ErrorInstance::create):
1312         * runtime/ErrorInstance.h:
1313         * runtime/ErrorPrototype.cpp:
1314         (JSC::ErrorPrototype::ErrorPrototype):
1315         * runtime/ErrorPrototype.h:
1316         (JSC::ErrorPrototype::create):
1317         * runtime/ExceptionHelpers.cpp:
1318         (JSC::InterruptedExecutionError::InterruptedExecutionError):
1319         (JSC::InterruptedExecutionError::create):
1320         (JSC::createInterruptedExecutionException):
1321         (JSC::TerminatedExecutionError::TerminatedExecutionError):
1322         (JSC::TerminatedExecutionError::create):
1323         (JSC::createTerminatedExecutionException):
1324         * runtime/Executable.cpp:
1325         (JSC::FunctionExecutable::FunctionExecutable):
1326         (JSC::FunctionExecutable::fromGlobalCode):
1327         * runtime/Executable.h:
1328         (JSC::ExecutableBase::create):
1329         (JSC::NativeExecutable::create):
1330         (JSC::ScriptExecutable::ScriptExecutable):
1331         (JSC::EvalExecutable::create):
1332         (JSC::ProgramExecutable::create):
1333         (JSC::FunctionExecutable::create):
1334         (JSC::FunctionExecutable::make):
1335         * runtime/FunctionConstructor.cpp:
1336         (JSC::constructFunctionSkippingEvalEnabledCheck):
1337         * runtime/FunctionConstructor.h:
1338         (JSC::FunctionConstructor::create):
1339         * runtime/FunctionPrototype.cpp:
1340         (JSC::FunctionPrototype::addFunctionProperties):
1341         * runtime/FunctionPrototype.h:
1342         (JSC::FunctionPrototype::create):
1343         * runtime/GetterSetter.h:
1344         (JSC::GetterSetter::create):
1345         * runtime/JSAPIValueWrapper.h:
1346         (JSC::JSAPIValueWrapper::create):
1347         (JSC::jsAPIValueWrapper):
1348         * runtime/JSActivation.cpp:
1349         (JSC::JSActivation::argumentsGetter):
1350         * runtime/JSActivation.h:
1351         (JSC::JSActivation::create):
1352         * runtime/JSArray.h:
1353         (JSC::JSArray::create):
1354         * runtime/JSCell.h:
1355         (JSC::JSCell::allocateCell):
1356         * runtime/JSFunction.h:
1357         (JSC::JSFunction::create):
1358         * runtime/JSGlobalObject.cpp:
1359         (JSC::JSGlobalObject::init):
1360         (JSC::JSGlobalObject::reset):
1361         * runtime/JSGlobalObject.h:
1362         (JSC::constructEmptyArray):
1363         (JSC::constructArray):
1364         * runtime/JSNotAnObject.h:
1365         (JSC::JSNotAnObject::create):
1366         * runtime/JSONObject.h:
1367         (JSC::JSONObject::create):
1368         * runtime/JSObject.cpp:
1369         (JSC::JSObject::defineGetter):
1370         (JSC::JSObject::defineSetter):
1371         (JSC::putDescriptor):
1372         * runtime/JSObject.h:
1373         (JSC::JSFinalObject::create):
1374         * runtime/JSPropertyNameIterator.cpp:
1375         (JSC::JSPropertyNameIterator::create):
1376         * runtime/JSPropertyNameIterator.h:
1377         (JSC::JSPropertyNameIterator::create):
1378         * runtime/JSString.cpp:
1379         (JSC::JSString::substringFromRope):
1380         (JSC::JSString::replaceCharacter):
1381         (JSC::StringObject::create):
1382         * runtime/JSString.h:
1383         (JSC::RopeBuilder::JSString):
1384         (JSC::RopeBuilder::create):
1385         (JSC::RopeBuilder::createHasOtherOwner):
1386         (JSC::jsSingleCharacterString):
1387         (JSC::jsSingleCharacterSubstring):
1388         (JSC::jsNontrivialString):
1389         (JSC::jsString):
1390         (JSC::jsSubstring):
1391         (JSC::jsOwnedString):
1392         * runtime/JSValue.cpp:
1393         (JSC::JSValue::toObjectSlowCase):
1394         (JSC::JSValue::synthesizeObject):
1395         (JSC::JSValue::synthesizePrototype):
1396         * runtime/Lookup.cpp:
1397         (JSC::setUpStaticFunctionSlot):
1398         * runtime/MathObject.h:
1399         (JSC::MathObject::create):
1400         * runtime/NativeErrorConstructor.cpp:
1401         (JSC::NativeErrorConstructor::NativeErrorConstructor):
1402         * runtime/NativeErrorConstructor.h:
1403         (JSC::NativeErrorConstructor::create):
1404         * runtime/NativeErrorPrototype.h:
1405         (JSC::NativeErrorPrototype::create):
1406         * runtime/NumberConstructor.cpp:
1407         (JSC::constructWithNumberConstructor):
1408         * runtime/NumberConstructor.h:
1409         (JSC::NumberConstructor::create):
1410         * runtime/NumberObject.cpp:
1411         (JSC::constructNumber):
1412         * runtime/NumberObject.h:
1413         (JSC::NumberObject::create):
1414         * runtime/NumberPrototype.h:
1415         (JSC::NumberPrototype::create):
1416         * runtime/ObjectConstructor.h:
1417         (JSC::ObjectConstructor::create):
1418         * runtime/ObjectPrototype.h:
1419         (JSC::ObjectPrototype::create):
1420         * runtime/Operations.h:
1421         (JSC::jsString):
1422         * runtime/RegExp.cpp:
1423         (JSC::RegExp::RegExp):
1424         (JSC::RegExp::createWithoutCaching):
1425         (JSC::RegExp::create):
1426         * runtime/RegExp.h:
1427         * runtime/RegExpCache.cpp:
1428         (JSC::RegExpCache::lookupOrCreate):
1429         * runtime/RegExpConstructor.cpp:
1430         (JSC::RegExpConstructor::arrayOfMatches):
1431         (JSC::constructRegExp):
1432         * runtime/RegExpConstructor.h:
1433         (JSC::RegExpConstructor::create):
1434         * runtime/RegExpMatchesArray.h:
1435         (JSC::RegExpMatchesArray::create):
1436         * runtime/RegExpObject.h:
1437         (JSC::RegExpObject::create):
1438         * runtime/RegExpPrototype.cpp:
1439         (JSC::regExpProtoFuncCompile):
1440         * runtime/RegExpPrototype.h:
1441         (JSC::RegExpPrototype::create):
1442         * runtime/ScopeChain.h:
1443         (JSC::ScopeChainNode::create):
1444         (JSC::ScopeChainNode::push):
1445         * runtime/SmallStrings.cpp:
1446         (JSC::SmallStrings::createEmptyString):
1447         (JSC::SmallStrings::createSingleCharacterString):
1448         * runtime/StringConstructor.cpp:
1449         (JSC::constructWithStringConstructor):
1450         * runtime/StringConstructor.h:
1451         (JSC::StringConstructor::create):
1452         * runtime/StringObject.h:
1453         (JSC::StringObject::create):
1454         * runtime/StringObjectThatMasqueradesAsUndefined.h:
1455         (JSC::StringObjectThatMasqueradesAsUndefined::create):
1456         * runtime/StringPrototype.cpp:
1457         (JSC::stringProtoFuncMatch):
1458         (JSC::stringProtoFuncSearch):
1459         * runtime/StringPrototype.h:
1460         (JSC::StringPrototype::create):
1461         * runtime/Structure.h:
1462         (JSC::Structure::create):
1463         (JSC::Structure::createStructure):
1464         * runtime/StructureChain.h:
1465         (JSC::StructureChain::create):
1466
1467 2011-07-17  Ryuan Choi  <ryuan.choi@samsung.com>
1468
1469         [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
1470         https://bugs.webkit.org/show_bug.cgi?id=64337
1471
1472         Replace ecore_timer_add to Ecore_Pipe.
1473         This is needed because ecore_timer should not be called in a child thread,
1474         but in the main thread.
1475
1476         Reviewed by Antonio Gomes.
1477
1478         * wtf/efl/MainThreadEfl.cpp:
1479         (WTF::pipeObject):
1480         (WTF::monitorDispatchFunctions):
1481         (WTF::initializeMainThreadPlatform):
1482         (WTF::scheduleDispatchFunctionsOnMainThread):
1483
1484 2011-07-17  Filip Pizlo  <fpizlo@apple.com>
1485
1486         DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
1487         https://bugs.webkit.org/show_bug.cgi?id=64637
1488
1489         Reviewed by Gavin Barraclough.
1490
1491         * dfg/DFGOperations.cpp:
1492
1493 2011-07-16  Gavin Barraclough  <barraclough@apple.com>
1494
1495         https://bugs.webkit.org/show_bug.cgi?id=64657
1496         Converted this value not preserved when accessed via direct eval.
1497
1498         Reviewed by Oliver Hunt.
1499
1500         Upon entry into a non-strict function, primitive this values should be boxed as Object types
1501         (or substituted with the global object) - which is done by op_convert_this. However we only
1502         do so where this is used lexically within the function (we omit the conversion op if not).
1503         The problem comes if a direct eval (running within the function's scope) accesses the this
1504         value.
1505
1506         We are safe in the case of a single eval, since the this object will be converted within
1507         callEval, however the converted value is not preserved, and a new wrapper object is allocated
1508         each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
1509         object will be lost between eval statements.
1510
1511         * bytecompiler/BytecodeGenerator.cpp:
1512         (JSC::BytecodeGenerator::BytecodeGenerator):
1513             - If a function uses eval, we always need to convert this.
1514         * interpreter/Interpreter.cpp:
1515         (JSC::Interpreter::execute):
1516             - Don't convert primitive values here - this is too late!
1517         (JSC::Interpreter::privateExecute):
1518             - Changed op_convert_this to call new isPrimitive method.
1519         * jit/JITStubs.cpp:
1520         (JSC::DEFINE_STUB_FUNCTION):
1521             - Changed op_convert_this to call new isPrimitive method.
1522         * runtime/JSCell.h:
1523         (JSC::JSCell::JSValue::isPrimitive):
1524             - Added JSValue::isPrimitive.
1525         * runtime/JSValue.h:
1526             - Added JSValue::isPrimitive.
1527
1528 2011-07-16  Filip Pizlo  <fpizlo@apple.com>
1529
1530         DFG JIT compare/branch code emits is-integer tests even when a value is
1531         definitely not an integer.
1532         https://bugs.webkit.org/show_bug.cgi?id=64654
1533
1534         Reviewed by Gavin Barraclough.
1535         
1536         Added the isKnownNotInteger() method, which returns true if a node is
1537         definitely not an integer and will always fail any is-integer test.  Then
1538         modified the compare and branch code to use this method; if it returns
1539         true then is-int tests are omitted and the compiler always emits a slow
1540         call.
1541
1542         * dfg/DFGJITCodeGenerator.cpp:
1543         (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
1544         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
1545         (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
1546         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
1547         * dfg/DFGJITCodeGenerator.h:
1548         * dfg/DFGSpeculativeJIT.cpp:
1549         (JSC::DFG::SpeculativeJIT::compare):
1550
1551 2011-07-16  Filip Pizlo  <fpizlo@apple.com>
1552
1553         DFG speculative JIT has dead code for slow calls for branches.
1554         https://bugs.webkit.org/show_bug.cgi?id=64653
1555
1556         Reviewed by Gavin Barraclough.
1557         
1558         Removed SpeculativeJIT::compilePeepHoleCall.
1559
1560         * dfg/DFGSpeculativeJIT.cpp:
1561         * dfg/DFGSpeculativeJIT.h:
1562
1563 2011-07-15  Mark Rowe  <mrowe@apple.com>
1564
1565         Fix the build.
1566
1567         * dfg/DFGGraph.h:
1568
1569 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
1570
1571         NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
1572         https://bugs.webkit.org/show_bug.cgi?id=55346
1573
1574         Reviewed by Sam Weinig.
1575
1576         * runtime/ErrorPrototype.cpp:
1577         (JSC::ErrorPrototype::ErrorPrototype):
1578             - Switch to putDirect since we're not the only ones tranitioning this Structure now.
1579         * runtime/NativeErrorPrototype.cpp:
1580         (JSC::NativeErrorPrototype::NativeErrorPrototype):
1581         * runtime/NativeErrorPrototype.h:
1582             - Switch base class to ErrorPrototype.
1583
1584 2011-07-15  Gavin Barraclough  <barraclough@apple.com>
1585
1586         DFG JIT - Where arguments passed are integers, speculate this.
1587         https://bugs.webkit.org/show_bug.cgi?id=64630
1588
1589         Reviewed by Sam Weinig.
1590
1591         Presently the DFG JIT is overly aggressively predicting double.
1592         Use a bit of dynamic information, and curtail this a little.
1593
1594         * dfg/DFGGraph.cpp:
1595         (JSC::DFG::Graph::predictArgumentTypes):
1596             - Check for integer arguments.
1597         * dfg/DFGGraph.h:
1598             - Function declaration.
1599         * runtime/Executable.cpp:
1600         (JSC::tryDFGCompile):
1601         (JSC::FunctionExecutable::compileForCallInternal):
1602             - Add call to predictArgumentTypes.
1603
1604 2011-07-15  Filip Pizlo  <fpizlo@apple.com>
1605
1606         DFG JIT is inconsistent about fusing branches and speculating
1607         integer comparisons for branches.
1608         https://bugs.webkit.org/show_bug.cgi?id=64573
1609
1610         Reviewed by Gavin Barraclough.
1611         
1612         This patch moves some of NonSpeculativeJIT's functionality up into the
1613         JITCodeGenerator superclass so that it can be used from both JITs.  Now,
1614         in cases where the speculative JIT doesn't want to speculate but still
1615         wants to emit good code, it can reliably emit the same code sequence as
1616         the non-speculative JIT.  This patch also extends the non-speculative
1617         JIT's compare optimizations to include compare/branch fusing, and
1618         extends the speculative JIT's compare optimizations to cover StrictEqual.
1619
1620         * dfg/DFGJITCodeGenerator.cpp:
1621         (JSC::DFG::JITCodeGenerator::isKnownInteger):
1622         (JSC::DFG::JITCodeGenerator::isKnownNumeric):
1623         (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
1624         (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
1625         * dfg/DFGJITCodeGenerator.h:
1626         (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
1627         * dfg/DFGNonSpeculativeJIT.cpp:
1628         (JSC::DFG::NonSpeculativeJIT::compile):
1629         * dfg/DFGNonSpeculativeJIT.h:
1630         * dfg/DFGOperations.cpp:
1631         * dfg/DFGSpeculativeJIT.cpp:
1632         (JSC::DFG::SpeculativeJIT::compare):
1633         (JSC::DFG::SpeculativeJIT::compile):
1634         * dfg/DFGSpeculativeJIT.h:
1635         * wtf/Platform.h:
1636
1637 2011-07-14  Gavin Barraclough  <barraclough@apple.com>
1638
1639         https://bugs.webkit.org/show_bug.cgi?id=64250
1640         Global strict mode function leaking global object as "this".
1641
1642         Reviewed by Oliver Hunt.
1643
1644         The root problem here is that we pass the wrong values into
1645         calls, and then try to fix them up in the callee. Correct
1646         behaviour per the spec is to pass in the value undefined,
1647         as this unless either (1) the function call is based on an
1648         explicit property access or (2) the base of the call comes
1649         directly from a 'with'.
1650
1651         This change does away with the need for this conversion of
1652         objects (non strict code should only box primitives), and
1653         does away with all this conversion for strict functions.
1654
1655         This patch may have web compatibility ramifications, and may
1656         require some advocacy.
1657
1658         * bytecode/CodeBlock.cpp:
1659         (JSC::CodeBlock::dump):
1660             - Removed op_convert_this_strict, added op_resolve_with_this.
1661         * bytecode/Opcode.h:
1662             - Removed op_convert_this_strict, added op_resolve_with_this.
1663         * bytecompiler/BytecodeGenerator.cpp:
1664         (JSC::BytecodeGenerator::BytecodeGenerator):
1665         (JSC::BytecodeGenerator::emitResolveWithThis):
1666             - Removed op_convert_this_strict, added op_resolve_with_this.
1667         * bytecompiler/BytecodeGenerator.h:
1668             - Removed op_convert_this_strict, added op_resolve_with_this.
1669         * bytecompiler/NodesCodegen.cpp:
1670         (JSC::EvalFunctionCallNode::emitBytecode):
1671         (JSC::FunctionCallResolveNode::emitBytecode):
1672             - Removed op_convert_this_strict, added op_resolve_with_this.
1673         * dfg/DFGSpeculativeJIT.cpp:
1674         (JSC::DFG::SpeculativeJIT::compile):
1675             - Change NeedsThisConversion check to test for JSString's vptr
1676               (objects no longer need conversion).
1677         * interpreter/Interpreter.cpp:
1678         (JSC::Interpreter::resolveThisAndProperty):
1679             - Based on resolveBaseAndProperty, but produce correct this value.
1680         (JSC::Interpreter::privateExecute):
1681             - Removed op_convert_this_strict, added op_resolve_with_this.
1682         * interpreter/Interpreter.h:
1683         * jit/JIT.cpp:
1684         (JSC::JIT::privateCompileMainPass):
1685         (JSC::JIT::privateCompileSlowCases):
1686             - Removed op_convert_this_strict, added op_resolve_with_this.
1687         * jit/JIT.h:
1688         * jit/JITOpcodes.cpp:
1689         (JSC::JIT::emit_op_resolve_with_this):
1690             - Removed op_convert_this_strict, added op_resolve_with_this.
1691         (JSC::JIT::emit_op_convert_this):
1692         (JSC::JIT::emitSlow_op_convert_this):
1693             - Change NeedsThisConversion check to test for JSString's vptr
1694               (objects no longer need conversion).
1695         * jit/JITOpcodes32_64.cpp:
1696         (JSC::JIT::emit_op_resolve_with_this):
1697             - Removed op_convert_this_strict, added op_resolve_with_this.
1698         (JSC::JIT::emit_op_convert_this):
1699         (JSC::JIT::emitSlow_op_convert_this):
1700             - Change NeedsThisConversion check to test for JSString's vptr
1701               (objects no longer need conversion).
1702         * jit/JITStubs.cpp:
1703         (JSC::DEFINE_STUB_FUNCTION):
1704             - Removed op_convert_this_strict, added op_resolve_with_this.
1705         * jit/JITStubs.h:
1706             - Removed op_convert_this_strict, added op_resolve_with_this.
1707         * runtime/JSActivation.h:
1708             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
1709         * runtime/JSStaticScopeObject.h:
1710             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
1711         * runtime/JSString.h:
1712         (JSC::RopeBuilder::createStructure):
1713             - removed NeedsThisConversion.
1714         * runtime/JSTypeInfo.h:
1715         (JSC::TypeInfo::isEnvironmentRecord):
1716         (JSC::TypeInfo::overridesHasInstance):
1717             - removed NeedsThisConversion flag, added IsEnvironmentRecord.
1718         * runtime/JSValue.h:
1719             - removed NeedsThisConversion.
1720         * runtime/JSVariableObject.h:
1721             - Corrected StructureFlags inheritance.
1722         * runtime/StrictEvalActivation.h:
1723         (JSC::StrictEvalActivation::createStructure):
1724             - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
1725         * runtime/Structure.h:
1726             - removed NeedsThisConversion.
1727         * tests/mozilla/ecma/String/15.5.4.6-2.js:
1728         (getTestCases):
1729             - Removed invalid test case.
1730
1731 2011-07-15  Sheriff Bot  <webkit.review.bot@gmail.com>
1732
1733         Unreviewed, rolling out r91082, r91087, and r91089.
1734         http://trac.webkit.org/changeset/91082
1735         http://trac.webkit.org/changeset/91087
1736         http://trac.webkit.org/changeset/91089
1737         https://bugs.webkit.org/show_bug.cgi?id=64616
1738
1739         gtk tests are failing a lot after this change. (Requested by
1740         dave_levin on #webkit).
1741
1742         * wtf/ThreadIdentifierDataPthreads.cpp:
1743         (WTF::ThreadIdentifierData::identifier):
1744         (WTF::ThreadIdentifierData::initialize):
1745         (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
1746         (WTF::ThreadIdentifierData::initializeKeyOnce):
1747         * wtf/ThreadIdentifierDataPthreads.h:
1748         * wtf/ThreadingPthreads.cpp:
1749         (WTF::initializeThreading):
1750
1751 2011-07-15  David Levin  <levin@chromium.org>
1752
1753         Another attempted build fix.
1754
1755         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
1756         up the definition of PTHREAD_KEYS_MAX.
1757
1758 2011-07-15  David Levin  <levin@chromium.org>
1759
1760         Chromium build fix.
1761
1762         * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
1763         up the definition of PTHREAD_KEYS_MAX.
1764
1765 2011-07-14  David Levin  <levin@chromium.org>
1766
1767         currentThread is too slow!
1768         https://bugs.webkit.org/show_bug.cgi?id=64577
1769
1770         Reviewed by Darin Adler and Dmitry Titov.
1771
1772         The problem is that currentThread results in a pthread_once call which always takes a lock.
1773         With this change, currentThread is 10% faster than isMainThread in release mode and only
1774         5% slower than isMainThread in debug.
1775
1776         * wtf/ThreadIdentifierDataPthreads.cpp:
1777         (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
1778         which is no longer needed because this is called from initializeThreading().
1779         (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
1780         intialization of the pthread key should already be done.
1781         (WTF::ThreadIdentifierData::initialize): Ditto.
1782         * wtf/ThreadIdentifierDataPthreads.h:
1783         * wtf/ThreadingPthreads.cpp:
1784         (WTF::initializeThreading): Acquire the pthread key here.
1785
1786 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1787
1788         DFG JIT does not optimize Branch as well as it could.
1789         https://bugs.webkit.org/show_bug.cgi?id=64574
1790
1791         Reviewed by Gavin Barraclough.
1792         
1793         This creates a common code path for emitting unfused branches, which does
1794         no speculation, and only performs a slow call if absolutely necessary.
1795
1796         * dfg/DFGJITCodeGenerator.cpp:
1797         (JSC::DFG::JITCodeGenerator::emitBranch):
1798         * dfg/DFGJITCodeGenerator.h:
1799         * dfg/DFGNonSpeculativeJIT.cpp:
1800         (JSC::DFG::NonSpeculativeJIT::compile):
1801         * dfg/DFGSpeculativeJIT.cpp:
1802         (JSC::DFG::SpeculativeJIT::compile):
1803
1804 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1805
1806         GC allocation fast path has too many operations.
1807         https://bugs.webkit.org/show_bug.cgi?id=64493
1808
1809         Reviewed by Darin Adler.
1810         
1811         Changed the timing of the lazy sweep so that it occurs when we land on
1812         a previously-unsweeped block, rather than whenever we land on an unsweeped
1813         cell.  After the per-block lazy sweep occurs, the block is turned into a
1814         singly linked list of free cells.  The allocation fast path is now just a
1815         load-branch-store to remove a cell from the head of the list.
1816         
1817         Additionally, this changes the way new blocks are allocated.  Previously,
1818         they would be populated with dummy cells.  With this patch, they are
1819         turned into a free list, which means that there will never be destructor
1820         calls for allocations in fresh blocks.
1821         
1822         These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
1823         SunSpider.  There are no observed statistically significant slow-downs
1824         on any individual benchmark.
1825
1826         * JavaScriptCore.exp:
1827         * heap/Heap.cpp:
1828         (JSC::Heap::allocateSlowCase):
1829         (JSC::Heap::collect):
1830         (JSC::Heap::canonicalizeBlocks):
1831         (JSC::Heap::resetAllocator):
1832         * heap/Heap.h:
1833         (JSC::Heap::forEachProtectedCell):
1834         (JSC::Heap::forEachCell):
1835         (JSC::Heap::forEachBlock):
1836         (JSC::Heap::allocate):
1837         * heap/MarkedBlock.cpp:
1838         (JSC::MarkedBlock::MarkedBlock):
1839         (JSC::MarkedBlock::lazySweep):
1840         (JSC::MarkedBlock::blessNewBlockForFastPath):
1841         (JSC::MarkedBlock::blessNewBlockForSlowPath):
1842         (JSC::MarkedBlock::canonicalizeBlock):
1843         * heap/MarkedBlock.h:
1844         * heap/NewSpace.cpp:
1845         (JSC::NewSpace::addBlock):
1846         (JSC::NewSpace::canonicalizeBlocks):
1847         * heap/NewSpace.h:
1848         (JSC::NewSpace::allocate):
1849         (JSC::NewSpace::SizeClass::SizeClass):
1850         (JSC::NewSpace::SizeClass::canonicalizeBlock):
1851         * heap/OldSpace.cpp:
1852         (JSC::OldSpace::addBlock):
1853
1854 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1855
1856         DFG JIT crashes on host constructor calls in debug mode.
1857         https://bugs.webkit.org/show_bug.cgi?id=64562
1858         
1859         Reviewed by Gavin Barraclough.
1860         
1861         Fixed the relevant ASSERT.
1862
1863         * dfg/DFGOperations.cpp:
1864
1865 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1866
1867         DFG speculative JIT contains a FIXME for rewinding speculative code generation that
1868         has already been fixed.
1869         https://bugs.webkit.org/show_bug.cgi?id=64022
1870
1871         Reviewed by Gavin Barraclough.
1872
1873         * dfg/DFGSpeculativeJIT.h:
1874         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1875
1876 2011-07-14  Ryuan Choi  <ryuan.choi@samsung.com>
1877
1878         [EFL] Add OwnPtr specialization for Ecore_Pipe.
1879         https://bugs.webkit.org/show_bug.cgi?id=64515
1880
1881         Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
1882
1883         Reviewed by Xan Lopez.
1884
1885         * wtf/OwnPtrCommon.h:
1886         * wtf/efl/OwnPtrEfl.cpp:
1887         (WTF::deleteOwnedPtr):
1888
1889 2011-07-14  Filip Pizlo  <fpizlo@apple.com>
1890
1891         DFG JIT unnecessarily boxes and unboxes values during silent spilling.
1892         https://bugs.webkit.org/show_bug.cgi?id=64068
1893
1894         Reviewed by Gavin Barraclough.
1895         
1896         Silent spilling and filling of registers is done during slow-path C
1897         function calls.  The silent spill/fill logic does not affect register
1898         allocation on paths that don't involve the C function call.
1899         
1900         This changes the silent spilling code to spill in unboxed form.  The
1901         silent fill will refill in whatever form the register was spilled in.
1902         For example, the silent spill code may choose not to spill the register
1903         because it was already spilled previously, which would imply that it
1904         was spilled in boxed form.  The filling code detects this and either
1905         unboxes, or not, depending on what is appropriate.
1906         
1907         This change also results in a simplification of the silent spill/fill
1908         API: silent spilling no longer needs to know about the set of registers
1909         that cannot be trampled, since it never does boxing and hence does not
1910         need a temporary register.
1911
1912         * dfg/DFGJITCodeGenerator.cpp:
1913         (JSC::DFG::JITCodeGenerator::cachedGetById):
1914         (JSC::DFG::JITCodeGenerator::cachedPutById):
1915         * dfg/DFGJITCodeGenerator.h:
1916         (JSC::DFG::JITCodeGenerator::silentSpillGPR):
1917         (JSC::DFG::JITCodeGenerator::silentSpillFPR):
1918         (JSC::DFG::JITCodeGenerator::silentFillFPR):
1919         (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
1920         * dfg/DFGNonSpeculativeJIT.cpp:
1921         (JSC::DFG::NonSpeculativeJIT::valueToNumber):
1922         (JSC::DFG::NonSpeculativeJIT::valueToInt32):
1923         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
1924         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
1925         (JSC::DFG::NonSpeculativeJIT::compare):
1926         (JSC::DFG::NonSpeculativeJIT::compile):
1927         * dfg/DFGSpeculativeJIT.cpp:
1928         (JSC::DFG::SpeculativeJIT::compile):
1929
1930 2011-07-13  Michael Saboff  <msaboff@apple.com>
1931
1932         https://bugs.webkit.org/show_bug.cgi?id=64202
1933         Enh: Improve handling of RegExp in the form of /.*blah.*/
1934
1935         Reviewed by Gavin Barraclough.
1936
1937         Added code to both the Yarr interpreter and JIT to handle
1938         these expressions a little differently.  First off, the terms
1939         in between the leading and trailing .*'s cannot capture and
1940         also this enhancement is limited to single alternative expressions.
1941         If an expression is of the right form with the aforementioned
1942         restrictions, we process the inner terms and then look for the
1943         beginning of the string and end of the string.  There is handling 
1944         for multiline expressions to allow the beginning and end to be 
1945         right after and right before newlines.
1946
1947         This enhancement speeds up expressions of this type 12x on
1948         a MacBookPro.
1949
1950         Cleaned up 'case' statement indentation.
1951
1952         A new set of tests was added as LayoutTests/fast/regex/dotstar.html
1953
1954         * yarr/YarrInterpreter.cpp:
1955         (JSC::Yarr::Interpreter::InputStream::end):
1956         (JSC::Yarr::Interpreter::matchDotStarEnclosure):
1957         (JSC::Yarr::Interpreter::matchDisjunction):
1958         (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
1959         (JSC::Yarr::ByteCompiler::emitDisjunction):
1960         * yarr/YarrInterpreter.h:
1961         (JSC::Yarr::ByteTerm::DotStarEnclosure):
1962         * yarr/YarrJIT.cpp:
1963         (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
1964         (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
1965         (JSC::Yarr::YarrGenerator::generateTerm):
1966         (JSC::Yarr::YarrGenerator::backtrackTerm):
1967         * yarr/YarrPattern.cpp:
1968         (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
1969         (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
1970         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1971         (JSC::Yarr::YarrPattern::compile):
1972         * yarr/YarrPattern.h:
1973         (JSC::Yarr::PatternTerm::PatternTerm):
1974
1975 2011-07-13  Xan Lopez  <xlopez@igalia.com>
1976
1977         [GTK] Fix distcheck
1978
1979         Reviewed by Martin Robinson.
1980
1981         * GNUmakefile.list.am: add missing files.
1982
1983 2011-07-13  Filip Pizlo  <fpizlo@apple.com>
1984
1985         DFG JIT does not implement prototype chain or list caching for get_by_id.
1986         https://bugs.webkit.org/show_bug.cgi?id=64147
1987
1988         Reviewed by Gavin Barraclough.
1989         
1990         This implements unified support for prototype caching, prototype chain
1991         caching, and polymorphic (i.e. list) prototype and prototype chain
1992         caching.  This is done by creating common code for emitting prototype
1993         or chain access stubs, and having it factored out into
1994         generateProtoChainAccessStub().  This function is called by
1995         tryCacheGetByID once the latter determines that some form of prototype
1996         access caching is necessary (i.e. the slot being accessed is not on the
1997         base value but on some other object).
1998         
1999         Direct prototype list, and prototype chain list, caching is implemented by
2000         linking the slow path to operationGetByIdProtoBuildList(), which uses the
2001         same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
2002         
2003         This change required ensuring that the value in the scratchGPR field in
2004         StructureStubInfo is preserved even after the stub info is in the
2005         chain, or proto_list, states.  Hence scratchGPR was moved out of the union
2006         and into the top-level of StructureStubInfo.
2007         
2008         * bytecode/StructureStubInfo.h:
2009         * dfg/DFGJITCompiler.cpp:
2010         (JSC::DFG::JITCompiler::compileFunction):
2011         * dfg/DFGOperations.cpp:
2012         * dfg/DFGOperations.h:
2013         * dfg/DFGRepatch.cpp:
2014         (JSC::DFG::emitRestoreScratch):
2015         (JSC::DFG::linkRestoreScratch):
2016         (JSC::DFG::generateProtoChainAccessStub):
2017         (JSC::DFG::tryCacheGetByID):
2018         (JSC::DFG::tryBuildGetByIDProtoList):
2019         (JSC::DFG::dfgBuildGetByIDProtoList):
2020         (JSC::DFG::tryCachePutByID):
2021         * dfg/DFGRepatch.h:
2022
2023 2011-07-12  Brent Fulgham  <bfulgham@webkit.org>
2024
2025         Standardize WinCairo conditionalized code under PLATFORM macro.
2026         https://bugs.webkit.org/show_bug.cgi?id=64377
2027
2028         Reviewed by Maciej Stachowiak.
2029
2030         * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
2031
2032 2011-07-13  David Levin  <levin@chromium.org>
2033
2034         Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
2035         https://bugs.webkit.org/show_bug.cgi?id=64465
2036
2037         Reviewed by Dmitry Titov.
2038
2039         There isn't a good way to test this as it is very highly unlikely to occur.
2040
2041         * wtf/ThreadIdentifierDataPthreads.cpp:
2042         (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
2043         isn't thread-safe, change the initialization to be global.
2044
2045 2011-07-12  Gavin Barraclough  <barraclough@apple.com>
2046
2047         https://bugs.webkit.org/show_bug.cgi?id=64424
2048         Our direct eval behaviour deviates slightly from the spec.
2049
2050         Reviewed by Oliver Hunt.
2051
2052         The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
2053         behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
2054         or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
2055         may be introduced into the caller's environment.
2056
2057         ES5 direct calls are any call where the callee function is provided by a reference, a base
2058         of that Reference is an EnvironmentRecord (this corresponds to all productions
2059         "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
2060         of the reference is "eval". This means any expression of the form "eval(...)", and that
2061         calls the standard built in eval method from on the Global Object, is considered to be
2062         direct.
2063
2064         In JavaScriptCore we are currently overly restrictive. We also check that the
2065         EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
2066         at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
2067         that hits a var eval in a nested scope is not considered to be direct. This behaviour does
2068         not emanate from the spec, and is incorrect.
2069
2070         * interpreter/Interpreter.cpp:
2071         (JSC::Interpreter::privateExecute):
2072             - Fixed direct eval check in op_call_eval.
2073         * jit/JITStubs.cpp:
2074         (JSC::DEFINE_STUB_FUNCTION):
2075             - Fixed direct eval check in op_call_eval.
2076         * runtime/Executable.h:
2077         (JSC::isHostFunction):
2078             - Added check for host function with specific NativeFunction.
2079
2080 2011-07-13  Ademar de Souza Reis Jr.  <ademar.reis@openbossa.org>
2081
2082         Reviewed by Andreas Kling.
2083
2084         Broken build on QNX
2085         https://bugs.webkit.org/show_bug.cgi?id=63717
2086
2087         QNX doesn't support pthread's SA_RESTART (required by
2088         JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
2089         few minor compilation errors here and there.
2090
2091         Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
2092         tested by him on QNX v6.5 (x86)
2093
2094         * wtf/DateMath.cpp: fix usage of abs/labs
2095         * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
2096         * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
2097
2098 2011-07-12  Anders Carlsson  <andersca@apple.com>
2099
2100         If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
2101         https://bugs.webkit.org/show_bug.cgi?id=64429
2102
2103         Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
2104
2105         * wtf/NullPtr.h:
2106
2107 2011-07-13  MORITA Hajime  <morrita@google.com>
2108
2109         Refactoring: Ignored ExceptionCode value should be less annoying.
2110         https://bugs.webkit.org/show_bug.cgi?id=63688
2111
2112         Added ASSERT_AT macro.
2113
2114         Reviewed by Darin Adler.
2115
2116         * wtf/Assertions.h:
2117
2118 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2119
2120         DFG JIT does not implement op_construct.
2121         https://bugs.webkit.org/show_bug.cgi?id=64066
2122
2123         Reviewed by Gavin Barraclough.
2124         
2125         This is a fixed implementation of op_construct.  Constructor calls are implemented
2126         by reusing almost all of the code for Call, with care taken to make sure that
2127         where the are differences (like selecting different code blocks), those differences
2128         are respected.  The two fixes over the last patch are: (1) make sure the
2129         CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
2130         make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
2131         (either CodeForCall or CodeForConstruct) when invoking the compiler.
2132
2133         * dfg/DFGAliasTracker.h:
2134         (JSC::DFG::AliasTracker::recordConstruct):
2135         * dfg/DFGByteCodeParser.cpp:
2136         (JSC::DFG::ByteCodeParser::addCall):
2137         (JSC::DFG::ByteCodeParser::parseBlock):
2138         * dfg/DFGJITCodeGenerator.cpp:
2139         (JSC::DFG::JITCodeGenerator::emitCall):
2140         * dfg/DFGNode.h:
2141         * dfg/DFGNonSpeculativeJIT.cpp:
2142         (JSC::DFG::NonSpeculativeJIT::compile):
2143         * dfg/DFGOperations.cpp:
2144         * dfg/DFGOperations.h:
2145         * dfg/DFGRepatch.cpp:
2146         (JSC::DFG::dfgLinkFor):
2147         * dfg/DFGRepatch.h:
2148         * dfg/DFGSpeculativeJIT.cpp:
2149         (JSC::DFG::SpeculativeJIT::compile):
2150         * runtime/CodeBlock.cpp:
2151         (JSC::CodeBlock::unlinkCalls):
2152
2153 2011-07-12  Oliver Hunt  <oliver@apple.com>
2154
2155         Overzealous type validation in method_check
2156         https://bugs.webkit.org/show_bug.cgi?id=64415
2157
2158         Reviewed by Gavin Barraclough.
2159
2160         method_check is essentially just a value look up
2161         optimisation, but it internally stores the value
2162         as a JSFunction, even though it never relies on
2163         this fact.  Under GC validation however we end up
2164         trying to enforce that assumption.  The fix is
2165         simply to store the value as a correct supertype.
2166
2167         * bytecode/CodeBlock.h:
2168         * dfg/DFGRepatch.cpp:
2169         (JSC::DFG::dfgRepatchGetMethodFast):
2170         (JSC::DFG::tryCacheGetMethod):
2171         * jit/JIT.h:
2172         * jit/JITPropertyAccess.cpp:
2173         (JSC::JIT::patchMethodCallProto):
2174         * jit/JITStubs.cpp:
2175         (JSC::DEFINE_STUB_FUNCTION):
2176
2177 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2178
2179         COLLECT_ON_EVERY_ALLOCATION no longer works.
2180         https://bugs.webkit.org/show_bug.cgi?id=64388
2181
2182         Reviewed by Oliver Hunt.
2183         
2184         Added a flag to Heap that determines if it's safe to collect (which for now means that
2185         JSGlobalObject has actually been initialized, but it should work for other things, too).
2186         This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
2187         GCing it just grows the heap, if necessary.
2188         
2189         Then changed Heap::allocate() to not recurse ad infinitum when
2190         COLLECT_ON_EVERY_ALLOCATION is set.  This also makes the allocator generally more
2191         resilient against bugs; this change allowed me to put in handy assertions, such as that
2192         an allocation must succeed after either a collection or after a new block was added.
2193
2194         * heap/Heap.cpp:
2195         (JSC::Heap::Heap):
2196         (JSC::Heap::tryAllocate):
2197         (JSC::Heap::allocate):
2198         (JSC::Heap::collectAllGarbage):
2199         (JSC::Heap::collect):
2200         * heap/Heap.h:
2201         (JSC::Heap::notifyIsSafeToCollect):
2202         * runtime/JSGlobalData.cpp:
2203         (JSC::JSGlobalData::JSGlobalData):
2204
2205 2011-07-12  Filip Pizlo  <fpizlo@apple.com>
2206
2207         DFG JIT put_by_id transition caching does not inform the GC about the structure and
2208         prototype chain that it is referencing.
2209         https://bugs.webkit.org/show_bug.cgi?id=64387
2210
2211         Reviewed by Gavin Barraclough.
2212         
2213         Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
2214
2215         * dfg/DFGRepatch.cpp:
2216         (JSC::DFG::tryCachePutByID):
2217
2218 2011-07-12  Adam Roben  <aroben@apple.com>
2219
2220         Ensure no intermediate WTF::Strings are created when concatenating with string literals
2221
2222         Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
2223         operator+ is suboptimal
2224
2225         Reviewed by Darin Adler.
2226
2227         * wtf/text/StringConcatenate.h:
2228         (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
2229         many WTF::Strings get copied while evaluating an operator+ expression.
2230
2231         * wtf/text/StringOperators.h:
2232         (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
2233         side, since operator+ is left-associative. Having the StringAppend on the right-hand side
2234         was causing us to make intermediate WTF::Strings when evaluating expressions that contained
2235         multiple calls to operator+. Added some more overloads for that take a left-hand side of
2236         const char* to resolve overload ambiguity for certain expressions. Added overloads that take
2237         a left-hand side of const UChar* (matching the const char* overloads) so that wide string
2238         literals don't first have to be converted to a WTF::String in operator+ expressions.
2239
2240 2011-07-12  Adam Roben  <aroben@apple.com>
2241
2242         Unreviewed, rolling out r90811.
2243         http://trac.webkit.org/changeset/90811
2244         https://bugs.webkit.org/show_bug.cgi?id=61025
2245
2246         Several svg tests failing assertions beneath
2247         SVGSMILElement::findInstanceTime
2248
2249         * wtf/StdLibExtras.h:
2250         (WTF::binarySearch):
2251
2252 2011-07-12  Oliver Varga  <Varga.Oliver@stud.u-szeged.hu>
2253
2254         Reviewed by Nikolas Zimmermann.
2255
2256         Speed up SVGSMILElement::findInstanceTime.
2257         https://bugs.webkit.org/show_bug.cgi?id=61025
2258
2259         Add a new parameter to StdlibExtras.h::binarySerarch function
2260         to also handle cases when the array does not contain the key value.
2261         This is needed for an svg function.
2262
2263         * wtf/StdLibExtras.h:
2264         (WTF::binarySearch):
2265
2266 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
2267
2268         DFG speculative JIT does not guard itself against floating point speculation
2269         failures on non-floating-point constants.
2270         https://bugs.webkit.org/show_bug.cgi?id=64330
2271
2272         Reviewed by Gavin Barraclough.
2273         
2274         Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
2275         soon as it notices that it's speculating on something that is a non-numeric
2276         JSConstant.
2277
2278         * dfg/DFGSpeculativeJIT.cpp:
2279         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2280
2281 2011-07-11  Filip Pizlo  <fpizlo@apple.com>
2282
2283         DFG Speculative JIT does not always insert speculation checks when speculating
2284         arrays.
2285         https://bugs.webkit.org/show_bug.cgi?id=64254
2286
2287         Reviewed by Gavin Barraclough.
2288         
2289         Changed the SetLocal instruction to always validate that the value being stored
2290         into the local variable is an array, if that variable was marked PredictArray.
2291         This is necessary since uses of arrays assume that if a PredictArray value is
2292         in a local variable then the speculation check validating that the value is an
2293         array was already performed.
2294
2295         * dfg/DFGSpeculativeJIT.cpp:
2296         (JSC::DFG::SpeculativeJIT::compile):
2297
2298 2011-07-11  Gabor Loki  <loki@webkit.org>
2299
2300         Fix the condition of the optimized code in doubleTransfer
2301         https://bugs.webkit.org/show_bug.cgi?id=64261
2302
2303         Reviewed by Zoltan Herczeg.
2304
2305         The condition of the optimized code in doubleTransfer is wrong. The
2306         data transfer should be executed with four bytes aligned address.
2307         VFP cannot perform unaligned memory access.
2308
2309         Reported by Jacob Bramley.
2310
2311         * assembler/ARMAssembler.cpp:
2312         (JSC::ARMAssembler::doubleTransfer):
2313
2314 2011-07-11  Gabor Loki  <loki@webkit.org>
2315
2316         Signed arithmetic bug in dataTransfer32.
2317         https://bugs.webkit.org/show_bug.cgi?id=64257
2318
2319         Reviewed by Zoltan Herczeg.
2320
2321         An arithmetic bug is fixed. If the offset of dataTransfer is half of the
2322         addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
2323         a load instruction is emitted with a wrong zero offset.
2324
2325         Inspired by Jacob Bramley's patch from JaegerMonkey.
2326
2327         * assembler/ARMAssembler.cpp:
2328         (JSC::ARMAssembler::dataTransfer32):
2329
2330 2011-07-09  Thouraya Andolsi  <thouraya.andolsi@st.com>
2331
2332         Fix unaligned userspace access for SH4 platforms. 
2333         https://bugs.webkit.org/show_bug.cgi?id=62993
2334
2335         * wtf/Platform.h:
2336
2337 2011-07-09  Chao-ying Fu  <fu@mips.com>
2338
2339         Fix MIPS build due to readInt32 and readPointer
2340         https://bugs.webkit.org/show_bug.cgi?id=63962
2341
2342         * assembler/MIPSAssembler.h:
2343         (JSC::MIPSAssembler::readInt32):
2344         (JSC::MIPSAssembler::readPointer):
2345         * assembler/MacroAssemblerMIPS.h:
2346         (JSC::MacroAssemblerMIPS::rshift32):
2347
2348 2011-07-08  Gavin Barraclough  <barraclough@apple.com>
2349
2350         https://bugs.webkit.org/show_bug.cgi?id=64181
2351         REGRESSION (r90602): Gmail doesn't load
2352
2353         Rolling out r90601, r90602.
2354
2355         * dfg/DFGAliasTracker.h:
2356         * dfg/DFGByteCodeParser.cpp:
2357         (JSC::DFG::ByteCodeParser::addVarArgChild):
2358         (JSC::DFG::ByteCodeParser::parseBlock):
2359         * dfg/DFGJITCodeGenerator.cpp:
2360         (JSC::DFG::JITCodeGenerator::emitCall):
2361         * dfg/DFGNode.h:
2362         * dfg/DFGNonSpeculativeJIT.cpp:
2363         (JSC::DFG::NonSpeculativeJIT::compile):
2364         * dfg/DFGOperations.cpp:
2365         * dfg/DFGOperations.h:
2366         * dfg/DFGRepatch.cpp:
2367         (JSC::DFG::tryCacheGetByID):
2368         (JSC::DFG::dfgLinkCall):
2369         * dfg/DFGRepatch.h:
2370         * dfg/DFGSpeculativeJIT.cpp:
2371         (JSC::DFG::SpeculativeJIT::compile):
2372         * runtime/JSObject.h:
2373         (JSC::JSObject::isUsingInlineStorage):
2374
2375 2011-07-08  Kalev Lember  <kalev@smartlink.ee>
2376
2377         Reviewed by Adam Roben.
2378
2379         Add missing _WIN32_WINNT and WINVER definitions
2380         https://bugs.webkit.org/show_bug.cgi?id=59702
2381
2382         Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
2383         available for all source files.
2384
2385         In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
2386         DeleteTimerQueueTimer which are both guarded by
2387         #if (_WIN32_WINNT >= 0x0500)
2388         in MinGW headers.
2389
2390         * config.h:
2391         * wtf/Assertions.cpp:
2392
2393 2011-07-08  Chang Shu  <cshu@webkit.org>
2394
2395         Rename "makeSecure" to "fill" and remove the support for displaying last character
2396         to avoid layering violatation.
2397         https://bugs.webkit.org/show_bug.cgi?id=59114
2398
2399         Reviewed by Alexey Proskuryakov.
2400
2401         * JavaScriptCore.exp:
2402         * JavaScriptCore.order:
2403         * wtf/text/StringImpl.cpp:
2404         (WTF::StringImpl::fill):
2405         * wtf/text/StringImpl.h:
2406         * wtf/text/WTFString.h:
2407         (WTF::String::fill):
2408
2409 2011-07-08  Benjamin Poulain  <benjamin@webkit.org>
2410
2411         [WK2] Do not forward touch events to the web process when it does not need them
2412         https://bugs.webkit.org/show_bug.cgi?id=64164
2413
2414         Reviewed by Kenneth Rohde Christiansen.
2415
2416         Add a convenience function to obtain a reference to the last element of a Deque.
2417
2418         * wtf/Deque.h:
2419         (WTF::Deque::last):
2420
2421 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2422
2423         DFG JIT does not implement op_construct.
2424         https://bugs.webkit.org/show_bug.cgi?id=64066
2425
2426         Reviewed by Gavin Barraclough.
2427
2428         * dfg/DFGAliasTracker.h:
2429         (JSC::DFG::AliasTracker::recordConstruct):
2430         * dfg/DFGByteCodeParser.cpp:
2431         (JSC::DFG::ByteCodeParser::addCall):
2432         (JSC::DFG::ByteCodeParser::parseBlock):
2433         * dfg/DFGJITCodeGenerator.cpp:
2434         (JSC::DFG::JITCodeGenerator::emitCall):
2435         * dfg/DFGNode.h:
2436         * dfg/DFGNonSpeculativeJIT.cpp:
2437         (JSC::DFG::NonSpeculativeJIT::compile):
2438         * dfg/DFGOperations.cpp:
2439         * dfg/DFGOperations.h:
2440         * dfg/DFGRepatch.cpp:
2441         (JSC::DFG::dfgLinkFor):
2442         * dfg/DFGRepatch.h:
2443         * dfg/DFGSpeculativeJIT.cpp:
2444         (JSC::DFG::SpeculativeJIT::compile):
2445
2446 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2447
2448         DFG JIT does not implement get_by_id prototype caching.
2449         https://bugs.webkit.org/show_bug.cgi?id=64077
2450
2451         Reviewed by Gavin Barraclough.
2452
2453         * dfg/DFGRepatch.cpp:
2454         (JSC::DFG::emitRestoreScratch):
2455         (JSC::DFG::linkRestoreScratch):
2456         (JSC::DFG::tryCacheGetByID):
2457         * runtime/JSObject.h:
2458         (JSC::JSObject::addressOfPropertyAtOffset):
2459
2460 2011-07-07  Filip Pizlo  <fpizlo@apple.com>
2461
2462         DFG JIT method_check implementation does not link to optimized get_by_id
2463         slow path.
2464         https://bugs.webkit.org/show_bug.cgi?id=64073
2465
2466         Reviewed by Gavin Barraclough.
2467
2468         * dfg/DFGRepatch.cpp:
2469         (JSC::DFG::dfgRepatchGetMethodFast):
2470
2471 2011-07-07  Oliver Hunt  <oliver@apple.com>
2472
2473         Encode jump and link sizes into the appropriate enums
2474         https://bugs.webkit.org/show_bug.cgi?id=64123
2475
2476         Reviewed by Sam Weinig.
2477
2478         Finally kill off the out of line jump and link size arrays, 
2479         so we can avoid icky loads and constant fold the linking arithmetic.
2480
2481         * assembler/ARMv7Assembler.cpp:
2482         * assembler/ARMv7Assembler.h:
2483         (JSC::ARMv7Assembler::jumpSizeDelta):
2484         (JSC::ARMv7Assembler::computeJumpType):
2485
2486 2011-07-06  Juan C. Montemayor  <jmont@apple.com>
2487
2488         ASSERT_NOT_REACHED running test 262
2489         https://bugs.webkit.org/show_bug.cgi?id=63951
2490         
2491         Added a case to the switch statement where the code was failing. Fixed
2492         some logic as well that gave faulty error messages.
2493
2494         Reviewed by Gavin Barraclough.
2495
2496         * parser/JSParser.cpp:
2497         (JSC::JSParser::getTokenName):
2498         (JSC::JSParser::updateErrorMessageSpecialCase):
2499         (JSC::JSParser::updateErrorMessage):
2500
2501 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2502
2503         DFG JIT implementation of op_call results in regressions on sunspider
2504         controlflow-recursive.
2505         https://bugs.webkit.org/show_bug.cgi?id=64039
2506
2507         Reviewed by Gavin Barraclough.
2508
2509         * dfg/DFGByteCodeParser.cpp:
2510         (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
2511         (JSC::DFG::ByteCodeParser::parseBlock):
2512         * dfg/DFGSpeculativeJIT.h:
2513         (JSC::DFG::SpeculativeJIT::isInteger):
2514
2515 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2516
2517         DFG JIT does not support method_check
2518         https://bugs.webkit.org/show_bug.cgi?id=63972
2519
2520         Reviewed by Gavin Barraclough.
2521
2522         * assembler/CodeLocation.h:
2523         (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
2524         * bytecode/CodeBlock.cpp:
2525         (JSC::CodeBlock::visitAggregate):
2526         * bytecode/CodeBlock.h:
2527         (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
2528         (JSC::MethodCallLinkInfo::seenOnce):
2529         (JSC::MethodCallLinkInfo::setSeen):
2530         * dfg/DFGAliasTracker.h:
2531         (JSC::DFG::AliasTracker::recordGetMethod):
2532         * dfg/DFGByteCodeParser.cpp:
2533         (JSC::DFG::ByteCodeParser::parseBlock):
2534         * dfg/DFGJITCodeGenerator.cpp:
2535         (JSC::DFG::JITCodeGenerator::cachedGetById):
2536         (JSC::DFG::JITCodeGenerator::cachedGetMethod):
2537         * dfg/DFGJITCodeGenerator.h:
2538         * dfg/DFGJITCompiler.cpp:
2539         (JSC::DFG::JITCompiler::compileFunction):
2540         * dfg/DFGJITCompiler.h:
2541         (JSC::DFG::JITCompiler::addMethodGet):
2542         (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
2543         * dfg/DFGNode.h:
2544         (JSC::DFG::Node::hasIdentifier):
2545         * dfg/DFGNonSpeculativeJIT.cpp:
2546         (JSC::DFG::NonSpeculativeJIT::compile):
2547         * dfg/DFGOperations.cpp:
2548         * dfg/DFGOperations.h:
2549         * dfg/DFGRepatch.cpp:
2550         (JSC::DFG::dfgRepatchGetMethodFast):
2551         (JSC::DFG::tryCacheGetMethod):
2552         (JSC::DFG::dfgRepatchGetMethod):
2553         * dfg/DFGRepatch.h:
2554         * dfg/DFGSpeculativeJIT.cpp:
2555         (JSC::DFG::SpeculativeJIT::compile):
2556         * jit/JITWriteBarrier.h:
2557         (JSC::JITWriteBarrier::set):
2558
2559 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2560
2561         DFG JIT op_call implementation will flush registers even when those registers are dead
2562         https://bugs.webkit.org/show_bug.cgi?id=64023
2563
2564         Reviewed by Gavin Barraclough.
2565
2566         * dfg/DFGJITCodeGenerator.cpp:
2567         (JSC::DFG::JITCodeGenerator::emitCall):
2568         * dfg/DFGJITCodeGenerator.h:
2569         (JSC::DFG::JITCodeGenerator::integerResult):
2570         (JSC::DFG::JITCodeGenerator::noResult):
2571         (JSC::DFG::JITCodeGenerator::cellResult):
2572         (JSC::DFG::JITCodeGenerator::jsValueResult):
2573         (JSC::DFG::JITCodeGenerator::doubleResult):
2574         * dfg/DFGNonSpeculativeJIT.cpp:
2575         (JSC::DFG::NonSpeculativeJIT::compile):
2576         * dfg/DFGSpeculativeJIT.cpp:
2577         (JSC::DFG::SpeculativeJIT::compile):
2578
2579 2011-07-06  Filip Pizlo  <fpizlo@apple.com>
2580
2581         DFG speculative JIT may crash when speculating int on a non-int JSConstant.
2582         https://bugs.webkit.org/show_bug.cgi?id=64017
2583
2584         Reviewed by Gavin Barraclough.
2585
2586         * dfg/DFGSpeculativeJIT.cpp:
2587         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2588         (JSC::DFG::SpeculativeJIT::compile):
2589
2590 2011-07-06  Dmitriy Vyukov  <dvyukov@google.com>
2591
2592         Reviewed by David Levin.
2593
2594         Allow substitution of dynamic annotations and prevent identical code folding by the linker.
2595         https://bugs.webkit.org/show_bug.cgi?id=62443
2596
2597         * wtf/DynamicAnnotations.cpp:
2598         (WTFAnnotateBenignRaceSized):
2599         (WTFAnnotateHappensBefore):
2600         (WTFAnnotateHappensAfter):
2601
2602 2011-07-06  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
2603
2604         Calls on 32 bit machines are failed after r90423
2605         https://bugs.webkit.org/show_bug.cgi?id=63980
2606
2607         Reviewed by Gavin Barraclough.
2608
2609         Copy the necessary lines from JITCall.cpp.
2610
2611         * jit/JITCall32_64.cpp:
2612         (JSC::JIT::compileOpCall):
2613
2614 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
2615
2616         DFG JIT virtual call implementation is inefficient.
2617         https://bugs.webkit.org/show_bug.cgi?id=63974
2618
2619         Reviewed by Gavin Barraclough.
2620
2621         * dfg/DFGOperations.cpp:
2622         * runtime/Executable.h:
2623         (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
2624         (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
2625         (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
2626         (JSC::ExecutableBase::hasJITCodeForCall):
2627         (JSC::ExecutableBase::hasJITCodeForConstruct):
2628         (JSC::ExecutableBase::hasJITCodeFor):
2629         * runtime/JSFunction.h:
2630         (JSC::JSFunction::scopeUnchecked):
2631
2632 2011-07-05  Oliver Hunt  <oliver@apple.com>
2633
2634         Force inlining of simple functions that show up as not being inlined
2635         https://bugs.webkit.org/show_bug.cgi?id=63964
2636
2637         Reviewed by Gavin Barraclough.
2638
2639         Looking at profile data indicates the gcc is failing to inline a
2640         number of trivial functions.  This patch hits the ones that show
2641         up in profiles with the ALWAYS_INLINE hammer.
2642
2643         We also replace the memcpy() call in linking with a manual loop.
2644         Apparently memcpy() is almost never faster than an inlined loop.
2645
2646         * assembler/ARMv7Assembler.h:
2647         (JSC::ARMv7Assembler::add):
2648         (JSC::ARMv7Assembler::add_S):
2649         (JSC::ARMv7Assembler::ARM_and):
2650         (JSC::ARMv7Assembler::asr):
2651         (JSC::ARMv7Assembler::b):
2652         (JSC::ARMv7Assembler::blx):
2653         (JSC::ARMv7Assembler::bx):
2654         (JSC::ARMv7Assembler::clz):
2655         (JSC::ARMv7Assembler::cmn):
2656         (JSC::ARMv7Assembler::cmp):
2657         (JSC::ARMv7Assembler::eor):
2658         (JSC::ARMv7Assembler::it):
2659         (JSC::ARMv7Assembler::ldr):
2660         (JSC::ARMv7Assembler::ldrCompact):
2661         (JSC::ARMv7Assembler::ldrh):
2662         (JSC::ARMv7Assembler::ldrb):
2663         (JSC::ARMv7Assembler::lsl):
2664         (JSC::ARMv7Assembler::lsr):
2665         (JSC::ARMv7Assembler::movT3):
2666         (JSC::ARMv7Assembler::mov):
2667         (JSC::ARMv7Assembler::movt):
2668         (JSC::ARMv7Assembler::mvn):
2669         (JSC::ARMv7Assembler::neg):
2670         (JSC::ARMv7Assembler::orr):
2671         (JSC::ARMv7Assembler::orr_S):
2672         (JSC::ARMv7Assembler::ror):
2673         (JSC::ARMv7Assembler::smull):
2674         (JSC::ARMv7Assembler::str):
2675         (JSC::ARMv7Assembler::sub):
2676         (JSC::ARMv7Assembler::sub_S):
2677         (JSC::ARMv7Assembler::tst):
2678         (JSC::ARMv7Assembler::linkRecordSourceComparator):
2679         (JSC::ARMv7Assembler::link):
2680         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
2681         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
2682         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
2683         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
2684         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
2685         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
2686         (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
2687         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
2688         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
2689         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
2690         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
2691         (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
2692         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
2693         (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
2694         * assembler/LinkBuffer.h:
2695         (JSC::LinkBuffer::linkCode):
2696         * assembler/MacroAssemblerARMv7.h:
2697         (JSC::MacroAssemblerARMv7::nearCall):
2698         (JSC::MacroAssemblerARMv7::call):
2699         (JSC::MacroAssemblerARMv7::ret):
2700         (JSC::MacroAssemblerARMv7::moveWithPatch):
2701         (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
2702         (JSC::MacroAssemblerARMv7::storePtrWithPatch):
2703         (JSC::MacroAssemblerARMv7::tailRecursiveCall):
2704         (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
2705         (JSC::MacroAssemblerARMv7::jump):
2706         (JSC::MacroAssemblerARMv7::makeBranch):
2707
2708 2011-07-05  Zoltan Herczeg  <zherczeg@inf.u-szeged.hu>
2709
2710         Make "Add optimised paths for a few maths functions" work on Qt
2711         https://bugs.webkit.org/show_bug.cgi?id=63893
2712
2713         Reviewed by Oliver Hunt.
2714
2715         Move the generated code to the .text section instead of .data section.
2716         Fix alignment for the 32 bit thunk code.
2717
2718         * jit/ThunkGenerators.cpp:
2719
2720 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
2721
2722         DFG JIT does not implement op_call.
2723         https://bugs.webkit.org/show_bug.cgi?id=63858
2724
2725         Reviewed by Gavin Barraclough.
2726
2727         * bytecode/CodeBlock.cpp:
2728         (JSC::CodeBlock::unlinkCalls):
2729         * bytecode/CodeBlock.h:
2730         (JSC::CodeBlock::setNumberOfCallLinkInfos):
2731         (JSC::CodeBlock::numberOfCallLinkInfos):
2732         * bytecompiler/BytecodeGenerator.cpp:
2733         (JSC::BytecodeGenerator::emitCall):
2734         (JSC::BytecodeGenerator::emitConstruct):
2735         * dfg/DFGAliasTracker.h:
2736         (JSC::DFG::AliasTracker::lookupGetByVal):
2737         (JSC::DFG::AliasTracker::recordCall):
2738         (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
2739         * dfg/DFGByteCodeParser.cpp:
2740         (JSC::DFG::ByteCodeParser::ByteCodeParser):
2741         (JSC::DFG::ByteCodeParser::getLocal):
2742         (JSC::DFG::ByteCodeParser::getArgument):
2743         (JSC::DFG::ByteCodeParser::toInt32):
2744         (JSC::DFG::ByteCodeParser::addToGraph):
2745         (JSC::DFG::ByteCodeParser::addVarArgChild):
2746         (JSC::DFG::ByteCodeParser::predictInt32):
2747         (JSC::DFG::ByteCodeParser::parseBlock):
2748         (JSC::DFG::ByteCodeParser::processPhiStack):
2749         (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
2750         * dfg/DFGGraph.cpp:
2751         (JSC::DFG::Graph::opName):
2752         (JSC::DFG::Graph::dump):
2753         (JSC::DFG::Graph::refChildren):
2754         * dfg/DFGGraph.h:
2755         * dfg/DFGJITCodeGenerator.cpp:
2756         (JSC::DFG::JITCodeGenerator::useChildren):
2757         (JSC::DFG::JITCodeGenerator::emitCall):
2758         * dfg/DFGJITCodeGenerator.h:
2759         (JSC::DFG::JITCodeGenerator::addressOfCallData):
2760         * dfg/DFGJITCompiler.cpp:
2761         (JSC::DFG::JITCompiler::compileFunction):
2762         * dfg/DFGJITCompiler.h:
2763         (JSC::DFG::CallRecord::CallRecord):
2764         (JSC::DFG::JITCompiler::notifyCall):
2765         (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
2766         (JSC::DFG::JITCompiler::addJSCall):
2767         (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
2768         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
2769         * dfg/DFGNode.h:
2770         (JSC::DFG::Node::Node):
2771         (JSC::DFG::Node::child1):
2772         (JSC::DFG::Node::child2):
2773         (JSC::DFG::Node::child3):
2774         (JSC::DFG::Node::firstChild):
2775         (JSC::DFG::Node::numChildren):
2776         * dfg/DFGNonSpeculativeJIT.cpp:
2777         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
2778         (JSC::DFG::NonSpeculativeJIT::compare):
2779         (JSC::DFG::NonSpeculativeJIT::compile):
2780         * dfg/DFGOperations.cpp:
2781         * dfg/DFGOperations.h:
2782         * dfg/DFGRepatch.cpp:
2783         (JSC::DFG::dfgLinkCall):
2784         * dfg/DFGRepatch.h:
2785         * dfg/DFGSpeculativeJIT.cpp:
2786         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2787         (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
2788         (JSC::DFG::SpeculativeJIT::compile):
2789         * dfg/DFGSpeculativeJIT.h:
2790         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2791         * interpreter/CallFrame.h:
2792         (JSC::ExecState::calleeAsValue):
2793         * jit/JIT.cpp:
2794         (JSC::JIT::JIT):
2795         (JSC::JIT::privateCompileMainPass):
2796         (JSC::JIT::privateCompileSlowCases):
2797         (JSC::JIT::privateCompile):
2798         (JSC::JIT::linkCall):
2799         (JSC::JIT::linkConstruct):
2800         * jit/JITCall.cpp:
2801         (JSC::JIT::compileOpCall):
2802         * jit/JITCode.h:
2803         (JSC::JITCode::JITCode):
2804         (JSC::JITCode::jitType):
2805         (JSC::JITCode::HostFunction):
2806         * runtime/JSFunction.h:
2807         * runtime/JSGlobalData.h:
2808
2809 2011-07-05  Oliver Hunt  <oliver@apple.com>
2810
2811         Initialize new MarkStack member
2812
2813         * heap/MarkStack.h:
2814         (JSC::MarkStack::MarkStack):
2815
2816 2011-07-05  Oliver Hunt  <oliver@apple.com>
2817
2818         Don't throw out compiled code repeatedly
2819         https://bugs.webkit.org/show_bug.cgi?id=63960
2820
2821         Reviewed by Gavin Barraclough.
2822
2823         Stop throwing away all compiled code every time
2824         we're told to do a full GC.  Instead unlink all
2825         callsites during such GC passes to maximise the
2826         number of collectable functions, but otherwise
2827         leave compiled functions alone.
2828
2829         * API/JSBase.cpp:
2830         (JSGarbageCollect):
2831         * bytecode/CodeBlock.cpp:
2832         (JSC::CodeBlock::visitAggregate):
2833         * heap/Heap.cpp:
2834         (JSC::Heap::collectAllGarbage):
2835         * heap/MarkStack.h:
2836         (JSC::MarkStack::shouldUnlinkCalls):
2837         (JSC::MarkStack::setShouldUnlinkCalls):
2838         * runtime/JSGlobalData.cpp:
2839         (JSC::JSGlobalData::recompileAllJSFunctions):
2840         (JSC::JSGlobalData::releaseExecutableMemory):
2841         * runtime/RegExp.cpp:
2842         (JSC::RegExp::compile):
2843         (JSC::RegExp::invalidateCode):
2844         * runtime/RegExp.h:
2845
2846 2011-07-05  Filip Pizlo  <fpizlo@apple.com>
2847
2848         JSC JIT has code duplication for the handling of call and construct
2849         https://bugs.webkit.org/show_bug.cgi?id=63957
2850
2851         Reviewed by Gavin Barraclough.
2852
2853         * jit/JIT.cpp:
2854         (JSC::JIT::linkFor):
2855         * jit/JIT.h:
2856         * jit/JITStubs.cpp:
2857         (JSC::jitCompileFor):
2858         (JSC::DEFINE_STUB_FUNCTION):
2859         (JSC::arityCheckFor):
2860         (JSC::lazyLinkFor):
2861         * runtime/Executable.h:
2862         (JSC::ExecutableBase::generatedJITCodeFor):
2863         (JSC::FunctionExecutable::compileFor):
2864         (JSC::FunctionExecutable::isGeneratedFor):
2865         (JSC::FunctionExecutable::generatedBytecodeFor):
2866         (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
2867
2868 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
2869
2870         Build fix following last patch.
2871
2872         * runtime/JSFunction.cpp:
2873         (JSC::createPrototypeProperty):
2874
2875 2011-07-05  Gavin Barraclough  <barraclough@apple.com>
2876
2877         https://bugs.webkit.org/show_bug.cgi?id=63947
2878         ASSERT running Object.preventExtensions(Math.sin)
2879
2880         Reviewed by Oliver Hunt.
2881
2882         This is due to calling scope() on a hostFunction as a part of
2883         calling createPrototypeProperty to reify the prototype property.
2884         But host functions don't have a prototype property anyway!
2885
2886         Prevent callling createPrototypeProperty on a host function.
2887
2888         * runtime/JSFunction.cpp:
2889         (JSC::JSFunction::createPrototypeProperty):
2890         (JSC::JSFunction::preventExtensions):
2891
2892 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
2893
2894         https://bugs.webkit.org/show_bug.cgi?id=63880
2895         Evaluation order of conversions of operands to >, >= incorrect.
2896
2897         Reviewed by Sam Weinig.
2898
2899         Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
2900         spec. This allows these methods to be reused to perform >, >= relational compares
2901         with correct ordering of type conversions.
2902
2903         * dfg/DFGOperations.cpp:
2904         * interpreter/Interpreter.cpp:
2905         (JSC::Interpreter::privateExecute):
2906         * jit/JITStubs.cpp:
2907         (JSC::DEFINE_STUB_FUNCTION):
2908         * runtime/Operations.h:
2909         (JSC::jsLess):
2910         (JSC::jsLessEq):
2911
2912 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
2913
2914         Reviewed by Sam Weinig.
2915
2916         https://bugs.webkit.org/show_bug.cgi?id=16652
2917         Firefox and JavaScriptCore differ in Number.toString(integer)
2918
2919         Our arbitrary radix (2..36) toString conversion is inaccurate.
2920         This is partly because it uses doubles to perform math that requires
2921         higher accuracy, and partly becasue it does not attempt to correctly
2922         detect where to terminate, instead relying on a simple 'epsilon'.
2923
2924         * runtime/NumberPrototype.cpp:
2925         (JSC::decomposeDouble):
2926             - helper function to extract sign, exponent, mantissa from IEEE doubles.
2927         (JSC::Uint16WithFraction::Uint16WithFraction):
2928             - helper class, u16int with infinite precision fraction, used to convert
2929               the fractional part of the number to a string.
2930         (JSC::Uint16WithFraction::operator*=):
2931             - Multiply by a uint16.
2932         (JSC::Uint16WithFraction::operator<):
2933             - Compare two Uint16WithFractions.
2934         (JSC::Uint16WithFraction::floorAndSubtract):
2935             - Extract the integer portion of the number, and subtract it (clears the integer portion).
2936         (JSC::Uint16WithFraction::comparePoint5):
2937             - Compare to 0.5.
2938         (JSC::Uint16WithFraction::sumGreaterThanOne):
2939             - Passed a second Uint16WithFraction, returns true if the result of adding
2940               the two values would be greater than one.
2941         (JSC::Uint16WithFraction::isNormalized):
2942             - Used by ASSERTs to consistency check internal representation.
2943         (JSC::BigInteger::BigInteger):
2944             - helper class, unbounded integer value, used to convert the integer part
2945               of the number to a string.
2946         (JSC::BigInteger::divide):
2947             - Divide this value through by a uint32.
2948         (JSC::BigInteger::operator!):
2949             - test for zero.
2950         (JSC::toStringWithRadix):
2951             - Performs number to string conversion, with the given radix (2..36).
2952         (JSC::numberProtoFuncToString):
2953             - Changed to use toStringWithRadix.
2954
2955 2011-07-04  Gavin Barraclough  <barraclough@apple.com>
2956
2957         https://bugs.webkit.org/show_bug.cgi?id=63881
2958         Need separate bytecodes for handling >, >= comparisons.
2959
2960         Reviewed by Oliver Hunt.
2961
2962         This clears the way to fix Bug#63880. We currently handle greater-than comparisons
2963         as being using the corresponding op_less, etc opcodes.  This is incorrect with
2964         respect to evaluation ordering of the implicit conversions performed on operands -
2965         we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
2966         but instead convert RHS then LHS.
2967
2968         This patch adds opcodes for greater-than comparisons mirroring existing ones used
2969         for less-than.
2970
2971         * bytecode/CodeBlock.cpp:
2972         (JSC::CodeBlock::dump):
2973         * bytecode/Opcode.h:
2974         * bytecompiler/BytecodeGenerator.cpp:
2975         (JSC::BytecodeGenerator::emitJumpIfTrue):
2976         (JSC::BytecodeGenerator::emitJumpIfFalse):
2977         * bytecompiler/NodesCodegen.cpp:
2978         * dfg/DFGByteCodeParser.cpp:
2979         (JSC::DFG::ByteCodeParser::parseBlock):
2980         * dfg/DFGNode.h:
2981         * dfg/DFGNonSpeculativeJIT.cpp:
2982         (JSC::DFG::NonSpeculativeJIT::compare):
2983         (JSC::DFG::NonSpeculativeJIT::compile):
2984         * dfg/DFGNonSpeculativeJIT.h:
2985         * dfg/DFGOperations.cpp:
2986         * dfg/DFGOperations.h:
2987         * dfg/DFGSpeculativeJIT.cpp:
2988         (JSC::DFG::SpeculativeJIT::compare):
2989         (JSC::DFG::SpeculativeJIT::compile):
2990         * dfg/DFGSpeculativeJIT.h:
2991         * interpreter/Interpreter.cpp:
2992         (JSC::Interpreter::privateExecute):
2993         * jit/JIT.cpp:
2994         (JSC::JIT::privateCompileMainPass):
2995         (JSC::JIT::privateCompileSlowCases):
2996         * jit/JIT.h:
2997         (JSC::JIT::emit_op_loop_if_greater):
2998         (JSC::JIT::emitSlow_op_loop_if_greater):
2999         (JSC::JIT::emit_op_loop_if_greatereq):
3000         (JSC::JIT::emitSlow_op_loop_if_greatereq):
3001         * jit/JITArithmetic.cpp:
3002         (JSC::JIT::emit_op_jgreater):
3003         (JSC::JIT::emit_op_jgreatereq):
3004         (JSC::JIT::emit_op_jngreater):
3005         (JSC::JIT::emit_op_jngreatereq):
3006         (JSC::JIT::emitSlow_op_jgreater):
3007         (JSC::JIT::emitSlow_op_jgreatereq):
3008         (JSC::JIT::emitSlow_op_jngreater):
3009         (JSC::JIT::emitSlow_op_jngreatereq):
3010         (JSC::JIT::emit_compareAndJumpSlow):
3011         * jit/JITArithmetic32_64.cpp:
3012         (JSC::JIT::emitBinaryDoubleOp):
3013         * jit/JITStubs.cpp:
3014         (JSC::DEFINE_STUB_FUNCTION):
3015         * jit/JITStubs.h:
3016         * parser/NodeConstructors.h:
3017         (JSC::GreaterNode::GreaterNode):
3018         (JSC::GreaterEqNode::GreaterEqNode):
3019         * parser/Nodes.h:
3020
3021 2011-07-03  Gavin Barraclough  <barraclough@apple.com>
3022
3023         https://bugs.webkit.org/show_bug.cgi?id=63879
3024         Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
3025
3026         Reviewed by Sam Weinig.
3027         
3028         There is a lot of copy & paste code here; we can reduce duplication by making
3029         a shared implementation.
3030
3031         * assembler/MacroAssembler.h:
3032         (JSC::MacroAssembler::branch32):
3033         (JSC::MacroAssembler::commute):
3034             - Make these function platform agnostic.
3035         * assembler/MacroAssemblerX86Common.h:
3036             - Moved branch32/commute up to MacroAssembler.
3037         * jit/JIT.h:
3038         (JSC::JIT::emit_op_loop_if_lesseq):
3039         (JSC::JIT::emitSlow_op_loop_if_lesseq):
3040             - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
3041         * jit/JITArithmetic.cpp:
3042         (JSC::JIT::emit_op_jless):
3043         (JSC::JIT::emit_op_jlesseq):
3044         (JSC::JIT::emit_op_jnless):
3045         (JSC::JIT::emit_op_jnlesseq):
3046         (JSC::JIT::emitSlow_op_jless):
3047         (JSC::JIT::emitSlow_op_jlesseq):
3048         (JSC::JIT::emitSlow_op_jnless):
3049         (JSC::JIT::emitSlow_op_jnlesseq):
3050             - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
3051         (JSC::JIT::emit_compareAndJump):
3052         (JSC::JIT::emit_compareAndJumpSlow):
3053             - Internal implmementation of jless etc for JSVALUE64.
3054         * jit/JITArithmetic32_64.cpp:
3055         (JSC::JIT::emit_compareAndJump):
3056         (JSC::JIT::emit_compareAndJumpSlow):
3057             - Internal implmementation of jless etc for JSVALUE32_64.
3058         * jit/JITOpcodes.cpp:
3059         * jit/JITOpcodes32_64.cpp:
3060         * jit/JITStubs.cpp:
3061         * jit/JITStubs.h:
3062             - Remove old implementation of emit_op_loop_if_lesseq.
3063
3064 2011-07-03  Sheriff Bot  <webkit.review.bot@gmail.com>
3065
3066         Unreviewed, rolling out r90347.
3067         http://trac.webkit.org/changeset/90347
3068         https://bugs.webkit.org/show_bug.cgi?id=63886
3069
3070         Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
3071         (Requested by tkent on #webkit).
3072
3073         * JavaScriptCore.xcodeproj/project.pbxproj:
3074         * runtime/BigInteger.h: Removed.
3075         * runtime/NumberPrototype.cpp:
3076         (JSC::numberProtoFuncToPrecision):
3077         (JSC::numberProtoFuncToString):
3078         * runtime/Uint16WithFraction.h: Removed.
3079         * wtf/MathExtras.h:
3080
3081 2011-06-30  Gavin Barraclough  <barraclough@apple.com>
3082
3083         Reviewed by Sam Weinig.
3084
3085         https://bugs.webkit.org/show_bug.cgi?id=16652
3086         Firefox and JavaScriptCore differ in Number.toString(integer)
3087
3088         Our arbitrary radix (2..36) toString conversion is inaccurate.
3089         This is partly because it uses doubles to perform math that requires
3090         higher accuracy, and partly becasue it does not attempt to correctly
3091         detect where to terminate, instead relying on a simple 'epsilon'.
3092
3093         * runtime/NumberPrototype.cpp:
3094         (JSC::decomposeDouble):
3095             - helper function to extract sign, exponent, mantissa from IEEE doubles.
3096         (JSC::Uint16WithFraction::Uint16WithFraction):
3097             - helper class, u16int with infinite precision fraction, used to convert
3098               the fractional part of the number to a string.
3099         (JSC::Uint16WithFraction::operator*=):
3100             - Multiply by a uint16.
3101         (JSC::Uint16WithFraction::operator<):
3102             - Compare two Uint16WithFractions.
3103         (JSC::Uint16WithFraction::floorAndSubtract):
3104             - Extract the integer portion of the number, and subtract it (clears the integer portion).
3105         (JSC::Uint16WithFraction::comparePoint5):
3106             - Compare to 0.5.
3107         (JSC::Uint16WithFraction::sumGreaterThanOne):
3108             - Passed a second Uint16WithFraction, returns true if the result of adding
3109               the two values would be greater than one.
3110         (JSC::Uint16WithFraction::isNormalized):
3111             - Used by ASSERTs to consistency check internal representation.
3112         (JSC::BigInteger::BigInteger):
3113             - helper class, unbounded integer value, used to convert the integer part
3114               of the number to a string.
3115         (JSC::BigInteger::divide):
3116             - Divide this value through by a uint32.
3117         (JSC::BigInteger::operator!):
3118             - test for zero.
3119         (JSC::toStringWithRadix):
3120             - Performs number to string conversion, with the given radix (2..36).
3121         (JSC::numberProtoFuncToString):
3122             - Changed to use toStringWithRadix.
3123
3124 2011-07-02  Gavin Barraclough  <barraclough@apple.com>
3125
3126         https://bugs.webkit.org/show_bug.cgi?id=63866
3127         DFG JIT - implement instanceof
3128
3129         Reviewed by Sam Weinig.
3130
3131         Add ops CheckHasInstance & InstanceOf to implement bytecodes
3132         op_check_has_instance & op_instanceof. This is an initial
3133         functional implementation, performance is a wash. We can
3134         follow up with changes to fuse the InstanceOf node with
3135         a subsequant branch, as we do with other comparisons.
3136
3137         * dfg/DFGByteCodeParser.cpp:
3138         (JSC::DFG::ByteCodeParser::parseBlock):
3139         * dfg/DFGJITCompiler.cpp:
3140         (JSC::DFG::JITCompiler::jitAssertIsCell):
3141         * dfg/DFGJITCompiler.h:
3142         (JSC::DFG::JITCompiler::jitAssertIsCell):
3143         * dfg/DFGNode.h:
3144         * dfg/DFGNonSpeculativeJIT.cpp:
3145         (JSC::DFG::NonSpeculativeJIT::compile):
3146         * dfg/DFGOperations.cpp:
3147         * dfg/DFGOperations.h:
3148         * dfg/DFGSpeculativeJIT.cpp:
3149         (JSC::DFG::SpeculativeJIT::compile):
3150
3151 2011-07-01  Oliver Hunt  <oliver@apple.com>
3152
3153         IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
3154         https://bugs.webkit.org/show_bug.cgi?id=63732
3155
3156         Reviewed by Gavin Barraclough.
3157
3158         Initialise the memory at the head of the new storage so that
3159         GC is safe if triggered by reportExtraMemoryCost.
3160
3161         * runtime/JSArray.cpp:
3162         (JSC::JSArray::increaseVectorPrefixLength):
3163
3164 2011-07-01  Oliver Hunt  <oliver@apple.com>
3165
3166         GC sweep can occur before an object is completely initialised
3167         https://bugs.webkit.org/show_bug.cgi?id=63836
3168
3169         Reviewed by Gavin Barraclough.
3170
3171         In rare cases it's possible for a GC sweep to occur while a
3172         live, but not completely initialised object is on the stack.
3173         In such a case we may incorrectly choose to mark it, even
3174         though it has no children that need marking.
3175
3176         We resolve this by always zeroing out the structure of any
3177         value returned from JSCell::operator new(), and making the
3178         markstack tolerant of a null structure. 
3179
3180         * runtime/JSCell.h:
3181         (JSC::JSCell::JSCell::~JSCell):
3182         (JSC::JSCell::JSCell::operator new):
3183         * runtime/Structure.h:
3184         (JSC::MarkStack::internalAppend):
3185
3186 2011-07-01  Filip Pizlo  <fpizlo@apple.com>
3187
3188         Reviewed by Gavin Barraclough.
3189
3190         DFG non-speculative JIT always performs slow C calls for div and mod.
3191         https://bugs.webkit.org/show_bug.cgi?id=63684
3192
3193         * dfg/DFGNonSpeculativeJIT.cpp:
3194         (JSC::DFG::NonSpeculativeJIT::compile):
3195
3196 2011-07-01  Juan C. Montemayor  <jmont@apple.com>
3197
3198         Reviewed by Oliver Hunt.
3199
3200         Lexer error messages are currently appalling
3201         https://bugs.webkit.org/show_bug.cgi?id=63340
3202
3203         Added error messages for the Lexer. These messages will be displayed
3204         instead of the lexer error messages from the parser that are currently
3205         shown.
3206
3207         * parser/Lexer.cpp:
3208         (JSC::Lexer::getInvalidCharMessage):
3209         (JSC::Lexer::setCode):
3210         (JSC::Lexer::parseString):
3211         (JSC::Lexer::lex):
3212         (JSC::Lexer::clear):
3213         * parser/Lexer.h:
3214         (JSC::Lexer::getErrorMessage):
3215         (JSC::Lexer::setOffset):
3216         * parser/Parser.cpp:
3217         (JSC::Parser::parse):
3218
3219 2011-07-01  Jungshik Shin  <jshin@chromium.org>
3220
3221         Reviewed by Alexey Proskuryakov.
3222
3223         Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
3224         build files for ports not using ICU.
3225         Add icu/unicode/uscript.h for ports using ICU. It's taken from 
3226         ICU 3.6 (the version used on Mac OS 10.5)
3227
3228         http://bugs.webkit.org/show_bug.cgi?id=20797
3229
3230         * GNUmakefile.list.am:
3231         * JavaScriptCore.gypi:
3232         * icu/unicode/uscript.h: Added for UScriptCode enum.
3233         * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
3234         * wtf/unicode/icu/UnicodeIcu.h:
3235         * wtf/unicode/brew/UnicodeBrew.h:
3236         * wtf/unicode/glib/UnicodeGLib.h:
3237         * wtf/unicode/qt4/UnicodeQt4.h:
3238         * wtf/unicode/wince/UnicodeWinCE.h:
3239
3240 2011-07-01  Gavin Barraclough  <barraclough@apple.com>
3241
3242         Reviewed by Sam Weinig.
3243
3244         https://bugs.webkit.org/show_bug.cgi?id=63819
3245         Escaping of forwardslashes in strings incorrect if multiple exist.
3246
3247         The bug is in the parameters passed to a substring - should be
3248         start & length, but we're passing start & end indices!
3249
3250         * runtime/RegExpObject.cpp:
3251         (JSC::regExpObjectSource):
3252
3253 2011-07-01  Adam Roben  <aroben@apple.com>
3254
3255         Roll out r90194
3256         http://trac.webkit.org/changeset/90194
3257         https://bugs.webkit.org/show_bug.cgi?id=63778
3258
3259         Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
3260         assertions in WriteBarrierBase<JSC::Structure>::get
3261
3262         * runtime/JSCell.h:
3263         (JSC::JSCell::JSCell::~JSCell):
3264
3265 2011-06-30  Oliver Hunt  <oliver@apple.com>
3266
3267         Reviewed by Gavin Barraclough.
3268
3269         Add optimised paths for a few maths functions
3270         https://bugs.webkit.org/show_bug.cgi?id=63757
3271
3272         Relanding as a Mac only patch.
3273
3274         This adds specialised thunks for Math.abs, Math.round, Math.ceil,
3275         Math.floor, Math.log, and Math.exp as they are apparently more
3276         important in real web content than we thought, which is somewhat
3277         mind-boggling.  On average doubles the performance of the common
3278         cases (eg. actually passing numbers in).  They're not as efficient
3279         as they could be, but this way gives them the most portability.
3280
3281         * assembler/MacroAssemblerARM.h:
3282         (JSC::MacroAssemblerARM::supportsDoubleBitops):
3283         (JSC::MacroAssemblerARM::andnotDouble):
3284         * assembler/MacroAssemblerARMv7.h:
3285         (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
3286         (JSC::MacroAssemblerARMv7::andnotDouble):
3287         * assembler/MacroAssemblerMIPS.h:
3288         (JSC::MacroAssemblerMIPS::andnotDouble):
3289         (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
3290         * assembler/MacroAssemblerSH4.h:
3291         (JSC::MacroAssemblerSH4::supportsDoubleBitops):
3292         (JSC::MacroAssemblerSH4::andnotDouble):
3293         * assembler/MacroAssemblerX86.h:
3294         (JSC::MacroAssemblerX86::supportsDoubleBitops):
3295         * assembler/MacroAssemblerX86Common.h:
3296         (JSC::MacroAssemblerX86Common::andnotDouble):
3297         * assembler/MacroAssemblerX86_64.h:
3298         (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
3299         * assembler/X86Assembler.h:
3300         (JSC::X86Assembler::andnpd_rr):
3301         * create_hash_table:
3302         * jit/SpecializedThunkJIT.h:
3303         (JSC::SpecializedThunkJIT::finalize):
3304         (JSC::SpecializedThunkJIT::callDoubleToDouble):
3305         * jit/ThunkGenerators.cpp:
3306         (JSC::floorThunkGenerator):
3307         (JSC::ceilThunkGenerator):
3308         (JSC::roundThunkGenerator):
3309         (JSC::expThunkGenerator):
3310         (JSC::logThunkGenerator):
3311         (JSC::absThunkGenerator):
3312         * jit/ThunkGenerators.h:
3313
3314 2011-07-01  David Kilzer  <ddkilzer@apple.com>
3315
3316         <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
3317
3318         Fixes the following build error in clang:
3319
3320             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
3321                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
3322                      ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
3323             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
3324                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
3325                                                 ^
3326                      (                         )
3327             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
3328             fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
3329             JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
3330                  map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
3331                                         ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
3332             1 error generated.
3333
3334         * jit/JITOpcodes32_64.cpp:
3335         (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
3336         tertiary expression evaluate first.
3337
3338 2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
3339
3340         Unreviewed, rolling out r90177 and r90179.
3341         http://trac.webkit.org/changeset/90177
3342         http://trac.webkit.org/changeset/90179
3343         https://bugs.webkit.org/show_bug.cgi?id=63790
3344
3345         It caused crashes on Qt in debug mode (Requested by Ossy on
3346         #webkit).
3347
3348         * assembler/MacroAssemblerARM.h:
3349         (JSC::MacroAssemblerARM::rshift32):
3350         (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
3351         (JSC::MacroAssemblerARM::sqrtDouble):
3352         * assembler/MacroAssemblerARMv7.h:
3353         (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
3354         (JSC::MacroAssemblerARMv7::sqrtDouble):
3355         * assembler/MacroAssemblerMIPS.h:
3356         (JSC::MacroAssemblerMIPS::sqrtDouble):
3357         (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
3358         * assembler/MacroAssemblerSH4.h:
3359         (JSC::MacroAssemblerSH4::sqrtDouble):
3360         * assembler/MacroAssemblerX86.h:
3361         * assembler/MacroAssemblerX86Common.h:
3362         * assembler/MacroAssemblerX86_64.h:
3363         * assembler/X86Assembler.h:
3364         * create_hash_table:
3365         * jit/JSInterfaceJIT.h:
3366         (JSC::JSInterfaceJIT::emitLoadDouble):
3367         * jit/SpecializedThunkJIT.h:
3368         (JSC::SpecializedThunkJIT::finalize):
3369         * jit/ThunkGenerators.cpp:
3370         * jit/ThunkGenerators.h:
3371
3372 2011-06-30  Oliver Hunt  <oliver@apple.com>
3373
3374         Reviewed by Beth Dakin.
3375
3376         Make GC validation clear cell structure on destruction
3377         https://bugs.webkit.org/show_bug.cgi?id=63778
3378
3379         * runtime/JSCell.h:
3380         (JSC::JSCell::JSCell::~JSCell):
3381
3382 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
3383
3384         Reviewed by Gavin Barraclough.
3385
3386         Added write barrier that was missing from put_by_id_transition
3387         https://bugs.webkit.org/show_bug.cgi?id=63775
3388
3389         * dfg/DFGJITCodeGenerator.cpp:
3390         (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
3391         MacroAssembler& argument so our patching functions could use it.
3392
3393         (JSC::DFG::JITCodeGenerator::cachedPutById):
3394         * dfg/DFGJITCodeGenerator.h:
3395         * dfg/DFGNonSpeculativeJIT.cpp:
3396         (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
3397
3398         * dfg/DFGRepatch.cpp:
3399         (JSC::DFG::tryCachePutByID): Missing barrier!
3400
3401         * dfg/DFGSpeculativeJIT.cpp:
3402         (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
3403
3404         * jit/JITPropertyAccess.cpp:
3405         (JSC::JIT::privateCompilePutByIdTransition):
3406         * jit/JITPropertyAccess32_64.cpp:
3407         (JSC::JIT::privateCompilePutByIdTransition):
3408         * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
3409         because its meaning isn't clear -- maybe in the future we'll have a
3410         clear way to pass all stores through a common function that guarantees
3411         a write barrier, but that's not the case right now.
3412
3413 2011-06-30  Filip Pizlo  <fpizlo@apple.com>
3414
3415         Reviewed by Gavin Barraclough.
3416
3417         DFG non-speculative JIT does not reuse registers when compiling comparisons.
3418         https://bugs.webkit.org/show_bug.cgi?id=63565
3419
3420         * dfg/DFGNonSpeculativeJIT.cpp:
3421         (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
3422         (JSC::DFG::NonSpeculativeJIT::basicArithOp):
3423         (JSC::DFG::NonSpeculativeJIT::compare):
3424
3425 2011-06-30  Geoffrey Garen  <ggaren@apple.com>
3426
3427         Reviewed by Gavin Barraclough.
3428
3429         Added empty write barrier stubs in all the right places in the DFG JIT
3430         https://bugs.webkit.org/show_bug.cgi?id=63764
3431         
3432         SunSpider thinks this might be a 0.5% speedup. Meh.
3433
3434         * dfg/DFGJITCodeGenerator.cpp:
3435         (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
3436
3437         (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
3438         for the case where base == scratch, since we now require base and scratch
3439         to be not equal, for the sake of the write barrier.
3440
3441         * dfg/DFGJITCodeGenerator.h: Le stub.
3442
3443         * dfg/DFGNonSpeculativeJIT.cpp:
3444         (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
3445         as the scratch register, since that's incompatible with the write barrier,
3446         which needs a distinct base and scratch.
3447         
3448         Do put the global object into a register before loading its var storage,
3449         since it needs to be in a register for the write barrier to operate on it.
3450
3451         * dfg/DFGSpeculativeJIT.cpp:
3452         (JSC::DFG::SpeculativeJIT::compile):
3453         * jit/JITPropertyAccess.cpp:
3454         (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
3455
3456         * jit/JITPropertyAccess.cpp:
3457         (JSC::JIT::emit_op_get_scoped_var):
3458         (JSC::JIT::emit_op_put_scoped_var):
3459         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
3460         places.
3461
3462         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
3463         is a little more than meaningless.
3464
3465         * jit/JITPropertyAccess32_64.cpp:
3466         (JSC::JIT::emit_op_get_scoped_var):
3467         (JSC::JIT::emit_op_put_scoped_var):
3468         (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
3469         places.
3470
3471         (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
3472         is a little more than meaningless.
3473
3474         * runtime/JSVariableObject.h:
3475         (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
3476         we put the global object in a register and only then load its var storage
3477         by offset.
3478
3479         (JSC::JIT::emitWriteBarrier):
3480
3481 2011-06-30  Oliver Hunt  <oliver@apple.com>
3482
3483         Fix ARMv6 build
3484
3485         * assembler/MacroAssemblerARM.h:
3486         (JSC::MacroAssemblerARM::rshift32):
3487
3488 2011-06-30  Oliver Hunt  <oliver@apple.com>
3489
3490         Reviewed by Gavin Barraclough.
3491