The 'global isinf/isnan' compiler quirk required when using clang with libstdc++
[WebKit.git] / Source / JavaScriptCore / ChangeLog
1 2013-02-13  Zan Dobersek  <zdobersek@igalia.com>
2
3         The 'global isinf/isnan' compiler quirk required when using clang with libstdc++
4         https://bugs.webkit.org/show_bug.cgi?id=109325
5
6         Reviewed by Anders Carlsson.
7
8         Prefix calls to the isinf and isnan methods with std::, declaring we want to use the
9         two methods as they're provided by the C++ standard library being used.
10
11         * API/JSValueRef.cpp:
12         (JSValueMakeNumber):
13         * JSCTypedArrayStubs.h:
14         (JSC):
15         * bytecompiler/BytecodeGenerator.cpp:
16         (JSC::BytecodeGenerator::emitLoad):
17         * dfg/DFGByteCodeParser.cpp:
18         (JSC::DFG::ByteCodeParser::constantNaN):
19         * offlineasm/cloop.rb:
20         * runtime/DateConstructor.cpp:
21         (JSC::dateUTC): Also include an opportunistic style fix.
22         * runtime/DateInstance.cpp:
23         (JSC::DateInstance::calculateGregorianDateTime):
24         (JSC::DateInstance::calculateGregorianDateTimeUTC):
25         * runtime/DatePrototype.cpp:
26         (JSC::dateProtoFuncGetMilliSeconds):
27         (JSC::dateProtoFuncGetUTCMilliseconds):
28         (JSC::setNewValueFromTimeArgs):
29         (JSC::setNewValueFromDateArgs):
30         (JSC::dateProtoFuncSetYear):
31         * runtime/JSCJSValue.cpp:
32         (JSC::JSValue::toInteger):
33         * runtime/JSDateMath.cpp:
34         (JSC::getUTCOffset):
35         (JSC::parseDateFromNullTerminatedCharacters):
36         (JSC::parseDate):
37         * runtime/JSGlobalObjectFunctions.cpp:
38         (JSC::globalFuncIsNaN):
39         * runtime/MathObject.cpp:
40         (JSC::mathProtoFuncMax):
41         (JSC::mathProtoFuncMin):
42         (JSC::mathProtoFuncPow):
43         * runtime/PropertyDescriptor.cpp:
44         (JSC::sameValue):
45
46 2013-02-13  Filip Pizlo  <fpizlo@apple.com>
47
48         Change another use of (SpecCell & ~SpecString) to SpecObject.
49
50         Reviewed by Mark Hahnenberg.
51
52         * dfg/DFGAbstractState.cpp:
53         (JSC::DFG::AbstractState::execute):
54
55 2013-02-13  Filip Pizlo  <fpizlo@apple.com>
56
57         ForwardInt32ToDouble is not in DFG::MinifiedNode's list of relevant node types
58         https://bugs.webkit.org/show_bug.cgi?id=109726
59
60         Reviewed by Mark Hahnenberg.
61         
62         If you add it to the list of relevant node types, you also need to make sure
63         it's listed as either hasChild or one of the other kinds. Otherwise you get
64         an assertion. This is causing test failures in run-javascriptcore-tests.
65
66         * dfg/DFGMinifiedNode.h:
67         (JSC::DFG::MinifiedNode::hasChild):
68
69 2013-02-13  Oliver Hunt  <oliver@apple.com>
70
71         Build fix.
72
73         Rearranged the code somewhat to reduce the number of
74         DFG related ifdefs.
75
76         * bytecode/CodeBlock.cpp:
77         (JSC::CodeBlock::CodeBlock):
78
79 2013-02-13  Filip Pizlo  <fpizlo@apple.com>
80
81         ForwardInt32ToDouble is not in DFG::MinifiedNode's list of relevant node types
82         https://bugs.webkit.org/show_bug.cgi?id=109726
83
84         Reviewed by Gavin Barraclough.
85         
86         This is asymptomatic because ForwardInt32ToDouble is only used in SetLocals, in
87         which case the value is already stored to the stack.  Still, we should fix this.
88
89         * dfg/DFGMinifiedNode.h:
90         (JSC::DFG::belongsInMinifiedGraph):
91
92 2013-02-12  Filip Pizlo  <fpizlo@apple.com>
93
94         DFG LogicalNot/Branch peephole removal and inversion ignores the possibility of things exiting
95         https://bugs.webkit.org/show_bug.cgi?id=109489
96
97         Reviewed by Mark Hahnenberg.
98         
99         If things can exit between the LogicalNot and the Branch then don't peephole.
100
101         * dfg/DFGFixupPhase.cpp:
102         (JSC::DFG::FixupPhase::fixupNode):
103
104 2013-02-13  Oliver Hunt  <oliver@apple.com>
105
106         Remove unnecessary indirection to non-local variable access operations
107         https://bugs.webkit.org/show_bug.cgi?id=109724
108
109         Reviewed by Filip Pizlo.
110
111         Linked bytecode now stores a direct pointer to the resolve operation
112         vectors, so the interpreter no longer needs a bunch of indirection to
113         to perform non-local lookup.
114
115         * bytecode/CodeBlock.cpp:
116         (JSC::CodeBlock::CodeBlock):
117         * bytecode/CodeBlock.h:
118         (CodeBlock):
119         * bytecode/Instruction.h:
120         * dfg/DFGByteCodeParser.cpp:
121         (ByteCodeParser):
122         (InlineStackEntry):
123         (JSC::DFG::ByteCodeParser::parseResolveOperations):
124         (JSC::DFG::ByteCodeParser::parseBlock):
125         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
126         * dfg/DFGCapabilities.h:
127         (JSC::DFG::canInlineOpcode):
128         * dfg/DFGGraph.h:
129         (ResolveGlobalData):
130         (ResolveOperationData):
131         (PutToBaseOperationData):
132         * dfg/DFGSpeculativeJIT.h:
133         * dfg/DFGSpeculativeJIT32_64.cpp:
134         (JSC::DFG::SpeculativeJIT::compile):
135         * dfg/DFGSpeculativeJIT64.cpp:
136         (JSC::DFG::SpeculativeJIT::compile):
137         * jit/JITOpcodes.cpp:
138         (JSC::JIT::emit_op_put_to_base):
139         (JSC::JIT::emit_op_resolve):
140         (JSC::JIT::emitSlow_op_resolve):
141         (JSC::JIT::emit_op_resolve_base):
142         (JSC::JIT::emitSlow_op_resolve_base):
143         (JSC::JIT::emit_op_resolve_with_base):
144         (JSC::JIT::emitSlow_op_resolve_with_base):
145         (JSC::JIT::emit_op_resolve_with_this):
146         (JSC::JIT::emitSlow_op_resolve_with_this):
147         (JSC::JIT::emitSlow_op_put_to_base):
148         * jit/JITOpcodes32_64.cpp:
149         (JSC::JIT::emit_op_put_to_base):
150         * llint/LLIntSlowPaths.cpp:
151         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
152         * llint/LowLevelInterpreter.asm:
153
154 2013-02-13  Zoltan Herczeg  <zherczeg@webkit.org>
155
156         replaceWithJump should not decrease the offset by 1 on ARM traditional.
157         https://bugs.webkit.org/show_bug.cgi?id=109689
158
159         Reviewed by Zoltan Herczeg.
160
161         * assembler/ARMAssembler.h:
162         (JSC::ARMAssembler::replaceWithJump):
163
164 2013-02-12  Joseph Pecoraro  <pecoraro@apple.com>
165
166         [iOS] Enable PAGE_VISIBILITY_API
167         https://bugs.webkit.org/show_bug.cgi?id=109399
168
169         Reviewed by David Kilzer.
170
171         * Configurations/FeatureDefines.xcconfig:
172
173 2013-02-12  Filip Pizlo  <fpizlo@apple.com>
174
175         Renamed SpecObjectMask to SpecObject.
176
177         Rubber stamped by Mark Hahnenberg.
178         
179         "SpecObjectMask" is a weird name considering that a bunch of the other speculated
180         types are also masks, but don't have "Mask" in the name.
181
182         * bytecode/SpeculatedType.h:
183         (JSC):
184         (JSC::isObjectSpeculation):
185         (JSC::isObjectOrOtherSpeculation):
186         * dfg/DFGAbstractState.cpp:
187         (JSC::DFG::AbstractState::execute):
188         * dfg/DFGPredictionPropagationPhase.cpp:
189         (JSC::DFG::PredictionPropagationPhase::propagate):
190         * dfg/DFGSpeculativeJIT.cpp:
191         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
192         * dfg/DFGSpeculativeJIT32_64.cpp:
193         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
194         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
195         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
196         * dfg/DFGSpeculativeJIT64.cpp:
197         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
198         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
199         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
200
201 2013-02-12  Filip Pizlo  <fpizlo@apple.com>
202
203         DFG CFA doesn't filter precisely enough for CompareStrictEq
204         https://bugs.webkit.org/show_bug.cgi?id=109618
205
206         Reviewed by Mark Hahnenberg.
207         
208         The backend speculates object for this case, but the CFA was filtering on
209         (SpecCell & ~SpecString) | SpecOther.
210
211         * dfg/DFGAbstractState.cpp:
212         (JSC::DFG::AbstractState::execute):
213
214 2013-02-12  Martin Robinson  <mrobinson@igalia.com>
215
216         Fix the gyp build of JavaScriptCore.
217
218         * JavaScriptCore.gypi: Added some missing DFG files to the source list.
219
220 2013-02-12  Sheriff Bot  <webkit.review.bot@gmail.com>
221
222         Unreviewed, rolling out r142387.
223         http://trac.webkit.org/changeset/142387
224         https://bugs.webkit.org/show_bug.cgi?id=109601
225
226         caused all layout and jscore tests on windows to fail
227         (Requested by kling on #webkit).
228
229         * bytecode/UnlinkedCodeBlock.cpp:
230         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
231         * bytecode/UnlinkedCodeBlock.h:
232         (UnlinkedCodeBlock):
233
234 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
235
236         DFG CompareEq optimization should be retuned
237         https://bugs.webkit.org/show_bug.cgi?id=109545
238
239         Reviewed by Mark Hahnenberg.
240         
241         - Made the object-to-object equality case work again by hoisting the if statement
242           for it. Previously, object-to-object equality would be compiled as
243           object-to-object-or-other.
244         
245         - Added AbstractState guards for most of the type checks that the object equality
246           code uses.
247         
248         Looks like a hint of a speed-up on all of the things.
249
250         * dfg/DFGAbstractState.cpp:
251         (JSC::DFG::AbstractState::execute):
252         * dfg/DFGSpeculativeJIT.cpp:
253         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
254         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
255         (JSC::DFG::SpeculativeJIT::compare):
256         * dfg/DFGSpeculativeJIT32_64.cpp:
257         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
258         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
259         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
260         * dfg/DFGSpeculativeJIT64.cpp:
261         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
262         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
263         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
264
265 2013-02-12  Gabor Rapcsanyi  <rgabor@webkit.org>
266
267         JSC asserting with long parameter list functions in debug mode on ARM traditional
268         https://bugs.webkit.org/show_bug.cgi?id=109565
269
270         Reviewed by Zoltan Herczeg.
271
272         Increase the value of sequenceGetByIdSlowCaseInstructionSpace to 80.
273
274         * jit/JIT.h:
275
276 2013-02-11  Oliver Hunt  <oliver@apple.com>
277
278         Make JSC API more NULL tolerant
279         https://bugs.webkit.org/show_bug.cgi?id=109515
280
281         Reviewed by Mark Hahnenberg.
282
283         We do so much marshalling for the C API these days anyway that a single null
284         check isn't a performance issue.  Yet the existing "null is unsafe" behaviour
285         leads to crashes in embedding applications whenever there's an untested code
286         path, so it seems having defined behaviour is superior.
287
288         * API/APICast.h:
289         (toJS):
290         (toJSForGC):
291         * API/JSObjectRef.cpp:
292         (JSObjectIsFunction):
293         (JSObjectCallAsFunction):
294         (JSObjectIsConstructor):
295         (JSObjectCallAsConstructor):
296         * API/tests/testapi.c:
297         (main):
298
299 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
300
301         Unreviewed, adding a FIXME to remind ourselves of a bug.
302         https://bugs.webkit.org/show_bug.cgi?id=109487
303
304         * dfg/DFGSpeculativeJIT.cpp:
305         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
306
307 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
308
309         Strange bug in DFG OSR in JSC
310         https://bugs.webkit.org/show_bug.cgi?id=109491
311
312         Reviewed by Mark Hahnenberg.
313         
314         Int32ToDouble was being injected after a side-effecting operation and before a SetLocal. Anytime we
315         inject something just before a SetLocal we should be aware that the previous operation may have been
316         a side-effect associated with the current code origin. Hence, we should use a forward exit.
317         Int32ToDouble does not do forward exits by default.
318         
319         This patch adds a forward-exiting form of Int32ToDouble, for use in SetLocal Int32ToDouble injections.
320         Changed the CSE and other things to treat these nodes identically, but for the exit strategy to be
321         distinct (Int32ToDouble -> backward, ForwardInt32ToDouble -> forward). The use of the NodeType for
322         signaling exit direction is not "great" but it's what we use in other places already (like
323         ForwardCheckStructure).
324
325         * dfg/DFGAbstractState.cpp:
326         (JSC::DFG::AbstractState::execute):
327         * dfg/DFGCSEPhase.cpp:
328         (JSC::DFG::CSEPhase::int32ToDoubleCSE):
329         (CSEPhase):
330         (JSC::DFG::CSEPhase::performNodeCSE):
331         * dfg/DFGCommon.h:
332         * dfg/DFGFixupPhase.cpp:
333         (JSC::DFG::FixupPhase::fixupNode):
334         (JSC::DFG::FixupPhase::fixDoubleEdge):
335         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
336         * dfg/DFGNode.h:
337         (JSC::DFG::Node::willHaveCodeGenOrOSR):
338         * dfg/DFGNodeType.h:
339         (DFG):
340         * dfg/DFGPredictionPropagationPhase.cpp:
341         (JSC::DFG::PredictionPropagationPhase::propagate):
342         * dfg/DFGSpeculativeJIT.cpp:
343         (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
344         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
345         * dfg/DFGSpeculativeJIT.h:
346         * dfg/DFGSpeculativeJIT32_64.cpp:
347         (JSC::DFG::SpeculativeJIT::compile):
348         * dfg/DFGSpeculativeJIT64.cpp:
349         (JSC::DFG::SpeculativeJIT::compile):
350         * dfg/DFGVariableEventStream.cpp:
351         (JSC::DFG::VariableEventStream::reconstruct):
352
353 2013-02-11  Filip Pizlo  <fpizlo@apple.com>
354
355         NonStringCell and Object are practically the same thing for the purpose of speculation
356         https://bugs.webkit.org/show_bug.cgi?id=109492
357
358         Reviewed by Mark Hahnenberg.
359         
360         Removed isNonStringCellSpeculation, and made all callers use isObjectSpeculation.
361         
362         Changed isNonStringCellOrOtherSpeculation to be isObjectOrOtherSpeculation.
363         
364         I believe this is correct because even weird object types like JSNotAnObject end up
365         being "objects" from the standpoint of our typesystem. Anyway, the assumption that
366         "is cell but not a string" equates to "object" is an assumption that is already made
367         in other places in the system so there's little value in being paranoid about it.
368
369         * bytecode/SpeculatedType.h:
370         (JSC::isObjectSpeculation):
371         (JSC::isObjectOrOtherSpeculation):
372         * dfg/DFGAbstractState.cpp:
373         (JSC::DFG::AbstractState::execute):
374         * dfg/DFGNode.h:
375         (Node):
376         (JSC::DFG::Node::shouldSpeculateObjectOrOther):
377         * dfg/DFGSpeculativeJIT.cpp:
378         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
379         (JSC::DFG::SpeculativeJIT::compare):
380         (JSC::DFG::SpeculativeJIT::compileStrictEq):
381         * dfg/DFGSpeculativeJIT.h:
382         (SpeculativeJIT):
383         * dfg/DFGSpeculativeJIT32_64.cpp:
384         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
385         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
386         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
387         (JSC::DFG::SpeculativeJIT::emitBranch):
388         (JSC::DFG::SpeculativeJIT::compile):
389         * dfg/DFGSpeculativeJIT64.cpp:
390         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
391         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
392         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
393         (JSC::DFG::SpeculativeJIT::emitBranch):
394         (JSC::DFG::SpeculativeJIT::compile):
395
396 2013-02-10  Filip Pizlo  <fpizlo@apple.com>
397
398         DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
399         https://bugs.webkit.org/show_bug.cgi?id=109387
400
401         Reviewed by Oliver Hunt and Mark Hahnenberg.
402         
403         Lock in the decision to use a non-speculative constant comparison as early as possible
404         and don't let the CFA change it by folding constants. This might be a performance
405         penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
406         the other hand it completely side-steps the unsoundness that the bug speaks of.
407         
408         Rolling back in after adding 32-bit path.
409
410         * dfg/DFGAbstractState.cpp:
411         (JSC::DFG::AbstractState::execute):
412         * dfg/DFGByteCodeParser.cpp:
413         (JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
414         (ByteCodeParser):
415         (JSC::DFG::ByteCodeParser::parseBlock):
416         * dfg/DFGCSEPhase.cpp:
417         (JSC::DFG::CSEPhase::performNodeCSE):
418         * dfg/DFGNodeType.h:
419         (DFG):
420         * dfg/DFGPredictionPropagationPhase.cpp:
421         (JSC::DFG::PredictionPropagationPhase::propagate):
422         * dfg/DFGSpeculativeJIT.cpp:
423         (JSC::DFG::SpeculativeJIT::compileStrictEq):
424         * dfg/DFGSpeculativeJIT32_64.cpp:
425         (JSC::DFG::SpeculativeJIT::compile):
426         * dfg/DFGSpeculativeJIT64.cpp:
427         (JSC::DFG::SpeculativeJIT::compile):
428
429 2013-02-10  Filip Pizlo  <fpizlo@apple.com>
430
431         DFG TypeOf implementation should have its backend code aligned to what the CFA does
432         https://bugs.webkit.org/show_bug.cgi?id=109385
433
434         Reviewed by Sam Weinig.
435         
436         The problem was that if we ended up trying to constant fold, but didn't succeed
437         because of prediction mismatches, then we would also fail to do filtration.
438         
439         Rearranged the control flow in the CFA to fix that.
440         
441         As far as I know, this is asymptomatic - it's sort of OK for the CFA to prove less
442         things, which is what the bug was.
443
444         * dfg/DFGAbstractState.cpp:
445         (JSC::DFG::AbstractState::execute):
446
447 2013-02-11  Sheriff Bot  <webkit.review.bot@gmail.com>
448
449         Unreviewed, rolling out r142491.
450         http://trac.webkit.org/changeset/142491
451         https://bugs.webkit.org/show_bug.cgi?id=109470
452
453         broke the 32 bit build (Requested by jessieberlin on #webkit).
454
455         * dfg/DFGAbstractState.cpp:
456         (JSC::DFG::AbstractState::execute):
457         * dfg/DFGByteCodeParser.cpp:
458         (JSC::DFG::ByteCodeParser::parseBlock):
459         * dfg/DFGCSEPhase.cpp:
460         (JSC::DFG::CSEPhase::performNodeCSE):
461         * dfg/DFGNodeType.h:
462         (DFG):
463         * dfg/DFGPredictionPropagationPhase.cpp:
464         (JSC::DFG::PredictionPropagationPhase::propagate):
465         * dfg/DFGSpeculativeJIT.cpp:
466         (JSC::DFG::SpeculativeJIT::compileStrictEq):
467         * dfg/DFGSpeculativeJIT64.cpp:
468         (JSC::DFG::SpeculativeJIT::compile):
469
470 2013-02-10  Filip Pizlo  <fpizlo@apple.com>
471
472         DFG CompareEq(a, null) and CompareStrictEq(a, const) are unsound with respect to constant folding
473         https://bugs.webkit.org/show_bug.cgi?id=109387
474
475         Reviewed by Oliver Hunt.
476         
477         Lock in the decision to use a non-speculative constant comparison as early as possible
478         and don't let the CFA change it by folding constants. This might be a performance
479         penalty on some really weird code (FWIW, I haven't seen this on benchmarks), but on
480         the other hand it completely side-steps the unsoundness that the bug speaks of.
481
482         * dfg/DFGAbstractState.cpp:
483         (JSC::DFG::AbstractState::execute):
484         * dfg/DFGByteCodeParser.cpp:
485         (JSC::DFG::ByteCodeParser::isConstantForCompareStrictEq):
486         (ByteCodeParser):
487         (JSC::DFG::ByteCodeParser::parseBlock):
488         * dfg/DFGCSEPhase.cpp:
489         (JSC::DFG::CSEPhase::performNodeCSE):
490         * dfg/DFGNodeType.h:
491         (DFG):
492         * dfg/DFGPredictionPropagationPhase.cpp:
493         (JSC::DFG::PredictionPropagationPhase::propagate):
494         * dfg/DFGSpeculativeJIT.cpp:
495         (JSC::DFG::SpeculativeJIT::compileStrictEq):
496         * dfg/DFGSpeculativeJIT64.cpp:
497         (JSC::DFG::SpeculativeJIT::compile):
498
499 2013-02-11  Csaba Osztrogon√°c  <ossy@webkit.org>
500
501         Unreviewed fix after r13954 for !ENABLE(JIT) builds.
502
503         * llint/LowLevelInterpreter.cpp:
504
505 2013-02-11  Gabor Rapcsanyi  <rgabor@webkit.org>
506
507         JSC build failing with verbose debug mode
508         https://bugs.webkit.org/show_bug.cgi?id=109441
509
510         Reviewed by Darin Adler.
511
512         Fixing some verbose messages which caused build errors.
513
514         * dfg/DFGAbstractState.cpp:
515         (JSC::DFG::AbstractState::mergeToSuccessors):
516         * dfg/DFGCFAPhase.cpp:
517         (JSC::DFG::CFAPhase::performBlockCFA):
518         * dfg/DFGCSEPhase.cpp:
519         (JSC::DFG::CSEPhase::setReplacement):
520         (JSC::DFG::CSEPhase::eliminate):
521         * dfg/DFGPredictionInjectionPhase.cpp:
522         (JSC::DFG::PredictionInjectionPhase::run):
523
524 2013-02-10  Martin Robinson  <mrobinson@igalia.com>
525
526         Fix the GTK+ gyp build
527
528         * JavaScriptCore.gypi: Update the source list to accurately
529         reflect what's in the repository and remove the offsets extractor
530         from the list of JavaScriptCore files. It's only used to build
531         the extractor binary.
532
533 2013-02-09  Andreas Kling  <akling@apple.com>
534
535         Shrink-wrap UnlinkedCodeBlock members.
536         <http://webkit.org/b/109368>
537
538         Reviewed by Oliver Hunt.
539
540         Rearrange the members of UnlinkedCodeBlock to avoid unnecessary padding on 64-bit.
541         Knocks ~600 KB off of the Membuster3 peak.
542
543         * bytecode/UnlinkedCodeBlock.cpp:
544         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
545         * bytecode/UnlinkedCodeBlock.h:
546         (UnlinkedCodeBlock):
547
548 2013-02-08  Filip Pizlo  <fpizlo@apple.com>
549
550         DFG should allow phases to break Phi's and then have one phase to rebuild them
551         https://bugs.webkit.org/show_bug.cgi?id=108414
552
553         Reviewed by Mark Hahnenberg.
554         
555         Introduces two new DFG forms: LoadStore and ThreadedCPS. These are described in
556         detail in DFGCommon.h.
557         
558         Consequently, DFG phases no longer have to worry about preserving data flow
559         links between basic blocks. It is generally always safe to request that the
560         graph be dethreaded (Graph::dethread), which brings it into LoadStore form, where
561         the data flow is implicit. In this form, only liveness-at-head needs to be
562         preserved.
563         
564         All of the machinery for "threading" the graph to introduce data flow between
565         blocks is now moved out of the bytecode parser and into the CPSRethreadingPhase.
566         All phases that previously did this maintenance themselves now just rely on
567         being able to dethread the graph. The one exception is the structure check
568         hoising phase, which operates over a threaded graph and preserves it, for the
569         sake of performance.
570         
571         Also moved two other things into their own phases: unification (previously found
572         in the parser) and prediction injection (previously found in various places).
573
574         * CMakeLists.txt:
575         * GNUmakefile.list.am:
576         * JavaScriptCore.xcodeproj/project.pbxproj:
577         * Target.pri:
578         * bytecode/Operands.h:
579         (Operands):
580         (JSC::Operands::sizeFor):
581         (JSC::Operands::atFor):
582         * dfg/DFGAbstractState.cpp:
583         (JSC::DFG::AbstractState::execute):
584         (JSC::DFG::AbstractState::mergeStateAtTail):
585         * dfg/DFGAllocator.h:
586         (JSC::DFG::::allocateSlow):
587         * dfg/DFGArgumentsSimplificationPhase.cpp:
588         (JSC::DFG::ArgumentsSimplificationPhase::run):
589         * dfg/DFGBasicBlockInlines.h:
590         (DFG):
591         * dfg/DFGByteCodeParser.cpp:
592         (JSC::DFG::ByteCodeParser::getLocal):
593         (JSC::DFG::ByteCodeParser::getArgument):
594         (JSC::DFG::ByteCodeParser::flushDirect):
595         (JSC::DFG::ByteCodeParser::parseBlock):
596         (DFG):
597         (JSC::DFG::ByteCodeParser::parse):
598         * dfg/DFGCFGSimplificationPhase.cpp:
599         (JSC::DFG::CFGSimplificationPhase::run):
600         (JSC::DFG::CFGSimplificationPhase::killUnreachable):
601         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
602         (CFGSimplificationPhase):
603         (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
604         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
605         * dfg/DFGCPSRethreadingPhase.cpp: Added.
606         (DFG):
607         (CPSRethreadingPhase):
608         (JSC::DFG::CPSRethreadingPhase::CPSRethreadingPhase):
609         (JSC::DFG::CPSRethreadingPhase::run):
610         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
611         (JSC::DFG::CPSRethreadingPhase::clearVariablesAtHeadAndTail):
612         (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
613         (JSC::DFG::CPSRethreadingPhase::addPhi):
614         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
615         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
616         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetLocal):
617         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
618         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
619         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
620         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
621         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
622         (JSC::DFG::CPSRethreadingPhase::propagatePhis):
623         (JSC::DFG::CPSRethreadingPhase::PhiStackEntry::PhiStackEntry):
624         (PhiStackEntry):
625         (JSC::DFG::CPSRethreadingPhase::phiStackFor):
626         (JSC::DFG::performCPSRethreading):
627         * dfg/DFGCPSRethreadingPhase.h: Added.
628         (DFG):
629         * dfg/DFGCSEPhase.cpp:
630         (CSEPhase):
631         (JSC::DFG::CSEPhase::performNodeCSE):
632         * dfg/DFGCommon.cpp:
633         (WTF):
634         (WTF::printInternal):
635         * dfg/DFGCommon.h:
636         (JSC::DFG::logCompilationChanges):
637         (DFG):
638         (WTF):
639         * dfg/DFGConstantFoldingPhase.cpp:
640         (JSC::DFG::ConstantFoldingPhase::foldConstants):
641         * dfg/DFGDriver.cpp:
642         (JSC::DFG::compile):
643         * dfg/DFGGraph.cpp:
644         (JSC::DFG::Graph::Graph):
645         (JSC::DFG::Graph::dump):
646         (JSC::DFG::Graph::dethread):
647         (JSC::DFG::Graph::collectGarbage):
648         * dfg/DFGGraph.h:
649         (JSC::DFG::Graph::performSubstitution):
650         (Graph):
651         (JSC::DFG::Graph::performSubstitutionForEdge):
652         (JSC::DFG::Graph::convertToConstant):
653         * dfg/DFGNode.h:
654         (JSC::DFG::Node::convertToPhantomLocal):
655         (Node):
656         (JSC::DFG::Node::convertToGetLocal):
657         (JSC::DFG::Node::hasVariableAccessData):
658         * dfg/DFGNodeType.h:
659         (DFG):
660         * dfg/DFGPhase.cpp:
661         (JSC::DFG::Phase::beginPhase):
662         * dfg/DFGPhase.h:
663         (JSC::DFG::runAndLog):
664         * dfg/DFGPredictionInjectionPhase.cpp: Added.
665         (DFG):
666         (PredictionInjectionPhase):
667         (JSC::DFG::PredictionInjectionPhase::PredictionInjectionPhase):
668         (JSC::DFG::PredictionInjectionPhase::run):
669         (JSC::DFG::performPredictionInjection):
670         * dfg/DFGPredictionInjectionPhase.h: Added.
671         (DFG):
672         * dfg/DFGPredictionPropagationPhase.cpp:
673         (JSC::DFG::PredictionPropagationPhase::run):
674         (JSC::DFG::PredictionPropagationPhase::propagate):
675         * dfg/DFGSpeculativeJIT32_64.cpp:
676         (JSC::DFG::SpeculativeJIT::compile):
677         * dfg/DFGSpeculativeJIT64.cpp:
678         (JSC::DFG::SpeculativeJIT::compile):
679         * dfg/DFGStructureCheckHoistingPhase.cpp:
680         (JSC::DFG::StructureCheckHoistingPhase::run):
681         * dfg/DFGUnificationPhase.cpp: Added.
682         (DFG):
683         (UnificationPhase):
684         (JSC::DFG::UnificationPhase::UnificationPhase):
685         (JSC::DFG::UnificationPhase::run):
686         (JSC::DFG::performUnification):
687         * dfg/DFGUnificationPhase.h: Added.
688         (DFG):
689         * dfg/DFGValidate.cpp:
690         (JSC::DFG::Validate::validate):
691         (JSC::DFG::Validate::dumpGraphIfAppropriate):
692         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
693         (JSC::DFG::VirtualRegisterAllocationPhase::run):
694         * llint/LLIntSlowPaths.cpp:
695         (JSC::LLInt::setUpCall):
696         * runtime/JSCJSValue.cpp:
697         (JSC::JSValue::dump):
698         * runtime/JSString.h:
699         (JSString):
700         * runtime/Options.h:
701         (JSC):
702
703 2013-02-08  Jer Noble  <jer.noble@apple.com>
704
705         Bring WebKit up to speed with latest Encrypted Media spec.
706         https://bugs.webkit.org/show_bug.cgi?id=97037
707
708         Reviewed by Eric Carlson.
709
710         Define the ENABLE_ENCRYPTED_MEDIA_V2 setting.
711
712         * Configurations/FeatureDefines.xcconfig:
713
714 2013-02-08  Gavin Barraclough  <barraclough@apple.com>
715
716         Objective-C API for JavaScriptCore
717         https://bugs.webkit.org/show_bug.cgi?id=105889
718
719         Reviewed by Joseph Pecoraro
720
721         Following up on review comments, mostly typos.
722
723         * API/JSBlockAdaptor.h:
724         * API/JSBlockAdaptor.mm:
725         (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
726         * API/JSContext.h:
727         * API/JSExport.h:
728         * API/JSValue.h:
729         * API/JSValue.mm:
730         * API/JSWrapperMap.mm:
731         (selectorToPropertyName):
732         (-[JSWrapperMap classInfoForClass:]):
733         (-[JSWrapperMap wrapperForObject:]):
734
735 2013-02-08  Martin Robinson  <mrobinson@igalia.com>
736
737         [GTK] Add an experimental gyp build
738         https://bugs.webkit.org/show_bug.cgi?id=109003
739
740         Reviewed by Gustavo Noronha Silva.
741
742         * JavaScriptCore.gypi: Update the list of source files to include those
743         necessary for the GTK+ build.
744
745 2013-02-08  Andreas Kling  <akling@apple.com>
746
747         JSC: Lower minimum PropertyTable size.
748         <http://webkit.org/b/109247>
749
750         Reviewed by Darin Adler.
751
752         Lower the minimum table size for PropertyTable from 16 to 8.
753         3.32 MB progression on Membuster3 (a ~13% reduction in memory used by PropertyTables.)
754
755         * runtime/PropertyMapHashTable.h:
756         (PropertyTable):
757         (JSC::PropertyTable::sizeForCapacity):
758
759 2013-02-07  Roger Fong  <roger_fong@apple.com>
760
761         Unreviewed. More VS2010 WebKit solution touchups.
762         Make JavaScriptCoreExports.def.in be treated as a custom build file so that changes to it cause the exports to be rebuilt.
763
764         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
765         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
766         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
767
768 2013-02-07  Mark Hahnenberg  <mhahnenberg@apple.com>
769
770         Objective-C API: testapi.mm should use ARC
771         https://bugs.webkit.org/show_bug.cgi?id=107838
772
773         Reviewed by Mark Rowe.
774
775         Removing the changes to the Xcode project file and moving the equivalent flags into 
776         the ToolExecutable xcconfig file.
777
778         * Configurations/ToolExecutable.xcconfig:
779         * JavaScriptCore.xcodeproj/project.pbxproj:
780
781 2013-02-07  Brent Fulgham  <bfulgham@webkit.org>
782
783         [Windows] Unreviewed Visual Studio 2010 build fixes after r142179.
784
785         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Correct changed symbols
786         * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Removed autogenerated file.
787
788 2013-02-05  Filip Pizlo  <fpizlo@apple.com>
789
790         DFG::ByteCodeParser should do surgical constant folding to reduce load on the optimization fixpoint
791         https://bugs.webkit.org/show_bug.cgi?id=109000
792
793         Reviewed by Oliver Hunt.
794         
795         Previously our source parser's ASTBuilder did some surgical constant folding, but it
796         didn't cover some cases.  It was particularly incapable of doing constant folding for
797         cases where we do some minimal loop peeling in the bytecode generator - since it
798         didn't "see" those constants prior to the peeling.  Example:
799
800         for (var i = 0; i < 4; ++i)
801             things;
802
803         This will get peeled just a bit by the bytecode generator, so that the "i < 4" is
804         duplicated both at the top of the loop and the bottom.  This means that we have a
805         constant comparison: "0 < 4", which the bytecode generator emits without any further
806         thought.
807
808         The DFG optimization fixpoint of course folds this and simplifies the CFG 
809         accordingly, but this incurs a compile-time cost.  The purpose of this change is to
810         do some surgical constant folding in the DFG's bytecode parser, so that such
811         constructs reduce load on the CFG simplifier and the optimization fixpoint.  The goal
812         is not to cover all cases, since the DFG CFA and CFG simplifier have a powerful
813         sparse conditional constant propagation that we can always fall back on. Instead the
814         goal is to cover enough cases that for common small functions we don't have to
815         perform such transformations, thereby reducing compile times.
816         
817         This also refactors m_inlineStackEntry->m_inlineCallFrame to be a handy method call
818         and also adds the notion of a TriState-based JSValue::pureToBoolean(). Both of these
819         things are used by the folder.
820         
821         As well, care has been taken to make sure that the bytecode parser only does folding
822         that is statically provable, and that doesn't arise out of speculation. This means
823         we cannot fold on data flow that crosses inlining boundaries. On the other hand, the
824         folding that the bytecode parser uses doesn't require phantoming anything. Such is
825         the trade-off: for anything that we do need phantoming, we defer it to the
826         optimization fixpoint.
827         
828         Slight SunSpider speed-up.
829
830         * dfg/DFGByteCodeParser.cpp:
831         (JSC::DFG::ByteCodeParser::get):
832         (JSC::DFG::ByteCodeParser::getLocal):
833         (JSC::DFG::ByteCodeParser::setLocal):
834         (JSC::DFG::ByteCodeParser::flushDirect):
835         (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
836         (JSC::DFG::ByteCodeParser::toInt32):
837         (ByteCodeParser):
838         (JSC::DFG::ByteCodeParser::inlineCallFrame):
839         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
840         (JSC::DFG::ByteCodeParser::canFold):
841         (JSC::DFG::ByteCodeParser::handleInlining):
842         (JSC::DFG::ByteCodeParser::getScope):
843         (JSC::DFG::ByteCodeParser::parseResolveOperations):
844         (JSC::DFG::ByteCodeParser::parseBlock):
845         (JSC::DFG::ByteCodeParser::parseCodeBlock):
846         * dfg/DFGNode.h:
847         (JSC::DFG::Node::isStronglyProvedConstantIn):
848         (Node):
849         * runtime/JSCJSValue.h:
850         * runtime/JSCJSValueInlines.h:
851         (JSC::JSValue::pureToBoolean):
852         (JSC):
853
854 2013-02-07  Zoltan Herczeg  <zherczeg@webkit.org>
855
856         Invalid code is generated for storing constants with baseindex addressing modes on ARM traditional.
857         https://bugs.webkit.org/show_bug.cgi?id=109050
858
859         Reviewed by Oliver Hunt.
860
861         The S! scratch register is reused, but it should contain the constant value.
862
863         * assembler/ARMAssembler.cpp:
864         (JSC::ARMAssembler::baseIndexTransfer32):
865         (JSC::ARMAssembler::baseIndexTransfer16):
866
867 2013-02-07  Andras Becsi  <andras.becsi@digia.com>
868
869         [Qt] Use GNU ar's thin archive format for intermediate static libs
870         https://bugs.webkit.org/show_bug.cgi?id=109052
871
872         Reviewed by Jocelyn Turcotte.
873
874         Adjust project files that used activeBuildConfig()
875         to use targetSubDir().
876
877         * JavaScriptCore.pri:
878         * LLIntOffsetsExtractor.pro:
879         * Target.pri:
880
881 2013-02-06  Roger Fong  <roger_fong@apple.com>
882
883         Unreviewed. Touchups to VS2010 WebKit solution.
884         Fix an export generator script, modify some property sheets, add resouce file.
885
886         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
887         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
888         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
889         * JavaScriptCore.vcxproj/resource.h: Added.
890
891 2013-02-06  Ilya Tikhonovsky  <loislo@chromium.org>
892
893         Web Inspector: Native Memory Instrumentation: assign class name to the heap graph node automatically
894         https://bugs.webkit.org/show_bug.cgi?id=107262
895
896         Reviewed by Yury Semikhatsky.
897
898         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
899
900 2013-02-06  Mike West  <mkwst@chromium.org>
901
902         Add an ENABLE_NOSNIFF feature flag.
903         https://bugs.webkit.org/show_bug.cgi?id=109029
904
905         Reviewed by Jochen Eisinger.
906
907         This new flag will control the behavior of 'X-Content-Type-Options: nosniff'
908         when processing script and other resource types.
909
910         * Configurations/FeatureDefines.xcconfig:
911
912 2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
913
914         put_to_base should emit a Phantom for "value" across the ForceOSRExit
915         https://bugs.webkit.org/show_bug.cgi?id=108998
916
917         Reviewed by Oliver Hunt.
918
919         Otherwise, the OSR exit compiler could clobber it, which would lead to badness.
920
921         * bytecode/CodeBlock.cpp:
922         (JSC::CodeBlock::tallyFrequentExitSites): Build fixes for when DFG debug logging is enabled.
923         * dfg/DFGByteCodeParser.cpp:
924         (JSC::DFG::ByteCodeParser::parseBlock): Added extra Phantoms for the "value" field where needed.
925         * dfg/DFGSpeculativeJIT.cpp:
926         (JSC::DFG::SpeculativeJIT::compile): Ditto.
927
928 2013-02-05  Michael Saboff  <msaboff@apple.com>
929
930         Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled
931         https://bugs.webkit.org/show_bug.cgi?id=108991
932
933         Reviewed by Oliver Hunt.
934
935         Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location
936         may step on calleeGPR is it happen to be nonArgGPR2.
937
938         * dfg/DFGRepatch.cpp:
939         (JSC::DFG::dfgLinkClosureCall):
940
941 2013-02-05  Roger Fong  <roger_fong@apple.com>
942
943         Add a JavaScriptCore Export Generator project.
944         https://bugs.webkit.org/show_bug.cgi?id=108971.
945
946         Reviewed by Brent Fulgham.
947
948         * JavaScriptCore.vcxproj/JavaScriptCore.sln:
949         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
950         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
951         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
952         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Added.
953         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Added.
954         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Added.
955         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.user: Added.
956         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Added.
957         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Added.
958         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Added.
959         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Added.
960         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Added.
961         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Added.
962         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Added.
963
964 2013-02-04  Filip Pizlo  <fpizlo@apple.com>
965
966         DFG should have a precise view of jump targets
967         https://bugs.webkit.org/show_bug.cgi?id=108868
968
969         Reviewed by Oliver Hunt.
970         
971         Previously, the DFG relied entirely on the CodeBlock's jump targets list for
972         determining when to break basic blocks. This worked great, except sometimes it
973         would be too conservative since the CodeBlock just says where the bytecode
974         generator inserted labels.
975         
976         This change keeps the old jump target list in CodeBlock since it is still
977         valuable to the baseline JIT, but switches the DFG to use its own jump target
978         calculator. This ought to reduce pressure on the DFG simplifier, which would
979         previously do a lot of work to try to merge redundantly created basic blocks.
980         It appears to be a 1% progression on SunSpider.
981
982         * CMakeLists.txt:
983         * GNUmakefile.list.am:
984         * JavaScriptCore.xcodeproj/project.pbxproj:
985         * Target.pri:
986         * bytecode/PreciseJumpTargets.cpp: Added.
987         (JSC):
988         (JSC::addSimpleSwitchTargets):
989         (JSC::computePreciseJumpTargets):
990         * bytecode/PreciseJumpTargets.h: Added.
991         (JSC):
992         * dfg/DFGByteCodeParser.cpp:
993         (JSC::DFG::ByteCodeParser::parseCodeBlock):
994
995 2013-02-01  Roger Fong  <roger_fong@apple.com>
996
997         Make ConfigurationBuildDir include directories precede WebKitLibraries in JSC.
998         https://bugs.webkit.org/show_bug.cgi?id=108693.
999
1000         Rubberstamped by Timothy Horton.
1001
1002         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
1003
1004 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1005
1006         Structure::m_outOfLineCapacity is unnecessary
1007         https://bugs.webkit.org/show_bug.cgi?id=108206
1008
1009         Reviewed by Darin Adler.
1010
1011         Simplifying the utility functions that we use since we don't need a 
1012         bunch of fancy templates for this one specific call site.
1013
1014         * runtime/Structure.h:
1015         (JSC::Structure::outOfLineCapacity):
1016
1017 2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
1018
1019         Objective-C API: testapi.mm should use ARC
1020         https://bugs.webkit.org/show_bug.cgi?id=107838
1021
1022         Reviewed by Oliver Hunt.
1023
1024         In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs.
1025         We should enable ARC, since that is what most of our clients will be using. We use Xcode project 
1026         settings to make sure we don't try to compile ARC on 32-bit.
1027
1028         * API/tests/testapi.mm:
1029         (+[TestObject testObject]):
1030         (testObjectiveCAPI):
1031         * JavaScriptCore.xcodeproj/project.pbxproj:
1032
1033 2013-02-05  Brent Fulgham  <bfulgham@webkit.org>
1034
1035         [Windows] Unreviewed VS2010 Build Correction after r141651
1036
1037         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing
1038         StructureRareData.h and StructureRareData.cpp files.
1039         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
1040
1041 2013-02-05  Michael Saboff  <msaboff@apple.com>
1042
1043         r141788 won't build due to not having all changes needed by Node* change
1044         https://bugs.webkit.org/show_bug.cgi?id=108944
1045
1046         Reviewed by David Kilzer.
1047
1048         Fixed three instances of integerResult(..., m_compileIndex) to be integerResult(..., node).
1049
1050         * dfg/DFGSpeculativeJIT.cpp:
1051         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1052         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1053
1054 2013-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
1055
1056         Unreviewed, rolling out r141809.
1057         http://trac.webkit.org/changeset/141809
1058         https://bugs.webkit.org/show_bug.cgi?id=108860
1059
1060         ARC isn't supported on 32-bit. (Requested by mhahnenberg on
1061         #webkit).
1062
1063         * API/tests/testapi.mm:
1064         (+[TestObject testObject]):
1065         (testObjectiveCAPI):
1066         * JavaScriptCore.xcodeproj/project.pbxproj:
1067
1068 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1069
1070         Objective-C API: testapi.mm should use ARC
1071         https://bugs.webkit.org/show_bug.cgi?id=107838
1072
1073         Reviewed by Oliver Hunt.
1074
1075         In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs. 
1076         We should enable ARC, since that is what most of our clients will be using.
1077
1078         * API/tests/testapi.mm:
1079         (-[TestObject init]):
1080         (-[TestObject dealloc]):
1081         (+[TestObject testObject]):
1082         (testObjectiveCAPI):
1083         * JavaScriptCore.xcodeproj/project.pbxproj:
1084
1085 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
1086
1087         Objective-C API: ObjCCallbackFunction should retain the target of its NSInvocation
1088         https://bugs.webkit.org/show_bug.cgi?id=108843
1089
1090         Reviewed by Darin Adler.
1091
1092         Currently, ObjCCallbackFunction doesn't retain the target of its NSInvocation. It needs to do 
1093         this to prevent crashes when trying to invoke a callback later on.
1094
1095         * API/ObjCCallbackFunction.mm:
1096         (ObjCCallbackFunction::ObjCCallbackFunction):
1097         (ObjCCallbackFunction::~ObjCCallbackFunction):
1098
1099 2013-02-04  Martin Robinson  <mrobinson@igalia.com>
1100
1101         Fix GTK+ 'make dist' in preparation for the 1.11.5 release.
1102
1103         * GNUmakefile.list.am: Update the source lists.
1104
1105 2013-02-04  Michael Saboff  <msaboff@apple.com>
1106
1107         For ARMv7s use integer divide instruction for divide and modulo when possible
1108         https://bugs.webkit.org/show_bug.cgi?id=108840
1109
1110         Reviewed in person by Filip Pizlo.
1111
1112         Added ARMv7s integer divide path for ArithDiv and ArithMod where operands and results are integer.
1113         This is patterned after the similar code for X86.  Also added modulo power of 2 optimization
1114         that uses logical and.  Added sdiv and udiv to the ARMv7 disassembler.  Put all the changes
1115         behind #if CPU(APPLE_ARMV7S). 
1116
1117         * assembler/ARMv7Assembler.h:
1118         (ARMv7Assembler):
1119         (JSC::ARMv7Assembler::sdiv):
1120         (JSC::ARMv7Assembler::udiv):
1121         * dfg/DFGCommon.h:
1122         (JSC::DFG::isARMv7s):
1123         * dfg/DFGFixupPhase.cpp:
1124         (JSC::DFG::FixupPhase::fixupNode):
1125         * dfg/DFGSpeculativeJIT.cpp:
1126         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
1127         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
1128         * dfg/DFGSpeculativeJIT.h:
1129         (SpeculativeJIT):
1130         * dfg/DFGSpeculativeJIT32_64.cpp:
1131         (JSC::DFG::SpeculativeJIT::compile):
1132
1133 2013-02-04  David Kilzer  <ddkilzer@apple.com>
1134
1135         Check PrivateHeaders/JSBasePrivate.h for inappropriate macros
1136         <http://webkit.org/b/108749>
1137
1138         Reviewed by Joseph Pecoraro.
1139
1140         * JavaScriptCore.xcodeproj/project.pbxproj: Add
1141         PrivateHeaders/JSBasePrivate.h to list of headers to check in
1142         "Check for Inappropriate Macros in External Headers" build phase
1143         script.
1144
1145 2013-02-04  David Kilzer  <ddkilzer@apple.com>
1146
1147         Remove duplicate entries from JavaScriptCore Xcode project
1148
1149             $ uniq Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | diff -u - Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | patch -p0 -R
1150             patching file Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
1151
1152         * JavaScriptCore.xcodeproj/project.pbxproj: Remove duplicates.
1153
1154 2013-02-04  David Kilzer  <ddkilzer@apple.com>
1155
1156         Sort JavaScriptCore Xcode project file
1157
1158         * JavaScriptCore.xcodeproj/project.pbxproj:
1159
1160 2013-02-03  David Kilzer  <ddkilzer@apple.com>
1161
1162         Upstream ENABLE_PDFKIT_PLUGIN settting
1163         <http://webkit.org/b/108792>
1164
1165         Reviewed by Tim Horton.
1166
1167         * Configurations/FeatureDefines.xcconfig: Disable PDFKIT_PLUGIN
1168         on iOS since PDFKit is a Mac-only framework.
1169
1170 2013-02-02  Andreas Kling  <akling@apple.com>
1171
1172         Vector should consult allocator about ideal size when choosing capacity.
1173         <http://webkit.org/b/108410>
1174         <rdar://problem/13124002>
1175
1176         Reviewed by Benjamin Poulain.
1177
1178         Remove assertion about Vector capacity that won't hold anymore since capacity()
1179         may not be what you passed to reserveCapacity().
1180         Also export WTF::fastMallocGoodSize() for Windows builds.
1181
1182         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1183         * bytecode/CodeBlock.cpp:
1184         (JSC::CodeBlock::CodeBlock):
1185
1186 2013-02-02  Patrick Gansterer  <paroga@webkit.org>
1187
1188         [CMake] Adopt the WinCE port to new CMake
1189         https://bugs.webkit.org/show_bug.cgi?id=108754
1190
1191         Reviewed by Laszlo Gombos.
1192
1193         * os-win32/WinMain.cpp: Removed.
1194         * shell/PlatformWinCE.cmake: Removed.
1195
1196 2013-02-02  Mark Rowe  <mrowe@apple.com>
1197
1198         <http://webkit.org/b/108745> WTF shouldn't use a script build phase to detect the presence of headers when the compiler can do it for us
1199
1200         Reviewed by Sam Weinig.
1201
1202         * DerivedSources.make: Remove an obsolete Makefile rule. This should have been removed when the use
1203         of the generated file moved to WTF.
1204
1205 2013-02-02  David Kilzer  <ddkilzer@apple.com>
1206
1207         Upstream iOS FeatureDefines
1208         <http://webkit.org/b/108753>
1209
1210         Reviewed by Anders Carlsson.
1211
1212         * Configurations/FeatureDefines.xcconfig:
1213         - ENABLE_DEVICE_ORIENTATION: Add iOS configurations.
1214         - ENABLE_PLUGIN_PROXY_FOR_VIDEO: Ditto.
1215         - FEATURE_DEFINES: Add ENABLE_PLUGIN_PROXY_FOR_VIDEO.  Add
1216           PLATFORM_NAME variant to reduce future merge conflicts. 
1217
1218 2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1219
1220         Structure::m_enumerationCache should be moved to StructureRareData
1221         https://bugs.webkit.org/show_bug.cgi?id=108723
1222
1223         Reviewed by Oliver Hunt.
1224
1225         m_enumerationCache is only used by objects whose properties are iterated over, so not every Structure needs this 
1226         field and it can therefore be moved safely to StructureRareData to help with memory savings.
1227
1228         * runtime/JSPropertyNameIterator.h:
1229         (JSPropertyNameIterator):
1230         (JSC::Register::propertyNameIterator):
1231         (JSC::StructureRareData::enumerationCache): Add to JSPropertyNameIterator.h so that it can see the correct type.
1232         (JSC::StructureRareData::setEnumerationCache): Ditto.
1233         * runtime/Structure.cpp:
1234         (JSC::Structure::addPropertyWithoutTransition): Use the enumerationCache() getter rather than accessing the field.
1235         (JSC::Structure::removePropertyWithoutTransition): Ditto.
1236         (JSC::Structure::visitChildren): We no longer have to worry about marking the m_enumerationCache field.
1237         * runtime/Structure.h: 
1238         (JSC::Structure::setEnumerationCache): Move the old accessors back since we don't have to have any knowledge of 
1239         the JSPropertyNameIterator type.
1240         (JSC::Structure::enumerationCache): Ditto.
1241         * runtime/StructureRareData.cpp:
1242         (JSC::StructureRareData::visitChildren): Mark the new m_enumerationCache field.
1243         * runtime/StructureRareData.h: Add new functions/fields.
1244         (StructureRareData):
1245
1246 2013-02-01  Roger Fong  <roger_fong@apple.com>
1247
1248         Unreviewed. JavaScriptCore VS2010 project cleanup.
1249
1250         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1251         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1252         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1253         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1254
1255 2013-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
1256
1257         Unreviewed, rolling out r141662.
1258         http://trac.webkit.org/changeset/141662
1259         https://bugs.webkit.org/show_bug.cgi?id=108738
1260
1261         it's an incorrect change since processPhiStack will
1262         dereference dangling BasicBlock pointers (Requested by pizlo
1263         on #webkit).
1264
1265         * dfg/DFGByteCodeParser.cpp:
1266         (JSC::DFG::ByteCodeParser::parse):
1267
1268 2013-02-01  Filip Pizlo  <fpizlo@apple.com>
1269
1270         Eliminate dead blocks sooner in the DFG::ByteCodeParser to make clear that you don't need to hold onto them during Phi construction
1271         https://bugs.webkit.org/show_bug.cgi?id=108717
1272
1273         Reviewed by Mark Hahnenberg.
1274         
1275         I think this makes the code clearer. It doesn't change behavior.
1276
1277         * dfg/DFGByteCodeParser.cpp:
1278         (JSC::DFG::ByteCodeParser::parse):
1279
1280 2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
1281
1282         Structure should have a StructureRareData field to save space
1283         https://bugs.webkit.org/show_bug.cgi?id=108659
1284
1285         Reviewed by Oliver Hunt.
1286
1287         Many of the fields in Structure are used in a subset of all total Structures; however, all Structures must 
1288         pay the memory cost of those fields, regardless of whether they use them or not. Since we can have potentially 
1289         many Structures on a single page (e.g. bing.com creates ~1500 Structures), it would be profitable to 
1290         refactor Structure so that not every Structure has to pay the memory costs for these infrequently used fields.
1291
1292         To accomplish this, we can create a new StructureRareData class to house these seldom used fields which we 
1293         can allocate on demand whenever a Structure requires it. This StructureRareData can itself be a JSCell, and 
1294         can do all the marking of the fields for the Structure. The StructureRareData field will be part of a union 
1295         with m_previous to minimize overhead. We'll add a new field to JSTypeInfo to indicate that the Structure has 
1296         a StructureRareData field. During transitions, a Structure will clone its previous Structure's StructureRareData 
1297         if it has one. There could be some potential for optimizing this process, but the initial implementation will 
1298         be dumb since we'd be paying these overhead costs for each Structure anyways.
1299
1300         Initially we'll only put two fields in the StructureRareData to avoid a memory regression. Over time we'll 
1301         continue to move fields from Structure to StructureRareData. Optimistically, this could potentially reduce our 
1302         Structure memory footprint by up to around 75%. It could also clear the way for removing destructors from 
1303         Structures (and into StructureRareData).
1304
1305         * CMakeLists.txt:
1306         * GNUmakefile.list.am:
1307         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1308         * JavaScriptCore.xcodeproj/project.pbxproj:
1309         * Target.pri:
1310         * dfg/DFGRepatch.cpp: Includes for linking purposes.
1311         * jit/JITStubs.cpp:
1312         * jsc.cpp:
1313         * llint/LLIntSlowPaths.cpp:
1314         * runtime/JSCellInlines.h: Added ifdef guards.
1315         * runtime/JSGlobalData.cpp: New Structure for StructureRareData class.
1316         (JSC::JSGlobalData::JSGlobalData):
1317         * runtime/JSGlobalData.h:
1318         (JSGlobalData):
1319         * runtime/JSGlobalObject.h:
1320         * runtime/JSTypeInfo.h: New flag to indicate whether or not a Structure has a StructureRareData field.
1321         (JSC::TypeInfo::flags):
1322         (JSC::TypeInfo::structureHasRareData):
1323         * runtime/ObjectPrototype.cpp:
1324         * runtime/Structure.cpp: We use a combined WriteBarrier<JSCell> field m_previousOrRareData to avoid compiler issues.
1325         (JSC::Structure::dumpStatistics):
1326         (JSC::Structure::Structure): 
1327         (JSC::Structure::materializePropertyMap):
1328         (JSC::Structure::addPropertyTransition):
1329         (JSC::Structure::nonPropertyTransition):
1330         (JSC::Structure::pin):
1331         (JSC::Structure::allocateRareData): Handles allocating a brand new StructureRareData field.
1332         (JSC::Structure::cloneRareDataFrom): Handles cloning a StructureRareData field from another. Used during Structure 
1333         transitions.
1334         (JSC::Structure::visitChildren): We no longer have to worry about marking m_objectToStringValue.
1335         * runtime/Structure.h:
1336         (JSC::Structure::previousID): Checks the structureHasRareData flag to see where it should get the previous Structure.
1337         (JSC::Structure::objectToStringValue): Reads the value from the StructureRareData. If it doesn't exist, returns 0.
1338         (JSC::Structure::setObjectToStringValue): Ensures that we have a StructureRareData field, then forwards the function 
1339         call to it.
1340         (JSC::Structure::materializePropertyMapIfNecessary):
1341         (JSC::Structure::setPreviousID): Checks for StructureRareData and forwards if necessary.
1342         (Structure):
1343         (JSC::Structure::clearPreviousID): Ditto.
1344         (JSC::Structure::create):
1345         * runtime/StructureRareData.cpp: Added. All of the basic functionality of a JSCell with the fields that we've moved 
1346         from Structure and the functions required to access/modify those fields as Structure would have done.
1347         (JSC):
1348         (JSC::StructureRareData::createStructure):
1349         (JSC::StructureRareData::create):
1350         (JSC::StructureRareData::clone):
1351         (JSC::StructureRareData::StructureRareData):
1352         (JSC::StructureRareData::visitChildren):
1353         * runtime/StructureRareData.h: Added.
1354         (JSC):
1355         (StructureRareData):
1356         * runtime/StructureRareDataInlines.h: Added.
1357         (JSC):
1358         (JSC::StructureRareData::previousID):
1359         (JSC::StructureRareData::setPreviousID):
1360         (JSC::StructureRareData::clearPreviousID):
1361         (JSC::Structure::previous): Handles the ugly casting to get the value of the right type of m_previousOrRareData.
1362         (JSC::Structure::rareData): Ditto.
1363         (JSC::StructureRareData::objectToStringValue):
1364         (JSC::StructureRareData::setObjectToStringValue):
1365
1366         * CMakeLists.txt:
1367         * GNUmakefile.list.am:
1368         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
1369         * JavaScriptCore.xcodeproj/project.pbxproj:
1370         * Target.pri:
1371         * dfg/DFGRepatch.cpp:
1372         * jit/JITStubs.cpp:
1373         * jsc.cpp:
1374         * llint/LLIntSlowPaths.cpp:
1375         * runtime/JSCellInlines.h:
1376         * runtime/JSGlobalData.cpp:
1377         (JSC::JSGlobalData::JSGlobalData):
1378         * runtime/JSGlobalData.h:
1379         (JSGlobalData):
1380         * runtime/JSGlobalObject.h:
1381         * runtime/JSTypeInfo.h:
1382         (JSC):
1383         (JSC::TypeInfo::flags):
1384         (JSC::TypeInfo::structureHasRareData):
1385         * runtime/ObjectPrototype.cpp:
1386         * runtime/Structure.cpp:
1387         (JSC::Structure::dumpStatistics):
1388         (JSC::Structure::Structure):
1389         (JSC::Structure::materializePropertyMap):
1390         (JSC::Structure::addPropertyTransition):
1391         (JSC::Structure::nonPropertyTransition):
1392         (JSC::Structure::pin):
1393         (JSC::Structure::allocateRareData):
1394         (JSC):
1395         (JSC::Structure::cloneRareDataFrom):
1396         (JSC::Structure::visitChildren):
1397         * runtime/Structure.h:
1398         (JSC::Structure::previousID):
1399         (JSC::Structure::objectToStringValue):
1400         (JSC::Structure::setObjectToStringValue):
1401         (JSC::Structure::materializePropertyMapIfNecessary):
1402         (JSC::Structure::setPreviousID):
1403         (Structure):
1404         (JSC::Structure::clearPreviousID):
1405         (JSC::Structure::previous):
1406         (JSC::Structure::rareData):
1407         (JSC::Structure::create):
1408         * runtime/StructureRareData.cpp: Added.
1409         (JSC):
1410         (JSC::StructureRareData::createStructure):
1411         (JSC::StructureRareData::create):
1412         (JSC::StructureRareData::clone):
1413         (JSC::StructureRareData::StructureRareData):
1414         (JSC::StructureRareData::visitChildren):
1415         * runtime/StructureRareData.h: Added.
1416         (JSC):
1417         (StructureRareData):
1418         * runtime/StructureRareDataInlines.h: Added.
1419         (JSC):
1420         (JSC::StructureRareData::previousID):
1421         (JSC::StructureRareData::setPreviousID):
1422         (JSC::StructureRareData::clearPreviousID):
1423         (JSC::StructureRareData::objectToStringValue):
1424         (JSC::StructureRareData::setObjectToStringValue):
1425
1426 2013-02-01  Balazs Kilvady  <kilvadyb@homejinni.com>
1427
1428         offlineasm BaseIndex handling is broken on ARM due to MIPS changes
1429         https://bugs.webkit.org/show_bug.cgi?id=108261
1430
1431         Reviewed by Filip Pizlo.
1432
1433         offlineasm BaseIndex handling fix on MIPS.
1434
1435         * offlineasm/mips.rb:
1436         * offlineasm/risc.rb:
1437
1438 2013-02-01  Geoffrey Garen  <ggaren@apple.com>
1439
1440         Removed an unused function: JSGlobalObject::createFunctionExecutableFromGlobalCode
1441         https://bugs.webkit.org/show_bug.cgi?id=108657
1442
1443         Reviewed by Anders Carlsson.
1444
1445         * runtime/JSGlobalObject.cpp:
1446         (JSC):
1447         * runtime/JSGlobalObject.h:
1448         (JSGlobalObject):
1449
1450 2013-02-01  Geoffrey Garen  <ggaren@apple.com>
1451
1452         Added TriState to WTF and started using it in one place
1453         https://bugs.webkit.org/show_bug.cgi?id=108628
1454
1455         Reviewed by Beth Dakin.
1456
1457         * runtime/PrototypeMap.h:
1458         (JSC::PrototypeMap::isPrototype): Use TriState instead of boolean. In
1459         response to review feedback, this is an attempt to clarify that our
1460         'true' condition is actually just a 'maybe'.
1461
1462         * runtime/PrototypeMap.h:
1463         (PrototypeMap):
1464         (JSC::PrototypeMap::isPrototype):
1465
1466 2013-02-01  Alexis Menard  <alexis@webkit.org>
1467
1468         Enable unprefixed CSS transitions by default.
1469         https://bugs.webkit.org/show_bug.cgi?id=108216
1470
1471         Reviewed by Dean Jackson.
1472
1473         Rename the flag CSS_TRANSFORMS_ANIMATIONS_TRANSITIONS_UNPREFIXED
1474         to CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED which will be used later to 
1475         guard the unprefixing work for CSS Transforms and animations.
1476
1477         * Configurations/FeatureDefines.xcconfig:
1478
1479 2013-01-31  Filip Pizlo  <fpizlo@apple.com>
1480
1481         DFG::CFGSimplificationPhase::keepOperandAlive() conflates liveness and availability
1482         https://bugs.webkit.org/show_bug.cgi?id=108580
1483
1484         Reviewed by Oliver Hunt.
1485         
1486         This is a harmless bug in that it only results in us keeping a bit too many things
1487         for OSR.  But it's worth fixing so that the code is consistent.
1488
1489         keepOperandAlive() is called when block A has a branch to blocks B and C, but the
1490         A->B edge is proven to never be taken and we want to optimize the code to have A
1491         unconditionally jump to C.  In that case, for the purposes of OSR, we need to
1492         preserve the knowledge that the state that B expected to be live incoming from A
1493         ought still to be live up to the point of where the A->B,C branch used to be.  The
1494         way we keep things alive is by using the variablesAtTail of A (i.e., we use the
1495         knowledge of in what manner A made state available to B and C).  The way we choose
1496         which state should be kept alive ought to be chosen by the variablesAtHead of B
1497         (i.e. the things B says it needs from its predecessors, including A), except that
1498         keepOperandAlive() was previously just using variablesAtTail of A for this
1499         purpose.
1500         
1501         The fix is to have keepOperandAlive() use both liveness and availability in its
1502         logic. It should use liveness (i.e. B->variablesAtHead) to decide what to keep
1503         alive, and it should use availability (i.e. A->variablesAtTail) to decide how to
1504         keep it alive.
1505         
1506         This might be a microscopic win on some programs, but it's mainly intended to be
1507         a code clean-up so that I don't end up scratching my head in confusion the next
1508         time I look at this code.
1509
1510         * dfg/DFGCFGSimplificationPhase.cpp:
1511         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
1512         (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
1513         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1514
1515 2013-01-31  Geoffrey Garen  <ggaren@apple.com>
1516
1517         REGRESSION (r141192): Crash beneath cti_op_get_by_id_generic @ discussions.apple.com
1518         https://bugs.webkit.org/show_bug.cgi?id=108576
1519
1520         Reviewed by Filip Pizlo.
1521
1522         This was a long-standing bug. The DFG would destructively reuse a register
1523         in op_convert_this, but:
1524
1525             * The bug only presented during speculation failure for type Other
1526
1527             * The bug presented by removing the low bits of a pointer, which
1528             used to be harmless, since all objects were so aligned anyway.
1529
1530         * dfg/DFGSpeculativeJIT64.cpp:
1531         (JSC::DFG::SpeculativeJIT::compile): Don't reuse our this register as
1532         our scratch register. The whole point of our scratch register is to
1533         avoid destructively modifying our this register. I'm pretty sure this
1534         was a copy-paste error.
1535
1536 2013-01-31  Roger Fong  <roger_fong@apple.com>
1537
1538         Unreviewed. Windows build fix.
1539
1540         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1541
1542 2013-01-31  Jessie Berlin  <jberlin@apple.com>
1543
1544         Rolling out r141407 because it is causing crashes under
1545         WTF::TCMalloc_Central_FreeList::FetchFromSpans() in Release builds.
1546
1547         * bytecode/CodeBlock.cpp:
1548         (JSC::CodeBlock::CodeBlock):
1549
1550 2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1551
1552         Objective-C API: JSContext exception property causes reference cycle
1553         https://bugs.webkit.org/show_bug.cgi?id=107778
1554
1555         Reviewed by Darin Adler.
1556
1557         JSContext has a (retain) JSValue * exception property which, when non-null, creates a 
1558         reference cycle (since the JSValue * holds a strong reference back to the JSContext *).
1559
1560         * API/JSContext.mm: Instead of JSValue *, we now use a plain JSValueRef, which eliminates the reference cycle.
1561         (-[JSContext initWithVirtualMachine:]):
1562         (-[JSContext setException:]):
1563         (-[JSContext exception]):
1564
1565 2013-01-31  Roger Fong  <roger_fong@apple.com>
1566
1567         Unreviewed build fix. Win7 port.
1568
1569         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1570
1571 2013-01-31  Joseph Pecoraro  <pecoraro@apple.com>
1572
1573         Disable ENABLE_FULLSCREEN_API on iOS
1574         https://bugs.webkit.org/show_bug.cgi?id=108250
1575
1576         Reviewed by Benjamin Poulain.
1577
1578         * Configurations/FeatureDefines.xcconfig:
1579
1580 2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1581
1582         Objective-C API: Fix insertion of values greater than the max index allowed by the spec
1583         https://bugs.webkit.org/show_bug.cgi?id=108264
1584
1585         Reviewed by Oliver Hunt.
1586
1587         Fixed a bug, added a test to the API tests, cleaned up some code.
1588
1589         * API/JSValue.h: Changed some of the documentation on setValue:atIndex: to indicate that 
1590         setting values at indices greater than UINT_MAX - 1 wont' affect the length of JS arrays.
1591         * API/JSValue.mm:
1592         (-[JSValue valueAtIndex:]): We weren't returning when we should have been.
1593         (-[JSValue setValue:atIndex:]): Added a comment about why we do the early check for being larger than UINT_MAX.
1594         (objectToValueWithoutCopy): Removed two redundant cases that were already checked previously.
1595         * API/tests/testapi.mm:
1596
1597 2013-01-30  Andreas Kling  <akling@apple.com>
1598
1599         Vector should consult allocator about ideal size when choosing capacity.
1600         <http://webkit.org/b/108410>
1601         <rdar://problem/13124002>
1602
1603         Reviewed by Benjamin Poulain.
1604
1605         Remove assertion about Vector capacity that won't hold anymore since capacity()
1606         may not be what you passed to reserveCapacity().
1607
1608         * bytecode/CodeBlock.cpp:
1609         (JSC::CodeBlock::CodeBlock):
1610
1611 2013-01-30  Filip Pizlo  <fpizlo@apple.com>
1612
1613         DFG bytecode parser should have more assertions about the status of local accesses
1614         https://bugs.webkit.org/show_bug.cgi?id=108417
1615
1616         Reviewed by Mark Hahnenberg.
1617         
1618         Assert some things that we already know to be true, just to reassure ourselves that they are true.
1619         This is meant as a prerequisite for https://bugs.webkit.org/show_bug.cgi?id=108414, which will
1620         make these rules even stricter.
1621
1622         * dfg/DFGByteCodeParser.cpp:
1623         (JSC::DFG::ByteCodeParser::getLocal):
1624         (JSC::DFG::ByteCodeParser::getArgument):
1625
1626 2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
1627
1628         Objective-C API: JSContext's dealloc causes ASSERT due to ordering of releases
1629         https://bugs.webkit.org/show_bug.cgi?id=107978
1630
1631         Reviewed by Filip Pizlo.
1632
1633         We need to add the Identifier table save/restore in JSContextGroupRelease so that we 
1634         have the correct table if we end up destroying the JSGlobalData/Heap.
1635
1636         * API/JSContextRef.cpp:
1637         (JSContextGroupRelease):
1638
1639 2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
1640
1641         Objective-C API: exceptionHandler needs to be released in JSContext dealloc
1642         https://bugs.webkit.org/show_bug.cgi?id=108378
1643
1644         Reviewed by Filip Pizlo.
1645
1646         JSContext has a (copy) exceptionHandler property that it doesn't release in dealloc. 
1647         That sounds like the potential for a leak. It should be released.
1648
1649         * API/JSContext.mm:
1650         (-[JSContext dealloc]):
1651
1652 2013-01-30  Filip Pizlo  <fpizlo@apple.com>
1653
1654         REGRESSION(140504): pure CSE no longer matches things, 10% regression on Kraken
1655         https://bugs.webkit.org/show_bug.cgi?id=108366
1656
1657         Reviewed by Geoffrey Garen and Mark Hahnenberg.
1658         
1659         This was a longstanding bug that was revealed by http://trac.webkit.org/changeset/140504.
1660         Pure CSE requires that the Node::flags() that may affect the behavior of a node match,
1661         when comparing a possibly redundant node to its possible replacement. It was doing this
1662         by comparing Node::arithNodeFlags(), which as the name might appear to suggest, returns
1663         just those flag bits that correspond to actual node behavior and not auxiliary things.
1664         Unfortunately, Node::arithNodeFlags() wasn't actually masking off the irrelevant bits.
1665         This worked prior to r140504 because CSE itself didn't mutate the flags, so there was a
1666         very high probability that matching nodes would also have completely identical flag bits
1667         (even the ones that aren't relevant to arithmetic behavior, like NodeDoesNotExit). But
1668         r140504 moved one of CSE's side-tables (m_relevantToOSR) into a flag bit for quicker
1669         access. These bits would be mutated as the CSE ran over a basic block, in such a way that
1670         there was a very high probability that the possible replacement would already have the
1671         bit set, while the redundant node did not have the bit set. Since Node::arithNodeFlags()
1672         returned all of the bits, this would cause CSEPhase::pureCSE() to reject the match
1673         almost every time.
1674         
1675         The solution is to make Node::arithNodeFlags() do as its name suggests: only return those
1676         flags that are relevant to arithmetic behavior. This patch introduces a new mask that
1677         represents those bits, and includes NodeBehaviorMask and NodeBackPropMask, which are both
1678         used for queries on Node::arithNodeFlags(), and both affect arithmetic code gen. None of
1679         the other flags are relevant to Node::arithNodeFlags() since they either correspond to
1680         information already conveyed by the opcode (like NodeResultMask, NodeMustGenerate,
1681         NodeHasVarArgs, NodeClobbersWorld, NodeMightClobber) or information that doesn't affect
1682         the result that the node will produce or any of the queries performed on the result of
1683         Node::arithNodeFlags (NodeDoesNotExit and of course NodeRelevantToOSR).
1684         
1685         This is a 10% speed-up on Kraken, undoing the regression from r140504.
1686
1687         * dfg/DFGNode.h:
1688         (JSC::DFG::Node::arithNodeFlags):
1689         * dfg/DFGNodeFlags.h:
1690         (DFG):
1691
1692 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1693
1694         Structure::m_outOfLineCapacity is unnecessary
1695         https://bugs.webkit.org/show_bug.cgi?id=108206
1696
1697         Reviewed by Geoffrey Garen.
1698
1699         We can calculate our out of line capacity by using the outOfLineSize and our knowledge about our resize policy.
1700         According to GDB, this knocks Structures down from 136 bytes to 128 bytes (I'm guessing the extra bytes are from
1701         better alignment of object fields), which puts Structures in a smaller size class. Woohoo! Looks neutral on our 
1702         benchmarks.
1703
1704         * runtime/Structure.cpp:
1705         (JSC::Structure::Structure):
1706         (JSC):
1707         (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
1708         (JSC::Structure::addPropertyTransition):
1709         (JSC::Structure::addPropertyWithoutTransition):
1710         * runtime/Structure.h:
1711         (Structure):
1712         (JSC::Structure::outOfLineCapacity):
1713         (JSC::Structure::totalStorageCapacity):
1714
1715 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
1716
1717         Be a little more conservative about emitting table-based switches
1718         https://bugs.webkit.org/show_bug.cgi?id=108292
1719
1720         Reviewed by Filip Pizlo.
1721
1722         Profiling shows we're using op_switch in cases where it's a regression.
1723
1724         * bytecompiler/NodesCodegen.cpp:
1725         (JSC):
1726         (JSC::length):
1727         (JSC::CaseBlockNode::tryTableSwitch):
1728         (JSC::CaseBlockNode::emitBytecodeForBlock):
1729         * parser/Nodes.h:
1730         (CaseBlockNode):
1731
1732 2013-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>
1733
1734         Unreviewed, rolling out r140983.
1735         http://trac.webkit.org/changeset/140983
1736         https://bugs.webkit.org/show_bug.cgi?id=108277
1737
1738         Unfortunately, this API has one last client (Requested by
1739         abarth on #webkit).
1740
1741         * Configurations/FeatureDefines.xcconfig:
1742
1743 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1744
1745         Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
1746         https://bugs.webkit.org/show_bug.cgi?id=107839
1747
1748         Reviewed by Geoffrey Garen.
1749
1750         Fixing several ASSERTs that were incorrect along with some of the reallocation of m_prototype and 
1751         m_constructor that they were based on.
1752
1753         * API/JSWrapperMap.mm:
1754         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We now only allocate those
1755         fields that are null (i.e. have been collected or have never been allocated to begin with).
1756         (-[JSObjCClassInfo reallocateConstructorAndOrPrototype]): Renamed to better indicate that we're 
1757         reallocating one or both of the prototype/constructor combo.
1758         (-[JSObjCClassInfo wrapperForObject:]): Call new reallocate function.
1759         (-[JSObjCClassInfo constructor]): Ditto.
1760
1761 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
1762
1763         Make precise size classes more precise
1764         https://bugs.webkit.org/show_bug.cgi?id=108270
1765
1766         Reviewed by Mark Hahnenberg.
1767
1768         Size inference makes this profitable.
1769
1770         I chose 8 byte increments because JSString is 24 bytes. Otherwise, 16
1771         byte increments might be better.
1772
1773         * heap/Heap.h:
1774         (Heap): Removed firstAllocatorWithoutDestructors because it's unused now.
1775
1776         * heap/MarkedBlock.h:
1777         (MarkedBlock): Updated constants.
1778
1779         * heap/MarkedSpace.h:
1780         (MarkedSpace):
1781         (JSC): Also reduced the maximum precise size class because my testing
1782         has shown that the smaller size classes are much more common. This
1783         offsets some of the size class explosion caused by reducing the precise
1784         increment.
1785
1786         * llint/LLIntData.cpp:
1787         (JSC::LLInt::Data::performAssertions): No need for this ASSERT anymore
1788         because we don't rely on firstAllocatorWithoutDestructors anymore, since
1789         we pick size classes dynamically now.
1790
1791 2013-01-29  Oliver Hunt  <oliver@apple.com>
1792
1793         Add some hardening to methodTable()
1794         https://bugs.webkit.org/show_bug.cgi?id=108253
1795
1796         Reviewed by Mark Hahnenberg.
1797
1798         When accessing methodTable() we now always make sure that our
1799         structure _could_ be valid.  Added a separate method to get a
1800         classes methodTable during destruction as it's not possible to
1801         validate the structure at that point.  This separation might
1802         also make it possible to improve the performance of methodTable
1803         access more generally in future.
1804
1805         * heap/MarkedBlock.cpp:
1806         (JSC::MarkedBlock::callDestructor):
1807         * runtime/JSCell.h:
1808         (JSCell):
1809         * runtime/JSCellInlines.h:
1810         (JSC::JSCell::methodTableForDestruction):
1811         (JSC):
1812         (JSC::JSCell::methodTable):
1813
1814 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
1815
1816         offlineasm BaseIndex handling is broken on ARM due to MIPS changes
1817         https://bugs.webkit.org/show_bug.cgi?id=108261
1818
1819         Reviewed by Oliver Hunt.
1820         
1821         Backends shouldn't override each other's methods. That's not cool.
1822
1823         * offlineasm/mips.rb:
1824
1825 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
1826
1827         cloop.rb shouldn't use a method called 'dump' for code generation
1828         https://bugs.webkit.org/show_bug.cgi?id=108251
1829
1830         Reviewed by Mark Hahnenberg.
1831         
1832         Revert http://trac.webkit.org/changeset/141178 and rename 'dump' to 'clDump'.
1833         
1834         Also made trivial build fixes for !ENABLE(JIT).
1835
1836         * offlineasm/cloop.rb:
1837         * runtime/Executable.h:
1838         (ExecutableBase):
1839         (JSC::ExecutableBase::intrinsicFor):
1840         * runtime/JSGlobalData.h:
1841
1842 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
1843
1844         Removed GGC because it has been disabled for a long time
1845         https://bugs.webkit.org/show_bug.cgi?id=108245
1846
1847         Reviewed by Filip Pizlo.
1848
1849         * GNUmakefile.list.am:
1850         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1851         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1852         * JavaScriptCore.xcodeproj/project.pbxproj:
1853         * dfg/DFGRepatch.cpp:
1854         (JSC::DFG::emitPutReplaceStub):
1855         (JSC::DFG::emitPutTransitionStub):
1856         * dfg/DFGSpeculativeJIT.cpp:
1857         (JSC::DFG::SpeculativeJIT::writeBarrier):
1858         * dfg/DFGSpeculativeJIT.h:
1859         (SpeculativeJIT):
1860         * dfg/DFGSpeculativeJIT32_64.cpp:
1861         (JSC::DFG::SpeculativeJIT::compile):
1862         * dfg/DFGSpeculativeJIT64.cpp:
1863         (JSC::DFG::SpeculativeJIT::compile):
1864         * heap/CardSet.h: Removed.
1865         * heap/Heap.cpp:
1866         (JSC::Heap::markRoots):
1867         (JSC::Heap::collect):
1868         * heap/Heap.h:
1869         (Heap):
1870         (JSC::Heap::shouldCollect):
1871         (JSC::Heap::isWriteBarrierEnabled):
1872         (JSC):
1873         (JSC::Heap::writeBarrier):
1874         * heap/MarkedBlock.h:
1875         (MarkedBlock):
1876         (JSC):
1877         * heap/MarkedSpace.cpp:
1878         (JSC):
1879         * jit/JITPropertyAccess.cpp:
1880         (JSC::JIT::emitWriteBarrier):
1881
1882 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
1883
1884         Remove redundant AST dump method from cloop.rb, since they are already defined in ast.rb
1885         https://bugs.webkit.org/show_bug.cgi?id=108247
1886
1887         Reviewed by Oliver Hunt.
1888         
1889         Makes offlineasm dumping easier to read and less likely to cause assertion failures.
1890         Also fixes the strange situation where cloop.rb and ast.rb both defined dump methods,
1891         but cloop.rb was winning.
1892
1893         * offlineasm/cloop.rb:
1894
1895 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1896
1897         Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
1898         https://bugs.webkit.org/show_bug.cgi?id=107839
1899
1900         Reviewed by Oliver Hunt.
1901
1902         JSContext has a JSWrapperMap, which has an NSMutableDictionary m_classMap, which has values that 
1903         are JSObjCClassInfo objects, which have strong references to two JSValue *'s, m_prototype and 
1904         m_constructor, which in turn have strong references to the JSContext, creating a reference cycle. 
1905         We should make m_prototype and m_constructor Weak<JSObject>. This gets rid of the strong reference 
1906         to the JSContext and also prevents clients from accidentally creating reference cycles by assigning 
1907         to the prototype of the constructor. If Weak<JSObject> fields are ever garbage collected, we will 
1908         reallocate them.
1909
1910         * API/JSContext.mm:
1911         (-[JSContext wrapperMap]):
1912         * API/JSContextInternal.h:
1913         * API/JSWrapperMap.mm:
1914         (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
1915         (-[JSObjCClassInfo dealloc]):
1916         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
1917         (-[JSObjCClassInfo allocateConstructorAndPrototype]):
1918         (-[JSObjCClassInfo wrapperForObject:]):
1919         (-[JSObjCClassInfo constructor]):
1920
1921 2013-01-29  Oliver Hunt  <oliver@apple.com>
1922
1923         REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
1924         https://bugs.webkit.org/show_bug.cgi?id=108097
1925
1926         Reviewed by Geoffrey Garen.
1927
1928         LiteralParser was accepting a bogus 'var a.b = c' statement
1929
1930         * runtime/LiteralParser.cpp:
1931         (JSC::::tryJSONPParse):
1932
1933 2013-01-29  Oliver Hunt  <oliver@apple.com>
1934
1935         Force debug builds to do bounds checks on contiguous property storage
1936         https://bugs.webkit.org/show_bug.cgi?id=108212
1937
1938         Reviewed by Mark Hahnenberg.
1939
1940         Add a ContiguousData type that we use to represent contiguous property
1941         storage.  In release builds it is simply a pointer to the correct type,
1942         but in debug builds it also carries the data length and performs bounds
1943         checks.  This means we don't have to add as many manual bounds assertions
1944         when performing operations over contiguous data.
1945
1946         * dfg/DFGOperations.cpp:
1947         * runtime/ArrayStorage.h:
1948         (ArrayStorage):
1949         (JSC::ArrayStorage::vector):
1950         * runtime/Butterfly.h:
1951         (JSC::ContiguousData::ContiguousData):
1952         (ContiguousData):
1953         (JSC::ContiguousData::operator[]):
1954         (JSC::ContiguousData::data):
1955         (JSC::ContiguousData::length):
1956         (JSC):
1957         (JSC::Butterfly::contiguousInt32):
1958         (Butterfly):
1959         (JSC::Butterfly::contiguousDouble):
1960         (JSC::Butterfly::contiguous):
1961         * runtime/JSArray.cpp:
1962         (JSC::JSArray::sortNumericVector):
1963         (ContiguousTypeAccessor):
1964         (JSC::ContiguousTypeAccessor::getAsValue):
1965         (JSC::ContiguousTypeAccessor::setWithValue):
1966         (JSC::ContiguousTypeAccessor::replaceDataReference):
1967         (JSC):
1968         (JSC::JSArray::sortCompactedVector):
1969         (JSC::JSArray::sort):
1970         (JSC::JSArray::fillArgList):
1971         (JSC::JSArray::copyToArguments):
1972         * runtime/JSArray.h:
1973         (JSArray):
1974         * runtime/JSObject.cpp:
1975         (JSC::JSObject::copyButterfly):
1976         (JSC::JSObject::visitButterfly):
1977         (JSC::JSObject::createInitialInt32):
1978         (JSC::JSObject::createInitialDouble):
1979         (JSC::JSObject::createInitialContiguous):
1980         (JSC::JSObject::convertUndecidedToInt32):
1981         (JSC::JSObject::convertUndecidedToDouble):
1982         (JSC::JSObject::convertUndecidedToContiguous):
1983         (JSC::JSObject::convertInt32ToDouble):
1984         (JSC::JSObject::convertInt32ToContiguous):
1985         (JSC::JSObject::genericConvertDoubleToContiguous):
1986         (JSC::JSObject::convertDoubleToContiguous):
1987         (JSC::JSObject::rageConvertDoubleToContiguous):
1988         (JSC::JSObject::ensureInt32Slow):
1989         (JSC::JSObject::ensureDoubleSlow):
1990         (JSC::JSObject::ensureContiguousSlow):
1991         (JSC::JSObject::rageEnsureContiguousSlow):
1992         (JSC::JSObject::ensureLengthSlow):
1993         * runtime/JSObject.h:
1994         (JSC::JSObject::ensureInt32):
1995         (JSC::JSObject::ensureDouble):
1996         (JSC::JSObject::ensureContiguous):
1997         (JSC::JSObject::rageEnsureContiguous):
1998         (JSObject):
1999         (JSC::JSObject::indexingData):
2000         (JSC::JSObject::currentIndexingData):
2001
2002 2013-01-29  Brent Fulgham  <bfulgham@webkit.org>
2003
2004         [Windows, WinCairo] Unreviewed build fix after r141050
2005
2006         * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Update symbols
2007         to match JavaScriptCore.vcproj version.
2008
2009 2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2010
2011         [Qt] Implement GCActivityCallback
2012         https://bugs.webkit.org/show_bug.cgi?id=103998
2013
2014         Reviewed by Simon Hausmann.
2015
2016         Implements the activity triggered garbage collector.
2017
2018         * runtime/GCActivityCallback.cpp:
2019         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
2020         (JSC::DefaultGCActivityCallback::scheduleTimer):
2021         (JSC::DefaultGCActivityCallback::cancelTimer):
2022         * runtime/GCActivityCallback.h:
2023         (GCActivityCallback):
2024         (DefaultGCActivityCallback):
2025
2026 2013-01-29  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
2027
2028         Compilation warning in JSC
2029         https://bugs.webkit.org/show_bug.cgi?id=108178
2030
2031         Reviewed by Kentaro Hara.
2032
2033         Fixed 'comparison between signed and unsigned integer' warning in JSC::Structure constructor.
2034
2035         * runtime/Structure.cpp:
2036         (JSC::Structure::Structure):
2037
2038 2013-01-29  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
2039
2040         [Qt] Fix the JSC build on Mac
2041
2042         Unreviewed, build fix.
2043
2044         * heap/HeapTimer.h:
2045         Qt on Mac has USE(CF) true, and should use the CF HeapTimer in that case.
2046
2047 2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
2048
2049         [Qt] Implement IncrementalSweeper and HeapTimer
2050         https://bugs.webkit.org/show_bug.cgi?id=103996
2051
2052         Reviewed by Simon Hausmann.
2053
2054         Implements the incremental sweeping garbage collection for the Qt platform.
2055
2056         * heap/HeapTimer.cpp:
2057         (JSC::HeapTimer::HeapTimer):
2058         (JSC::HeapTimer::~HeapTimer):
2059         (JSC::HeapTimer::timerEvent):
2060         (JSC::HeapTimer::synchronize):
2061         (JSC::HeapTimer::invalidate):
2062         (JSC::HeapTimer::didStartVMShutdown):
2063         * heap/HeapTimer.h:
2064         (HeapTimer):
2065         * heap/IncrementalSweeper.cpp:
2066         (JSC::IncrementalSweeper::IncrementalSweeper):
2067         (JSC::IncrementalSweeper::scheduleTimer):
2068         * heap/IncrementalSweeper.h:
2069         (IncrementalSweeper):
2070
2071 2013-01-28  Filip Pizlo  <fpizlo@apple.com>
2072
2073         DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
2074         https://bugs.webkit.org/show_bug.cgi?id=106868
2075
2076         Reviewed by Oliver Hunt.
2077         
2078         This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
2079         uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
2080         for debugging (Node::index(), which is not guaranteed to be O(1)).
2081         
2082         1% speed-up on SunSpider, presumably because this improves compile times.
2083
2084         * CMakeLists.txt:
2085         * GNUmakefile.list.am:
2086         * JavaScriptCore.xcodeproj/project.pbxproj:
2087         * Target.pri:
2088         * bytecode/DataFormat.h:
2089         (JSC::dataFormatToString):
2090         * dfg/DFGAbstractState.cpp:
2091         (JSC::DFG::AbstractState::initialize):
2092         (JSC::DFG::AbstractState::booleanResult):
2093         (JSC::DFG::AbstractState::execute):
2094         (JSC::DFG::AbstractState::mergeStateAtTail):
2095         (JSC::DFG::AbstractState::mergeToSuccessors):
2096         (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
2097         (JSC::DFG::AbstractState::dump):
2098         * dfg/DFGAbstractState.h:
2099         (DFG):
2100         (JSC::DFG::AbstractState::forNode):
2101         (AbstractState):
2102         (JSC::DFG::AbstractState::speculateInt32Unary):
2103         (JSC::DFG::AbstractState::speculateNumberUnary):
2104         (JSC::DFG::AbstractState::speculateBooleanUnary):
2105         (JSC::DFG::AbstractState::speculateInt32Binary):
2106         (JSC::DFG::AbstractState::speculateNumberBinary):
2107         (JSC::DFG::AbstractState::trySetConstant):
2108         * dfg/DFGAbstractValue.h:
2109         (AbstractValue):
2110         * dfg/DFGAdjacencyList.h:
2111         (JSC::DFG::AdjacencyList::AdjacencyList):
2112         (JSC::DFG::AdjacencyList::initialize):
2113         * dfg/DFGAllocator.h: Added.
2114         (DFG):
2115         (Allocator):
2116         (JSC::DFG::Allocator::Region::size):
2117         (JSC::DFG::Allocator::Region::headerSize):
2118         (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
2119         (JSC::DFG::Allocator::Region::data):
2120         (JSC::DFG::Allocator::Region::isInThisRegion):
2121         (JSC::DFG::Allocator::Region::regionFor):
2122         (Region):
2123         (JSC::DFG::::Allocator):
2124         (JSC::DFG::::~Allocator):
2125         (JSC::DFG::::allocate):
2126         (JSC::DFG::::free):
2127         (JSC::DFG::::freeAll):
2128         (JSC::DFG::::reset):
2129         (JSC::DFG::::indexOf):
2130         (JSC::DFG::::allocatorOf):
2131         (JSC::DFG::::bumpAllocate):
2132         (JSC::DFG::::freeListAllocate):
2133         (JSC::DFG::::allocateSlow):
2134         (JSC::DFG::::freeRegionsStartingAt):
2135         (JSC::DFG::::startBumpingIn):
2136         * dfg/DFGArgumentsSimplificationPhase.cpp:
2137         (JSC::DFG::ArgumentsSimplificationPhase::run):
2138         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
2139         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
2140         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
2141         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
2142         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
2143         * dfg/DFGArrayMode.cpp:
2144         (JSC::DFG::ArrayMode::originalArrayStructure):
2145         (JSC::DFG::ArrayMode::alreadyChecked):
2146         * dfg/DFGArrayMode.h:
2147         (ArrayMode):
2148         * dfg/DFGArrayifySlowPathGenerator.h:
2149         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
2150         * dfg/DFGBasicBlock.h:
2151         (JSC::DFG::BasicBlock::node):
2152         (JSC::DFG::BasicBlock::isInPhis):
2153         (JSC::DFG::BasicBlock::isInBlock):
2154         (BasicBlock):
2155         * dfg/DFGBasicBlockInlines.h:
2156         (DFG):
2157         * dfg/DFGByteCodeParser.cpp:
2158         (ByteCodeParser):
2159         (JSC::DFG::ByteCodeParser::getDirect):
2160         (JSC::DFG::ByteCodeParser::get):
2161         (JSC::DFG::ByteCodeParser::setDirect):
2162         (JSC::DFG::ByteCodeParser::set):
2163         (JSC::DFG::ByteCodeParser::setPair):
2164         (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
2165         (JSC::DFG::ByteCodeParser::getLocal):
2166         (JSC::DFG::ByteCodeParser::setLocal):
2167         (JSC::DFG::ByteCodeParser::getArgument):
2168         (JSC::DFG::ByteCodeParser::setArgument):
2169         (JSC::DFG::ByteCodeParser::flushDirect):
2170         (JSC::DFG::ByteCodeParser::getToInt32):
2171         (JSC::DFG::ByteCodeParser::toInt32):
2172         (JSC::DFG::ByteCodeParser::getJSConstantForValue):
2173         (JSC::DFG::ByteCodeParser::getJSConstant):
2174         (JSC::DFG::ByteCodeParser::getCallee):
2175         (JSC::DFG::ByteCodeParser::getThis):
2176         (JSC::DFG::ByteCodeParser::setThis):
2177         (JSC::DFG::ByteCodeParser::isJSConstant):
2178         (JSC::DFG::ByteCodeParser::isInt32Constant):
2179         (JSC::DFG::ByteCodeParser::valueOfJSConstant):
2180         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
2181         (JSC::DFG::ByteCodeParser::constantUndefined):
2182         (JSC::DFG::ByteCodeParser::constantNull):
2183         (JSC::DFG::ByteCodeParser::one):
2184         (JSC::DFG::ByteCodeParser::constantNaN):
2185         (JSC::DFG::ByteCodeParser::cellConstant):
2186         (JSC::DFG::ByteCodeParser::addToGraph):
2187         (JSC::DFG::ByteCodeParser::insertPhiNode):
2188         (JSC::DFG::ByteCodeParser::addVarArgChild):
2189         (JSC::DFG::ByteCodeParser::addCall):
2190         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
2191         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
2192         (JSC::DFG::ByteCodeParser::getPrediction):
2193         (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
2194         (JSC::DFG::ByteCodeParser::makeSafe):
2195         (JSC::DFG::ByteCodeParser::makeDivSafe):
2196         (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
2197         (ConstantRecord):
2198         (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
2199         (PhiStackEntry):
2200         (JSC::DFG::ByteCodeParser::handleCall):
2201         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
2202         (JSC::DFG::ByteCodeParser::handleInlining):
2203         (JSC::DFG::ByteCodeParser::setIntrinsicResult):
2204         (JSC::DFG::ByteCodeParser::handleMinMax):
2205         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2206         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2207         (JSC::DFG::ByteCodeParser::handleGetById):
2208         (JSC::DFG::ByteCodeParser::getScope):
2209         (JSC::DFG::ByteCodeParser::parseResolveOperations):
2210         (JSC::DFG::ByteCodeParser::parseBlock):
2211         (JSC::DFG::ByteCodeParser::processPhiStack):
2212         (JSC::DFG::ByteCodeParser::linkBlock):
2213         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2214         (JSC::DFG::ByteCodeParser::parse):
2215         * dfg/DFGCFAPhase.cpp:
2216         (JSC::DFG::CFAPhase::performBlockCFA):
2217         * dfg/DFGCFGSimplificationPhase.cpp:
2218         (JSC::DFG::CFGSimplificationPhase::run):
2219         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
2220         (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
2221         (JSC::DFG::CFGSimplificationPhase::fixPhis):
2222         (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
2223         (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
2224         (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
2225         (OperandSubstitution):
2226         (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
2227         (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
2228         (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
2229         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
2230         * dfg/DFGCSEPhase.cpp:
2231         (JSC::DFG::CSEPhase::canonicalize):
2232         (JSC::DFG::CSEPhase::endIndexForPureCSE):
2233         (JSC::DFG::CSEPhase::pureCSE):
2234         (JSC::DFG::CSEPhase::constantCSE):
2235         (JSC::DFG::CSEPhase::weakConstantCSE):
2236         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
2237         (JSC::DFG::CSEPhase::getArrayLengthElimination):
2238         (JSC::DFG::CSEPhase::globalVarLoadElimination):
2239         (JSC::DFG::CSEPhase::scopedVarLoadElimination):
2240         (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
2241         (JSC::DFG::CSEPhase::globalVarStoreElimination):
2242         (JSC::DFG::CSEPhase::scopedVarStoreElimination):
2243         (JSC::DFG::CSEPhase::getByValLoadElimination):
2244         (JSC::DFG::CSEPhase::checkFunctionElimination):
2245         (JSC::DFG::CSEPhase::checkExecutableElimination):
2246         (JSC::DFG::CSEPhase::checkStructureElimination):
2247         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
2248         (JSC::DFG::CSEPhase::putStructureStoreElimination):
2249         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
2250         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
2251         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
2252         (JSC::DFG::CSEPhase::checkArrayElimination):
2253         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
2254         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
2255         (JSC::DFG::CSEPhase::getLocalLoadElimination):
2256         (JSC::DFG::CSEPhase::setLocalStoreElimination):
2257         (JSC::DFG::CSEPhase::performSubstitution):
2258         (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
2259         (JSC::DFG::CSEPhase::setReplacement):
2260         (JSC::DFG::CSEPhase::eliminate):
2261         (JSC::DFG::CSEPhase::performNodeCSE):
2262         (JSC::DFG::CSEPhase::performBlockCSE):
2263         (CSEPhase):
2264         * dfg/DFGCommon.cpp: Added.
2265         (DFG):
2266         (JSC::DFG::NodePointerTraits::dump):
2267         * dfg/DFGCommon.h:
2268         (DFG):
2269         (JSC::DFG::NodePointerTraits::defaultValue):
2270         (NodePointerTraits):
2271         (JSC::DFG::verboseCompilationEnabled):
2272         (JSC::DFG::shouldDumpGraphAtEachPhase):
2273         (JSC::DFG::validationEnabled):
2274         * dfg/DFGConstantFoldingPhase.cpp:
2275         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2276         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
2277         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2278         (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
2279         * dfg/DFGDisassembler.cpp:
2280         (JSC::DFG::Disassembler::Disassembler):
2281         (JSC::DFG::Disassembler::createDumpList):
2282         (JSC::DFG::Disassembler::dumpDisassembly):
2283         * dfg/DFGDisassembler.h:
2284         (JSC::DFG::Disassembler::setForNode):
2285         (Disassembler):
2286         * dfg/DFGDriver.cpp:
2287         (JSC::DFG::compile):
2288         * dfg/DFGEdge.cpp: Added.
2289         (DFG):
2290         (JSC::DFG::Edge::dump):
2291         * dfg/DFGEdge.h:
2292         (JSC::DFG::Edge::Edge):
2293         (JSC::DFG::Edge::node):
2294         (JSC::DFG::Edge::operator*):
2295         (JSC::DFG::Edge::operator->):
2296         (Edge):
2297         (JSC::DFG::Edge::setNode):
2298         (JSC::DFG::Edge::useKind):
2299         (JSC::DFG::Edge::setUseKind):
2300         (JSC::DFG::Edge::isSet):
2301         (JSC::DFG::Edge::shift):
2302         (JSC::DFG::Edge::makeWord):
2303         (JSC::DFG::operator==):
2304         (JSC::DFG::operator!=):
2305         * dfg/DFGFixupPhase.cpp:
2306         (JSC::DFG::FixupPhase::fixupBlock):
2307         (JSC::DFG::FixupPhase::fixupNode):
2308         (JSC::DFG::FixupPhase::checkArray):
2309         (JSC::DFG::FixupPhase::blessArrayOperation):
2310         (JSC::DFG::FixupPhase::fixIntEdge):
2311         (JSC::DFG::FixupPhase::fixDoubleEdge):
2312         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2313         (FixupPhase):
2314         * dfg/DFGGenerationInfo.h:
2315         (JSC::DFG::GenerationInfo::GenerationInfo):
2316         (JSC::DFG::GenerationInfo::initConstant):
2317         (JSC::DFG::GenerationInfo::initInteger):
2318         (JSC::DFG::GenerationInfo::initJSValue):
2319         (JSC::DFG::GenerationInfo::initCell):
2320         (JSC::DFG::GenerationInfo::initBoolean):
2321         (JSC::DFG::GenerationInfo::initDouble):
2322         (JSC::DFG::GenerationInfo::initStorage):
2323         (GenerationInfo):
2324         (JSC::DFG::GenerationInfo::node):
2325         (JSC::DFG::GenerationInfo::noticeOSRBirth):
2326         (JSC::DFG::GenerationInfo::use):
2327         (JSC::DFG::GenerationInfo::appendFill):
2328         (JSC::DFG::GenerationInfo::appendSpill):
2329         * dfg/DFGGraph.cpp:
2330         (JSC::DFG::Graph::Graph):
2331         (JSC::DFG::Graph::~Graph):
2332         (DFG):
2333         (JSC::DFG::Graph::dumpCodeOrigin):
2334         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
2335         (JSC::DFG::Graph::printNodeWhiteSpace):
2336         (JSC::DFG::Graph::dump):
2337         (JSC::DFG::Graph::dumpBlockHeader):
2338         (JSC::DFG::Graph::refChildren):
2339         (JSC::DFG::Graph::derefChildren):
2340         (JSC::DFG::Graph::predictArgumentTypes):
2341         (JSC::DFG::Graph::collectGarbage):
2342         (JSC::DFG::Graph::determineReachability):
2343         (JSC::DFG::Graph::resetExitStates):
2344         * dfg/DFGGraph.h:
2345         (Graph):
2346         (JSC::DFG::Graph::ref):
2347         (JSC::DFG::Graph::deref):
2348         (JSC::DFG::Graph::changeChild):
2349         (JSC::DFG::Graph::compareAndSwap):
2350         (JSC::DFG::Graph::clearAndDerefChild):
2351         (JSC::DFG::Graph::clearAndDerefChild1):
2352         (JSC::DFG::Graph::clearAndDerefChild2):
2353         (JSC::DFG::Graph::clearAndDerefChild3):
2354         (JSC::DFG::Graph::convertToConstant):
2355         (JSC::DFG::Graph::getJSConstantSpeculation):
2356         (JSC::DFG::Graph::addSpeculationMode):
2357         (JSC::DFG::Graph::valueAddSpeculationMode):
2358         (JSC::DFG::Graph::arithAddSpeculationMode):
2359         (JSC::DFG::Graph::addShouldSpeculateInteger):
2360         (JSC::DFG::Graph::mulShouldSpeculateInteger):
2361         (JSC::DFG::Graph::negateShouldSpeculateInteger):
2362         (JSC::DFG::Graph::isConstant):
2363         (JSC::DFG::Graph::isJSConstant):
2364         (JSC::DFG::Graph::isInt32Constant):
2365         (JSC::DFG::Graph::isDoubleConstant):
2366         (JSC::DFG::Graph::isNumberConstant):
2367         (JSC::DFG::Graph::isBooleanConstant):
2368         (JSC::DFG::Graph::isCellConstant):
2369         (JSC::DFG::Graph::isFunctionConstant):
2370         (JSC::DFG::Graph::isInternalFunctionConstant):
2371         (JSC::DFG::Graph::valueOfJSConstant):
2372         (JSC::DFG::Graph::valueOfInt32Constant):
2373         (JSC::DFG::Graph::valueOfNumberConstant):
2374         (JSC::DFG::Graph::valueOfBooleanConstant):
2375         (JSC::DFG::Graph::valueOfFunctionConstant):
2376         (JSC::DFG::Graph::valueProfileFor):
2377         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
2378         (JSC::DFG::Graph::numSuccessors):
2379         (JSC::DFG::Graph::successor):
2380         (JSC::DFG::Graph::successorForCondition):
2381         (JSC::DFG::Graph::isPredictedNumerical):
2382         (JSC::DFG::Graph::byValIsPure):
2383         (JSC::DFG::Graph::clobbersWorld):
2384         (JSC::DFG::Graph::varArgNumChildren):
2385         (JSC::DFG::Graph::numChildren):
2386         (JSC::DFG::Graph::varArgChild):
2387         (JSC::DFG::Graph::child):
2388         (JSC::DFG::Graph::voteNode):
2389         (JSC::DFG::Graph::voteChildren):
2390         (JSC::DFG::Graph::substitute):
2391         (JSC::DFG::Graph::substituteGetLocal):
2392         (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
2393         (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
2394         * dfg/DFGInsertionSet.h:
2395         (JSC::DFG::Insertion::Insertion):
2396         (JSC::DFG::Insertion::element):
2397         (Insertion):
2398         (JSC::DFG::InsertionSet::insert):
2399         (InsertionSet):
2400         * dfg/DFGJITCompiler.cpp:
2401         * dfg/DFGJITCompiler.h:
2402         (JSC::DFG::JITCompiler::setForNode):
2403         (JSC::DFG::JITCompiler::addressOfDoubleConstant):
2404         (JSC::DFG::JITCompiler::noticeOSREntry):
2405         * dfg/DFGLongLivedState.cpp: Added.
2406         (DFG):
2407         (JSC::DFG::LongLivedState::LongLivedState):
2408         (JSC::DFG::LongLivedState::~LongLivedState):
2409         (JSC::DFG::LongLivedState::shrinkToFit):
2410         * dfg/DFGLongLivedState.h: Added.
2411         (DFG):
2412         (LongLivedState):
2413         * dfg/DFGMinifiedID.h:
2414         (JSC::DFG::MinifiedID::MinifiedID):
2415         (JSC::DFG::MinifiedID::node):
2416         * dfg/DFGMinifiedNode.cpp:
2417         (JSC::DFG::MinifiedNode::fromNode):
2418         * dfg/DFGMinifiedNode.h:
2419         (MinifiedNode):
2420         * dfg/DFGNode.cpp: Added.
2421         (DFG):
2422         (JSC::DFG::Node::index):
2423         (WTF):
2424         (WTF::printInternal):
2425         * dfg/DFGNode.h:
2426         (DFG):
2427         (JSC::DFG::Node::Node):
2428         (Node):
2429         (JSC::DFG::Node::convertToGetByOffset):
2430         (JSC::DFG::Node::convertToPutByOffset):
2431         (JSC::DFG::Node::ref):
2432         (JSC::DFG::Node::shouldSpeculateInteger):
2433         (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
2434         (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
2435         (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
2436         (JSC::DFG::Node::shouldSpeculateNumber):
2437         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
2438         (JSC::DFG::Node::shouldSpeculateFinalObject):
2439         (JSC::DFG::Node::shouldSpeculateArray):
2440         (JSC::DFG::Node::dumpChildren):
2441         (WTF):
2442         * dfg/DFGNodeAllocator.h: Added.
2443         (DFG):
2444         (operator new ):
2445         * dfg/DFGOSRExit.cpp:
2446         (JSC::DFG::OSRExit::OSRExit):
2447         * dfg/DFGOSRExit.h:
2448         (OSRExit):
2449         (SpeculationFailureDebugInfo):
2450         * dfg/DFGOSRExitCompiler.cpp:
2451         * dfg/DFGOSRExitCompiler32_64.cpp:
2452         (JSC::DFG::OSRExitCompiler::compileExit):
2453         * dfg/DFGOSRExitCompiler64.cpp:
2454         (JSC::DFG::OSRExitCompiler::compileExit):
2455         * dfg/DFGOperations.cpp:
2456         * dfg/DFGPhase.cpp:
2457         (DFG):
2458         (JSC::DFG::Phase::beginPhase):
2459         (JSC::DFG::Phase::endPhase):
2460         * dfg/DFGPhase.h:
2461         (Phase):
2462         (JSC::DFG::runAndLog):
2463         * dfg/DFGPredictionPropagationPhase.cpp:
2464         (JSC::DFG::PredictionPropagationPhase::setPrediction):
2465         (JSC::DFG::PredictionPropagationPhase::mergePrediction):
2466         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
2467         (JSC::DFG::PredictionPropagationPhase::isNotZero):
2468         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
2469         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
2470         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
2471         (JSC::DFG::PredictionPropagationPhase::propagate):
2472         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
2473         (JSC::DFG::PredictionPropagationPhase::propagateForward):
2474         (JSC::DFG::PredictionPropagationPhase::propagateBackward):
2475         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2476         (PredictionPropagationPhase):
2477         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
2478         * dfg/DFGScoreBoard.h:
2479         (JSC::DFG::ScoreBoard::ScoreBoard):
2480         (JSC::DFG::ScoreBoard::use):
2481         (JSC::DFG::ScoreBoard::useIfHasResult):
2482         (ScoreBoard):
2483         * dfg/DFGSilentRegisterSavePlan.h:
2484         (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
2485         (JSC::DFG::SilentRegisterSavePlan::node):
2486         (SilentRegisterSavePlan):
2487         * dfg/DFGSlowPathGenerator.h:
2488         (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
2489         (JSC::DFG::SlowPathGenerator::generate):
2490         (SlowPathGenerator):
2491         * dfg/DFGSpeculativeJIT.cpp:
2492         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
2493         (JSC::DFG::SpeculativeJIT::speculationCheck):
2494         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
2495         (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
2496         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
2497         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
2498         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2499         (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
2500         (JSC::DFG::SpeculativeJIT::silentSpill):
2501         (JSC::DFG::SpeculativeJIT::silentFill):
2502         (JSC::DFG::SpeculativeJIT::checkArray):
2503         (JSC::DFG::SpeculativeJIT::arrayify):
2504         (JSC::DFG::SpeculativeJIT::fillStorage):
2505         (JSC::DFG::SpeculativeJIT::useChildren):
2506         (JSC::DFG::SpeculativeJIT::isStrictInt32):
2507         (JSC::DFG::SpeculativeJIT::isKnownInteger):
2508         (JSC::DFG::SpeculativeJIT::isKnownNumeric):
2509         (JSC::DFG::SpeculativeJIT::isKnownCell):
2510         (JSC::DFG::SpeculativeJIT::isKnownNotCell):
2511         (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
2512         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
2513         (JSC::DFG::SpeculativeJIT::writeBarrier):
2514         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
2515         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
2516         (JSC::DFG::GPRTemporary::GPRTemporary):
2517         (JSC::DFG::FPRTemporary::FPRTemporary):
2518         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
2519         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
2520         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
2521         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
2522         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
2523         (JSC::DFG::SpeculativeJIT::compileMovHint):
2524         (JSC::DFG::SpeculativeJIT::compile):
2525         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2526         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2527         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
2528         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
2529         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2530         (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
2531         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2532         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2533         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
2534         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2535         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2536         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2537         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2538         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
2539         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
2540         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
2541         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
2542         (JSC::DFG::SpeculativeJIT::compileAdd):
2543         (JSC::DFG::SpeculativeJIT::compileArithSub):
2544         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2545         (JSC::DFG::SpeculativeJIT::compileArithMul):
2546         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
2547         (JSC::DFG::SpeculativeJIT::compileArithMod):
2548         (JSC::DFG::SpeculativeJIT::compare):
2549         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
2550         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2551         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
2552         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
2553         (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
2554         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
2555         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
2556         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
2557         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
2558         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2559         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2560         * dfg/DFGSpeculativeJIT.h:
2561         (SpeculativeJIT):
2562         (JSC::DFG::SpeculativeJIT::canReuse):
2563         (JSC::DFG::SpeculativeJIT::isFilled):
2564         (JSC::DFG::SpeculativeJIT::isFilledDouble):
2565         (JSC::DFG::SpeculativeJIT::use):
2566         (JSC::DFG::SpeculativeJIT::isConstant):
2567         (JSC::DFG::SpeculativeJIT::isJSConstant):
2568         (JSC::DFG::SpeculativeJIT::isInt32Constant):
2569         (JSC::DFG::SpeculativeJIT::isDoubleConstant):
2570         (JSC::DFG::SpeculativeJIT::isNumberConstant):
2571         (JSC::DFG::SpeculativeJIT::isBooleanConstant):
2572         (JSC::DFG::SpeculativeJIT::isFunctionConstant):
2573         (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
2574         (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
2575         (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
2576         (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
2577         (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
2578         (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
2579         (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
2580         (JSC::DFG::SpeculativeJIT::isNullConstant):
2581         (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
2582         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2583         (JSC::DFG::SpeculativeJIT::integerResult):
2584         (JSC::DFG::SpeculativeJIT::noResult):
2585         (JSC::DFG::SpeculativeJIT::cellResult):
2586         (JSC::DFG::SpeculativeJIT::booleanResult):
2587         (JSC::DFG::SpeculativeJIT::jsValueResult):
2588         (JSC::DFG::SpeculativeJIT::storageResult):
2589         (JSC::DFG::SpeculativeJIT::doubleResult):
2590         (JSC::DFG::SpeculativeJIT::initConstantInfo):
2591         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
2592         (JSC::DFG::SpeculativeJIT::isInteger):
2593         (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
2594         (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
2595         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
2596         (JSC::DFG::IntegerOperand::IntegerOperand):
2597         (JSC::DFG::IntegerOperand::node):
2598         (JSC::DFG::IntegerOperand::gpr):
2599         (JSC::DFG::IntegerOperand::use):
2600         (IntegerOperand):
2601         (JSC::DFG::DoubleOperand::DoubleOperand):
2602         (JSC::DFG::DoubleOperand::node):
2603         (JSC::DFG::DoubleOperand::fpr):
2604         (JSC::DFG::DoubleOperand::use):
2605         (DoubleOperand):
2606         (JSC::DFG::JSValueOperand::JSValueOperand):
2607         (JSC::DFG::JSValueOperand::node):
2608         (JSC::DFG::JSValueOperand::gpr):
2609         (JSC::DFG::JSValueOperand::fill):
2610         (JSC::DFG::JSValueOperand::use):
2611         (JSValueOperand):
2612         (JSC::DFG::StorageOperand::StorageOperand):
2613         (JSC::DFG::StorageOperand::node):
2614         (JSC::DFG::StorageOperand::gpr):
2615         (JSC::DFG::StorageOperand::use):
2616         (StorageOperand):
2617         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
2618         (JSC::DFG::SpeculateIntegerOperand::node):
2619         (JSC::DFG::SpeculateIntegerOperand::gpr):
2620         (JSC::DFG::SpeculateIntegerOperand::use):
2621         (SpeculateIntegerOperand):
2622         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
2623         (JSC::DFG::SpeculateStrictInt32Operand::node):
2624         (JSC::DFG::SpeculateStrictInt32Operand::gpr):
2625         (JSC::DFG::SpeculateStrictInt32Operand::use):
2626         (SpeculateStrictInt32Operand):
2627         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
2628         (JSC::DFG::SpeculateDoubleOperand::node):
2629         (JSC::DFG::SpeculateDoubleOperand::fpr):
2630         (JSC::DFG::SpeculateDoubleOperand::use):
2631         (SpeculateDoubleOperand):
2632         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
2633         (JSC::DFG::SpeculateCellOperand::node):
2634         (JSC::DFG::SpeculateCellOperand::gpr):
2635         (JSC::DFG::SpeculateCellOperand::use):
2636         (SpeculateCellOperand):
2637         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
2638         (JSC::DFG::SpeculateBooleanOperand::node):
2639         (JSC::DFG::SpeculateBooleanOperand::gpr):
2640         (JSC::DFG::SpeculateBooleanOperand::use):
2641         (SpeculateBooleanOperand):
2642         * dfg/DFGSpeculativeJIT32_64.cpp:
2643         (JSC::DFG::SpeculativeJIT::fillInteger):
2644         (JSC::DFG::SpeculativeJIT::fillDouble):
2645         (JSC::DFG::SpeculativeJIT::fillJSValue):
2646         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2647         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2648         (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
2649         (JSC::DFG::SpeculativeJIT::cachedPutById):
2650         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2651         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2652         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2653         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2654         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2655         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2656         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2657         (JSC::DFG::SpeculativeJIT::emitCall):
2658         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2659         (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
2660         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
2661         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2662         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2663         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2664         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2665         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2666         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2667         (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
2668         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
2669         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2670         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
2671         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2672         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
2673         (JSC::DFG::SpeculativeJIT::emitBranch):
2674         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
2675         (JSC::DFG::SpeculativeJIT::compile):
2676         * dfg/DFGSpeculativeJIT64.cpp:
2677         (JSC::DFG::SpeculativeJIT::fillInteger):
2678         (JSC::DFG::SpeculativeJIT::fillDouble):
2679         (JSC::DFG::SpeculativeJIT::fillJSValue):
2680         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2681         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2682         (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
2683         (JSC::DFG::SpeculativeJIT::cachedPutById):
2684         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2685         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2686         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2687         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2688         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2689         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2690         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2691         (JSC::DFG::SpeculativeJIT::emitCall):
2692         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2693         (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
2694         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
2695         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2696         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2697         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2698         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2699         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2700         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2701         (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
2702         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
2703         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2704         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
2705         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2706         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
2707         (JSC::DFG::SpeculativeJIT::emitBranch):
2708         (JSC::DFG::SpeculativeJIT::compile):
2709         * dfg/DFGStructureAbstractValue.h:
2710         (StructureAbstractValue):
2711         * dfg/DFGStructureCheckHoistingPhase.cpp:
2712         (JSC::DFG::StructureCheckHoistingPhase::run):
2713         * dfg/DFGValidate.cpp:
2714         (DFG):
2715         (Validate):
2716         (JSC::DFG::Validate::validate):
2717         (JSC::DFG::Validate::reportValidationContext):
2718         * dfg/DFGValidate.h:
2719         * dfg/DFGValueSource.cpp:
2720         (JSC::DFG::ValueSource::dump):
2721         * dfg/DFGValueSource.h:
2722         (JSC::DFG::ValueSource::ValueSource):
2723         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2724         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2725         * runtime/FunctionExecutableDump.cpp: Added.
2726         (JSC):
2727         (JSC::FunctionExecutableDump::dump):
2728         * runtime/FunctionExecutableDump.h: Added.
2729         (JSC):
2730         (FunctionExecutableDump):
2731         (JSC::FunctionExecutableDump::FunctionExecutableDump):
2732         * runtime/JSGlobalData.cpp:
2733         (JSC::JSGlobalData::JSGlobalData):
2734         * runtime/JSGlobalData.h:
2735         (JSC):
2736         (DFG):
2737         (JSGlobalData):
2738         * runtime/Options.h:
2739         (JSC):
2740
2741 2013-01-28  Laszlo Gombos  <l.gombos@samsung.com>
2742
2743         Collapse testing for a list of PLATFORM() into OS() and USE() tests
2744         https://bugs.webkit.org/show_bug.cgi?id=108018
2745
2746         Reviewed by Eric Seidel.
2747
2748         No functional change as "OS(DARWIN) && USE(CF)" equals to the
2749         following platforms: MAC, WX, QT and CHROMIUM. CHROMIUM
2750         is not using JavaScriptCore. 
2751
2752         * runtime/DatePrototype.cpp:
2753         (JSC):
2754
2755 2013-01-28  Geoffrey Garen  <ggaren@apple.com>
2756
2757         Static size inference for JavaScript objects
2758         https://bugs.webkit.org/show_bug.cgi?id=108093
2759
2760         Reviewed by Phil Pizlo.
2761
2762         * API/JSObjectRef.cpp:
2763         * JavaScriptCore.order:
2764         * JavaScriptCore.xcodeproj/project.pbxproj: Pay the tax man.
2765
2766         * bytecode/CodeBlock.cpp:
2767         (JSC::CodeBlock::dumpBytecode): op_new_object and op_create_this now
2768         have an extra inferredInlineCapacity argument. This is the statically
2769         inferred inline capacity, just from analyzing source text. op_new_object
2770         also gets a pointer to an allocation profile. (For op_create_this, the
2771         profile is in the construtor function.)
2772
2773         (JSC::CodeBlock::CodeBlock): Link op_new_object.
2774
2775         (JSC::CodeBlock::stronglyVisitStrongReferences): Mark our profiles.
2776
2777         * bytecode/CodeBlock.h:
2778         (CodeBlock): Removed some dead code. Added object allocation profiles.
2779
2780         * bytecode/Instruction.h:
2781         (JSC): New union type, since an instruction operand may point to an
2782         object allocation profile now.
2783
2784         * bytecode/ObjectAllocationProfile.h: Added.
2785         (JSC):
2786         (ObjectAllocationProfile):
2787         (JSC::ObjectAllocationProfile::offsetOfAllocator):
2788         (JSC::ObjectAllocationProfile::offsetOfStructure):
2789         (JSC::ObjectAllocationProfile::ObjectAllocationProfile):
2790         (JSC::ObjectAllocationProfile::isNull):
2791         (JSC::ObjectAllocationProfile::initialize):
2792         (JSC::ObjectAllocationProfile::structure):
2793         (JSC::ObjectAllocationProfile::inlineCapacity):
2794         (JSC::ObjectAllocationProfile::clear):
2795         (JSC::ObjectAllocationProfile::visitAggregate):
2796         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount): New class
2797         for tracking a prediction about object allocation: structure, inline
2798         capacity, allocator to use.
2799
2800         * bytecode/Opcode.h:
2801         (JSC):
2802         (JSC::padOpcodeName): Updated instruction sizes.
2803
2804         * bytecode/UnlinkedCodeBlock.cpp:
2805         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2806         * bytecode/UnlinkedCodeBlock.h:
2807         (JSC):
2808         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile):
2809         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles):
2810         (UnlinkedCodeBlock): Unlinked support for allocation profiles.
2811
2812         * bytecompiler/BytecodeGenerator.cpp:
2813         (JSC::BytecodeGenerator::generate): Kill all remaining analyses at the
2814         end of codegen, since this is our last opportunity.
2815
2816         (JSC::BytecodeGenerator::BytecodeGenerator): Added a static property
2817         analyzer to bytecode generation. It tracks initializing assignments and
2818         makes a guess about how many will happen.
2819
2820         (JSC::BytecodeGenerator::newObjectAllocationProfile):
2821         (JSC):
2822         (JSC::BytecodeGenerator::emitProfiledOpcode):
2823         (JSC::BytecodeGenerator::emitMove):
2824         (JSC::BytecodeGenerator::emitResolve):
2825         (JSC::BytecodeGenerator::emitResolveBase):
2826         (JSC::BytecodeGenerator::emitResolveBaseForPut):
2827         (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
2828         (JSC::BytecodeGenerator::emitResolveWithThis):
2829         (JSC::BytecodeGenerator::emitGetById):
2830         (JSC::BytecodeGenerator::emitPutById):
2831         (JSC::BytecodeGenerator::emitDirectPutById):
2832         (JSC::BytecodeGenerator::emitPutGetterSetter):
2833         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2834         (JSC::BytecodeGenerator::emitGetByVal): Added hooks to the static property
2835         analyzer, so it can observe allocations and stores.
2836
2837         (JSC::BytecodeGenerator::emitCreateThis): Factored this into a helper
2838         function because it was a significant amount of logic, and I wanted to
2839         add to it.
2840
2841         (JSC::BytecodeGenerator::emitNewObject):
2842         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2843         (JSC::BytecodeGenerator::emitCall):
2844         (JSC::BytecodeGenerator::emitCallVarargs):
2845         (JSC::BytecodeGenerator::emitConstruct): Added a hook to profiled opcodes
2846         to track their stores, in case a store kills a profiled allocation. Since
2847         profiled opcodes are basically the only interesting stores we do, this
2848         is a convenient place to notice any store that might kill an allocation.
2849
2850         * bytecompiler/BytecodeGenerator.h:
2851         (BytecodeGenerator): As above.
2852
2853         * bytecompiler/StaticPropertyAnalysis.h: Added.
2854         (JSC):
2855         (StaticPropertyAnalysis):
2856         (JSC::StaticPropertyAnalysis::create):
2857         (JSC::StaticPropertyAnalysis::addPropertyIndex):
2858         (JSC::StaticPropertyAnalysis::record):
2859         (JSC::StaticPropertyAnalysis::propertyIndexCount):
2860         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): Simple helper
2861         class for tracking allocations and stores.
2862
2863         * bytecompiler/StaticPropertyAnalyzer.h: Added.
2864         (StaticPropertyAnalyzer):
2865         (JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):
2866         (JSC::StaticPropertyAnalyzer::createThis):
2867         (JSC::StaticPropertyAnalyzer::newObject):
2868         (JSC::StaticPropertyAnalyzer::putById):
2869         (JSC::StaticPropertyAnalyzer::mov):
2870         (JSC::StaticPropertyAnalyzer::kill): Helper class for observing allocations
2871         and stores and making an inline capacity guess. The heuristics here are
2872         intentionally minimal because we don't want this one class to try to
2873         re-create something like a DFG or a runtime analysis. If we discover that
2874         we need those kinds of analyses, we should just replace this class with
2875         something else.
2876
2877         This class tracks multiple registers that alias the same object -- that
2878         happens a lot, when moving locals into temporary registers -- but it
2879         doesn't track control flow or multiple objects that alias the same register.
2880
2881         * dfg/DFGAbstractState.cpp:
2882         (JSC::DFG::AbstractState::execute): Updated for rename.
2883
2884         * dfg/DFGByteCodeParser.cpp:
2885         (JSC::DFG::ByteCodeParser::parseBlock): Updated for inline capacity and
2886         allocation profile.
2887
2888         * dfg/DFGNode.h:
2889         (JSC::DFG::Node::hasInlineCapacity):
2890         (Node):
2891         (JSC::DFG::Node::inlineCapacity):
2892         (JSC::DFG::Node::hasFunction): Give the graph a good way to represent
2893         inline capacity for an allocation.
2894
2895         * dfg/DFGNodeType.h:
2896         (DFG): Updated for rename.
2897
2898         * dfg/DFGOperations.cpp: Updated for interface change.
2899
2900         * dfg/DFGOperations.h: We pass the inline capacity to the slow case as
2901         an argument. This is the simplest way, since it's stored as a bytecode operand.
2902
2903         * dfg/DFGPredictionPropagationPhase.cpp:
2904         (JSC::DFG::PredictionPropagationPhase::propagate): Updated for rename.
2905
2906         * dfg/DFGRepatch.cpp:
2907         (JSC::DFG::tryCacheGetByID): Fixed a horrible off-by-one-half bug that only
2908         appears when doing an inline cached load for property number 64 on a 32-bit
2909         system. In JSVALUE32_64 land, "offsetRelativeToPatchedStorage" is the
2910         offset of the 64bit JSValue -- but we'll actually issue two loads, one for
2911         the payload at that offset, and one for the tag at that offset + 4. We need
2912         to ensure that both loads have a compact representation, or we'll corrupt
2913         the instruction stream.
2914
2915         * dfg/DFGSpeculativeJIT.cpp:
2916         (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
2917         * dfg/DFGSpeculativeJIT.h:
2918         (JSC::DFG::SpeculativeJIT::callOperation):
2919         (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
2920         (SpeculativeJIT):
2921         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
2922         * dfg/DFGSpeculativeJIT32_64.cpp:
2923         (JSC::DFG::SpeculativeJIT::compile):
2924         * dfg/DFGSpeculativeJIT64.cpp:
2925         (JSC::DFG::SpeculativeJIT::compile): Lots of refactoring to support
2926         passing an allocator to our allocation function, and/or passing a Structure
2927         as a register instead of an immediate.
2928
2929         * heap/MarkedAllocator.h:
2930         (DFG):
2931         (MarkedAllocator):
2932         (JSC::MarkedAllocator::offsetOfFreeListHead): Added an accessor to simplify
2933         JIT code generation of allocation from an arbitrary allocator.
2934
2935         * jit/JIT.h:
2936         (JSC):
2937         * jit/JITInlines.h:
2938         (JSC):
2939         (JSC::JIT::emitAllocateJSObject):
2940         * jit/JITOpcodes.cpp:
2941         (JSC::JIT::emit_op_new_object):
2942         (JSC::JIT::emitSlow_op_new_object):
2943         (JSC::JIT::emit_op_create_this):
2944         (JSC::JIT::emitSlow_op_create_this):
2945         * jit/JITOpcodes32_64.cpp:
2946         (JSC::JIT::emit_op_new_object):
2947         (JSC::JIT::emitSlow_op_new_object):
2948         (JSC::JIT::emit_op_create_this):
2949         (JSC::JIT::emitSlow_op_create_this): Same refactoring as done for the DFG.
2950
2951         * jit/JITStubs.cpp:
2952         (JSC::tryCacheGetByID): Fixed the same bug mentioned above.
2953
2954         (JSC::DEFINE_STUB_FUNCTION): Updated for interface changes.
2955
2956         * llint/LLIntData.cpp:
2957         (JSC::LLInt::Data::performAssertions): Updated for interface changes.
2958
2959         * llint/LLIntSlowPaths.cpp:
2960         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2961         * llint/LowLevelInterpreter.asm:
2962         * llint/LowLevelInterpreter32_64.asm:
2963         * llint/LowLevelInterpreter64.asm: Same refactoring as for the JITs.
2964
2965         * profiler/ProfilerBytecode.cpp:
2966         * profiler/ProfilerBytecodes.cpp:
2967         * profiler/ProfilerCompilation.cpp:
2968         * profiler/ProfilerCompiledBytecode.cpp:
2969         * profiler/ProfilerDatabase.cpp:
2970         * profiler/ProfilerOSRExit.cpp:
2971         * profiler/ProfilerOrigin.cpp:
2972         * profiler/ProfilerProfiledBytecodes.cpp: Include ObjectConstructor.h
2973         because that's where createEmptyObject() lives now.
2974
2975         * runtime/Executable.h:
2976         (JSC::JSFunction::JSFunction): Updated for rename.
2977
2978         * runtime/JSCellInlines.h:
2979         (JSC::allocateCell): Updated to match the allocator selection code in
2980         the JIT, so it's clearer that both are correct.
2981
2982         * runtime/JSFunction.cpp:
2983         (JSC::JSFunction::JSFunction):
2984         (JSC::JSFunction::createAllocationProfile):
2985         (JSC::JSFunction::visitChildren):
2986         (JSC::JSFunction::getOwnPropertySlot):
2987         (JSC::JSFunction::put):
2988         (JSC::JSFunction::defineOwnProperty):
2989         (JSC::JSFunction::getConstructData):
2990         * runtime/JSFunction.h:
2991         (JSC::JSFunction::offsetOfScopeChain):
2992         (JSC::JSFunction::offsetOfExecutable):
2993         (JSC::JSFunction::offsetOfAllocationProfile):
2994         (JSC::JSFunction::allocationProfile):
2995         (JSFunction):
2996         (JSC::JSFunction::tryGetAllocationProfile):
2997         (JSC::JSFunction::addAllocationProfileWatchpoint): Changed inheritorID
2998         data member to be an ObjectAllocationProfile, which includes a pointer
2999         to the desired allocator. This simplifies JIT code, since we don't have
3000         to compute the allocator on the fly. I verified by code inspection that
3001         JSFunction is still only 64 bytes.
3002
3003         * runtime/JSGlobalObject.cpp:
3004         (JSC::JSGlobalObject::reset):
3005         (JSC::JSGlobalObject::visitChildren):
3006         * runtime/JSGlobalObject.h:
3007         (JSGlobalObject):
3008         (JSC::JSGlobalObject::dateStructure): No direct pointer to the empty
3009         object structure anymore, because now clients need to specify how much
3010         inline capacity they want.
3011
3012         * runtime/JSONObject.cpp:
3013         * runtime/JSObject.h:
3014         (JSC):
3015         (JSFinalObject):
3016         (JSC::JSFinalObject::defaultInlineCapacity):
3017         (JSC::JSFinalObject::maxInlineCapacity):
3018         (JSC::JSFinalObject::createStructure): A little refactoring to try to 
3019         clarify where some of these constants derive from.
3020
3021         (JSC::maxOffsetRelativeToPatchedStorage): Used for bug fix, above.
3022
3023         * runtime/JSProxy.cpp:
3024         (JSC::JSProxy::setTarget): Ugly, but effective.
3025
3026         * runtime/LiteralParser.cpp:
3027         * runtime/ObjectConstructor.cpp:
3028         (JSC::constructObject):
3029         (JSC::constructWithObjectConstructor):
3030         (JSC::callObjectConstructor):
3031         (JSC::objectConstructorCreate): Updated for interface changes.
3032
3033         * runtime/ObjectConstructor.h:
3034         (JSC::constructEmptyObject): Clarified your options for how to allocate
3035         an empty object, to emphasize what things can actually vary.
3036
3037         * runtime/PropertyOffset.h: These constants have moved because they're
3038         really higher level concepts to do with the layout of objects and the
3039         collector. PropertyOffset is just an abstract number line, independent
3040         of those things.
3041
3042         * runtime/PrototypeMap.cpp:
3043         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
3044         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
3045         * runtime/PrototypeMap.h:
3046         (PrototypeMap): The map key is now a pair of prototype and inline capacity,
3047         since Structure encodes inline capacity.
3048
3049         * runtime/Structure.cpp:
3050         (JSC::Structure::Structure):
3051         (JSC::Structure::materializePropertyMap):
3052         (JSC::Structure::addPropertyTransition):
3053         (JSC::Structure::nonPropertyTransition):
3054         (JSC::Structure::copyPropertyTableForPinning):
3055         * runtime/Structure.h:
3056         (Structure):
3057         (JSC::Structure::totalStorageSize):
3058         (JSC::Structure::transitionCount):
3059         (JSC::Structure::create): Fixed a nasty refactoring bug that only shows
3060         up after enabling variable-sized inline capacities: we were passing our
3061         type info where our inline capacity was expected. The compiler didn't
3062         notice because both have type int :(.
3063
3064 2013-01-28  Oliver Hunt  <oliver@apple.com>
3065
3066         Add more assertions to the property storage use in arrays
3067         https://bugs.webkit.org/show_bug.cgi?id=107728
3068
3069         Reviewed by Filip Pizlo.
3070
3071         Add a bunch of assertions to array and object butterfly
3072         usage.  This should make debugging somewhat easier.
3073
3074         I also converted a couple of assertions to release asserts
3075         as they were so low cost it seemed a sensible thing to do.
3076
3077         * runtime/JSArray.cpp:
3078         (JSC::JSArray::sortVector):
3079         (JSC::JSArray::compactForSorting):
3080         * runtime/JSObject.h:
3081         (JSC::JSObject::getHolyIndexQuickly):
3082
3083 2013-01-28  Adam Barth  <abarth@webkit.org>
3084
3085         Remove webkitNotifications.createHTMLNotification
3086         https://bugs.webkit.org/show_bug.cgi?id=107598
3087
3088         Reviewed by Benjamin Poulain.
3089
3090         * Configurations/FeatureDefines.xcconfig:
3091
3092 2013-01-28  Michael Saboff  <msaboff@apple.com>
3093
3094         Cleanup ARM version of debugName() in DFGFPRInfo.h
3095         https://bugs.webkit.org/show_bug.cgi?id=108090
3096
3097         Reviewed by David Kilzer.
3098
3099         Fixed debugName() so it will compile by adding static_cast<int> and missing commas.
3100
3101         * dfg/DFGFPRInfo.h:
3102         (JSC::DFG::FPRInfo::debugName):
3103
3104 2013-01-27  Andreas Kling  <akling@apple.com>
3105
3106         JSC: FunctionParameters are memory hungry.
3107         <http://webkit.org/b/108033>
3108         <rdar://problem/13094803>
3109
3110         Reviewed by Sam Weinig.
3111
3112         Instead of inheriting from Vector<Identifier>, make FunctionParameters a simple fixed-size array
3113         with a custom-allocating create() function. Removes one step of indirection and cuts memory usage
3114         roughly in half.
3115
3116         2.73 MB progression on Membuster3.
3117
3118         * bytecode/UnlinkedCodeBlock.cpp:
3119         (JSC::UnlinkedFunctionExecutable::paramString):
3120         * bytecompiler/BytecodeGenerator.cpp:
3121         (JSC::BytecodeGenerator::BytecodeGenerator):
3122         * parser/Nodes.cpp:
3123         (JSC::FunctionParameters::create):
3124         (JSC::FunctionParameters::FunctionParameters):
3125         (JSC::FunctionParameters::~FunctionParameters):
3126         * parser/Nodes.h:
3127         (FunctionParameters):
3128         (JSC::FunctionParameters::size):
3129         (JSC::FunctionParameters::at):
3130         (JSC::FunctionParameters::identifiers):
3131
3132 2013-01-27  Andreas Kling  <akling@apple.com>
3133
3134         JSC: SourceProviderCache is memory hungry.
3135         <http://webkit.org/b/108029>
3136         <rdar://problem/13094806>
3137
3138         Reviewed by Sam Weinig.
3139
3140         Use fixed-size arrays for SourceProviderCacheItem's lists of captured variables.
3141         Since the lists never change after the object is created, there's no need to keep them in Vectors
3142         and we can instead create the whole cache item in a single allocation.
3143
3144         13.37 MB progression on Membuster3.
3145
3146         * parser/Parser.cpp:
3147         (JSC::::parseFunctionInfo):
3148         * parser/Parser.h:
3149         (JSC::Scope::copyCapturedVariablesToVector):
3150         (JSC::Scope::fillParametersForSourceProviderCache):
3151         (JSC::Scope::restoreFromSourceProviderCache):
3152         * parser/SourceProviderCacheItem.h:
3153         (SourceProviderCacheItemCreationParameters):
3154         (SourceProviderCacheItem):
3155         (JSC::SourceProviderCacheItem::approximateByteSize):
3156         (JSC::SourceProviderCacheItem::usedVariables):
3157         (JSC::SourceProviderCacheItem::writtenVariables):
3158         (JSC::SourceProviderCacheItem::~SourceProviderCacheItem):
3159         (JSC::SourceProviderCacheItem::create):
3160         (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
3161
3162 2013-01-27  Zoltan Arvai  <zarvai@inf.u-szeged.hu>
3163
3164         Fixing atomicIncrement implementation for Windows by dropping support before XP SP2.
3165         https://bugs.webkit.org/show_bug.cgi?id=106740
3166
3167         Reviewed by Benjamin Poulain.
3168
3169         * config.h:
3170
3171 2013-01-25  Filip Pizlo  <fpizlo@apple.com>
3172
3173         DFG variable event stream shouldn't use NodeIndex
3174         https://bugs.webkit.org/show_bug.cgi?id=107996
3175
3176         Reviewed by Oliver Hunt.
3177         
3178         Introduce the notion of a DFG::MinifiedID, which is just a unique ID of a DFG Node.
3179         Internally it currently uses a NodeIndex, but we could change this without having
3180         to recode all of the users of MinifiedID. This effectively decouples the OSR exit
3181         compiler's way of identifying nodes from the speculative JIT's way of identifying
3182         nodes, and should make it easier to make changes to the speculative JIT's internals
3183         in the future.
3184         
3185         Also changed variable event stream logging to exclude information about births and
3186         deaths of constants, since the OSR exit compiler never cares about which register
3187         holds a constant; if a value is constant then the OSR exit compiler can reify it.
3188         
3189         Also changed the variable event stream's value recovery computation to use a
3190         HashMap keyed by MinifiedID rather than a Vector indexed by NodeIndex.
3191         
3192         This appears to be performance-neutral. It's primarily meant as a small step
3193         towards https://bugs.webkit.org/show_bug.cgi?id=106868.
3194
3195         * GNUmakefile.list.am:
3196         * JavaScriptCore.xcodeproj/project.pbxproj:
3197         * dfg/DFGGenerationInfo.h:
3198         (JSC::DFG::GenerationInfo::GenerationInfo):
3199         (JSC::DFG::GenerationInfo::initConstant):
3200         (JSC::DFG::GenerationInfo::initInteger):
3201         (JSC::DFG::GenerationInfo::initJSValue):
3202         (JSC::DFG::GenerationInfo::initCell):
3203         (JSC::DFG::GenerationInfo::initBoolean):
3204         (JSC::DFG::GenerationInfo::initDouble):
3205         (JSC::DFG::GenerationInfo::initStorage):
3206         (JSC::DFG::GenerationInfo::noticeOSRBirth):
3207         (JSC::DFG::GenerationInfo::use):
3208         (JSC::DFG::GenerationInfo::appendFill):
3209         (JSC::DFG::GenerationInfo::appendSpill):
3210         (GenerationInfo):
3211         * dfg/DFGJITCompiler.cpp:
3212         (JSC::DFG::JITCompiler::link):
3213         * dfg/DFGMinifiedGraph.h:
3214         (JSC::DFG::MinifiedGraph::at):
3215         (MinifiedGraph):
3216         * dfg/DFGMinifiedID.h: Added.
3217         (DFG):
3218         (MinifiedID):
3219         (JSC::DFG::MinifiedID::MinifiedID):
3220         (JSC::DFG::MinifiedID::operator!):
3221         (JSC::DFG::MinifiedID::nodeIndex):
3222         (JSC::DFG::MinifiedID::operator==):
3223         (JSC::DFG::MinifiedID::operator!=):
3224         (JSC::DFG::MinifiedID::operator<):
3225         (JSC::DFG::MinifiedID::operator>):
3226         (JSC::DFG::MinifiedID::operator<=):
3227         (JSC::DFG::MinifiedID::operator>=):
3228         (JSC::DFG::MinifiedID::hash):
3229         (JSC::DFG::MinifiedID::dump):
3230         (JSC::DFG::MinifiedID::isHashTableDeletedValue):
3231         (JSC::DFG::MinifiedID::invalidID):
3232         (JSC::DFG::MinifiedID::otherInvalidID):
3233         (JSC::DFG::MinifiedID::fromBits):
3234         (JSC::DFG::MinifiedIDHash::hash):
3235         (JSC::DFG::MinifiedIDHash::equal):
3236         (MinifiedIDHash):
3237         (WTF):
3238         * dfg/DFGMinifiedNode.cpp:
3239         (JSC::DFG::MinifiedNode::fromNode):
3240         * dfg/DFGMinifiedNode.h:
3241         (JSC::DFG::MinifiedNode::id):
3242         (JSC::DFG::MinifiedNode::child1):
3243         (JSC::DFG::MinifiedNode::getID):
3244         (JSC::DFG::MinifiedNode::compareByNodeIndex):
3245         (MinifiedNode):
3246         * dfg/DFGSpeculativeJIT.cpp:
3247         (JSC::DFG::SpeculativeJIT::compileMovHint):
3248         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
3249         * dfg/DFGSpeculativeJIT.h:
3250         (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
3251         * dfg/DFGValueSource.cpp:
3252         (JSC::DFG::ValueSource::dump):
3253         * dfg/DFGValueSource.h:
3254         (JSC::DFG::ValueSource::ValueSource):
3255         (JSC::DFG::ValueSource::isSet):
3256         (JSC::DFG::ValueSource::kind):
3257         (JSC::DFG::ValueSource::id):
3258         (ValueSource):
3259         (JSC::DFG::ValueSource::idFromKind):
3260         (JSC::DFG::ValueSource::kindFromID):
3261         * dfg/DFGVariableEvent.cpp:
3262         (JSC::DFG::VariableEvent::dump):
3263         (JSC::DFG::VariableEvent::dumpFillInfo):
3264         (JSC::DFG::VariableEvent::dumpSpillInfo):
3265         * dfg/DFGVariableEvent.h:
3266         (JSC::DFG::VariableEvent::fillGPR):
3267         (JSC::DFG::VariableEvent::fillPair):
3268         (JSC::DFG::VariableEvent::fillFPR):
3269         (JSC::DFG::VariableEvent::spill):
3270         (JSC::DFG::VariableEvent::death):
3271         (JSC::DFG::VariableEvent::movHint):
3272         (JSC::DFG::VariableEvent::id):
3273         (VariableEvent):
3274         * dfg/DFGVariableEventStream.cpp:
3275         (DFG):
3276         (JSC::DFG::VariableEventStream::tryToSetConstantRecovery):
3277         (JSC::DFG::VariableEventStream::reconstruct):
3278         * dfg/DFGVariableEventStream.h:
3279         (VariableEventStream):
3280
3281 2013-01-25  Roger Fong  <roger_fong@apple.com>
3282
3283         Unreviewed. Rename LLInt projects folder and make appropriate changes to solutions.
3284
3285         * JavaScriptCore.vcxproj/JavaScriptCore.sln:
3286         * JavaScriptCore.vcxproj/LLInt: Copied from JavaScriptCore.vcxproj/LLInt.vcproj.
3287         * JavaScriptCore.vcxproj/LLInt.vcproj: Removed.
3288         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly: Removed.
3289         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
3290         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj: Removed.
3291         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj.user: Removed.
3292         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
3293         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets: Removed.
3294         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
3295         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: Removed.
3296         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj.user: Removed.
3297         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
3298         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor: Removed.
3299         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: Removed.
3300         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj.user: Removed.
3301         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: Removed.
3302         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: Removed.
3303         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: Removed.
3304
3305 2013-01-24  Roger Fong  <roger_fong@apple.com>
3306
3307         VS2010 JavascriptCore: Clean up property sheets, add a JSC solution, add testRegExp and testAPI projects.
3308         https://bugs.webkit.org/show_bug.cgi?id=106987
3309
3310         Reviewed by Brent Fulgham.
3311
3312         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
3313         * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
3314         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3315         * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
3316         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
3317         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
3318         * JavaScriptCore.vcxproj/jsc/jscDebug.props:
3319         * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
3320         * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
3321         * JavaScriptCore.vcxproj/testRegExp: Added.
3322         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Added.
3323         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: Added.
3324         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.user: Added.
3325         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Added.
3326         * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: Added.
3327         * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: Added.
3328         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd: Added.
3329         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: Added.
3330         * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: Added.
3331         * JavaScriptCore.vcxproj/testapi: Added.
3332         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Added.
3333         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters: Added.
3334         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.user: Added.
3335         * JavaScriptCore.vcxproj/testapi/testapiCommon.props: Added.
3336         * JavaScriptCore.vcxproj/testapi/testapiDebug.props: Added.
3337         * JavaScriptCore.vcxproj/testapi/testapiPostBuild.cmd: Added.
3338         * JavaScriptCore.vcxproj/testapi/testapiPreBuild.cmd: Added.
3339         * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: Added.
3340         * JavaScriptCore.vcxproj/testapi/testapiRelease.props: Added.
3341
3342 2013-01-24  Roger Fong  <roger_fong@apple.com>
3343
3344         Unreviewed. Windows build fix.
3345
3346         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
3347
3348 2013-01-24  Filip Pizlo  <fpizlo@apple.com>
3349
3350         DFG::JITCompiler::getSpeculation() methods are badly named and superfluous
3351         https://bugs.webkit.org/show_bug.cgi?id=107860
3352
3353         Reviewed by Mark Hahnenberg.
3354
3355         * dfg/DFGJITCompiler.h:
3356         (JITCompiler):
3357         * dfg/DFGSpeculativeJIT64.cpp:
3358         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
3359         (JSC::DFG::SpeculativeJIT::emitBranch):
3360
3361 2013-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
3362
3363         Objective-C API: Rename JSValue.h/APIJSValue.h to JSCJSValue.h/JSValue.h
3364         https://bugs.webkit.org/show_bug.cgi?id=107327
3365
3366         Reviewed by Filip Pizlo.
3367
3368         We're renaming these two files, so we have to replace the names everywhere.
3369
3370         * API/APICast.h:
3371         * API/APIJSValue.h: Removed.
3372         * API/JSBlockAdaptor.mm:
3373         * API/JSStringRefCF.cpp:
3374         * API/JSValue.h: Copied from Source/JavaScriptCore/API/APIJSValue.h.
3375         * API/JSValue.mm:
3376         * API/JSValueInternal.h:
3377         * API/JSValueRef.cpp:
3378         * API/JSWeakObjectMapRefPrivate.cpp:
3379         * API/JavaScriptCore.h:
3380         * CMakeLists.txt:
3381         * GNUmakefile.list.am:
3382         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3383         * JavaScriptCore.xcodeproj/project.pbxproj:
3384         * Target.pri:
3385         * bytecode/CallLinkStatus.h:
3386         * bytecode/CodeBlock.cpp:
3387         * bytecode/MethodOfGettingAValueProfile.h:
3388         * bytecode/ResolveGlobalStatus.cpp:
3389         * bytecode/ResolveGlobalStatus.h:
3390         * bytecode/SpeculatedType.h:
3391         * bytecode/ValueRecovery.h:
3392         * dfg/DFGByteCodeParser.cpp:
3393         * dfg/DFGJITCompiler.cpp:
3394         * dfg/DFGNode.h:
3395         * dfg/DFGSpeculativeJIT.cpp:
3396         * dfg/DFGSpeculativeJIT64.cpp:
3397         * heap/CopiedBlock.h:
3398         * heap/HandleStack.cpp:
3399         * heap/HandleTypes.h:
3400         * heap/WeakImpl.h:
3401         * interpreter/Interpreter.h:
3402         * interpreter/Register.h:
3403         * interpreter/VMInspector.h:
3404         * jit/HostCallReturnValue.cpp:
3405         * jit/HostCallReturnValue.h:
3406         * jit/JITCode.h:
3407         * jit/JITExceptions.cpp:
3408         * jit/JITExceptions.h:
3409         * jit/JSInterfaceJIT.h:
3410         * llint/LLIntCLoop.h:
3411         * llint/LLIntData.h:
3412         * llint/LLIntSlowPaths.cpp:
3413         * profiler/ProfilerBytecode.h:
3414         * profiler/ProfilerBytecodeSequence.h:
3415         * profiler/ProfilerBytecodes.h:
3416         * profiler/ProfilerCompilation.h:
3417         * profiler/ProfilerCompiledBytecode.h:
3418         * profiler/ProfilerDatabase.h:
3419         * profiler/ProfilerOSRExit.h:
3420         * profiler/ProfilerOSRExitSite.h:
3421         * profiler/ProfilerOrigin.h:
3422         * profiler/ProfilerOriginStack.h:
3423         * runtime/ArgList.cpp:
3424         * runtime/CachedTranscendentalFunction.h:
3425         * runtime/CallData.h:
3426         * runtime/Completion.h:
3427         * runtime/ConstructData.h:
3428         * runtime/DateConstructor.cpp:
3429         * runtime/DateInstance.cpp:
3430         * runtime/DatePrototype.cpp:
3431         * runtime/JSAPIValueWrapper.h:
3432         * runtime/JSCJSValue.cpp: Copied from Source/JavaScriptCore/runtime/JSValue.cpp.
3433         * runtime/JSCJSValue.h: Copied from Source/JavaScriptCore/runtime/JSValue.h.
3434         (JSValue):
3435         * runtime/JSCJSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlines.h.
3436         * runtime/JSGlobalData.h:
3437         * runtime/JSGlobalObject.cpp:
3438         * runtime/JSGlobalObjectFunctions.h:
3439         * runtime/JSStringJoiner.h:
3440         * runtime/JSValue.cpp: Removed.
3441         * runtime/JSValue.h: Removed.
3442         * runtime/JSValueInlines.h: Removed.
3443         * runtime/LiteralParser.h:
3444         * runtime/Operations.h:
3445         * runtime/PropertyDescriptor.h:
3446         * runtime/PropertySlot.h:
3447         * runtime/Protect.h:
3448         * runtime/RegExpPrototype.cpp:
3449         * runtime/Structure.h:
3450
3451 2013-01-23  Oliver Hunt  <oliver@apple.com>
3452
3453         Harden JSC a bit with RELEASE_ASSERT
3454         https://bugs.webkit.org/show_bug.cgi?id=107766
3455
3456         Reviewed by Mark Hahnenberg.
3457
3458         Went through and replaced a pile of ASSERTs that were covering
3459         significantly important details (bounds checks, etc) where
3460         having the checks did not impact release performance in any