1 2012-05-30 Oliver Hunt <oliver@apple.com>
3 Really provide error information with the inspector disabled
4 https://bugs.webkit.org/show_bug.cgi?id=87910
6 Reviewed by Filip Pizlo.
8 Don't bother checking for anything other than pre-existing error info.
9 In the absence of complete line number information you'll only get the
10 line a function starts on, but at least it's something.
12 * interpreter/Interpreter.cpp:
13 (JSC::Interpreter::throwException):
15 2012-05-30 Filip Pizlo <fpizlo@apple.com>
17 LLInt broken on x86-32 with JIT turned off
18 https://bugs.webkit.org/show_bug.cgi?id=87906
20 Reviewed by Geoffrey Garen.
22 Fixed the code to not clobber registers that contain important things, like the call frame.
24 * llint/LowLevelInterpreter32_64.asm:
26 2012-05-30 Filip Pizlo <fpizlo@apple.com>
28 ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
29 https://bugs.webkit.org/show_bug.cgi?id=87887
31 Reviewed by Darin Adler.
33 Better fix - we now never call SourceProvider::asID() if SourceProvider* is 0.
36 (JSC::ScopeNode::sourceID):
37 * parser/SourceCode.h:
38 (JSC::SourceCode::providerID):
40 * parser/SourceProvider.h:
42 (JSC::SourceProvider::asID):
43 * runtime/Executable.h:
44 (JSC::ScriptExecutable::sourceID):
46 2012-05-30 Filip Pizlo <fpizlo@apple.com>
48 ScriptDebugServer wants sourceIDs that are non-zero because that's what HashMaps want, so JSC should placate it
49 https://bugs.webkit.org/show_bug.cgi?id=87887
51 Reviewed by Geoffrey Garen.
53 * parser/SourceProvider.h:
54 (JSC::SourceProvider::asID):
56 2012-05-30 Oliver Hunt <oliver@apple.com>
58 DFG does not correctly handle exceptions caught in the LLInt
59 https://bugs.webkit.org/show_bug.cgi?id=87885
61 Reviewed by Filip Pizlo.
63 Make the DFG use genericThrow, rather than reimplementing a small portion of it.
64 Also make the LLInt slow paths validate that their PC is correct.
66 * dfg/DFGOperations.cpp:
67 * llint/LLIntSlowPaths.cpp:
70 2012-05-29 Filip Pizlo <fpizlo@apple.com>
72 DFG CFA should infer types and values of captured variables
73 https://bugs.webkit.org/show_bug.cgi?id=87813
75 Reviewed by Gavin Barraclough.
77 Slight speed-up in V8/earley-boyer (~1%).
79 * bytecode/CodeBlock.h:
80 (JSC::CodeBlock::argumentsAreCaptured):
81 (JSC::CodeBlock::argumentIsCaptured):
83 * dfg/DFGAbstractState.cpp:
85 (JSC::DFG::AbstractState::beginBasicBlock):
86 (JSC::DFG::AbstractState::initialize):
87 (JSC::DFG::AbstractState::endBasicBlock):
88 (JSC::DFG::AbstractState::execute):
89 (JSC::DFG::AbstractState::clobberWorld):
90 (JSC::DFG::AbstractState::clobberStructures):
91 (JSC::DFG::AbstractState::mergeStateAtTail):
92 (JSC::DFG::AbstractState::merge):
93 (JSC::DFG::AbstractState::mergeToSuccessors):
94 * dfg/DFGAbstractState.h:
95 (JSC::DFG::AbstractState::variables):
97 * dfg/DFGSpeculativeJIT32_64.cpp:
98 (JSC::DFG::SpeculativeJIT::compile):
99 * dfg/DFGSpeculativeJIT64.cpp:
100 (JSC::DFG::SpeculativeJIT::compile):
102 2012-05-30 Patrick Gansterer <paroga@webkit.org>
104 Unreviewed. Build fix for !ENABLE(JIT) after r117823.
106 * bytecode/CodeBlock.cpp:
107 (JSC::CodeBlock::dump):
109 2012-05-30 Sheriff Bot <webkit.review.bot@gmail.com>
111 Unreviewed, rolling out r118868.
112 http://trac.webkit.org/changeset/118868
113 https://bugs.webkit.org/show_bug.cgi?id=87828
115 introduced ~20 crashes on Mac and Qt bots (Requested by pizlo_
119 (JSC::Heap::collect):
120 * heap/MarkedBlock.cpp:
121 (JSC::MarkedBlock::sweep):
122 * heap/MarkedBlock.h:
123 (JSC::MarkedBlock::sweepWeakSet):
125 * heap/MarkedSpace.cpp:
126 (JSC::SweepWeakSet::operator()):
128 (JSC::MarkedSpace::sweepWeakSets):
129 * heap/MarkedSpace.h:
132 2012-05-29 Geoffrey Garen <ggaren@apple.com>
134 Rolled back in r118646, now that
135 https://bugs.webkit.org/show_bug.cgi?id=87784 is fixed.
137 http://trac.webkit.org/changeset/118646
138 https://bugs.webkit.org/show_bug.cgi?id=87599
141 (JSC::Heap::collect):
142 * heap/MarkedBlock.cpp:
143 (JSC::MarkedBlock::sweep):
144 * heap/MarkedBlock.h:
146 * heap/MarkedSpace.cpp:
148 * heap/MarkedSpace.h:
151 2012-05-29 Filip Pizlo <fpizlo@apple.com>
153 DFG should keep captured variables alive until the (inline) return.
154 https://bugs.webkit.org/show_bug.cgi?id=87205
156 Reviewed by Gavin Barraclough.
158 Changes the way we do flushing for captured variables and arguments. Instead of flushing
159 each SetLocal immediately, we flush at kill points. So a SetLocal will cause a Flush of
160 whatever was live in the variable previously, and a return will cause a Flush of all
161 captured variables and all arguments.
163 * dfg/DFGByteCodeParser.cpp:
164 (JSC::DFG::ByteCodeParser::setDirect):
165 (JSC::DFG::ByteCodeParser::set):
166 (JSC::DFG::ByteCodeParser::setLocal):
167 (JSC::DFG::ByteCodeParser::getArgument):
168 (JSC::DFG::ByteCodeParser::setArgument):
169 (JSC::DFG::ByteCodeParser::findArgumentPositionForArgument):
171 (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
172 (JSC::DFG::ByteCodeParser::findArgumentPosition):
173 (JSC::DFG::ByteCodeParser::flush):
174 (JSC::DFG::ByteCodeParser::flushDirect):
175 (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
176 (JSC::DFG::ByteCodeParser::handleInlining):
177 (JSC::DFG::ByteCodeParser::parseBlock):
178 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
179 * dfg/DFGCSEPhase.cpp:
180 (JSC::DFG::CSEPhase::setLocalStoreElimination):
181 (JSC::DFG::CSEPhase::performNodeCSE):
182 * dfg/DFGSpeculativeJIT.cpp:
183 (JSC::DFG::SpeculativeJIT::compile):
184 * dfg/DFGSpeculativeJIT.h:
185 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
187 2012-05-29 Geoffrey Garen <ggaren@apple.com>
189 WeakGCMap should be lazy-finalization-safe
190 https://bugs.webkit.org/show_bug.cgi?id=87784
192 Reviewed by Darin Adler.
194 * runtime/WeakGCMap.h:
195 (JSC::WeakGCMap::get): Since this is a map of raw WeakImpl pointers, and
196 not Weak<T>, we need to verify manually that the WeakImpl is live before
197 we return its payload.
199 2012-05-29 Mark Hahnenberg <mhahnenberg@apple.com>
201 CopiedSpace::doneCopying could start another collection
202 https://bugs.webkit.org/show_bug.cgi?id=86538
204 Reviewed by Geoffrey Garen.
206 It's possible that if we don't have anything at the head of to-space
207 after a collection and the BlockAllocator doesn't have any fresh blocks
208 to give us right now we could start another collection while still in
209 the middle of the first collection when we call CopiedSpace::addNewBlock().
211 One way to resolve this would be to have Heap::shouldCollect() check that
212 m_operationInProgress is NoOperation. This would prevent the path in
213 getFreshBlock() that starts the collection if we're already in the middle of one.
215 I could not come up with a test case to reproduce this crash on ToT.
218 (JSC::Heap::shouldCollect): We shouldn't collect if we're already in the middle
219 of a collection, i.e. the current operation should be NoOperation.
221 2012-05-29 David Barr <davidbarr@chromium.org>
223 Introduce ENABLE_CSS_IMAGE_RESOLUTION compile flag
224 https://bugs.webkit.org/show_bug.cgi?id=87685
226 Reviewed by Eric Seidel.
228 Add a configuration option for CSS image-resolution support, disabling it by default.
230 * Configurations/FeatureDefines.xcconfig:
232 2012-05-28 Sheriff Bot <webkit.review.bot@gmail.com>
234 Unreviewed, rolling out r118646.
235 http://trac.webkit.org/changeset/118646
236 https://bugs.webkit.org/show_bug.cgi?id=87691
238 broke V8 raytrace benchmark (Requested by pizlo_ on #webkit).
241 (JSC::Heap::collect):
242 * heap/MarkedBlock.cpp:
243 (JSC::MarkedBlock::sweep):
244 * heap/MarkedBlock.h:
245 (JSC::MarkedBlock::sweepWeakSet):
247 * heap/MarkedSpace.cpp:
248 (JSC::SweepWeakSet::operator()):
250 (JSC::MarkedSpace::sweepWeakSets):
251 * heap/MarkedSpace.h:
254 2012-05-28 Filip Pizlo <fpizlo@apple.com>
256 DFG should not generate code for code that the CFA proves to be unreachable
257 https://bugs.webkit.org/show_bug.cgi?id=87682
259 Reviewed by Sam Weinig.
261 This also fixes a small performance bug where CFA was not marking blocks
262 as having constants (and hence not triggering constant folding) if the only
263 constants were on GetLocals.
265 And fixing that bug revealed another bug: constant folding was assuming that
266 a GetLocal must be the first access to a local in a basic block. This isn't
267 true. The first access may be a Flush. This patch fixes that issue using the
268 safest approach possible, since we don't need to be clever for something that
269 only happens in one of our benchmarks.
271 * dfg/DFGAbstractState.cpp:
272 (JSC::DFG::AbstractState::execute):
273 * dfg/DFGConstantFoldingPhase.cpp:
274 (JSC::DFG::ConstantFoldingPhase::run):
275 * dfg/DFGJITCompiler.h:
276 (JSC::DFG::JITCompiler::noticeOSREntry):
277 * dfg/DFGSpeculativeJIT.cpp:
278 (JSC::DFG::SpeculativeJIT::compile):
280 2012-05-28 Carlos Garcia Campos <cgarcia@igalia.com>
282 Unreviewed. Fix make distcheck.
284 * GNUmakefile.list.am: Add missing header file.
286 2012-05-27 Geoffrey Garen <ggaren@apple.com>
288 Weak pointer finalization should be lazy
289 https://bugs.webkit.org/show_bug.cgi?id=87599
291 Reviewed by Darin Adler.
294 (JSC::Heap::collect): Don't force immediate finalization -- it will
297 * heap/MarkedBlock.cpp:
298 (JSC::MarkedBlock::sweep): Sweep a block's weak set when sweeping the
299 block. The weak set may not have been swept yet, and this is our last
300 chance to run weak finalizers before we recycle the memory they reference.
302 * heap/MarkedBlock.h:
303 * heap/MarkedSpace.cpp:
304 (JSC::MarkedBlock::sweepWeakSets):
305 * heap/MarkedSpace.h:
306 (JSC::MarkedSpace::sweepWeakSets): Nixed sweepWeakSets because it's unused
309 2012-05-26 Geoffrey Garen <ggaren@apple.com>
311 WebKit should be lazy-finalization-safe (esp. the DOM) v2
312 https://bugs.webkit.org/show_bug.cgi?id=87581
314 Reviewed by Oliver Hunt.
316 * heap/MarkedBlock.cpp:
317 (JSC::MarkedBlock::callDestructor):
319 * heap/WeakSetInlines.h:
320 (JSC::WeakBlock::finalize): Since we don't guarantee destruction order,
321 it's not valid to access GC pointers like the Structure pointer during
322 finalization. We NULL out the structure pointer in debug builds to try
323 to make this programming mistake more obvious.
325 * API/JSCallbackConstructor.cpp:
326 (JSC::JSCallbackConstructor::destroy):
327 * API/JSCallbackObject.cpp:
329 (JSC::JSCallbackObjectData::finalize):
330 * runtime/Arguments.cpp:
331 (JSC::Arguments::destroy):
332 * runtime/DateInstance.cpp:
333 (JSC::DateInstance::destroy):
335 (JSC::StrictModeTypeErrorFunction::destroy):
336 * runtime/Executable.cpp:
337 (JSC::ExecutableBase::destroy):
338 (JSC::NativeExecutable::destroy):
339 (JSC::ScriptExecutable::destroy):
340 (JSC::EvalExecutable::destroy):
341 (JSC::ProgramExecutable::destroy):
342 (JSC::FunctionExecutable::destroy):
343 * runtime/JSGlobalObject.cpp:
344 (JSC::JSGlobalObject::destroy):
345 * runtime/JSPropertyNameIterator.cpp:
346 (JSC::JSPropertyNameIterator::destroy):
347 * runtime/JSStaticScopeObject.cpp:
348 (JSC::JSStaticScopeObject::destroy):
349 * runtime/JSString.cpp:
350 (JSC::JSString::destroy):
351 * runtime/JSVariableObject.cpp:
352 (JSC::JSVariableObject::destroy):
353 * runtime/NameInstance.cpp:
354 (JSC::NameInstance::destroy):
355 * runtime/RegExp.cpp:
356 (JSC::RegExp::destroy):
357 * runtime/RegExpConstructor.cpp:
358 (JSC::RegExpConstructor::destroy):
359 * runtime/Structure.cpp:
360 (JSC::Structure::destroy):
361 * runtime/StructureChain.cpp:
362 (JSC::StructureChain::destroy): Use static_cast instead of jsCast because
363 jsCast does Structure-based validation, and our Structure is not guaranteed
364 to be alive when we get finalized.
366 2012-05-22 Filip Pizlo <fpizlo@apple.com>
368 DFG CSE should eliminate redundant WeakJSConstants
369 https://bugs.webkit.org/show_bug.cgi?id=87179
371 Reviewed by Gavin Barraclough.
373 Merged r118141 from dfgopt.
375 * dfg/DFGCSEPhase.cpp:
376 (JSC::DFG::CSEPhase::weakConstantCSE):
378 (JSC::DFG::CSEPhase::performNodeCSE):
380 (JSC::DFG::Node::weakConstant):
382 2012-05-22 Filip Pizlo <fpizlo@apple.com>
384 DFG CSE should do redundant store elimination
385 https://bugs.webkit.org/show_bug.cgi?id=87161
387 Reviewed by Oliver Hunt.
389 Merge r118138 from dfgopt.
391 This patch adds redundant store elimination. For example, consider this
397 If o.x is speculated to be a well-behaved field, the first assignment is
398 unnecessary, since the second just overwrites it. We would like to
399 eliminate the first assignment in these cases. The need for this
400 optimization arises mostly from stores that our runtime requires. For
405 This will have four assignments to the structure for the newly created
406 object - one assignment for the empty structure, one for {f}, one for
407 {f, g}, and one for {f, g, h}. We would like to only have the last of
408 those assigments in this case.
410 Intriguingly, doing so for captured variables breaks the way arguments
411 simplification used to work. Consider that prior to either arguments
412 simplification or store elimination we will have IR that looks like:
414 a: SetLocal(r0, Empty)
415 b: SetLocal(r1, Empty)
417 d: CreateArguments(@c)
421 Then redundant store elimination will eliminate the stores that
422 initialize the arguments registers to Empty, but then arguments
423 simplification eliminates the stores that initialize the arguments to
424 the newly created arguments - and at this point we no longer have any
425 stores to the arguments register, leading to hilarious crashes. This
426 patch therefore changes arguments simplification to replace
427 CreateArguments with JSConstant(Empty) rather than eliminating the
428 SetLocals. But this revealed bugs where arguments simplification was
429 being overzealous, so I fixed those bugs.
431 This is a minor speed-up on V8/early and a handful of other tests.
433 * bytecode/CodeBlock.h:
434 (JSC::CodeBlock::uncheckedActivationRegister):
435 * dfg/DFGAbstractState.cpp:
436 (JSC::DFG::AbstractState::execute):
437 * dfg/DFGArgumentsSimplificationPhase.cpp:
438 (JSC::DFG::ArgumentsSimplificationPhase::run):
439 (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
440 (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
441 (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
442 * dfg/DFGCSEPhase.cpp:
443 (JSC::DFG::CSEPhase::globalVarStoreElimination):
445 (JSC::DFG::CSEPhase::putStructureStoreElimination):
446 (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
447 (JSC::DFG::CSEPhase::setLocalStoreElimination):
448 (JSC::DFG::CSEPhase::setReplacement):
449 (JSC::DFG::CSEPhase::eliminate):
450 (JSC::DFG::CSEPhase::performNodeCSE):
452 (JSC::DFG::Graph::uncheckedActivationRegisterFor):
455 (JSC::DFG::Node::isPhantomArguments):
457 (JSC::DFG::Node::hasConstant):
458 (JSC::DFG::Node::valueOfJSConstant):
459 (JSC::DFG::Node::hasStructureTransitionData):
462 * dfg/DFGPredictionPropagationPhase.cpp:
463 (JSC::DFG::PredictionPropagationPhase::propagate):
464 * dfg/DFGSpeculativeJIT.cpp:
465 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
466 * dfg/DFGSpeculativeJIT32_64.cpp:
467 (JSC::DFG::SpeculativeJIT::compile):
468 * dfg/DFGSpeculativeJIT64.cpp:
469 (JSC::DFG::SpeculativeJIT::compile):
471 2012-05-21 Filip Pizlo <fpizlo@apple.com>
473 DFG ConvertThis should just be a CheckStructure if the structure is known
474 https://bugs.webkit.org/show_bug.cgi?id=87057
476 Reviewed by Gavin Barraclough.
478 Merged r118021 from dfgopt.
480 This gives ValueProfile the ability to track singleton values - i.e. profiling
481 sites that always see the same value.
483 That is then used to profile the structure in op_convert_this.
485 This is then used to optimize op_convert_this into a CheckStructure if the
486 structure is always the same.
488 That then results in better CSE in inlined code that uses 'this', since
489 previously we couldn't CSE accesses on 'this' from different inline call frames.
491 Also fixed a bug where we were unnecessarily flushing 'this'.
493 * bytecode/CodeBlock.cpp:
494 (JSC::CodeBlock::dump):
495 (JSC::CodeBlock::stronglyVisitStrongReferences):
496 * bytecode/LazyOperandValueProfile.cpp:
497 (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
498 * bytecode/LazyOperandValueProfile.h:
499 (CompressedLazyOperandValueProfileHolder):
502 (JSC::padOpcodeName):
503 * bytecode/ValueProfile.h:
504 (JSC::ValueProfileBase::ValueProfileBase):
505 (JSC::ValueProfileBase::dump):
506 (JSC::ValueProfileBase::computeUpdatedPrediction):
508 * bytecompiler/BytecodeGenerator.cpp:
509 (JSC::BytecodeGenerator::BytecodeGenerator):
510 * dfg/DFGByteCodeParser.cpp:
511 (JSC::DFG::ByteCodeParser::setArgument):
512 (JSC::DFG::ByteCodeParser::parseBlock):
513 * jit/JITOpcodes.cpp:
514 (JSC::JIT::emit_op_convert_this):
515 (JSC::JIT::emitSlow_op_convert_this):
516 * jit/JITOpcodes32_64.cpp:
517 (JSC::JIT::emit_op_convert_this):
518 (JSC::JIT::emitSlow_op_convert_this):
519 * llint/LLIntSlowPaths.cpp:
520 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
521 * llint/LowLevelInterpreter32_64.asm:
522 * llint/LowLevelInterpreter64.asm:
525 * runtime/Structure.h:
526 (JSC::JSValue::structureOrUndefined):
529 2012-05-24 Tim Horton <timothy_horton@apple.com>
531 Add feature defines for web-facing parts of CSS Regions and Exclusions
532 https://bugs.webkit.org/show_bug.cgi?id=87442
533 <rdar://problem/10887709>
535 Reviewed by Dan Bernstein.
537 * Configurations/FeatureDefines.xcconfig:
539 2012-05-24 Geoffrey Garen <ggaren@apple.com>
541 WebKit should be lazy-finalization-safe (esp. the DOM)
542 https://bugs.webkit.org/show_bug.cgi?id=87456
544 Reviewed by Filip Pizlo.
546 Lazy finalization adds one twist to weak pointer use:
548 A HashMap of weak pointers may contain logically null entries.
549 (Weak pointers behave as-if null once their payloads die.)
550 Insertion must not assume that a pre-existing entry is
551 necessarily valid, and iteration must not assume that all
552 entries can be dereferenced.
554 (Previously, I thought that it also added a second twist:
556 A demand-allocated weak pointer may replace a dead payload
557 before the payload's finalizer runs. In that case, when the
558 payload's finalizer runs, the payload has already been
559 overwritten, and the finalizer should not clear the payload,
560 which now points to something new.
562 But that's not the case here, since we cancel the old payload's
563 finalizer when we over-write it. I've added ASSERTs to verify this
564 assumption, in case it ever changes.)
566 * API/JSClassRef.cpp:
567 (OpaqueJSClass::prototype): No need to specify null; that's the default.
569 * API/JSWeakObjectMapRefPrivate.cpp: Use remove, since take() is gone.
572 (WeakImplAccessor::was): This is no longer a debug-only function, since
573 it's required to reason about lazily finalized pointers.
578 (JSC::weakClear): Added these helper functions for the common idioms of
579 what clients want to do in their weak pointer finalizers.
582 (JSC::JITThunks::hostFunctionStub): Use the new idioms. Otherwise, we
583 would return NULL for a "zombie" executable weak pointer that was waiting
584 for finalization (item (2)), and finalizing a dead executable weak pointer
585 would potentially destroy a new, live one (item (1)).
587 * runtime/RegExpCache.cpp:
588 (JSC::RegExpCache::lookupOrCreate):
589 (JSC::RegExpCache::finalize): Ditto.
591 (JSC::RegExpCache::invalidateCode): Check for null while iterating. (See
594 * runtime/Structure.cpp:
595 (JSC::StructureTransitionTable::contains):
596 (JSC::StructureTransitionTable::add): Use get and set instead of add and
597 contains, since add and contains are not compatible with lazy finalization.
599 * runtime/WeakGCMap.h:
601 (JSC::WeakGCMap::clear):
602 (JSC::WeakGCMap::remove): Removed a bunch of code that was incompatible with
603 lazy finalization because I didn't feel like making it compatible, and I had
606 2012-05-24 Filip Pizlo <fpizlo@apple.com>
608 REGRESSION (r118013-r118031): Loops/Reloads under www.yahoo.com, quits after three tries with error
609 https://bugs.webkit.org/show_bug.cgi?id=87327
611 Reviewed by Geoffrey Garen.
613 If you use AbstractValue::filter(StructureSet) to test subset relationships between TOP and a
614 set containing >=2 elements, you're going to have a bad time.
616 That's because AbstractValue considers a set with >=2 elements to be equivalent to TOP, in order
617 to save space and speed up convergence. So filtering has no effect in this case, which made
618 the code think that the abstract value was proving that the structure check was unnecessary.
619 The correct thing to do is to use isSubsetOf() on the StructureAbstractValue, which does the
620 right thingies for TOP and >=2 elements.
622 * dfg/DFGAbstractState.cpp:
623 (JSC::DFG::AbstractState::execute):
624 * dfg/DFGSpeculativeJIT32_64.cpp:
625 (JSC::DFG::SpeculativeJIT::compile):
626 * dfg/DFGSpeculativeJIT64.cpp:
627 (JSC::DFG::SpeculativeJIT::compile):
629 2012-05-24 Filip Pizlo <fpizlo@apple.com>
631 new test fast/js/dfg-arguments-mixed-alias.html fails on JSVALUE32_64
632 https://bugs.webkit.org/show_bug.cgi?id=87378
634 Reviewed by Gavin Barraclough.
636 - Captured variable tracking forgot did not consistently handle arguments, leading to OSR
639 - Nodes capable of exiting were tracked in a non-monotonic way, leading to compiler errors.
641 * dfg/DFGByteCodeParser.cpp:
642 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
643 * dfg/DFGCSEPhase.cpp:
644 (JSC::DFG::CSEPhase::CSEPhase):
646 (JSC::DFG::performCSE):
653 (JSC::DFG::Graph::resetExitStates):
659 (JSC::DFG::runPhase):
661 2012-05-24 Geoffrey Garen <ggaren@apple.com>
663 Made WeakSet per-block instead of per-heap
664 https://bugs.webkit.org/show_bug.cgi?id=87401
666 Reviewed by Oliver Hunt.
668 This allows us fast access to the set of all weak pointers for a block,
669 which is a step toward lazy finalization.
671 No performance change.
675 (JSC::Heap::lastChanceToFinalize): Removed the per-heap weak set, since
678 (JSC::Heap::markRoots): Delegate weak set visiting to the marked space,
679 since it knows how to iterate all blocks.
681 (JSC::Heap::collect): Moved the reaping outside of markRoots, since it
682 doesn't mark anything.
684 Make sure to reset allocators after shrinking, since shrinking may
685 deallocate the current allocator.
688 (Heap): No more per-heap weak set, since it's per-block now.
690 * heap/MarkedBlock.cpp:
691 (JSC::MarkedBlock::MarkedBlock):
692 * heap/MarkedBlock.h:
694 (JSC::MarkedBlock::lastChanceToFinalize): Migrated finalization logic
695 here from the heap, so the heap doesn't need to know about our internal
696 data structures like our weak set.
698 (JSC::MarkedBlock::heap):
699 (JSC::MarkedBlock::weakSet):
700 (JSC::MarkedBlock::shrink):
701 (JSC::MarkedBlock::resetAllocator):
702 (JSC::MarkedBlock::visitWeakSet):
703 (JSC::MarkedBlock::reapWeakSet):
704 (JSC::MarkedBlock::sweepWeakSet):
705 * heap/MarkedSpace.cpp:
706 (JSC::VisitWeakSet::VisitWeakSet):
707 (JSC::VisitWeakSet::operator()):
710 (JSC::ReapWeakSet::operator()):
711 (JSC::SweepWeakSet::operator()):
712 (JSC::LastChanceToFinalize::operator()):
713 (JSC::MarkedSpace::lastChanceToFinalize):
714 (JSC::ResetAllocator::operator()):
715 (JSC::MarkedSpace::resetAllocators):
716 (JSC::MarkedSpace::visitWeakSets):
717 (JSC::MarkedSpace::reapWeakSets):
718 (JSC::MarkedSpace::sweepWeakSets):
719 (JSC::Shrink::operator()):
720 (JSC::MarkedSpace::shrink):
721 * heap/MarkedSpace.h:
722 (MarkedSpace): Make sure to account for our weak sets when sweeping,
729 (JSC::WeakSet::heap):
731 (JSC::WeakSet::lastChanceToFinalize):
732 (JSC::WeakSet::visit):
733 (JSC::WeakSet::reap):
734 (JSC::WeakSet::shrink):
735 (JSC::WeakSet::resetAllocator): Inlined some things since they're called
736 once per block now instead of once per heap.
738 * heap/WeakSetInlines.h:
739 (JSC::WeakSet::allocate): Use the per-block weak set since there is no
740 per-heap weak set anymore.
742 2012-05-24 Gavin Barraclough <barraclough@apple.com>
746 Rubber stamped by Geoff Garen
751 2012-05-24 Gavin Barraclough <barraclough@apple.com>
753 Move cacheFlush from ExecutableAllocator to Assembler classes
754 https://bugs.webkit.org/show_bug.cgi?id=87420
756 Reviewed by Oliver Hunt.
758 Makes more sense there, & remove a pile of #ifdefs.
760 * assembler/ARMAssembler.cpp:
762 (JSC::ARMAssembler::cacheFlush):
763 * assembler/ARMAssembler.h:
765 (JSC::ARMAssembler::cacheFlush):
766 * assembler/ARMv7Assembler.h:
767 (JSC::ARMv7Assembler::relinkJump):
768 (JSC::ARMv7Assembler::cacheFlush):
770 (JSC::ARMv7Assembler::setInt32):
771 (JSC::ARMv7Assembler::setUInt7ForLoad):
772 * assembler/AbstractMacroAssembler.h:
773 (JSC::AbstractMacroAssembler::cacheFlush):
774 * assembler/LinkBuffer.h:
775 (JSC::LinkBuffer::performFinalization):
776 * assembler/MIPSAssembler.h:
777 (JSC::MIPSAssembler::relinkJump):
778 (JSC::MIPSAssembler::relinkCall):
779 (JSC::MIPSAssembler::repatchInt32):
780 (JSC::MIPSAssembler::cacheFlush):
782 * assembler/SH4Assembler.h:
783 (JSC::SH4Assembler::repatchCompact):
784 (JSC::SH4Assembler::cacheFlush):
786 * assembler/X86Assembler.h:
788 (JSC::X86Assembler::cacheFlush):
789 * jit/ExecutableAllocator.cpp:
791 * jit/ExecutableAllocator.h:
792 (ExecutableAllocator):
794 2012-05-24 John Mellor <johnme@chromium.org>
796 Font Boosting: Add compile flag and runtime setting
797 https://bugs.webkit.org/show_bug.cgi?id=87394
799 Reviewed by Adam Barth.
801 Add ENABLE_FONT_BOOSTING.
803 * Configurations/FeatureDefines.xcconfig:
805 2012-05-24 Allan Sandfeld Jensen <allan.jensen@nokia.com>
807 cti_vm_throw gets kicked out by gcc 4.6 -flto
808 https://bugs.webkit.org/show_bug.cgi?id=56088
810 Reviewed by Darin Adler.
812 Add REFERENCED_FROM_ASM to functions only referenced from assembler.
814 * dfg/DFGOperations.cpp:
815 * jit/HostCallReturnValue.h:
817 * jit/ThunkGenerators.cpp:
819 2012-05-24 Filip Pizlo <fpizlo@apple.com>
821 Incorrect merge of r117542 from dfg opt branch in r118323 is leading to fast/js/dfg-arguments-osr-exit.html failing
822 https://bugs.webkit.org/show_bug.cgi?id=87350
824 Reviewed by Maciej Stachowiak.
826 The dfgopt branch introduced the notion of a local variable being killed because it was aliased
827 to the Arguments object as in cases like:
832 This required changes to OSR exit handling - if the variable is dead but aliased to arguments, then
833 OSR exit should reify the arguments. But meanwhile, in tip of tree we introduced special handling for
834 dead variables on OSR exit. When the two were merged in r118323, the structure of the if/else branches
835 ended up being such that we would treat dead arguments variables as totally dead as opposed to treating
836 them as variables that need arguments reification.
838 This fixes the structure of the relevant if/else block so that variables that are dead-but-arguments
839 end up being treated as reified arguments objects, while variables that are dead but not aliased to
840 arguments are treated as tip of tree would have treated them (initialize to Undefined).
842 * dfg/DFGSpeculativeJIT.cpp:
843 (JSC::DFG::SpeculativeJIT::compile):
845 2012-05-24 Csaba Osztrogonác <ossy@webkit.org>
847 Unreviewed 32 bit buildfix after r118325.
849 * dfg/DFGSpeculativeJIT32_64.cpp:
850 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal): Use ASSERT_UNUSED instead ASSERT.
852 2012-05-23 Filip Pizlo <fpizlo@apple.com>
854 DFG operationTearOffActivation should return after handling the null activation case
855 https://bugs.webkit.org/show_bug.cgi?id=87348
856 <rdar://problem/11522295>
858 Reviewed by Oliver Hunt.
860 * dfg/DFGOperations.cpp:
862 2012-05-23 Filip Pizlo <fpizlo@apple.com>
864 Unreviewed, merge the arguments fix in r118138 to get bots green.
866 * dfg/DFGArgumentsSimplificationPhase.cpp:
867 (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
869 2012-05-20 Filip Pizlo <fpizlo@apple.com>
871 DFG CFA should record if a node can OSR exit
872 https://bugs.webkit.org/show_bug.cgi?id=86905
874 Reviewed by Oliver Hunt.
876 Merged r117931 from dfgopt.
878 Adds a NodeFlag that denotes nodes that are known to not have OSR exits.
879 This ought to aid any backwards analyses that need to know when a
880 backward flow merge might happen due to a side exit.
882 Also added assertions into speculationCheck() that ensure that we did not
883 mark a node as non-exiting and then promptly compile in an exit. This
884 helped catch some minor bugs where we were doing unnecessary speculation
887 This is a perf-neutral change. The speculation checks that this removes
888 were not on hot paths of major benchmarks.
890 * bytecode/PredictedType.h:
892 (JSC::isAnyPrediction):
893 * dfg/DFGAbstractState.cpp:
894 (JSC::DFG::AbstractState::execute):
895 * dfg/DFGAbstractState.h:
896 (JSC::DFG::AbstractState::speculateInt32Unary):
898 (JSC::DFG::AbstractState::speculateNumberUnary):
899 (JSC::DFG::AbstractState::speculateBooleanUnary):
900 (JSC::DFG::AbstractState::speculateInt32Binary):
901 (JSC::DFG::AbstractState::speculateNumberBinary):
903 (JSC::DFG::Node::mergeFlags):
904 (JSC::DFG::Node::filterFlags):
906 (JSC::DFG::Node::setCanExit):
907 (JSC::DFG::Node::canExit):
908 * dfg/DFGNodeFlags.cpp:
909 (JSC::DFG::nodeFlagsAsString):
910 * dfg/DFGNodeFlags.h:
912 * dfg/DFGSpeculativeJIT.cpp:
913 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
914 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
915 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
916 * dfg/DFGSpeculativeJIT.h:
917 (JSC::DFG::SpeculativeJIT::speculationCheck):
918 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
919 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
921 * dfg/DFGSpeculativeJIT32_64.cpp:
922 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
923 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
924 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
925 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
926 (JSC::DFG::SpeculativeJIT::compile):
927 * dfg/DFGSpeculativeJIT64.cpp:
928 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
929 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
930 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
931 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
932 (JSC::DFG::SpeculativeJIT::compile):
934 2012-05-20 Filip Pizlo <fpizlo@apple.com>
936 DFG should not do unnecessary indirections when storing to objects
937 https://bugs.webkit.org/show_bug.cgi?id=86959
939 Reviewed by Oliver Hunt.
941 Merged r117819 from dfgopt.
943 * dfg/DFGByteCodeParser.cpp:
944 (JSC::DFG::ByteCodeParser::parseBlock):
945 * dfg/DFGCSEPhase.cpp:
946 (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
947 * dfg/DFGSpeculativeJIT32_64.cpp:
948 (JSC::DFG::SpeculativeJIT::compile):
949 * dfg/DFGSpeculativeJIT64.cpp:
950 (JSC::DFG::SpeculativeJIT::compile):
952 2012-05-17 Filip Pizlo <fpizlo@apple.com>
954 DFG should optimize aliased uses of the Arguments object of the current call frame
955 https://bugs.webkit.org/show_bug.cgi?id=86552
957 Reviewed by Geoff Garen.
959 Merged r117542 and r117543 from dfgopt.
961 Performs must-alias and escape analysis on uses of CreateArguments, and if
962 a variable is must-aliased to CreateArguments and does not escape, then we
963 turn all uses of that variable into direct arguments accesses.
965 36% speed-up on V8/earley leading to a 2.3% speed-up overall in V8.
967 * bytecode/CodeBlock.h:
968 (JSC::CodeBlock::uncheckedArgumentsRegister):
969 * bytecode/ValueRecovery.h:
970 (JSC::ValueRecovery::argumentsThatWereNotCreated):
972 (JSC::ValueRecovery::dump):
973 * dfg/DFGAbstractState.cpp:
974 (JSC::DFG::AbstractState::execute):
975 * dfg/DFGAdjacencyList.h:
977 (JSC::DFG::AdjacencyList::removeEdgeFromBag):
978 * dfg/DFGArgumentsSimplificationPhase.cpp:
979 (JSC::DFG::ArgumentsSimplificationPhase::run):
980 (ArgumentsSimplificationPhase):
981 (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
982 (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
983 (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
984 (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
985 (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
986 * dfg/DFGAssemblyHelpers.h:
987 (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
989 * dfg/DFGByteCodeParser.cpp:
990 (JSC::DFG::ByteCodeParser::parseBlock):
991 * dfg/DFGCFGSimplificationPhase.cpp:
992 (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
996 (JSC::DFG::Graph::collectGarbage):
1000 (JSC::DFG::Graph::executableFor):
1001 (JSC::DFG::Graph::argumentsRegisterFor):
1002 (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
1003 (JSC::DFG::Graph::clobbersWorld):
1005 (JSC::DFG::Node::hasHeapPrediction):
1006 * dfg/DFGNodeType.h:
1008 * dfg/DFGOSRExitCompiler.cpp:
1009 * dfg/DFGOSRExitCompiler.h:
1010 (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
1012 * dfg/DFGOSRExitCompiler32_64.cpp:
1013 (JSC::DFG::OSRExitCompiler::compileExit):
1014 * dfg/DFGOSRExitCompiler64.cpp:
1015 (JSC::DFG::OSRExitCompiler::compileExit):
1016 * dfg/DFGOperations.cpp:
1017 * dfg/DFGPredictionPropagationPhase.cpp:
1018 (JSC::DFG::PredictionPropagationPhase::propagate):
1019 * dfg/DFGSpeculativeJIT.cpp:
1020 (JSC::DFG::ValueSource::dump):
1021 (JSC::DFG::SpeculativeJIT::compile):
1022 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1023 * dfg/DFGSpeculativeJIT.h:
1024 * dfg/DFGSpeculativeJIT32_64.cpp:
1025 (JSC::DFG::SpeculativeJIT::compile):
1026 * dfg/DFGSpeculativeJIT64.cpp:
1027 (JSC::DFG::SpeculativeJIT::compile):
1028 * dfg/DFGVariableAccessData.h:
1029 (JSC::DFG::VariableAccessData::VariableAccessData):
1030 (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias):
1031 (VariableAccessData):
1032 (JSC::DFG::VariableAccessData::isArgumentsAlias):
1033 * jit/JITOpcodes.cpp:
1034 (JSC::JIT::emitSlow_op_get_argument_by_val):
1036 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1038 DFGCapabilities should not try to get an arguments register from code blocks that don't have one
1039 https://bugs.webkit.org/show_bug.cgi?id=87332
1041 Reviewed by Andy Estes.
1043 * dfg/DFGCapabilities.h:
1044 (JSC::DFG::canInlineOpcode):
1046 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1048 DFG should have sparse conditional constant propagation
1049 https://bugs.webkit.org/show_bug.cgi?id=86580
1051 Reviewed by Oliver Hunt.
1053 Merged r117370 from dfgopt.
1055 This enhances CFA so that if it suspects at any point during the fixpoint that a
1056 branch will only go one way, then it only propagates in that one way.
1058 This vastly increases the opportunities for CFG simplification. For example, it
1059 enables us to evaporate this loop:
1061 for (var i = 0; i < 1; ++i) doThings(i);
1063 As a result, it uncovered loads of bugs in the CFG simplifier. In particular:
1065 - Phi fixup was assuming that all Phis worth fixing up are shouldGenerate().
1066 That's not true; we also fixup Phis that are dead.
1068 - GetLocal fixup was assuming that it's only necessary to rewire links to a
1069 GetLocal, and that the GetLocal's own links don't need to be rewired. Untrue,
1070 because the GetLocal may not be rewirable (first block has no GetLocal for r42
1071 but second block does have a GetLocal), in which case it will refer to a Phi
1072 in the second block. We need it to refer to a Phi from the first block to
1073 ensure that subsequent transformations work.
1075 - Tail operand fixup was ignoring the fact that Phis in successors may contain
1076 references to the children of our tail variables. Hence, successor Phi child
1077 substitution needs to use the original second block variable table as its
1078 prior, rather than trying to reconstruct the prior later (since by that point
1079 the children of the second block's tail variables will have been fixed up, so
1080 we will not know what the prior would have been).
1082 * dfg/DFGAbstractState.cpp:
1083 (JSC::DFG::AbstractState::beginBasicBlock):
1084 (JSC::DFG::AbstractState::endBasicBlock):
1085 (JSC::DFG::AbstractState::reset):
1086 (JSC::DFG::AbstractState::execute):
1087 (JSC::DFG::AbstractState::mergeToSuccessors):
1088 * dfg/DFGAbstractState.h:
1089 (JSC::DFG::AbstractState::branchDirectionToString):
1091 * dfg/DFGCFGSimplificationPhase.cpp:
1092 (JSC::DFG::CFGSimplificationPhase::run):
1093 (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
1094 (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
1095 (OperandSubstitution):
1096 (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
1097 (JSC::DFG::CFGSimplificationPhase::recordPossibleIncomingReference):
1098 (CFGSimplificationPhase):
1099 (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
1100 (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1102 (JSC::DFG::Graph::changeEdge):
1104 2012-05-23 Ojan Vafai <ojan@chromium.org>
1106 add back the ability to disable flexbox
1107 https://bugs.webkit.org/show_bug.cgi?id=87147
1109 Reviewed by Tony Chang.
1111 * Configurations/FeatureDefines.xcconfig:
1113 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1115 Unreviewed, fix Windows build.
1117 * bytecode/CodeBlock.h:
1118 * dfg/DFGCapabilities.h:
1119 (JSC::DFG::canCompileOpcode):
1120 (JSC::DFG::canCompileOpcodes):
1124 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1126 DFG should optimize inlined uses of arguments.length and arguments[i]
1127 https://bugs.webkit.org/show_bug.cgi?id=86327
1129 Reviewed by Gavin Barraclough.
1131 Merged r117017 from dfgopt.
1133 Turns inlined uses of arguments.length into a constant.
1135 Turns inlined uses of arguments[constant] into a direct reference to the
1138 Big win on micro-benchmarks. Not yet a win on V8 because the hot uses of
1139 arguments.length and arguments[i] are aliased. I'll leave the aliasing
1140 optimizations to a later patch.
1143 * GNUmakefile.list.am:
1144 * JavaScriptCore.xcodeproj/project.pbxproj:
1146 * bytecode/DFGExitProfile.h:
1148 (JSC::DFG::FrequentExitSite::FrequentExitSite):
1149 (JSC::DFG::QueryableExitProfile::hasExitSite):
1150 (QueryableExitProfile):
1151 * dfg/DFGAbstractState.cpp:
1152 (JSC::DFG::AbstractState::execute):
1153 * dfg/DFGArgumentsSimplificationPhase.cpp: Added.
1155 (ArgumentsSimplificationPhase):
1156 (JSC::DFG::ArgumentsSimplificationPhase::ArgumentsSimplificationPhase):
1157 (JSC::DFG::ArgumentsSimplificationPhase::run):
1158 (JSC::DFG::performArgumentsSimplification):
1159 * dfg/DFGArgumentsSimplificationPhase.h: Added.
1161 * dfg/DFGAssemblyHelpers.cpp:
1162 (JSC::DFG::AssemblyHelpers::executableFor):
1164 * dfg/DFGAssemblyHelpers.h:
1166 * dfg/DFGByteCodeParser.cpp:
1167 (JSC::DFG::ByteCodeParser::parseBlock):
1168 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1169 * dfg/DFGCSEPhase.cpp:
1170 (JSC::DFG::CSEPhase::getLocalLoadElimination):
1171 (JSC::DFG::CSEPhase::performNodeCSE):
1172 * dfg/DFGDriver.cpp:
1173 (JSC::DFG::compile):
1175 (JSC::DFG::Graph::Graph):
1176 (JSC::DFG::Graph::executableFor):
1178 (JSC::DFG::Graph::clobbersWorld):
1180 (JSC::DFG::Node::convertToConstant):
1181 (JSC::DFG::Node::convertToGetLocalUnlinked):
1183 (JSC::DFG::Node::unlinkedLocal):
1184 * dfg/DFGNodeType.h:
1186 * dfg/DFGOSRExit.cpp:
1187 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
1188 * dfg/DFGPredictionPropagationPhase.cpp:
1189 (JSC::DFG::PredictionPropagationPhase::propagate):
1190 * dfg/DFGSpeculativeJIT32_64.cpp:
1191 (JSC::DFG::SpeculativeJIT::compile):
1192 * dfg/DFGSpeculativeJIT64.cpp:
1193 (JSC::DFG::SpeculativeJIT::compile):
1195 2012-05-13 Filip Pizlo <fpizlo@apple.com>
1197 DFG should be able to optimize foo.apply(bar, arguments)
1198 https://bugs.webkit.org/show_bug.cgi?id=86306
1200 Reviewed by Gavin Barraclough.
1202 Merge r116912 from dfgopt.
1204 Enables compilation of op_jneq_ptr and some forms of op_call_varargs.
1206 Also includes a bunch of bug fixes that were made necessary by the increased
1207 pressure on the CFG simplifier.
1209 This is a 1-2% win on V8.
1211 * bytecode/CodeBlock.cpp:
1212 (JSC::CodeBlock::printCallOp):
1213 (JSC::CodeBlock::CodeBlock):
1214 (JSC::ProgramCodeBlock::canCompileWithDFGInternal):
1215 (JSC::EvalCodeBlock::canCompileWithDFGInternal):
1216 (JSC::FunctionCodeBlock::canCompileWithDFGInternal):
1217 * bytecode/CodeBlock.h:
1219 (JSC::CodeBlock::canCompileWithDFG):
1220 (JSC::CodeBlock::canCompileWithDFGState):
1223 (FunctionCodeBlock):
1224 * dfg/DFGAbstractState.cpp:
1225 (JSC::DFG::AbstractState::execute):
1226 * dfg/DFGByteCodeParser.cpp:
1227 (JSC::DFG::ByteCodeParser::parseBlock):
1228 (JSC::DFG::ByteCodeParser::processPhiStack):
1229 (JSC::DFG::ByteCodeParser::parse):
1230 * dfg/DFGCFGSimplificationPhase.cpp:
1231 (JSC::DFG::CFGSimplificationPhase::run):
1232 (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
1233 (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
1234 (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1235 * dfg/DFGCSEPhase.cpp:
1236 (JSC::DFG::CSEPhase::getLocalLoadElimination):
1238 (JSC::DFG::CSEPhase::setReplacement):
1239 (JSC::DFG::CSEPhase::performNodeCSE):
1240 * dfg/DFGCapabilities.cpp:
1241 (JSC::DFG::debugFail):
1243 (JSC::DFG::canHandleOpcodes):
1244 (JSC::DFG::canCompileOpcodes):
1245 (JSC::DFG::canInlineOpcodes):
1246 * dfg/DFGCapabilities.h:
1247 (JSC::DFG::canCompileOpcode):
1248 (JSC::DFG::canInlineOpcode):
1250 (JSC::DFG::canCompileOpcodes):
1251 (JSC::DFG::canCompileEval):
1252 (JSC::DFG::canCompileProgram):
1253 (JSC::DFG::canCompileFunctionForCall):
1254 (JSC::DFG::canCompileFunctionForConstruct):
1257 (JSC::DFG::Graph::dump):
1258 * dfg/DFGNodeType.h:
1260 * dfg/DFGPredictionPropagationPhase.cpp:
1261 (JSC::DFG::PredictionPropagationPhase::propagate):
1262 * dfg/DFGSpeculativeJIT32_64.cpp:
1263 (JSC::DFG::SpeculativeJIT::compile):
1264 * dfg/DFGSpeculativeJIT64.cpp:
1265 (JSC::DFG::SpeculativeJIT::emitCall):
1266 (JSC::DFG::SpeculativeJIT::compile):
1267 * dfg/DFGValidate.cpp:
1269 (JSC::DFG::Validate::validate):
1270 (JSC::DFG::Validate::checkOperand):
1271 (JSC::DFG::Validate::reportValidationContext):
1273 (JSC::JIT::emitOptimizationCheck):
1274 (JSC::JIT::privateCompileSlowCases):
1275 (JSC::JIT::privateCompile):
1277 * jit/JITArithmetic.cpp:
1278 (JSC::JIT::compileBinaryArithOp):
1279 * jit/JITPropertyAccess.cpp:
1280 (JSC::JIT::privateCompilePutByIdTransition):
1281 * jit/JITPropertyAccess32_64.cpp:
1282 (JSC::JIT::privateCompilePutByIdTransition):
1283 * tools/CodeProfile.cpp:
1284 (JSC::CodeProfile::sample):
1286 2012-05-23 Geoffrey Garen <ggaren@apple.com>
1288 Refactored WeakBlock to use malloc, clarify behavior
1289 https://bugs.webkit.org/show_bug.cgi?id=87318
1291 Reviewed by Filip Pizlo.
1293 We want to use malloc so we can make these smaller than 4KB,
1294 since an individual MarkedBlock will usually have fewer than
1295 4KB worth of weak pointers.
1298 (JSC::Heap::markRoots): Renamed visitLiveWeakImpls to visit, since
1299 we no longer need to distinguish from "visitDeadWeakImpls".
1301 Renamed "visitDeadWeakImpls" to "reap" because we're not actually
1302 doing any visiting -- we're just tagging things as dead.
1304 * heap/WeakBlock.cpp:
1305 (JSC::WeakBlock::create):
1306 (JSC::WeakBlock::destroy):
1307 (JSC::WeakBlock::WeakBlock): Malloc!
1309 (JSC::WeakBlock::visit):
1310 (JSC::WeakBlock::reap): Renamed as above.
1313 (WeakBlock): Reduced to 3KB, as explained above.
1316 (JSC::WeakSet::visit):
1317 (JSC::WeakSet::reap):
1319 (WeakSet): Updated for renames, and to match WebKit style.
1321 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1323 Use after free in JSC::DFG::ByteCodeParser::processPhiStack
1324 https://bugs.webkit.org/show_bug.cgi?id=87312
1325 <rdar://problem/11518848>
1327 Reviewed by Oliver Hunt.
1329 * dfg/DFGByteCodeParser.cpp:
1330 (JSC::DFG::ByteCodeParser::processPhiStack):
1331 (JSC::DFG::ByteCodeParser::parse):
1333 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1335 It should be possible to make C function calls from DFG code on ARM in debug mode
1336 https://bugs.webkit.org/show_bug.cgi?id=87313
1338 Reviewed by Gavin Barraclough.
1340 * dfg/DFGSpeculativeJIT.h:
1343 2012-05-11 Filip Pizlo <fpizlo@apple.com>
1345 DFG should be able to inline functions that use arguments reflectively
1346 https://bugs.webkit.org/show_bug.cgi?id=86132
1348 Reviewed by Oliver Hunt.
1350 Merged r116838 from dfgopt.
1352 This turns on inlining of functions that use arguments reflectively, but it
1353 does not do any of the obvious optimizations that this exposes. I'll save that
1354 for another patch - the important thing for now is that this contains all of
1355 the plumbing necessary to make this kind of inlining sound even in bizarro
1356 cases like an inline callee escaping the arguments object to parts of the
1357 inline caller where the arguments are otherwise dead. Or even more fun cases
1358 like where you've inlined to an inline stack that is three-deep, and the
1359 function on top of the inline stack reflectively accesses the arguments of a
1360 function that is in the middle of the inline stack. Any subsequent
1361 optimizations that we do for the obvious cases of arguments usage in inline
1362 functions will have to take care not to break the baseline functionality that
1363 this patch plumbs together.
1365 * bytecode/CodeBlock.cpp:
1366 (JSC::CodeBlock::printCallOp):
1367 (JSC::CodeBlock::dump):
1368 * bytecode/CodeBlock.h:
1369 * dfg/DFGAssemblyHelpers.h:
1370 (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
1372 * dfg/DFGByteCodeParser.cpp:
1374 (JSC::DFG::ByteCodeParser::handleCall):
1375 (JSC::DFG::ByteCodeParser::handleInlining):
1376 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1377 (JSC::DFG::ByteCodeParser::parse):
1378 * dfg/DFGCCallHelpers.h:
1379 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
1381 * dfg/DFGCapabilities.h:
1382 (JSC::DFG::canInlineOpcode):
1383 * dfg/DFGDriver.cpp:
1384 (JSC::DFG::compile):
1385 * dfg/DFGFixupPhase.cpp:
1386 (JSC::DFG::FixupPhase::fixupNode):
1387 * dfg/DFGOperations.cpp:
1388 * dfg/DFGOperations.h:
1389 * dfg/DFGSpeculativeJIT.h:
1390 (JSC::DFG::SpeculativeJIT::callOperation):
1391 * dfg/DFGSpeculativeJIT32_64.cpp:
1392 (JSC::DFG::SpeculativeJIT::compile):
1393 * dfg/DFGSpeculativeJIT64.cpp:
1394 (JSC::DFG::SpeculativeJIT::compile):
1395 * interpreter/CallFrame.cpp:
1397 (JSC::CallFrame::someCodeBlockForPossiblyInlinedCode):
1398 * interpreter/CallFrame.h:
1400 (JSC::ExecState::someCodeBlockForPossiblyInlinedCode):
1401 * interpreter/Interpreter.cpp:
1402 (JSC::Interpreter::retrieveArgumentsFromVMCode):
1403 * runtime/Arguments.cpp:
1404 (JSC::Arguments::tearOff):
1406 (JSC::Arguments::tearOffForInlineCallFrame):
1407 * runtime/Arguments.h:
1409 (JSC::Arguments::create):
1410 (JSC::Arguments::finishCreation):
1413 2012-05-23 Filip Pizlo <fpizlo@apple.com>
1415 Every OSR exit on ARM results in a crash
1416 https://bugs.webkit.org/show_bug.cgi?id=87307
1418 Reviewed by Geoffrey Garen.
1420 * dfg/DFGThunks.cpp:
1421 (JSC::DFG::osrExitGenerationThunkGenerator):
1423 2012-05-23 Geoffrey Garen <ggaren@apple.com>
1425 Refactored heap tear-down to use normal value semantics (i.e., destructors)
1426 https://bugs.webkit.org/show_bug.cgi?id=87302
1428 Reviewed by Oliver Hunt.
1430 This is a step toward incremental DOM finalization.
1432 * heap/CopiedSpace.cpp:
1433 (JSC::CopiedSpace::~CopiedSpace):
1434 * heap/CopiedSpace.h:
1435 (CopiedSpace): Just use our destructor, instead of relying on the heap
1436 to send us a special message at a special time.
1439 (JSC::Heap::Heap): Use OwnPtr for m_markListSet because this is not Sparta.
1441 (JSC::Heap::~Heap): No need for delete or freeAllBlocks because normal
1442 destructors do this work automatically now.
1444 (JSC::Heap::lastChanceToFinalize): Just call lastChanceToFinalize on our
1445 sub-objects, and assume it does the right thing. This improves encapsulation,
1446 so we can add items requiring finalization to our sub-objects.
1448 * heap/Heap.h: Moved m_blockAllocator to get the right destruction order.
1450 * heap/MarkedSpace.cpp:
1454 (JSC::Take::operator()):
1455 (JSC::Take::returnValue): Moved to the top of the file so it can be used
1456 in another function.
1458 (JSC::MarkedSpace::~MarkedSpace): Delete all outstanding memory, like a good
1461 (JSC::MarkedSpace::lastChanceToFinalize): Moved some code here from the heap,
1462 since it pertains to our internal implementation details.
1464 * heap/MarkedSpace.h:
1466 * heap/WeakBlock.cpp:
1467 (JSC::WeakBlock::lastChanceToFinalize):
1471 (JSC::WeakSet::lastChanceToFinalize):
1473 (WeakSet): Stop using a special freeAllBlocks() callback and just implement
1474 lastChanceToFinalize.
1476 2011-05-22 Geoffrey Garen <ggaren@apple.com>
1478 Encapsulated some calculations for whether portions of the heap are empty
1479 https://bugs.webkit.org/show_bug.cgi?id=87210
1481 Reviewed by Gavin Barraclough.
1483 This is a step toward incremental DOM finalization.
1486 (JSC::Heap::~Heap): Explicitly call freeAllBlocks() instead of relying
1487 implicitly on all blocks thinking they're empty. In future, we may
1488 choose to tear down the heap without first setting all data structures
1491 * heap/MarkedBlock.h:
1492 (JSC::MarkedBlock::isEmpty):
1493 (JSC::MarkedBlock::gatherDirtyCells): Renamed markCountIsZero to isEmpty,
1494 in preparation for making it check for outstanding finalizers in addition
1497 * heap/MarkedSpace.cpp:
1500 (JSC::Take::operator()):
1501 (JSC::Take::returnValue):
1502 (JSC::MarkedSpace::shrink):
1503 (JSC::MarkedSpace::freeAllBlocks): Refactored the "Take" functor to support
1504 a conditional isEmpty check, so it dould be shared by shrink() and freeAllBlocks().
1506 * heap/WeakBlock.cpp:
1507 (JSC::WeakBlock::WeakBlock):
1508 (JSC::WeakBlock::visitLiveWeakImpls):
1509 (JSC::WeakBlock::visitDeadWeakImpls):
1512 (JSC::WeakBlock::isEmpty):
1514 (JSC::WeakSet::sweep):
1515 (JSC::WeakSet::shrink): Use isEmpty(), in preparation for changes in
1518 2012-05-23 Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
1520 [Qt] Remove references to $$QT_SOURCE_TREE
1522 With a modularized Qt, it's ambigious. What we really want is qtbase,
1523 which qtcore is a proxy for (we assume it will always live in qtbase).
1525 Reviewed by Tor Arne Vestbø.
1527 * JavaScriptCore.pri:
1530 2012-05-09 Filip Pizlo <fpizlo@apple.com>
1532 DFG should allow inlining in case of certain arity mismatches
1533 https://bugs.webkit.org/show_bug.cgi?id=86059
1535 Reviewed by Geoff Garen.
1537 Merge r116620 from dfgopt.
1539 * dfg/DFGByteCodeParser.cpp:
1540 (JSC::DFG::ByteCodeParser::handleInlining):
1542 2012-05-08 Filip Pizlo <fpizlo@apple.com>
1544 DFG variable capture analysis should work even if the variables arose through inlining
1545 https://bugs.webkit.org/show_bug.cgi?id=85945
1547 Reviewed by Oliver Hunt.
1549 Merged r116555 from dfgopt.
1551 This just changes how the DFG queries whether a variable is captured. It does not
1552 change any user-visible behavior.
1554 As part of this change, I further solidified the policy that the CFA behaves in an
1555 undefined way for captured locals and queries about their values will not yield
1556 reliable results. This will likely be changed in the future, but for now it makes
1559 One fun part about this change is that it recognizes that the same variable may
1560 be both captured and not, at the same time, because their live interval spans
1561 inlining boundaries. This only happens in the case of arguments to functions that
1562 capture their arguments, and this change treats them with just the right touch of
1563 conservatism: they will be treated as if captured by the caller as well as the
1566 Finally, this also adds captured variable reasoning to the InlineCallFrame, which
1567 I thought might be useful for later tooling.
1569 This is perf-neutral, since it does it does not make the DFG take advantage of this
1570 new functionality in any way. In particular, it is still the case that the DFG will
1571 not inline functions that use arguments reflectively or that create activations.
1573 * bytecode/CodeBlock.h:
1575 (JSC::CodeBlock::needsActivation):
1576 (JSC::CodeBlock::argumentIsCaptured):
1577 (JSC::CodeBlock::localIsCaptured):
1578 (JSC::CodeBlock::isCaptured):
1579 * bytecode/CodeOrigin.h:
1581 * dfg/DFGAbstractState.cpp:
1582 (JSC::DFG::AbstractState::initialize):
1583 (JSC::DFG::AbstractState::endBasicBlock):
1584 (JSC::DFG::AbstractState::execute):
1585 (JSC::DFG::AbstractState::merge):
1586 * dfg/DFGByteCodeParser.cpp:
1587 (JSC::DFG::ByteCodeParser::newVariableAccessData):
1588 (JSC::DFG::ByteCodeParser::getLocal):
1589 (JSC::DFG::ByteCodeParser::setLocal):
1590 (JSC::DFG::ByteCodeParser::getArgument):
1591 (JSC::DFG::ByteCodeParser::setArgument):
1592 (JSC::DFG::ByteCodeParser::flushArgument):
1593 (JSC::DFG::ByteCodeParser::parseBlock):
1594 (JSC::DFG::ByteCodeParser::processPhiStack):
1595 (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
1596 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1597 * dfg/DFGCFGSimplificationPhase.cpp:
1598 (CFGSimplificationPhase):
1599 (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
1600 (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
1601 (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
1603 * dfg/DFGFixupPhase.cpp:
1604 (JSC::DFG::FixupPhase::fixupNode):
1606 (JSC::DFG::Graph::nameOfVariableAccessData):
1608 (JSC::DFG::Graph::needsActivation):
1609 (JSC::DFG::Graph::usesArguments):
1610 * dfg/DFGPredictionPropagationPhase.cpp:
1611 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1612 * dfg/DFGSpeculativeJIT.cpp:
1613 (JSC::DFG::SpeculativeJIT::compile):
1614 * dfg/DFGSpeculativeJIT32_64.cpp:
1615 (JSC::DFG::SpeculativeJIT::compile):
1616 * dfg/DFGSpeculativeJIT64.cpp:
1617 (JSC::DFG::SpeculativeJIT::compile):
1618 * dfg/DFGVariableAccessData.h:
1619 (JSC::DFG::VariableAccessData::VariableAccessData):
1620 (JSC::DFG::VariableAccessData::mergeIsCaptured):
1621 (VariableAccessData):
1622 (JSC::DFG::VariableAccessData::isCaptured):
1624 2012-05-08 Filip Pizlo <fpizlo@apple.com>
1626 DFG should support op_get_argument_by_val and op_get_arguments_length
1627 https://bugs.webkit.org/show_bug.cgi?id=85911
1629 Reviewed by Oliver Hunt.
1631 Merged r116467 from dfgopt.
1633 This adds a simple and relatively conservative implementation of op_get_argument_by_val
1634 and op_get_arguments_length. We can optimize these later. For now it's great to have
1635 the additional coverage.
1637 This patch appears to be perf-neutral.
1639 * dfg/DFGAbstractState.cpp:
1640 (JSC::DFG::AbstractState::execute):
1641 * dfg/DFGAssemblyHelpers.h:
1642 (JSC::DFG::AssemblyHelpers::addressFor):
1643 (JSC::DFG::AssemblyHelpers::tagFor):
1644 (JSC::DFG::AssemblyHelpers::payloadFor):
1645 * dfg/DFGByteCodeParser.cpp:
1646 (JSC::DFG::ByteCodeParser::parseBlock):
1647 * dfg/DFGCapabilities.h:
1648 (JSC::DFG::canCompileOpcode):
1649 (JSC::DFG::canInlineOpcode):
1651 (JSC::DFG::Node::hasHeapPrediction):
1652 * dfg/DFGNodeType.h:
1654 * dfg/DFGOperations.cpp:
1655 * dfg/DFGOperations.h:
1656 * dfg/DFGPredictionPropagationPhase.cpp:
1657 (JSC::DFG::PredictionPropagationPhase::propagate):
1658 * dfg/DFGSpeculativeJIT.h:
1659 (JSC::DFG::SpeculativeJIT::callOperation):
1661 * dfg/DFGSpeculativeJIT32_64.cpp:
1662 (JSC::DFG::SpeculativeJIT::compile):
1663 * dfg/DFGSpeculativeJIT64.cpp:
1664 (JSC::DFG::SpeculativeJIT::compile):
1665 * jit/JITOpcodes.cpp:
1666 (JSC::JIT::emit_op_get_argument_by_val):
1667 * jit/JITOpcodes32_64.cpp:
1668 (JSC::JIT::emit_op_get_argument_by_val):
1669 * llint/LowLevelInterpreter32_64.asm:
1670 * llint/LowLevelInterpreter64.asm:
1672 2012-05-07 Filip Pizlo <fpizlo@apple.com>
1674 DFG should support op_tear_off_arguments
1675 https://bugs.webkit.org/show_bug.cgi?id=85847
1677 Reviewed by Michael Saboff.
1679 Merged r116378 from dfgopt.
1681 * dfg/DFGAbstractState.cpp:
1682 (JSC::DFG::AbstractState::execute):
1683 * dfg/DFGByteCodeParser.cpp:
1684 (JSC::DFG::ByteCodeParser::parseBlock):
1685 * dfg/DFGCapabilities.h:
1686 (JSC::DFG::canCompileOpcode):
1687 (JSC::DFG::canInlineOpcode):
1688 * dfg/DFGNodeType.h:
1690 * dfg/DFGOperations.cpp:
1691 * dfg/DFGOperations.h:
1692 * dfg/DFGPredictionPropagationPhase.cpp:
1693 (JSC::DFG::PredictionPropagationPhase::propagate):
1694 * dfg/DFGSpeculativeJIT.h:
1696 (JSC::DFG::SpeculativeJIT::callOperation):
1697 * dfg/DFGSpeculativeJIT32_64.cpp:
1698 (JSC::DFG::SpeculativeJIT::compile):
1699 * dfg/DFGSpeculativeJIT64.cpp:
1700 (JSC::DFG::SpeculativeJIT::compile):
1702 2012-05-22 Mark Hahnenberg <mhahnenberg@apple.com>
1704 CopiedSpace::contains doesn't check for oversize blocks
1705 https://bugs.webkit.org/show_bug.cgi?id=87180
1707 Reviewed by Geoffrey Garen.
1709 When doing a conservative scan we use CopiedSpace::contains to determine if a particular
1710 address points into the CopiedSpace. Currently contains() only checks if the address
1711 points to a block in to-space, which means that pointers to oversize blocks may not get scanned.
1713 * heap/CopiedSpace.cpp:
1714 (JSC::CopiedSpace::tryAllocateOversize):
1715 (JSC::CopiedSpace::tryReallocateOversize):
1716 (JSC::CopiedSpace::doneFillingBlock):
1717 (JSC::CopiedSpace::doneCopying):
1718 * heap/CopiedSpace.h: Refactored CopiedSpace so that all blocks (oversize and to-space) are
1719 in a single hash set and bloom filter for membership testing.
1721 * heap/CopiedSpaceInlineMethods.h:
1722 (JSC::CopiedSpace::contains): We check for the normal block first. Since the oversize blocks are
1723 only page aligned, rather than block aligned, we have to re-mask the ptr to check if it's in
1724 CopiedSpace. Also added a helper function of the same name that takes a CopiedBlock* and checks
1725 if it's in CopiedSpace so that check isn't typed out twice.
1727 (JSC::CopiedSpace::startedCopying):
1728 (JSC::CopiedSpace::addNewBlock):
1730 2012-05-22 Geoffrey Garen <ggaren@apple.com>
1732 CopiedBlock and MarkedBlock should have proper value semantics (i.e., destructors)
1733 https://bugs.webkit.org/show_bug.cgi?id=87172
1735 Reviewed by Oliver Hunt and Phil Pizlo.
1737 This enables MarkedBlock to own non-trivial sub-objects that require
1738 destruction. It also fixes a FIXME about casting a CopiedBlock to a
1739 MarkedBlock at destroy time.
1741 CopiedBlock and MarkedBlock now accept an allocation chunk at create
1742 time and return it at destroy time. Their client is expected to
1743 allocate, recycle, and destroy these chunks.
1745 * heap/BlockAllocator.cpp:
1746 (JSC::BlockAllocator::releaseFreeBlocks):
1747 (JSC::BlockAllocator::blockFreeingThreadMain): Don't call MarkedBlock::destroy
1748 because we expect that to be called before a block is put on our free
1749 list now. Do manually deallocate our allocation chunk because that's
1752 * heap/BlockAllocator.h:
1754 (JSC::BlockAllocator::allocate): Allocate never fails now. This is a
1755 cleaner abstraction because only one object does all the VM allocation
1756 and deallocation. Caching is an implementation detail.
1758 (JSC::BlockAllocator::deallocate): We take an allocation chunk argument
1759 instead of a block because we now expect the block to have been destroyed
1760 before we recycle its memory. For convenience, we still use the HeapBlock
1761 class as our linked list node. This is OK because HeapBlock is a POD type.
1763 * heap/CopiedBlock.h:
1765 (JSC::CopiedBlock::create):
1766 (JSC::CopiedBlock::destroy):
1767 (JSC::CopiedBlock::CopiedBlock): Added proper create and destroy functions,
1768 to match MarkedBlock.
1771 (JSC::Heap::lastChanceToFinalize):
1772 (JSC::Heap::markRoots):
1774 (JSC::Heap::objectCount):
1776 (JSC::Heap::capacity):
1777 (JSC::Heap::collect):
1779 (Heap): Took all the functors from here...
1781 * heap/MarkedBlock.h:
1783 (JSC::MarkedBlock::CountFunctor::CountFunctor):
1784 (JSC::MarkedBlock::CountFunctor::count):
1785 (JSC::MarkedBlock::CountFunctor::returnValue):
1787 * heap/MarkedSpace.h:
1788 (JSC::ClearMarks::operator()):
1790 (JSC::Sweep::operator()):
1791 (JSC::MarkCount::operator()):
1792 (JSC::Size::operator()):
1793 (JSC::Capacity::operator()):
1795 (JSC::MarkedSpace::clearMarks):
1796 (JSC::MarkedSpace::sweep):
1797 (JSC::MarkedSpace::objectCount):
1798 (JSC::MarkedSpace::size):
1799 (JSC::MarkedSpace::capacity): and put them here.
1801 2012-05-17 Geoffrey Garen <ggaren@apple.com>
1803 Increase the GC allocation trigger
1804 https://bugs.webkit.org/show_bug.cgi?id=86699
1806 Reviewed by Sam Weinig.
1808 This helps a lot when the heap is growing, and helps to resolve
1809 the regression caused by r116484.
1812 (JSC::Heap::collect):
1814 2012-05-16 Mark Hahnenberg <mhahnenberg@apple.com>
1816 GC in the middle of JSObject::allocatePropertyStorage can cause badness
1817 https://bugs.webkit.org/show_bug.cgi?id=83839
1819 Reviewed by Geoff Garen.
1821 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
1822 * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
1823 (JSC::DEFINE_STUB_FUNCTION):
1824 * runtime/JSObject.cpp:
1825 (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're
1826 growing our already-existing PropertyStorage.
1827 * runtime/JSObject.h:
1829 (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage
1830 and the new structure so that we can be sure a GC never occurs when our Structure
1831 info is out of sync with our PropertyStorage.
1833 (JSC::JSObject::putDirectInternal): Moved the check to see if we should
1834 allocate more backing store before the actual property insertion into
1836 (JSC::JSObject::putDirectWithoutTransition): Ditto.
1837 (JSC::JSObject::transitionTo): Ditto.
1838 * runtime/Structure.cpp:
1839 (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy
1840 for property backing stores contained within the Structure class.
1842 * runtime/Structure.h:
1843 (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion
1844 into the Structure would require resizing the property backing store so that they can
1845 preallocate the required storage.
1848 2012-05-16 Geoffrey Garen <ggaren@apple.com>
1850 GC is not thread-safe when moving values between C stacks
1851 https://bugs.webkit.org/show_bug.cgi?id=86672
1853 Reviewed by Phil Pizlo.
1855 GC pauses thread A while marking thread A, and then B while marking B,
1856 which isn't safe against A and B moving values between each others'
1859 This is a theoretical bug -- I haven't been able to reproduce it
1862 * heap/MachineStackMarker.cpp:
1863 (JSC::MachineThreads::gatherFromOtherThread):
1864 (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the
1865 duration of stack marking, to avoid missing values that might be moving
1868 2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
1870 Block freeing thread should not free blocks when we are actively requesting them
1871 https://bugs.webkit.org/show_bug.cgi?id=86519
1873 Reviewed by Geoff Garen.
1875 * heap/BlockAllocator.h:
1876 (JSC::BlockAllocator::allocate): Reordering the setting of the flag so its done
1877 while we hold the lock to ensure proper locking.
1879 2012-05-15 Filip Pizlo <fpizlo@apple.com>
1881 shrinkToFit() is often not called for Vectors in CodeBlock
1882 https://bugs.webkit.org/show_bug.cgi?id=86436
1884 Reviewed by Oliver Hunt.
1886 The vectors in CodeBlock are often appended to during various stages of
1887 compilation, but we neglect to shrink them after compilation finishes. This
1888 patch takes the most brutal possible approach: shrink all the vectors after
1889 the bytecompile phase, and then shrink them again after the appropriate
1890 JITing phase. The two shrinks are necessary because the JIT may append more
1891 stuff, but may also generate code that directly references things in other
1892 vectors; hence some can only be shrunk before JIT and some after. Also,
1893 we may allow a CodeBlock to sit around for a long time - possibly forever -
1894 before invoking the JIT, hence it makes sense to have two shrinks.
1896 This is performance neutral on the major benchmarks we track.
1898 * bytecode/CodeBlock.cpp:
1899 (JSC::CodeBlock::shrinkToFit):
1900 * bytecode/CodeBlock.h:
1902 (JSC::CodeBlock::appendWeakReferenceTransition):
1903 * bytecompiler/BytecodeGenerator.cpp:
1904 (JSC::BytecodeGenerator::generate):
1905 * dfg/DFGDriver.cpp:
1906 (JSC::DFG::compile):
1907 * dfg/DFGJITCompiler.cpp:
1908 (JSC::DFG::JITCompiler::link):
1910 (JSC::JIT::privateCompile):
1912 2012-05-15 Oliver Hunt <oliver@apple.com>
1914 Make error information available even if all we have is line number information.
1915 https://bugs.webkit.org/show_bug.cgi?id=86547
1917 Reviewed by Filip Pizlo.
1919 We don't need expression information to generate useful line, file, and stack information,
1920 so only require that we have line number info available.
1922 * interpreter/Interpreter.cpp:
1923 (JSC::Interpreter::throwException):
1924 * runtime/Executable.h:
1927 2012-05-15 Mark Hahnenberg <mhahnenberg@apple.com>
1929 Block freeing thread should not free blocks when we are actively requesting them
1930 https://bugs.webkit.org/show_bug.cgi?id=86519
1932 Reviewed by Geoffrey Garen.
1934 The block freeing thread shoots us in the foot if it decides to run while we're actively
1935 requesting blocks and returning them. This situation can arise when there is a lot of copying
1936 collection going on in steady state. We allocate a large swath of pages to copy into, then we
1937 return all the newly free old pages to the BlockAllocator. In this state, if the block freeing
1938 thread wakes up in between collections (which is more likely than it waking up during a
1939 collection) and frees half of these pages, they will be needed almost immediately during the
1940 next collection, causing a storm of VM allocations which we know are going to be very slow.
1942 What we'd like is for when things have quieted down the block freeing thread can then return
1943 memory to the OS. Usually this will be when a page has fully loaded and has a low allocation
1944 rate. In this situation, our opportunistic collections will only be running at least every few
1945 seconds, thus the extra time spent doing VM allocations won't matter nearly as much as, say,
1946 while a page is loading.
1948 * heap/BlockAllocator.cpp:
1949 (JSC::BlockAllocator::BlockAllocator): Initialize our new field.
1950 (JSC::BlockAllocator::blockFreeingThreadMain): We check if we've seen any block requests recently.
1951 If so, reset our flag and go back to sleep. We also don't bother with locking here. If we miss out
1952 on an update, we'll see it when we wake up again.
1953 * heap/BlockAllocator.h: Add new field to track whether or not we've received recent block requests.
1955 (JSC::BlockAllocator::allocate): If we receive a request for a block, set our field that tracks
1956 that to true. We don't bother locking since we assume that writing to a bool is atomic.
1958 2012-05-14 Luke Macpherson <macpherson@chromium.org>
1960 Introduce ENABLE_CSS_VARIABLES compile flag.
1961 https://bugs.webkit.org/show_bug.cgi?id=86338
1963 Reviewed by Dimitri Glazkov.
1965 Add a configuration option for CSS Variables support, disabling it by default.
1967 * Configurations/FeatureDefines.xcconfig:
1969 2012-05-14 Gavin Barraclough <barraclough@apple.com>
1971 Cannot login to iCloud
1972 https://bugs.webkit.org/show_bug.cgi?id=86321
1974 Reviewed by Filip Pizlo.
1976 This is a bug introduced by bug#85853, we shouldn't allow assignment to
1977 the prototype property of functions to be cached, since we need to clear
1978 the cached inheritorID.
1980 * runtime/JSFunction.cpp:
1981 (JSC::JSFunction::put):
1983 2012-05-14 Michael Saboff <msaboff@apple.com>
1985 Enh: Add the Ability to Disable / Enable JavaScript GC Timer
1986 https://bugs.webkit.org/show_bug.cgi?id=86382
1988 Reviewed by Darin Adler.
1990 Add flag to GCActivityCallback to enable / disable activity timer.
1991 Add api via Heap to set the flag's value.
1993 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Windows export
1995 (JSC::Heap::setGarbageCollectionTimerEnabled):
1997 * runtime/GCActivityCallback.h:
1998 (JSC::GCActivityCallback::isEnabled):
1999 (JSC::GCActivityCallback::setEnabled):
2000 (JSC::GCActivityCallback::GCActivityCallback):
2001 * runtime/GCActivityCallbackCF.cpp:
2002 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
2004 2012-05-14 Michael Saboff <msaboff@apple.com>
2006 Increase Debug Logging in MarkStack::validate()
2007 https://bugs.webkit.org/show_bug.cgi?id=86408
2009 Rubber-stamped by Filip Pizlo.
2011 Added some descriptive debug messages for the conditions and
2012 values when a cell validation fails.
2014 * heap/MarkStack.cpp:
2015 (JSC::MarkStack::validate):
2017 2012-05-14 Carlos Garcia Campos <cgarcia@igalia.com>
2019 Unreviewed. Fix make distcheck.
2021 * GNUmakefile.list.am: Add missing header file.
2023 2012-05-14 Yong Li <yoli@rim.com>
2025 DFG JIT didn't work with ARM EABI.
2026 https://bugs.webkit.org/show_bug.cgi?id=84449
2028 Reviewed by Filip Pizlo.
2030 Add a 32-bit dummy argument for some callOperation()
2031 methods to make it work for ARM EABI.
2033 * dfg/DFGCCallHelpers.h:
2034 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
2036 * dfg/DFGOperations.cpp:
2037 * dfg/DFGSpeculativeJIT.h:
2039 (JSC::DFG::SpeculativeJIT::callOperation):
2041 2012-05-13 Gavin Barraclough <barraclough@apple.com>
2043 Introduce PropertyName class
2044 https://bugs.webkit.org/show_bug.cgi?id=86241
2046 Reviewed by Darin Adler.
2048 This patch introduced a couple of small bugs.
2050 * runtime/PropertyName.h:
2051 (JSC::toUInt32FromCharacters):
2052 - Returning wrong value for "" - should not convert to 0.
2053 (JSC::PropertyName::PropertyName):
2054 - Remove the ASSERT, it was a little too aspirational.
2056 2012-05-13 Filip Pizlo <fpizlo@apple.com>
2058 DFG performs incorrect constant folding on double-to-uint32 conversion in
2059 Uint32Array PutByVal
2060 https://bugs.webkit.org/show_bug.cgi?id=86330
2062 Reviewed by Darin Adler.
2064 static_cast<int>(d) is wrong, since JS semantics require us to use toInt32(d).
2065 In particular, C++ casts on typical hardware (like x86 and similar) will
2066 return 0x80000000 for double values that are out of range of the int32 domain
2067 (i.e. less than -2^31 or greater than or equal to 2^31). But JS semantics call
2068 for wrap-around; for example the double value 4294967297 ought to become the
2069 int32 value 1, not 0x80000000.
2071 * dfg/DFGSpeculativeJIT.cpp:
2072 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2074 2012-05-11 Gavin Barraclough <barraclough@apple.com>
2076 Introduce PropertyName class
2077 https://bugs.webkit.org/show_bug.cgi?id=86241
2079 Reviewed by Geoff Garen.
2081 Replace 'const Identifier&' arguments to functions accessing object properties with a new 'PropertyName' type.
2082 This change paves the way to allow for properties keyed by values that are not Identifiers.
2084 This change is largely a mechanical find & replace.
2085 It also changes JSFunction's constructor to take a UString& instead of an Identifier&
2086 (since in some cases we can no longer guarantee that we'lll have an Identifier), and
2087 unifies Identifier's methods to obtain array indices onto PropertyName.
2089 The new PropertyName class retains the ability to support .impl() and .ustring(), but
2090 in a future patch we may need to rework this, since not all PropertyNames should be
2091 equal based on their string representation.
2093 * API/JSCallbackFunction.cpp:
2094 (JSC::JSCallbackFunction::finishCreation):
2095 * API/JSCallbackFunction.h:
2096 (JSCallbackFunction):
2097 (JSC::JSCallbackFunction::create):
2098 * API/JSCallbackObject.h:
2100 * API/JSCallbackObjectFunctions.h:
2101 (JSC::::getOwnPropertySlot):
2102 (JSC::::getOwnPropertyDescriptor):
2104 (JSC::::deleteProperty):
2105 (JSC::::getStaticValue):
2106 (JSC::::staticFunctionGetter):
2107 (JSC::::callbackGetter):
2108 * API/JSObjectRef.cpp:
2109 (JSObjectMakeFunctionWithCallback):
2110 * JSCTypedArrayStubs.h:
2112 * JavaScriptCore.xcodeproj/project.pbxproj:
2113 * debugger/DebuggerActivation.cpp:
2114 (JSC::DebuggerActivation::getOwnPropertySlot):
2115 (JSC::DebuggerActivation::put):
2116 (JSC::DebuggerActivation::putDirectVirtual):
2117 (JSC::DebuggerActivation::deleteProperty):
2118 (JSC::DebuggerActivation::getOwnPropertyDescriptor):
2119 (JSC::DebuggerActivation::defineOwnProperty):
2120 * debugger/DebuggerActivation.h:
2121 (DebuggerActivation):
2123 (GlobalObject::addFunction):
2124 (GlobalObject::addConstructableFunction):
2125 * runtime/Arguments.cpp:
2126 (JSC::Arguments::getOwnPropertySlot):
2127 (JSC::Arguments::getOwnPropertyDescriptor):
2128 (JSC::Arguments::put):
2129 (JSC::Arguments::deleteProperty):
2130 (JSC::Arguments::defineOwnProperty):
2131 * runtime/Arguments.h:
2133 * runtime/ArrayConstructor.cpp:
2134 (JSC::ArrayConstructor::finishCreation):
2135 (JSC::ArrayConstructor::getOwnPropertySlot):
2136 (JSC::ArrayConstructor::getOwnPropertyDescriptor):
2137 * runtime/ArrayConstructor.h:
2139 * runtime/ArrayPrototype.cpp:
2140 (JSC::ArrayPrototype::getOwnPropertySlot):
2141 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
2143 * runtime/ArrayPrototype.h:
2145 * runtime/BooleanConstructor.cpp:
2146 (JSC::BooleanConstructor::finishCreation):
2147 * runtime/BooleanPrototype.cpp:
2148 (JSC::BooleanPrototype::getOwnPropertySlot):
2149 (JSC::BooleanPrototype::getOwnPropertyDescriptor):
2150 * runtime/BooleanPrototype.h:
2152 * runtime/ClassInfo.h:
2154 * runtime/DateConstructor.cpp:
2155 (JSC::DateConstructor::finishCreation):
2156 (JSC::DateConstructor::getOwnPropertySlot):
2157 (JSC::DateConstructor::getOwnPropertyDescriptor):
2158 * runtime/DateConstructor.h:
2160 * runtime/DatePrototype.cpp:
2161 (JSC::DatePrototype::getOwnPropertySlot):
2162 (JSC::DatePrototype::getOwnPropertyDescriptor):
2163 * runtime/DatePrototype.h:
2166 (JSC::StrictModeTypeErrorFunction::create):
2167 * runtime/ErrorConstructor.cpp:
2168 (JSC::ErrorConstructor::finishCreation):
2169 * runtime/ErrorPrototype.cpp:
2170 (JSC::ErrorPrototype::getOwnPropertySlot):
2171 (JSC::ErrorPrototype::getOwnPropertyDescriptor):
2172 * runtime/ErrorPrototype.h:
2174 * runtime/FunctionConstructor.cpp:
2175 (JSC::FunctionConstructor::finishCreation):
2176 * runtime/FunctionPrototype.cpp:
2177 (JSC::FunctionPrototype::finishCreation):
2178 (JSC::FunctionPrototype::addFunctionProperties):
2179 (JSC::functionProtoFuncBind):
2180 * runtime/FunctionPrototype.h:
2181 (JSC::FunctionPrototype::create):
2182 (FunctionPrototype):
2183 * runtime/Identifier.cpp:
2185 * runtime/Identifier.h:
2187 * runtime/InternalFunction.cpp:
2188 (JSC::InternalFunction::finishCreation):
2189 * runtime/InternalFunction.h:
2191 * runtime/JSActivation.cpp:
2192 (JSC::JSActivation::symbolTableGet):
2193 (JSC::JSActivation::symbolTablePut):
2194 (JSC::JSActivation::symbolTablePutWithAttributes):
2195 (JSC::JSActivation::getOwnPropertySlot):
2196 (JSC::JSActivation::put):
2197 (JSC::JSActivation::putDirectVirtual):
2198 (JSC::JSActivation::deleteProperty):
2199 (JSC::JSActivation::argumentsGetter):
2200 * runtime/JSActivation.h:
2202 * runtime/JSArray.cpp:
2203 (JSC::JSArray::defineOwnProperty):
2204 (JSC::JSArray::getOwnPropertySlot):
2205 (JSC::JSArray::getOwnPropertyDescriptor):
2206 (JSC::JSArray::put):
2207 (JSC::JSArray::deleteProperty):
2208 * runtime/JSArray.h:
2211 * runtime/JSBoundFunction.cpp:
2212 (JSC::JSBoundFunction::create):
2213 (JSC::JSBoundFunction::finishCreation):
2214 * runtime/JSBoundFunction.h:
2216 * runtime/JSCell.cpp:
2217 (JSC::JSCell::getOwnPropertySlot):
2219 (JSC::JSCell::deleteProperty):
2220 (JSC::JSCell::putDirectVirtual):
2221 (JSC::JSCell::defineOwnProperty):
2222 (JSC::JSCell::getOwnPropertyDescriptor):
2225 * runtime/JSFunction.cpp:
2226 (JSC::JSFunction::create):
2227 (JSC::JSFunction::finishCreation):
2228 (JSC::JSFunction::argumentsGetter):
2229 (JSC::JSFunction::callerGetter):
2230 (JSC::JSFunction::lengthGetter):
2231 (JSC::JSFunction::getOwnPropertySlot):
2232 (JSC::JSFunction::getOwnPropertyDescriptor):
2233 (JSC::JSFunction::put):
2234 (JSC::JSFunction::deleteProperty):
2235 (JSC::JSFunction::defineOwnProperty):
2236 (JSC::getCalculatedDisplayName):
2237 * runtime/JSFunction.h:
2239 * runtime/JSGlobalObject.cpp:
2240 (JSC::JSGlobalObject::put):
2241 (JSC::JSGlobalObject::putDirectVirtual):
2242 (JSC::JSGlobalObject::defineOwnProperty):
2243 (JSC::JSGlobalObject::reset):
2244 (JSC::JSGlobalObject::createThrowTypeError):
2245 (JSC::JSGlobalObject::getOwnPropertySlot):
2246 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
2247 * runtime/JSGlobalObject.h:
2249 (JSC::JSGlobalObject::hasOwnPropertyForWrite):
2250 (JSC::JSGlobalObject::symbolTableHasProperty):
2251 * runtime/JSNotAnObject.cpp:
2252 (JSC::JSNotAnObject::getOwnPropertySlot):
2253 (JSC::JSNotAnObject::getOwnPropertyDescriptor):
2254 (JSC::JSNotAnObject::put):
2255 (JSC::JSNotAnObject::deleteProperty):
2256 * runtime/JSNotAnObject.h:
2258 * runtime/JSONObject.cpp:
2259 (JSC::JSONObject::getOwnPropertySlot):
2260 (JSC::JSONObject::getOwnPropertyDescriptor):
2261 * runtime/JSONObject.h:
2263 * runtime/JSObject.cpp:
2264 (JSC::JSObject::put):
2265 (JSC::JSObject::putDirectVirtual):
2266 (JSC::JSObject::putDirectAccessor):
2267 (JSC::JSObject::hasProperty):
2268 (JSC::JSObject::deleteProperty):
2269 (JSC::JSObject::hasOwnProperty):
2270 (JSC::callDefaultValueFunction):
2271 (JSC::JSObject::findPropertyHashEntry):
2272 (JSC::JSObject::getPropertySpecificValue):
2273 (JSC::JSObject::removeDirect):
2274 (JSC::JSObject::getOwnPropertyDescriptor):
2275 (JSC::JSObject::getPropertyDescriptor):
2276 (JSC::putDescriptor):
2277 (JSC::JSObject::defineOwnProperty):
2278 * runtime/JSObject.h:
2280 (JSC::JSObject::getDirect):
2281 (JSC::JSObject::getDirectLocation):
2282 (JSC::JSObject::inlineGetOwnPropertySlot):
2283 (JSC::JSObject::getOwnPropertySlot):
2284 (JSC::JSCell::fastGetOwnPropertySlot):
2285 (JSC::JSObject::getPropertySlot):
2286 (JSC::JSObject::get):
2287 (JSC::JSObject::putDirectInternal):
2288 (JSC::JSObject::putOwnDataProperty):
2289 (JSC::JSObject::putDirect):
2290 (JSC::JSObject::putDirectWithoutTransition):
2291 (JSC::JSValue::get):
2292 (JSC::JSValue::put):
2293 * runtime/JSStaticScopeObject.cpp:
2294 (JSC::JSStaticScopeObject::put):
2295 (JSC::JSStaticScopeObject::putDirectVirtual):
2296 (JSC::JSStaticScopeObject::getOwnPropertySlot):
2297 * runtime/JSStaticScopeObject.h:
2298 (JSStaticScopeObject):
2299 * runtime/JSString.cpp:
2300 (JSC::JSString::getOwnPropertySlot):
2301 (JSC::JSString::getStringPropertyDescriptor):
2302 * runtime/JSString.h:
2304 (JSC::JSString::getStringPropertySlot):
2305 * runtime/JSValue.cpp:
2306 (JSC::JSValue::putToPrimitive):
2307 * runtime/JSValue.h:
2310 * runtime/JSVariableObject.cpp:
2311 (JSC::JSVariableObject::deleteProperty):
2312 (JSC::JSVariableObject::symbolTableGet):
2313 (JSC::JSVariableObject::putDirectVirtual):
2314 * runtime/JSVariableObject.h:
2316 (JSC::JSVariableObject::symbolTableGet):
2317 (JSC::JSVariableObject::symbolTablePut):
2318 (JSC::JSVariableObject::symbolTablePutWithAttributes):
2319 * runtime/Lookup.cpp:
2320 (JSC::setUpStaticFunctionSlot):
2322 (JSC::HashTable::entry):
2324 (JSC::getStaticPropertySlot):
2325 (JSC::getStaticPropertyDescriptor):
2326 (JSC::getStaticFunctionSlot):
2327 (JSC::getStaticFunctionDescriptor):
2328 (JSC::getStaticValueSlot):
2329 (JSC::getStaticValueDescriptor):
2331 * runtime/MathObject.cpp:
2332 (JSC::MathObject::getOwnPropertySlot):
2333 (JSC::MathObject::getOwnPropertyDescriptor):
2334 * runtime/MathObject.h:
2336 * runtime/NativeErrorConstructor.h:
2337 (JSC::NativeErrorConstructor::finishCreation):
2338 * runtime/NumberConstructor.cpp:
2340 (JSC::NumberConstructor::finishCreation):
2341 (JSC::NumberConstructor::getOwnPropertySlot):
2342 (JSC::NumberConstructor::getOwnPropertyDescriptor):
2343 (JSC::NumberConstructor::put):
2344 (JSC::numberConstructorNaNValue):
2345 (JSC::numberConstructorNegInfinity):
2346 (JSC::numberConstructorPosInfinity):
2347 (JSC::numberConstructorMaxValue):
2348 (JSC::numberConstructorMinValue):
2349 * runtime/NumberConstructor.h:
2350 (NumberConstructor):
2351 * runtime/NumberPrototype.cpp:
2352 (JSC::NumberPrototype::getOwnPropertySlot):
2353 (JSC::NumberPrototype::getOwnPropertyDescriptor):
2354 * runtime/NumberPrototype.h:
2356 * runtime/ObjectConstructor.cpp:
2357 (JSC::ObjectConstructor::finishCreation):
2358 (JSC::ObjectConstructor::getOwnPropertySlot):
2359 (JSC::ObjectConstructor::getOwnPropertyDescriptor):
2360 * runtime/ObjectConstructor.h:
2361 (ObjectConstructor):
2362 * runtime/ObjectPrototype.cpp:
2363 (JSC::ObjectPrototype::put):
2364 (JSC::ObjectPrototype::defineOwnProperty):
2365 (JSC::ObjectPrototype::getOwnPropertySlot):
2366 (JSC::ObjectPrototype::getOwnPropertyDescriptor):
2367 * runtime/ObjectPrototype.h:
2369 * runtime/PropertySlot.h:
2371 (JSC::PropertySlot::getValue):
2372 * runtime/RegExpConstructor.cpp:
2374 (JSC::RegExpConstructor::finishCreation):
2375 (JSC::RegExpConstructor::getOwnPropertySlot):
2376 (JSC::RegExpConstructor::getOwnPropertyDescriptor):
2377 (JSC::regExpConstructorDollar1):
2378 (JSC::regExpConstructorDollar2):
2379 (JSC::regExpConstructorDollar3):
2380 (JSC::regExpConstructorDollar4):
2381 (JSC::regExpConstructorDollar5):
2382 (JSC::regExpConstructorDollar6):
2383 (JSC::regExpConstructorDollar7):
2384 (JSC::regExpConstructorDollar8):
2385 (JSC::regExpConstructorDollar9):
2386 (JSC::regExpConstructorInput):
2387 (JSC::regExpConstructorMultiline):
2388 (JSC::regExpConstructorLastMatch):
2389 (JSC::regExpConstructorLastParen):
2390 (JSC::regExpConstructorLeftContext):
2391 (JSC::regExpConstructorRightContext):
2392 (JSC::RegExpConstructor::put):
2393 * runtime/RegExpConstructor.h:
2394 (RegExpConstructor):
2395 * runtime/RegExpMatchesArray.h:
2396 (JSC::RegExpMatchesArray::getOwnPropertySlot):
2397 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
2398 (JSC::RegExpMatchesArray::put):
2399 (JSC::RegExpMatchesArray::deleteProperty):
2400 (JSC::RegExpMatchesArray::defineOwnProperty):
2401 * runtime/RegExpObject.cpp:
2403 (JSC::RegExpObject::getOwnPropertySlot):
2404 (JSC::RegExpObject::getOwnPropertyDescriptor):
2405 (JSC::RegExpObject::deleteProperty):
2406 (JSC::RegExpObject::defineOwnProperty):
2407 (JSC::regExpObjectGlobal):
2408 (JSC::regExpObjectIgnoreCase):
2409 (JSC::regExpObjectMultiline):
2410 (JSC::regExpObjectSource):
2411 (JSC::RegExpObject::put):
2412 * runtime/RegExpObject.h:
2414 * runtime/RegExpPrototype.cpp:
2415 (JSC::RegExpPrototype::getOwnPropertySlot):
2416 (JSC::RegExpPrototype::getOwnPropertyDescriptor):
2417 * runtime/RegExpPrototype.h:
2419 * runtime/StrictEvalActivation.cpp:
2420 (JSC::StrictEvalActivation::deleteProperty):
2421 * runtime/StrictEvalActivation.h:
2422 (StrictEvalActivation):
2423 * runtime/StringConstructor.cpp:
2424 (JSC::StringConstructor::finishCreation):
2425 (JSC::StringConstructor::getOwnPropertySlot):
2426 (JSC::StringConstructor::getOwnPropertyDescriptor):
2427 * runtime/StringConstructor.h:
2428 (StringConstructor):
2429 * runtime/StringObject.cpp:
2430 (JSC::StringObject::getOwnPropertySlot):
2431 (JSC::StringObject::getOwnPropertyDescriptor):
2432 (JSC::StringObject::put):
2433 (JSC::StringObject::defineOwnProperty):
2434 (JSC::StringObject::deleteProperty):
2435 * runtime/StringObject.h:
2437 * runtime/StringPrototype.cpp:
2438 (JSC::StringPrototype::getOwnPropertySlot):
2439 (JSC::StringPrototype::getOwnPropertyDescriptor):
2440 * runtime/StringPrototype.h:
2442 * runtime/Structure.cpp:
2443 (JSC::Structure::despecifyDictionaryFunction):
2444 (JSC::Structure::addPropertyTransitionToExistingStructure):
2445 (JSC::Structure::addPropertyTransition):
2446 (JSC::Structure::removePropertyTransition):
2447 (JSC::Structure::despecifyFunctionTransition):
2448 (JSC::Structure::attributeChangeTransition):
2449 (JSC::Structure::addPropertyWithoutTransition):
2450 (JSC::Structure::removePropertyWithoutTransition):
2451 (JSC::Structure::get):
2452 (JSC::Structure::despecifyFunction):
2453 (JSC::Structure::putSpecificValue):
2454 (JSC::Structure::remove):
2455 * runtime/Structure.h:
2457 (JSC::Structure::get):
2459 2012-05-11 Michael Saboff <msaboff@apple.com>
2461 Rolling out r116659.
2463 Causes ASSERT failures on bots.
2465 Rubber stamped by Geoff Garen.
2468 (JSC::Heap::markRoots):
2469 * heap/MarkStack.cpp:
2470 (JSC::MarkStackThreadSharedData::markingThreadMain):
2471 (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
2472 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
2473 (JSC::MarkStackThreadSharedData::reset):
2474 (JSC::MarkStack::reset):
2476 (JSC::SlotVisitor::copyAndAppend):
2478 (MarkStackThreadSharedData):
2480 * runtime/JSString.h:
2482 (JSC::JSString::finishCreation):
2483 (JSC::JSString::is8Bit):
2484 (JSC::JSRopeString::finishCreation):
2486 2012-05-11 Oliver Hunt <oliver@apple.com>
2488 Appease thread verifier when dealing with the JSC API's shared VM
2489 https://bugs.webkit.org/show_bug.cgi?id=86268
2491 Reviewed by Geoffrey Garen.
2493 If we're the shared VM, just disable the verifier. This makes debug builds
2494 livable against non-webkit clients.
2496 * runtime/JSGlobalData.cpp:
2497 (JSC::JSGlobalData::JSGlobalData):
2499 2012-05-11 Filip Pizlo <fpizlo@apple.com>
2501 JIT memory allocator is not returning memory to the OS on Darwin
2502 https://bugs.webkit.org/show_bug.cgi?id=86047
2504 Reviewed by Geoff Garen.
2506 * jit/ExecutableAllocatorFixedVMPool.cpp:
2507 (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
2509 2012-05-11 Geoffrey Garen <ggaren@apple.com>
2511 Clarified JSGlobalData (JavaScript VM) lifetime
2512 https://bugs.webkit.org/show_bug.cgi?id=85142
2514 Reviewed by Alexey Proskuryakov.
2518 * API/JSContextRef.cpp:
2519 (JSGlobalContextCreate): Restored some code I removed because I misread an #ifdef.
2520 (We don't need to test BUILDING_ON_LEOPARD, but we still need the linked-on
2521 test, because apps might have been linked on older OS's.)
2523 2012-05-11 Sam Weinig <sam@webkit.org>
2525 Fix crash seen when running with libgmalloc
2526 <rdar://problem/11435411>
2527 https://bugs.webkit.org/show_bug.cgi?id=86232
2529 Reviewed by Gavin Barraclough.
2531 * heap/MarkStack.cpp:
2532 (JSC::MarkStackThreadSharedData::markingThreadMain):
2533 Don't delete the SlotVisitor before the ParallelModeEnabler has had a chance to run its
2536 2012-05-10 Gavin Barraclough <barraclough@apple.com>
2538 Remove op_get_callee
2540 Rubber stamped by Geoff Garen.
2542 This is now redundant.
2544 * bytecode/CodeBlock.cpp:
2545 (JSC::CodeBlock::dump):
2546 * bytecode/Opcode.h:
2548 (JSC::padOpcodeName):
2549 * dfg/DFGByteCodeParser.cpp:
2550 (JSC::DFG::ByteCodeParser::parseBlock):
2551 * dfg/DFGCapabilities.h:
2552 (JSC::DFG::canCompileOpcode):
2553 * interpreter/Interpreter.cpp:
2554 (JSC::Interpreter::privateExecute):
2556 (JSC::JIT::privateCompileMainPass):
2558 * jit/JITOpcodes.cpp:
2560 * jit/JITOpcodes32_64.cpp:
2562 * llint/LowLevelInterpreter32_64.asm:
2563 * llint/LowLevelInterpreter64.asm:
2565 2012-05-10 Gavin Barraclough <barraclough@apple.com>
2567 Cache inheritorID on JSFunction
2568 https://bugs.webkit.org/show_bug.cgi?id=85853
2570 Reviewed by Geoff Garen & Filip Pizlo.
2572 An object's prototype is indicated via its structure. To create an otherwise
2573 empty object with object A as its prototype, we require a structure with its
2574 prototype set to point to A. We wish to use this same structure for all empty
2575 objects created with a prototype of A, so we presently store this structure as
2576 a property of A, known as the inheritorID.
2578 When a function F is invoked as a constructor, where F has a property 'prototype'
2579 set to point to A, in order to create the 'this' value for the constructor to
2580 use the following steps are taken:
2581 - the 'prototype' proptery of F is read, via a regular [[Get]] access.
2582 - the inheritorID internal property of the prototype is read.
2583 - a new, empty object is constructed with its structure set to point to inheritorID.
2585 There are two drawbacks to the current approach:
2586 - it requires that every object has an inheritorID field.
2587 - it requires a [[Get]] access on every constructor call to access the 'prototype' property.
2589 Instead, switch to caching a copy of the inheritorID on the function. Constructor
2590 calls now only need read the internal property from the callee, saving a [[Get]].
2591 This also means that JSObject::m_inheritorID is no longer commonly read, and in a
2592 future patch we can move to storing this in a more memory efficient fashion.
2594 * JavaScriptCore.xcodeproj/project.pbxproj:
2595 * bytecode/CodeBlock.cpp:
2596 (JSC::CodeBlock::dump):
2597 * bytecode/Opcode.h:
2599 (JSC::padOpcodeName):
2600 * bytecompiler/BytecodeGenerator.cpp:
2601 (JSC::BytecodeGenerator::BytecodeGenerator):
2602 * dfg/DFGAbstractState.cpp:
2603 (JSC::DFG::AbstractState::execute):
2604 * dfg/DFGByteCodeParser.cpp:
2605 (JSC::DFG::ByteCodeParser::parseBlock):
2606 * dfg/DFGNodeType.h:
2608 * dfg/DFGOperations.cpp:
2609 * dfg/DFGOperations.h:
2610 * dfg/DFGPredictionPropagationPhase.cpp:
2611 (JSC::DFG::PredictionPropagationPhase::propagate):
2612 * dfg/DFGSpeculativeJIT32_64.cpp:
2613 (JSC::DFG::SpeculativeJIT::compile):
2614 * dfg/DFGSpeculativeJIT64.cpp:
2615 (JSC::DFG::SpeculativeJIT::compile):
2616 * interpreter/Interpreter.cpp:
2617 (JSC::Interpreter::privateExecute):
2618 * jit/JITInlineMethods.h:
2619 (JSC::JIT::emitAllocateJSFunction):
2620 * jit/JITOpcodes.cpp:
2621 (JSC::JIT::emit_op_create_this):
2622 (JSC::JIT::emitSlow_op_create_this):
2623 * jit/JITOpcodes32_64.cpp:
2624 (JSC::JIT::emit_op_create_this):
2625 (JSC::JIT::emitSlow_op_create_this):
2627 (JSC::DEFINE_STUB_FUNCTION):
2628 * llint/LLIntSlowPaths.cpp:
2629 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2630 * llint/LowLevelInterpreter32_64.asm:
2631 * llint/LowLevelInterpreter64.asm:
2632 * runtime/JSFunction.cpp:
2633 (JSC::JSFunction::JSFunction):
2634 (JSC::JSFunction::cacheInheritorID):
2636 (JSC::JSFunction::put):
2637 (JSC::JSFunction::defineOwnProperty):
2638 * runtime/JSFunction.h:
2639 (JSC::JSFunction::cachedInheritorID):
2641 (JSC::JSFunction::offsetOfCachedInheritorID):
2643 2012-05-10 Michael Saboff <msaboff@apple.com>
2645 Enh: Hash Const JSString in Backing Stores to Save Memory
2646 https://bugs.webkit.org/show_bug.cgi?id=86024
2648 Reviewed by Filip Pizlo.
2650 During garbage collection, each marking thread keeps a HashMap of
2651 strings. While visiting via MarkStack::copyAndAppend(), we check to
2652 see if the string we are visiting is already in the HashMap. If not
2653 we add it. If so, we change the reference to the current string we're
2654 visiting to the prior string.
2656 To somewhat reduce the performance impact of this change, if a string
2657 is unique at the end of a marking it will not be checked during further
2658 GC phases. In some cases this won't catch all duplicates, but we are
2659 trying to catch the growth of duplicate strings.
2662 (JSC::Heap::markRoots):
2663 * heap/MarkStack.cpp:
2664 (JSC::MarkStackThreadSharedData::resetChildren): New method called by the
2665 main thread to reset the slave threads. This is primarily done to
2666 clear the m_uniqueStrings HashMap.
2668 (JSC::MarkStackThreadSharedData::markingThreadMain):
2669 (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
2670 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
2671 (JSC::MarkStackThreadSharedData::reset):
2672 (JSC::MarkStack::reset): Added call to clear m_uniqueStrings.
2673 (JSC::MarkStack::internalAppend): New method that performs the hash consting.
2674 (JSC::SlotVisitor::copyAndAppend): Changed to call the new hash consting
2677 (MarkStackThreadSharedData):
2679 (JSC::MarkStack::sharedData):
2680 * runtime/JSString.h:
2681 (JSString): Added m_isHashConstSingleton flag, accessors for the flag and
2682 code to initialize the flag.
2683 (JSC::JSString::finishCreation):
2684 (JSC::JSString::isHashConstSingleton):
2685 (JSC::JSString::clearHashConstSingleton):
2686 (JSC::JSString::setHashConstSingleton):
2687 (JSC::JSRopeString::finishCreation):
2689 2012-05-09 Filip Pizlo <fpizlo@apple.com>
2691 JIT memory allocator is not returning memory to the OS on Darwin
2692 https://bugs.webkit.org/show_bug.cgi?id=86047
2693 <rdar://problem/11414948>
2695 Reviewed by Geoff Garen.
2697 Work around the problem by using a different madvise() flag, but only for the JIT memory
2698 allocator. Also put in ASSERTs that the call is actually working.
2700 * jit/ExecutableAllocatorFixedVMPool.cpp:
2701 (JSC::FixedVMPoolExecutableAllocator::notifyNeedPage):
2702 (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
2704 2012-05-09 Filip Pizlo <fpizlo@apple.com>
2706 It should be possible to get useful debug logging from the JIT memory allocator
2707 https://bugs.webkit.org/show_bug.cgi?id=86042
2709 Reviewed by Geoff Garen.
2711 * jit/ExecutableAllocator.h:
2713 2012-05-09 Gavin Barraclough <barraclough@apple.com>
2715 GC race condition in OpaqueJSClass::prototype
2716 https://bugs.webkit.org/show_bug.cgi?id=86034
2720 * API/JSClassRef.cpp:
2721 (OpaqueJSClass::prototype):
2722 - Eeeep, landed bad version of patch!
2724 2012-05-09 Gavin Barraclough <barraclough@apple.com>
2726 GC race condition in OpaqueJSClass::prototype
2727 https://bugs.webkit.org/show_bug.cgi?id=86034
2729 Reviewed by Filip Pizlo.
2731 The bug here is basically:
2732 if (weakref) weakref->method()
2733 where a GC may occur between the if & the method call.
2735 * API/JSClassRef.cpp:
2736 (OpaqueJSClass::prototype):
2738 2012-05-09 Mark Hahnenberg <mhahnenberg@apple.com>
2740 CopiedSpace does not add pinned blocks back to the to-space filter
2741 https://bugs.webkit.org/show_bug.cgi?id=86011
2743 Reviewed by Geoffrey Garen.
2745 After a collection has finished, we go through the blocks in from-space
2746 and move any of them that are pinned into to-space. At the beginning of
2747 collection, we reset the to-space block filter that is used during
2748 conservative scanning and add back the blocks that are filled during the
2749 collection. However, we neglect to add back those blocks that are moved
2750 from from-space to to-space, which can cause the conservative scan to
2751 think that some pinned items are not actually in CopiedSpace.
2753 * heap/CopiedSpace.cpp:
2754 (JSC::CopiedSpace::doneCopying): Add the pinned blocks back to the
2755 to-space filter. Also added a comment and assert for future readers that
2756 indicates that it's okay that we don't also add the block to the
2757 to-space block set since it was never removed.
2760 2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com>
2762 [GTK] Use independent version numbers for public libraries
2763 https://bugs.webkit.org/show_bug.cgi?id=85984
2765 Reviewed by Gustavo Noronha Silva.
2767 * GNUmakefile.am: Use LIBJAVASCRIPTCOREGTK_VERSION for library
2770 2012-05-09 Carlos Garcia Campos <cgarcia@igalia.com>
2772 [GTK] Do not install JavaScriptCore platform-specific headers
2773 https://bugs.webkit.org/show_bug.cgi?id=85983
2775 Reviewed by Gustavo Noronha Silva.
2777 JavaScriptCore.h includes JSStringRefCF.h unconditionally. It was
2778 renamed to JavaScript.h in r29234 and it still exists for
2779 compatibility with mac and windows users.
2781 * GNUmakefile.list.am: Remove JavaScriptCore.h, JSStringRefCF.h
2782 and JSStringRefBSTR.h from the sources and headers list.
2784 2012-05-08 Gavin Barraclough <barraclough@apple.com>
2788 GC in the middle of JSObject::allocatePropertyStorage can cause badness
2789 https://bugs.webkit.org/show_bug.cgi?id=83839
2793 This breaks the world, with COLLECT_ON_EVERY_ALLOCATION enabled.
2795 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
2797 (JSC::DEFINE_STUB_FUNCTION):
2798 * runtime/JSObject.cpp:
2799 (JSC::JSObject::allocatePropertyStorage):
2800 * runtime/JSObject.h:
2802 (JSC::JSObject::isUsingInlineStorage):
2804 (JSC::JSObject::putDirectInternal):
2805 (JSC::JSObject::putDirectWithoutTransition):
2806 (JSC::JSObject::transitionTo):
2807 * runtime/Structure.cpp:
2809 * runtime/Structure.h:
2810 (JSC::Structure::didTransition):
2812 2012-05-08 Mark Hahnenberg <mhahnenberg@apple.com>
2814 Heap should not continually allocate new pages in steady state
2815 https://bugs.webkit.org/show_bug.cgi?id=85936
2817 Reviewed by Geoff Garen.
2819 Currently, in steady state (i.e. a constant amount of live GC
2820 memory with a constant rate of allocation) assuming we've just
2821 finished a collection with X live blocks in CopiedSpace, we
2822 increase our working set by X blocks in CopiedSpace with each
2823 collection we perform. This is due to the fact that we allocate
2824 until we run out of free blocks to use in the Heap before we
2825 consider whether we should run a collection.
2827 In the longer term, this issue will be mostly resolved by
2828 implementing quick release for the CopiedSpace. In the shorter
2829 term, we should change our policy to check whether we should
2830 allocate before trying to use a free block from the Heap. We
2831 can change our policy to something more appropriate once we
2832 have implemented quick release.
2834 This change should also have the convenient side effect of
2835 reducing the variance in GC-heavy tests (e.g. v8-splay) due
2836 to fact that we are doing less VM allocation during copying
2837 collection. Overall, this patch is performance neutral across
2838 the benchmarks we track.
2840 * heap/CopiedSpace.cpp:
2841 (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
2842 around so that we only do it if the block request must succeed
2843 i.e. after we've already checked whether we should do a collection.
2844 * heap/MarkedAllocator.cpp:
2845 (JSC::MarkedAllocator::allocateSlowCase): Ditto.
2846 (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this
2847 function because by the time we've called it, we've already checked whether we
2848 should run a collection so there's no point in returning null.
2849 * heap/MarkedAllocator.h: Removing old arguments from function declaration.
2852 2012-05-08 Gavin Barraclough <barraclough@apple.com>
2854 SIGFPE on divide in classic interpreter
2855 https://bugs.webkit.org/show_bug.cgi?id=85917
2857 Rubber stamped by Oliver Hunt.
2859 * interpreter/Interpreter.cpp:
2860 (JSC::Interpreter::privateExecute):
2861 - check for divisor of -1.
2863 2012-05-07 Oliver Hunt <oliver@apple.com>
2869 r110287 was meant to be refactoring only, but changed behavior
2870 enough to break some websites, including qq.com.
2872 2012-05-07 Andy Estes <aestes@apple.com>
2874 ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
2876 * Configurations/FeatureDefines.xcconfig:
2878 2012-05-07 Oliver Hunt <oliver@apple.com>
2882 * llint/LLIntSlowPaths.cpp:
2883 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2885 2012-05-07 Oliver Hunt <oliver@apple.com>
2887 LLInt doesn't check for Ropes when performing a character switch
2888 https://bugs.webkit.org/show_bug.cgi?id=85837
2890 Reviewed by Filip Pizlo.
2892 Make LLint check if the scrutinee of a char switch is a rope, and if
2893 so fall back to a slow case.
2895 * llint/LLIntSlowPaths.cpp:
2896 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2898 * llint/LowLevelInterpreter32_64.asm:
2899 * llint/LowLevelInterpreter64.asm:
2901 2012-05-07 Eric Seidel <eric@webkit.org>
2903 Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
2904 https://bugs.webkit.org/show_bug.cgi?id=85822
2906 Reviewed by Adam Barth.
2908 * Configurations/FeatureDefines.xcconfig:
2910 2012-05-05 Gavin Barraclough <barraclough@apple.com>
2912 Remove TrustedImm32::m_isPointer
2913 https://bugs.webkit.org/show_bug.cgi?id=85726
2915 Rubber stamped by Sam Weinig.
2917 We used to rely on being able to generate code with known, fixed offsets – to do so we
2918 would inhibit more optimal code generation for pointers. This is no longer necessary.
2920 * assembler/AbstractMacroAssembler.h:
2921 (JSC::AbstractMacroAssembler::TrustedImm32::TrustedImm32):
2923 * assembler/MacroAssemblerARM.h:
2924 (JSC::MacroAssemblerARM::store32):
2925 (JSC::MacroAssemblerARM::move):
2926 (JSC::MacroAssemblerARM::branch32):
2927 * assembler/MacroAssemblerARMv7.h:
2928 (JSC::MacroAssemblerARMv7::move):
2929 * assembler/MacroAssemblerMIPS.h:
2930 (JSC::MacroAssemblerMIPS::add32):
2931 (JSC::MacroAssemblerMIPS::and32):
2932 (JSC::MacroAssemblerMIPS::mul32):
2933 (JSC::MacroAssemblerMIPS::or32):
2934 (JSC::MacroAssemblerMIPS::sub32):
2935 (JSC::MacroAssemblerMIPS::store32):
2936 (JSC::MacroAssemblerMIPS::move):
2938 2012-05-04 Filip Pizlo <fpizlo@apple.com>
2940 DFG should not Flush GetLocal's
2941 https://bugs.webkit.org/show_bug.cgi?id=85663
2942 <rdar://problem/11373600>
2944 Reviewed by Oliver Hunt.
2946 * dfg/DFGByteCodeParser.cpp:
2947 (JSC::DFG::ByteCodeParser::flushArgument):
2948 (JSC::DFG::ByteCodeParser::handleCall):
2950 2012-05-04 Allan Sandfeld Jensen <allan.jensen@nokia.com>
2952 Doesn't build with ENABLE_JIT=0
2953 https://bugs.webkit.org/show_bug.cgi?id=85042
2955 Reviewed by Gavin Barraclough.
2957 * bytecode/Operands.h:
2959 2012-05-03 Oliver Hunt <oliver@apple.com>
2961 Regression(r114702): Clobbering the caller frame register before we've stored it.
2962 https://bugs.webkit.org/show_bug.cgi?id=85564
2964 Reviewed by Filip Pizlo.
2966 Don't use t0 as a temporary, when we're about to use the value in t0.
2968 * llint/LowLevelInterpreter32_64.asm:
2970 2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com>
2972 Removing remainder of accidental printfs.
2975 (JSC::Heap::collect):
2977 2012-05-03 Andy Estes <aestes@apple.com>
2979 If you add printf()s to your garbage collector, the layout tests are gonna have a bad time.
2981 * runtime/GCActivityCallbackCF.cpp:
2982 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
2984 2012-05-03 Mark Hahnenberg <mhahnenberg@apple.com>
2986 Heap::reportAbandonedObjectGraph should not hasten an allocation-triggered collection
2987 https://bugs.webkit.org/show_bug.cgi?id=85543
2989 Reviewed by Filip Pizlo.
2991 Currently reportAbandonedObjectGraph causes the Heap to think it is closer to its
2992 allocation limit for the current cycle, thus hastening an allocation-triggered collection.
2993 In reality, it should just affect the opportunistic GC timer. We should track the bytes
2994 we think have been abandoned and the bytes that have been allocated separately.
2996 * heap/Heap.cpp: Added a new field m_abandonedBytes to Heap to keep track of how much
2997 we think we've abandoned.
2999 (JSC::Heap::reportAbandonedObjectGraph):
3001 (JSC::Heap::didAbandon): Added this function for reportAbandonedObjectGraph to call
3002 rather than didAllocate. Works the same as didAllocate, but modifies bytes abandoned rather
3003 than bytes allocated. Also notifies the timer, summing the two values together.
3004 (JSC::Heap::collect):
3005 (JSC::Heap::didAllocate): Now adds the bytes allocated and bytes abandoned when reporting
3006 to GCActivityCallback.
3010 2012-05-02 Eric Seidel <eric@webkit.org>
3012 Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate)
3013 https://bugs.webkit.org/show_bug.cgi?id=85433
3015 Reviewed by Adam Barth.
3017 I have a script which can autogenerate these xcconfig files as well as the
3018 vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists
3019 from a central feature list file.
3020 In preparation for posting such a tool, I'm re-sorting these xcconfig files to be
3021 alphabetically ordered (currently they're close, but not quite).
3022 There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which
3023 I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch.
3025 * Configurations/FeatureDefines.xcconfig:
3027 2012-05-02 Hojong Han <hojong.han@samsung.com>
3029 ARM_TRADITIONAL build fix
3030 https://bugs.webkit.org/show_bug.cgi?id=85358
3032 Reviewed by Gavin Barraclough.
3034 * assembler/MacroAssemblerARM.h:
3035 (JSC::MacroAssemblerARM::lshift32):
3036 (MacroAssemblerARM):
3037 (JSC::MacroAssemblerARM::or32):
3038 (JSC::MacroAssemblerARM::urshift32):
3039 (JSC::MacroAssemblerARM::xor32):
3040 (JSC::MacroAssemblerARM::branchSub32):
3042 2012-05-02 Mark Hahnenberg <mhahnenberg@apple.com>
3044 Opportunistic GC should give up if the Heap is paged out
3045 https://bugs.webkit.org/show_bug.cgi?id=85411
3047 Reviewed by Filip Pizlo.
3049 Opportunistic GC is punishing us severely in limited memory situations because its
3050 assumptions about how much time a collection will take are way out of whack when the Heap
3051 has been paged out by the OS. We should add a simple detection function to the Heap that
3052 detects if its is paged out. It will do this by iterating each block of both the MarkedSpace
3053 and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms),
3054 the function returns true. This function will only be run prior to an opportunistic
3055 collection (i.e. it will not run during our normal allocation-triggered collections).
3057 In my tests, steady state was drastically improved in high memory pressure situations (i.e.
3058 the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC
3059 would be triggered due to pages doing things in the background, which would cause a
3060 significant pause. As we close pages we now cause normal collections rather than full
3061 collections, which prevents us from collecting all of the dead memory immediately. One
3062 nice way to deal with this issue might be to do incremental sweeping.
3065 * heap/CopiedSpace.cpp:
3066 (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over
3067 to-space, from-space, and the oversize blocks.
3069 (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out
3070 by iterating all of the blocks.
3071 * heap/CopiedSpace.h:
3074 (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the
3075 MarkedSpace and CopiedSpace if they are paged out.
3079 (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off
3080 each time it determines that the Heap is paged out.
3081 * heap/MarkedAllocator.cpp:
3082 (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's
3083 list of blocks are paged out.
3085 * heap/MarkedAllocator.h:
3087 * heap/MarkedSpace.cpp:
3088 (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out.
3089 * heap/MarkedSpace.h:
3091 * runtime/GCActivityCallback.cpp:
3092 (JSC::DefaultGCActivityCallback::cancel):
3094 * runtime/GCActivityCallback.h:
3095 (JSC::GCActivityCallback::cancel):
3096 (DefaultGCActivityCallback):
3097 * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining
3098 whether the Heap is paged out or not.
3100 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we
3101 should attempt a collection based on whether or not we can iterate the blocks of the Heap in
3102 100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to
3103 do a collection. This gives us a nice linear backoff so we're not constantly re-trying in
3104 steady state paged-out-ness.
3105 (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing
3106 exactly the same thing as willCollect, is more obvious as to what it's doing when we call it
3109 2012-05-02 Yong Li <yoli@rim.com>
3111 Fix GCC X86 build error
3112 https://bugs.webkit.org/show_bug.cgi?id=85379
3114 Reviewed by Rob Buis.
3116 Always explicitly claim ".text" to make sure
3117 functions defined with inline assembly will be
3118 created in the correct section.
3120 * dfg/DFGOperations.cpp:
3123 2012-05-02 Oliver Hunt <oliver@apple.com>
3125 Unreviewed, rolling out r115388.
3126 http://trac.webkit.org/changeset/115388
3127 https://bugs.webkit.org/show_bug.cgi?id=85011
3129 This caused many weird performance problems, and needs to be
3132 * dfg/DFGOperations.cpp:
3134 (JSC::Heap::getConservativeRegisterRoots):
3135 (JSC::Heap::markRoots):
3136 * interpreter/CallFrame.cpp:
3137 (JSC::CallFrame::dumpCaller):
3139 * interpreter/CallFrame.h:
3140 (JSC::ExecState::init):
3142 * interpreter/Interpreter.cpp:
3143 (JSC::Interpreter::execute):
3144 (JSC::Interpreter::executeCall):
3145 (JSC::Interpreter::executeConstruct):
3146 (JSC::Interpreter::prepareForRepeatCall):
3147 (JSC::Interpreter::privateExecute):
3148 * interpreter/Interpreter.h:
3149 (JSC::Interpreter::execute):
3150 * interpreter/RegisterFile.cpp:
3151 (JSC::RegisterFile::growSlowCase):
3152 (JSC::RegisterFile::gatherConservativeRoots):
3153 * interpreter/RegisterFile.h:
3154 (JSC::RegisterFile::end):
3155 (JSC::RegisterFile::size):
3156 (JSC::RegisterFile::addressOfEnd):
3158 (JSC::RegisterFile::RegisterFile):
3159 (JSC::RegisterFile::shrink):
3160 (JSC::RegisterFile::grow):
3162 (JSC::DEFINE_STUB_FUNCTION):
3163 (JSC::jitCompileFor):
3165 * llint/LLIntSlowPaths.cpp:
3166 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3167 (JSC::LLInt::handleHostCall):
3168 * llint/LowLevelInterpreter.asm:
3169 * runtime/CommonSlowPaths.h:
3170 (JSC::CommonSlowPaths::arityCheckFor):
3172 2012-05-01 Oliver Hunt <oliver@apple.com>
3174 Physijs demo crashes due to DFG not updating topCallFrame correctly.
3175 https://bugs.webkit.org/show_bug.cgi?id=85311
3177 Reviewed by Filip Pizlo.
3179 A few of the dfg operations failed to correctly set the topCallFrame,
3180 and so everything goes wrong. This patch corrects the effected operations,
3181 and makes debug builds poison topCallFrame before calling a dfg operation.
3183 * dfg/DFGOperations.cpp:
3184 (JSC::DFG::putByVal):
3185 * dfg/DFGSpeculativeJIT.h:
3186 (JSC::DFG::SpeculativeJIT::callOperation):
3188 (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
3189 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
3190 (JSC::DFG::SpeculativeJIT::appendCallSetResult):
3192 2012-04-30 Gavin Barraclough <barraclough@apple.com>
3194 Should be able to use YARR JIT without the JS language JIT
3195 https://bugs.webkit.org/show_bug.cgi?id=85252
3197 Reviewed by Geoff Garen.
3199 Need to split canUseRegExpJIT out of canUseJIT.
3201 * runtime/JSGlobalData.cpp:
3204 (JSC::JSGlobalData::JSGlobalData):
3205 - replace m_canUseJIT with m_canUseAssembler
3206 * runtime/JSGlobalData.h:
3208 (JSC::JSGlobalData::canUseRegExpJIT):
3209 - Added canUseRegExpJIT, distinct from canUseJIT.
3210 * runtime/RegExp.cpp:
3211 (JSC::RegExp::compile):
3212 (JSC::RegExp::compileMatchOnly):
3213 - Call canUseRegExpJIT instead of canUseJIT.
3215 2012-04-30 Gavin Barraclough <barraclough@apple.com>
3217 Should be able to build YARR JIT without the JS language JIT
3218 https://bugs.webkit.org/show_bug.cgi?id=85242
3220 Reviewed by Michael Saboff.
3222 Some build macros are wrong.
3224 * assembler/RepatchBuffer.h:
3225 * jit/ExecutableAllocator.h:
3227 * jit/JITExceptions.cpp:
3228 * runtime/InitializeThreading.cpp:
3229 (JSC::initializeThreadingOnce):
3231 2012-04-26 Gavin Barraclough <barraclough@apple.com>
3233 Arguments object resets attributes on redefinition of a parameter
3234 https://bugs.webkit.org/show_bug.cgi?id=84994
3236 Rubber stamped by Oliver Hunt.
3238 There is a bug that we always re-add the original property before
3239 redefinition, doing so in a way that will reset the attributes
3240 without checking configurability.
3242 * runtime/Arguments.cpp:
3243 (JSC::Arguments::defineOwnProperty):
3244 - Only instantiate the property once - do not re-add if
3245 it has already been added, or if it has been deleted.
3247 2012-04-30 Ryosuke Niwa <rniwa@webkit.org>
3249 Remove an erroneous assertion after r115655.
3251 * runtime/NumberPrototype.cpp:
3252 (JSC::toUStringWithRadix):
3254 2012-04-30 Myles Maxfield <mmaxfield@google.com>
3256 End of Interpreter::tryCacheGetByID can trigger the garbage collector
3257 https://bugs.webkit.org/show_bug.cgi?id=84927
3259 Reviewed by Oliver Hunt.
3261 * interpreter/Interpreter.cpp:
3262 (JSC::Interpreter::tryCacheGetByID):
3264 2012-04-30 Benjamin Poulain <benjamin@webkit.org>
3266 jsSingleCharacterString and jsSingleCharacterSubstring are not inlined
3267 https://bugs.webkit.org/show_bug.cgi?id=85147
3269 Reviewed by Darin Adler.
3271 The functions jsSingleCharacterString() and jsSingleCharacterSubstring() were not inlined
3272 by the compiler. This annihilate the gains of using SmallStrings.
3274 On stringProtoFuncCharAt(), this patch improves the performance by 11%.
3276 * runtime/JSString.h:
3277 (JSC::jsSingleCharacterString):
3278 (JSC::jsSingleCharacterSubstring):
3280 2012-04-30 Benjamin Poulain <bpoulain@apple.com>
3282 Add fast patch for radix == 10 on numberProtoFuncToString
3283 https://bugs.webkit.org/show_bug.cgi?id=85120
3285 Reviewed by Darin Adler.
3287 When radix, we use to turn the doubleValue into a JSValue just to convert
3288 it to a String. The problem is that was using the slow path for conversion and
3289 for the toString() operation.
3291 This patch shortcuts the creation of a JSValue and uses NumericStrings directly.
3292 The conversion is split between Integer and Double to ensure the fastest conversion
3293 for the common case of integer arguments.
3295 Converting number with radix 10 becomes 5% faster.
3297 Due to the simpler conversion of number to string for integer, converting
3298 integers that do not fall in the two previous optimizations get 32% faster.
3300 * runtime/NumberPrototype.cpp:
3301 (JSC::extractRadixFromArgs):
3302 (JSC::integerValueToString):
3303 (JSC::numberProtoFuncToString):
3305 2012-04-30 Carlos Garcia Campos <cgarcia@igalia.com>
3307 Unreviewed. Fix make distcheck.
3309 * GNUmakefile.list.am: Add missing header.
3311 2012-04-28 Geoffrey Garen <ggaren@apple.com>
3313 Factored threaded block allocation into a separate object
3314 https://bugs.webkit.org/show_bug.cgi?id=85148
3316 Reviewed by Sam Weinig.
3318 99% of this patch just moves duplicated block allocation and
3319 deallocation code into a new object named BlockAllocator, with these
3322 * heap/BlockAllocator.h: Added.
3323 (BlockAllocator::BlockAllocator): The order of declarations here now
3324 guards us against an unlikely race condition during startup.
3326 * heap/BlockAllocator.cpp:
3327 JSC::BlockAllocator::blockFreeingThreadMain): Added a FIXME to
3328 highlight a lack of clarity we have in our block deallocation routines.
3330 2012-04-28 Sam Weinig <sam@webkit.org>
3332 Try to fix the Qt build.
3335 (JSC::Heap::lastChanceToFinalize):
3337 2012-04-28 Geoffrey Garen <ggaren@apple.com>
3339 Try to fix the Windows build.
3341 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3343 2012-04-28 Geoffrey Garen <ggaren@apple.com>
3345 Clarified JSGlobalData (JavaScript VM) lifetime
3346 https://bugs.webkit.org/show_bug.cgi?id=85142
3348 Reviewed by Anders Carlsson.
3350 This was so confusing that I didn't feel like I could reason about
3351 memory lifetime in the heap without fixing it.
3355 (1) JSGlobalData owns the virtual machine and all memory in it.
3357 (2) Deleting a JSGlobalData frees the virtual machine and all memory
3360 (Caveat emptor: if you delete the virtual machine while you're running
3361 JIT code or accessing GC objects, you're gonna have a bad time.)
3363 (I opted not to make arbitrary sub-objects keep the virtual machine
3364 alive automatically because:
3366 (a) doing that right would be complex and slow;
3368 (b) in the case of an exiting thread or process, there's no
3369 clear way to give the garbage collector a chance to try again
3372 (c) continuing to run the garbage collector after we've been
3373 asked to shut down the virtual machine seems rude;
3375 (d) we've never really supported that feature, anyway.)
3377 (3) Normal ref-counting will do. No need to call a battery of
3378 specialty functions to tear down a JSGlobalData. Its foibles
3379 notwithstanding, C++ does in fact know how to execute destructors in
3382 * API/JSContextRef.cpp:
3383 (JSGlobalContextCreate): Removed compatibility shim for older
3384 operating systems because it's no longer used.
3386 (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do
3387 the right thing", this code is much simpler. We still have one special
3388 case to notify the garbage collector if we're removing the last
3389 reference to the global object, since this can improve memory behavior.
3391 * heap/CopiedSpace.cpp:
3392 (JSC::CopiedSpace::freeAllBlocks):
3393 * heap/CopiedSpace.h:
3394 (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true
3395 destruction-time behaviors should be limited to our C++ destructor.
3400 (JSC::Heap::lastChanceToFinalize):
3403 (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because
3404 true destruction-time behaviors should be limited to our C++
3407 Reorganized the code, putting code that must run before any objects
3408 get torn down into lastChanceToFinalize, and code that just tears down
3409 objects into our destructor.
3412 (JSC::LocalStack::LocalStack):
3413 (JSC::LocalStack::push):
3414 (LocalStack): See rule (2).
3419 (printUsageStatement):
3424 (printUsageStatement):
3426 (realMain): See rule (3).
3428 I removed the feature of ensuring orderly tear-down when calling quit()
3429 or running in --help mode because it didn't seem very useful and
3430 making it work with Windows structured exception handling and
3431 NO_RETURN didn't seem like a fun way to spend a Saturday.
3433 * runtime/JSGlobalData.h:
3434 * runtime/JSGlobalData.cpp:
3435 (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data
3436 member in JSGlobalData to ensure that it's destructed last, so other
3437 objects that reference it destruct without crashing. This allowed me
3438 to remove clearBuiltinStructures() altogether, and helped guarantee
3441 (JSC::JSGlobalData::~JSGlobalData): Explicitly call
3442 lastChanceToFinalize() at the head of our destructor to ensure that
3443 all pending finalizers run while the virtual machine is still in a
3444 valid state. Trying to resurrect (re-ref) the virtual machine at this
3445 point is not valid, but all other operations are.
3447 Changed a null to a 0xbbadbeef to clarify just how bad this beef is.
3449 * runtime/JSGlobalObject.cpp:
3450 (JSC::JSGlobalObject::init):
3451 * runtime/JSGlobalObject.h:
3453 (JSC::JSGlobalObject::globalData): See rule (3).
3455 2012-04-27 Geoffrey Garen <ggaren@apple.com>
3457 Try to fix the Windows build.
3462 2012-04-27 Geoffrey Garen <ggaren@apple.com>
3464 Made WeakSet::allocate() static and removed its JSGlobalData argument
3465 https://bugs.webkit.org/show_bug.cgi?id=85128
3467 Reviewed by Anders Carlsson.
3469 This is a step toward faster finalization.
3471 WeakSet::allocate() now deduces which WeakSet to allocate from based on
3472 its JSCell* argument. (Currently, there's only one WeakSet, but soon
3473 there will be many.)
3475 This was a global replace of "globalData.heap.weakSet()->allocate" with
3476 "WeakSet::allocate", plus by-hand removal of the JSGlobalData argument.
3478 * heap/WeakSetInlines.h: Copied from Source/JavaScriptCore/heap/WeakSet.h.
3480 I had to split out WeakSet::allocate() in to a separate header to avoid
3483 (JSC::WeakSet::allocate): We can mask the pointer we're passed to
3484 figure out where to allocate our WeakImpl. (Soon, we'll use this to
3485 associate the WeakImpl with the GC block it references.)
3487 2012-04-27 Geoffrey Garen <ggaren@apple.com>
3489 Stop using aligned allocation for WeakBlock
3490 https://bugs.webkit.org/show_bug.cgi?id=85124
3492 Reviewed by Anders Carlsson.
3494 We don't actually use the alignment for anything.
3496 * heap/WeakBlock.cpp:
3497 (JSC::WeakBlock::create):
3498 (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular
3502 (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned
3503 allocation. This change required me to add some declarations that we used
3504 to inherit from HeapBlock.
3506 (WeakBlock::blockFor): Removed. This function relied on aligned allocation
3507 but didn't do anything for us.
3509 (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation
3510 logic, so it shouldn't own the function.
3513 (JSC::WeakSet::~WeakSet):
3514 (JSC::WeakSet::finalizeAll):
3515 (JSC::WeakSet::visitLiveWeakImpls):
3516 (JSC::WeakSet::visitDeadWeakImpls):
3517 (JSC::WeakSet::sweep):
3518 (JSC::WeakSet::shrink):
3519 (JSC::WeakSet::resetAllocator):
3520 (JSC::WeakSet::tryFindAllocator):
3522 (WeakSet): Updated declarations to reflect WeakBlock not inheriting from
3523 HeapBlock. This allowed me to remove some casts, which was nice.
3525 (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of
3526 asking WeakBlock to do it for us. We don't need to have a WeakBlock
3527 pointer to set the flag, so stop asking for one.
3529 2012-04-27 Kentaro Hara <haraken@chromium.org>
3531 [JSC] Implement a helper method createNotEnoughArgumentsError()
3532 https://bugs.webkit.org/show_bug.cgi?id=85102
3534 Reviewed by Geoffrey Garen.
3536 In bug 84787, kbr@ requested to avoid hard-coding
3537 createTypeError(exec, "Not enough arguments") here and there.
3538 This patch implements createNotEnoughArgumentsError(exec)
3539 and uses it in JSC bindings.
3541 c.f. a corresponding bug for V8 bindings is bug 85097.
3543 * runtime/Error.cpp:
3544 (JSC::createNotEnoughArgumentsError):
3549 2012-04-27 Geoffrey Garen <ggaren@apple.com>
3551 Only allow non-null pointers in the WeakSet
3552 https://bugs.webkit.org/show_bug.cgi?id=85119
3554 Reviewed by Darin Adler.
3556 This is a step toward more efficient finalization.
3558 No clients put non-pointers (JSValues) into Weak<T> and PassWeak<T>.
3560 Some clients put null pointers into Weak<T> and PassWeak<T>, but this is
3561 more efficient and straight-forward to model with a null in the Weak<T>
3562 or PassWeak<T> instead of allocating a WeakImpl just to hold null.
3565 (JSC): Removed the Unknown (JSValue) type of weak pointer because it's
3568 (PassWeak): Don't provide a default initializer for our JSCell* argument.
3569 This feature was only used in one place, and it was a bug.
3571 (JSC::::get): Don't check for a null stored inside our WeakImpl: that's
3572 not allowed anymore.
3574 (JSC::PassWeak::PassWeak): Handle null as a null WeakImpl instead of
3575 allocating a WeakImpl and storing null into it.
3579 (JSC::::Weak): Same changes as in PassWeak<T>.
3581 * heap/WeakBlock.cpp:
3582 (JSC::WeakBlock::visitLiveWeakImpls):
3583 (JSC::WeakBlock::visitDeadWeakImpls): Only non-null cells are valid in
3584 the WeakSet now, so no need to check for non-cells and null cell pointers.
3587 (JSC::WeakImpl::WeakImpl): Only non-null cells are valid in the WeakSet
3588 now, so ASSERT that.
3590 2012-04-27 Gavin Barraclough <barraclough@apple.com>
3592 <rdar://problem/7909395> Math in JavaScript is inaccurate on iOS
3594 By defalut IEEE754 denormal support is disabled on iOS;
3597 Reviewed by Filip Pizlo.
3601 - clear the appropriate bit in the fpscr.
3603 2012-04-27 Michael Saboff <msaboff@apple.com>
3605 Memory wasted in JSString for non-rope strings
3606 https://bugs.webkit.org/show_bug.cgi?id=84907
3608 Reviewed by Geoffrey Garen.
3610 Split JSString into two classes, JSString as a base class that does not
3611 include the fibers of a Rope, and a subclass JSRopeString that has the
3612 rope functionality. Both classes "share" the same ClassInfo. Added
3613 a bool to JSString to indicate that the string was allocated as a JSRopeString
3614 to properly handle visiting the fiber children when the rope is resolved and
3615 the JSRopeString appears as a JSString. Didn't change the interface of JSString
3616 to require any JIT changes.
3618 As part of this change, removed "cellSize" from ClassInfo since both classes
3619 share the same ClassInfo, but have different sizes. The only use I could find
3620 for cellSize was an ASSERT in allocateCell().
3622 This appears to be neutral on performance tests.
3624 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Changed JSString::resolveRope
3625 to JSRopeString::resolveRope
3626 * runtime/ClassInfo.h:
3630 (JSC::allocateCell):
3631 * runtime/JSString.cpp:
3632 (JSC::JSRopeString::RopeBuilder::expand):
3633 (JSC::JSString::visitChildren):
3635 (JSC::JSRopeString::visitFibers):
3636 (JSC::JSRopeString::resolveRope):
3637 (JSC::JSRopeString::resolveRopeSlowCase8):
3638 (JSC::JSRopeString::resolveRopeSlowCase):
3639 (JSC::JSRopeString::outOfMemory):
3640 (JSC::JSRopeString::getIndexSlowCase):
3641 * runtime/JSString.h:
3644 (JSC::JSString::finishCreation):
3645 (JSC::JSString::create):
3646 (JSC::JSString::isRope):
3647 (JSC::JSString::is8Bit):
3650 (JSC::JSRopeString::RopeBuilder::RopeBuilder):
3651 (JSC::JSRopeString::RopeBuilder::append):
3652 (JSC::JSRopeString::RopeBuilder::release):
3653 (JSC::JSRopeString::RopeBuilder::length):
3654 (JSC::JSRopeString::JSRopeString):
3655 (JSC::JSRopeString::finishCreation):
3656 (JSC::JSRopeString::createNull):
3657 (JSC::JSRopeString::create):
3658 (JSC::JSString::value):
3659 (JSC::JSString::tryGetValue):
3660 (JSC::JSString::getIndex):
3661 (JSC::jsStringBuilder):
3662 * runtime/Operations.h:
3664 (JSC::jsStringFromArguments):
3666 2012-04-27 Oliver Hunt <oliver@apple.com>
3670 * interpreter/Interpreter.cpp:
3671 (JSC::Interpreter::throwException):
3673 2012-04-27 Oliver Hunt <oliver@apple.com>
3675 Lazy link phase of baseline jit fails to propagate exception
3676 https://bugs.webkit.org/show_bug.cgi?id=85092
3678 Reviewed by Filip Pizlo.
3680 Very simple patch, when linking produces an error we need to actually store
3681 the exception prior to throwing it. I can't find any other examples of this,
3682 but as we're already in the slow path when throwing an exception I've hardened
3683 exception throwing against null exceptions.
3685 * interpreter/Interpreter.cpp:
3686 (JSC::Interpreter::throwException):
3690 2012-04-27 Benjamin Poulain <benjamin@webkit.org>
3692 Generalize the single character optimization of numberProtoFuncToString
3693 https://bugs.webkit.org/show_bug.cgi?id=85027
3695 Reviewed by Geoffrey Garen.
3697 The function numberProtoFuncToString() has an optimization to use SmallStrings::singleCharacterString()
3698 when the radix is 36.
3700 This patch generalize the optimization for any radix. Any positive number smaller than its radix
3701 can be represented by a single character of radixDigits.
3703 This makes numberProtoFuncToString() about twice as fast for this case of single digit conversion.
3705 * runtime/NumberPrototype.cpp:
3706 (JSC::numberProtoFuncToString):
3708 2012-04-27 Gavin Peters <gavinp@chromium.org>
3710 Add new ENABLE_LINK_PRERENDER define to control the Prerendering API
3711 https://bugs.webkit.org/show_bug.cgi?id=84871
3713 Reviewed by Adam Barth.
3715 Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
3716 API separates it from prefetching. Having separate include guards lets ports enable prefetching,
3717 a relatively easy change, without needing to build the infrastructure for prerendering, which
3718 is considerably more complicated.
3720 * Configurations/FeatureDefines.xcconfig:
3722 2012-04-26 Oliver Hunt <oliver@apple.com>
3724 Allocating WeakImpl should not trigger GC, as that makes the world very tricksy.
3725 https://bugs.webkit.org/show_bug.cgi?id=85020
3727 Reviewed by Gavin Barraclough.
3729 Now in the event that we are unable to find an allocator for a new handle, just
3730 add a new allocator rather than trying to recover "dead" handles through a GC.
3732 Find allocator is now much simpler, and addAllocator directly reports the
3733 increased memory usage to the heap without causing any GC to happen immediately.
3736 (JSC::WeakSet::findAllocator):
3737 (JSC::WeakSet::addAllocator):
3739 2012-04-26 Oliver Hunt <oliver@apple.com>
3741 Remove RegisterFile::end()/m_end
3742 https://bugs.webkit.org/show_bug.cgi?id=85011
3744 Reviewed by Gavin Barraclough.
3746 Get rid of end() and m_end from RegisterFile. From now on
3747 we only care about the end of the committed region when calling
3748 code. When re-entering the VM we now plant the new CallFrame
3749 immediately after whatever the current topCallFrame is. This
3750 required adding a routine to CallFrame to determine exactly what
3751 we should be doing (in the absence of an existing CallFrame, we
3752 can't reason about the frameExtent() so we check for that).
3754 This also now means that the GC only marks the portion of the
3755 RegisterFile that is actually in use, and that VM re-entry doesn't
3756 exhaust the RegisterFile as rapidly.
3758 * dfg/DFGOperations.cpp:
3760 (JSC::Heap::getConservativeRegisterRoots):
3761 (JSC::Heap::markRoots):
3762 * interpreter/CallFrame.h:
3763 (JSC::ExecState::init):
3764 (JSC::ExecState::startOfReusableRegisterFile):
3766 * interpreter/Interpreter.cpp:
3767 (JSC::Interpreter::execute):
3768 (JSC::Interpreter::executeCall):
3769 (JSC::Interpreter::executeConstruct):
3770 (JSC::Interpreter::prepareForRepeatCall):
3771 (JSC::Interpreter::privateExecute):
3772 * interpreter/Interpreter.h:
3773 (JSC::Interpreter::execute):
3774 * interpreter/RegisterFile.cpp:
3775 (JSC::RegisterFile::growSlowCase):
3776 (JSC::RegisterFile::gatherConservativeRoots):
3777 * interpreter/RegisterFile.h:
3778 (JSC::RegisterFile::commitEnd):
3779 (JSC::RegisterFile::addressOfEnd):
3781 (JSC::RegisterFile::RegisterFile):
3782 (JSC::RegisterFile::shrink):
3783 (JSC::RegisterFile::grow):
3785 (JSC::DEFINE_STUB_FUNCTION):
3786 (JSC::jitCompileFor):
3788 * llint/LLIntSlowPaths.cpp:
3789 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3790 (JSC::LLInt::handleHostCall):
3791 * llint/LowLevelInterpreter.asm:
3792 * runtime/CommonSlowPaths.h:
3793 (JSC::CommonSlowPaths::arityCheckFor):
3795 2012-04-26 Filip Pizlo <fpizlo@apple.com>
3797 DFG ARMv7 backend should optimize Float32 arrays
3798 https://bugs.webkit.org/show_bug.cgi?id=85000
3799 <rdar://problem/10652827>
3801 Reviewed by Gavin Barraclough.
3803 * assembler/ARMv7Assembler.h:
3805 (JSC::ARMv7Assembler::flds):
3806 (JSC::ARMv7Assembler::fsts):
3807 (JSC::ARMv7Assembler::vcvtds):
3808 (JSC::ARMv7Assembler::vcvtsd):
3809 * assembler/MacroAssemblerARMv7.h:
3810 (JSC::MacroAssemblerARMv7::loadFloat):
3811 (MacroAssemblerARMv7):
3812 (JSC::MacroAssemblerARMv7::storeFloat):
3813 (JSC::MacroAssemblerARMv7::convertFloatToDouble):
3814 (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
3815 * bytecode/PredictedType.h:
3816 (JSC::isActionableFloatMutableArrayPrediction):
3818 (JSC::DFG::Node::shouldSpeculateFloat32Array):
3820 2012-04-25 Benjamin Poulain <benjamin@webkit.org>
3822 Add a version of StringImpl::find() without offset
3823 https://bugs.webkit.org/show_bug.cgi?id=83968
3825 Reviewed by Sam Weinig.
3827 Add support for the new StringImpl::find() to UString.
3829 Change stringProtoFuncIndexOf() to specifically take advatage of the feature.
3830 This gives a 12% gains on a distribution of strings between 30 and 100 characters.
3832 * runtime/StringPrototype.cpp:
3833 (JSC::substituteBackreferences):
3834 (JSC::stringProtoFuncIndexOf):
3835 * runtime/UString.h:
3837 (JSC::UString::find):
3839 2012-04-25 Mark Hahnenberg <mhahnenberg@apple.com>
3841 WebCore shouldn't call collectAllGarbage directly
3842 https://bugs.webkit.org/show_bug.cgi?id=84897
3844 Reviewed by Geoffrey Garen.
3846 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported symbol
3847 for reportAbanondedObjectGraph so WebCore can use it.
3848 * heap/Heap.h: Ditto.
3850 2012-04-25 Oliver Hunt <oliver@apple.com>
3852 Biolab disaster crashes on ToT
3853 https://bugs.webkit.org/show_bug.cgi?id=84898
3855 Reviewed by Filip Pizlo.
3857 Whoops, committed without saving reviewer requested change.
3859 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3860 (JSC::DFG::VirtualRegisterAllocationPhase::run):
3862 2012-04-25 Oliver Hunt <oliver@apple.com>
3864 Biolab disaster crashes on ToT
3865 https://bugs.webkit.org/show_bug.cgi?id=84898
3867 Reviewed by Filip Pizlo.
3869 I recently added an assertion to the Interpreter to catch incorrect
3870 updates of topCallFrame. This caused a bunch of sites (including biolab
3871 disaster) to crash as we were not correctly handling callee registers
3872 of inlined functions, leading to a mismatch.
3874 I could not actually make this trigger directly, although it does trigger
3875 already on some of the GTK and QT bots.
3877 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3878 (JSC::DFG::VirtualRegisterAllocationPhase::run):
3880 2012-04-25 Kenneth Russell <kbr@google.com>
3882 Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced
3883 https://bugs.webkit.org/show_bug.cgi?id=83655
3885 Reviewed by Oliver Hunt.
3888 * GNUmakefile.list.am:
3889 * JavaScriptCore.gypi:
3890 * JavaScriptCore.order:
3891 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
3892 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
3893 * JavaScriptCore.xcodeproj/project.pbxproj:
3895 * bytecode/PredictedType.cpp:
3896 (JSC::predictionToString):
3897 (JSC::predictionToAbbreviatedString):
3898 (JSC::predictionFromClassInfo):
3899 * bytecode/PredictedType.h:
3901 (JSC::isActionableIntMutableArrayPrediction):
3902 * dfg/DFGAbstractState.cpp:
3903 (JSC::DFG::AbstractState::initialize):
3904 (JSC::DFG::AbstractState::execute):
3905 * dfg/DFGCSEPhase.cpp:
3906 (JSC::DFG::CSEPhase::performNodeCSE):
3907 * dfg/DFGFixupPhase.cpp:
3908 (JSC::DFG::FixupPhase::fixupNode):
3910 * dfg/DFGNodeType.h:
3912 * dfg/DFGOperations.cpp:
3913 (JSC::DFG::putByVal):
3914 * dfg/DFGPredictionPropagationPhase.cpp:
3915 (JSC::DFG::PredictionPropagationPhase::propagate):
3916 * dfg/DFGSpeculativeJIT.cpp:
3917 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3918 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
3919 * dfg/DFGSpeculativeJIT.h:
3920 (JSC::DFG::ValueSource::forPrediction):
3922 * dfg/DFGSpeculativeJIT32_64.cpp:
3923 (JSC::DFG::SpeculativeJIT::compile):
3924 * dfg/DFGSpeculativeJIT64.cpp:
3925 (JSC::DFG::SpeculativeJIT::compile):
3926 * interpreter/Interpreter.cpp:
3927 (JSC::Interpreter::privateExecute):
3929 (JSC::DEFINE_STUB_FUNCTION):
3931 * llint/LLIntSlowPaths.cpp:
3932 (JSC::LLInt::getByVal):
3933 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3934 * runtime/JSByteArray.cpp: Removed.
3935 * runtime/JSByteArray.h: Removed.
3936 * runtime/JSGlobalData.cpp:
3938 2012-04-25 Filip Pizlo <fpizlo@apple.com>
3940 http://bellard.org/jslinux/ triggers an assertion failure in the DFG JIT
3941 https://bugs.webkit.org/show_bug.cgi?id=84815
3942 <rdar://problem/11319514>
3944 Reviewed by Gavin Barraclough.
3946 * dfg/DFGSpeculativeJIT.h:
3947 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
3949 2012-04-25 Michael Saboff <msaboff@apple.com>
3951 Closure in try {} with catch captures all locals from the enclosing function
3952 https://bugs.webkit.org/show_bug.cgi?id=84804
3954 Reviewed by Oliver Hunt.
3956 Changed the capturing of local variables from capturing when eval is used,
3957 within a "with" or within a "catch" to be just when an eval is used.
3958 Renamed the function returning that we should capture from
3959 getCapturedVariables() to usesEval(), since that what it noew returns.
3960 Needed to fix the "with" code to only range check when the activation
3961 has actually been torn off. Added m_isTornOff to JSActivation to
3965 (JSC::Scope::usesEval):
3966 (JSC::Scope::getCapturedVariables):
3967 * runtime/JSActivation.cpp:
3968 (JSC::JSActivation::JSActivation):
3969 (JSC::JSActivation::symbolTableGet):
3970 (JSC::JSActivation::symbolTablePut):
3971 * runtime/JSActivation.h:
3973 (JSC::JSActivation::tearOff):
3975 2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com>
3977 GC Activity Callback timer should be based on how much has been allocated since the last collection
3978 https://bugs.webkit.org/show_bug.cgi?id=84763
3980 Reviewed by Geoffrey Garen.
3982 The desired behavior for the GC timer is to collect at some point in the future,
3983 regardless of how little we've allocated. A secondary goal, which is almost if not
3984 as important, is for the timer to collect sooner if there is the potential to
3985 collect a greater amount of memory. Conversely, as we allocate more memory we'd
3986 like to reduce the delay to the next collection. If we're allocating quickly enough,
3987 the timer should be preempted in favor of a normal allocation-triggered collection.
3988 If allocation were to slow or stop, we'd like the timer to be able to opportunistically
3989 run a collection without us having to allocate to the hard limit set by the Heap.
3991 This type of policy can be described in terms of the amount of CPU we are willing
3992 to dedicate to reclaim a single MB of memory. For example, we might be willing to
3993 dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of
3994 the last collection, e.g. if our last collection took 1ms, we would want to wait about
3995 100ms before running another collection to reclaim 1 MB. These constants should be
3996 tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB.
3998 * API/JSBase.cpp: Use the new reportAbandonedObjectGraph.
4000 * API/JSContextRef.cpp: Ditto.
4003 (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call
4004 this function to notify the Heap that some unknown number of JSC objects might have just
4005 been abandoned and are now garbage. The Heap might schedule a new collection timer based
4006 on this notification.
4008 (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect.
4011 * heap/MarkedAllocator.h:
4012 (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the
4013 current allocator's FreeList once zapping was complete.
4014 * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by
4015 Heap::reportAbandonedObjectGraph.
4017 * runtime/GCActivityCallback.h:
4018 (JSC::GCActivityCallback::willCollect):
4019 (DefaultGCActivityCallback):
4020 * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the
4021 timer based on how much we have allocated since the last collection up to a certain amount.
4022 We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered
4023 collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB.
4024 (DefaultGCActivityCallbackPlatformData):
4026 (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
4027 (JSC::DefaultGCActivityCallback::commonConstructor):
4028 (JSC::scheduleTimer):
4030 (JSC::DefaultGCActivityCallback::didAllocate):
4032 2012-04-24 Michael Saboff <msaboff@apple.com>
4034 objectProtoFuncToString creates new string every invocation
4035 https://bugs.webkit.org/show_bug.cgi?id=84781
4037 Reviewed by Geoffrey Garen.
4039 Cache the results of object toString() in the attached Structure.
4041 * runtime/ObjectPrototype.cpp:
4042 (JSC::objectProtoFuncToString):
4043 * runtime/Structure.cpp:
4044 (JSC::Structure::visitChildren): visit new m_hasObjectToStringValue.
4045 * runtime/Structure.h: Added new member m_hasObjectToStringValue
4047 (JSC::Structure::objectToStringValue):
4049 (JSC::Structure::setObjectToStringValue):
4051 2012-04-24 Thouraya ANDOLSI <thouraya.andolsi@st.com>
4053 Reviewed by Oliver Hunt.
4055 https://bugs.webkit.org/show_bug.cgi?id=84727.
4056 Fix build when ENABLE_JIT_CONSTANT_BLINDING enabled.
4058 * assembler/MacroAssemblerSH4.h:
4059 (JSC::MacroAssemblerSH4::or32):
4060 (JSC::MacroAssemblerSH4::and32):
4061 (JSC::MacroAssemblerSH4::lshift32):
4062 (JSC::MacroAssemblerSH4::xor32):
4063 (JSC::MacroAssemblerSH4::branchSub32):
4064 (JSC::MacroAssemblerSH4::urshift32):
4066 2012-04-24 Gavin Barraclough <barraclough@apple.com>
4068 Add explicit patchableBranchPtrWithPatch/patchableJump methods
4069 https://bugs.webkit.org/show_bug.cgi?id=84498
4071 Reviewed by Filip Pizlo.
4073 Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch.
4075 * assembler/AbstractMacroAssembler.h:
4076 (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump):
4078 (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&):
4079 (AbstractMacroAssembler):
4080 (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
4081 - Added PatchableJump type, removed inUninterruptedSequence.
4082 * assembler/LinkBuffer.h:
4084 (JSC::LinkBuffer::locationOf):
4085 - Only allow the location to be taken of patchable branches
4086 * assembler/MacroAssembler.h:
4088 (JSC::MacroAssembler::patchableBranchPtrWithPatch):
4089 (JSC::MacroAssembler::patchableJump):
4090 (JSC::MacroAssembler::shouldBlind):
4091 - Added default implementation of patchableBranchPtrWithPatch, patchableJump.
4092 * assembler/MacroAssemblerARMv7.h:
4093 (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
4094 (MacroAssemblerARMv7):
4095 (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch):
4096 (JSC::MacroAssemblerARMv7::patchableJump):
4097 (JSC::MacroAssemblerARMv7::jump):
4098 (JSC::MacroAssemblerARMv7::makeBranch):
4099 - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump.
4100 * dfg/DFGCorrectableJumpPoint.h:
4102 (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
4103 - Late jumps are PatchableJumps.
4104 * dfg/DFGJITCompiler.cpp:
4105 (JSC::DFG::JITCompiler::linkOSRExits):
4106 - replace use of inUninterruptedSequence
4107 * dfg/DFGJITCompiler.h:
4108 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
4109 (PropertyAccessRecord):
4110 - replace use of inUninterruptedSequence
4111 * dfg/DFGSpeculativeJIT32_64.cpp:
4112 (JSC::DFG::SpeculativeJIT::cachedGetById):
4113 (JSC::DFG::SpeculativeJIT::cachedPutById):
4114 - replace use of inUninterruptedSequence
4115 * dfg/DFGSpeculativeJIT64.cpp:
4116 (JSC::DFG::SpeculativeJIT::cachedGetById):
4117 (JSC::DFG::SpeculativeJIT::cachedPutById):
4118 - replace use of inUninterruptedSequence
4120 (PropertyStubCompilationInfo):
4121 - replace use of inUninterruptedSequence
4122 * jit/JITInlineMethods.h:
4123 (JSC::JIT::beginUninterruptedSequence):
4124 (JSC::JIT::endUninterruptedSequence):
4125 - replace use of inUninterruptedSequence
4126 * jit/JITPropertyAccess.cpp:
4127 (JSC::JIT::compileGetByIdHotPath):
4128 - replace use of inUninterruptedSequence
4129 * jit/JITPropertyAccess32_64.cpp:
4130 (JSC::JIT::compileGetByIdHotPath):
4131 - replace use of inUninterruptedSequence
4133 2012-04-24 Benjamin Poulain <bpoulain@apple.com>
4135 Generalize the single character optimization of r114072
4136 https://bugs.webkit.org/show_bug.cgi?id=83961
4138 Reviewed by Eric Seidel.
4140 Use the regular String::find(StringImpl*) in all cases now that it has been made faster.
4142 * runtime/StringPrototype.cpp:
4143 (JSC::replaceUsingStringSearch):
4145 2012-04-24 Filip Pizlo <fpizlo@apple.com>
4147 Unreviewed, 32-bit build fix.
4149 * dfg/DFGSpeculativeJIT32_64.cpp:
4150 (JSC::DFG::SpeculativeJIT::compile):
4152 2012-04-24 Filip Pizlo <fpizlo@apple.com>
4154 DFG performs incorrect DCE on (some?) intrinsics
4155 https://bugs.webkit.org/show_bug.cgi?id=84746
4156 <rdar://problem/11310772>
4158 Reviewed by Oliver Hunt.
4160 * dfg/DFGAbstractState.cpp:
4161 (JSC::DFG::AbstractState::execute):
4162 * dfg/DFGByteCodeParser.cpp:
4164 (JSC::DFG::ByteCodeParser::setIntrinsicResult):
4165 (JSC::DFG::ByteCodeParser::handleMinMax):
4166 (JSC::DFG::ByteCodeParser::handleIntrinsic):
4167 * dfg/DFGNodeType.h:
4169 * dfg/DFGPredictionPropagationPhase.cpp:
4170 (JSC::DFG::PredictionPropagationPhase::propagate):
4171 * dfg/DFGSpeculativeJIT32_64.cpp:
4172 (JSC::DFG::SpeculativeJIT::compile):
4173 * dfg/DFGSpeculativeJIT64.cpp:
4174 (JSC::DFG::SpeculativeJIT::compile):
4176 2012-04-24 Mark Hahnenberg <mhahnenberg@apple.com>
4178 Failure to allocate ArrayStorage in emit_op_new_array leads to poisonous JSArray
4179 https://bugs.webkit.org/show_bug.cgi?id=84648
4181 Reviewed by Geoffrey Garen.
4183 When emit_op_new_array successfully allocates a new JSArray but fails to allocate
4184 the corresponding ArrayStorage for it, it falls back to the out-of-line stub call
4185 to constructArray, which constructs and entirely new JSArray/ArrayStorage pair.
4186 This leaves us with a JSArray hanging around on the stack or in a register that
4187 did not go through its own constructor, thus giving it uninitialized memory in the
4188 two fields that are checked in JSArray::visitChildren.
4190 * jit/JITInlineMethods.h:
4191 (JSC::JIT::emitAllocateJSArray): We try to allocate the ArrayStorage first, so that
4192 if we fail we haven't generated the poisonous JSArray that can cause a GC crash.
4193 * jit/JITOpcodes.cpp:
4194 (JSC::JIT::emitSlow_op_new_array):
4196 2012-04-23 Filip Pizlo <fpizlo@apple.com>
4198 DFG on ARMv7 should not OSR exit on every integer division
4199 https://bugs.webkit.org/show_bug.cgi?id=84661
4201 Reviewed by Oliver Hunt.
4203 On ARMv7, ArithDiv no longer has to know whether or not to speculate integer (since
4204 that was broken with the introduction of Int32ToDouble) nor does it have to know
4205 whether or not to convert its result to integer. This is now taken care of for free
4206 with the addition of the DoubleAsInt32 node, which represents a double-is-really-int
4209 * dfg/DFGAbstractState.cpp:
4210 (JSC::DFG::AbstractState::execute):
4211 * dfg/DFGCSEPhase.cpp:
4212 (JSC::DFG::CSEPhase::performNodeCSE):
4213 * dfg/DFGFixupPhase.cpp:
4214 (JSC::DFG::FixupPhase::fixupNode):
4215 * dfg/DFGNodeType.h:
4217 * dfg/DFGOSRExit.cpp:
4218 (JSC::DFG::OSRExit::OSRExit):
4219 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
4222 * dfg/DFGPredictionPropagationPhase.cpp:
4223 (JSC::DFG::PredictionPropagationPhase::propagate):
4224 * dfg/DFGSpeculativeJIT.cpp:
4225 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
4226 (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
4228 * dfg/DFGSpeculativeJIT.h:
4230 (JSC::DFG::SpeculativeJIT::speculationCheck):
4231 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
4232 * dfg/DFGSpeculativeJIT32_64.cpp:
4233 (JSC::DFG::SpeculativeJIT::compile):
4234 * dfg/DFGSpeculativeJIT64.cpp:
4235 (JSC::DFG::SpeculativeJIT::compile):
4237 2012-04-24 Geoffrey Garen <ggaren@apple.com>
4239 "GlobalHandle" HandleHeap (now WeakSet) allocations grow but do not shrink
4240 https://bugs.webkit.org/show_bug.cgi?id=84740
4241 <rdar://problem/9917638>
4243 Reviewed by Gavin Barraclough.
4248 (JSC::Heap::destroy): Be more specific about what's shrinking, since we
4249 can also shrink the WeakSet, but we don't do so here.
4251 (JSC::Heap::collect): If we're going to shrink the heap, shrink the
4252 WeakSet too. Otherwise, its footprint is permanent.
4255 (Heap): Removed shrink() as a public interface, since it's vague about
4256 which parts of the heap it affects, and it's really an internal detail.
4259 (JSC::WeakSet::shrink): Nix any free blocks. We assume that sweep() has
4260 already taken place, since that's the convention for shrink() in the heap.
4263 (WeakSet): New function!
4265 2012-04-24 Adam Klein <adamk@chromium.org>
4267 Fix includes in StrongInlines.h and ScriptValue.h
4268 https://bugs.webkit.org/show_bug.cgi?id=84659
4270 Reviewed by Geoffrey Garen.
4272 * heap/StrongInlines.h: Include JSGlobalData.h, since JSGlobalData's
4273 definiition is required here.
4275 2012-04-23 Filip Pizlo <fpizlo@apple.com>
4277 DFG OSR exit should ensure that all variables have been initialized
4278 https://bugs.webkit.org/show_bug.cgi?id=84653
4279 <rdar://problem/11258183>
4281 Reviewed by Gavin Barraclough.
4283 Initialize all uncaptured dead variables to undefined on OSR exit.
4285 * dfg/DFGSpeculativeJIT.cpp:
4286 (JSC::DFG::ValueSource::dump):
4287 (JSC::DFG::SpeculativeJIT::compile):
4288 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
4289 * dfg/DFGSpeculativeJIT.h:
4291 2012-04-23 Oliver Hunt <oliver@apple.com>
4293 Call instruction for the baseline JIT stores origin info in wrong callframe
4294 https://bugs.webkit.org/show_bug.cgi?id=84645
4296 Reviewed by Gavin Barraclough.
4298 The baseline JIT was updating the wrong callframe when making a call. If the
4299 call failed during dispatch (unable to perform codegen, calling a non-object)
4300 we would attempt to use this information, but it would be completely wrong.
4303 (JSC::JIT::compileOpCall):
4304 * jit/JITCall32_64.cpp:
4305 (JSC::JIT::compileOpCall):
4307 2012-04-23 Filip Pizlo <fpizlo@apple.com>
4309 DFG must keep alive values that it will perform speculations on
4310 https://bugs.webkit.org/show_bug.cgi?id=84638
4311 <rdar://problem/11258183>
4313 Reviewed by Oliver Hunt.
4315 * dfg/DFGNodeType.h:
4318 2012-04-23 Oliver Hunt <oliver@apple.com>
4320 Fix non-LLInt builds by temporarily removing an over-enthusiastic assertion
4322 * interpreter/Interpreter.cpp:
4323 (JSC::Interpreter::executeCall):
4325 2012-04-22 Jon Lee <jonlee@apple.com>
4327 Remove notifications support on Mac Lion.
4328 https://bugs.webkit.org/show_bug.cgi?id=84554
4329 <rdar://problem/11297128>
4331 Reviewed by Sam Weinig.
4333 * Configurations/FeatureDefines.xcconfig:
4335 2012-04-21 Darin Adler <darin@apple.com>
4337 Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
4338 https://bugs.webkit.org/show_bug.cgi?id=84523
4340 Reviewed by Oliver Hunt.
4342 Profiles showed that checks against -1 were costly, and I saw they could be eliminated.
4343 Streamlined this code to use standard character types and 0 rather than -1. One benefit
4344 of this is that there's no widening and narrowing. Another is that there are many cases
4345 where we already have the correct behavior for 0, so can eliminate a branch that was
4346 used to test for -1 before. Also eliminates typecasts in the code.
4349 (JSC::Lexer::invalidCharacterMessage): Updated use of String::format since m_current is now a
4350 character type, not an int.
4351 (JSC::Lexer::setCode): Use 0 rather than -1 when past the end.
4352 (JSC::Lexer::shift): Ditto. Also spruced up the comment a bit.
4353 (JSC::Lexer::atEnd): Added. New function that distinguishes an actual 0 character from the end
4354 of the code. This can be used places we used to cheeck for -1.
4355 (JSC::Lexer::peek): Updated to use -1 instead of 0. Removed meaningless comment.
4356 (JSC::Lexer::parseFourDigitUnicodeHex): Changed to use character types instead of int.
4357 (JSC::Lexer::shiftLineTerminator): Removed now-unneeded type casts. Changed local variable that
4358 had a data-member-style name.
4359 (JSC::Lexer::parseIdentifier): Removed now-unneeded explicit checks for -1, since the isIdentPart
4360 function already returns false for the 0 character. Updated types in a couple other places. Used
4361 the atEnd function where needed.
4362 (JSC::Lexer::parseIdentifierSlowCase): More of the same.
4363 (JSC::characterRequiresParseStringSlowCase): Added overloaded helper function for parseString.
4364 (JSC::Lexer::parseString): Ditto.
4365 (JSC::Lexer::parseStringSlowCase): Ditto.
4366 (JSC::Lexer::parseMultilineComment): Ditto.
4367 (JSC::Lexer::lex): More of the same. Also changed code to set the startOffset directly in
4368 the tokenInfo instead of putting it in a local variable first, saving some memory access.
4369 (JSC::Lexer::scanRegExp): Ditto.
4370 (JSC::Lexer::skipRegExp): Ditto.
4372 * parser/Lexer.h: Changed return type of the peek function and type of m_current from int to
4373 the character type. Added atEnd function.
4374 (JSC::Lexer::setOffset): Used 0 instead of -1 and removed an overzealous attempt to optimize.
4375 (JSC::Lexer::lexExpectIdentifier): Used 0 instead of -1.
4377 2012-04-21 Darin Adler <darin@apple.com>
4379 Change JavaScript lexer to use 0 instead of -1 for sentinel, eliminating the need to put characters into ints
4380 https://bugs.webkit.org/show_bug.cgi?id=84523
4382 Reviewed by Oliver Hunt.
4384 Separate preparation step of copyright dates, renaming, and other small tweaks.
4387 (JSC::Lexer::invalidCharacterMessage): Removed "get" from name to match WebKit naming conventions.
4388 (JSC::Lexer::peek): Removed meaningless comment.
4389 (JSC::Lexer::parseFourDigitUnicodeHex): Renamed from getUnicodeCharacter to be more precise about
4390 what this function does.
4391 (JSC::Lexer::shiftLineTerminator): Renamed local variable that had a data-member-style name.
4392 (JSC::Lexer::parseStringSlowCase): Updated for new name of parseFourDigitUnicodeHex.
4393 (JSC::Lexer::lex): Updated for new name of invalidCharacterMessage.
4395 * parser/Lexer.h: Removed an unneeded forward declaration of the RegExp class.
4396 Renamed getInvalidCharMessage to invalidCharacterMessage and made it const. Renamed
4397 getUnicodeCharacter to parseFourDigitUnicodeHex.
4399 2012-04-20 Filip Pizlo <fpizlo@apple.com>
4401 DFG should optimize int8 and int16 arrays on ARMv7
4402 https://bugs.webkit.org/show_bug.cgi?id=84503
4404 Reviewed by Oliver Hunt.
4406 * assembler/ARMv7Assembler.h:
4408 (JSC::ARMv7Assembler::ldrsb):
4409 (JSC::ARMv7Assembler::ldrsh):
4410 * assembler/MacroAssemblerARMv7.h:
4411 (JSC::MacroAssemblerARMv7::load16Signed):
4412 (JSC::MacroAssemblerARMv7::load8Signed):
4413 * bytecode/PredictedType.h:
4414 (JSC::isActionableIntMutableArrayPrediction):
4416 (JSC::DFG::Node::shouldSpeculateInt8Array):
4417 (JSC::DFG::Node::shouldSpeculateInt16Array):
4419 2012-04-20 Oliver Hunt <oliver@apple.com>
4421 Add an ability to find the extent of a callframe
4422 https://bugs.webkit.org/show_bug.cgi?id=84513
4424 Reviewed by Filip Pizlo.
4426 Add a function to get the extent of a callframe and
4427 use that function for a new assertion to make sure the
4428 RegisterFile makes sense using that information.
4430 * interpreter/CallFrame.cpp:
4431 (JSC::CallFrame::frameExtentInternal):
4433 * interpreter/CallFrame.h:
4434 (JSC::ExecState::frameExtent):
4436 * interpreter/Interpreter.cpp:
4437 (JSC::Interpreter::executeCall):
4439 2012-04-20 Benjamin Poulain <bpoulain@apple.com>
4441 Inline the JSArray constructor
4442 https://bugs.webkit.org/show_bug.cgi?id=84416
4444 Reviewed by Geoffrey Garen.
4446 The constructor is trivial, no reason to jump for it.
4448 This makes the creation of array ~5% faster (on non-trivial cases, no empty arrays).
4450 * runtime/JSArray.cpp:
4452 * runtime/JSArray.h:
4453 (JSC::JSArray::JSArray):
4454 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4456 2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com>
4458 Heap should cancel GC timer at the start of the collection
4459 https://bugs.webkit.org/show_bug.cgi?id=84477
4461 Reviewed by Geoffrey Garen.
4463 Currently the Heap cancels the GC timer at the conclusion of a collection.
4464 We should change this to be at the beginning because something (e.g. a finalizer)
4465 could call didAbandonObjectGraph(), which will schedule the timer, but then
4466 we'll immediately unschedule the timer at the conclusion of the collection,
4467 thus potentially preventing large swaths of memory from being reclaimed in a timely manner.
4470 (JSGarbageCollect): Remove outdated fix-me and remove check for whether the Heap is
4471 busy or not, since we're just scheduling a timer to run a GC in the future.
4473 (JSC::Heap::collect): Rename didCollect to willCollect and move the call to the
4474 top of Heap::collect.
4475 * runtime/GCActivityCallback.cpp: Renamed didCollect to willCollect.
4476 (JSC::DefaultGCActivityCallback::willCollect):
4477 * runtime/GCActivityCallback.h: Ditto.
4478 (JSC::GCActivityCallback::willCollect):
4479 (DefaultGCActivityCallback):
4480 * runtime/GCActivityCallbackCF.cpp: Ditto.
4481 (JSC::DefaultGCActivityCallback::willCollect):
4483 2012-04-20 Mark Hahnenberg <mhahnenberg@apple.com>
4485 JSGarbageCollect should not call collectAllGarbage()
4486 https://bugs.webkit.org/show_bug.cgi?id=84476
4488 Reviewed by Geoffrey Garen.
4491 (JSGarbageCollect): Notify the Heap's GCActivityCallback using didAbandonObjectGraph.
4493 2012-04-19 Oliver Hunt <oliver@apple.com>
4495 Exception stack traces aren't complete when the exception starts in native code
4496 https://bugs.webkit.org/show_bug.cgi?id=84073
4498 Reviewed by Filip Pizlo.
4500 Refactored building the stack trace to so that we can construct
4501 it earlier, and don't rely on any prior work performed in the
4502 exception handling machinery. Also updated LLInt and the DFG to
4503 completely initialise the callframes of host function calls.
4505 Also fixed a few LLInt paths that failed to correctly update the
4508 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4509 * dfg/DFGJITCompiler.h:
4510 * dfg/DFGOperations.cpp:
4511 * dfg/DFGSpeculativeJIT32_64.cpp:
4512 (JSC::DFG::SpeculativeJIT::emitCall):
4513 * dfg/DFGSpeculativeJIT64.cpp:
4514 (JSC::DFG::SpeculativeJIT::emitCall):
4515 * interpreter/Interpreter.cpp:
4517 (JSC::Interpreter::getStackTrace):
4518 (JSC::Interpreter::addStackTraceIfNecessary):
4520 (JSC::Interpreter::throwException):
4521 * interpreter/Interpreter.h:
4524 (JSC::JIT::compileOpCall):
4525 * jit/JITCall32_64.cpp:
4526 (JSC::JIT::compileOpCall):
4527 * jit/JITOpcodes.cpp:
4528 (JSC::JIT::privateCompileCTINativeCall):
4529 * jit/JITOpcodes32_64.cpp:
4530 (JSC::JIT::privateCompileCTINativeCall):
4533 * llint/LLIntExceptions.cpp:
4534 (JSC::LLInt::interpreterThrowInCaller):
4535 (JSC::LLInt::returnToThrow):
4536 (JSC::LLInt::callToThrow):
4537 * llint/LLIntSlowPaths.cpp:
4538 (JSC::LLInt::handleHostCall):
4539 * llint/LowLevelInterpreter32_64.asm:
4540 * llint/LowLevelInterpreter64.asm:
4543 * runtime/Error.cpp:
4544 (JSC::addErrorInfo):
4549 2012-04-19 Mark Hahnenberg <mhahnenberg@apple.com>
4551 We're collecting pathologically due to small allocations
4552 https://bugs.webkit.org/show_bug.cgi?id=84404
4554 Reviewed by Geoffrey Garen.
4556 No change in performance on run-jsc-benchmarks.
4558 * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList.
4559 (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
4560 * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no
4562 (JSC::CopiedSpace::CopiedSpace):
4563 (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than
4564 carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace.
4565 (JSC::CopiedSpace::tryAllocateOversize): Call the new didAllocate to notify the Heap of
4566 newly allocated stuff.
4567 (JSC::CopiedSpace::tryReallocateOversize):
4568 (JSC::CopiedSpace::doneFillingBlock):
4569 (JSC::CopiedSpace::doneCopying):
4570 (JSC::CopiedSpace::destroy):
4571 * heap/CopiedSpace.h:
4573 * heap/CopiedSpaceInlineMethods.h:
4574 (JSC::CopiedSpace::startedCopying):
4575 * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and
4576 bytesAllocatedLimit to track how much memory has been allocated since the last collection.
4578 (JSC::Heap::reportExtraMemoryCostSlowCase):
4579 (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering
4580 a collection to be the size of the Heap after the previous collection. Thus, we still have our
4581 2x allocation amount.
4582 (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated
4583 thus far and then adds the new number of bytes to the current total.
4585 * heap/Heap.h: Removed water mark related stuff.
4586 (JSC::Heap::notifyIsSafeToCollect):
4588 (JSC::Heap::shouldCollect):
4590 * heap/MarkedAllocator.cpp:
4591 (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct.
4592 (JSC::MarkedAllocator::allocateSlowCase):
4593 (JSC::MarkedAllocator::addBlock):
4594 * heap/MarkedAllocator.h:
4596 (JSC::MarkedAllocator::MarkedAllocator):
4597 (JSC::MarkedAllocator::allocate):
4598 (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell.
4599 * heap/MarkedBlock.cpp:
4600 (JSC::MarkedBlock::specializedSweep):
4601 (JSC::MarkedBlock::sweep):
4602 (JSC::MarkedBlock::sweepHelper):
4603 (JSC::MarkedBlock::zapFreeList):
4604 * heap/MarkedBlock.h:
4605 (FreeList): Added a new struct that keeps track of the current MarkedAllocator's
4606 free list including the number of bytes of stuff in the free list so that when the free list is
4607 exhausted, the correct amount can be reported to Heap.
4609 (JSC::MarkedBlock::FreeList::FreeList):
4611 * heap/MarkedSpace.cpp: Removing all water mark related stuff.
4612 (JSC::MarkedSpace::MarkedSpace):
4613 (JSC::MarkedSpace::resetAllocators):
4614 * heap/MarkedSpace.h:
4618 (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This
4619 function still needs work though now that the Heap knows how many bytes have been allocated
4620 since the last collection.
4621 * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct.
4622 (JSC::JIT::emitAllocateBasicJSObject): Ditto.
4623 * llint/LowLevelInterpreter.asm: Ditto.
4624 * runtime/GCActivityCallback.cpp:
4625 (JSC::DefaultGCActivityCallback::didAllocate):
4626 * runtime/GCActivityCallback.h:
4627 (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that
4628 the allocation that is being reported has already taken place.
4629 (DefaultGCActivityCallback):
4630 * runtime/GCActivityCallbackCF.cpp:
4632 (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of
4633 allocation since the last collection is not above a threshold (initially arbitrarily chosen to
4636 2012-04-19 Filip Pizlo <fpizlo@apple.com>
4638 MacroAssemblerARMv7::branchTruncateDoubleToUint32 should obey the overflow signal
4639 https://bugs.webkit.org/show_bug.cgi?id=84401
4641 Reviewed by Gavin Barraclough.
4643 * assembler/MacroAssemblerARMv7.h:
4644 (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
4646 2012-04-19 Don Olmstead <don.olmstead@am.sony.com>
4648 KeywordLookupGenerator.py should take an output file as an argument
4649 https://bugs.webkit.org/show_bug.cgi?id=84292
4651 Reviewed by Eric Seidel.
4653 Extended KeywordLookupGenerator to accept an additional argument specifying an output file. If this argument is found stdout is redirected to a file for the duration of the script.
4655 * KeywordLookupGenerator.py:
4657 2012-04-19 Filip Pizlo <fpizlo@apple.com>
4659 It should be possible to perform debugCall on ARMv7
4660 https://bugs.webkit.org/show_bug.cgi?id=84381
4662 Reviewed by Oliver Hunt.
4664 debugCall() was clobbering the argument to the call it was making, leading to a
4665 corrupt ExecState*. This change fixes that issue by using a scratch register that
4666 does not clobber arguments, and it also introduces more assertions that we have
4669 * dfg/DFGAssemblyHelpers.cpp:
4671 (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
4672 * dfg/DFGAssemblyHelpers.h:
4673 (JSC::DFG::AssemblyHelpers::selectScratchGPR):
4675 (JSC::DFG::AssemblyHelpers::debugCall):
4676 (JSC::DFG::AssemblyHelpers::jitAssertHasValidCallFrame):
4677 * dfg/DFGJITCompiler.cpp:
4678 (JSC::DFG::JITCompiler::linkOSRExits):
4679 * dfg/DFGOSRExitCompiler.cpp:
4680 * dfg/DFGSpeculativeJIT.cpp:
4681 (JSC::DFG::SpeculativeJIT::compile):
4682 * dfg/DFGSpeculativeJIT.h:
4683 (JSC::DFG::SpeculativeJIT::selectScratchGPR):
4685 2012-04-19 Filip Pizlo <fpizlo@apple.com>
4687 LLInt no-JIT fallback native call trampoline's exception handler incorrectly assumes that
4688 the PB/PC has been preserved
4689 https://bugs.webkit.org/show_bug.cgi?id=84367
4691 Reviewed by Oliver Hunt.
4693 * llint/LowLevelInterpreter32_64.asm:
4694 * llint/LowLevelInterpreter64.asm:
4696 2012-04-19 Filip Pizlo <fpizlo@apple.com>
4698 It should be possible to load from Float64 arrays on ARMv7 without crashing
4699 https://bugs.webkit.org/show_bug.cgi?id=84361
4701 Reviewed by Oliver Hunt.
4703 * assembler/MacroAssemblerARMv7.h:
4704 (JSC::MacroAssemblerARMv7::loadDouble):
4705 (JSC::MacroAssemblerARMv7::storeDouble):
4707 2012-04-19 Dominik Röttsches <dominik.rottsches@linux.intel.com>
4709 [CMake] Build fix after r114575
4710 https://bugs.webkit.org/show_bug.cgi?id=84322
4712 Reviewed by Simon Hausmann.
4714 Build fix, adding WTF when linking jsc shell.
4716 * shell/CMakeLists.txt:
4718 2012-04-18 Filip Pizlo <fpizlo@apple.com>
4720 JSC testing should have complete coverage over typed array types
4721 https://bugs.webkit.org/show_bug.cgi?id=84302
4723 Reviewed by Geoff Garen.
4725 Added Uint8ClampedArray to the set of typed arrays that are supported by jsc
4728 * JSCTypedArrayStubs.h:
4731 (GlobalObject::finishCreation):
4733 2012-04-18 Filip Pizlo <fpizlo@apple.com>
4735 jsc command line should support typed arrays by default
4736 https://bugs.webkit.org/show_bug.cgi?id=84298
4738 Rubber stamped by Gavin Barraclough.
4740 * JSCTypedArrayStubs.h:
4743 (GlobalObject::finishCreation):
4745 2012-04-18 Filip Pizlo <fpizlo@apple.com>
4747 JSVALUE32_64 should be able to perform division on ARM without crashing, and variables
4748 forced double should not be scrambled when performing OSR entry
4749 https://bugs.webkit.org/show_bug.cgi?id=84272
4751 Reviewed by Geoff Garen.
4753 * dfg/DFGFixupPhase.cpp:
4754 (JSC::DFG::FixupPhase::fixupNode):
4755 * dfg/DFGOSREntry.cpp:
4756 (JSC::DFG::prepareOSREntry):
4758 2012-04-18 Don Olmstead <don.olmstead@am.sony.com>
4760 JavaScriptCore.gypi not current
4761 https://bugs.webkit.org/show_bug.cgi?id=84224
4763 Reviewed by Eric Seidel.
4765 Updated JavaScriptCore.gypi to contain the latest sources. Removed os-win32 as it wasn't used. Also removed references to ICU files in the gypi file as ICU is most likely specified by the port itself.
4767 Private and public header files were determined by looking at copy-files.cmd within Apple's Visual Studio directory.
4769 * JavaScriptCore.gypi:
4771 2012-04-18 Benjamin Poulain <bpoulain@apple.com>
4773 Remove m_subclassData from JSArray, move the attribute to subclass as needed
4774 https://bugs.webkit.org/show_bug.cgi?id=84249
4776 Reviewed by Geoffrey Garen.
4778 JSArray's m_subclassData is only used by WebCore's RuntimeArray. This patch moves
4779 the attribute to RuntimeArray to avoid allocating memory for the pointer in the common
4782 This gives ~1% improvement in JSArray creation microbenchmark thanks to fewer allocations
4785 * jit/JITInlineMethods.h:
4786 (JSC::JIT::emitAllocateJSArray):
4787 * runtime/JSArray.cpp:
4788 (JSC::JSArray::JSArray):
4789 * runtime/JSArray.h:
4791 2012-04-18 Benjamin Poulain <bpoulain@apple.com>
4793 replaceUsingStringSearch: delay the creation of the replace string until needed
4794 https://bugs.webkit.org/show_bug.cgi?id=83841
4796 Reviewed by Geoffrey Garen.
4798 We do not need to obtain the replaceValue until we have a match. By moving the intialization
4799 of replaceValue when needed, we save a few instructions when there is no match.
4801 * runtime/StringPrototype.cpp:
4802 (JSC::replaceUsingRegExpSearch):
4803 (JSC::replaceUsingStringSearch):
4804 (JSC::stringProtoFuncReplace):
4806 2012-04-18 Mark Hahnenberg <mhahnenberg@apple.com>
4808 GC activity timer should be tied to allocation, not collection
4809 https://bugs.webkit.org/show_bug.cgi?id=83919
4811 Reviewed by Geoffrey Garen.
4813 * API/JSContextRef.cpp: Used the new didAbandonObjectGraph callback to indicate that now that we've
4814 released a global object, we're abandoning a potentially large number of objects that JSC might want
4816 * heap/CopiedSpace.cpp:
4817 (JSC::CopiedSpace::tryAllocateSlowCase): Added the call to timer's willAllocate function to indicate
4818 that we've hit a slow path and are allocating now, so schedule the timer.
4821 (JSC::Heap::collectAllGarbage): Removed the call to discardAllCompiledCode because it was causing us to
4822 throw away too much code during our benchmarks (especially vp8, which is very large and thus has large
4823 amounts of compiled code).
4824 (JSC::Heap::collect): Added the new call to didCollect at the conclusion of a collection so that we
4825 can cancel the timer if we no longer need to run a collection. Also added a check at the beginning of a
4826 collection to see if we should throw away our compiled code. Currently this is set to happen about once
4828 * heap/Heap.h: Added field to keep track of the last time we threw away our compiled code.
4829 * heap/MarkedAllocator.cpp:
4830 (JSC::MarkedAllocator::allocateSlowCase): Added call to willAllocate on the allocation slow path, just like
4832 * runtime/GCActivityCallback.cpp: Added default stubs for non-CF platforms.
4833 (JSC::DefaultGCActivityCallback::willAllocate):
4835 (JSC::DefaultGCActivityCallback::didCollect):
4836 (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
4837 * runtime/GCActivityCallback.h: Added new functions to make JSC's GC timer less arcane. This includes replacing
4838 the operator () with willAllocate() and adding an explicit didCollect() to cancel the timer after a collection
4839 occurs rather than relying on the way the timer is invoked to cancel itself. Also added a callback for
4840 when somebody else (e.g. WebCore or the JSC API) to notify JSC that they have just abandoned an entire graph of
4841 objects and that JSC might want to clean them up.
4842 (JSC::GCActivityCallback::~GCActivityCallback):
4843 (JSC::GCActivityCallback::willAllocate):
4844 (JSC::GCActivityCallback::didCollect):
4845 (JSC::GCActivityCallback::didAbandonObjectGraph):
4846 (JSC::GCActivityCallback::synchronize):
4847 (DefaultGCActivityCallback):
4848 * runtime/GCActivityCallbackCF.cpp: Re-wired all the run loop stuff to implement the aforementioned functions.
4849 We added a flag to check whether the timer was active because the call to CFRunLoopTimerSetNextFireDate actually
4850 turned out to be quite expensive (although Instruments couldn't tell us this).
4851 (DefaultGCActivityCallbackPlatformData):
4853 (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire):
4854 (JSC::DefaultGCActivityCallback::commonConstructor):
4855 (JSC::scheduleTimer):
4857 (JSC::DefaultGCActivityCallback::willAllocate):
4858 (JSC::DefaultGCActivityCallback::didCollect):
4859 (JSC::DefaultGCActivityCallback::didAbandonObjectGraph):
4861 2012-04-17 Filip Pizlo <fpizlo@apple.com>
4863 DFG should not attempt to get rare case counts for op_mod on ARM
4864 https://bugs.webkit.org/show_bug.cgi?id=84218
4866 Reviewed by Geoff Garen.
4868 * dfg/DFGByteCodeParser.cpp:
4869 (JSC::DFG::ByteCodeParser::makeSafe):
4874 2012-04-17 Myles Maxfield <mmaxfield@google.com>
4876 BumpPointerAllocator assumes page size is less than MINIMUM_BUMP_POOL_SIZE
4877 https://bugs.webkit.org/show_bug.cgi?id=80912
4879 Reviewed by Hajime Morita.
4881 * wtf/BumpPointerAllocator.h:
4882 (WTF::BumpPointerPool::create):
4884 2012-04-17 Filip Pizlo <fpizlo@apple.com>
4886 Attempt to fix Windows build.
4888 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4890 2012-04-17 Filip Pizlo <fpizlo@apple.com>
4892 It should be possible to create an inheritorID for the global this object without crashing
4893 https://bugs.webkit.org/show_bug.cgi?id=84200
4894 <rdar://problem/11251082>
4896 Reviewed by Oliver Hunt.
4898 * runtime/JSGlobalThis.cpp:
4899 (JSC::JSGlobalThis::setUnwrappedObject):
4900 * runtime/JSGlobalThis.h:
4901 (JSC::JSGlobalThis::unwrappedObject):
4903 * runtime/JSObject.cpp:
4904 (JSC::JSObject::createInheritorID):
4905 * runtime/JSObject.h:
4907 (JSC::JSObject::resetInheritorID):
4909 2012-04-17 Filip Pizlo <fpizlo@apple.com>
4911 DFG and LLInt should not clobber the frame pointer on ARMv7
4912 https://bugs.webkit.org/show_bug.cgi?id=84185
4913 <rdar://problem/10767252>
4915 Reviewed by Gavin Barraclough.
4917 Changed LLInt to use a different register. Changed DFG to use one fewer
4918 registers. We should revisit this and switch the DFG to use a different
4919 register instead of r7, but we can do that in a subsequent step since
4920 the performance effect is tiny.
4924 (JSC::DFG::GPRInfo::toRegister):
4925 (JSC::DFG::GPRInfo::toIndex):
4926 * offlineasm/armv7.rb:
4928 2012-04-17 Filip Pizlo <fpizlo@apple.com>
4930 use after free in JSC::DFG::Node::op / JSC::DFG::ByteCodeParser::flushArgument
4931 https://bugs.webkit.org/show_bug.cgi?id=83942
4932 <rdar://problem/11247370>
4934 Reviewed by Gavin Barraclough.
4936 Don't use references to the graph after resizing the graph.
4938 * dfg/DFGByteCodeParser.cpp:
4939 (JSC::DFG::ByteCodeParser::flushArgument):
4941 2012-04-16 Gavin Barraclough <barraclough@apple.com>
4943 Array.prototype.toString should be generic
4944 https://bugs.webkit.org/show_bug.cgi?id=81588
4946 Reviewed by Sam Weinig.
4948 * runtime/ArrayPrototype.cpp:
4949 (JSC::arrayProtoFuncToString):
4950 - check for join function, use fast case if base object is array & join is present & default.
4951 * runtime/CommonIdentifiers.h:
4954 2012-04-16 Carlos Garcia Campos <cgarcia@igalia.com>
4956 Unreviewed. Fix make distcheck issues.
4958 * GNUmakefile.list.am: Add missing files.
4960 2012-04-16 Sheriff Bot <webkit.review.bot@gmail.com>
4962 Unreviewed, rolling out r114309.
4963 http://trac.webkit.org/changeset/114309
4964 https://bugs.webkit.org/show_bug.cgi?id=84097
4966 it broke everything (Requested by olliej on #webkit).
4968 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
4969 * bytecode/CodeBlock.h:
4970 * dfg/DFGOperations.cpp:
4971 * interpreter/Interpreter.cpp:
4972 (JSC::Interpreter::getStackTrace):
4973 (JSC::Interpreter::throwException):
4974 * interpreter/Interpreter.h:
4977 (JSC::DEFINE_STUB_FUNCTION):
4980 * llint/LLIntSlowPaths.cpp:
4981 (JSC::LLInt::handleHostCall):
4984 * runtime/Error.cpp:
4985 (JSC::addErrorInfo):
4990 2012-04-16 Oliver Hunt <oliver@apple.com>
4992 Exception stack traces aren't complete when the exception starts in native code
4993 https://bugs.webkit.org/show_bug.cgi?id=84073
4995 Reviewed by Gavin Barraclough.
4997 Refactored building the stack trace to so that we can construct
4998 it earlier, and don't rely on any prior work performed in the
4999 exception handling machinery. Also updated LLInt and the DFG to
5000 completely initialise the callframes of host function calls.
5002 * bytecode/CodeBlock.h:
5003 (JSC::CodeBlock::codeOriginIndexForReturn):
5005 * dfg/DFGOperations.cpp:
5006 * interpreter/Interpreter.cpp:
5007 (JSC::Interpreter::getStackTrace):
5008 (JSC::Interpreter::addStackTraceIfNecessary):
5010 (JSC::Interpreter::throwException):
5011 * interpreter/Interpreter.h:
5014 (JSC::DEFINE_STUB_FUNCTION):
5017 * llint/LLIntSlowPaths.cpp:
5018 (JSC::LLInt::handleHostCall):
5021 * runtime/Error.cpp:
5022 (JSC::addErrorInfo):
5027 2012-04-16 Oliver Hunt <oliver@apple.com>
5029 Fix COMMANDLINE_TYPEDARRAYS build
5030 https://bugs.webkit.org/show_bug.cgi?id=84051
5032 Reviewed by Gavin Barraclough.
5034 Update for new putByIndex API and wtf changes.
5036 * JSCTypedArrayStubs.h:
5039 2012-04-16 Mark Hahnenberg <mhahnenberg@apple.com>
5041 GC in the middle of JSObject::allocatePropertyStorage can cause badness
5042 https://bugs.webkit.org/show_bug.cgi?id=83839
5044 Reviewed by Geoffrey Garen.
5046 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
5047 * jit/JITStubs.cpp: Making changes to use the new return value of growPropertyStorage.
5048 (JSC::DEFINE_STUB_FUNCTION):
5049 * runtime/JSObject.cpp:
5050 (JSC::JSObject::growPropertyStorage): Renamed to more accurately reflect that we're
5051 growing our already-existing PropertyStorage.
5052 * runtime/JSObject.h:
5054 (JSC::JSObject::setPropertyStorage): "Atomically" sets the new property storage
5055 and the new structure so that we can be sure a GC never occurs when our Structure
5056 info is out of sync with our PropertyStorage.
5058 (JSC::JSObject::putDirectInternal): Moved the check to see if we should
5059 allocate more backing store before the actual property insertion into
5061 (JSC::JSObject::putDirectWithoutTransition): Ditto.
5062 (JSC::JSObject::transitionTo): Ditto.
5063 * runtime/Structure.cpp:
5064 (JSC::Structure::suggestedNewPropertyStorageSize): Added to keep the resize policy
5065 for property backing stores contained within the Structure class.
5067 * runtime/Structure.h:
5068 (JSC::Structure::shouldGrowPropertyStorage): Lets clients know if another insertion
5069 into the Structure would require resizing the property backing store so that they can
5070 preallocate the required storage.
5073 2012-04-13 Sheriff Bot <webkit.review.bot@gmail.com>
5075 Unreviewed, rolling out r114185.
5076 http://trac.webkit.org/changeset/114185
5077 https://bugs.webkit.org/show_bug.cgi?id=83967
5079 Broke a bunch of JavaScript related tests (Requested by
5080 andersca on #webkit).
5082 * runtime/ArrayPrototype.cpp:
5083 (JSC::arrayProtoFuncToString):
5084 (JSC::arrayProtoFuncToLocaleString):
5085 * runtime/CommonIdentifiers.h:
5086 * tests/mozilla/ecma/Array/15.4.4.2.js:
5089 2012-04-13 Gavin Barraclough <barraclough@apple.com>
5091 Don't rely on fixed offsets to patch calls
5092 https://bugs.webkit.org/show_bug.cgi?id=83966
5094 Rubber stamped by Oliver Hunt.
5096 These aren't being used anywhere!
5100 (JSC::JIT::compileOpCall):
5101 * jit/JITCall32_64.cpp:
5102 (JSC::JIT::compileOpCall):
5104 2012-04-13 Hojong Han <hojong.han@samsung.com>
5106 Array.prototype.toString and Array.prototype.toLocaleString should be generic
5107 https://bugs.webkit.org/show_bug.cgi?id=81588
5109 Reviewed by Gavin Barraclough.
5111 * runtime/ArrayPrototype.cpp:
5112 (JSC::arrayProtoFuncToString):
5113 (JSC::arrayProtoFuncToLocaleString):
5114 * runtime/CommonIdentifiers.h:
5115 * tests/mozilla/ecma/Array/15.4.4.2.js:
5116 (getTestCases.array.item.new.TestCase):
5119 2012-04-13 Gavin Barraclough <barraclough@apple.com>
5121 Don't rely on fixed offsets to patch method checks
5122 https://bugs.webkit.org/show_bug.cgi?id=83958
5124 Reviewed by Oliver Hunt.
5126 * bytecode/StructureStubInfo.h:
5127 - Add fields for the method check info.
5129 (JSC::PropertyStubCompilationInfo::copyToStubInfo):
5130 - Store the offsets on the stub info, instead of asserting.
5132 - Delete all the method check related offsets.
5133 * jit/JITPropertyAccess.cpp:
5134 (JSC::JIT::patchMethodCallProto):
5135 - Use the offset from the stubInfo.
5137 (JSC::DEFINE_STUB_FUNCTION):
5138 - Pass the stubInfo to patchMethodCallProto.
5140 2012-04-13 Gavin Barraclough <barraclough@apple.com>
5142 Don't rely on fixed offsets to patch get_by_id/put_by_id
5143 https://bugs.webkit.org/show_bug.cgi?id=83924
5145 Reviewed by Oliver Hunt.
5147 Store offsets in the structure stub info, as we do for the DFG JIT.
5149 * assembler/AbstractMacroAssembler.h:
5150 (JSC::AbstractMacroAssembler::differenceBetween):
5151 - this method can be static (now used from PropertyStubCompilationInfo::copyToStubInfo, will be removed soon!)
5152 * bytecode/StructureStubInfo.h:
5153 - added new fields for baseline JIT offsets.
5155 (JSC::PropertyStubCompilationInfo::copyToStubInfo):
5156 - moved out from JIT::privateCompile.
5157 (JSC::JIT::privateCompile):
5158 - moved out code to PropertyStubCompilationInfo::copyToStubInfo.
5160 (PropertyStubCompilationInfo):
5161 - added helper functions to initializae PropertyStubCompilationInfo, state to store more offset info.
5162 - removed many offsets.
5163 * jit/JITPropertyAccess.cpp:
5164 (JSC::JIT::emit_op_method_check):
5165 (JSC::JIT::compileGetByIdHotPath):
5166 (JSC::JIT::compileGetByIdSlowCase):
5167 (JSC::JIT::emit_op_put_by_id):
5168 (JSC::JIT::emitSlow_op_put_by_id):
5169 (JSC::JIT::patchGetByIdSelf):
5170 (JSC::JIT::patchPutByIdReplace):
5171 (JSC::JIT::privateCompilePatchGetArrayLength):
5172 (JSC::JIT::privateCompileGetByIdProto):
5173 (JSC::JIT::privateCompileGetByIdSelfList):
5174 (JSC::JIT::privateCompileGetByIdProtoList):
5175 (JSC::JIT::privateCompileGetByIdChainList):
5176 (JSC::JIT::privateCompileGetByIdChain):
5177 (JSC::JIT::resetPatchGetById):
5178 (JSC::JIT::resetPatchPutById):
5179 - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
5180 - changed repatch functions to read offsets from the structure stub info.
5181 * jit/JITPropertyAccess32_64.cpp:
5182 (JSC::JIT::emit_op_method_check):
5183 (JSC::JIT::compileGetByIdHotPath):
5184 (JSC::JIT::compileGetByIdSlowCase):
5185 (JSC::JIT::emit_op_put_by_id):
5186 (JSC::JIT::emitSlow_op_put_by_id):
5187 (JSC::JIT::patchGetByIdSelf):
5188 (JSC::JIT::patchPutByIdReplace):
5189 (JSC::JIT::privateCompilePatchGetArrayLength):
5190 (JSC::JIT::privateCompileGetByIdProto):
5191 (JSC::JIT::privateCompileGetByIdSelfList):
5192 (JSC::JIT::privateCompileGetByIdProtoList):
5193 (JSC::JIT::privateCompileGetByIdChainList):
5194 (JSC::JIT::privateCompileGetByIdChain):
5195 (JSC::JIT::resetPatchGetById):
5196 (JSC::JIT::resetPatchPutById):
5197 - changed code generation to use new interface to store info on PropertyStubCompilationInfo.
5198 - changed repatch functions to read offsets from the structure stub info.
5200 2012-04-13 Rob Buis <rbuis@rim.com>
5202 Fix some compiler warnings (miscellaneous)
5203 https://bugs.webkit.org/show_bug.cgi?id=80790
5205 Reviewed by Antonio Gomes.
5207 Fix signed/unsigned comparison warning.
5212 2012-04-12 Benjamin Poulain <bpoulain@apple.com>
5214 Improve replaceUsingStringSearch() for case of a single character searchValue
5215 https://bugs.webkit.org/show_bug.cgi?id=83738
5217 Reviewed by Geoffrey Garen.
5219 This patch improves replaceUsingStringSearch() with the following:
5220 -Add a special case for single character search, taking advantage of the faster WTF::find().
5221 -Inline replaceUsingStringSearch().
5222 -Use StringImpl::create() instead of UString::substringSharingImpl() since we know we are in the bounds
5225 This gives less than 1% improvement for the multicharacter replace.
5226 The single character search show about 9% improvement.
5228 * runtime/StringPrototype.cpp:
5229 (JSC::replaceUsingStringSearch):
5231 2012-04-12 Michael Saboff <msaboff@apple.com>
5233 StructureStubInfo::reset() causes leaks of PolymorphicAccessStructureList and ExecutableMemoryHandle objects
5234 https://bugs.webkit.org/show_bug.cgi?id=83823
5236 Reviewed by Gavin Barraclough.
5238 Put the clearing of the accessType to after the call to deref() so that
5239 deref() can use the accessType to delete referenced objects as needed.
5241 * bytecode/StructureStubInfo.h:
5242 (JSC::StructureStubInfo::reset):
5244 2012-04-12 Balazs Kelemen <kbalazs@webkit.org>
5246 [Qt] Fix WebKit1 build with V8
5247 https://bugs.webkit.org/show_bug.cgi?id=83322
5249 Reviewed by Adam Barth.
5253 2012-04-12 Gavin Barraclough <barraclough@apple.com>
5255 https://bugs.webkit.org/show_bug.cgi?id=83821
5256 Move dfg repatching properties of structure stub info into a union
5258 Reviewed by Oliver Hunt.
5260 We want to be able to have similar properties for the baseline JIT, some restructuring to prepare for this.
5262 * bytecode/StructureStubInfo.h:
5263 (StructureStubInfo):
5264 * dfg/DFGJITCompiler.cpp:
5265 (JSC::DFG::JITCompiler::link):
5266 * dfg/DFGRepatch.cpp:
5267 (JSC::DFG::dfgRepatchByIdSelfAccess):
5268 (JSC::DFG::linkRestoreScratch):
5269 (JSC::DFG::generateProtoChainAccessStub):
5270 (JSC::DFG::tryCacheGetByID):
5271 (JSC::DFG::tryBuildGetByIDList):
5272 (JSC::DFG::tryBuildGetByIDProtoList):
5273 (JSC::DFG::emitPutReplaceStub):
5274 (JSC::DFG::emitPutTransitionStub):
5275 (JSC::DFG::tryCachePutByID):
5276 (JSC::DFG::tryBuildPutByIdList):
5277 (JSC::DFG::dfgResetGetByID):
5278 (JSC::DFG::dfgResetPutByID):
5280 2012-04-12 Gavin Barraclough <barraclough@apple.com>
5282 Delete a bunch of unused, copy & pasted values in JIT.h
5283 https://bugs.webkit.org/show_bug.cgi?id=83822
5285 Reviewed by Oliver Hunt.
5287 The only architecture we support the JSVALUE64 JIT on is x86-64, all the patch offsets for other architectures are just nonsense.
5292 2012-04-12 Csaba Osztrogonác <ossy@webkit.org>
5294 [Qt][ARM] Buildfix after r113934.
5296 Reviewed by Zoltan Herczeg.
5298 * assembler/MacroAssemblerARM.h:
5299 (JSC::MacroAssemblerARM::compare8):
5300 (MacroAssemblerARM):
5302 2012-04-11 Filip Pizlo <fpizlo@apple.com>
5304 It is incorrect to short-circuit Branch(LogicalNot(@a)) if boolean speculations on @a may fail
5305 https://bugs.webkit.org/show_bug.cgi?id=83744
5306 <rdar://problem/11206946>
5308 Reviewed by Andy Estes.
5310 This does the conservative thing: it only short-circuits Branch(LogicalNot(@a)) if @a is a node
5311 that is statically known to return boolean results.
5313 * dfg/DFGFixupPhase.cpp:
5314 (JSC::DFG::FixupPhase::fixupNode):
5316 2012-04-11 Michael Saboff <msaboff@apple.com>
5318 Invalid Union Reference in StructureStubInfo.{cpp.h}
5319 https://bugs.webkit.org/show_bug.cgi?id=83735
5321 Reviewed by Filip Pizlo.
5323 Changed the references to u.getByIdProtoList and u.getByIdSelfList
5326 * bytecode/StructureStubInfo.cpp:
5327 (JSC::StructureStubInfo::visitWeakReferences):
5328 * bytecode/StructureStubInfo.h:
5329 (JSC::StructureStubInfo::initGetByIdSelfList):
5331 2012-04-11 Filip Pizlo <fpizlo@apple.com>
5333 Unreviewed attempting to make Qt's eccentric hardware work.
5335 * assembler/MacroAssemblerARM.h:
5336 (JSC::MacroAssemblerARM::compare8):
5337 (MacroAssemblerARM):
5338 * assembler/MacroAssemblerMIPS.h:
5339 (JSC::MacroAssemblerMIPS::compare8):
5340 (MacroAssemblerMIPS):
5341 * assembler/MacroAssemblerSH4.h:
5342 (JSC::MacroAssemblerSH4::compare8):
5343 (MacroAssemblerSH4):
5345 2012-04-11 Filip Pizlo <fpizlo@apple.com>
5347 op_is_foo should be optimized
5348 https://bugs.webkit.org/show_bug.cgi?id=83666
5350 Reviewed by Gavin Barraclough.
5352 This implements inlining of op_is_undefined, op_is_string, op_is_number,
5353 and op_is_boolean in LLInt and the baseline JIT. op_is_object and
5354 op_is_function are not inlined because they are quite a bit more complex.
5356 This also implements all of the op_is_foo opcodes in the DFG, but it does
5357 not do any type profiling based optimizations, yet.
5359 * assembler/MacroAssemblerARMv7.h:
5360 (JSC::MacroAssemblerARMv7::compare8):
5361 (MacroAssemblerARMv7):
5362 * assembler/MacroAssemblerX86Common.h:
5363 (JSC::MacroAssemblerX86Common::compare8):
5364 (MacroAssemblerX86Common):
5365 * assembler/MacroAssemblerX86_64.h:
5366 (MacroAssemblerX86_64):
5367 (JSC::MacroAssemblerX86_64::testPtr):
5368 * dfg/DFGAbstractState.cpp:
5369 (JSC::DFG::AbstractState::execute):
5370 * dfg/DFGByteCodeParser.cpp:
5371 (JSC::DFG::ByteCodeParser::parseBlock):
5372 * dfg/DFGCCallHelpers.h:
5373 (JSC::DFG::CCallHelpers::setupArguments):
5375 * dfg/DFGCSEPhase.cpp:
5376 (JSC::DFG::CSEPhase::performNodeCSE):
5377 * dfg/DFGCapabilities.h:
5378 (JSC::DFG::canCompileOpcode):
5379 * dfg/DFGNodeType.h:
5381 * dfg/DFGOperations.cpp:
5382 * dfg/DFGOperations.h:
5383 * dfg/DFGPredictionPropagationPhase.cpp:
5384 (JSC::DFG::PredictionPropagationPhase::propagate):
5385 * dfg/DFGSpeculativeJIT.h:
5386 (JSC::DFG::SpeculativeJIT::callOperation):
5387 (JSC::DFG::SpeculativeJIT::appendCallSetResult):
5388 * dfg/DFGSpeculativeJIT32_64.cpp:
5389 (JSC::DFG::SpeculativeJIT::compile):
5390 * dfg/DFGSpeculativeJIT64.cpp:
5391 (JSC::DFG::SpeculativeJIT::compile):
5393 (JSC::JIT::privateCompileMainPass):
5396 * jit/JITOpcodes.cpp:
5397 (JSC::JIT::emit_op_is_undefined):
5399 (JSC::JIT::emit_op_is_boolean):
5400 (JSC::JIT::emit_op_is_number):
5401 (JSC::JIT::emit_op_is_string):
5402 * jit/JITOpcodes32_64.cpp:
5403 (JSC::JIT::emit_op_is_undefined):
5405 (JSC::JIT::emit_op_is_boolean):
5406 (JSC::JIT::emit_op_is_number):
5407 (JSC::JIT::emit_op_is_string):
5410 * llint/LLIntSlowPaths.cpp:
5412 * llint/LLIntSlowPaths.h:
5414 * llint/LowLevelInterpreter.asm:
5415 * llint/LowLevelInterpreter32_64.asm:
5416 * llint/LowLevelInterpreter64.asm:
5417 * offlineasm/armv7.rb:
5418 * offlineasm/instructions.rb:
5419 * offlineasm/x86.rb:
5421 2012-04-11 Filip Pizlo <fpizlo@apple.com>
5423 If you use an IntegerOperand and want to return it with integerResult, you need to
5424 zero extend to get rid of the box
5425 https://bugs.webkit.org/show_bug.cgi?id=83734
5426 <rdar://problem/11232296>
5428 Reviewed by Oliver Hunt.
5430 * dfg/DFGSpeculativeJIT64.cpp:
5431 (JSC::DFG::SpeculativeJIT::fillInteger):
5432 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
5434 2012-04-11 Filip Pizlo <fpizlo@apple.com>
5436 SpeculativeJIT::fillStorage() should work with all the states that a cell may be in
5437 https://bugs.webkit.org/show_bug.cgi?id=83722
5439 Reviewed by Gavin Barraclough.
5441 It's now possible to do StorageOperand on a cell, in the case that the storage is
5442 inline. But this means that fillStorage() must be able to handle all of the states
5443 that a cell might be in. Previously it didn't.
5445 With this change, it now does handle all of the states, and moreover, it does so
5446 by preserving the DataFormat of cells and performing all of the cell speculations
5447 that should be performed if you're using a cell as storage. But if you use this on
5448 something that is known to be storage already then it behaves as it did before.
5450 * dfg/DFGSpeculativeJIT.cpp:
5451 (JSC::DFG::SpeculativeJIT::fillStorage):
5453 2012-04-11 Filip Pizlo <fpizlo@apple.com>
5455 Global variable predictions should not be coalesced unnecessarily
5456 https://bugs.webkit.org/show_bug.cgi?id=83678
5458 Reviewed by Geoff Garen.
5460 Removed the PredictionTracker and everyone who used it. Converted GetGlobalVar
5461 to have a heapPrediction like a civilized DFG opcode ought to.
5463 No performance effect.
5465 * GNUmakefile.list.am:
5466 * JavaScriptCore.xcodeproj/project.pbxproj:
5467 * bytecode/CodeBlock.h:
5468 * bytecode/PredictionTracker.h: Removed.
5469 * dfg/DFGByteCodeParser.cpp:
5470 (JSC::DFG::ByteCodeParser::parseBlock):
5471 * dfg/DFGGenerationInfo.h:
5473 (JSC::DFG::Graph::dump):
5477 (JSC::DFG::Node::hasHeapPrediction):
5478 * dfg/DFGPredictionPropagationPhase.cpp:
5479 (JSC::DFG::PredictionPropagationPhase::propagate):
5481 2012-04-11 Benjamin Poulain <bpoulain@apple.com>
5483 Optimize String.split() for 1 character separator
5484 https://bugs.webkit.org/show_bug.cgi?id=83546
5486 Reviewed by Gavin Barraclough.
5488 This patch adds a serie of optimizations to make stringProtoFuncSplit() faster in the common case
5489 where the separator is a single character.
5491 The two main gains are:
5492 -Use of the find() function with a single character instead of doing a full string matching.
5493 -Use of WTF::find() instead of UString::find() to avoid branching on is8Bit() and have a simpler inline
5496 The code is also changed to avoid making unnecessary allocations by converting the 8bit string to 16bits.
5498 This makes String.split() faster by about 13% in that particular case.
5500 * runtime/StringPrototype.cpp:
5502 (JSC::splitStringByOneCharacterImpl):
5503 (JSC::stringProtoFuncSplit):
5505 2012-04-10 Carlos Garcia Campos <cgarcia@igalia.com>
5507 Unreviewed. Fix make distcheck issues.
5509 * GNUmakefile.list.am: Ad missing files.
5511 2012-04-10 Mark Rowe <mrowe@apple.com>
5513 Attempt to fix the Windows build.
5515 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
5517 2012-04-10 Patrick Gansterer <paroga@webkit.org>
5519 Cleanup wtf/Platform.h and config.h files
5520 https://bugs.webkit.org/show_bug.cgi?id=83431
5522 Reviewed by Eric Seidel.
5524 The ENABLE() and USE() macros take care about the case when the flag
5525 isn't defined. So there is no need to define anything with 0.
5527 Also move duplicated code from the config.h files to Platform.h and
5528 merge a few preprocessor commands to make the file more readable.
5532 2012-04-10 Filip Pizlo <fpizlo@apple.com>
5534 DFG should flush SetLocals to arguments
5535 https://bugs.webkit.org/show_bug.cgi?id=83554
5537 Reviewed by Gavin Barraclough.
5539 This is necessary to match baseline JIT argument capture behavior.
5541 But to make this work right we need to have a story for arguments into
5542 which we store values of different formats. This patch introduces the
5543 notion of an ArgumentPosition - i.e. an argument in a particular inline
5544 call frame - and forces unification of all data pertinent to selecting
5545 the argument's data format.
5547 Also fixed an amusing bug in the handling of OSR on SetLocals if there
5548 was any insertion/deletion of nodes in the basic block. This is benign
5549 for now but won't be eventually since the DFG is getting smarter. So
5552 Also fixed an amusing bug in the handling of OSR on SetLocals if they
5553 are immediately followed by a Flush. I think this bug might have always
5554 been there but now it'll happen more commonly, and it's covered by the
5555 run-javascriptcore-tests.
5557 * JavaScriptCore.xcodeproj/project.pbxproj:
5558 * dfg/DFGAbstractState.cpp:
5559 (JSC::DFG::AbstractState::execute):
5560 * dfg/DFGArgumentPosition.h: Added.
5563 (JSC::DFG::ArgumentPosition::ArgumentPosition):
5564 (JSC::DFG::ArgumentPosition::addVariable):
5565 (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
5566 * dfg/DFGByteCodeParser.cpp:
5567 (JSC::DFG::ByteCodeParser::setLocal):
5568 (JSC::DFG::ByteCodeParser::setArgument):
5570 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
5571 * dfg/DFGDoubleFormatState.h: Added.
5573 (JSC::DFG::mergeDoubleFormatStates):
5574 (JSC::DFG::mergeDoubleFormatState):
5575 (JSC::DFG::doubleFormatStateToString):
5578 * dfg/DFGPredictionPropagationPhase.cpp:
5579 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
5580 * dfg/DFGSpeculativeJIT32_64.cpp:
5581 (JSC::DFG::SpeculativeJIT::compile):
5582 * dfg/DFGSpeculativeJIT64.cpp:
5583 (JSC::DFG::SpeculativeJIT::compile):
5584 * dfg/DFGVariableAccessData.h:
5585 (JSC::DFG::VariableAccessData::VariableAccessData):
5586 (JSC::DFG::VariableAccessData::predict):
5587 (JSC::DFG::VariableAccessData::argumentAwarePrediction):
5588 (VariableAccessData):
5589 (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
5590 (JSC::DFG::VariableAccessData::doubleFormatState):
5591 (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
5592 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
5593 (JSC::DFG::VariableAccessData::mergeDoubleFormatState):
5594 (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
5596 2012-04-10 Adam Klein <adamk@chromium.org>
5598 Remove unused NonNullPassRefPtr from WTF
5599 https://bugs.webkit.org/show_bug.cgi?id=82389
5601 Reviewed by Kentaro Hara.
5603 * JavaScriptCore.order: Remove nonexistent symbols referencing NonNullPassRefPtr.
5605 2012-04-10 Darin Adler <darin@apple.com>
5607 Remove unused data member from Lexer class
5608 https://bugs.webkit.org/show_bug.cgi?id=83429
5610 Reviewed by Kentaro Hara.
5612 I noticed that m_delimited was "write-only", so I deleted it.
5615 (JSC::Lexer::setCode): Removed code to set m_delimited.
5616 (JSC::Lexer::parseIdentifier): Ditto.
5617 (JSC::Lexer::parseIdentifierSlowCase): Ditto.
5618 (JSC::Lexer::lex): Ditto.
5619 * parser/Lexer.h: Deleted m_delimited.
5621 2012-04-10 Patrick Gansterer <paroga@webkit.org>
5623 [CMake] Enable USE_FOLDERS property
5624 https://bugs.webkit.org/show_bug.cgi?id=83571
5626 Reviewed by Daniel Bates.
5628 Setting the FOLDER property on targets gives more structure
5629 to the generated Visual Studio solutions.
5630 This does not affect other CMake generators.
5633 * shell/CMakeLists.txt:
5635 2012-04-10 Filip Pizlo <fpizlo@apple.com>
5637 It should be possible to see why a code block was not compiled by the DFG
5638 https://bugs.webkit.org/show_bug.cgi?id=83553
5640 Reviewed by Geoff Garen.
5642 If DFG_ENABLE(DEBUG_VERBOSE) and a code block is rejected, then print the
5643 opcode that caused the rejection.
5645 * dfg/DFGCapabilities.cpp:
5646 (JSC::DFG::debugFail):
5648 (JSC::DFG::canHandleOpcodes):
5650 2012-04-09 Gavin Barraclough <barraclough@apple.com>
5652 If a callback constructor returns a C++ null, throw a type error.
5653 https://bugs.webkit.org/show_bug.cgi?id=83537
5655 Rubber Stamped by Geoff Garen.
5657 * API/JSCallbackConstructor.cpp:
5658 (JSC::constructJSCallback):
5659 - If a callback constructor returns a C++ null, throw a type error.
5660 * API/tests/testapi.c:
5661 (Base_returnHardNull):
5662 * API/tests/testapi.js:
5663 - Add a test case for callback constructors that return a C++ null.
5665 2012-04-09 Gavin Barraclough <barraclough@apple.com>
5667 If a callback function returns a C++ null, convert to undefined.
5668 https://bugs.webkit.org/show_bug.cgi?id=83534
5670 Reviewed by Geoff Garen.
5672 * API/JSCallbackFunction.cpp:
5673 - If a callback function returns a C++ null, convert to undefined.
5674 (JSC::JSCallbackFunction::call):
5675 * API/tests/testapi.c:
5676 (Base_returnHardNull):
5677 * API/tests/testapi.js:
5678 - Add a test case for callback functions that return a C++ null.
5680 2012-04-09 Filip Pizlo <fpizlo@apple.com>
5682 Classic interpreter's GC hooks shouldn't attempt to scan instructions for code blocks that
5683 are currently being generated
5684 https://bugs.webkit.org/show_bug.cgi?id=83531
5685 <rdar://problem/11215200>
5687 Reviewed by Gavin Barraclough.
5689 * bytecode/CodeBlock.cpp:
5690 (JSC::CodeBlock::stronglyVisitStrongReferences):
5692 2012-04-09 Filip Pizlo <fpizlo@apple.com>
5694 Unreviewed, modernize and clean up uses of ARM assembly mnemonics in inline asm blocks.
5696 * dfg/DFGOperations.cpp:
5698 * offlineasm/armv7.rb:
5700 2012-04-09 Patrick Gansterer <paroga@webkit.org>
5702 Remove HAVE_STDINT_H
5703 https://bugs.webkit.org/show_bug.cgi?id=83434
5705 Reviewed by Kentaro Hara.
5707 HAVE_STDINT_H is defined with 1 all the time and we us stdint.h without HAVE(STDINT_H) already.
5711 2012-04-08 Filip Pizlo <fpizlo@apple.com>
5713 DFG should not load the property storage if it is inline.
5714 https://bugs.webkit.org/show_bug.cgi?id=83455
5716 Reviewed by Gavin Barraclough.
5718 We had previously decided to have all property storage accesses go through
5719 the property storage pointer even if they don't "really" have to, because
5720 we were thinking this would help GC barriers somehow. Well, we never ended
5721 up doing anything with that. Hence, doing these wasted loads of the
5722 property storage pointer when the storage is inline is just a waste of CPU
5725 This change makes the DFG's inline property accesses (GetByOffset and
5726 PutByOffset) go directly to the inline property storage if the structure(s)
5727 tell us that it's OK.
5729 This looks like an across-the-board 1% win.
5731 * bytecode/StructureSet.h:
5733 (JSC::StructureSet::allAreUsingInlinePropertyStorage):
5735 * dfg/DFGByteCodeParser.cpp:
5736 (JSC::DFG::ByteCodeParser::parseBlock):
5737 * dfg/DFGSpeculativeJIT.cpp:
5738 (JSC::DFG::SpeculativeJIT::fillStorage):
5740 2012-04-08 Filip Pizlo <fpizlo@apple.com>
5742 Command-line jsc's exception handling should be rationalized
5743 https://bugs.webkit.org/show_bug.cgi?id=83437
5745 Reviewed by Dan Bernstein.
5747 - If an exception is thrown during run() execution, it is now propagated,
5748 so that it will terminate program execution unless it is caught.
5750 - If program execution terminates with an exception, the exception is now
5753 - When printing the exception, the backtrace is now also printed if one is
5754 available. It will only not be available if you use something akin to my
5755 favorite line of code, 'throw "error"', since primitives don't have
5756 properties and hence we cannot attach a "stack" property to them.
5762 2012-04-04 Filip Pizlo <fpizlo@apple.com>
5764 Forced OSR exits should lead to recompilation based on count, not rate
5765 https://bugs.webkit.org/show_bug.cgi?id=83247
5766 <rdar://problem/10720925>
5768 Reviewed by Geoff Garen.
5770 Track which OSR exits happen because of inadequate coverage. Count them
5771 separately. If the count reaches a threshold, immediately trigger
5774 This is in contrast to the recompilation trigger for all other OSR exits.
5775 Normally recomp is triggered when the exit rate exceeds a certain ratio.
5777 Looks like a slight V8 speedup (sub 1%).
5779 * bytecode/CodeBlock.cpp:
5780 (JSC::CodeBlock::CodeBlock):
5781 * bytecode/CodeBlock.h:
5782 (JSC::CodeBlock::forcedOSRExitCounter):
5783 (JSC::CodeBlock::addressOfForcedOSRExitCounter):
5784 (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
5785 (JSC::CodeBlock::shouldReoptimizeNow):
5786 (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
5788 * bytecode/DFGExitProfile.h:
5789 (JSC::DFG::exitKindToString):
5790 * dfg/DFGOSRExitCompiler.cpp:
5791 (JSC::DFG::OSRExitCompiler::handleExitCounts):
5793 * dfg/DFGOSRExitCompiler.h:
5795 * dfg/DFGOSRExitCompiler32_64.cpp:
5796 (JSC::DFG::OSRExitCompiler::compileExit):
5797 * dfg/DFGOSRExitCompiler64.cpp:
5798 (JSC::DFG::OSRExitCompiler::compileExit):
5799 * dfg/DFGOperations.cpp:
5800 * dfg/DFGSpeculativeJIT.cpp:
5801 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
5802 * dfg/DFGSpeculativeJIT32_64.cpp:
5803 (JSC::DFG::SpeculativeJIT::compile):
5804 * dfg/DFGSpeculativeJIT64.cpp:
5805 (JSC::DFG::SpeculativeJIT::compile):
5806 * runtime/Options.cpp:
5808 (JSC::Options::initializeOptions):
5809 * runtime/Options.h:
5812 2012-04-06 Benjamin Poulain <bpoulain@apple.com>
5814 Do not abuse ArrayStorage's m_length for testing array consistency
5815 https://bugs.webkit.org/show_bug.cgi?id=83403
5817 Reviewed by Geoffrey Garen.
5819 Array creation from a list of values is a 3 steps process:
5820 -JSArray::tryCreateUninitialized()
5821 -JSArray::initializeIndex() for each values
5822 -JSArray::completeInitialization()
5824 Previously, the attribute m_length was not set to the final size
5825 JSArray::tryCreateUninitialized() because it was used to test the array
5826 consistency JSArray::initializeIndex().
5828 This caused the initialization loop using JSArray::initializeIndex() maintain
5831 -storage->m_length++
5833 This patch fixes this by using the index of the initialization loop for the indinces of
5834 JSArray::initializeIndex(). For testing consistency, the variable m_initializationIndex
5835 is introduced if CHECK_ARRAY_CONSISTENCY is defined.
5837 The patch also fixes minor unrelated build issue when CHECK_ARRAY_CONSISTENCY is defined.
5839 This improves the performance of JSArray creation from literals by 8%.
5841 * runtime/JSArray.cpp:
5842 (JSC::JSArray::tryFinishCreationUninitialized):
5843 (JSC::JSArray::checkConsistency):
5844 * runtime/JSArray.h:
5846 (JSC::JSArray::initializeIndex):
5847 (JSC::JSArray::completeInitialization):
5849 2012-04-06 Jon Lee <jonlee@apple.com>
5851 Build fix for Windows bots.
5853 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: export missing symbol.
5855 2012-04-06 Geoffrey Garen <ggaren@apple.com>
5860 HandleHeap => HandleSet
5862 Reviewed by Sam Weinig.
5864 These sets do have internal allocators, but it's confusing to call them
5865 heaps because they're sub-objects of an object called "heap".
5867 * heap/HandleHeap.cpp: Removed.
5868 * heap/HandleHeap.h: Removed.
5869 * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp.
5870 * heap/WeakHeap.cpp: Removed.
5871 * heap/WeakHeap.h: Removed.
5872 * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp.
5873 * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h.
5875 Plus global rename using grep.
5877 2012-04-06 Dan Bernstein <mitz@apple.com>
5879 <rdar://problem/10912476> HiDPI: Have canvas use a hidpi backing store, but downsample upon access
5881 Reviewed by Sam Weinig.
5883 * Configurations/FeatureDefines.xcconfig: Added ENABLE_HIGH_DPI_CANVAS.
5885 2012-04-06 Rob Buis <rbuis@rim.com>
5887 Fix cast-align warnings in JSC
5888 https://bugs.webkit.org/show_bug.cgi?id=80790
5890 Reviewed by George Staikos.
5892 * assembler/ARMv7Assembler.h:
5893 (JSC::ARMv7Assembler::computeJumpType):
5894 (JSC::ARMv7Assembler::link):
5895 * assembler/LinkBuffer.h:
5896 (JSC::LinkBuffer::linkCode):
5897 * heap/MarkStack.cpp:
5898 (JSC::SlotVisitor::copyAndAppend):
5899 * runtime/JSArray.cpp:
5900 (JSC::JSArray::visitChildren):
5901 * wtf/RefCountedArray.h:
5902 (WTF::RefCountedArray::Header::payload):
5904 2012-04-06 Darin Adler <darin@apple.com>
5906 Streamline strtod and fix some related problems
5907 https://bugs.webkit.org/show_bug.cgi?id=82857
5909 Reviewed by Geoffrey Garen.
5912 (JSC::Lexer<>::lex): Use parseDouble. Since we have already scanned the number
5913 and we know it has only correct characters, leading spaces, trailing junk, and
5914 trailing spaces are not a possibility. No need to add a trailing null character.
5916 * runtime/JSGlobalObjectFunctions.cpp:
5917 (JSC::parseInt): Changed overflow based 10 case to use parseDouble. No need
5918 to allow trailing junk since the code above already allows only numeric digits
5919 in the string. This code path is used only in unusual cases, so it's not
5920 optimized for 8-bit strings, but easily could be.
5921 (JSC::jsStrDecimalLiteral): Removed the allow trailing junk argument to this
5922 function template because all the callers are OK with trailing junk. Use the
5923 parseDouble function. No need to copy the data into a byte buffer, because
5924 parseDouble handles that.
5925 (JSC::toDouble): Got rid of the DisallowTrailingJunk argument to the
5926 jsStrDecimalLiteral function template. That's OK because this function
5927 already checks for trailing junk and handles it appropriately. The old code
5928 path was doing it twice.
5929 (JSC::parseFloat): Got rid of the AllowTrailingJunk argument to the
5930 jsStrDecimalLiteral function template; the template allows junk unconditionally.
5932 * runtime/LiteralParser.cpp:
5933 (JSC::::Lexer::lexNumber): Use parseDouble. Since we have already scanned the number
5934 and we know it has only correct characters, leading spaces, trailing junk, and
5935 trailing spaces are not a possibility. No need to add a trailing null character.
5936 No need to copy the data into a byte buffer, because parseDouble handles that.
5937 We could optimize the UChar case even more because we know all the characters
5938 are ASCII, but not doing that at this time.
5940 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Updated.
5942 2012-04-06 Patrick Gansterer <paroga@webkit.org>
5944 Remove JSC dependency from GregorianDateTime
5945 https://bugs.webkit.org/show_bug.cgi?id=83290
5947 Reviewed by Geoffrey Garen.
5949 This allows us to move it to WTF later.
5951 * runtime/DateConstructor.cpp:
5953 * runtime/JSDateMath.h:
5955 2012-04-05 Michael Saboff <msaboff@apple.com>
5957 Call Heap::discardAllCompiledCode() in low memory situations
5958 https://bugs.webkit.org/show_bug.cgi?id=83335
5960 Reviewed by Geoffrey Garen.
5962 Restructured Heap::discardAllCompiledCode() to do the "Is JavaScriptRunning?"
5963 check inline so that it can be called directly without this check.
5966 (JSC::Heap::discardAllCompiledCode):
5967 (JSC::Heap::collectAllGarbage):
5968 * heap/Heap.h: Added JS_EXPORT_PRIVATE to discardAllCompiledCode() so it can be
5969 called from WebCore.
5971 * runtime/JSGlobalData.h: Removed unused " void discardAllCompiledCode()" declaration.
5974 2012-04-05 Benjamin Poulain <bpoulain@apple.com>
5976 Speed up the conversion from JSValue to String for bulk operations
5977 https://bugs.webkit.org/show_bug.cgi?id=83243
5979 Reviewed by Geoffrey Garen.
5981 When making operations on primitive types, we loose some time converting
5982 values to JSString in order to extract the string.
5984 This patch speeds up some basic Array operations by avoiding the creation
5985 of intermediary JSString when possible.
5987 For the cases where we need to convert a lot of JSValue in a tight loop,
5988 an inline conversion is used.
5990 * runtime/ArrayPrototype.cpp:
5991 (JSC::arrayProtoFuncToString):
5992 (JSC::arrayProtoFuncToLocaleString):
5993 (JSC::arrayProtoFuncJoin):
5994 (JSC::arrayProtoFuncPush):
5995 (JSC::arrayProtoFuncSort):
5996 * runtime/CommonIdentifiers.h:
5997 * runtime/JSArray.cpp:
5998 (JSC::JSArray::sort):
5999 * runtime/JSString.h:
6000 (JSC::JSValue::toUString):
6002 (JSC::inlineJSValueNotStringtoUString):
6003 (JSC::JSValue::toUStringInline):
6004 * runtime/JSValue.cpp:
6005 (JSC::JSValue::toUStringSlowCase):
6007 * runtime/JSValue.h:
6010 2012-04-05 Benjamin Poulain <bpoulain@apple.com>
6012 Use QuickSort when sorting primitive values by string representation
6013 https://bugs.webkit.org/show_bug.cgi?id=83312
6015 Reviewed by Gavin Barraclough.
6017 When the value we are sorting are all primitive values, we do not need to
6018 ensure a stable sort as two values with equal string representation are
6019 indistinguishable from JavaScript.
6021 This gives about 16% performance increase when sorting primitive values.
6023 * runtime/JSArray.cpp:
6024 (JSC::JSArray::sort):
6026 2012-04-05 Oliver Hunt <oliver@apple.com>
6028 SIGILL in JavaScriptCore on a Geode processor
6029 https://bugs.webkit.org/show_bug.cgi?id=82496
6031 Reviewed by Gavin Barraclough.
6033 Don't attempt to use the DFG when SSE2 is not available.
6035 * dfg/DFGCapabilities.cpp:
6036 (JSC::DFG::canCompileOpcodes):
6038 2012-04-05 Oliver Hunt <oliver@apple.com>
6045 2012-04-05 Oliver Hunt <oliver@apple.com>
6047 Replace static_cast with jsCast when casting JSCell subclasses in JSC
6048 https://bugs.webkit.org/show_bug.cgi?id=83307
6050 Reviewed by Gavin Barraclough.
6052 Replace all usage of static_cast<JSCell subtype*> with jsCast<> in JavaScriptCore.
6053 This results in assertions when unsafe casts are performed, but simply leaves
6054 a static_cast<> in release builds.
6058 * API/JSCallbackConstructor.cpp:
6059 (JSC::constructJSCallback):
6060 * API/JSCallbackFunction.cpp:
6061 (JSC::JSCallbackFunction::call):
6062 * API/JSCallbackObjectFunctions.h:
6063 (JSC::::asCallbackObject):
6064 (JSC::::finishCreation):
6067 * API/JSObjectRef.cpp:
6068 (JSObjectGetPrivate):
6069 (JSObjectSetPrivate):
6070 (JSObjectGetPrivateProperty):
6071 (JSObjectSetPrivateProperty):
6072 (JSObjectDeletePrivateProperty):
6073 * API/JSValueRef.cpp:
6074 (JSValueIsObjectOfClass):
6075 * API/JSWeakObjectMapRefPrivate.cpp:
6076 * bytecompiler/BytecodeGenerator.cpp:
6077 (JSC::BytecodeGenerator::resolve):
6078 (JSC::BytecodeGenerator::resolveConstDecl):
6079 * debugger/DebuggerActivation.cpp:
6080 (JSC::DebuggerActivation::finishCreation):
6081 * dfg/DFGOperations.cpp:
6082 * interpreter/Interpreter.cpp:
6083 (JSC::Interpreter::execute):
6084 (JSC::Interpreter::privateExecute):
6086 (JSC::DEFINE_STUB_FUNCTION):
6087 * runtime/Executable.h:
6088 (JSC::isHostFunction):
6089 * runtime/JSActivation.h:
6090 (JSC::asActivation):
6091 * runtime/JSArray.cpp:
6092 (JSC::JSArray::defineOwnProperty):
6093 * runtime/JSArray.h:
6095 * runtime/JSBoundFunction.cpp:
6096 (JSC::boundFunctionCall):
6097 (JSC::boundFunctionConstruct):
6098 * runtime/JSByteArray.h:
6100 * runtime/JSCell.cpp:
6101 (JSC::JSCell::toObject):
6104 * runtime/JSGlobalObject.h:
6105 (JSC::asGlobalObject):
6106 * runtime/JSGlobalObjectFunctions.cpp:
6107 (JSC::globalFuncEval):
6108 * runtime/JSObject.cpp:
6109 (JSC::JSObject::setPrototypeWithCycleCheck):
6110 (JSC::JSObject::allowsAccessFrom):
6111 (JSC::JSObject::toThisObject):
6112 (JSC::JSObject::unwrappedObject):
6113 * runtime/JSObject.h:
6115 * runtime/JSPropertyNameIterator.h:
6116 (JSC::Register::propertyNameIterator):
6117 * runtime/JSString.h:
6119 (JSC::JSValue::toString):
6120 * runtime/StringPrototype.cpp:
6121 (JSC::stringProtoFuncSubstr):
6123 2012-04-05 Benjamin Poulain <bpoulain@apple.com>
6125 Make something faster than JSStringBuilder for joining an array of JSValue
6126 https://bugs.webkit.org/show_bug.cgi?id=83180
6128 Reviewed by Geoffrey Garen.
6130 This patch add the class JSStringJoiner optimized for join() operations.
6132 This class makes stricter constraints than JSStringBuilder in order avoid
6135 In the best case, the class allocate memory only twice:
6136 -Allocate an array to keep a list of UString to join.
6137 -Allocate the final string.
6139 We also avoid the conversion from 8bits strings to 16bits strings since
6140 they are costly and unlikly to help for subsequent calls.
6143 * GNUmakefile.list.am:
6144 * JavaScriptCore.gypi:
6145 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
6146 * JavaScriptCore.xcodeproj/project.pbxproj:
6148 * runtime/ArrayPrototype.cpp:
6149 (JSC::arrayProtoFuncToLocaleString):
6150 (JSC::arrayProtoFuncJoin):
6151 * runtime/JSStringJoiner.cpp: Added.
6153 (JSC::appendStringToData):
6155 (JSC::JSStringJoiner::build):
6156 * runtime/JSStringJoiner.h: Added.
6159 (JSC::JSStringJoiner::JSStringJoiner):
6160 (JSC::JSStringJoiner::append):
6162 2012-04-05 Gavin Barraclough <barraclough@apple.com>
6164 https://bugs.webkit.org/show_bug.cgi?id=77293
6167 Rubber stamped by Oliver Hunt.
6170 This does break the web - e.g. https://bvi.bnc.ca/index/bnc/indexen.html
6171 If we're going to reserve let, we're going to have to do so in a more
6172 circumspect fashion.
6174 * parser/Keywords.table:
6176 2012-04-05 Michael Saboff <msaboff@apple.com>
6178 Rolling out http://trac.webkit.org/changeset/113262.
6179 Original code was fine.
6181 Rubber-stamped by Oliver Hunt.
6183 * assembler/MacroAssembler.h:
6184 (JSC::MacroAssembler::additionBlindedConstant):
6186 2012-04-05 Patrick Gansterer <paroga@webkit.org>
6188 [WinCE] Remove unnecessary function decleration
6189 https://bugs.webkit.org/show_bug.cgi?id=83155
6191 Reviewed by Kentaro Hara.
6193 * runtime/JSDateMath.cpp:
6195 2012-04-04 Patrick Gansterer <paroga@webkit.org>
6197 Add WTF::getCurrentLocalTime()
6198 https://bugs.webkit.org/show_bug.cgi?id=83164
6200 Reviewed by Alexey Proskuryakov.
6202 Replace the calls to WTF::getLocalTime() with time(0) with the new function.
6203 This allows us to use Win32 API on windows to get the same result in a next step.
6205 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
6206 * runtime/DateConstructor.cpp:
6209 2012-04-04 Oliver Hunt <oliver@apple.com>
6211 Parser fails to revert some state after parsing expression and object literals.
6212 https://bugs.webkit.org/show_bug.cgi?id=83236
6214 Reviewed by Gavin Barraclough.
6216 Reset left hand side counter after parsing the literals.
6218 * parser/Parser.cpp:
6219 (JSC::::parseObjectLiteral):
6220 (JSC::::parseStrictObjectLiteral):
6221 (JSC::::parseArrayLiteral):
6223 2012-04-04 Filip Pizlo <fpizlo@apple.com>
6225 DFG InstanceOf should not uselessly speculate cell
6226 https://bugs.webkit.org/show_bug.cgi?id=83234
6228 Reviewed by Oliver Hunt.
6230 If InstanceOf is the only user of its child then don't speculate cell, since
6231 the not-cell case is super easy to handle.
6233 * dfg/DFGSpeculativeJIT.cpp:
6234 (JSC::DFG::SpeculativeJIT::compileInstanceOf):
6236 2012-04-04 Michael Saboff <msaboff@apple.com>
6238 Fixed minor error: "& 3" should be "& 2".
6240 Rubber-stamped by Oliver Hunt.
6242 * assembler/MacroAssembler.h:
6243 (JSC::MacroAssembler::additionBlindedConstant):
6245 2012-04-04 Michael Saboff <msaboff@apple.com>
6247 Constant Blinding for add/sub immediate crashes in ArmV7 when dest is SP
6248 https://bugs.webkit.org/show_bug.cgi?id=83191
6250 Reviewed by Oliver Hunt.
6252 Make are that blinded constant pairs are similarly aligned to the
6253 original immediate values so that instructions that expect that
6254 alignment work correctly. One example is ARMv7 add/sub imm to SP.
6256 * assembler/ARMv7Assembler.h:
6257 (JSC::ARMv7Assembler::add): Added ASSERT that immediate is word aligned.
6258 (JSC::ARMv7Assembler::sub): Added ASSERT that immediate is word aligned.
6259 (JSC::ARMv7Assembler::sub_S): Added ASSERT that immediate is word aligned.
6260 * assembler/MacroAssembler.h:
6261 (JSC::MacroAssembler::additionBlindedConstant):
6263 2012-04-04 Filip Pizlo <fpizlo@apple.com>
6265 DFG should short-circuit Branch(LogicalNot(...))
6266 https://bugs.webkit.org/show_bug.cgi?id=83181
6268 Reviewed by Geoff Garen.
6270 Slight (sub 1%) speed-up on V8.
6272 * dfg/DFGFixupPhase.cpp:
6273 (JSC::DFG::FixupPhase::fixupNode):
6275 2012-04-04 Geoffrey Garen <ggaren@apple.com>
6277 [Qt] REGRESSION(r113141): All tests assert on 32 bit debug mode
6278 https://bugs.webkit.org/show_bug.cgi?id=83139
6280 Reviewed by Sam Weinig.
6283 (JSC::::get): 32-bit JSValue treats JSValue(nullptr).asCell() as an error,
6284 so work around that here. (Long-term, we should make 32-bit and 64-bit
6285 agree on the right behavior.)
6287 2012-04-03 Geoffrey Garen <ggaren@apple.com>
6289 Updated JSC expected test results to reflect recent bug fixes <disapproving look>.
6291 Reviewed by Sam Weinig.
6293 * tests/mozilla/expected.html:
6295 2012-03-29 Geoffrey Garen <ggaren@apple.com>
6297 First step toward incremental Weak<T> finalization
6298 https://bugs.webkit.org/show_bug.cgi?id=82670
6300 Reviewed by Filip Pizlo.
6302 This patch implements a Weak<T> heap that is compatible with incremental
6303 finalization, while making as few behavior changes as possible. The behavior
6304 changes it makes are:
6306 (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
6307 instead, a separate flag indicates that the JSValue is no longer valid.
6308 (This is required so that the JSValue can be preserved for later finalization.)
6309 Objects dealing with WeakImpls directly must change to check the flag.
6311 (*) Weak<T> is no longer a subclass of Handle<T>.
6313 (*) DOM GC performance is different -- 9% faster in the geometric mean,
6314 but 15% slower in one specific case:
6315 gc-dom1.html: 6% faster
6316 gc-dom2.html: 23% faster
6317 gc-dom3.html: 17% faster
6318 gc-dom4.html: 15% *slower*
6320 The key features of this new heap are:
6322 (*) Each block knows its own state, independent of any other blocks.
6324 (*) Each block caches its own sweep result.
6326 (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
6327 mark them yet, since that would be a behavior change.)
6329 * API/JSCallbackObject.cpp:
6330 (JSC::JSCallbackObjectData::finalize):
6331 * API/JSCallbackObjectFunctions.h:
6332 (JSC::::init): Updated to use the new WeakHeap API.
6335 * GNUmakefile.list.am:
6336 * JavaScriptCore.gypi:
6337 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
6338 * JavaScriptCore.xcodeproj/project.pbxproj:
6339 * Target.pri: Paid the build system tax since I added some new files.
6341 * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
6342 so we can keep passing a Handle<T> to finalizers, to avoid more surface
6343 area change in this patch. A follow-up patch should change the type we
6346 * heap/HandleHeap.cpp:
6348 (JSC::HandleHeap::writeBarrier):
6349 (JSC::HandleHeap::isLiveNode):
6350 * heap/HandleHeap.h:
6354 (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
6355 we have a separate WeakHeap now.
6358 (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
6359 for through our watermark now. Removed m_waterMark because it was unused.
6361 (JSC::Heap::destroy): Updated for addition of WeakHeap.
6363 (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
6364 variable to participating in the watermark strategy. I wanted to standardize
6365 WeakHeap and all other Heap clients on this strategy, to make sure it's
6368 (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
6369 dead visit pass, as explained above.
6371 (JSC::Heap::collect):
6372 (JSC::Heap::resetAllocators): Updated for addition of WeakHeap.
6374 (JSC::Heap::addFinalizer):
6375 (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.
6378 (JSC::Heap::weakHeap):
6380 (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
6381 strategy, since this is the best way for WeakHeap to report its memory
6382 cost. (I plan to update this in a follow-up patch to make it more accurate,
6383 but for now it is not less accurate than it used to be.)
6385 * heap/MarkedSpace.cpp:
6386 (JSC::MarkedSpace::MarkedSpace):
6387 (JSC::MarkedSpace::resetAllocators):
6388 * heap/MarkedSpace.h:
6390 (JSC::MarkedSpace::addToWaterMark):
6391 (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
6392 it was unused, and I didn't want to update WeakHeap to keep an usused
6393 variable working. Added API for above.
6404 (JSC::UnspecifiedBoolType):
6408 (JSC::Strong::operator!):
6410 (JSC::Strong::operator UnspecifiedBoolType*):
6416 (JSC::::isHashTableDeletedValue):
6421 (JSC::UnspecifiedBoolType):
6424 (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
6427 (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.
6429 (*) Explicitly check WeakImpl::state() for non-liveness before returning
6430 a value (explained above).
6432 These files implement the new Weak<T> heap behavior described above:
6434 * heap/WeakBlock.cpp: Added.
6435 * heap/WeakBlock.h: Added.
6436 * heap/WeakHandleOwner.cpp: Added.
6437 * heap/WeakHandleOwner.h: Added.
6438 * heap/WeakHeap.cpp: Added.
6439 * heap/WeakHeap.h: Added.
6440 * heap/WeakImpl.h: Added.
6442 One interesting difference from the old heap is that we don't allow
6443 clients to overwrite a WeakImpl after allocating it, and we don't recycle
6444 WeakImpls prior to garbage collection. This is required for lazy finalization,
6445 but it will also help us esablish a useful invariant in the future: allocating
6446 a WeakImpl will be a binding contract to run a finalizer at some point in the
6447 future, even if the WeakImpl is later deallocated.
6450 (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
6451 its JSValue, since that's our API contract now, and the JSValue might
6455 (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.
6457 * runtime/Structure.cpp:
6458 (JSC::StructureTransitionTable::add): I can't remember why I did this.
6460 * runtime/StructureTransitionTable.h:
6461 * runtime/WeakGCMap.h: I had to update these classes because they allocate
6462 and deallocate weak pointers manually. They should probably stop doing that.
6464 2012-04-03 Keishi Hattori <keishi@webkit.org>
6466 Disable ENABLE_DATALIST for now
6467 https://bugs.webkit.org/show_bug.cgi?id=82871
6469 Reviewed by Kent Tamura.
6471 * Configurations/FeatureDefines.xcconfig: Disabled ENABLE_DATALIST.
6473 2012-04-02 Filip Pizlo <fpizlo@apple.com>
6475 jsr/sret should be removed
6476 https://bugs.webkit.org/show_bug.cgi?id=82986
6477 <rdar://problem/11017015>
6479 Reviewed by Sam Weinig and Geoff Garen.
6481 Replaces jsr/sret with finally block inlining.
6483 * bytecode/CodeBlock.cpp:
6484 (JSC::CodeBlock::dump):
6485 * bytecode/Opcode.h:
6487 (JSC::padOpcodeName):
6488 * bytecompiler/BytecodeGenerator.cpp:
6489 (JSC::BytecodeGenerator::pushFinallyContext):
6490 (JSC::BytecodeGenerator::emitComplexJumpScopes):
6492 * bytecompiler/BytecodeGenerator.h:
6494 (BytecodeGenerator):
6495 * bytecompiler/NodesCodegen.cpp:
6496 (JSC::TryNode::emitBytecode):
6497 * interpreter/Interpreter.cpp:
6498 (JSC::Interpreter::privateExecute):
6500 (JSC::JIT::privateCompileMainPass):
6501 (JSC::JIT::privateCompile):
6504 * jit/JITOpcodes.cpp:
6506 * jit/JITOpcodes32_64.cpp:
6508 * llint/LowLevelInterpreter32_64.asm:
6509 * llint/LowLevelInterpreter64.asm:
6511 2012-04-03 Mark Rowe <mrowe@apple.com>
6513 Make it possible to install the JavaScriptCore test tools.
6515 Part of <rdar://problem/11158607>.
6517 Reviewed by Filip Pizlo.
6519 * JavaScriptCore.xcodeproj/project.pbxproj: Introduce an aggregate target named
6520 Test Tools that builds testapi, minidom and testRegExp. Switch All from depending on
6521 those targets individually to depending on the new aggregate target.
6523 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6525 Offlineasm ARM backend has a very convoluted way of saying it wants to emit a
6526 three-operand multiply instruction
6527 https://bugs.webkit.org/show_bug.cgi?id=83100
6529 Reviewed by Darin Adler.
6531 Changed the "muli"/"mulp" case to call emitArmV7() since that helper method was
6532 already smart enough to do the Right Thing for multiply.
6534 * offlineasm/armv7.rb:
6536 2012-04-03 Filip Pizlo <fpizlo@apple.com>
6538 Offlineasm ARM backend uses the wrong mnemonic for multiply
6539 https://bugs.webkit.org/show_bug.cgi?id=83098
6540 <rdar://problem/11168744>
6542 Reviewed by Gavin Barraclough.
6544 Use "mul" instead of "muls" since we're passing three operands, not two.
6546 * offlineasm/armv7.rb:
6548 2012-04-03 Gavin Barraclough <barraclough@apple.com>
6550 Linux crashes during boot
6551 https://bugs.webkit.org/show_bug.cgi?id=83096
6553 Reviewed by Filip Pizlo.
6555 The bug here is that we add empty JSValues to the sparse map, and then set them
6556 - but a GC may occur before doing so (due to a call to reportExtraMemory cost).
6557 We may want to consider making it safe to mark empty JSValues, but the simple &
6558 contained fix to this specific bug is to just initialize these values to
6559 something other than JSValue().
6561 * runtime/JSArray.cpp:
6562 (JSC::SparseArrayValueMap::add):
6563 - Initialize sparse map entries.
6565 2012-04-02 Oliver Hunt <oliver@apple.com>
6567 Incorrect liveness information when inlining
6568 https://bugs.webkit.org/show_bug.cgi?id=82985
6570 Reviewed by Filip Pizlo.
6572 Don't remap register numbers that have already been remapped.
6574 * dfg/DFGByteCodeParser.cpp:
6575 (JSC::DFG::ByteCodeParser::handleInlining):
6577 2012-04-02 Filip Pizlo <fpizlo@apple.com>
6579 Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we
6580 try to create an arguments object from the activation
6581 https://bugs.webkit.org/show_bug.cgi?id=82947
6582 <rdar://problem/11058598>
6584 Reviewed by Gavin Barraclough.
6586 We now copy the entire call frame header just to be sure. This is mostly perf-netural,
6587 except for a 3.7% slow-down in V8/earley.
6589 * runtime/JSActivation.cpp:
6590 (JSC::JSActivation::visitChildren):
6591 * runtime/JSActivation.h:
6592 (JSC::JSActivation::tearOff):
6594 2012-04-02 Daniel Bates <dbates@webkit.org>
6596 Remove Source/JavaScriptCore/wtf and its empty subdirectories
6598 Rubber-stamped by Eric Seidel.
6600 Following the move of WTF from Source/JavaScriptCore/wtf to Source/WTF
6601 (https://bugs.webkit.org/show_bug.cgi?id=75673), remove directory
6602 Source/JavaScriptCore/wtf and its empty subdirectories.
6605 * wtf/android: Removed.
6606 * wtf/blackberry: Removed.
6607 * wtf/chromium: Removed.
6608 * wtf/dtoa: Removed.
6610 * wtf/gobject: Removed.
6614 * wtf/qt/compat: Removed.
6615 * wtf/tests: Removed.
6616 * wtf/text: Removed.
6617 * wtf/threads: Removed.
6618 * wtf/threads/win: Removed.
6619 * wtf/unicode: Removed.
6620 * wtf/unicode/glib: Removed.
6621 * wtf/unicode/icu: Removed.
6622 * wtf/unicode/qt4: Removed.
6623 * wtf/unicode/wince: Removed.
6625 * wtf/url/api: Removed.
6626 * wtf/url/src: Removed.
6628 * wtf/wince: Removed.
6631 2012-04-02 Carlos Garcia Campos <cgarcia@igalia.com>
6633 Unreviewed. Fix make distcheck issues.
6635 * GNUmakefile.list.am: Add missing file.
6637 2012-04-01 Darin Adler <darin@apple.com>
6639 Fix incorrect path for libWTF.a in Mac project file.
6641 * JavaScriptCore.xcodeproj/project.pbxproj: Removed the "../Release" prefix that
6642 would cause other configurations to try to link with the "Release" version of
6643 libWTF.a instead of the correct version.
6645 2012-03-29 Filip Pizlo <fpizlo@apple.com>
6647 DFG should optimize a==b for a being an object and b being either an object or
6648 null/undefined, and vice versa
6649 https://bugs.webkit.org/show_bug.cgi?id=82656
6651 Reviewed by Oliver Hunt.
6653 Implements additional object equality optimizations for the case that one
6654 operand is predicted to be an easily speculated object (like FinalObject or
6655 Array) and the other is either an easily speculated object or Other, i.e.
6658 2-5% speed-up on V8/raytrace, leading to a sub-1% progression on V8.
6660 I also took the opportunity to clean up the control flow for the speculation
6661 decisions in the various Compare opcodes. And to fix a build bug in SamplingTool.
6662 And to remove debug cruft I stupidly committed in my last patch.
6664 * bytecode/SamplingTool.h:
6666 * dfg/DFGAbstractState.cpp:
6667 (JSC::DFG::AbstractState::execute):
6668 * dfg/DFGOperations.cpp:
6669 * dfg/DFGSpeculativeJIT.cpp:
6670 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
6671 (JSC::DFG::SpeculativeJIT::compare):
6672 * dfg/DFGSpeculativeJIT.h:
6674 * dfg/DFGSpeculativeJIT32_64.cpp:
6675 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
6676 (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
6678 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
6679 * dfg/DFGSpeculativeJIT64.cpp:
6680 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
6681 (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
6683 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
6685 2012-03-30 David Barr <davidbarr@chromium.org>
6687 Split up top-level .gitignore and .gitattributes
6688 https://bugs.webkit.org/show_bug.cgi?id=82687
6690 Reviewed by Tor Arne Vestbø.
6692 * JavaScriptCore.gyp/.gitignore: Added.
6694 2012-03-30 Steve Falkenburg <sfalken@apple.com>
6696 Windows (make based) build fix.
6698 * JavaScriptCore.vcproj/JavaScriptCore.make: Copy WTF header files into a place where JavaScriptCore build can see them.
6700 2012-03-30 Keishi Hattori <keishi@webkit.org>
6702 Change ENABLE_INPUT_COLOR to ENABLE_INPUT_TYPE_COLOR and enable it for chromium
6703 https://bugs.webkit.org/show_bug.cgi?id=80972
6705 Reviewed by Kent Tamura.
6707 * Configurations/FeatureDefines.xcconfig:
6709 2012-03-29 Mark Hahnenberg <mhahnenberg@apple.com>
6711 Refactor recompileAllJSFunctions() to be less expensive
6712 https://bugs.webkit.org/show_bug.cgi?id=80330
6714 Reviewed by Filip Pizlo.
6716 This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
6717 load performance, which currently does at least a couple full GCs per navigation.
6720 (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
6721 because the function doesn't actually recompile anything (and never did); it simply throws code
6722 away for it to be recompiled later if we determine we should do so.
6724 (JSC::Heap::collectAllGarbage):
6725 (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
6726 (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
6730 * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
6731 be used in DoublyLinkedLists.
6732 (JSC::FunctionExecutable::FunctionExecutable):
6733 (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
6734 * runtime/Executable.h:
6735 (FunctionExecutable):
6736 (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
6737 * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
6738 the list of FunctionExecutables.
6739 * runtime/JSGlobalData.h:
6741 * runtime/JSGlobalObject.cpp:
6742 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
6744 2012-03-29 Filip Pizlo <fpizlo@apple.com>
6746 Unreviewed build fix for non-x86 platforms.
6748 * dfg/DFGSpeculativeJIT.cpp:
6749 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
6750 * dfg/DFGSpeculativeJIT.h:
6751 (JSC::DFG::SpeculativeJIT::callOperation):
6752 * jit/JITArithmetic32_64.cpp:
6753 (JSC::JIT::emitSlow_op_mod):
6755 2012-03-29 Gavin Barraclough <barraclough@apple.com>
6757 Windows build fix p2.
6759 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
6761 2012-03-29 Gavin Barraclough <barraclough@apple.com>
6763 Windows build fix p1.
6765 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
6767 2012-03-29 Gavin Barraclough <barraclough@apple.com>
6769 Template the Yarr::Interpreter on the character type
6770 https://bugs.webkit.org/show_bug.cgi?id=82637
6772 Reviewed by Sam Weinig.
6774 We should be able to call to the interpreter after having already checked the character type,
6775 without having to re-package the character pointer back up into a string!
6777 * runtime/RegExp.cpp:
6778 (JSC::RegExp::match):
6779 (JSC::RegExp::matchCompareWithInterpreter):
6780 - Don't pass length.
6782 - moved function declarations to YarrInterpreter.h.
6783 * yarr/YarrInterpreter.cpp:
6786 (JSC::Yarr::Interpreter::InputStream::InputStream):
6788 (JSC::Yarr::Interpreter::Interpreter):
6789 (JSC::Yarr::interpret):
6790 - templated Interpreter class on CharType.
6791 * yarr/YarrInterpreter.h:
6793 - added function declarations.
6795 2012-03-29 David Kilzer <ddkilzer@apple.com>
6797 Don't use a flattened framework path when building on OS X
6799 Reviewed by Mark Rowe.
6801 * Configurations/ToolExecutable.xcconfig: Use REAL_PLATFORM_NAME
6802 to select different INSTALL_PATH values.
6804 2012-03-29 Kevin Ollivier <kevino@theolliviers.com>
6806 [wx] Unreviewed build fix, add Win-specific sources
6807 the wx port needs after WTF move.
6811 2012-03-29 Andy Estes <aestes@apple.com>
6813 Remove an unused variable that breaks the build with newer versions of clang.
6815 Rubber stamped by Gavin Barraclough.
6818 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
6820 2012-03-29 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
6822 HashMap<>::add should return a more descriptive object
6823 https://bugs.webkit.org/show_bug.cgi?id=71063
6825 Reviewed by Ryosuke Niwa.
6827 Update code to use AddResult instead of a pair. Note that since WeakGCMap wraps
6828 the iterator type, there's a need for its own AddResult type -- instantiated from
6829 HashTableAddResult template class.
6831 * API/JSCallbackObject.h:
6832 (JSC::JSCallbackObjectData::JSPrivatePropertyMap::setPrivateProperty):
6833 * API/JSClassRef.cpp:
6834 (OpaqueJSClass::contextData):
6835 * bytecompiler/BytecodeGenerator.cpp:
6836 (JSC::BytecodeGenerator::addVar):
6837 (JSC::BytecodeGenerator::addGlobalVar):
6838 (JSC::BytecodeGenerator::addConstant):
6839 (JSC::BytecodeGenerator::addConstantValue):
6840 (JSC::BytecodeGenerator::emitLoad):
6841 (JSC::BytecodeGenerator::addStringConstant):
6842 (JSC::BytecodeGenerator::emitLazyNewFunction):
6843 * bytecompiler/NodesCodegen.cpp:
6844 (JSC::PropertyListNode::emitBytecode):
6845 * debugger/Debugger.cpp:
6846 * dfg/DFGAssemblyHelpers.cpp:
6847 (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
6848 * dfg/DFGByteCodeParser.cpp:
6849 (JSC::DFG::ByteCodeParser::cellConstant):
6850 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
6852 (JSC::JITThunks::ctiStub):
6853 (JSC::JITThunks::hostFunctionStub):
6854 * parser/Parser.cpp:
6855 (JSC::::parseStrictObjectLiteral):
6857 (JSC::Scope::declareParameter):
6858 * runtime/Identifier.cpp:
6859 (JSC::Identifier::add):
6860 (JSC::Identifier::add8):
6861 (JSC::Identifier::addSlowCase):
6862 * runtime/Identifier.h:
6863 (JSC::Identifier::add):
6864 (JSC::IdentifierTable::add):
6865 * runtime/JSArray.cpp:
6866 (JSC::SparseArrayValueMap::add):
6867 (JSC::SparseArrayValueMap::put):
6868 (JSC::SparseArrayValueMap::putDirect):
6869 (JSC::JSArray::enterDictionaryMode):
6870 (JSC::JSArray::defineOwnNumericProperty):
6871 * runtime/JSArray.h:
6872 (SparseArrayValueMap):
6873 * runtime/PropertyNameArray.cpp:
6874 (JSC::PropertyNameArray::add):
6875 * runtime/StringRecursionChecker.h:
6876 (JSC::StringRecursionChecker::performCheck):
6877 * runtime/Structure.cpp:
6878 (JSC::StructureTransitionTable::add):
6879 * runtime/WeakGCMap.h:
6881 (JSC::WeakGCMap::add):
6882 (JSC::WeakGCMap::set):
6883 * tools/ProfileTreeNode.h:
6884 (JSC::ProfileTreeNode::sampleChild):
6886 2012-03-29 Patrick Gansterer <paroga@webkit.org>
6888 Build fix for !ENABLE(YARR_JIT) after r112454.
6890 * runtime/RegExp.cpp:
6891 (JSC::RegExp::invalidateCode):
6893 2012-03-28 Filip Pizlo <fpizlo@apple.com>
6895 DFG object equality speculations should be simplified
6896 https://bugs.webkit.org/show_bug.cgi?id=82557
6898 Reviewed by Gavin Barraclough.
6901 (JSC::DFG::Node::shouldSpeculateFinalObject):
6902 (JSC::DFG::Node::shouldSpeculateArray):
6904 2012-03-28 David Kilzer <ddkilzer@apple.com>
6906 minidom configurations should be based on ToolExecutable.xcconfig
6907 <http://webkit.org/b/82513>
6909 Reviewed by Mark Rowe.
6911 Note that this patch changes minidom from being installed in
6912 /usr/local/bin to JavaScriptCore.framework/Resources.
6914 * Configurations/ToolExecutable.xcconfig: Add semi-colon.
6915 * JavaScriptCore.xcodeproj/project.pbxproj: Base minidom
6916 configurations on ToolExecutable.xcconfig. Remove redundant
6917 PRODUCT_NAME and SKIP_INSTALL variables.
6919 2012-03-28 Gavin Barraclough <barraclough@apple.com>
6921 Build fix - some compiles generating NORETURN related warnings.
6924 (JSC::Yarr::YarrGenerator::setSubpatternStart):
6925 (JSC::Yarr::YarrGenerator::setSubpatternEnd):
6926 (JSC::Yarr::YarrGenerator::clearSubpatternStart):
6928 2012-03-28 Kevin Ollivier <kevino@theolliviers.com>
6930 [wx] Unreviewed. Build fix, move WTF back into JSCore target
6931 until issues with JSCore not linking in all WTF symbols are resolved.
6935 2012-03-28 Gavin Barraclough <barraclough@apple.com>
6937 Yarr: if we're not using the output array, don't populate it!
6938 https://bugs.webkit.org/show_bug.cgi?id=82519
6940 Reviewed by Sam Weinig.
6942 * runtime/RegExp.cpp:
6944 - Missed review comment! - didn't fully remove RegExpRepresentation.
6946 2012-03-28 Gavin Barraclough <barraclough@apple.com>
6948 Yarr: if we're not using the output array, don't populate it!
6949 https://bugs.webkit.org/show_bug.cgi?id=82519
6951 Reviewed by Sam Weinig.
6953 Add a new variant of the match method to RegExp that returns a MatchResult,
6954 and modify YarrJIT to be able to compile code that doesn't use an output vector.
6956 This is a 3% progression on v8-regexp.
6958 * JavaScriptCore.xcodeproj/project.pbxproj:
6959 - Moved MatchResult into its own header.
6960 * assembler/AbstractMacroAssembler.h:
6961 - Added missing include.
6962 * runtime/MatchResult.h: Added.
6963 (MatchResult::MatchResult):
6965 (MatchResult::failed):
6966 (MatchResult::operator bool):
6967 (MatchResult::empty):
6968 - Moved MatchResult into its own header.
6969 * runtime/RegExp.cpp:
6970 (JSC::RegExp::compile):
6971 (JSC::RegExp::compileIfNecessary):
6972 (JSC::RegExp::match):
6973 - Changed due to execute & representation changes.
6974 (JSC::RegExp::compileMatchOnly):
6975 (JSC::RegExp::compileIfNecessaryMatchOnly):
6976 - Added helper to compile MatchOnly code.
6977 (JSC::RegExp::invalidateCode):
6978 (JSC::RegExp::matchCompareWithInterpreter):
6979 (JSC::RegExp::printTraceData):
6980 - Changed due representation changes.
6983 (JSC::RegExp::hasCode):
6984 - Made YarrCodeBlock a member.
6985 * runtime/RegExpConstructor.h:
6986 (RegExpConstructor):
6987 (JSC::RegExpConstructor::performMatch):
6988 - Added no-ovector form.
6989 * runtime/RegExpMatchesArray.cpp:
6990 (JSC::RegExpMatchesArray::reifyAllProperties):
6991 - Match now takes a reference to ovector, not a pointer.
6992 * runtime/RegExpObject.h:
6994 - Moved MatchResult into its own header.
6995 * runtime/StringPrototype.cpp:
6996 (JSC::stringProtoFuncSplit):
6997 - Match now takes a reference to ovector, not a pointer.
7000 - Match now takes a reference to ovector, not a pointer.
7004 (JSC::Yarr::YarrGenerator::initCallFrame):
7005 (JSC::Yarr::YarrGenerator::removeCallFrame):
7006 (JSC::Yarr::YarrGenerator::setSubpatternStart):
7007 (JSC::Yarr::YarrGenerator::setSubpatternEnd):
7008 (JSC::Yarr::YarrGenerator::clearSubpatternStart):
7009 (JSC::Yarr::YarrGenerator::setMatchStart):
7010 (JSC::Yarr::YarrGenerator::getMatchStart):
7011 - Added helper functions to intermediate access to output.
7012 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
7013 (JSC::Yarr::YarrGenerator::generate):
7014 (JSC::Yarr::YarrGenerator::backtrack):
7015 (JSC::Yarr::YarrGenerator::generateEnter):
7016 (JSC::Yarr::YarrGenerator::compile):
7017 - Changed to use the new helpers, only generate subpatterns if IncludeSubpatterns.
7018 (JSC::Yarr::jitCompile):
7019 - Needs to template of MatchOnly or IncludeSubpatterns.
7022 (JSC::Yarr::YarrCodeBlock::set8BitCode):
7023 (JSC::Yarr::YarrCodeBlock::set16BitCode):
7024 (JSC::Yarr::YarrCodeBlock::has8BitCodeMatchOnly):
7025 (JSC::Yarr::YarrCodeBlock::has16BitCodeMatchOnly):
7026 (JSC::Yarr::YarrCodeBlock::set8BitCodeMatchOnly):
7027 (JSC::Yarr::YarrCodeBlock::set16BitCodeMatchOnly):
7028 (JSC::Yarr::YarrCodeBlock::execute):
7029 (JSC::Yarr::YarrCodeBlock::clear):
7030 - Added a second set of CodeRefs, so that we can compile RexExps with/without subpattern matching.
7032 2012-03-27 Filip Pizlo <fpizlo@apple.com>
7034 DFG OSR exit should not generate an exit for variables of inlinees if the
7035 inlinees are not in scope
7036 https://bugs.webkit.org/show_bug.cgi?id=82312
7038 Reviewed by Oliver Hunt.
7040 * bytecode/CodeBlock.h:
7041 (JSC::baselineCodeBlockForInlineCallFrame):
7043 (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
7044 * dfg/DFGOSRExit.cpp:
7045 (JSC::DFG::computeNumVariablesForCodeOrigin):
7047 (JSC::DFG::OSRExit::OSRExit):
7049 2012-03-27 Matt Lilek <mrl@apple.com>
7051 Stop compiling Interpreter.cpp with -fno-var-tracking
7052 https://bugs.webkit.org/show_bug.cgi?id=82299
7054 Reviewed by Anders Carlsson.
7056 * JavaScriptCore.xcodeproj/project.pbxproj:
7058 2012-03-27 Pratik Solanki <psolanki@apple.com>
7060 Compiler warning when JIT is not enabled
7061 https://bugs.webkit.org/show_bug.cgi?id=82352
7063 Reviewed by Filip Pizlo.
7065 * runtime/JSFunction.cpp:
7066 (JSC::JSFunction::create):
7068 2012-03-26 Thouraya ANDOLSI <thouraya.andolsi@st.com>
7070 Unaligned userspace access for SH4 platforms
7071 https://bugs.webkit.org/show_bug.cgi?id=79104
7073 Reviewed by Gavin Barraclough.
7075 * assembler/AbstractMacroAssembler.h:
7077 (JSC::AbstractMacroAssembler::Jump::Jump):
7078 (JSC::AbstractMacroAssembler::Jump::link):
7079 * assembler/MacroAssemblerSH4.h:
7080 (JSC::MacroAssemblerSH4::load16Unaligned):
7081 (JSC::MacroAssemblerSH4::load32WithUnalignedHalfWords):
7082 (JSC::MacroAssemblerSH4::branchDouble):
7083 (JSC::MacroAssemblerSH4::branchTrue):
7084 (JSC::MacroAssemblerSH4::branchFalse):
7085 * assembler/SH4Assembler.h:
7086 (JSC::SH4Assembler::extraInstrForBranch):
7088 (JSC::SH4Assembler::bra):
7089 (JSC::SH4Assembler::linkJump):
7093 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
7095 2012-03-26 Ryosuke Niwa <rniwa@webkit.org>
7097 cssText should use shorthand notations
7098 https://bugs.webkit.org/show_bug.cgi?id=81737
7100 Reviewed by Enrica Casucci.
7102 Export symbols of BitVector on Windows.
7104 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
7106 2012-03-26 Filip Pizlo <fpizlo@apple.com>
7108 DFG should assert that argument value recoveries can only be
7109 AlreadyInRegisterFile or Constant
7110 https://bugs.webkit.org/show_bug.cgi?id=82249
7112 Reviewed by Michael Saboff.
7114 Made the assertions that the DFG makes for argument value recoveries match
7115 what Arguments expects.
7117 * bytecode/ValueRecovery.h:
7118 (JSC::ValueRecovery::isConstant):
7120 (JSC::ValueRecovery::isAlreadyInRegisterFile):
7121 * dfg/DFGSpeculativeJIT.cpp:
7122 (JSC::DFG::SpeculativeJIT::compile):
7124 2012-03-26 Dan Bernstein <mitz@apple.com>
7126 Tried to fix the Windows build.
7128 * yarr/YarrPattern.cpp:
7129 (JSC::Yarr::CharacterClassConstructor::putRange):
7131 2012-03-26 Gavin Barraclough <barraclough@apple.com>
7133 Unreviewed - speculative Windows build fix.
7135 * yarr/YarrCanonicalizeUCS2.h:
7136 (JSC::Yarr::getCanonicalPair):
7138 2012-03-26 Dan Bernstein <mitz@apple.com>
7140 Fixed builds with assertions disabled.
7142 * yarr/YarrCanonicalizeUCS2.h:
7143 (JSC::Yarr::areCanonicallyEquivalent):
7145 2012-03-26 Gavin Barraclough <barraclough@apple.com>
7147 Unreviewed - errk! - accidentally the whole pbxproj.
7149 * JavaScriptCore.xcodeproj/project.pbxproj:
7151 2012-03-25 Gavin Barraclough <barraclough@apple.com>
7153 Greek sigma is handled wrong in case independent regexp.
7154 https://bugs.webkit.org/show_bug.cgi?id=82063
7156 Reviewed by Oliver Hunt.
7158 The bug here is that we assume that any given codepoint has at most one additional value it
7159 should match under a case insensitive match, and that the pair of codepoints that match (if
7160 a codepoint does not only match itself) can be determined by calling toUpper/toLower on the
7161 given codepoint). Life is not that simple.
7163 Instead, pre-calculate a set of tables mapping from a UCS2 codepoint to the set of characters
7164 it may match, under the ES5.1 case-insensitive matching rules. Since unicode is fairly regular
7165 we can pack this table quite nicely, and get it down to 364 entries. This means we can use a
7166 simple binary search to find an entry in typically eight compares.
7169 * GNUmakefile.list.am:
7170 * JavaScriptCore.gypi:
7171 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
7172 * JavaScriptCore.xcodeproj/project.pbxproj:
7174 - Added new files to build systems.
7175 * yarr/YarrCanonicalizeUCS2.cpp: Added.
7176 - New - autogenerated, UCS2 canonicalized comparison tables.
7177 * yarr/YarrCanonicalizeUCS2.h: Added.
7178 (JSC::Yarr::rangeInfoFor):
7179 - Look up the canonicalization info for a UCS2 character.
7180 (JSC::Yarr::getCanonicalPair):
7181 - For a UCS2 character with a single equivalent value, look it up.
7182 (JSC::Yarr::isCanonicallyUnique):
7183 - Returns true if no other UCS2 code points are canonically equal.
7184 (JSC::Yarr::areCanonicallyEquivalent):
7185 - Compare two values, under canonicalization rules.
7186 * yarr/YarrCanonicalizeUCS2.js: Added.
7187 - script used to generate YarrCanonicalizeUCS2.cpp.
7188 * yarr/YarrInterpreter.cpp:
7189 (JSC::Yarr::Interpreter::tryConsumeBackReference):
7190 - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
7192 (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
7193 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
7194 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
7195 - Use isCanonicallyUnique, rather than Unicode toUpper/toLower.
7196 * yarr/YarrPattern.cpp:
7197 (JSC::Yarr::CharacterClassConstructor::putChar):
7198 - Updated to determine canonical equivalents correctly.
7199 (JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
7200 - Added, used to put a non-ascii, non-unique character in a case-insensitive match.
7201 (JSC::Yarr::CharacterClassConstructor::putRange):
7202 - Updated to determine canonical equivalents correctly.
7203 (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
7204 - Changed to call putUnicodeIgnoreCase, instead of putChar, avoid a double lookup of rangeInfo.
7206 2012-03-26 Kevin Ollivier <kevino@theolliviers.com>
7208 [wx] Unreviewed build fix. Add the build outputs dir to the list of build dirs,
7209 so we make sure it finds the API headers on all platforms.
7213 2012-03-26 Patrick Gansterer <paroga@webkit.org>
7215 Build fix for WinCE after r112039.
7217 * interpreter/Register.h:
7218 (Register): Removed inline keyword from decleration since
7219 there is an ALWAYS_INLINE at the definition anyway.
7221 2012-03-26 Carlos Garcia Campos <cgarcia@igalia.com>
7223 Unreviewed. Fix make distcheck.
7225 * GNUmakefile.list.am: Add missing files.
7227 2012-03-25 Kevin Ollivier <kevino@theolliviers.com>
7229 [wx] Unreviewed build fix. Move WTF to its own static lib build.
7233 2012-03-25 Filip Pizlo <fpizlo@apple.com>
7235 DFG int-to-double conversion should be revealed to CSE
7236 https://bugs.webkit.org/show_bug.cgi?id=82135
7238 Reviewed by Oliver Hunt.
7240 This introduces the notion of an Int32ToDouble node, which is injected
7241 into the graph anytime we know that we have a double use of a node that
7242 was predicted integer. The Int32ToDouble simplifies double speculation
7243 on integers by skipping the path that would unbox doubles, if we know
7244 that the value is already proven to be an integer. It allows integer to
7245 double conversions to be subjected to common subexpression elimination
7246 (CSE) by allowing the CSE phase to see where these conversions are
7247 occurring. Finally, it allows us to see when a constant is being used
7248 as both a double and an integer. This is a bit odd, since it means that
7249 sometimes a double use of a constant will not refer directly to the
7250 constant. This should not cause problems, for now, but it may require
7251 some canonizalization in the future if we want to support strength
7252 reductions of double operations based on constants.
7254 To allow injection of nodes into the graph, this change introduces the
7255 DFG::InsertionSet, which is a way of lazily inserting elements into a
7256 list. This allows the FixupPhase to remain O(N) despite performing
7257 multiple injections in a single basic block. Without the InsertionSet,
7258 each injection would require performing an insertion into a vector,
7259 which is O(N), leading to O(N^2) performance overall. With the
7260 InsertionSet, each injection simply records what insertion would have
7261 been performed, and all insertions are performed at once (via
7262 InsertionSet::execute) after processing of a basic block is completed.
7264 * JavaScriptCore.xcodeproj/project.pbxproj:
7265 * bytecode/PredictedType.h:
7266 (JSC::isActionableIntMutableArrayPrediction):
7268 (JSC::isActionableFloatMutableArrayPrediction):
7269 (JSC::isActionableTypedMutableArrayPrediction):
7270 (JSC::isActionableMutableArrayPrediction):
7271 * dfg/DFGAbstractState.cpp:
7272 (JSC::DFG::AbstractState::execute):
7273 * dfg/DFGCSEPhase.cpp:
7274 (JSC::DFG::CSEPhase::performNodeCSE):
7276 (JSC::DFG::useKindToString):
7278 * dfg/DFGFixupPhase.cpp:
7279 (JSC::DFG::FixupPhase::run):
7280 (JSC::DFG::FixupPhase::fixupBlock):
7282 (JSC::DFG::FixupPhase::fixupNode):
7283 (JSC::DFG::FixupPhase::fixDoubleEdge):
7285 (JSC::DFG::Graph::dump):
7286 * dfg/DFGInsertionSet.h: Added.
7289 (JSC::DFG::Insertion::Insertion):
7290 (JSC::DFG::Insertion::index):
7291 (JSC::DFG::Insertion::element):
7293 (JSC::DFG::InsertionSet::InsertionSet):
7294 (JSC::DFG::InsertionSet::append):
7295 (JSC::DFG::InsertionSet::execute):
7296 * dfg/DFGNodeType.h:
7298 * dfg/DFGPredictionPropagationPhase.cpp:
7299 (JSC::DFG::PredictionPropagationPhase::propagate):
7300 * dfg/DFGSpeculativeJIT.cpp:
7301 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
7302 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
7303 (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
7305 * dfg/DFGSpeculativeJIT.h:
7307 (JSC::DFG::IntegerOperand::IntegerOperand):
7308 (JSC::DFG::DoubleOperand::DoubleOperand):
7309 (JSC::DFG::JSValueOperand::JSValueOperand):
7310 (JSC::DFG::StorageOperand::StorageOperand):
7311 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
7312 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
7313 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
7314 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
7315 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
7316 * dfg/DFGSpeculativeJIT32_64.cpp:
7317 (JSC::DFG::SpeculativeJIT::compile):
7318 * dfg/DFGSpeculativeJIT64.cpp:
7319 (JSC::DFG::SpeculativeJIT::compile):
7321 2012-03-25 Filip Pizlo <fpizlo@apple.com>
7323 DFGOperands should be moved out of the DFG and into bytecode
7324 https://bugs.webkit.org/show_bug.cgi?id=82151
7326 Reviewed by Dan Bernstein.
7328 * GNUmakefile.list.am:
7329 * JavaScriptCore.xcodeproj/project.pbxproj:
7330 * bytecode/Operands.h: Copied from Source/JavaScriptCore/dfg/DFGOperands.h.
7331 * dfg/DFGBasicBlock.h:
7333 * dfg/DFGOSREntry.h:
7335 * dfg/DFGOperands.h: Removed.
7336 * dfg/DFGVariableAccessData.h:
7338 2012-03-24 Filip Pizlo <fpizlo@apple.com>
7340 DFG 64-bit Branch implementation should not be creating a JSValueOperand that
7341 it isn't going to use
7342 https://bugs.webkit.org/show_bug.cgi?id=82136
7344 Reviewed by Geoff Garen.
7346 * dfg/DFGSpeculativeJIT64.cpp:
7347 (JSC::DFG::SpeculativeJIT::emitBranch):
7349 2012-03-24 Kevin Ollivier <kevino@theolliviers.com>
7351 [wx] Unreviewed. Fix the build after WTF move.
7355 2012-03-23 Filip Pizlo <fpizlo@apple.com>
7357 DFG double voting may be overzealous in the case of variables that end up
7358 being used as integers
7359 https://bugs.webkit.org/show_bug.cgi?id=82008
7361 Reviewed by Oliver Hunt.
7363 Cleaned up propagation, making the intent more explicit in most places.
7364 Back-propagate NodeUsedAsInt for cases where a node was used in a context
7365 that is known to strongly prefer integers.
7367 * dfg/DFGByteCodeParser.cpp:
7368 (JSC::DFG::ByteCodeParser::handleCall):
7369 (JSC::DFG::ByteCodeParser::parseBlock):
7371 (JSC::DFG::Graph::dumpCodeOrigin):
7372 (JSC::DFG::Graph::dump):
7375 * dfg/DFGNodeFlags.cpp:
7376 (JSC::DFG::nodeFlagsAsString):
7377 * dfg/DFGNodeFlags.h:
7379 * dfg/DFGPredictionPropagationPhase.cpp:
7380 (JSC::DFG::PredictionPropagationPhase::run):
7381 (JSC::DFG::PredictionPropagationPhase::propagate):
7382 (PredictionPropagationPhase):
7383 (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
7384 (JSC::DFG::PredictionPropagationPhase::vote):
7385 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
7386 (JSC::DFG::PredictionPropagationPhase::fixupNode):
7387 * dfg/DFGVariableAccessData.h:
7388 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
7390 2012-03-24 Filip Pizlo <fpizlo@apple.com>
7392 DFG::Node::shouldNotSpeculateInteger() should be eliminated
7393 https://bugs.webkit.org/show_bug.cgi?id=82123
7395 Reviewed by Geoff Garen.
7397 * dfg/DFGAbstractState.cpp:
7398 (JSC::DFG::AbstractState::execute):
7401 * dfg/DFGSpeculativeJIT.cpp:
7402 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
7403 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
7405 2012-03-24 Yong Li <yoli@rim.com>
7407 Increase getByIdSlowCase ConstantSpace/InstructionSpace for CPU(ARM_TRADITIONAL)
7408 https://bugs.webkit.org/show_bug.cgi?id=81521
7410 Increase sequenceGetByIdSlowCaseConstantSpace and sequenceGetByIdSlowCaseInstructionSpace
7411 for CPU(ARM_TRADITIONAL) to fit actual need.
7413 Reviewed by Oliver Hunt.
7418 2012-03-23 Filip Pizlo <fpizlo@apple.com>
7420 DFG Fixup should be able to short-circuit trivial ValueToInt32's
7421 https://bugs.webkit.org/show_bug.cgi?id=82030
7423 Reviewed by Michael Saboff.
7425 Takes the fixup() method of the prediction propagation phase and makes it
7426 into its own phase. Adds the ability to short-circuit trivial ValueToInt32
7427 nodes, and mark pure ValueToInt32's as such.
7430 * GNUmakefile.list.am:
7431 * JavaScriptCore.xcodeproj/project.pbxproj:
7433 * dfg/DFGByteCodeParser.cpp:
7434 (JSC::DFG::ByteCodeParser::makeSafe):
7435 (JSC::DFG::ByteCodeParser::handleCall):
7436 (JSC::DFG::ByteCodeParser::parseBlock):
7438 * dfg/DFGDriver.cpp:
7439 (JSC::DFG::compile):
7440 * dfg/DFGFixupPhase.cpp: Added.
7443 (JSC::DFG::FixupPhase::FixupPhase):
7444 (JSC::DFG::FixupPhase::run):
7445 (JSC::DFG::FixupPhase::fixupNode):
7446 (JSC::DFG::FixupPhase::fixIntEdge):
7447 (JSC::DFG::performFixup):
7448 * dfg/DFGFixupPhase.h: Added.
7450 * dfg/DFGPredictionPropagationPhase.cpp:
7451 (JSC::DFG::PredictionPropagationPhase::run):
7452 (PredictionPropagationPhase):
7454 2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
7456 tryReallocate could break the zero-ed memory invariant of CopiedBlocks
7457 https://bugs.webkit.org/show_bug.cgi?id=82087
7459 Reviewed by Filip Pizlo.
7461 Removing this optimization turned out to be ~1% regression on kraken, so I simply
7462 undid the modification to the current block if we fail.
7464 * heap/CopiedSpace.cpp:
7465 (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
7466 to reallocate from the current block.
7468 2012-03-23 Alexey Proskuryakov <ap@apple.com>
7470 [Mac] No need for platform-specific ENABLE_BLOB values
7471 https://bugs.webkit.org/show_bug.cgi?id=82102
7473 Reviewed by David Kilzer.
7475 * Configurations/FeatureDefines.xcconfig:
7477 2012-03-23 Michael Saboff <msaboff@apple.com>
7479 DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
7480 https://bugs.webkit.org/show_bug.cgi?id=81805
7482 Reviewed by Filip Pizlo.
7484 Added SpeculativeJIT::checkGeneratedType() to determine the current format
7485 of an operand. Used that information in SpeculativeJIT::compileValueToInt32
7486 to generate code that will use integer and JSValue types in integer
7487 format directly without a conversion to double.
7489 * JavaScriptCore.xcodeproj/project.pbxproj:
7490 * dfg/DFGSpeculativeJIT.cpp:
7491 (JSC::DFG::SpeculativeJIT::checkGeneratedType):
7493 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
7494 * dfg/DFGSpeculativeJIT.h:
7498 2012-03-23 Steve Falkenburg <sfalken@apple.com>
7500 Update Apple Windows build files for WTF move
7501 https://bugs.webkit.org/show_bug.cgi?id=82069
7503 Reviewed by Jessie Berlin.
7505 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
7507 2012-03-23 Dean Jackson <dino@apple.com>
7509 Disable CSS_SHADERS in Apple builds
7510 https://bugs.webkit.org/show_bug.cgi?id=81996
7512 Reviewed by Simon Fraser.
7514 Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
7516 * Configurations/FeatureDefines.xcconfig:
7518 2012-03-23 Gavin Barraclough <barraclough@apple.com>
7520 RexExp constructor last match properties should not rely on previous ovector
7521 https://bugs.webkit.org/show_bug.cgi?id=82077
7523 Reviewed by Oliver Hunt.
7525 This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
7527 This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
7528 Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
7529 a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
7530 location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
7531 a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
7532 reified state. This means that next time a match is performed, the store of the result will
7533 automatically blow away the reified value.
7535 * JavaScriptCore.xcodeproj/project.pbxproj:
7537 * runtime/RegExp.cpp:
7538 (JSC::RegExpFunctionalTestCollector::outputOneTest):
7539 - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
7540 * runtime/RegExpCachedResult.cpp: Added.
7541 (JSC::RegExpCachedResult::visitChildren):
7542 (JSC::RegExpCachedResult::lastResult):
7543 (JSC::RegExpCachedResult::setInput):
7544 - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
7545 * runtime/RegExpCachedResult.h: Added.
7546 (RegExpCachedResult):
7548 (JSC::RegExpCachedResult::RegExpCachedResult):
7549 (JSC::RegExpCachedResult::record):
7550 (JSC::RegExpCachedResult::input):
7551 - Initialize the object, record the result of a RegExp match, access the stored input property.
7552 * runtime/RegExpConstructor.cpp:
7553 (JSC::RegExpConstructor::RegExpConstructor):
7554 - Initialize m_result/m_multiline properties.
7555 (JSC::RegExpConstructor::visitChildren):
7556 - Make sure the cached results (or lazy source for them) are marked.
7557 (JSC::RegExpConstructor::getBackref):
7558 (JSC::RegExpConstructor::getLastParen):
7559 (JSC::RegExpConstructor::getLeftContext):
7560 (JSC::RegExpConstructor::getRightContext):
7561 - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
7562 (JSC::regExpConstructorInput):
7563 (JSC::setRegExpConstructorInput):
7564 - Changed to use RegExpCachedResult.
7565 * runtime/RegExpConstructor.h:
7566 (JSC::RegExpConstructor::create):
7567 (RegExpConstructor):
7568 (JSC::RegExpConstructor::setMultiline):
7569 (JSC::RegExpConstructor::multiline):
7570 - Move multiline property onto the constructor object; it is not affected by the last match.
7571 (JSC::RegExpConstructor::setInput):
7572 (JSC::RegExpConstructor::input):
7573 - These defer to RegExpCachedResult.
7574 (JSC::RegExpConstructor::performMatch):
7575 * runtime/RegExpMatchesArray.cpp: Added.
7576 (JSC::RegExpMatchesArray::visitChildren):
7577 - Eeeep! added missing visitChildren!
7578 (JSC::RegExpMatchesArray::finishCreation):
7579 (JSC::RegExpMatchesArray::reifyAllProperties):
7580 (JSC::RegExpMatchesArray::reifyMatchProperty):
7581 - Moved from RegExpConstructor.cpp.
7582 (JSC::RegExpMatchesArray::leftContext):
7583 (JSC::RegExpMatchesArray::rightContext):
7584 - Since the match start/
7585 * runtime/RegExpMatchesArray.h:
7586 (RegExpMatchesArray):
7587 - Declare new methods & structure flags.
7588 * runtime/RegExpObject.cpp:
7589 (JSC::RegExpObject::match):
7590 - performMatch now requires the JSString input, to cache.
7591 * runtime/StringPrototype.cpp:
7592 (JSC::removeUsingRegExpSearch):
7593 (JSC::replaceUsingRegExpSearch):
7594 (JSC::stringProtoFuncMatch):
7595 (JSC::stringProtoFuncSearch):
7596 - performMatch now requires the JSString input, to cache.
7598 2012-03-23 Tony Chang <tony@chromium.org>
7600 [chromium] rename newwtf target back to wtf
7601 https://bugs.webkit.org/show_bug.cgi?id=82064
7603 Reviewed by Adam Barth.
7605 * JavaScriptCore.gyp/JavaScriptCore.gyp:
7607 2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
7609 Simplify memory usage tracking in CopiedSpace
7610 https://bugs.webkit.org/show_bug.cgi?id=80705
7612 Reviewed by Filip Pizlo.
7614 * heap/CopiedAllocator.h:
7615 (CopiedAllocator): Rename currentUtilization to currentSize.
7616 (JSC::CopiedAllocator::currentCapacity):
7617 * heap/CopiedBlock.h:
7619 (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
7622 (JSC::CopiedBlock::size): Add new function to calculate the block's size.
7623 (JSC::CopiedBlock::capacity): Ditto for capacity.
7624 * heap/CopiedSpace.cpp:
7625 (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
7626 field for the water mark.
7627 (JSC::CopiedSpace::init):
7628 (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current
7629 block, we need to update our current water mark with the size of the block.
7630 (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we
7631 need to update our current water mark with the size of the used portion of the block.
7632 (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when
7633 reallocating because it will either get accounted for when we fill up the block later
7634 in the case of being able to reallocate in the current block or it will get picked up
7635 immediately because we'll have to get a new block.
7636 (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when
7637 realloc-ing an oversize block because we deallocate the old block and allocate a brand
7639 (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to
7640 the CopiedSpace by the SlotVisitors.
7641 (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
7642 (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or
7643 not we should collect now instead of doing the calculation ourself.
7644 (JSC::CopiedSpace::destroy):
7646 (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how
7648 (JSC::CopiedSpace::capacity): Ditto for capacity.
7649 * heap/CopiedSpace.h:
7650 (JSC::CopiedSpace::waterMark):
7652 * heap/CopiedSpaceInlineMethods.h:
7653 (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a
7655 (JSC::CopiedSpace::allocateNewBlock):
7656 (JSC::CopiedSpace::fitsInBlock):
7657 (JSC::CopiedSpace::allocateFromBlock):
7659 (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
7660 (JSC::Heap::capacity): Ditto for capacity.
7661 (JSC::Heap::collect):
7664 (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to
7665 determine whether they should initiate a collection or continue to allocate new blocks.
7667 (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
7668 Heap (MarkedSpace and CopiedSpace).
7669 * heap/MarkedAllocator.cpp:
7670 (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
7672 2012-03-23 Ryosuke Niwa <rniwa@webkit.org>
7674 BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
7675 https://bugs.webkit.org/show_bug.cgi?id=82012
7677 Reviewed by Filip Pizlo.
7679 Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
7681 * wtf/BitVector.cpp:
7682 (WTF::BitVector::resizeOutOfLine):
7687 2012-03-22 Michael Saboff <msaboff@apple.com>
7689 ExecutableAllocator::memoryPressureMultiplier() might can return NaN
7690 https://bugs.webkit.org/show_bug.cgi?id=82002
7692 Reviewed by Filip Pizlo.
7694 Guard against divide by zero and then make sure the return
7697 * jit/ExecutableAllocator.cpp:
7698 (JSC::ExecutableAllocator::memoryPressureMultiplier):
7699 * jit/ExecutableAllocatorFixedVMPool.cpp:
7700 (JSC::ExecutableAllocator::memoryPressureMultiplier):
7702 2012-03-22 Jessie Berlin <jberlin@apple.com>
7704 Windows build fix after r111778.
7706 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
7707 Don't include and try to build files owned by WTF.
7708 Also, let VS have its way with the vcproj in terms of file ordering.
7710 2012-03-22 Raphael Kubo da Costa <rakuco@FreeBSD.org>
7712 [CMake] Unreviewed build fix after r111778.
7714 * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
7715 the include paths so that the right config.h is used.
7717 2012-03-22 Tony Chang <tony@chromium.org>
7719 Unreviewed, fix chromium build after wtf move.
7721 Remove old wtf_config and wtf targets.
7723 * JavaScriptCore.gyp/JavaScriptCore.gyp:
7725 2012-03-22 Martin Robinson <mrobinson@igalia.com>
7727 Fixed the GTK+ WTF/JavaScriptCore build after r111778.
7729 * GNUmakefile.list.am: Removed an extra trailing backslash.
7731 2012-03-22 Mark Rowe <mrowe@apple.com>
7735 * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
7736 rather than only those that contain symbols that JavaScriptCore itself uses.
7737 * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
7739 2012-03-22 Filip Pizlo <fpizlo@apple.com>
7741 DFG NodeFlags has some duplicate code and naming issues
7742 https://bugs.webkit.org/show_bug.cgi?id=81975
7744 Reviewed by Gavin Barraclough.
7746 Removed most references to "ArithNodeFlags" since those are now just part
7747 of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
7748 NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
7749 because the former was never called and the latter did the same things as
7752 * dfg/DFGByteCodeParser.cpp:
7753 (JSC::DFG::ByteCodeParser::makeSafe):
7754 (JSC::DFG::ByteCodeParser::makeDivSafe):
7755 (JSC::DFG::ByteCodeParser::handleIntrinsic):
7757 (JSC::DFG::Graph::dump):
7759 (JSC::DFG::Node::arithNodeFlags):
7761 * dfg/DFGNodeFlags.cpp:
7762 (JSC::DFG::nodeFlagsAsString):
7763 * dfg/DFGNodeFlags.h:
7765 (JSC::DFG::nodeUsedAsNumber):
7766 * dfg/DFGPredictionPropagationPhase.cpp:
7767 (JSC::DFG::PredictionPropagationPhase::propagate):
7768 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
7770 2012-03-22 Eric Seidel <eric@webkit.org>
7772 Actually move WTF files to their new home
7773 https://bugs.webkit.org/show_bug.cgi?id=81844
7775 Unreviewed. The details of the port-specific changes
7776 have been seen by contributors from those ports, but
7777 the whole 5MB change isn't very reviewable as-is.
7780 * GNUmakefile.list.am:
7781 * JSCTypedArrayStubs.h:
7782 * JavaScriptCore.gypi:
7783 * JavaScriptCore.xcodeproj/project.pbxproj:
7786 2012-03-22 Kevin Ollivier <kevino@theolliviers.com>
7788 [wx] Unreviewed. Adding Source/WTF to the build.
7792 2012-03-22 Gavin Barraclough <barraclough@apple.com>
7794 Add JSValue::isFunction
7795 https://bugs.webkit.org/show_bug.cgi?id=81935
7797 Reviewed by Geoff Garen.
7799 This would be useful in the WebCore bindings code.
7800 Also, remove asFunction, replace with jsCast<JSFunction*>.
7802 * API/JSContextRef.cpp:
7803 * debugger/Debugger.cpp:
7804 * debugger/DebuggerCallFrame.cpp:
7805 (JSC::DebuggerCallFrame::functionName):
7807 (JSC::DFG::Graph::valueOfFunctionConstant):
7808 * dfg/DFGOperations.cpp:
7809 * interpreter/CallFrame.cpp:
7810 (JSC::CallFrame::isInlineCallFrameSlow):
7811 * interpreter/Interpreter.cpp:
7812 (JSC::Interpreter::privateExecute):
7814 (JSC::DEFINE_STUB_FUNCTION):
7815 (JSC::jitCompileFor):
7817 * llint/LLIntSlowPaths.cpp:
7818 (JSC::LLInt::traceFunctionPrologue):
7819 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
7820 (JSC::LLInt::setUpCall):
7821 * runtime/Arguments.h:
7822 (JSC::Arguments::finishCreation):
7823 * runtime/ArrayPrototype.cpp:
7824 (JSC::arrayProtoFuncFilter):
7825 (JSC::arrayProtoFuncMap):
7826 (JSC::arrayProtoFuncEvery):
7827 (JSC::arrayProtoFuncForEach):
7828 (JSC::arrayProtoFuncSome):
7829 (JSC::arrayProtoFuncReduce):
7830 (JSC::arrayProtoFuncReduceRight):
7831 * runtime/CommonSlowPaths.h:
7832 (JSC::CommonSlowPaths::arityCheckFor):
7833 * runtime/Executable.h:
7834 (JSC::FunctionExecutable::compileFor):
7835 (JSC::FunctionExecutable::compileOptimizedFor):
7836 * runtime/FunctionPrototype.cpp:
7837 (JSC::functionProtoFuncToString):
7838 * runtime/JSArray.cpp:
7839 (JSC::JSArray::sort):
7840 * runtime/JSFunction.cpp:
7841 (JSC::JSFunction::argumentsGetter):
7842 (JSC::JSFunction::callerGetter):
7843 (JSC::JSFunction::lengthGetter):
7844 * runtime/JSFunction.h:
7846 (JSC::asJSFunction):
7847 (JSC::JSValue::isFunction):
7848 * runtime/JSGlobalData.cpp:
7849 (WTF::Recompiler::operator()):
7850 (JSC::JSGlobalData::releaseExecutableMemory):
7851 * runtime/JSValue.h:
7852 * runtime/StringPrototype.cpp:
7853 (JSC::replaceUsingRegExpSearch):
7855 2012-03-21 Filip Pizlo <fpizlo@apple.com>
7857 DFG speculation on booleans should be rationalized
7858 https://bugs.webkit.org/show_bug.cgi?id=81840
7860 Reviewed by Gavin Barraclough.
7862 This removes isKnownBoolean() and replaces it with AbstractState-based
7863 optimization, and cleans up the control flow in code gen methods for
7864 Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
7865 and removes isKnownNotBoolean() since that method appeared to be a
7866 helper used solely by 32_64's speculateBooleanOperation().
7868 This is performance-neutral.
7870 * dfg/DFGAbstractState.cpp:
7871 (JSC::DFG::AbstractState::execute):
7873 (JSC::DFG::Node::shouldSpeculateNumber):
7874 * dfg/DFGSpeculativeJIT.cpp:
7876 * dfg/DFGSpeculativeJIT.h:
7878 * dfg/DFGSpeculativeJIT32_64.cpp:
7879 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
7880 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
7881 (JSC::DFG::SpeculativeJIT::emitBranch):
7882 (JSC::DFG::SpeculativeJIT::compile):
7883 * dfg/DFGSpeculativeJIT64.cpp:
7884 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
7885 (JSC::DFG::SpeculativeJIT::emitBranch):
7886 (JSC::DFG::SpeculativeJIT::compile):
7888 2012-03-21 Mark Rowe <mrowe@apple.com>
7892 * wtf/MetaAllocator.h:
7893 (MetaAllocator): Export the destructor.
7895 2012-03-21 Eric Seidel <eric@webkit.org>
7897 Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
7898 https://bugs.webkit.org/show_bug.cgi?id=81834
7900 Reviewed by Adam Barth.
7903 * os-win32/WinMain.cpp:
7904 * runtime/JSDateMath.cpp:
7905 * runtime/TimeoutChecker.cpp:
7907 * tools/CodeProfiling.cpp:
7909 2012-03-21 Eric Seidel <eric@webkit.org>
7911 WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
7912 https://bugs.webkit.org/show_bug.cgi?id=81838
7914 Reviewed by Geoffrey Garen.
7916 My understanding is that weak vtables happen when the compiler/linker cannot
7917 determine which compilation unit should constain the vtable. In this case
7918 because there were only pure virtual functions as well as an "inline"
7919 virtual destructor (thus the virtual destructor was defined in many compilation
7920 units). Since you can't actually "inline" a virtual function (it still has to
7921 bounce through the vtable), the "inline" on this virutal destructor doesn't
7922 actually help performance, and is only serving to confuse the compiler here.
7923 I've moved the destructor implementation to the .cpp file, thus making
7924 it clear to the compiler where the vtable should be stored, and solving the error.
7926 * wtf/MetaAllocator.cpp:
7927 (WTF::MetaAllocator::~MetaAllocator):
7929 * wtf/MetaAllocator.h:
7931 2012-03-20 Gavin Barraclough <barraclough@apple.com>
7933 RegExpMatchesArray should not copy the ovector
7934 https://bugs.webkit.org/show_bug.cgi?id=81742
7936 Reviewed by Michael Saboff.
7938 Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
7939 This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
7940 main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
7941 and the results never accessed).
7942 If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
7944 * dfg/DFGOperations.cpp:
7945 - RegExpObject match renamed back to test (test returns a bool).
7946 * runtime/RegExpConstructor.cpp:
7948 - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
7949 (JSC::RegExpMatchesArray::finishCreation):
7950 - Removed RegExpConstructorPrivate parameter.
7951 (JSC::RegExpMatchesArray::reifyAllProperties):
7952 - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
7953 If there are sub-pattern properties, the RegExp is re-run to generate their values.
7954 (JSC::RegExpMatchesArray::reifyMatchProperty):
7955 - Reify just the match (index 0) property of the RegExpMatchesArray.
7956 * runtime/RegExpConstructor.h:
7957 (RegExpConstructor):
7958 (JSC::RegExpConstructor::performMatch):
7959 - performMatch now returns a MatchResult, rather than using out-parameters.
7960 * runtime/RegExpMatchesArray.h:
7961 (JSC::RegExpMatchesArray::RegExpMatchesArray):
7962 - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
7963 (RegExpMatchesArray):
7964 (JSC::RegExpMatchesArray::create):
7965 - Now passed the input string matched against, the RegExp, and the MatchResult.
7966 (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
7967 (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
7968 - Helpers to conditionally reify properties.
7969 (JSC::RegExpMatchesArray::getOwnPropertySlot):
7970 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
7971 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
7972 (JSC::RegExpMatchesArray::put):
7973 (JSC::RegExpMatchesArray::putByIndex):
7974 (JSC::RegExpMatchesArray::deleteProperty):
7975 (JSC::RegExpMatchesArray::deletePropertyByIndex):
7976 (JSC::RegExpMatchesArray::getOwnPropertyNames):
7977 (JSC::RegExpMatchesArray::defineOwnProperty):
7978 - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
7979 (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
7980 * runtime/RegExpObject.cpp:
7981 (JSC::RegExpObject::exec):
7982 (JSC::RegExpObject::match):
7983 - match now returns a MatchResult.
7984 * runtime/RegExpObject.h:
7985 (JSC::MatchResult::MatchResult):
7986 - Added the result of a match is a start & end tuple.
7987 (JSC::MatchResult::failed):
7988 - A failure is indicated by (notFound, 0).
7989 (JSC::MatchResult::operator bool):
7990 - Evaluates to false if the match failed.
7991 (JSC::MatchResult::empty):
7992 - Evaluates to true if the match succeeded with length 0.
7993 (JSC::RegExpObject::test):
7994 - Now returns a bool.
7995 * runtime/RegExpPrototype.cpp:
7996 (JSC::regExpProtoFuncTest):
7997 - RegExpObject match renamed back to test (test returns a bool).
7998 * runtime/StringPrototype.cpp:
7999 (JSC::removeUsingRegExpSearch):
8000 (JSC::replaceUsingRegExpSearch):
8001 (JSC::stringProtoFuncMatch):
8002 (JSC::stringProtoFuncSearch):
8003 - performMatch now returns a MatchResult, rather than using out-parameters.
8005 2012-03-21 Hojong Han <hojong.han@samsung.com>
8007 Fix out of memory by allowing overcommit
8008 https://bugs.webkit.org/show_bug.cgi?id=81743
8010 Reviewed by Geoffrey Garen.
8012 Garbage collection is not triggered and new blocks are added
8013 because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
8015 * wtf/OSAllocatorPosix.cpp:
8016 (WTF::OSAllocator::reserveAndCommit):
8018 2012-03-21 Jessie Berlin <jberlin@apple.com>
8020 More Windows build fixing.
8022 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
8023 Fix the order of the include directories to look in include/private first before looking
8024 in include/private/JavaScriptCore.
8025 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
8026 Look in the Production output directory (where the wtf headers will be). This is the same
8027 thing that is done for jsc and testRegExp in ReleasePGO.
8029 2012-03-21 Jessie Berlin <jberlin@apple.com>
8031 WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
8032 $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
8033 https://bugs.webkit.org/show_bug.cgi?id=81739
8035 Reviewed by Dan Bernstein.
8037 * JavaScriptCore.vcproj/jsc/jsc.vcproj:
8038 Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
8039 subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
8040 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
8043 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
8044 Get the headers for those 4 files from the wtf subdirectory of the build output, not the
8045 JavaScriptCore/wtf subdirectory.
8046 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
8049 2012-03-20 Eric Seidel <eric@webkit.org>
8051 Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
8052 https://bugs.webkit.org/show_bug.cgi?id=80911
8054 Reviewed by Adam Barth.
8056 Update the various build systems to depend on Source/WTF headers
8057 as well as remove references to Platform.h (since it's now moved).
8060 * JavaScriptCore.pri:
8061 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
8062 * JavaScriptCore.xcodeproj/project.pbxproj:
8063 * wtf/CMakeLists.txt:
8065 2012-03-20 Filip Pizlo <fpizlo@apple.com>
8067 op_mod fails on many interesting corner cases
8068 https://bugs.webkit.org/show_bug.cgi?id=81648
8070 Reviewed by Oliver Hunt.
8072 Removed most strength reduction for op_mod, and fixed the integer handling
8073 to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
8074 which this patch also fixes.
8076 This patch is performance neutral on all of the major benchmarks we track.
8078 * dfg/DFGOperations.cpp:
8079 * dfg/DFGOperations.h:
8080 * dfg/DFGSpeculativeJIT.cpp:
8082 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
8083 (JSC::DFG::SpeculativeJIT::compileArithMod):
8086 * jit/JITArithmetic.cpp:
8088 (JSC::JIT::emit_op_mod):
8089 (JSC::JIT::emitSlow_op_mod):
8090 * jit/JITArithmetic32_64.cpp:
8091 (JSC::JIT::emit_op_mod):
8092 (JSC::JIT::emitSlow_op_mod):
8093 * jit/JITOpcodes32_64.cpp:
8094 (JSC::JIT::privateCompileCTIMachineTrampolines):
8097 (TrampolineStructure):
8098 (JSC::JITThunks::ctiNativeConstruct):
8099 * llint/LowLevelInterpreter64.asm:
8101 * wtf/SimpleStats.h:
8102 (WTF::SimpleStats::variance):
8104 2012-03-20 Steve Falkenburg <sfalken@apple.com>
8106 Windows (make based) build fix.
8107 <rdar://problem/11069015>
8109 * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
8111 2012-03-20 Steve Falkenburg <sfalken@apple.com>
8113 Move WTF-related Windows project files out of JavaScriptCore
8114 https://bugs.webkit.org/show_bug.cgi?id=80680
8116 This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
8117 It does not move any source code. This is in preparation for the WTF source move out of
8120 Reviewed by Jessie Berlin.
8122 * JavaScriptCore.vcproj/JavaScriptCore.sln:
8123 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
8124 * JavaScriptCore.vcproj/WTF: Removed.
8125 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
8126 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
8127 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
8128 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
8129 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
8130 * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
8131 * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
8132 * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
8133 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
8134 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
8135 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
8136 * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
8137 * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
8138 * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
8139 * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
8140 * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
8141 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
8142 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
8143 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
8144 * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
8145 * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
8146 * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
8148 2012-03-20 Benjamin Poulain <bpoulain@apple.com>
8150 Cache the type string of JavaScript object
8151 https://bugs.webkit.org/show_bug.cgi?id=81446
8153 Reviewed by Geoffrey Garen.
8155 Instead of creating the JSString every time, we create
8156 lazily the strings in JSGlobalData.
8158 This avoid the construction of the StringImpl and of the JSString,
8159 which gives some performance improvements.
8161 * runtime/CommonIdentifiers.h:
8162 * runtime/JSValue.cpp:
8163 (JSC::JSValue::toStringSlowCase):
8164 * runtime/Operations.cpp:
8165 (JSC::jsTypeStringForValue):
8166 * runtime/SmallStrings.cpp:
8167 (JSC::SmallStrings::SmallStrings):
8168 (JSC::SmallStrings::finalizeSmallStrings):
8169 (JSC::SmallStrings::initialize):
8171 * runtime/SmallStrings.h:
8174 2012-03-20 Oliver Hunt <oliver@apple.com>
8176 Allow LLINT to work even when executable allocation fails.
8177 https://bugs.webkit.org/show_bug.cgi?id=81693
8179 Reviewed by Gavin Barraclough.
8181 Don't crash if executable allocation fails if we can fall back on LLINT
8183 * jit/ExecutableAllocatorFixedVMPool.cpp:
8184 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
8185 * wtf/OSAllocatorPosix.cpp:
8186 (WTF::OSAllocator::reserveAndCommit):
8188 2012-03-20 Csaba Osztrogonác <ossy@webkit.org>
8190 Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
8191 https://bugs.webkit.org/show_bug.cgi?id=81428
8193 32 bit buildfix after r111355.
8195 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
8196 The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h).
8198 Reviewed by Zoltan Herczeg.
8200 * dfg/DFGSpeculativeJIT.cpp:
8201 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
8203 2012-03-19 Jochen Eisinger <jochen@chromium.org>
8205 Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
8206 https://bugs.webkit.org/show_bug.cgi?id=80983
8208 Reviewed by Darin Adler.
8210 This allows printing a backtrace acquired by an earlier WTFGetBacktrace
8211 call which is useful for local debugging.
8213 * wtf/Assertions.cpp:
8216 2012-03-19 Benjamin Poulain <benjamin@webkit.org>
8218 Do not copy the script source in the SourceProvider, just reference the existing string
8219 https://bugs.webkit.org/show_bug.cgi?id=81466
8221 Reviewed by Geoffrey Garen.
8223 * parser/SourceCode.h: Remove the unused, and incorrect, function data().
8224 * parser/SourceProvider.h: Add OVERRIDE for clarity.
8226 2012-03-19 Filip Pizlo <fpizlo@apple.com>
8228 Division optimizations fail to infer cases of truncated division and
8229 mishandle -2147483648/-1
8230 https://bugs.webkit.org/show_bug.cgi?id=81428
8231 <rdar://problem/11067382>
8233 Reviewed by Oliver Hunt.
8235 If you're a division over integers and you're only used as an integer, then you're
8236 an integer division and remainder checks become unnecessary. If you're dividing
8237 -2147483648 by -1, don't crash.
8239 * assembler/MacroAssemblerX86Common.h:
8240 (MacroAssemblerX86Common):
8241 (JSC::MacroAssemblerX86Common::add32):
8242 * dfg/DFGSpeculativeJIT.cpp:
8244 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
8245 * dfg/DFGSpeculativeJIT.h:
8247 * dfg/DFGSpeculativeJIT32_64.cpp:
8248 (JSC::DFG::SpeculativeJIT::compile):
8249 * dfg/DFGSpeculativeJIT64.cpp:
8250 (JSC::DFG::SpeculativeJIT::compile):
8251 * llint/LowLevelInterpreter64.asm:
8253 2012-03-19 Benjamin Poulain <bpoulain@apple.com>
8255 Simplify SmallStrings
8256 https://bugs.webkit.org/show_bug.cgi?id=81445
8258 Reviewed by Gavin Barraclough.
8260 SmallStrings had two methods that should not be public: count() and clear().
8262 The method clear() is effectively replaced by finalizeSmallStrings(). The body
8263 of the method was moved to the constructor since the code is obvious.
8265 The method count() is unused.
8267 * runtime/SmallStrings.cpp:
8268 (JSC::SmallStrings::SmallStrings):
8269 * runtime/SmallStrings.h:
8272 2012-03-19 Filip Pizlo <fpizlo@apple.com>
8274 DFG can no longer compile V8-v4/regexp in debug mode
8275 https://bugs.webkit.org/show_bug.cgi?id=81592
8277 Reviewed by Gavin Barraclough.
8279 * dfg/DFGSpeculativeJIT32_64.cpp:
8280 (JSC::DFG::SpeculativeJIT::compile):
8281 * dfg/DFGSpeculativeJIT64.cpp:
8282 (JSC::DFG::SpeculativeJIT::compile):
8284 2012-03-19 Filip Pizlo <fpizlo@apple.com>
8286 Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
8287 change throughout the fixpoint
8288 https://bugs.webkit.org/show_bug.cgi?id=81583
8290 Reviewed by Michael Saboff.
8292 * dfg/DFGPredictionPropagationPhase.cpp:
8293 (JSC::DFG::PredictionPropagationPhase::propagate):
8295 2012-03-19 Filip Pizlo <fpizlo@apple.com>
8297 GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
8298 the process of being generated
8299 https://bugs.webkit.org/show_bug.cgi?id=81565
8301 Reviewed by Oliver Hunt.
8303 * bytecode/CodeBlock.cpp:
8304 (JSC::CodeBlock::finalizeUnconditionally):
8306 2012-03-19 Eric Seidel <eric@webkit.org>
8308 Fix WTF header include discipline in Chromium WebKit
8309 https://bugs.webkit.org/show_bug.cgi?id=81281
8311 Reviewed by James Robinson.
8313 * JavaScriptCore.gyp/JavaScriptCore.gyp:
8314 * wtf/unicode/icu/CollatorICU.cpp:
8316 2012-03-19 Filip Pizlo <fpizlo@apple.com>
8318 DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
8319 https://bugs.webkit.org/show_bug.cgi?id=81556
8321 Rubber stamped by Gavin Barraclough.
8323 * GNUmakefile.list.am:
8324 * JavaScriptCore.xcodeproj/project.pbxproj:
8325 * dfg/DFGAbstractState.h:
8326 (JSC::DFG::AbstractState::forNode):
8327 * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
8328 (JSC::DFG::AdjacencyList::AdjacencyList):
8329 (JSC::DFG::AdjacencyList::child):
8330 (JSC::DFG::AdjacencyList::setChild):
8331 (JSC::DFG::AdjacencyList::child1):
8332 (JSC::DFG::AdjacencyList::child2):
8333 (JSC::DFG::AdjacencyList::child3):
8334 (JSC::DFG::AdjacencyList::setChild1):
8335 (JSC::DFG::AdjacencyList::setChild2):
8336 (JSC::DFG::AdjacencyList::setChild3):
8337 (JSC::DFG::AdjacencyList::child1Unchecked):
8338 (JSC::DFG::AdjacencyList::initialize):
8340 * dfg/DFGByteCodeParser.cpp:
8341 (JSC::DFG::ByteCodeParser::addVarArgChild):
8342 (JSC::DFG::ByteCodeParser::processPhiStack):
8343 * dfg/DFGCSEPhase.cpp:
8344 (JSC::DFG::CSEPhase::canonicalize):
8345 (JSC::DFG::CSEPhase::performSubstitution):
8346 * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
8348 (JSC::DFG::Edge::Edge):
8349 (JSC::DFG::Edge::operator==):
8350 (JSC::DFG::Edge::operator!=):
8352 (JSC::DFG::operator==):
8353 (JSC::DFG::operator!=):
8355 (JSC::DFG::Graph::operator[]):
8356 (JSC::DFG::Graph::at):
8357 (JSC::DFG::Graph::ref):
8358 (JSC::DFG::Graph::deref):
8359 (JSC::DFG::Graph::clearAndDerefChild1):
8360 (JSC::DFG::Graph::clearAndDerefChild2):
8361 (JSC::DFG::Graph::clearAndDerefChild3):
8363 * dfg/DFGJITCompiler.h:
8364 (JSC::DFG::JITCompiler::getPrediction):
8366 (JSC::DFG::Node::Node):
8367 (JSC::DFG::Node::child1):
8368 (JSC::DFG::Node::child1Unchecked):
8369 (JSC::DFG::Node::child2):
8370 (JSC::DFG::Node::child3):
8372 * dfg/DFGNodeFlags.cpp:
8373 (JSC::DFG::arithNodeFlagsAsString):
8374 * dfg/DFGNodeFlags.h:
8376 (JSC::DFG::nodeUsedAsNumber):
8377 * dfg/DFGNodeReferenceBlob.h: Removed.
8378 * dfg/DFGNodeUse.h: Removed.
8379 * dfg/DFGPredictionPropagationPhase.cpp:
8380 (JSC::DFG::PredictionPropagationPhase::propagate):
8381 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
8382 (JSC::DFG::PredictionPropagationPhase::vote):
8383 (JSC::DFG::PredictionPropagationPhase::fixupNode):
8384 * dfg/DFGScoreBoard.h:
8385 (JSC::DFG::ScoreBoard::use):
8386 * dfg/DFGSpeculativeJIT.cpp:
8387 (JSC::DFG::SpeculativeJIT::useChildren):
8388 (JSC::DFG::SpeculativeJIT::writeBarrier):
8389 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
8390 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
8391 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
8392 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
8393 * dfg/DFGSpeculativeJIT.h:
8394 (JSC::DFG::SpeculativeJIT::at):
8395 (JSC::DFG::SpeculativeJIT::canReuse):
8396 (JSC::DFG::SpeculativeJIT::use):
8398 (JSC::DFG::SpeculativeJIT::speculationCheck):
8399 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
8400 (JSC::DFG::IntegerOperand::IntegerOperand):
8401 (JSC::DFG::DoubleOperand::DoubleOperand):
8402 (JSC::DFG::JSValueOperand::JSValueOperand):
8403 (JSC::DFG::StorageOperand::StorageOperand):
8404 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
8405 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
8406 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
8407 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
8408 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
8409 * dfg/DFGSpeculativeJIT32_64.cpp:
8410 (JSC::DFG::SpeculativeJIT::cachedPutById):
8411 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
8412 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
8413 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
8414 (JSC::DFG::SpeculativeJIT::emitCall):
8415 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
8416 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
8417 * dfg/DFGSpeculativeJIT64.cpp:
8418 (JSC::DFG::SpeculativeJIT::cachedPutById):
8419 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
8420 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
8421 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
8422 (JSC::DFG::SpeculativeJIT::emitCall):
8423 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
8424 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
8426 2012-03-19 Gavin Barraclough <barraclough@apple.com>
8428 Object.freeze broken on latest Nightly
8429 https://bugs.webkit.org/show_bug.cgi?id=80577
8431 Reviewed by Oliver Hunt.
8433 * runtime/Arguments.cpp:
8434 (JSC::Arguments::defineOwnProperty):
8435 - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
8436 been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
8437 * runtime/JSFunction.cpp:
8438 (JSC::JSFunction::defineOwnProperty):
8439 - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
8440 the object must be extensible; this is incorrect since these properties should already exist
8441 on the object. In addition, it was asserting that the arguments/caller values must match the
8442 corresponding magic data properties, but for strict mode function this is incorrect. Instead,
8443 just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
8445 2012-03-19 Filip Pizlo <fpizlo@apple.com>
8447 LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
8448 https://bugs.webkit.org/show_bug.cgi?id=81559
8450 Reviewed by Michael Saboff.
8452 * llint/LLIntSlowPaths.cpp:
8453 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
8455 2012-03-19 Yong Li <yoli@rim.com>
8457 [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
8458 https://bugs.webkit.org/show_bug.cgi?id=77013
8460 We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
8461 implement memory decommitting for QNX.
8463 Reviewed by Rob Buis.
8465 * wtf/OSAllocatorPosix.cpp:
8466 (WTF::OSAllocator::reserveUncommitted):
8467 (WTF::OSAllocator::commit):
8468 (WTF::OSAllocator::decommit):
8470 2012-03-19 Gavin Barraclough <barraclough@apple.com>
8472 Unreviewed - revent a couple of files accidentally committed.
8474 * runtime/Arguments.cpp:
8475 (JSC::Arguments::defineOwnProperty):
8476 * runtime/JSFunction.cpp:
8477 (JSC::JSFunction::defineOwnProperty):
8479 2012-03-19 Jessie Berlin <jberlin@apple.com>
8481 Another Windows build fix after r111129.
8483 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
8485 2012-03-19 Raphael Kubo da Costa <rakuco@FreeBSD.org>
8487 Cross-platform processor core counter: fix build on FreeBSD.
8488 https://bugs.webkit.org/show_bug.cgi?id=81482
8490 Reviewed by Zoltan Herczeg.
8492 The documentation of sysctl(3) shows that <sys/types.h> should be
8493 included before <sys/sysctl.h> (sys/types.h tends to be the first
8494 included header in general).
8496 This should fix the build on FreeBSD and other systems where
8497 sysctl.h really depends on types defined in types.h.
8499 * wtf/NumberOfCores.cpp:
8501 2012-03-19 Jessie Berlin <jberlin@apple.com>
8503 Windows build fix after r111129.
8505 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
8507 2012-03-19 Gavin Barraclough <barraclough@apple.com>
8509 JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
8510 https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
8512 Reviewed by Oliver Hunt.
8514 The API specifies that convertToType may opt not to handle a conversion:
8515 "@result The objects's converted value, or NULL if the object was not converted."
8516 In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
8517 conversion functions, and failing that call the JSObject::defaultValue function.
8519 Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
8520 the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
8521 bug#73368, these will return the result from the first convertToType they find, regardless
8522 of whether this result is null, and if no convertToType method is found in the api class
8523 hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
8524 chain), they will also return a null pointer. This is unsafe.
8526 It would be easy to make the approach based around toStringCallback/valueOfCallback continue
8527 to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
8528 (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
8529 Making the fallback work with toString/valueOf methods attached to api objects is probably
8530 not the right thing to do – instead, we should just implement the defaultValue trap for api
8533 In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
8534 null to be returned from C to JavaScript - this is not okay. Handle with an exception.
8536 * API/JSCallbackFunction.cpp:
8537 (JSC::JSCallbackFunction::call):
8538 - Should be null checking the return value.
8540 - Remove toStringCallback/valueOfCallback.
8541 * API/JSCallbackFunction.h:
8542 (JSCallbackFunction):
8543 - Remove toStringCallback/valueOfCallback.
8544 * API/JSCallbackObject.h:
8546 - Add defaultValue mthods to JSCallbackObject.
8547 * API/JSCallbackObjectFunctions.h:
8548 (JSC::::defaultValue):
8549 - Add defaultValue mthods to JSCallbackObject.
8550 * API/JSClassRef.cpp:
8551 (OpaqueJSClass::prototype):
8552 - Remove toStringCallback/valueOfCallback.
8553 * API/tests/testapi.js:
8554 - Revert this test, now we no longer artificially introduce a toString method onto the api object.
8556 2012-03-18 Raphael Kubo da Costa <rakuco@FreeBSD.org>
8558 [EFL] Include ICU_INCLUDE_DIRS when building.
8559 https://bugs.webkit.org/show_bug.cgi?id=81483
8561 Reviewed by Daniel Bates.
8563 So far, only the ICU libraries were being included when building
8564 JavaScriptCore, however the include path is also needed, otherwise the
8565 build will fail when ICU is installed into a non-standard location.
8567 * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
8569 2012-03-17 Gavin Barraclough <barraclough@apple.com>
8571 Strength reduction, RegExp.exec -> RegExp.test
8572 https://bugs.webkit.org/show_bug.cgi?id=81459
8574 Reviewed by Sam Weinig.
8576 RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
8577 expression for a match against a string - however exec is more expensive, since
8578 it allocates a matches array object. In cases where the result is consumed in a
8579 boolean context the allocation of the matches array can be trivially elided.
8584 for (i =0; i < 10000000; ++i)
8589 This is a 2.5x speedup on this example microbenchmark loop.
8591 In a more advanced form of this optimization, we may be able to avoid allocating
8592 the array where access to the array can be observed.
8594 * create_hash_table:
8595 * dfg/DFGAbstractState.cpp:
8596 (JSC::DFG::AbstractState::execute):
8597 * dfg/DFGByteCodeParser.cpp:
8598 (JSC::DFG::ByteCodeParser::handleIntrinsic):
8600 (JSC::DFG::Node::hasHeapPrediction):
8601 * dfg/DFGNodeType.h:
8603 * dfg/DFGOperations.cpp:
8604 * dfg/DFGOperations.h:
8605 * dfg/DFGPredictionPropagationPhase.cpp:
8606 (JSC::DFG::PredictionPropagationPhase::propagate):
8607 * dfg/DFGSpeculativeJIT.cpp:
8608 (JSC::DFG::SpeculativeJIT::compileRegExpExec):
8610 * dfg/DFGSpeculativeJIT.h:
8611 (JSC::DFG::SpeculativeJIT::callOperation):
8612 * dfg/DFGSpeculativeJIT32_64.cpp:
8613 (JSC::DFG::SpeculativeJIT::compile):
8614 * dfg/DFGSpeculativeJIT64.cpp:
8615 (JSC::DFG::SpeculativeJIT::compile):
8617 (GlobalObject::addConstructableFunction):
8618 * runtime/Intrinsic.h:
8619 * runtime/JSFunction.cpp:
8620 (JSC::JSFunction::create):
8622 * runtime/JSFunction.h:
8624 * runtime/Lookup.cpp:
8625 (JSC::setUpStaticFunctionSlot):
8626 * runtime/RegExpObject.cpp:
8627 (JSC::RegExpObject::exec):
8628 (JSC::RegExpObject::match):
8629 * runtime/RegExpObject.h:
8631 * runtime/RegExpPrototype.cpp:
8632 (JSC::regExpProtoFuncTest):
8633 (JSC::regExpProtoFuncExec):
8635 2012-03-16 Michael Saboff <msaboff@apple.com>
8637 Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
8638 https://bugs.webkit.org/show_bug.cgi?id=81244
8640 Rubber stamped by Filip Pizlo.
8642 Changed type and name of JSGlobalData::m_isInitializingObject to
8643 ClassInfo* and m_initializingObjectClass.
8644 Changed JSGlobalData::setInitializingObject to
8645 JSGlobalData::setInitializingObjectClass. This pointer can be used within
8646 the debugger to determine what type of object is being initialized.
8649 (JSC::JSCell::finishCreation):
8650 (JSC::allocateCell):
8651 * runtime/JSGlobalData.cpp:
8652 (JSC::JSGlobalData::JSGlobalData):
8653 * runtime/JSGlobalData.h:
8655 (JSC::JSGlobalData::isInitializingObject):
8656 (JSC::JSGlobalData::setInitializingObjectClass):
8657 * runtime/Structure.h:
8658 (JSC::JSCell::finishCreation):
8660 2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
8662 tryReallocate could break the zero-ed memory invariant of CopiedBlocks
8663 https://bugs.webkit.org/show_bug.cgi?id=82087
8665 Reviewed by Filip Pizlo.
8667 Removing this optimization turned out to be ~1% regression on kraken, so I simply
8668 undid the modification to the current block if we fail.
8670 * heap/CopiedSpace.cpp:
8671 (JSC::CopiedSpace::tryReallocate): Undid the reset in the CopiedAllocator if we fail
8672 to reallocate from the current block.
8674 2012-03-23 Alexey Proskuryakov <ap@apple.com>
8676 [Mac] No need for platform-specific ENABLE_BLOB values
8677 https://bugs.webkit.org/show_bug.cgi?id=82102
8679 Reviewed by David Kilzer.
8681 * Configurations/FeatureDefines.xcconfig:
8683 2012-03-23 Michael Saboff <msaboff@apple.com>
8685 DFG::compileValueToInt32 Sometime Generates GPR to FPR reg back to GPR
8686 https://bugs.webkit.org/show_bug.cgi?id=81805
8688 Reviewed by Filip Pizlo.
8690 Added SpeculativeJIT::checkGeneratedType() to determine the current format
8691 of an operand. Used that information in SpeculativeJIT::compileValueToInt32
8692 to generate code that will use integer and JSValue types in integer
8693 format directly without a conversion to double.
8695 * JavaScriptCore.xcodeproj/project.pbxproj:
8696 * dfg/DFGSpeculativeJIT.cpp:
8697 (JSC::DFG::SpeculativeJIT::checkGeneratedType):
8699 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
8700 * dfg/DFGSpeculativeJIT.h:
8704 2012-03-23 Steve Falkenburg <sfalken@apple.com>
8706 Update Apple Windows build files for WTF move
8707 https://bugs.webkit.org/show_bug.cgi?id=82069
8709 Reviewed by Jessie Berlin.
8711 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Removed WTF and WTFGenerated.
8713 2012-03-23 Dean Jackson <dino@apple.com>
8715 Disable CSS_SHADERS in Apple builds
8716 https://bugs.webkit.org/show_bug.cgi?id=81996
8718 Reviewed by Simon Fraser.
8720 Remove ENABLE_CSS_SHADERS from FeatureDefines. It's now in Platform.h.
8722 * Configurations/FeatureDefines.xcconfig:
8724 2012-03-23 Gavin Barraclough <barraclough@apple.com>
8726 RexExp constructor last match properties should not rely on previous ovector
8727 https://bugs.webkit.org/show_bug.cgi?id=82077
8729 Reviewed by Oliver Hunt.
8731 This change simplifies matching, and will enable subpattern results to be fully lazily generated in the future.
8733 This patch changes the scheme used to lazily generate the last match properties of the RegExp object.
8734 Instead of relying on the results in the ovector, we can instead lazily generate the subpatters using
8735 a RegExpMatchesArray. To do so we just need to store the input, the regexp matched, and the match
8736 location (the MatchResult). When the match is accessed or the input is set, we reify results. We use
8737 a special value of setting the saved result to MatchResult::failed() to indicated that we're in a
8738 reified state. This means that next time a match is performed, the store of the result will
8739 automatically blow away the reified value.
8741 * JavaScriptCore.xcodeproj/project.pbxproj:
8743 * runtime/RegExp.cpp:
8744 (JSC::RegExpFunctionalTestCollector::outputOneTest):
8745 - changed 'subPattern' -> 'subpattern' (there was a mix in JSC, 'subpattern' was more common).
8746 * runtime/RegExpCachedResult.cpp: Added.
8747 (JSC::RegExpCachedResult::visitChildren):
8748 (JSC::RegExpCachedResult::lastResult):
8749 (JSC::RegExpCachedResult::setInput):
8750 - New methods, mark GC objects, lazily create the matches array, and record a user provided input (via assignment to RegExp.inupt).
8751 * runtime/RegExpCachedResult.h: Added.
8752 (RegExpCachedResult):
8754 (JSC::RegExpCachedResult::RegExpCachedResult):
8755 (JSC::RegExpCachedResult::record):
8756 (JSC::RegExpCachedResult::input):
8757 - Initialize the object, record the result of a RegExp match, access the stored input property.
8758 * runtime/RegExpConstructor.cpp:
8759 (JSC::RegExpConstructor::RegExpConstructor):
8760 - Initialize m_result/m_multiline properties.
8761 (JSC::RegExpConstructor::visitChildren):
8762 - Make sure the cached results (or lazy source for them) are marked.
8763 (JSC::RegExpConstructor::getBackref):
8764 (JSC::RegExpConstructor::getLastParen):
8765 (JSC::RegExpConstructor::getLeftContext):
8766 (JSC::RegExpConstructor::getRightContext):
8767 - Moved from RegExpConstructor, moved to RegExpCachedResult, and using new caching scheme.
8768 (JSC::regExpConstructorInput):
8769 (JSC::setRegExpConstructorInput):
8770 - Changed to use RegExpCachedResult.
8771 * runtime/RegExpConstructor.h:
8772 (JSC::RegExpConstructor::create):
8773 (RegExpConstructor):
8774 (JSC::RegExpConstructor::setMultiline):
8775 (JSC::RegExpConstructor::multiline):
8776 - Move multiline property onto the constructor object; it is not affected by the last match.
8777 (JSC::RegExpConstructor::setInput):
8778 (JSC::RegExpConstructor::input):
8779 - These defer to RegExpCachedResult.
8780 (JSC::RegExpConstructor::performMatch):
8781 * runtime/RegExpMatchesArray.cpp: Added.
8782 (JSC::RegExpMatchesArray::visitChildren):
8783 - Eeeep! added missing visitChildren!
8784 (JSC::RegExpMatchesArray::finishCreation):
8785 (JSC::RegExpMatchesArray::reifyAllProperties):
8786 (JSC::RegExpMatchesArray::reifyMatchProperty):
8787 - Moved from RegExpConstructor.cpp.
8788 (JSC::RegExpMatchesArray::leftContext):
8789 (JSC::RegExpMatchesArray::rightContext):
8790 - Since the match start/
8791 * runtime/RegExpMatchesArray.h:
8792 (RegExpMatchesArray):
8793 - Declare new methods & structure flags.
8794 * runtime/RegExpObject.cpp:
8795 (JSC::RegExpObject::match):
8796 - performMatch now requires the JSString input, to cache.
8797 * runtime/StringPrototype.cpp:
8798 (JSC::removeUsingRegExpSearch):
8799 (JSC::replaceUsingRegExpSearch):
8800 (JSC::stringProtoFuncMatch):
8801 (JSC::stringProtoFuncSearch):
8802 - performMatch now requires the JSString input, to cache.
8804 2012-03-23 Tony Chang <tony@chromium.org>
8806 [chromium] rename newwtf target back to wtf
8807 https://bugs.webkit.org/show_bug.cgi?id=82064
8809 Reviewed by Adam Barth.
8811 * JavaScriptCore.gyp/JavaScriptCore.gyp:
8813 2012-03-23 Mark Hahnenberg <mhahnenberg@apple.com>
8815 Simplify memory usage tracking in CopiedSpace
8816 https://bugs.webkit.org/show_bug.cgi?id=80705
8818 Reviewed by Filip Pizlo.
8820 * heap/CopiedAllocator.h:
8821 (CopiedAllocator): Rename currentUtilization to currentSize.
8822 (JSC::CopiedAllocator::currentCapacity):
8823 * heap/CopiedBlock.h:
8825 (JSC::CopiedBlock::payload): Move the implementation of payload() out of the class
8828 (JSC::CopiedBlock::size): Add new function to calculate the block's size.
8829 (JSC::CopiedBlock::capacity): Ditto for capacity.
8830 * heap/CopiedSpace.cpp:
8831 (JSC::CopiedSpace::CopiedSpace): Remove old bogus memory stats fields and add a new
8832 field for the water mark.
8833 (JSC::CopiedSpace::init):
8834 (JSC::CopiedSpace::tryAllocateSlowCase): When we fail to allocate from the current
8835 block, we need to update our current water mark with the size of the block.
8836 (JSC::CopiedSpace::tryAllocateOversize): When we allocate a new oversize block, we
8837 need to update our current water mark with the size of the used portion of the block.
8838 (JSC::CopiedSpace::tryReallocate): We don't need to update the water mark when
8839 reallocating because it will either get accounted for when we fill up the block later
8840 in the case of being able to reallocate in the current block or it will get picked up
8841 immediately because we'll have to get a new block.
8842 (JSC::CopiedSpace::tryReallocateOversize): We do, however, need to update in when
8843 realloc-ing an oversize block because we deallocate the old block and allocate a brand
8845 (JSC::CopiedSpace::doneFillingBlock): Update the water mark as blocks are returned to
8846 the CopiedSpace by the SlotVisitors.
8847 (JSC::CopiedSpace::doneCopying): Add in any pinned blocks to the water mark.
8848 (JSC::CopiedSpace::getFreshBlock): We use the Heap's new function to tell us whether or
8849 not we should collect now instead of doing the calculation ourself.
8850 (JSC::CopiedSpace::destroy):
8852 (JSC::CopiedSpace::size): Manually calculate the size of the CopiedSpace, similar to how
8854 (JSC::CopiedSpace::capacity): Ditto for capacity.
8855 * heap/CopiedSpace.h:
8856 (JSC::CopiedSpace::waterMark):
8858 * heap/CopiedSpaceInlineMethods.h:
8859 (JSC::CopiedSpace::startedCopying): Reset water mark to 0 when we start copying during a
8861 (JSC::CopiedSpace::allocateNewBlock):
8862 (JSC::CopiedSpace::fitsInBlock):
8863 (JSC::CopiedSpace::allocateFromBlock):
8865 (JSC::Heap::size): Incorporate size of CopiedSpace into the total size of the Heap.
8866 (JSC::Heap::capacity): Ditto for capacity.
8867 (JSC::Heap::collect):
8870 (JSC::Heap::shouldCollect): New function for other sub-parts of the Heap to use to
8871 determine whether they should initiate a collection or continue to allocate new blocks.
8873 (JSC::Heap::waterMark): Now is the sum of the water marks of the two sub-parts of the
8874 Heap (MarkedSpace and CopiedSpace).
8875 * heap/MarkedAllocator.cpp:
8876 (JSC::MarkedAllocator::allocateSlowCase): Changed to use the Heap's new shouldCollect() function.
8878 2012-03-23 Ryosuke Niwa <rniwa@webkit.org>
8880 BitVector::resizeOutOfLine doesn't memset when converting an inline buffer
8881 https://bugs.webkit.org/show_bug.cgi?id=82012
8883 Reviewed by Filip Pizlo.
8885 Initialize out-of-line buffers while extending an inline buffer. Also export symbols to be used in WebCore.
8887 * wtf/BitVector.cpp:
8888 (WTF::BitVector::resizeOutOfLine):
8893 2012-03-22 Michael Saboff <msaboff@apple.com>
8895 ExecutableAllocator::memoryPressureMultiplier() might can return NaN
8896 https://bugs.webkit.org/show_bug.cgi?id=82002
8898 Reviewed by Filip Pizlo.
8900 Guard against divide by zero and then make sure the return
8903 * jit/ExecutableAllocator.cpp:
8904 (JSC::ExecutableAllocator::memoryPressureMultiplier):
8905 * jit/ExecutableAllocatorFixedVMPool.cpp:
8906 (JSC::ExecutableAllocator::memoryPressureMultiplier):
8908 2012-03-22 Jessie Berlin <jberlin@apple.com>
8910 Windows build fix after r111778.
8912 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
8913 Don't include and try to build files owned by WTF.
8914 Also, let VS have its way with the vcproj in terms of file ordering.
8916 2012-03-22 Raphael Kubo da Costa <rakuco@FreeBSD.org>
8918 [CMake] Unreviewed build fix after r111778.
8920 * CMakeLists.txt: Move ${WTF_DIR} after ${JAVASCRIPTCORE_DIR} in
8921 the include paths so that the right config.h is used.
8923 2012-03-22 Tony Chang <tony@chromium.org>
8925 Unreviewed, fix chromium build after wtf move.
8927 Remove old wtf_config and wtf targets.
8929 * JavaScriptCore.gyp/JavaScriptCore.gyp:
8931 2012-03-22 Martin Robinson <mrobinson@igalia.com>
8933 Fixed the GTK+ WTF/JavaScriptCore build after r111778.
8935 * GNUmakefile.list.am: Removed an extra trailing backslash.
8937 2012-03-22 Mark Rowe <mrowe@apple.com>
8941 * Configurations/JavaScriptCore.xcconfig: Tell the linker to pull in all members from static libraries
8942 rather than only those that contain symbols that JavaScriptCore itself uses.
8943 * JavaScriptCore.xcodeproj/project.pbxproj: Remove some bogus settings that crept in to the Xcode project.
8945 2012-03-22 Filip Pizlo <fpizlo@apple.com>
8947 DFG NodeFlags has some duplicate code and naming issues
8948 https://bugs.webkit.org/show_bug.cgi?id=81975
8950 Reviewed by Gavin Barraclough.
8952 Removed most references to "ArithNodeFlags" since those are now just part
8953 of the node flags. Fixed some renaming goofs (EdgedAsNum is once again
8954 NodeUsedAsNum). Got rid of setArithNodeFlags() and mergeArithNodeFlags()
8955 because the former was never called and the latter did the same things as
8958 * dfg/DFGByteCodeParser.cpp:
8959 (JSC::DFG::ByteCodeParser::makeSafe):
8960 (JSC::DFG::ByteCodeParser::makeDivSafe):
8961 (JSC::DFG::ByteCodeParser::handleIntrinsic):
8963 (JSC::DFG::Graph::dump):
8965 (JSC::DFG::Node::arithNodeFlags):
8967 * dfg/DFGNodeFlags.cpp:
8968 (JSC::DFG::nodeFlagsAsString):
8969 * dfg/DFGNodeFlags.h:
8971 (JSC::DFG::nodeUsedAsNumber):
8972 * dfg/DFGPredictionPropagationPhase.cpp:
8973 (JSC::DFG::PredictionPropagationPhase::propagate):
8974 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
8976 2012-03-22 Eric Seidel <eric@webkit.org>
8978 Actually move WTF files to their new home
8979 https://bugs.webkit.org/show_bug.cgi?id=81844
8981 Unreviewed. The details of the port-specific changes
8982 have been seen by contributors from those ports, but
8983 the whole 5MB change isn't very reviewable as-is.
8986 * GNUmakefile.list.am:
8987 * JSCTypedArrayStubs.h:
8988 * JavaScriptCore.gypi:
8989 * JavaScriptCore.xcodeproj/project.pbxproj:
8992 2012-03-22 Kevin Ollivier <kevino@theolliviers.com>
8994 [wx] Unreviewed. Adding Source/WTF to the build.
8998 2012-03-22 Gavin Barraclough <barraclough@apple.com>
9000 Add JSValue::isFunction
9001 https://bugs.webkit.org/show_bug.cgi?id=81935
9003 Reviewed by Geoff Garen.
9005 This would be useful in the WebCore bindings code.
9006 Also, remove asFunction, replace with jsCast<JSFunction*>.
9008 * API/JSContextRef.cpp:
9009 * debugger/Debugger.cpp:
9010 * debugger/DebuggerCallFrame.cpp:
9011 (JSC::DebuggerCallFrame::functionName):
9013 (JSC::DFG::Graph::valueOfFunctionConstant):
9014 * dfg/DFGOperations.cpp:
9015 * interpreter/CallFrame.cpp:
9016 (JSC::CallFrame::isInlineCallFrameSlow):
9017 * interpreter/Interpreter.cpp:
9018 (JSC::Interpreter::privateExecute):
9020 (JSC::DEFINE_STUB_FUNCTION):
9021 (JSC::jitCompileFor):
9023 * llint/LLIntSlowPaths.cpp:
9024 (JSC::LLInt::traceFunctionPrologue):
9025 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
9026 (JSC::LLInt::setUpCall):
9027 * runtime/Arguments.h:
9028 (JSC::Arguments::finishCreation):
9029 * runtime/ArrayPrototype.cpp:
9030 (JSC::arrayProtoFuncFilter):
9031 (JSC::arrayProtoFuncMap):
9032 (JSC::arrayProtoFuncEvery):
9033 (JSC::arrayProtoFuncForEach):
9034 (JSC::arrayProtoFuncSome):
9035 (JSC::arrayProtoFuncReduce):
9036 (JSC::arrayProtoFuncReduceRight):
9037 * runtime/CommonSlowPaths.h:
9038 (JSC::CommonSlowPaths::arityCheckFor):
9039 * runtime/Executable.h:
9040 (JSC::FunctionExecutable::compileFor):
9041 (JSC::FunctionExecutable::compileOptimizedFor):
9042 * runtime/FunctionPrototype.cpp:
9043 (JSC::functionProtoFuncToString):
9044 * runtime/JSArray.cpp:
9045 (JSC::JSArray::sort):
9046 * runtime/JSFunction.cpp:
9047 (JSC::JSFunction::argumentsGetter):
9048 (JSC::JSFunction::callerGetter):
9049 (JSC::JSFunction::lengthGetter):
9050 * runtime/JSFunction.h:
9052 (JSC::asJSFunction):
9053 (JSC::JSValue::isFunction):
9054 * runtime/JSGlobalData.cpp:
9055 (WTF::Recompiler::operator()):
9056 (JSC::JSGlobalData::releaseExecutableMemory):
9057 * runtime/JSValue.h:
9058 * runtime/StringPrototype.cpp:
9059 (JSC::replaceUsingRegExpSearch):
9061 2012-03-21 Filip Pizlo <fpizlo@apple.com>
9063 DFG speculation on booleans should be rationalized
9064 https://bugs.webkit.org/show_bug.cgi?id=81840
9066 Reviewed by Gavin Barraclough.
9068 This removes isKnownBoolean() and replaces it with AbstractState-based
9069 optimization, and cleans up the control flow in code gen methods for
9070 Branch and LogicalNot. Also fixes a goof in Node::shouldSpeculateNumber,
9071 and removes isKnownNotBoolean() since that method appeared to be a
9072 helper used solely by 32_64's speculateBooleanOperation().
9074 This is performance-neutral.
9076 * dfg/DFGAbstractState.cpp:
9077 (JSC::DFG::AbstractState::execute):
9079 (JSC::DFG::Node::shouldSpeculateNumber):
9080 * dfg/DFGSpeculativeJIT.cpp:
9082 * dfg/DFGSpeculativeJIT.h:
9084 * dfg/DFGSpeculativeJIT32_64.cpp:
9085 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
9086 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
9087 (JSC::DFG::SpeculativeJIT::emitBranch):
9088 (JSC::DFG::SpeculativeJIT::compile):
9089 * dfg/DFGSpeculativeJIT64.cpp:
9090 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
9091 (JSC::DFG::SpeculativeJIT::emitBranch):
9092 (JSC::DFG::SpeculativeJIT::compile):
9094 2012-03-21 Mark Rowe <mrowe@apple.com>
9098 * wtf/MetaAllocator.h:
9099 (MetaAllocator): Export the destructor.
9101 2012-03-21 Eric Seidel <eric@webkit.org>
9103 Fix remaining WTF includes in JavaScriptCore in preparation for moving WTF headers out of JavaScriptCore
9104 https://bugs.webkit.org/show_bug.cgi?id=81834
9106 Reviewed by Adam Barth.
9109 * os-win32/WinMain.cpp:
9110 * runtime/JSDateMath.cpp:
9111 * runtime/TimeoutChecker.cpp:
9113 * tools/CodeProfiling.cpp:
9115 2012-03-21 Eric Seidel <eric@webkit.org>
9117 WTF::MetaAllocator has a weak vtable (discovered when building wtf as a static library)
9118 https://bugs.webkit.org/show_bug.cgi?id=81838
9120 Reviewed by Geoffrey Garen.
9122 My understanding is that weak vtables happen when the compiler/linker cannot
9123 determine which compilation unit should constain the vtable. In this case
9124 because there were only pure virtual functions as well as an "inline"
9125 virtual destructor (thus the virtual destructor was defined in many compilation
9126 units). Since you can't actually "inline" a virtual function (it still has to
9127 bounce through the vtable), the "inline" on this virutal destructor doesn't
9128 actually help performance, and is only serving to confuse the compiler here.
9129 I've moved the destructor implementation to the .cpp file, thus making
9130 it clear to the compiler where the vtable should be stored, and solving the error.
9132 * wtf/MetaAllocator.cpp:
9133 (WTF::MetaAllocator::~MetaAllocator):
9135 * wtf/MetaAllocator.h:
9137 2012-03-20 Gavin Barraclough <barraclough@apple.com>
9139 RegExpMatchesArray should not copy the ovector
9140 https://bugs.webkit.org/show_bug.cgi?id=81742
9142 Reviewed by Michael Saboff.
9144 Currently, all RegExpMatchesArray object contain Vector<int, 32>, used to hold any sub-pattern results.
9145 This makes allocation/construction/destruction of these objects more expensive. Instead, just store the
9146 main match, and recreate the sub-pattern ranges only if necessary (these are often only used for grouping,
9147 and the results never accessed).
9148 If the main match (index 0) of the RegExpMatchesArray is accessed, reify that value alone.
9150 * dfg/DFGOperations.cpp:
9151 - RegExpObject match renamed back to test (test returns a bool).
9152 * runtime/RegExpConstructor.cpp:
9154 - Removed RegExpResult, RegExpMatchesArray constructor, destroy method.
9155 (JSC::RegExpMatchesArray::finishCreation):
9156 - Removed RegExpConstructorPrivate parameter.
9157 (JSC::RegExpMatchesArray::reifyAllProperties):
9158 - (Was fillArrayInstance) Reify all properties of the RegExpMatchesArray.
9159 If there are sub-pattern properties, the RegExp is re-run to generate their values.
9160 (JSC::RegExpMatchesArray::reifyMatchProperty):
9161 - Reify just the match (index 0) property of the RegExpMatchesArray.
9162 * runtime/RegExpConstructor.h:
9163 (RegExpConstructor):
9164 (JSC::RegExpConstructor::performMatch):
9165 - performMatch now returns a MatchResult, rather than using out-parameters.
9166 * runtime/RegExpMatchesArray.h:
9167 (JSC::RegExpMatchesArray::RegExpMatchesArray):
9168 - Moved from .cpp, stores the input/regExp/result to use when lazily reifying properties.
9169 (RegExpMatchesArray):
9170 (JSC::RegExpMatchesArray::create):
9171 - Now passed the input string matched against, the RegExp, and the MatchResult.
9172 (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary):
9173 (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary):
9174 - Helpers to conditionally reify properties.
9175 (JSC::RegExpMatchesArray::getOwnPropertySlot):
9176 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
9177 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
9178 (JSC::RegExpMatchesArray::put):
9179 (JSC::RegExpMatchesArray::putByIndex):
9180 (JSC::RegExpMatchesArray::deleteProperty):
9181 (JSC::RegExpMatchesArray::deletePropertyByIndex):
9182 (JSC::RegExpMatchesArray::getOwnPropertyNames):
9183 (JSC::RegExpMatchesArray::defineOwnProperty):
9184 - Changed to use reifyAllPropertiesIfNecessary/reifyMatchPropertyIfNecessary
9185 (getOwnPropertySlotByIndex calls reifyMatchPropertyIfNecessary if index is 0).
9186 * runtime/RegExpObject.cpp:
9187 (JSC::RegExpObject::exec):
9188 (JSC::RegExpObject::match):
9189 - match now returns a MatchResult.
9190 * runtime/RegExpObject.h:
9191 (JSC::MatchResult::MatchResult):
9192 - Added the result of a match is a start & end tuple.
9193 (JSC::MatchResult::failed):
9194 - A failure is indicated by (notFound, 0).
9195 (JSC::MatchResult::operator bool):
9196 - Evaluates to false if the match failed.
9197 (JSC::MatchResult::empty):
9198 - Evaluates to true if the match succeeded with length 0.
9199 (JSC::RegExpObject::test):
9200 - Now returns a bool.
9201 * runtime/RegExpPrototype.cpp:
9202 (JSC::regExpProtoFuncTest):
9203 - RegExpObject match renamed back to test (test returns a bool).
9204 * runtime/StringPrototype.cpp:
9205 (JSC::removeUsingRegExpSearch):
9206 (JSC::replaceUsingRegExpSearch):
9207 (JSC::stringProtoFuncMatch):
9208 (JSC::stringProtoFuncSearch):
9209 - performMatch now returns a MatchResult, rather than using out-parameters.
9211 2012-03-21 Hojong Han <hojong.han@samsung.com>
9213 Fix out of memory by allowing overcommit
9214 https://bugs.webkit.org/show_bug.cgi?id=81743
9216 Reviewed by Geoffrey Garen.
9218 Garbage collection is not triggered and new blocks are added
9219 because overcommit is allowed by MAP_NORESERVE flag when high water mark is big enough.
9221 * wtf/OSAllocatorPosix.cpp:
9222 (WTF::OSAllocator::reserveAndCommit):
9224 2012-03-21 Jessie Berlin <jberlin@apple.com>
9226 More Windows build fixing.
9228 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
9229 Fix the order of the include directories to look in include/private first before looking
9230 in include/private/JavaScriptCore.
9231 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
9232 Look in the Production output directory (where the wtf headers will be). This is the same
9233 thing that is done for jsc and testRegExp in ReleasePGO.
9235 2012-03-21 Jessie Berlin <jberlin@apple.com>
9237 WTF headers should be in $(ConfigurationBuildDir)\include\private\wtf, not
9238 $(ConfigurationBuildDir)\include\private\JavaScriptCore\wtf.
9239 https://bugs.webkit.org/show_bug.cgi?id=81739
9241 Reviewed by Dan Bernstein.
9243 * JavaScriptCore.vcproj/jsc/jsc.vcproj:
9244 Look for AtomicString.cpp, StringBuilder.cpp, StringImpl.cpp, and WTFString.cpp in the wtf
9245 subdirectory of the build output, not the JavaScriptCore/wtf subdirectory.
9246 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
9249 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
9250 Get the headers for those 4 files from the wtf subdirectory of the build output, not the
9251 JavaScriptCore/wtf subdirectory.
9252 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
9255 2012-03-20 Eric Seidel <eric@webkit.org>
9257 Move wtf/Platform.h from JavaScriptCore to Source/WTF/wtf
9258 https://bugs.webkit.org/show_bug.cgi?id=80911
9260 Reviewed by Adam Barth.
9262 Update the various build systems to depend on Source/WTF headers
9263 as well as remove references to Platform.h (since it's now moved).
9266 * JavaScriptCore.pri:
9267 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
9268 * JavaScriptCore.xcodeproj/project.pbxproj:
9269 * wtf/CMakeLists.txt:
9271 2012-03-20 Filip Pizlo <fpizlo@apple.com>
9273 op_mod fails on many interesting corner cases
9274 https://bugs.webkit.org/show_bug.cgi?id=81648
9276 Reviewed by Oliver Hunt.
9278 Removed most strength reduction for op_mod, and fixed the integer handling
9279 to do the right thing for corner cases. Oddly, this revealed bugs in OSR,
9280 which this patch also fixes.
9282 This patch is performance neutral on all of the major benchmarks we track.
9284 * dfg/DFGOperations.cpp:
9285 * dfg/DFGOperations.h:
9286 * dfg/DFGSpeculativeJIT.cpp:
9288 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
9289 (JSC::DFG::SpeculativeJIT::compileArithMod):
9292 * jit/JITArithmetic.cpp:
9294 (JSC::JIT::emit_op_mod):
9295 (JSC::JIT::emitSlow_op_mod):
9296 * jit/JITArithmetic32_64.cpp:
9297 (JSC::JIT::emit_op_mod):
9298 (JSC::JIT::emitSlow_op_mod):
9299 * jit/JITOpcodes32_64.cpp:
9300 (JSC::JIT::privateCompileCTIMachineTrampolines):
9303 (TrampolineStructure):
9304 (JSC::JITThunks::ctiNativeConstruct):
9305 * llint/LowLevelInterpreter64.asm:
9307 * wtf/SimpleStats.h:
9308 (WTF::SimpleStats::variance):
9310 2012-03-20 Steve Falkenburg <sfalken@apple.com>
9312 Windows (make based) build fix.
9313 <rdar://problem/11069015>
9315 * JavaScriptCore.vcproj/JavaScriptCore.make: devenv /rebuild doesn't work with JavaScriptCore.vcproj. Use /clean and /build instead.
9317 2012-03-20 Steve Falkenburg <sfalken@apple.com>
9319 Move WTF-related Windows project files out of JavaScriptCore
9320 https://bugs.webkit.org/show_bug.cgi?id=80680
9322 This change only moves the vcproj and related files from JavaScriptCore/JavaScriptCore.vcproj/WTF.
9323 It does not move any source code. This is in preparation for the WTF source move out of
9326 Reviewed by Jessie Berlin.
9328 * JavaScriptCore.vcproj/JavaScriptCore.sln:
9329 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln:
9330 * JavaScriptCore.vcproj/WTF: Removed.
9331 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed.
9332 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops: Removed.
9333 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops: Removed.
9334 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops: Removed.
9335 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops: Removed.
9336 * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Removed.
9337 * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Removed.
9338 * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Removed.
9339 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Removed.
9340 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Removed.
9341 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Removed.
9342 * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Removed.
9343 * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Removed.
9344 * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Removed.
9345 * JavaScriptCore.vcproj/WTF/WTFPostBuild.cmd: Removed.
9346 * JavaScriptCore.vcproj/WTF/WTFPreBuild.cmd: Removed.
9347 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops: Removed.
9348 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops: Removed.
9349 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops: Removed.
9350 * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Removed.
9351 * JavaScriptCore.vcproj/WTF/copy-files.cmd: Removed.
9352 * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Removed.
9354 2012-03-20 Benjamin Poulain <bpoulain@apple.com>
9356 Cache the type string of JavaScript object
9357 https://bugs.webkit.org/show_bug.cgi?id=81446
9359 Reviewed by Geoffrey Garen.
9361 Instead of creating the JSString every time, we create
9362 lazily the strings in JSGlobalData.
9364 This avoid the construction of the StringImpl and of the JSString,
9365 which gives some performance improvements.
9367 * runtime/CommonIdentifiers.h:
9368 * runtime/JSValue.cpp:
9369 (JSC::JSValue::toStringSlowCase):
9370 * runtime/Operations.cpp:
9371 (JSC::jsTypeStringForValue):
9372 * runtime/SmallStrings.cpp:
9373 (JSC::SmallStrings::SmallStrings):
9374 (JSC::SmallStrings::finalizeSmallStrings):
9375 (JSC::SmallStrings::initialize):
9377 * runtime/SmallStrings.h:
9380 2012-03-20 Oliver Hunt <oliver@apple.com>
9382 Allow LLINT to work even when executable allocation fails.
9383 https://bugs.webkit.org/show_bug.cgi?id=81693
9385 Reviewed by Gavin Barraclough.
9387 Don't crash if executable allocation fails if we can fall back on LLINT
9389 * jit/ExecutableAllocatorFixedVMPool.cpp:
9390 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
9391 * wtf/OSAllocatorPosix.cpp:
9392 (WTF::OSAllocator::reserveAndCommit):
9394 2012-03-20 Csaba Osztrogonác <ossy@webkit.org>
9396 Division optimizations fail to infer cases of truncated division and mishandle -2147483648/-1
9397 https://bugs.webkit.org/show_bug.cgi?id=81428
9399 32 bit buildfix after r111355.
9401 2147483648 (2^31) isn't valid int literal in ISO C90, because 2147483647 (2^31-1) is the biggest int.
9402 The smallest int is -2147483648 (-2^31) == -2147483647 - 1 == -INT32_MAX-1 == INT32_MIN (stdint.h).
9404 Reviewed by Zoltan Herczeg.
9406 * dfg/DFGSpeculativeJIT.cpp:
9407 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
9409 2012-03-19 Jochen Eisinger <jochen@chromium.org>
9411 Split WTFReportBacktrace into WTFReportBacktrace and WTFPrintBacktrace
9412 https://bugs.webkit.org/show_bug.cgi?id=80983
9414 Reviewed by Darin Adler.
9416 This allows printing a backtrace acquired by an earlier WTFGetBacktrace
9417 call which is useful for local debugging.
9419 * wtf/Assertions.cpp:
9422 2012-03-19 Benjamin Poulain <benjamin@webkit.org>
9424 Do not copy the script source in the SourceProvider, just reference the existing string
9425 https://bugs.webkit.org/show_bug.cgi?id=81466
9427 Reviewed by Geoffrey Garen.
9429 * parser/SourceCode.h: Remove the unused, and incorrect, function data().
9430 * parser/SourceProvider.h: Add OVERRIDE for clarity.
9432 2012-03-19 Filip Pizlo <fpizlo@apple.com>
9434 Division optimizations fail to infer cases of truncated division and
9435 mishandle -2147483648/-1
9436 https://bugs.webkit.org/show_bug.cgi?id=81428
9437 <rdar://problem/11067382>
9439 Reviewed by Oliver Hunt.
9441 If you're a division over integers and you're only used as an integer, then you're
9442 an integer division and remainder checks become unnecessary. If you're dividing
9443 -2147483648 by -1, don't crash.
9445 * assembler/MacroAssemblerX86Common.h:
9446 (MacroAssemblerX86Common):
9447 (JSC::MacroAssemblerX86Common::add32):
9448 * dfg/DFGSpeculativeJIT.cpp:
9450 (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
9451 * dfg/DFGSpeculativeJIT.h:
9453 * dfg/DFGSpeculativeJIT32_64.cpp:
9454 (JSC::DFG::SpeculativeJIT::compile):
9455 * dfg/DFGSpeculativeJIT64.cpp:
9456 (JSC::DFG::SpeculativeJIT::compile):
9457 * llint/LowLevelInterpreter64.asm:
9459 2012-03-19 Benjamin Poulain <bpoulain@apple.com>
9461 Simplify SmallStrings
9462 https://bugs.webkit.org/show_bug.cgi?id=81445
9464 Reviewed by Gavin Barraclough.
9466 SmallStrings had two methods that should not be public: count() and clear().
9468 The method clear() is effectively replaced by finalizeSmallStrings(). The body
9469 of the method was moved to the constructor since the code is obvious.
9471 The method count() is unused.
9473 * runtime/SmallStrings.cpp:
9474 (JSC::SmallStrings::SmallStrings):
9475 * runtime/SmallStrings.h:
9478 2012-03-19 Filip Pizlo <fpizlo@apple.com>
9480 DFG can no longer compile V8-v4/regexp in debug mode
9481 https://bugs.webkit.org/show_bug.cgi?id=81592
9483 Reviewed by Gavin Barraclough.
9485 * dfg/DFGSpeculativeJIT32_64.cpp:
9486 (JSC::DFG::SpeculativeJIT::compile):
9487 * dfg/DFGSpeculativeJIT64.cpp:
9488 (JSC::DFG::SpeculativeJIT::compile):
9490 2012-03-19 Filip Pizlo <fpizlo@apple.com>
9492 Prediction propagation for UInt32ToNumber incorrectly assumes that outs outcome does not
9493 change throughout the fixpoint
9494 https://bugs.webkit.org/show_bug.cgi?id=81583
9496 Reviewed by Michael Saboff.
9498 * dfg/DFGPredictionPropagationPhase.cpp:
9499 (JSC::DFG::PredictionPropagationPhase::propagate):
9501 2012-03-19 Filip Pizlo <fpizlo@apple.com>
9503 GC should not attempt to clear LLInt instruction inline caches for code blocks that are in
9504 the process of being generated
9505 https://bugs.webkit.org/show_bug.cgi?id=81565
9507 Reviewed by Oliver Hunt.
9509 * bytecode/CodeBlock.cpp:
9510 (JSC::CodeBlock::finalizeUnconditionally):
9512 2012-03-19 Eric Seidel <eric@webkit.org>
9514 Fix WTF header include discipline in Chromium WebKit
9515 https://bugs.webkit.org/show_bug.cgi?id=81281
9517 Reviewed by James Robinson.
9519 * JavaScriptCore.gyp/JavaScriptCore.gyp:
9520 * wtf/unicode/icu/CollatorICU.cpp:
9522 2012-03-19 Filip Pizlo <fpizlo@apple.com>
9524 DFG NodeUse should be called Edge and NodeReferenceBlob should be called AdjacencyList
9525 https://bugs.webkit.org/show_bug.cgi?id=81556
9527 Rubber stamped by Gavin Barraclough.
9529 * GNUmakefile.list.am:
9530 * JavaScriptCore.xcodeproj/project.pbxproj:
9531 * dfg/DFGAbstractState.h:
9532 (JSC::DFG::AbstractState::forNode):
9533 * dfg/DFGAdjacencyList.h: Copied from Source/JavaScriptCore/dfg/DFGNodeReferenceBlob.h.
9534 (JSC::DFG::AdjacencyList::AdjacencyList):
9535 (JSC::DFG::AdjacencyList::child):
9536 (JSC::DFG::AdjacencyList::setChild):
9537 (JSC::DFG::AdjacencyList::child1):
9538 (JSC::DFG::AdjacencyList::child2):
9539 (JSC::DFG::AdjacencyList::child3):
9540 (JSC::DFG::AdjacencyList::setChild1):
9541 (JSC::DFG::AdjacencyList::setChild2):
9542 (JSC::DFG::AdjacencyList::setChild3):
9543 (JSC::DFG::AdjacencyList::child1Unchecked):
9544 (JSC::DFG::AdjacencyList::initialize):
9546 * dfg/DFGByteCodeParser.cpp:
9547 (JSC::DFG::ByteCodeParser::addVarArgChild):
9548 (JSC::DFG::ByteCodeParser::processPhiStack):
9549 * dfg/DFGCSEPhase.cpp:
9550 (JSC::DFG::CSEPhase::canonicalize):
9551 (JSC::DFG::CSEPhase::performSubstitution):
9552 * dfg/DFGEdge.h: Copied from Source/JavaScriptCore/dfg/DFGNodeUse.h.
9554 (JSC::DFG::Edge::Edge):
9555 (JSC::DFG::Edge::operator==):
9556 (JSC::DFG::Edge::operator!=):
9558 (JSC::DFG::operator==):
9559 (JSC::DFG::operator!=):
9561 (JSC::DFG::Graph::operator[]):
9562 (JSC::DFG::Graph::at):
9563 (JSC::DFG::Graph::ref):
9564 (JSC::DFG::Graph::deref):
9565 (JSC::DFG::Graph::clearAndDerefChild1):
9566 (JSC::DFG::Graph::clearAndDerefChild2):
9567 (JSC::DFG::Graph::clearAndDerefChild3):
9569 * dfg/DFGJITCompiler.h:
9570 (JSC::DFG::JITCompiler::getPrediction):
9572 (JSC::DFG::Node::Node):
9573 (JSC::DFG::Node::child1):
9574 (JSC::DFG::Node::child1Unchecked):
9575 (JSC::DFG::Node::child2):
9576 (JSC::DFG::Node::child3):
9578 * dfg/DFGNodeFlags.cpp:
9579 (JSC::DFG::arithNodeFlagsAsString):
9580 * dfg/DFGNodeFlags.h:
9582 (JSC::DFG::nodeUsedAsNumber):
9583 * dfg/DFGNodeReferenceBlob.h: Removed.
9584 * dfg/DFGNodeUse.h: Removed.
9585 * dfg/DFGPredictionPropagationPhase.cpp:
9586 (JSC::DFG::PredictionPropagationPhase::propagate):
9587 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
9588 (JSC::DFG::PredictionPropagationPhase::vote):
9589 (JSC::DFG::PredictionPropagationPhase::fixupNode):
9590 * dfg/DFGScoreBoard.h:
9591 (JSC::DFG::ScoreBoard::use):
9592 * dfg/DFGSpeculativeJIT.cpp:
9593 (JSC::DFG::SpeculativeJIT::useChildren):
9594 (JSC::DFG::SpeculativeJIT::writeBarrier):
9595 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
9596 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
9597 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
9598 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
9599 * dfg/DFGSpeculativeJIT.h:
9600 (JSC::DFG::SpeculativeJIT::at):
9601 (JSC::DFG::SpeculativeJIT::canReuse):
9602 (JSC::DFG::SpeculativeJIT::use):
9604 (JSC::DFG::SpeculativeJIT::speculationCheck):
9605 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
9606 (JSC::DFG::IntegerOperand::IntegerOperand):
9607 (JSC::DFG::DoubleOperand::DoubleOperand):
9608 (JSC::DFG::JSValueOperand::JSValueOperand):
9609 (JSC::DFG::StorageOperand::StorageOperand):
9610 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
9611 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
9612 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
9613 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
9614 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
9615 * dfg/DFGSpeculativeJIT32_64.cpp:
9616 (JSC::DFG::SpeculativeJIT::cachedPutById):
9617 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
9618 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
9619 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
9620 (JSC::DFG::SpeculativeJIT::emitCall):
9621 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
9622 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
9623 * dfg/DFGSpeculativeJIT64.cpp:
9624 (JSC::DFG::SpeculativeJIT::cachedPutById):
9625 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
9626 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
9627 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
9628 (JSC::DFG::SpeculativeJIT::emitCall):
9629 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
9630 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
9632 2012-03-19 Gavin Barraclough <barraclough@apple.com>
9634 Object.freeze broken on latest Nightly
9635 https://bugs.webkit.org/show_bug.cgi?id=80577
9637 Reviewed by Oliver Hunt.
9639 * runtime/Arguments.cpp:
9640 (JSC::Arguments::defineOwnProperty):
9641 - defineOwnProperty was checking for correct behaviour, provided that length/callee hadn't
9642 been overrridden. instead, just reify length/callee & rely on JSObject::defineOwnProperty.
9643 * runtime/JSFunction.cpp:
9644 (JSC::JSFunction::defineOwnProperty):
9645 - for arguments/caller/length properties, defineOwnProperty was incorrectly asserting that
9646 the object must be extensible; this is incorrect since these properties should already exist
9647 on the object. In addition, it was asserting that the arguments/caller values must match the
9648 corresponding magic data properties, but for strict mode function this is incorrect. Instead,
9649 just reify the arguments/caller accessor & defer to JSObject::defineOwnProperty.
9651 2012-03-19 Filip Pizlo <fpizlo@apple.com>
9653 LLInt get_by_pname slow path incorrectly assumes that the operands are not constants
9654 https://bugs.webkit.org/show_bug.cgi?id=81559
9656 Reviewed by Michael Saboff.
9658 * llint/LLIntSlowPaths.cpp:
9659 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
9661 2012-03-19 Yong Li <yoli@rim.com>
9663 [BlackBerry] Implement OSAllocator::commit/decommit in the correct way
9664 https://bugs.webkit.org/show_bug.cgi?id=77013
9666 We should use mmap(PROT_NONE, MAP_LAZY) instead of posix_madvise() to
9667 implement memory decommitting for QNX.
9669 Reviewed by Rob Buis.
9671 * wtf/OSAllocatorPosix.cpp:
9672 (WTF::OSAllocator::reserveUncommitted):
9673 (WTF::OSAllocator::commit):
9674 (WTF::OSAllocator::decommit):
9676 2012-03-19 Gavin Barraclough <barraclough@apple.com>
9678 Unreviewed - revent a couple of files accidentally committed.
9680 * runtime/Arguments.cpp:
9681 (JSC::Arguments::defineOwnProperty):
9682 * runtime/JSFunction.cpp:
9683 (JSC::JSFunction::defineOwnProperty):
9685 2012-03-19 Jessie Berlin <jberlin@apple.com>
9687 Another Windows build fix after r111129.
9689 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
9691 2012-03-19 Raphael Kubo da Costa <rakuco@FreeBSD.org>
9693 Cross-platform processor core counter: fix build on FreeBSD.
9694 https://bugs.webkit.org/show_bug.cgi?id=81482
9696 Reviewed by Zoltan Herczeg.
9698 The documentation of sysctl(3) shows that <sys/types.h> should be
9699 included before <sys/sysctl.h> (sys/types.h tends to be the first
9700 included header in general).
9702 This should fix the build on FreeBSD and other systems where
9703 sysctl.h really depends on types defined in types.h.
9705 * wtf/NumberOfCores.cpp:
9707 2012-03-19 Jessie Berlin <jberlin@apple.com>
9709 Windows build fix after r111129.
9711 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
9713 2012-03-19 Gavin Barraclough <barraclough@apple.com>
9715 JSCallbackFunction::toStringCallback/valueOfCallback do not handle 0 return value from convertToType
9716 https://bugs.webkit.org/show_bug.cgi?id=81468 <rdar://problem/11034745>
9718 Reviewed by Oliver Hunt.
9720 The API specifies that convertToType may opt not to handle a conversion:
9721 "@result The objects's converted value, or NULL if the object was not converted."
9722 In which case, it would propagate first up the JSClass hierarchy, calling its superclass's
9723 conversion functions, and failing that call the JSObject::defaultValue function.
9725 Unfortunately this behaviour was removed in bug#69677/bug#69858, and instead we now rely on
9726 the toStringCallback/valueOfCallback function introduced in bug#69156. Even after a fix in
9727 bug#73368, these will return the result from the first convertToType they find, regardless
9728 of whether this result is null, and if no convertToType method is found in the api class
9729 hierarchy (possible if toStringCallback/valueOfCallback was accessed off the prototype
9730 chain), they will also return a null pointer. This is unsafe.
9732 It would be easy to make the approach based around toStringCallback/valueOfCallback continue
9733 to walk the api class hierarchy, but making the fallback to defaultValue would be problematic
9734 (since defaultValue calls toStringCallback/valueOfCallback, this would infinitely recurse).
9735 Making the fallback work with toString/valueOf methods attached to api objects is probably
9736 not the right thing to do – instead, we should just implement the defaultValue trap for api
9739 In addition, this bug highlights that fact that JSCallbackFunction::call will allow a hard
9740 null to be returned from C to JavaScript - this is not okay. Handle with an exception.
9742 * API/JSCallbackFunction.cpp:
9743 (JSC::JSCallbackFunction::call):
9744 - Should be null checking the return value.
9746 - Remove toStringCallback/valueOfCallback.
9747 * API/JSCallbackFunction.h:
9748 (JSCallbackFunction):
9749 - Remove toStringCallback/valueOfCallback.
9750 * API/JSCallbackObject.h:
9752 - Add defaultValue mthods to JSCallbackObject.
9753 * API/JSCallbackObjectFunctions.h:
9754 (JSC::::defaultValue):
9755 - Add defaultValue mthods to JSCallbackObject.
9756 * API/JSClassRef.cpp:
9757 (OpaqueJSClass::prototype):
9758 - Remove toStringCallback/valueOfCallback.
9759 * API/tests/testapi.js:
9760 - Revert this test, now we no longer artificially introduce a toString method onto the api object.
9762 2012-03-18 Raphael Kubo da Costa <rakuco@FreeBSD.org>
9764 [EFL] Include ICU_INCLUDE_DIRS when building.
9765 https://bugs.webkit.org/show_bug.cgi?id=81483
9767 Reviewed by Daniel Bates.
9769 So far, only the ICU libraries were being included when building
9770 JavaScriptCore, however the include path is also needed, otherwise the
9771 build will fail when ICU is installed into a non-standard location.
9773 * PlatformEfl.cmake: Include ${ICU_INCLUDE_DIRS}.
9775 2012-03-17 Gavin Barraclough <barraclough@apple.com>
9777 Strength reduction, RegExp.exec -> RegExp.test
9778 https://bugs.webkit.org/show_bug.cgi?id=81459
9780 Reviewed by Sam Weinig.
9782 RegExp.prototype.exec & RegExp.prototype.test can both be used to test a regular
9783 expression for a match against a string - however exec is more expensive, since
9784 it allocates a matches array object. In cases where the result is consumed in a
9785 boolean context the allocation of the matches array can be trivially elided.
9790 for (i =0; i < 10000000; ++i)
9795 This is a 2.5x speedup on this example microbenchmark loop.
9797 In a more advanced form of this optimization, we may be able to avoid allocating
9798 the array where access to the array can be observed.
9800 * create_hash_table:
9801 * dfg/DFGAbstractState.cpp:
9802 (JSC::DFG::AbstractState::execute):
9803 * dfg/DFGByteCodeParser.cpp:
9804 (JSC::DFG::ByteCodeParser::handleIntrinsic):
9806 (JSC::DFG::Node::hasHeapPrediction):
9807 * dfg/DFGNodeType.h:
9809 * dfg/DFGOperations.cpp:
9810 * dfg/DFGOperations.h:
9811 * dfg/DFGPredictionPropagationPhase.cpp:
9812 (JSC::DFG::PredictionPropagationPhase::propagate):
9813 * dfg/DFGSpeculativeJIT.cpp:
9814 (JSC::DFG::SpeculativeJIT::compileRegExpExec):
9816 * dfg/DFGSpeculativeJIT.h:
9817 (JSC::DFG::SpeculativeJIT::callOperation):
9818 * dfg/DFGSpeculativeJIT32_64.cpp:
9819 (JSC::DFG::SpeculativeJIT::compile):
9820 * dfg/DFGSpeculativeJIT64.cpp:
9821 (JSC::DFG::SpeculativeJIT::compile):
9823 (GlobalObject::addConstructableFunction):
9824 * runtime/Intrinsic.h:
9825 * runtime/JSFunction.cpp:
9826 (JSC::JSFunction::create):
9828 * runtime/JSFunction.h:
9830 * runtime/Lookup.cpp:
9831 (JSC::setUpStaticFunctionSlot):
9832 * runtime/RegExpObject.cpp:
9833 (JSC::RegExpObject::exec):
9834 (JSC::RegExpObject::match):
9835 * runtime/RegExpObject.h:
9837 * runtime/RegExpPrototype.cpp:
9838 (JSC::regExpProtoFuncTest):
9839 (JSC::regExpProtoFuncExec):
9841 2012-03-16 Michael Saboff <msaboff@apple.com>
9843 Improve diagnostic benefit of JSGlobalData::m_isInitializingObject
9844 https://bugs.webkit.org/show_bug.cgi?id=81244
9846 Rubber stamped by Filip Pizlo.
9848 Changed type and name of JSGlobalData::m_isInitializingObject to
9849 ClassInfo* and m_initializingObjectClass.
9850 Changed JSGlobalData::setInitializingObject to
9851 JSGlobalData::setInitializingObjectClass. This pointer can be used within
9852 the debugger to determine what type of object is being initialized.
9855 (JSC::JSCell::finishCreation):
9856 (JSC::allocateCell):
9857 * runtime/JSGlobalData.cpp:
9858 (JSC::JSGlobalData::JSGlobalData):
9859 * runtime/JSGlobalData.h:
9861 (JSC::JSGlobalData::isInitializingObject):
9862 (JSC::JSGlobalData::setInitializingObjectClass):
9863 * runtime/Structure.h:
9864 (JSC::JSCell::finishCreation):
9866 2012-03-16 Mark Rowe <mrowe@apple.com>
9868 Build fix. Do not preserve owner and group information when installing the WTF headers.
9870 * JavaScriptCore.xcodeproj/project.pbxproj:
9872 2012-03-15 David Dorwin <ddorwin@chromium.org>
9874 Make the array pointer parameters in the Typed Array create() methods const.
9875 https://bugs.webkit.org/show_bug.cgi?id=81147
9877 Reviewed by Kenneth Russell.
9879 This allows const arrays to be passed to these methods.
9880 They use PassRefPtr<Subclass> create(), which already has a const parameter.
9884 (WTF::Int16Array::create):
9887 (WTF::Int32Array::create):
9890 (WTF::Int8Array::create):
9891 * wtf/Uint16Array.h:
9893 (WTF::Uint16Array::create):
9894 * wtf/Uint32Array.h:
9896 (WTF::Uint32Array::create):
9899 (WTF::Uint8Array::create):
9900 * wtf/Uint8ClampedArray.h:
9901 (Uint8ClampedArray):
9902 (WTF::Uint8ClampedArray::create):
9904 2012-03-15 Myles Maxfield <mmaxfield@google.com>
9906 CopiedSpace::tryAllocateOversize assumes system page size
9907 https://bugs.webkit.org/show_bug.cgi?id=80615
9909 Reviewed by Geoffrey Garen.
9911 * heap/CopiedSpace.cpp:
9912 (JSC::CopiedSpace::tryAllocateOversize):
9913 * heap/CopiedSpace.h:
9915 * heap/CopiedSpaceInlineMethods.h:
9916 (JSC::CopiedSpace::oversizeBlockFor):
9917 * wtf/BumpPointerAllocator.h:
9918 (WTF::BumpPointerPool::create):
9919 * wtf/StdLibExtras.h:
9920 (WTF::roundUpToMultipleOf):
9922 2012-03-15 Mark Hahnenberg <mhahnenberg@apple.com>
9924 Fixing Windows build breakage
9926 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
9928 2012-03-15 Patrick Gansterer <paroga@webkit.org>
9930 [EFL] Make zlib a general build requirement
9931 https://bugs.webkit.org/show_bug.cgi?id=80153
9933 Reviewed by Hajime Morita.
9935 After r109538 WebSocket module needs zlib to support deflate-frame extension.
9939 2012-03-15 Benjamin Poulain <bpoulain@apple.com>
9941 NumericStrings should be inlined
9942 https://bugs.webkit.org/show_bug.cgi?id=81183
9944 Reviewed by Gavin Barraclough.
9946 NumericStrings is not always inlined. When it is not, the class is not faster
9947 than using UString::number() directly.
9949 * runtime/NumericStrings.h:
9950 (JSC::NumericStrings::add):
9951 (JSC::NumericStrings::lookupSmallString):
9953 2012-03-15 Andras Becsi <andras.becsi@nokia.com>
9955 Fix ARM build after r110792.
9957 Unreviewed build fix.
9959 * jit/ExecutableAllocator.h:
9960 (JSC::ExecutableAllocator::cacheFlush):
9961 Remove superfluous curly brackets.
9963 2012-03-15 Gavin Barraclough <barraclough@apple.com>
9965 ARMv7: prefer vmov(gpr,gpr->double) over vmov(gpr->single)
9966 https://bugs.webkit.org/show_bug.cgi?id=81256
9968 Reviewed by Oliver Hunt.
9970 This is a 0.5% sunspider progression.
9972 * assembler/MacroAssemblerARMv7.h:
9973 (JSC::MacroAssemblerARMv7::convertInt32ToDouble):
9974 - switch which form of vmov we use.
9976 2012-03-15 YoungTaeck Song <youngtaeck.song@samsung.com>
9978 [EFL] Add OwnPtr specialization for Ecore_Timer.
9979 https://bugs.webkit.org/show_bug.cgi?id=80119
9981 Reviewed by Hajime Morita.
9983 Add an overload for deleteOwnedPtr(Ecore_Timer*) on EFL port.
9985 * wtf/OwnPtrCommon.h:
9987 * wtf/efl/OwnPtrEfl.cpp:
9988 (WTF::deleteOwnedPtr):
9991 2012-03-15 Hojong Han <hojong.han@samsung.com>
9993 Linux has madvise enough to support OSAllocator::commit/decommit
9994 https://bugs.webkit.org/show_bug.cgi?id=80505
9996 Reviewed by Geoffrey Garen.
9998 * wtf/OSAllocatorPosix.cpp:
9999 (WTF::OSAllocator::reserveUncommitted):
10000 (WTF::OSAllocator::commit):
10001 (WTF::OSAllocator::decommit):
10003 2012-03-15 Steve Falkenburg <sfalken@apple.com>
10007 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
10008 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
10009 * JavaScriptCore.vcproj/WTF/copy-files.cmd:
10010 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
10012 2012-03-15 Steve Falkenburg <sfalken@apple.com>
10016 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
10018 2012-03-15 Kevin Ollivier <kevino@theolliviers.com>
10020 Move wx port to using export macros
10021 https://bugs.webkit.org/show_bug.cgi?id=77279
10023 Reviewed by Hajime Morita.
10028 2012-03-14 Benjamin Poulain <bpoulain@apple.com>
10030 Avoid StringImpl::getData16SlowCase() when sorting array
10031 https://bugs.webkit.org/show_bug.cgi?id=81070
10033 Reviewed by Geoffrey Garen.
10035 The function codePointCompare() is used intensively when sorting strings.
10036 This patch improves its performance by:
10037 -Avoiding character conversion.
10038 -Inlining the function.
10040 This makes Peacekeeper's arrayCombined test 30% faster.
10042 * wtf/text/StringImpl.cpp:
10043 * wtf/text/StringImpl.h:
10045 (WTF::codePointCompare):
10046 (WTF::codePointCompare8):
10047 (WTF::codePointCompare16):
10048 (WTF::codePointCompare8To16):
10050 2012-03-14 Hojong Han <hojong.han@samsung.com>
10052 Fix memory allocation failed by fastmalloc
10053 https://bugs.webkit.org/show_bug.cgi?id=79614
10055 Reviewed by Geoffrey Garen.
10057 Memory allocation failed even if the heap grows successfully.
10058 It is wrong to get the span only from the large list after the heap grows,
10059 because new span could be added in the normal list.
10061 * wtf/FastMalloc.cpp:
10062 (WTF::TCMalloc_PageHeap::New):
10064 2012-03-14 Hojong Han <hojong.han@samsung.com>
10066 Run cacheFlush page by page to assure of flushing all the requested ranges
10067 https://bugs.webkit.org/show_bug.cgi?id=77712
10069 Reviewed by Geoffrey Garen.
10071 Current MetaAllocator concept, always coalesces adjacent free spaces,
10072 doesn't meet memory management of Linux kernel.
10073 In a certain case Linux kernel doesn't regard contiguous virtual memory areas as one but two.
10074 Therefore cacheFlush page by page guarantees a flush-requested range.
10076 * jit/ExecutableAllocator.h:
10077 (JSC::ExecutableAllocator::cacheFlush):
10079 2012-03-14 Oliver Hunt <oliver@apple.com>
10081 Make ARMv7 work again
10082 https://bugs.webkit.org/show_bug.cgi?id=81157
10084 Reviewed by Geoffrey Garen.
10086 We were trying to use the ARMv7 dataRegister as a scratch register in a scenario
10087 where we the ARMv7MacroAssembler would also try to use dataRegister for its own
10088 nefarious purposes.
10090 * assembler/MacroAssembler.h:
10091 (JSC::MacroAssembler::store32):
10092 * assembler/MacroAssemblerARMv7.h:
10093 (MacroAssemblerARMv7):
10095 2012-03-14 Mark Hahnenberg <mhahnenberg@apple.com>
10097 Heap::destroy leaks CopiedSpace
10098 https://bugs.webkit.org/show_bug.cgi?id=81055
10100 Reviewed by Geoffrey Garen.
10102 Added a destroy() function to CopiedSpace that moves all normal size
10103 CopiedBlocks from the CopiedSpace to the Heap's list of free blocks
10104 as well as deallocates all of the oversize blocks in the CopiedSpace.
10105 This function is now called in Heap::destroy().
10107 * heap/CopiedSpace.cpp:
10108 (JSC::CopiedSpace::destroy):
10110 * heap/CopiedSpace.h:
10113 (JSC::Heap::destroy):
10115 2012-03-14 Andrew Lo <anlo@rim.com>
10117 [BlackBerry] Implement REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR using AnimationFrameRateController
10118 https://bugs.webkit.org/show_bug.cgi?id=81000
10120 Enable WTF_USE_REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for BlackBerry.
10122 Reviewed by Antonio Gomes.
10126 2012-03-13 Filip Pizlo <fpizlo@apple.com>
10128 ValueToInt32 speculation will cause OSR exits even when it does not have to
10129 https://bugs.webkit.org/show_bug.cgi?id=81068
10130 <rdar://problem/11043926>
10132 Reviewed by Anders Carlsson.
10134 Two related changes:
10135 1) ValueToInt32 will now always just defer to the non-speculative path, instead
10136 of exiting, if it doesn't know what speculations to perform.
10137 2) ValueToInt32 will speculate boolean if it sees this to be profitable.
10139 * dfg/DFGAbstractState.cpp:
10140 (JSC::DFG::AbstractState::execute):
10142 (JSC::DFG::Node::shouldSpeculateBoolean):
10144 * dfg/DFGSpeculativeJIT.cpp:
10145 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
10147 2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
10149 More Windows build fixing
10151 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
10153 2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
10157 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
10159 2012-03-13 Mark Hahnenberg <mhahnenberg@apple.com>
10161 Type conversion of exponential part failed
10162 https://bugs.webkit.org/show_bug.cgi?id=80673
10164 Reviewed by Geoffrey Garen.
10166 * parser/Lexer.cpp:
10168 * runtime/JSGlobalObjectFunctions.cpp:
10171 (JSC::jsStrDecimalLiteral): Added another template argument that exposes whether or not
10172 we accept trailing junk to clients of jsStrDecimalLiteral. Also added additional template
10173 parameter for strtod to allow trailing spaces.
10175 (JSC::parseFloat): Accept trailing junk, as per the ECMA 262 spec (15.1.2.3).
10176 * runtime/LiteralParser.cpp:
10177 (JSC::::Lexer::lexNumber):
10178 * tests/mozilla/expected.html: Update the expected page for run-javascriptcore-tests so that
10179 we will run ecma/TypeConversion/9.3.1-3.js as a regression test now.
10182 (WTF::strtod): We also needed to sometimes accept trailing spaces to pass a few other tests that were
10183 broken by changing the default allowance of trailing junk in jsStrDecimalLiteral.
10185 * wtf/dtoa/double-conversion.cc: When the AdvanceToNonspace function was lifted out of the
10186 Chromium codebase, the person porting it only thought to check for spaces when skipping whitespace.
10187 A few of our JSC tests check for other types of trailing whitespace, so I've added checks for those
10188 here to cover those cases (horizontal tab, vertical tab, carriage return, form feed, and line feed).
10189 * wtf/text/WTFString.cpp:
10190 (WTF::toDoubleType): Disallow trailing spaces, as this breaks form input verification stuff.
10192 2012-03-13 Filip Pizlo <fpizlo@apple.com>
10194 Unreviewed, build fix since is_pod<> includes some header that I didn't know about.
10195 Removing the assert for now.
10197 * dfg/DFGOperations.h:
10198 * llint/LLIntSlowPaths.h:
10200 2012-03-13 Filip Pizlo <fpizlo@apple.com>
10202 Functions with C linkage should return POD types
10203 https://bugs.webkit.org/show_bug.cgi?id=81061
10205 Reviewed by Mark Rowe.
10207 * dfg/DFGOperations.h:
10208 * llint/LLIntSlowPaths.h:
10210 (SlowPathReturnType):
10211 (JSC::LLInt::encodeResult):
10213 2012-03-13 Filip Pizlo <fpizlo@apple.com>
10215 Loads from UInt32Arrays should not result in a double up-convert if it isn't necessary
10216 https://bugs.webkit.org/show_bug.cgi?id=80979
10217 <rdar://problem/11036848>
10219 Reviewed by Oliver Hunt.
10221 Also improved DFG IR dumping to include type information in a somewhat more
10224 * bytecode/PredictedType.cpp:
10225 (JSC::predictionToAbbreviatedString):
10227 * bytecode/PredictedType.h:
10229 * dfg/DFGAbstractState.cpp:
10230 (JSC::DFG::AbstractState::execute):
10231 * dfg/DFGGraph.cpp:
10232 (JSC::DFG::Graph::dump):
10233 * dfg/DFGPredictionPropagationPhase.cpp:
10234 (JSC::DFG::PredictionPropagationPhase::propagate):
10235 * dfg/DFGSpeculativeJIT.cpp:
10236 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
10237 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
10238 * dfg/DFGSpeculativeJIT.h:
10239 (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
10241 2012-03-13 George Staikos <staikos@webkit.org>
10243 The callback is only used if SA_RESTART is defined. Compile it out
10244 otherwise to avoid a warning.
10245 https://bugs.webkit.org/show_bug.cgi?id=80926
10247 Reviewed by Alexey Proskuryakov.
10249 * heap/MachineStackMarker.cpp:
10252 2012-03-13 Hojong Han <hojong.han@samsung.com>
10254 Dump the generated code for ARM_TRADITIONAL
10255 https://bugs.webkit.org/show_bug.cgi?id=80975
10257 Reviewed by Gavin Barraclough.
10259 * assembler/LinkBuffer.h:
10260 (JSC::LinkBuffer::dumpCode):
10262 2012-03-13 Adam Barth <abarth@webkit.org> && Benjamin Poulain <bpoulain@apple.com>
10264 Always enable ENABLE(CLIENT_BASED_GEOLOCATION)
10265 https://bugs.webkit.org/show_bug.cgi?id=78853
10267 Reviewed by Adam Barth.
10269 * Configurations/FeatureDefines.xcconfig:
10272 2012-03-13 Kwonjin Jeong <gram@company100.net>
10274 Remove SlotVisitor::copy() method.
10275 https://bugs.webkit.org/show_bug.cgi?id=80973
10277 Reviewed by Geoffrey Garen.
10279 SlotVisitor::copy() method isn't called anywhere.
10281 * heap/MarkStack.cpp: Remove definition of SlotVisitor::copy() method.
10282 * heap/SlotVisitor.h: Remove declaration of SlotVisitor::copy() method.
10284 2012-03-12 Hojong Han <hojong.han@samsung.com>
10286 Fix test cases for RegExp multiline
10287 https://bugs.webkit.org/show_bug.cgi?id=80822
10289 Reviewed by Gavin Barraclough.
10291 * tests/mozilla/js1_2/regexp/RegExp_multiline.js:
10292 * tests/mozilla/js1_2/regexp/RegExp_multiline_as_array.js:
10293 * tests/mozilla/js1_2/regexp/beginLine.js:
10294 * tests/mozilla/js1_2/regexp/endLine.js:
10296 2012-03-12 Filip Pizlo <fpizlo@apple.com>
10298 Arithmetic use inference should be procedure-global and should run in tandem
10299 with type propagation
10300 https://bugs.webkit.org/show_bug.cgi?id=80819
10301 <rdar://problem/11034006>
10303 Reviewed by Gavin Barraclough.
10306 * GNUmakefile.list.am:
10307 * JavaScriptCore.xcodeproj/project.pbxproj:
10309 * dfg/DFGArithNodeFlagsInferencePhase.cpp: Removed.
10310 * dfg/DFGArithNodeFlagsInferencePhase.h: Removed.
10311 * dfg/DFGDriver.cpp:
10312 (JSC::DFG::compile):
10313 * dfg/DFGPredictionPropagationPhase.cpp:
10314 (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
10315 (PredictionPropagationPhase):
10316 (JSC::DFG::PredictionPropagationPhase::isNotZero):
10317 (JSC::DFG::PredictionPropagationPhase::propagate):
10318 (JSC::DFG::PredictionPropagationPhase::mergeDefaultArithFlags):
10319 * dfg/DFGVariableAccessData.h:
10320 (JSC::DFG::VariableAccessData::VariableAccessData):
10321 (JSC::DFG::VariableAccessData::flags):
10322 (VariableAccessData):
10323 (JSC::DFG::VariableAccessData::mergeFlags):
10325 2012-03-12 Filip Pizlo <fpizlo@apple.com>
10327 Node::op and Node::flags should be private
10328 https://bugs.webkit.org/show_bug.cgi?id=80824
10329 <rdar://problem/11033435>
10331 Reviewed by Gavin Barraclough.
10334 * GNUmakefile.list.am:
10335 * JavaScriptCore.xcodeproj/project.pbxproj:
10337 * dfg/DFGAbstractState.cpp:
10338 (JSC::DFG::AbstractState::initialize):
10339 (JSC::DFG::AbstractState::execute):
10340 (JSC::DFG::AbstractState::mergeStateAtTail):
10341 (JSC::DFG::AbstractState::mergeToSuccessors):
10342 * dfg/DFGArithNodeFlagsInferencePhase.cpp:
10343 (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
10344 * dfg/DFGByteCodeParser.cpp:
10345 (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
10346 (JSC::DFG::ByteCodeParser::getLocal):
10347 (JSC::DFG::ByteCodeParser::getArgument):
10348 (JSC::DFG::ByteCodeParser::flushArgument):
10349 (JSC::DFG::ByteCodeParser::toInt32):
10350 (JSC::DFG::ByteCodeParser::isJSConstant):
10351 (JSC::DFG::ByteCodeParser::makeSafe):
10352 (JSC::DFG::ByteCodeParser::makeDivSafe):
10353 (JSC::DFG::ByteCodeParser::handleInlining):
10354 (JSC::DFG::ByteCodeParser::parseBlock):
10355 (JSC::DFG::ByteCodeParser::processPhiStack):
10356 (JSC::DFG::ByteCodeParser::linkBlock):
10357 * dfg/DFGCFAPhase.cpp:
10358 (JSC::DFG::CFAPhase::performBlockCFA):
10359 * dfg/DFGCSEPhase.cpp:
10360 (JSC::DFG::CSEPhase::canonicalize):
10361 (JSC::DFG::CSEPhase::endIndexForPureCSE):
10362 (JSC::DFG::CSEPhase::pureCSE):
10363 (JSC::DFG::CSEPhase::byValIsPure):
10364 (JSC::DFG::CSEPhase::clobbersWorld):
10365 (JSC::DFG::CSEPhase::impureCSE):
10366 (JSC::DFG::CSEPhase::globalVarLoadElimination):
10367 (JSC::DFG::CSEPhase::getByValLoadElimination):
10368 (JSC::DFG::CSEPhase::checkFunctionElimination):
10369 (JSC::DFG::CSEPhase::checkStructureLoadElimination):
10370 (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
10371 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
10372 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
10373 (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
10374 (JSC::DFG::CSEPhase::performNodeCSE):
10375 * dfg/DFGGraph.cpp:
10376 (JSC::DFG::Graph::dump):
10379 (JSC::DFG::Graph::addShouldSpeculateInteger):
10380 (JSC::DFG::Graph::negateShouldSpeculateInteger):
10381 (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
10382 * dfg/DFGNode.cpp: Removed.
10385 (JSC::DFG::Node::Node):
10387 (JSC::DFG::Node::op):
10388 (JSC::DFG::Node::flags):
10389 (JSC::DFG::Node::setOp):
10390 (JSC::DFG::Node::setFlags):
10391 (JSC::DFG::Node::mergeFlags):
10392 (JSC::DFG::Node::filterFlags):
10393 (JSC::DFG::Node::clearFlags):
10394 (JSC::DFG::Node::setOpAndDefaultFlags):
10395 (JSC::DFG::Node::mustGenerate):
10396 (JSC::DFG::Node::isConstant):
10397 (JSC::DFG::Node::isWeakConstant):
10398 (JSC::DFG::Node::valueOfJSConstant):
10399 (JSC::DFG::Node::hasVariableAccessData):
10400 (JSC::DFG::Node::hasIdentifier):
10401 (JSC::DFG::Node::resolveGlobalDataIndex):
10402 (JSC::DFG::Node::hasArithNodeFlags):
10403 (JSC::DFG::Node::arithNodeFlags):
10404 (JSC::DFG::Node::setArithNodeFlag):
10405 (JSC::DFG::Node::mergeArithNodeFlags):
10406 (JSC::DFG::Node::hasConstantBuffer):
10407 (JSC::DFG::Node::hasRegexpIndex):
10408 (JSC::DFG::Node::hasVarNumber):
10409 (JSC::DFG::Node::hasScopeChainDepth):
10410 (JSC::DFG::Node::hasResult):
10411 (JSC::DFG::Node::hasInt32Result):
10412 (JSC::DFG::Node::hasNumberResult):
10413 (JSC::DFG::Node::hasJSResult):
10414 (JSC::DFG::Node::hasBooleanResult):
10415 (JSC::DFG::Node::isJump):
10416 (JSC::DFG::Node::isBranch):
10417 (JSC::DFG::Node::isTerminal):
10418 (JSC::DFG::Node::hasHeapPrediction):
10419 (JSC::DFG::Node::hasFunctionCheckData):
10420 (JSC::DFG::Node::hasStructureTransitionData):
10421 (JSC::DFG::Node::hasStructureSet):
10422 (JSC::DFG::Node::hasStorageAccessData):
10423 (JSC::DFG::Node::hasFunctionDeclIndex):
10424 (JSC::DFG::Node::hasFunctionExprIndex):
10425 (JSC::DFG::Node::child1):
10426 (JSC::DFG::Node::child2):
10427 (JSC::DFG::Node::child3):
10428 (JSC::DFG::Node::firstChild):
10429 (JSC::DFG::Node::numChildren):
10430 * dfg/DFGNodeFlags.cpp: Copied from Source/JavaScriptCore/dfg/DFGNode.cpp.
10431 * dfg/DFGNodeFlags.h: Added.
10433 (JSC::DFG::nodeUsedAsNumber):
10434 (JSC::DFG::nodeCanTruncateInteger):
10435 (JSC::DFG::nodeCanIgnoreNegativeZero):
10436 (JSC::DFG::nodeMayOverflow):
10437 (JSC::DFG::nodeCanSpeculateInteger):
10438 * dfg/DFGNodeType.h: Added.
10440 (JSC::DFG::defaultFlags):
10441 * dfg/DFGPredictionPropagationPhase.cpp:
10442 (JSC::DFG::PredictionPropagationPhase::propagate):
10443 (JSC::DFG::PredictionPropagationPhase::vote):
10444 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
10445 (JSC::DFG::PredictionPropagationPhase::fixupNode):
10446 * dfg/DFGRedundantPhiEliminationPhase.cpp:
10447 (JSC::DFG::RedundantPhiEliminationPhase::run):
10448 (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
10449 (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
10450 * dfg/DFGSpeculativeJIT.cpp:
10451 (JSC::DFG::SpeculativeJIT::useChildren):
10452 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
10453 (JSC::DFG::SpeculativeJIT::compileMovHint):
10454 (JSC::DFG::SpeculativeJIT::compile):
10455 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
10456 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
10457 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
10458 (JSC::DFG::SpeculativeJIT::compileAdd):
10459 (JSC::DFG::SpeculativeJIT::compare):
10460 * dfg/DFGSpeculativeJIT.h:
10461 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
10462 * dfg/DFGSpeculativeJIT32_64.cpp:
10463 (JSC::DFG::SpeculativeJIT::emitCall):
10464 (JSC::DFG::SpeculativeJIT::compile):
10465 * dfg/DFGSpeculativeJIT64.cpp:
10466 (JSC::DFG::SpeculativeJIT::emitCall):
10467 (JSC::DFG::SpeculativeJIT::compile):
10468 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
10469 (JSC::DFG::VirtualRegisterAllocationPhase::run):
10471 2012-03-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
10473 Minor DataLog fixes
10474 https://bugs.webkit.org/show_bug.cgi?id=80826
10476 Reviewed by Andreas Kling.
10478 * bytecode/ExecutionCounter.cpp:
10479 Do not include DataLog.h, it is not used.
10481 * jit/ExecutableAllocator.cpp:
10485 (WTF::initializeLogFileOnce):
10486 Add missing semi-colon to the code path where DATA_LOG_FILENAME is defined.
10488 * wtf/HashTable.cpp:
10489 Include DataLog as it is used.
10491 2012-03-12 SangGyu Lee <sg5.lee@samsung.com>
10493 Integer overflow check code in arithmetic operation in classic interpreter
10494 https://bugs.webkit.org/show_bug.cgi?id=80465
10496 Reviewed by Gavin Barraclough.
10498 * interpreter/Interpreter.cpp:
10499 (JSC::Interpreter::privateExecute):
10501 2012-03-12 Zeno Albisser <zeno@webkit.org>
10503 [Qt][Mac] Build fails after enabling LLINT when JIT is disabled (r109863)
10504 https://bugs.webkit.org/show_bug.cgi?id=80827
10506 Qt on Mac uses OS(DARWIN) as well, but we do not want to enable LLINT.
10508 Reviewed by Simon Hausmann.
10512 2012-03-12 Simon Hausmann <simon.hausmann@nokia.com>
10514 Unreviewed prospective Qt/Mac build fix
10516 * runtime/JSGlobalData.cpp: use #USE(CF) instead of PLATFORM(MAC) to determine
10517 whether to include CoreFoundation headers, used for JIT configuration in JSGlobalData
10520 2012-03-12 Filip Pizlo <fpizlo@apple.com>
10522 All DFG nodes should have a mutable set of flags
10523 https://bugs.webkit.org/show_bug.cgi?id=80779
10524 <rdar://problem/11026218>
10526 Reviewed by Gavin Barraclough.
10528 Got rid of NodeId, and placed all of the flags that distinguished NodeId
10529 from NodeType into a separate Node::flags field. Combined what was previously
10530 ArithNodeFlags into Node::flags.
10532 In the process of debugging, I found that the debug support in the virtual
10533 register allocator was lacking, so I improved it. I also realized that the
10534 virtual register allocator was assuming that the nodes in a basic block were
10535 contiguous, which is no longer the case. So I fixed that. The fix also made
10536 it natural to have more extreme assertions, so I added them. I suspect this
10537 will make it easier to catch virtual register allocation bugs in the future.
10539 This is mostly performance neutral; if anything it looks like a slight
10542 This patch does leave some work for future refactorings; for example, Node::op
10543 is unencapsulated. This was already the case, though now it feels even more
10544 like it should be. I avoided doing that because this patch has already grown
10545 way bigger than I wanted.
10547 Finally, this patch creates a DFGNode.cpp file and makes a slight effort to
10548 move some unnecessarily inline stuff out of DFGNode.h.
10551 * GNUmakefile.list.am:
10552 * JavaScriptCore.xcodeproj/project.pbxproj:
10554 * dfg/DFGArithNodeFlagsInferencePhase.cpp:
10555 (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
10556 * dfg/DFGByteCodeParser.cpp:
10557 (JSC::DFG::ByteCodeParser::addToGraph):
10558 (JSC::DFG::ByteCodeParser::makeSafe):
10559 (JSC::DFG::ByteCodeParser::makeDivSafe):
10560 (JSC::DFG::ByteCodeParser::handleMinMax):
10561 (JSC::DFG::ByteCodeParser::handleIntrinsic):
10562 (JSC::DFG::ByteCodeParser::parseBlock):
10563 * dfg/DFGCFAPhase.cpp:
10564 (JSC::DFG::CFAPhase::performBlockCFA):
10565 * dfg/DFGCSEPhase.cpp:
10566 (JSC::DFG::CSEPhase::endIndexForPureCSE):
10567 (JSC::DFG::CSEPhase::pureCSE):
10568 (JSC::DFG::CSEPhase::clobbersWorld):
10569 (JSC::DFG::CSEPhase::impureCSE):
10570 (JSC::DFG::CSEPhase::setReplacement):
10571 (JSC::DFG::CSEPhase::eliminate):
10572 (JSC::DFG::CSEPhase::performNodeCSE):
10573 (JSC::DFG::CSEPhase::performBlockCSE):
10575 * dfg/DFGGraph.cpp:
10576 (JSC::DFG::Graph::opName):
10577 (JSC::DFG::Graph::dump):
10579 * dfg/DFGNode.cpp: Added.
10581 (JSC::DFG::arithNodeFlagsAsString):
10584 (JSC::DFG::nodeUsedAsNumber):
10585 (JSC::DFG::nodeCanTruncateInteger):
10586 (JSC::DFG::nodeCanIgnoreNegativeZero):
10587 (JSC::DFG::nodeMayOverflow):
10588 (JSC::DFG::nodeCanSpeculateInteger):
10589 (JSC::DFG::defaultFlags):
10590 (JSC::DFG::Node::Node):
10592 (JSC::DFG::Node::setOpAndDefaultFlags):
10593 (JSC::DFG::Node::mustGenerate):
10594 (JSC::DFG::Node::arithNodeFlags):
10595 (JSC::DFG::Node::setArithNodeFlag):
10596 (JSC::DFG::Node::mergeArithNodeFlags):
10597 (JSC::DFG::Node::hasResult):
10598 (JSC::DFG::Node::hasInt32Result):
10599 (JSC::DFG::Node::hasNumberResult):
10600 (JSC::DFG::Node::hasJSResult):
10601 (JSC::DFG::Node::hasBooleanResult):
10602 (JSC::DFG::Node::isJump):
10603 (JSC::DFG::Node::isBranch):
10604 (JSC::DFG::Node::isTerminal):
10605 (JSC::DFG::Node::child1):
10606 (JSC::DFG::Node::child2):
10607 (JSC::DFG::Node::child3):
10608 (JSC::DFG::Node::firstChild):
10609 (JSC::DFG::Node::numChildren):
10610 * dfg/DFGPredictionPropagationPhase.cpp:
10611 (JSC::DFG::PredictionPropagationPhase::propagate):
10612 (JSC::DFG::PredictionPropagationPhase::vote):
10613 (JSC::DFG::PredictionPropagationPhase::fixupNode):
10614 * dfg/DFGScoreBoard.h:
10616 (JSC::DFG::ScoreBoard::~ScoreBoard):
10617 (JSC::DFG::ScoreBoard::assertClear):
10618 (JSC::DFG::ScoreBoard::use):
10619 * dfg/DFGSpeculativeJIT.cpp:
10620 (JSC::DFG::SpeculativeJIT::useChildren):
10621 * dfg/DFGSpeculativeJIT32_64.cpp:
10622 (JSC::DFG::SpeculativeJIT::compile):
10623 * dfg/DFGSpeculativeJIT64.cpp:
10624 (JSC::DFG::SpeculativeJIT::compile):
10625 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
10626 (JSC::DFG::VirtualRegisterAllocationPhase::run):
10628 2012-03-10 Filip Pizlo <fpizlo@apple.com>
10630 LLInt should support JSVALUE64
10631 https://bugs.webkit.org/show_bug.cgi?id=79609
10632 <rdar://problem/10063437>
10634 Reviewed by Gavin Barraclough and Oliver Hunt.
10636 Ported the LLInt, which previously only worked on 32-bit, to 64-bit. This
10637 patch moves a fair bit of code from LowLevelInterpreter32_64.asm to the common
10638 file, LowLevelInterpreter.asm. About 1/3 of the LLInt did not have to be
10639 specialized for value representation.
10641 Also made some minor changes to offlineasm and the slow-paths.
10643 * llint/LLIntData.cpp:
10644 (JSC::LLInt::Data::performAssertions):
10645 * llint/LLIntEntrypoints.cpp:
10646 * llint/LLIntSlowPaths.cpp:
10648 (JSC::LLInt::llint_trace_value):
10649 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
10650 (JSC::LLInt::jitCompileAndSetHeuristics):
10651 * llint/LLIntSlowPaths.h:
10653 (SlowPathReturnType):
10654 (JSC::LLInt::SlowPathReturnType::SlowPathReturnType):
10655 (JSC::LLInt::encodeResult):
10656 * llint/LLIntThunks.cpp:
10657 * llint/LowLevelInterpreter.asm:
10658 * llint/LowLevelInterpreter32_64.asm:
10659 * llint/LowLevelInterpreter64.asm:
10660 * offlineasm/armv7.rb:
10661 * offlineasm/asm.rb:
10662 * offlineasm/ast.rb:
10663 * offlineasm/backends.rb:
10664 * offlineasm/instructions.rb:
10665 * offlineasm/parser.rb:
10666 * offlineasm/registers.rb:
10667 * offlineasm/transform.rb:
10668 * offlineasm/x86.rb:
10671 2012-03-10 Yong Li <yoli@rim.com>
10673 Web Worker crashes with WX_EXCLUSIVE
10674 https://bugs.webkit.org/show_bug.cgi?id=80532
10676 Let each JS global object own a meta allocator
10677 for WX_EXCLUSIVE to avoid conflicts from Web Worker.
10678 Also fix a mutex leak in MetaAllocator's dtor.
10680 Reviewed by Filip Pizlo.
10682 * jit/ExecutableAllocator.cpp:
10683 (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
10684 (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
10685 (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
10686 (DemandExecutableAllocator):
10687 (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
10688 (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
10689 (JSC::DemandExecutableAllocator::allocateNewSpace):
10690 (JSC::DemandExecutableAllocator::allocators):
10691 (JSC::DemandExecutableAllocator::allocatorsMutex):
10693 (JSC::ExecutableAllocator::initializeAllocator):
10694 (JSC::ExecutableAllocator::ExecutableAllocator):
10695 (JSC::ExecutableAllocator::underMemoryPressure):
10696 (JSC::ExecutableAllocator::memoryPressureMultiplier):
10697 (JSC::ExecutableAllocator::allocate):
10698 (JSC::ExecutableAllocator::committedByteCount):
10699 (JSC::ExecutableAllocator::dumpProfile):
10700 * jit/ExecutableAllocator.h:
10702 (ExecutableAllocator):
10703 (JSC::ExecutableAllocator::allocator):
10704 * wtf/MetaAllocator.h:
10705 (WTF::MetaAllocator::~MetaAllocator): Finalize the spin lock.
10706 * wtf/TCSpinLock.h:
10707 (TCMalloc_SpinLock::Finalize): Add empty Finalize() to some implementations.
10709 2012-03-09 Gavin Barraclough <barraclough@apple.com>
10711 Object.freeze broken on latest Nightly
10712 https://bugs.webkit.org/show_bug.cgi?id=80577
10714 Reviewed by Oliver Hunt.
10716 The problem here is that deleteProperty rejects deletion of prototype.
10717 This is correct in most cases, however defineOwnPropery is presently
10718 implemented internally to ensure the attributes change by deleting the
10719 old property, and creating a new one.
10721 * runtime/JSFunction.cpp:
10722 (JSC::JSFunction::deleteProperty):
10723 - If deletePropery is called via defineOwnPropery, allow old prototype to be removed.
10725 2012-03-09 Gavin Barraclough <barraclough@apple.com>
10727 Array.prototype.toLocaleString visits elements in wrong order under certain conditions
10728 https://bugs.webkit.org/show_bug.cgi?id=80663
10730 Reviewed by Michael Saboff.
10732 The bug here is actually that we're continuing to process the array after an exception
10733 has been thrown, and that the second value throw is overriding the first.
10735 * runtime/ArrayPrototype.cpp:
10736 (JSC::arrayProtoFuncToLocaleString):
10738 2012-03-09 Ryosuke Niwa <rniwa@webkit.org>
10740 WebKit compiled by gcc (Xcode 3.2.6) hangs while running DOM/Accessors.html
10741 https://bugs.webkit.org/show_bug.cgi?id=80080
10743 Reviewed by Filip Pizlo.
10745 * bytecode/SamplingTool.cpp:
10746 (JSC::SamplingRegion::Locker::Locker):
10747 (JSC::SamplingRegion::Locker::~Locker):
10748 * bytecode/SamplingTool.h:
10749 (JSC::SamplingRegion::exchangeCurrent):
10752 (WTF::weakCompareAndSwap):
10753 (WTF::weakCompareAndSwapUIntPtr):
10755 2012-03-09 Gavin Barraclough <barraclough@apple.com>
10757 REGRESSION: Date.parse("Tue Nov 23 20:40:05 2010 GMT") returns NaN
10758 https://bugs.webkit.org/show_bug.cgi?id=49989
10760 Reviewed by Oliver Hunt.
10762 Patch originally by chris reiss <christopher.reiss@nokia.com>,
10763 allow the year to appear before the timezone in date strings.
10765 * wtf/DateMath.cpp:
10766 (WTF::parseDateFromNullTerminatedCharacters):
10768 2012-03-09 Mark Rowe <mrowe@apple.com>
10770 Ensure that the WTF headers are copied at installhdrs time.
10772 Reviewed by Dan Bernstein and Jessie Berlin.
10774 * Configurations/JavaScriptCore.xcconfig: Set INSTALLHDRS_SCRIPT_PHASE = YES
10775 so that our script phases are invoked at installhdrs time. The only one that
10776 does any useful work at that time is the one that installs WTF headers.
10778 2012-03-09 Jon Lee <jonlee@apple.com>
10780 Add support for ENABLE(LEGACY_NOTIFICATIONS)
10781 https://bugs.webkit.org/show_bug.cgi?id=80497
10783 Reviewed by Adam Barth.
10785 Prep for b80472: Update API for Web Notifications
10786 * Configurations/FeatureDefines.xcconfig:
10788 2012-03-09 Ashod Nakashian <ashodnakashian@yahoo.com>
10790 Bash scripts should support LF endings only
10791 https://bugs.webkit.org/show_bug.cgi?id=79509
10793 Reviewed by David Kilzer.
10795 * gyp/generate-derived-sources.sh: Added property svn:eol-style.
10796 * gyp/run-if-exists.sh: Added property svn:eol-style.
10797 * gyp/update-info-plist.sh: Added property svn:eol-style.
10799 2012-03-09 Jessie Berlin <jberlin@apple.com>
10801 Windows debug build fix.
10803 * assembler/MacroAssembler.h:
10804 (JSC::MacroAssembler::shouldBlind):
10805 Fix unreachable code warnings (which we treat as errors).
10807 2012-03-09 Thouraya ANDOLSI <thouraya.andolsi@st.com>
10809 Reviewed by Zoltan Herczeg.
10811 [Qt] Fix the SH4 build after r109834
10812 https://bugs.webkit.org/show_bug.cgi?id=80492
10814 * assembler/MacroAssemblerSH4.h:
10815 (JSC::MacroAssemblerSH4::branchAdd32):
10816 (JSC::MacroAssemblerSH4::branchSub32):
10818 2012-03-09 Andy Wingo <wingo@igalia.com>
10820 Refactor code feature analysis in the parser
10821 https://bugs.webkit.org/show_bug.cgi?id=79112
10823 Reviewed by Geoffrey Garen.
10825 This commit refactors the parser to more uniformly propagate flag
10826 bits down and up the parse process, as the parser descends and
10827 returns into nested blocks. Some flags get passed town to
10828 subscopes, some apply to specific scopes only, and some get
10829 unioned up after parsing subscopes.
10831 The goal is to eventually be very precise with scoping
10832 information, once we have block scopes: one block scope might use
10833 `eval', which would require the emission of a symbol table within
10834 that block and containing blocks, whereas another block in the
10835 same function might not, allowing us to not emit a symbol table.
10838 (JSC::ScopeFlags): Rename from CodeFeatures.
10839 (JSC::ScopeNode::addScopeFlags):
10840 (JSC::ScopeNode::scopeFlags): New accessors for m_scopeFlags.
10841 (JSC::ScopeNode::isStrictMode):
10842 (JSC::ScopeNode::usesEval):
10843 (JSC::ScopeNode::usesArguments):
10844 (JSC::ScopeNode::setUsesArguments):
10845 (JSC::ScopeNode::usesThis):
10846 (JSC::ScopeNode::needsActivationForMoreThanVariables):
10847 (JSC::ScopeNode::needsActivation): Refactor these accessors to
10848 operate on the m_scopeFlags member.
10849 (JSC::ScopeNode::source):
10850 (JSC::ScopeNode::sourceURL):
10851 (JSC::ScopeNode::sourceID): Shuffle these definitions around; no
10853 (JSC::ScopeNode::ScopeNode)
10854 (JSC::ProgramNode::ProgramNode)
10855 (JSC::EvalNode::EvalNode)
10856 (JSC::FunctionBodyNode::FunctionBodyNode): Have these constructors
10857 take a ScopeFlags as an argument, instead of a bool inStrictContext.
10859 * parser/Nodes.cpp:
10860 (JSC::ScopeNode::ScopeNode):
10861 (JSC::ProgramNode::ProgramNode):
10862 (JSC::ProgramNode::create):
10863 (JSC::EvalNode::EvalNode):
10864 (JSC::EvalNode::create):
10865 (JSC::FunctionBodyNode::FunctionBodyNode):
10866 (JSC::FunctionBodyNode::create): Adapt constructors to change.
10868 * parser/ASTBuilder.h:
10869 (JSC::ASTBuilder::ASTBuilder):
10870 (JSC::ASTBuilder::thisExpr):
10871 (JSC::ASTBuilder::createResolve):
10872 (JSC::ASTBuilder::createFunctionBody):
10873 (JSC::ASTBuilder::createFuncDeclStatement):
10874 (JSC::ASTBuilder::createTryStatement):
10875 (JSC::ASTBuilder::createWithStatement):
10876 (JSC::ASTBuilder::addVar):
10877 (JSC::ASTBuilder::Scope::Scope):
10880 (JSC::ASTBuilder::makeFunctionCallNode): Don't track scope
10881 features here. Instead rely on the base Parser mechanism to track
10884 * parser/NodeInfo.h (NodeInfo, NodeDeclarationInfo): "ScopeFlags".
10887 (JSC::Scope::Scope): Manage scope through flags, not
10888 bit-booleans. This lets us uniformly propagate them up and down.
10889 (JSC::Scope::declareWrite):
10890 (JSC::Scope::declareParameter):
10891 (JSC::Scope::useVariable):
10892 (JSC::Scope::collectFreeVariables):
10893 (JSC::Scope::getCapturedVariables):
10894 (JSC::Scope::saveFunctionInfo):
10895 (JSC::Scope::restoreFunctionInfo):
10896 (JSC::Parser::pushScope): Adapt to use scope flags and their
10897 accessors instead of bit-booleans.
10898 * parser/Parser.cpp:
10900 (JSC::::parseInner):
10901 (JSC::::didFinishParsing):
10902 (JSC::::parseSourceElements):
10903 (JSC::::parseVarDeclarationList):
10904 (JSC::::parseConstDeclarationList):
10905 (JSC::::parseWithStatement):
10906 (JSC::::parseTryStatement):
10907 (JSC::::parseFunctionBody):
10908 (JSC::::parseFunctionInfo):
10909 (JSC::::parseFunctionDeclaration):
10910 (JSC::::parsePrimaryExpression): Hoist some of the flag handling
10911 out of the "context" (ASTBuilder or SyntaxChecker) and to here.
10912 Does not seem to have a performance impact.
10914 * parser/SourceProviderCacheItem.h (SourceProviderCacheItem):
10915 Cache the scopeflags.
10916 * parser/SyntaxChecker.h: Remove evalCount() decl.
10918 * runtime/Executable.cpp:
10919 (JSC::EvalExecutable::compileInternal):
10920 (JSC::ProgramExecutable::compileInternal):
10921 (JSC::FunctionExecutable::produceCodeBlockFor):
10922 * runtime/Executable.h:
10923 (JSC::ScriptExecutable::ScriptExecutable):
10924 (JSC::ScriptExecutable::usesEval):
10925 (JSC::ScriptExecutable::usesArguments):
10926 (JSC::ScriptExecutable::needsActivation):
10927 (JSC::ScriptExecutable::isStrictMode):
10928 (JSC::ScriptExecutable::recordParse):
10929 (ScriptExecutable): ScopeFlags, not features.
10931 2012-03-08 Benjamin Poulain <bpoulain@apple.com>
10933 Build fix for MSVC after r110266
10935 Unreviewed. A #ifdef for MSVC was left over in r110266.
10937 * runtime/RegExpObject.h:
10940 2012-03-08 Benjamin Poulain <bpoulain@apple.com>
10942 Allocate the RegExpObject's data with the Cell
10943 https://bugs.webkit.org/show_bug.cgi?id=80654
10945 Reviewed by Gavin Barraclough.
10947 This patch removes the creation of RegExpObject's data to avoid the overhead
10948 create by the allocation and destruction.
10950 We RegExp are created repeatedly, this provides some performance improvment.
10951 The PeaceKeeper test stringDetectBrowser improves by 10%.
10953 * runtime/RegExpObject.cpp:
10954 (JSC::RegExpObject::RegExpObject):
10955 (JSC::RegExpObject::visitChildren):
10956 (JSC::RegExpObject::getOwnPropertyDescriptor):
10957 (JSC::RegExpObject::defineOwnProperty):
10958 (JSC::RegExpObject::match):
10959 * runtime/RegExpObject.h:
10960 (JSC::RegExpObject::setRegExp):
10961 (JSC::RegExpObject::regExp):
10962 (JSC::RegExpObject::setLastIndex):
10963 (JSC::RegExpObject::getLastIndex):
10966 2012-03-08 Steve Falkenburg <sfalken@apple.com>
10968 Separate WTF parts of JavaScriptCoreGenerated into WTFGenerated for Windows build
10969 https://bugs.webkit.org/show_bug.cgi?id=80657
10971 Preparation for WTF separation from JavaScriptCore.
10972 The "Generated" vcproj files on Windows are necessary so Visual Studio can calculate correct
10973 dependencies for generated files.
10975 This also removes the PGO build targets from the WTF code, since we can't build instrumentation/optimization
10976 versions of the WTF code independent of the JavaScriptCore code.
10978 Reviewed by Jessie Berlin.
10980 * JavaScriptCore.vcproj/JavaScriptCore.sln: Add WTFGenerated, update dependent projects.
10981 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make: Removed WTF specific parts.
10982 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj: Removed WTF specific parts.
10983 * JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh: Removed WTF specific parts.
10984 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd: Removed WTF specific parts.
10985 * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Removed.
10986 * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Add WTFGenerated, update dependent projects.
10987 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Remove PGO targets from WTF.
10988 * JavaScriptCore.vcproj/WTF/WTFGenerated.make: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make.
10989 * JavaScriptCore.vcproj/WTF/WTFGenerated.vcproj: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj.
10990 * JavaScriptCore.vcproj/WTF/WTFGeneratedCommon.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedCommon.vsprops.
10991 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebug.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops.
10992 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugAll.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops.
10993 * JavaScriptCore.vcproj/WTF/WTFGeneratedDebugCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops.
10994 * JavaScriptCore.vcproj/WTF/WTFGeneratedProduction.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops.
10995 * JavaScriptCore.vcproj/WTF/WTFGeneratedRelease.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops.
10996 * JavaScriptCore.vcproj/WTF/WTFGeneratedReleaseCairoCFLite.vsprops: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops.
10997 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops: Removed.
10998 * JavaScriptCore.vcproj/WTF/build-generated-files.sh: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/build-generated-files.sh.
10999 * JavaScriptCore.vcproj/WTF/copy-files.cmd: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd.
11000 * JavaScriptCore.vcproj/WTF/work-around-vs-dependency-tracking-bugs.py: Copied from Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py.
11002 2012-03-08 Benjamin Poulain <benjamin@webkit.org>
11004 Fix the build of WebKit with WTFURL following the removal of ForwardingHeaders/wtf
11005 https://bugs.webkit.org/show_bug.cgi?id=80652
11007 Reviewed by Eric Seidel.
11009 Fix the header, URLSegments.h is not part of the API.
11011 * wtf/url/api/ParsedURL.h:
11013 2012-03-08 Ryosuke Niwa <rniwa@webkit.org>
11015 Mac build fix for micro data API.
11017 * Configurations/FeatureDefines.xcconfig:
11019 2012-03-08 Gavin Barraclough <barraclough@apple.com>
11021 String.prototype.match and replace do not clear global regexp lastIndex per ES5.1 15.5.4.10
11022 https://bugs.webkit.org/show_bug.cgi?id=26890
11024 Reviewed by Oliver Hunt.
11026 Per 15.10.6.2 step 9.a.1 called via the action of the last iteration of 15.5.4.10 8.f.i.
11028 * runtime/StringPrototype.cpp:
11029 (JSC::replaceUsingRegExpSearch):
11030 (JSC::stringProtoFuncMatch):
11031 - added calls to setLastIndex.
11033 2012-03-08 Matt Lilek <mrl@apple.com>
11035 Don't enable VIDEO_TRACK on all OS X platforms
11036 https://bugs.webkit.org/show_bug.cgi?id=80635
11038 Reviewed by Eric Carlson.
11040 * Configurations/FeatureDefines.xcconfig:
11042 2012-03-08 Oliver Hunt <oliver@apple.com>
11044 Build fix. That day is not today.
11046 * assembler/MacroAssembler.h:
11047 (JSC::MacroAssembler::shouldBlind):
11048 * assembler/MacroAssemblerX86Common.h:
11049 (MacroAssemblerX86Common):
11050 (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
11052 2012-03-08 Oliver Hunt <oliver@apple.com>
11054 Build fix. One of these days I'll manage to commit something that works everywhere.
11056 * assembler/AbstractMacroAssembler.h:
11057 (AbstractMacroAssembler):
11058 * assembler/MacroAssemblerARMv7.h:
11059 (MacroAssemblerARMv7):
11060 * assembler/MacroAssemblerX86Common.h:
11061 (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
11062 (MacroAssemblerX86Common):
11064 2012-03-08 Chao-ying Fu <fu@mips.com>
11066 Update MIPS patchOffsetGetByIdSlowCaseCall
11067 https://bugs.webkit.org/show_bug.cgi?id=80302
11069 Reviewed by Oliver Hunt.
11074 2012-03-08 Oliver Hunt <oliver@apple.com>
11076 Missing some places where we should be blinding 64bit values (and blinding something we shouldn't)
11077 https://bugs.webkit.org/show_bug.cgi?id=80633
11079 Reviewed by Gavin Barraclough.
11081 Add 64-bit trap for shouldBlindForSpecificArch, so that we always blind
11082 if there isn't a machine specific implementation (otherwise the 64bit value
11083 got truncated and 32bit checks were used -- leaving 32bits untested).
11084 Also add a bit of logic to ensure that we don't try to blind a few common
11085 constants that go through the ImmPtr paths -- encoded numeric JSValues and
11086 unencoded doubles with common "safe" values.
11088 * assembler/AbstractMacroAssembler.h:
11089 (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
11090 * assembler/MacroAssembler.h:
11091 (JSC::MacroAssembler::shouldBlindDouble):
11093 (JSC::MacroAssembler::shouldBlind):
11094 * assembler/MacroAssemblerX86Common.h:
11095 (JSC::MacroAssemblerX86Common::shouldBlindForSpecificArch):
11097 2012-03-08 Mark Rowe <mrowe@apple.com>
11099 <rdar://problem/11012572> Ensure that the staged frameworks path is in the search path for JavaScriptCore
11101 Reviewed by Dan Bernstein.
11103 * Configurations/Base.xcconfig:
11105 2012-03-08 Steve Falkenburg <sfalken@apple.com>
11107 Fix line endings for copy-files.cmd.
11109 If a cmd file doesn't have Windows line endings, it doesn't work properly.
11110 In this case, the label :clean wasn't found, breaking the clean build.
11112 Reviewed by Jessie Berlin.
11114 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
11116 2012-03-07 Filip Pizlo <fpizlo@apple.com>
11118 DFG CFA incorrectly handles ValueToInt32
11119 https://bugs.webkit.org/show_bug.cgi?id=80568
11121 Reviewed by Gavin Barraclough.
11123 Changed it match exactly the decision pattern used in
11124 DFG::SpeculativeJIT::compileValueToInt32
11126 * dfg/DFGAbstractState.cpp:
11127 (JSC::DFG::AbstractState::execute):
11129 2012-03-08 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
11131 [Qt] [WK2] Webkit fails to link when compiled with force_static_libs_as_shared
11132 https://bugs.webkit.org/show_bug.cgi?id=80524
11134 Reviewed by Simon Hausmann.
11136 Move IdentifierTable methods defintion to WTFThreadData.cpp to fix linking
11139 * runtime/Identifier.cpp:
11140 * wtf/WTFThreadData.cpp:
11142 (JSC::IdentifierTable::~IdentifierTable):
11143 (JSC::IdentifierTable::add):
11145 2012-03-08 Filip Pizlo <fpizlo@apple.com>
11147 DFG instruction count threshold should be lifted to 10000
11148 https://bugs.webkit.org/show_bug.cgi?id=80579
11150 Reviewed by Gavin Barraclough.
11152 * runtime/Options.cpp:
11153 (JSC::Options::initializeOptions):
11155 2012-03-07 Filip Pizlo <fpizlo@apple.com>
11157 Incorrect tracking of abstract values of variables forced double
11158 https://bugs.webkit.org/show_bug.cgi?id=80566
11159 <rdar://problem/11001442>
11161 Reviewed by Gavin Barraclough.
11163 * dfg/DFGAbstractState.cpp:
11164 (JSC::DFG::AbstractState::mergeStateAtTail):
11166 2012-03-07 Chao-yng Fu <fu@mips.com>
11168 [Qt] Fix the MIPS/SH4 build after r109834
11169 https://bugs.webkit.org/show_bug.cgi?id=80492
11171 Reviewed by Oliver Hunt.
11173 Implement three-argument branch(Add,Sub)32.
11175 * assembler/MacroAssemblerMIPS.h:
11176 (JSC::MacroAssemblerMIPS::add32):
11177 (MacroAssemblerMIPS):
11178 (JSC::MacroAssemblerMIPS::sub32):
11179 (JSC::MacroAssemblerMIPS::branchAdd32):
11180 (JSC::MacroAssemblerMIPS::branchSub32):
11182 2012-03-07 Sheriff Bot <webkit.review.bot@gmail.com>
11184 Unreviewed, rolling out r110127.
11185 http://trac.webkit.org/changeset/110127
11186 https://bugs.webkit.org/show_bug.cgi?id=80562
11188 compile failed on AppleWin (Requested by ukai on #webkit).
11191 (JSC::Heap::collectAllGarbage):
11195 * runtime/Executable.cpp:
11196 (JSC::FunctionExecutable::FunctionExecutable):
11197 (JSC::FunctionExecutable::finalize):
11198 * runtime/Executable.h:
11199 (FunctionExecutable):
11200 (JSC::FunctionExecutable::create):
11201 * runtime/JSGlobalData.cpp:
11204 (WTF::Recompiler::operator()):
11205 (JSC::JSGlobalData::recompileAllJSFunctions):
11207 * runtime/JSGlobalData.h:
11209 * runtime/JSGlobalObject.cpp:
11210 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope):
11212 2012-03-07 Hojong Han <hojong.han@samsung.com>
11214 The end atom of the marked block considered to filter invalid cells
11215 https://bugs.webkit.org/show_bug.cgi?id=79191
11217 Reviewed by Geoffrey Garen.
11219 Register file could have stale pointers beyond the end atom of marked block.
11220 Those pointers can weasel out of filtering in-middle-of-cell pointer.
11222 * heap/MarkedBlock.h:
11223 (JSC::MarkedBlock::isLiveCell):
11225 2012-03-07 Jessie Berlin <jberlin@apple.com>
11227 Clean Windows build fails after r110033
11228 https://bugs.webkit.org/show_bug.cgi?id=80553
11230 Rubber-stamped by Jon Honeycutt and Eric Seidel.
11232 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
11233 Place the implementation files next to their header files in the wtf/text subdirectory.
11234 Use echo -F to tell xcopy that these are files (since there is apparently no flag).
11235 * JavaScriptCore.vcproj/jsc/jsc.vcproj:
11236 Update the path to those implementation files.
11237 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj:
11240 2012-03-07 Yuqiang Xian <yuqiang.xian@intel.com>
11242 Eliminate redundant Phis in DFG
11243 https://bugs.webkit.org/show_bug.cgi?id=80415
11245 Reviewed by Filip Pizlo.
11247 Although this may not have any advantage at current stage, this is towards
11248 minimal SSA to make more high level optimizations (like bug 76770) easier.
11249 We have the choices either to build minimal SSA from scratch or to
11250 keep current simple Phi insertion mechanism and remove the redundancy
11251 in another phase. Currently we choose the latter because the change
11255 * GNUmakefile.list.am:
11256 * JavaScriptCore.xcodeproj/project.pbxproj:
11258 * dfg/DFGDriver.cpp:
11259 (JSC::DFG::compile):
11260 * dfg/DFGGraph.cpp:
11261 (JSC::DFG::Graph::dump):
11262 * dfg/DFGRedundantPhiEliminationPhase.cpp: Added.
11264 (RedundantPhiEliminationPhase):
11265 (JSC::DFG::RedundantPhiEliminationPhase::RedundantPhiEliminationPhase):
11266 (JSC::DFG::RedundantPhiEliminationPhase::run):
11267 (JSC::DFG::RedundantPhiEliminationPhase::getRedundantReplacement):
11268 (JSC::DFG::RedundantPhiEliminationPhase::replacePhiChild):
11269 (JSC::DFG::RedundantPhiEliminationPhase::fixupPhis):
11270 (JSC::DFG::RedundantPhiEliminationPhase::updateBlockVariableInformation):
11271 (JSC::DFG::performRedundantPhiElimination):
11272 * dfg/DFGRedundantPhiEliminationPhase.h: Added.
11275 2012-03-07 Mark Hahnenberg <mhahnenberg@apple.com>
11277 Refactor recompileAllJSFunctions() to be less expensive
11278 https://bugs.webkit.org/show_bug.cgi?id=80330
11280 Reviewed by Geoffrey Garen.
11282 This change is performance neutral on the JS benchmarks we track. It's mostly to improve page
11283 load performance, which currently does at least a couple full GCs per navigation.
11286 (JSC::Heap::discardAllCompiledCode): Rename recompileAllJSFunctions to discardAllCompiledCode
11287 because the function doesn't actually recompile anything (and never did); it simply throws code
11288 away for it to be recompiled later if we determine we should do so.
11290 (JSC::Heap::collectAllGarbage):
11291 (JSC::Heap::addFunctionExecutable): Adds a newly created FunctionExecutable to the Heap's list.
11292 (JSC::Heap::removeFunctionExecutable): Removes the specified FunctionExecutable from the Heap's list.
11296 * runtime/Executable.cpp: Added next and prev fields to FunctionExecutables so that they can
11297 be used in DoublyLinkedLists.
11298 (JSC::FunctionExecutable::FunctionExecutable):
11299 (JSC::FunctionExecutable::finalize): Removes the FunctionExecutable from the Heap's list.
11300 * runtime/Executable.h:
11301 (FunctionExecutable):
11302 (JSC::FunctionExecutable::create): Adds the FunctionExecutable to the Heap's list.
11303 * runtime/JSGlobalData.cpp: Remove recompileAllJSFunctions, as it's the Heap's job to own and manage
11304 the list of FunctionExecutables.
11305 * runtime/JSGlobalData.h:
11307 * runtime/JSGlobalObject.cpp:
11308 (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Use the new discardAllCompiledCode.
11310 2012-03-06 Oliver Hunt <oliver@apple.com>
11312 Further harden 64-bit JIT
11313 https://bugs.webkit.org/show_bug.cgi?id=80457
11315 Reviewed by Filip Pizlo.
11317 This patch implements blinding for ImmPtr. Rather than xor based blinding
11318 we perform randomised pointer rotations in order to avoid the significant
11319 cost in executable memory that would otherwise be necessary (and to avoid
11320 the need for an additional scratch register in some cases).
11322 As with the prior blinding patch there's a moderate amount of noise as we
11323 correct the use of ImmPtr vs. TrustedImmPtr.
11325 * assembler/AbstractMacroAssembler.h:
11327 (JSC::AbstractMacroAssembler::ImmPtr::asTrustedImmPtr):
11328 * assembler/MacroAssembler.h:
11330 (JSC::MacroAssembler::storePtr):
11331 (JSC::MacroAssembler::branchPtr):
11332 (JSC::MacroAssembler::shouldBlind):
11333 (JSC::MacroAssembler::RotatedImmPtr::RotatedImmPtr):
11335 (JSC::MacroAssembler::rotationBlindConstant):
11336 (JSC::MacroAssembler::loadRotationBlindedConstant):
11337 (JSC::MacroAssembler::convertInt32ToDouble):
11338 (JSC::MacroAssembler::move):
11339 (JSC::MacroAssembler::poke):
11340 * assembler/MacroAssemblerARMv7.h:
11341 (JSC::MacroAssemblerARMv7::storeDouble):
11342 (JSC::MacroAssemblerARMv7::branchAdd32):
11343 * assembler/MacroAssemblerX86_64.h:
11344 (MacroAssemblerX86_64):
11345 (JSC::MacroAssemblerX86_64::rotateRightPtr):
11346 (JSC::MacroAssemblerX86_64::xorPtr):
11347 * assembler/X86Assembler.h:
11349 (JSC::X86Assembler::xorq_rm):
11350 (JSC::X86Assembler::rorq_i8r):
11351 * dfg/DFGCCallHelpers.h:
11353 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
11354 * dfg/DFGOSRExitCompiler32_64.cpp:
11355 (JSC::DFG::OSRExitCompiler::compileExit):
11356 * dfg/DFGOSRExitCompiler64.cpp:
11357 (JSC::DFG::OSRExitCompiler::compileExit):
11358 * dfg/DFGSpeculativeJIT.cpp:
11359 (JSC::DFG::SpeculativeJIT::createOSREntries):
11360 * dfg/DFGSpeculativeJIT.h:
11361 (JSC::DFG::SpeculativeJIT::silentFillGPR):
11362 (JSC::DFG::SpeculativeJIT::callOperation):
11363 (JSC::DFG::SpeculativeJIT::emitEdgeCode):
11364 * dfg/DFGSpeculativeJIT32_64.cpp:
11365 (JSC::DFG::SpeculativeJIT::compile):
11366 * dfg/DFGSpeculativeJIT64.cpp:
11367 (JSC::DFG::SpeculativeJIT::fillInteger):
11368 (JSC::DFG::SpeculativeJIT::fillDouble):
11369 (JSC::DFG::SpeculativeJIT::fillJSValue):
11370 (JSC::DFG::SpeculativeJIT::emitCall):
11371 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
11372 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
11373 (JSC::DFG::SpeculativeJIT::emitBranch):
11375 (JSC::JIT::emitOptimizationCheck):
11376 * jit/JITArithmetic32_64.cpp:
11377 (JSC::JIT::emitSlow_op_post_inc):
11378 * jit/JITInlineMethods.h:
11379 (JSC::JIT::emitValueProfilingSite):
11380 (JSC::JIT::emitGetVirtualRegister):
11381 * jit/JITOpcodes.cpp:
11382 (JSC::JIT::emit_op_mov):
11383 (JSC::JIT::emit_op_new_object):
11384 (JSC::JIT::emit_op_strcat):
11385 (JSC::JIT::emit_op_ensure_property_exists):
11386 (JSC::JIT::emit_op_resolve_skip):
11387 (JSC::JIT::emitSlow_op_resolve_global):
11388 (JSC::JIT::emit_op_resolve_with_base):
11389 (JSC::JIT::emit_op_resolve_with_this):
11390 (JSC::JIT::emit_op_jmp_scopes):
11391 (JSC::JIT::emit_op_switch_imm):
11392 (JSC::JIT::emit_op_switch_char):
11393 (JSC::JIT::emit_op_switch_string):
11394 (JSC::JIT::emit_op_throw_reference_error):
11395 (JSC::JIT::emit_op_debug):
11396 (JSC::JIT::emitSlow_op_resolve_global_dynamic):
11397 (JSC::JIT::emit_op_new_array):
11398 (JSC::JIT::emitSlow_op_new_array):
11399 (JSC::JIT::emit_op_new_array_buffer):
11400 * jit/JITOpcodes32_64.cpp:
11401 (JSC::JIT::emit_op_new_object):
11402 (JSC::JIT::emit_op_strcat):
11403 (JSC::JIT::emit_op_ensure_property_exists):
11404 (JSC::JIT::emit_op_resolve_skip):
11405 (JSC::JIT::emitSlow_op_resolve_global):
11406 (JSC::JIT::emit_op_resolve_with_base):
11407 (JSC::JIT::emit_op_resolve_with_this):
11408 (JSC::JIT::emit_op_jmp_scopes):
11409 (JSC::JIT::emit_op_switch_imm):
11410 (JSC::JIT::emit_op_switch_char):
11411 (JSC::JIT::emit_op_switch_string):
11412 * jit/JITPropertyAccess32_64.cpp:
11413 (JSC::JIT::emit_op_put_by_index):
11414 * jit/JITStubCall.h:
11416 (JSC::JITStubCall::addArgument):
11418 2012-03-07 Simon Hausmann <simon.hausmann@nokia.com>
11422 Reviewed by Zoltan Herczeg.
11424 Implement three-argument branch(Add,Sub)32.
11426 * assembler/MacroAssemblerARM.h:
11427 (JSC::MacroAssemblerARM::add32):
11428 (MacroAssemblerARM):
11429 (JSC::MacroAssemblerARM::sub32):
11430 (JSC::MacroAssemblerARM::branchAdd32):
11431 (JSC::MacroAssemblerARM::branchSub32):
11433 2012-03-07 Andy Wingo <wingo@igalia.com>
11435 Parser: Inline ScopeNodeData into ScopeNode
11436 https://bugs.webkit.org/show_bug.cgi?id=79776
11438 Reviewed by Geoffrey Garen.
11440 It used to be that some ScopeNode members were kept in a separate
11441 structure because sometimes they wouldn't be needed, and
11442 allocating a ParserArena was expensive. This patch makes
11443 ParserArena lazily allocate its IdentifierArena, allowing the
11444 members to be included directly, which is simpler and easier to
11447 * parser/ParserArena.cpp:
11448 (JSC::ParserArena::ParserArena):
11449 (JSC::ParserArena::reset):
11450 (JSC::ParserArena::isEmpty):
11451 * parser/ParserArena.h:
11452 (JSC::ParserArena::identifierArena): Lazily allocate the
11455 * parser/Nodes.cpp:
11456 (JSC::ScopeNode::ScopeNode):
11457 (JSC::ScopeNode::singleStatement):
11458 (JSC::ProgramNode::create):
11459 (JSC::EvalNode::create):
11460 (JSC::FunctionBodyNode::create):
11462 (JSC::ScopeNode::destroyData):
11463 (JSC::ScopeNode::needsActivationForMoreThanVariables):
11464 (JSC::ScopeNode::needsActivation):
11465 (JSC::ScopeNode::hasCapturedVariables):
11466 (JSC::ScopeNode::capturedVariableCount):
11467 (JSC::ScopeNode::captures):
11468 (JSC::ScopeNode::varStack):
11469 (JSC::ScopeNode::functionStack):
11470 (JSC::ScopeNode::neededConstants):
11472 * bytecompiler/NodesCodegen.cpp:
11473 (JSC::ScopeNode::emitStatementsBytecode): Inline ScopeNodeData
11474 into ScopeNode. Adapt accessors.
11476 2012-03-06 Eric Seidel <eric@webkit.org>
11478 Make WTF public headers use fully-qualified include paths and remove ForwardingHeaders/wtf
11479 https://bugs.webkit.org/show_bug.cgi?id=80363
11481 Reviewed by Mark Rowe.
11483 Historically WTF has been part of JavaScriptCore, and on Mac and Windows
11484 its headers have appeared as part of the "private" headers exported by
11485 JavaScriptCore. All of the WTF headers there are "flattened" into a single
11486 private headers directory, and WebCore, WebKit and WebKit2 have used "ForwardingHeaders"
11487 to re-map fully-qualified <wtf/text/Foo.h> includes to simple <JavaScriptCore/Foo.h> includes.
11489 However, very soon, we are moving the WTF source code out of JavaScriptCore into its
11490 own directory and project. As part of such, the WTF headers will no longer be part of
11491 the JavaScriptCore private interfaces.
11492 In preparation for that, this change makes both the Mac and Win builds export
11493 WTF headers in a non-flattened manner. On Mac, that means into usr/local/include/wtf
11494 (and subdirectories), on Windows for now that means JavaScriptCore/wtf (and subdirectories).
11496 There are 5 parts to this change.
11497 1. Updates the JavaScriptCore XCode and VCProj files to actually install these headers
11498 (and header directories) into the appropriate places in the build directory.
11499 2. Updates JavaScriptCore.xcodeproj to look for these WTF headers in this install location
11500 (WebCore, WebKit, etc. had already been taught to look in previous patches).
11501 3. Fixes all JavaScriptCore source files, and WTF headers to include WTF headers
11502 using fully qualified paths.
11503 4. Stops the Mac and Win builds from installing these WTF headers in their old "flattened" location.
11504 5. Removes WebCore and WebKit ForwardingHeaders/wtf directories now that the flattened headers no longer exist.
11506 Unfortunately we see no way to do this change in smaller parts, since all of these steps are interdependant.
11507 It is possible there are internal Apple projects which depend on JavaScriptCore/Foo.h working for WTF
11508 headers, those will have to be updated to use <wtf/Foo.h> after this change.
11509 I've discussed this proposed change at length with Mark Rowe, and my understanding is they
11510 are ready for (and interested in) this change happening.
11512 * API/tests/JSNode.c:
11513 * API/tests/JSNodeList.c:
11514 * Configurations/Base.xcconfig:
11515 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
11516 * JavaScriptCore.xcodeproj/project.pbxproj:
11517 * assembler/MacroAssemblerCodeRef.h:
11518 * bytecompiler/BytecodeGenerator.h:
11519 * dfg/DFGOperations.cpp:
11520 * heap/GCAssertions.h:
11521 * heap/HandleHeap.h:
11522 * heap/HandleStack.h:
11523 * heap/MarkedSpace.h:
11527 * jit/HostCallReturnValue.cpp:
11529 * jit/JITStubs.cpp:
11530 * jit/ThunkGenerators.cpp:
11531 * parser/Lexer.cpp:
11532 * runtime/Completion.cpp:
11533 * runtime/Executable.cpp:
11534 * runtime/Identifier.h:
11535 * runtime/InitializeThreading.cpp:
11536 * runtime/JSDateMath.cpp:
11537 * runtime/JSGlobalObjectFunctions.cpp:
11538 * runtime/JSStringBuilder.h:
11539 * runtime/JSVariableObject.h:
11540 * runtime/NumberPrototype.cpp:
11541 * runtime/WriteBarrier.h:
11542 * tools/CodeProfile.cpp:
11543 * tools/TieredMMapArray.h:
11546 * wtf/AlwaysInline.h:
11547 * wtf/ArrayBufferView.h:
11548 * wtf/Assertions.h:
11551 * wtf/BoundsCheckedPointer.h:
11552 * wtf/CheckedArithmetic.h:
11554 * wtf/ExportMacros.h:
11555 * wtf/FastAllocBase.h:
11556 * wtf/FastMalloc.h:
11557 * wtf/Float32Array.h:
11558 * wtf/Float64Array.h:
11559 * wtf/Functional.h:
11560 * wtf/HashCountedSet.h:
11561 * wtf/HashFunctions.h:
11565 * wtf/HashTraits.h:
11566 * wtf/Int16Array.h:
11567 * wtf/Int32Array.h:
11569 * wtf/IntegralTypedArrayBase.h:
11570 * wtf/ListHashSet.h:
11571 * wtf/MainThread.h:
11572 * wtf/MetaAllocator.h:
11573 * wtf/Noncopyable.h:
11574 * wtf/OwnArrayPtr.h:
11576 * wtf/PackedIntVector.h:
11577 * wtf/ParallelJobs.h:
11578 * wtf/PassOwnArrayPtr.h:
11579 * wtf/PassOwnPtr.h:
11580 * wtf/PassRefPtr.h:
11581 * wtf/PassTraits.h:
11583 * wtf/PossiblyNull.h:
11584 * wtf/RefCounted.h:
11585 * wtf/RefCountedLeakCounter.h:
11588 * wtf/SimpleStats.h:
11590 * wtf/StdLibExtras.h:
11592 * wtf/TemporaryChange.h:
11593 * wtf/ThreadSafeRefCounted.h:
11595 * wtf/ThreadingPrimitives.h:
11596 * wtf/TypeTraits.h:
11597 * wtf/TypedArrayBase.h:
11598 * wtf/Uint16Array.h:
11599 * wtf/Uint32Array.h:
11600 * wtf/Uint8Array.h:
11601 * wtf/Uint8ClampedArray.h:
11602 * wtf/UnusedParam.h:
11604 * wtf/VectorTraits.h:
11605 * wtf/dtoa/double-conversion.h:
11606 * wtf/dtoa/utils.h:
11607 * wtf/gobject/GRefPtr.h:
11608 * wtf/gobject/GlibUtilities.h:
11609 * wtf/text/AtomicString.h:
11610 * wtf/text/AtomicStringImpl.h:
11611 * wtf/text/CString.h:
11612 * wtf/text/StringConcatenate.h:
11613 * wtf/text/StringHash.h:
11614 * wtf/text/WTFString.h:
11615 * wtf/unicode/CharacterNames.h:
11616 * wtf/unicode/UTF8.h:
11617 * wtf/unicode/glib/UnicodeGLib.h:
11618 * wtf/unicode/qt4/UnicodeQt4.h:
11619 * wtf/unicode/wince/UnicodeWinCE.h:
11620 * wtf/url/api/ParsedURL.h:
11621 * wtf/url/api/URLString.h:
11622 * wtf/wince/FastMallocWinCE.h:
11623 * yarr/YarrJIT.cpp:
11625 2012-03-06 Gavin Barraclough <barraclough@apple.com>
11627 Array.prototype functions should throw if delete fails
11628 https://bugs.webkit.org/show_bug.cgi?id=80467
11630 Reviewed by Oliver Hunt.
11632 All calls to [[Delete]] from Array.prototype are specified to pass 'true' as the value of Throw.
11633 In the case of shift/unshift, these are also missing a throw from the 'put' in the implementations
11634 in JSArray.cpp. There are effectively three copies of each of the generic shift/unshift routines,
11635 one in splice, one in ArrayPrototype's shift/unshift methods, and one in JSArray's shift/unshift
11636 routines, for handling arrays with holes. These three copies should be unified.
11638 * runtime/ArrayPrototype.cpp:
11641 - Added - shared copies of the shift/unshift functionality.
11642 (JSC::arrayProtoFuncPop):
11643 - should throw if the delete fails.
11644 (JSC::arrayProtoFuncReverse):
11645 - should throw if the delete fails.
11646 (JSC::arrayProtoFuncShift):
11647 (JSC::arrayProtoFuncSplice):
11648 (JSC::arrayProtoFuncUnShift):
11649 - use shift/unshift.
11650 * runtime/JSArray.cpp:
11651 (JSC::JSArray::shiftCount):
11652 (JSC::JSArray::unshiftCount):
11653 - Don't try to handle arrays with holes; return a value indicating
11654 the generic routine should be used instead.
11655 * runtime/JSArray.h:
11656 - declaration for shiftCount/unshiftCount changed.
11657 * tests/mozilla/js1_6/Array/regress-304828.js:
11658 - this was asserting incorrect behaviour.
11660 2012-03-06 Raphael Kubo da Costa <kubo@profusion.mobi>
11662 [CMake] Make the removal of transitive library dependencies work with CMake < 2.8.7.
11663 https://bugs.webkit.org/show_bug.cgi?id=80469
11665 Reviewed by Antonio Gomes.
11667 * CMakeLists.txt: Manually set the LINK_INTERFACE_LIBRARIES target
11668 property on the library being created.
11670 2012-03-06 Yuqiang Xian <yuqiang.xian@intel.com>
11672 DFG BasicBlock should group the Phi nodes together and separate them
11673 from the other nodes
11674 https://bugs.webkit.org/show_bug.cgi?id=80361
11676 Reviewed by Filip Pizlo.
11678 This would make it more efficient to remove the redundant Phi nodes or
11679 insert new Phi nodes for SSA, besides providing a cleaner BasicBlock structure.
11680 This is performance neutral on SunSpider, V8 and Kraken.
11682 * dfg/DFGAbstractState.cpp:
11683 (JSC::DFG::AbstractState::clobberStructures):
11684 (JSC::DFG::AbstractState::dump):
11685 * dfg/DFGBasicBlock.h:
11686 (JSC::DFG::BasicBlock::BasicBlock):
11688 * dfg/DFGByteCodeParser.cpp:
11689 (JSC::DFG::ByteCodeParser::addToGraph):
11690 (JSC::DFG::ByteCodeParser::insertPhiNode):
11691 * dfg/DFGCFAPhase.cpp:
11692 (JSC::DFG::CFAPhase::performBlockCFA):
11693 * dfg/DFGCSEPhase.cpp:
11694 (JSC::DFG::CSEPhase::pureCSE):
11695 (JSC::DFG::CSEPhase::impureCSE):
11696 (JSC::DFG::CSEPhase::globalVarLoadElimination):
11697 (JSC::DFG::CSEPhase::getByValLoadElimination):
11698 (JSC::DFG::CSEPhase::checkFunctionElimination):
11699 (JSC::DFG::CSEPhase::checkStructureLoadElimination):
11700 (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
11701 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
11702 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
11703 (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
11704 (JSC::DFG::CSEPhase::performBlockCSE):
11705 * dfg/DFGGraph.cpp:
11706 (JSC::DFG::Graph::dump):
11707 * dfg/DFGSpeculativeJIT.cpp:
11708 (JSC::DFG::SpeculativeJIT::compile):
11710 2012-03-06 Mark Hahnenberg <mhahnenberg@apple.com>
11712 GCActivityCallback timer should vary with the length of the previous GC
11713 https://bugs.webkit.org/show_bug.cgi?id=80344
11715 Reviewed by Geoffrey Garen.
11717 * heap/Heap.cpp: Gave Heap the ability to keep track of the length of its last
11718 GC length so that the GC Activity Callback can use it.
11720 (JSC::Heap::collect):
11722 (JSC::Heap::lastGCLength):
11724 * runtime/GCActivityCallbackCF.cpp:
11726 (JSC::DefaultGCActivityCallback::operator()): Use the length of the Heap's last
11727 GC to determine the length of our timer trigger (currently set at 100x the duration
11730 2012-03-06 Rob Buis <rbuis@rim.com>
11732 BlackBerry] Fix cast-align gcc warnings when compiling JSC
11733 https://bugs.webkit.org/show_bug.cgi?id=80420
11735 Reviewed by Gavin Barraclough.
11737 Fix warnings given in Blackberry build.
11739 * heap/CopiedBlock.h:
11740 (JSC::CopiedBlock::CopiedBlock):
11741 * wtf/RefCountedArray.h:
11742 (WTF::RefCountedArray::Header::fromPayload):
11744 2012-03-06 Gavin Barraclough <barraclough@apple.com>
11746 writable/configurable not respected for some properties of Function/String/Arguments
11747 https://bugs.webkit.org/show_bug.cgi?id=80436
11749 Reviewed by Oliver Hunt.
11751 Special properties should behave like regular properties.
11753 * runtime/Arguments.cpp:
11754 (JSC::Arguments::defineOwnProperty):
11755 - Mis-nested logic for making read-only properties non-live.
11756 * runtime/JSFunction.cpp:
11757 (JSC::JSFunction::put):
11758 - arguments/length/caller are non-writable, non-configurable - reject appropriately.
11759 (JSC::JSFunction::deleteProperty):
11760 - Attempting to delete prototype/caller should fail.
11761 (JSC::JSFunction::defineOwnProperty):
11762 - Ensure prototype is reified on attempt to reify it.
11763 - arguments/length/caller are non-writable, non-configurable - reject appropriately.
11764 * runtime/JSFunction.h:
11765 - added declaration for defineOwnProperty.
11767 * runtime/StringObject.cpp:
11768 (JSC::StringObject::put):
11769 - length is non-writable, non-configurable - reject appropriately.
11771 2012-03-06 Ulan Degenbaev <ulan@chromium.org>
11773 TypedArray subarray call for subarray does not clamp the end index parameter properly
11774 https://bugs.webkit.org/show_bug.cgi?id=80285
11776 Reviewed by Kenneth Russell.
11778 * wtf/ArrayBufferView.h:
11779 (WTF::ArrayBufferView::calculateOffsetAndLength):
11781 2012-03-06 Sheriff Bot <webkit.review.bot@gmail.com>
11783 Unreviewed, rolling out r109837.
11784 http://trac.webkit.org/changeset/109837
11785 https://bugs.webkit.org/show_bug.cgi?id=80399
11787 breaks Mac Productions builds, too late to try and fix it
11788 tonight (Requested by eseidel on #webkit).
11790 * API/tests/JSNode.c:
11791 * API/tests/JSNodeList.c:
11792 * Configurations/Base.xcconfig:
11793 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
11794 * JavaScriptCore.xcodeproj/project.pbxproj:
11795 * assembler/MacroAssemblerCodeRef.h:
11796 * bytecompiler/BytecodeGenerator.h:
11797 * dfg/DFGOperations.cpp:
11798 * heap/GCAssertions.h:
11799 * heap/HandleHeap.h:
11800 * heap/HandleStack.h:
11801 * heap/MarkedSpace.h:
11805 * jit/HostCallReturnValue.cpp:
11807 * jit/JITStubs.cpp:
11808 * jit/ThunkGenerators.cpp:
11809 * parser/Lexer.cpp:
11810 * runtime/Completion.cpp:
11811 * runtime/Executable.cpp:
11812 * runtime/Identifier.h:
11813 * runtime/InitializeThreading.cpp:
11814 * runtime/JSDateMath.cpp:
11815 * runtime/JSGlobalObjectFunctions.cpp:
11816 * runtime/JSStringBuilder.h:
11817 * runtime/JSVariableObject.h:
11818 * runtime/NumberPrototype.cpp:
11819 * runtime/WriteBarrier.h:
11820 * tools/CodeProfile.cpp:
11821 * tools/TieredMMapArray.h:
11822 * yarr/YarrJIT.cpp:
11824 2012-03-06 Zoltan Herczeg <zherczeg@webkit.org>
11826 [Qt][ARM] Speculative buildfix after r109834.
11828 Reviewed by Csaba Osztrogonác.
11830 * assembler/MacroAssemblerARM.h:
11831 (JSC::MacroAssemblerARM::and32):
11832 (MacroAssemblerARM):
11834 2012-03-05 Gavin Barraclough <barraclough@apple.com>
11836 Unreviewed windows build fix pt 2.
11838 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
11840 2012-03-05 Gavin Barraclough <barraclough@apple.com>
11842 Unreviewed windows build fix pt 1.
11844 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
11846 2012-03-05 Gavin Barraclough <barraclough@apple.com>
11848 putByIndex should throw in strict mode
11849 https://bugs.webkit.org/show_bug.cgi?id=80335
11851 Reviewed by Filip Pizlo.
11853 Make the MethodTable PutByIndex trap take a boolean 'shouldThrow' parameter.
11855 This is a largely mechanical change, simply adding an extra parameter to a number
11856 of functions. Some call sites need perform additional exception checks, and
11857 operationPutByValBeyondArrayBounds needs to know whether it is strict or not.
11859 This patch doesn't fix a missing throw from some cases of shift/unshift (this is
11860 an existing bug), I'll follow up with a third patch to handle that.
11862 * API/JSObjectRef.cpp:
11863 (JSObjectSetPropertyAtIndex):
11864 * JSCTypedArrayStubs.h:
11866 * dfg/DFGOperations.cpp:
11867 (JSC::DFG::putByVal):
11868 * dfg/DFGOperations.h:
11869 * dfg/DFGSpeculativeJIT32_64.cpp:
11870 (JSC::DFG::SpeculativeJIT::compile):
11871 * dfg/DFGSpeculativeJIT64.cpp:
11872 (JSC::DFG::SpeculativeJIT::compile):
11873 * interpreter/Interpreter.cpp:
11874 (JSC::Interpreter::privateExecute):
11875 * jit/JITStubs.cpp:
11876 (JSC::DEFINE_STUB_FUNCTION):
11878 (GlobalObject::finishCreation):
11879 * llint/LLIntSlowPaths.cpp:
11880 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
11881 * runtime/Arguments.cpp:
11882 (JSC::Arguments::putByIndex):
11883 * runtime/Arguments.h:
11885 * runtime/ArrayPrototype.cpp:
11886 (JSC::arrayProtoFuncPush):
11887 (JSC::arrayProtoFuncReverse):
11888 (JSC::arrayProtoFuncShift):
11889 (JSC::arrayProtoFuncSort):
11890 (JSC::arrayProtoFuncSplice):
11891 (JSC::arrayProtoFuncUnShift):
11892 * runtime/ClassInfo.h:
11894 * runtime/JSArray.cpp:
11895 (JSC::SparseArrayValueMap::put):
11896 (JSC::JSArray::put):
11897 (JSC::JSArray::putByIndex):
11898 (JSC::JSArray::putByIndexBeyondVectorLength):
11899 (JSC::JSArray::push):
11900 (JSC::JSArray::shiftCount):
11901 (JSC::JSArray::unshiftCount):
11902 * runtime/JSArray.h:
11903 (SparseArrayValueMap):
11905 * runtime/JSByteArray.cpp:
11906 (JSC::JSByteArray::putByIndex):
11907 * runtime/JSByteArray.h:
11909 * runtime/JSCell.cpp:
11910 (JSC::JSCell::putByIndex):
11911 * runtime/JSCell.h:
11913 * runtime/JSNotAnObject.cpp:
11914 (JSC::JSNotAnObject::putByIndex):
11915 * runtime/JSNotAnObject.h:
11917 * runtime/JSONObject.cpp:
11918 (JSC::Walker::walk):
11919 * runtime/JSObject.cpp:
11920 (JSC::JSObject::putByIndex):
11921 * runtime/JSObject.h:
11922 (JSC::JSValue::putByIndex):
11923 * runtime/RegExpConstructor.cpp:
11924 (JSC::RegExpMatchesArray::fillArrayInstance):
11925 * runtime/RegExpMatchesArray.h:
11926 (JSC::RegExpMatchesArray::putByIndex):
11927 * runtime/StringPrototype.cpp:
11928 (JSC::stringProtoFuncSplit):
11930 2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com>
11932 PredictNone is incorrectly treated as isDoublePrediction
11933 https://bugs.webkit.org/show_bug.cgi?id=80365
11935 Reviewed by Filip Pizlo.
11937 Also it is incorrectly treated as isFixedIndexedStorageObjectPrediction.
11939 * bytecode/PredictedType.h:
11940 (JSC::isFixedIndexedStorageObjectPrediction):
11941 (JSC::isDoublePrediction):
11943 2012-03-05 Filip Pizlo <fpizlo@apple.com>
11945 The LLInt should work even when the JIT is disabled
11946 https://bugs.webkit.org/show_bug.cgi?id=80340
11947 <rdar://problem/10922235>
11949 Reviewed by Gavin Barraclough.
11951 * assembler/MacroAssemblerCodeRef.h:
11952 (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
11953 (MacroAssemblerCodeRef):
11954 (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
11955 * interpreter/Interpreter.cpp:
11956 (JSC::Interpreter::initialize):
11957 (JSC::Interpreter::execute):
11958 (JSC::Interpreter::executeCall):
11959 (JSC::Interpreter::executeConstruct):
11961 (JSC::JIT::compileCTINativeCall):
11963 (JSC::JITThunks::ctiNativeCall):
11964 (JSC::JITThunks::ctiNativeConstruct):
11965 * llint/LLIntEntrypoints.cpp:
11966 (JSC::LLInt::getFunctionEntrypoint):
11967 (JSC::LLInt::getEvalEntrypoint):
11968 (JSC::LLInt::getProgramEntrypoint):
11969 * llint/LLIntSlowPaths.cpp:
11970 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
11972 * llint/LLIntSlowPaths.h:
11974 * llint/LowLevelInterpreter.h:
11975 * llint/LowLevelInterpreter32_64.asm:
11976 * runtime/Executable.h:
11977 (NativeExecutable):
11978 (JSC::NativeExecutable::create):
11979 (JSC::NativeExecutable::finishCreation):
11980 * runtime/JSGlobalData.cpp:
11981 (JSC::JSGlobalData::JSGlobalData):
11982 * runtime/JSGlobalData.h:
11984 * runtime/Options.cpp:
11986 (JSC::Options::parse):
11987 (JSC::Options::initializeOptions):
11988 * runtime/Options.h:
11992 2012-03-05 Yuqiang Xian <yuqiang.xian@intel.com>
11994 Checks for dead variables are not sufficient when fixing the expected
11995 values in DFG OSR entry
11996 https://bugs.webkit.org/show_bug.cgi?id=80371
11998 Reviewed by Filip Pizlo.
12000 A dead variable should be identified when there's no node referencing it.
12001 But we currently failed to catch the case where there are some nodes
12002 referencing a variable but those nodes are actually not referenced by
12003 others so will be ignored in code generation. In such case we should
12004 also consider that variable to be a dead variable in the block and fix
12005 the expected values.
12006 This is performance neutral on SunSpider, V8 and Kraken.
12008 * dfg/DFGJITCompiler.h:
12009 (JSC::DFG::JITCompiler::noticeOSREntry):
12011 2012-03-05 Oliver Hunt <oliver@apple.com>
12015 * assembler/AbstractMacroAssembler.h:
12016 * assembler/MacroAssembler.h:
12018 * dfg/DFGSpeculativeJIT.cpp:
12019 (JSC::DFG::SpeculativeJIT::compileArithSub):
12020 * jit/JITArithmetic32_64.cpp:
12021 (JSC::JIT::emitSub32Constant):
12023 2012-03-05 Eric Seidel <eric@webkit.org>
12025 Update JavaScriptCore files to use fully-qualified WTF include paths
12026 https://bugs.webkit.org/show_bug.cgi?id=79960
12028 Reviewed by Adam Barth.
12030 This change does 5 small/related things:
12031 1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
12032 (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
12033 was not installing headers there.)
12034 2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
12035 header search path, as that's where the WTF headers will be installed.
12036 3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
12037 in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
12038 4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
12039 since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
12040 5. Makes build-webkit build the WTF XCode project by default.
12042 * API/tests/JSNode.c:
12043 * API/tests/JSNodeList.c:
12044 * Configurations/Base.xcconfig:
12045 * assembler/MacroAssemblerCodeRef.h:
12046 * bytecompiler/BytecodeGenerator.h:
12047 * dfg/DFGOperations.cpp:
12048 * heap/GCAssertions.h:
12049 * heap/HandleHeap.h:
12050 * heap/HandleStack.h:
12051 * heap/MarkedSpace.h:
12055 * jit/HostCallReturnValue.cpp:
12057 * jit/JITStubs.cpp:
12058 * jit/ThunkGenerators.cpp:
12059 * parser/Lexer.cpp:
12060 * runtime/Completion.cpp:
12061 * runtime/Executable.cpp:
12062 * runtime/Identifier.h:
12063 * runtime/InitializeThreading.cpp:
12064 * runtime/JSDateMath.cpp:
12065 * runtime/JSGlobalObjectFunctions.cpp:
12066 * runtime/JSStringBuilder.h:
12067 * runtime/JSVariableObject.h:
12068 * runtime/NumberPrototype.cpp:
12069 * runtime/WriteBarrier.h:
12070 * tools/CodeProfile.cpp:
12071 * tools/TieredMMapArray.h:
12072 * yarr/YarrJIT.cpp:
12074 2012-03-05 Oliver Hunt <oliver@apple.com>
12076 Add basic support for constant blinding to the JIT
12077 https://bugs.webkit.org/show_bug.cgi?id=80354
12079 Reviewed by Filip Pizlo.
12081 This patch adds basic constant blinding support to the JIT, at the
12082 MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG)
12083 get constant blinding. Woo!
12085 This patch only introduces blinding for Imm32, a later patch will do similar
12086 for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially
12087 impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
12088 accessor that's needed to access the actual value. This also means you cannot
12089 accidentally pass an untrusted value to a function that does not perform
12092 To make everything work sensibly, this patch also corrects some code that was using
12093 Imm32 when TrustedImm32 could be used, and refactors a few callers that use
12094 untrusted immediates, so that they call slightly different varaints of the functions
12095 that they used previously. This is largely necessary to deal with x86-32 not having
12096 sufficient registers to handle the additional work required when we choose to blind
12099 * assembler/AbstractMacroAssembler.h:
12100 (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
12102 (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
12103 (JSC::AbstractMacroAssembler::endUninterruptedSequence):
12104 (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
12105 (AbstractMacroAssembler):
12106 (JSC::AbstractMacroAssembler::inUninterruptedSequence):
12107 (JSC::AbstractMacroAssembler::random):
12108 (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
12109 (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
12110 * assembler/MacroAssembler.h:
12111 (JSC::MacroAssembler::addressForPoke):
12113 (JSC::MacroAssembler::poke):
12114 (JSC::MacroAssembler::branchPtr):
12115 (JSC::MacroAssembler::branch32):
12116 (JSC::MacroAssembler::convertInt32ToDouble):
12117 (JSC::MacroAssembler::shouldBlind):
12118 (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
12120 (JSC::MacroAssembler::keyForConstant):
12121 (JSC::MacroAssembler::xorBlindConstant):
12122 (JSC::MacroAssembler::additionBlindedConstant):
12123 (JSC::MacroAssembler::andBlindedConstant):
12124 (JSC::MacroAssembler::orBlindedConstant):
12125 (JSC::MacroAssembler::loadXorBlindedConstant):
12126 (JSC::MacroAssembler::add32):
12127 (JSC::MacroAssembler::addPtr):
12128 (JSC::MacroAssembler::and32):
12129 (JSC::MacroAssembler::andPtr):
12130 (JSC::MacroAssembler::move):
12131 (JSC::MacroAssembler::or32):
12132 (JSC::MacroAssembler::store32):
12133 (JSC::MacroAssembler::sub32):
12134 (JSC::MacroAssembler::subPtr):
12135 (JSC::MacroAssembler::xor32):
12136 (JSC::MacroAssembler::branchAdd32):
12137 (JSC::MacroAssembler::branchMul32):
12138 (JSC::MacroAssembler::branchSub32):
12139 (JSC::MacroAssembler::trustedImm32ForShift):
12140 (JSC::MacroAssembler::lshift32):
12141 (JSC::MacroAssembler::rshift32):
12142 (JSC::MacroAssembler::urshift32):
12143 * assembler/MacroAssemblerARMv7.h:
12144 (MacroAssemblerARMv7):
12145 (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
12146 (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
12147 * assembler/MacroAssemblerX86_64.h:
12148 (JSC::MacroAssemblerX86_64::branchSubPtr):
12149 (MacroAssemblerX86_64):
12150 (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
12151 * dfg/DFGJITCompiler.cpp:
12152 (JSC::DFG::JITCompiler::linkOSRExits):
12153 (JSC::DFG::JITCompiler::compileBody):
12154 (JSC::DFG::JITCompiler::compileFunction):
12155 * dfg/DFGOSRExitCompiler32_64.cpp:
12156 (JSC::DFG::OSRExitCompiler::compileExit):
12157 * dfg/DFGOSRExitCompiler64.cpp:
12158 (JSC::DFG::OSRExitCompiler::compileExit):
12159 * dfg/DFGSpeculativeJIT.cpp:
12160 (JSC::DFG::SpeculativeJIT::compile):
12161 (JSC::DFG::SpeculativeJIT::compileArithSub):
12162 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
12163 * dfg/DFGSpeculativeJIT.h:
12164 (JSC::DFG::SpeculativeJIT::callOperation):
12165 * dfg/DFGSpeculativeJIT32_64.cpp:
12166 (JSC::DFG::SpeculativeJIT::emitCall):
12167 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
12168 (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
12169 (JSC::DFG::SpeculativeJIT::compile):
12170 * dfg/DFGSpeculativeJIT64.cpp:
12171 (JSC::DFG::SpeculativeJIT::emitCall):
12172 (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
12173 (JSC::DFG::SpeculativeJIT::compile):
12175 (JSC::JIT::privateCompileSlowCases):
12176 (JSC::JIT::privateCompile):
12177 * jit/JITArithmetic.cpp:
12178 (JSC::JIT::compileBinaryArithOp):
12179 (JSC::JIT::emit_op_add):
12180 (JSC::JIT::emit_op_mul):
12181 (JSC::JIT::emit_op_div):
12182 * jit/JITArithmetic32_64.cpp:
12183 (JSC::JIT::emitAdd32Constant):
12184 (JSC::JIT::emitSub32Constant):
12185 (JSC::JIT::emitBinaryDoubleOp):
12186 (JSC::JIT::emitSlow_op_mul):
12187 (JSC::JIT::emit_op_div):
12189 (JSC::JIT::compileLoadVarargs):
12190 * jit/JITCall32_64.cpp:
12191 (JSC::JIT::compileLoadVarargs):
12192 * jit/JITInlineMethods.h:
12193 (JSC::JIT::updateTopCallFrame):
12194 (JSC::JIT::emitValueProfilingSite):
12195 * jit/JITOpcodes32_64.cpp:
12196 (JSC::JIT::emitSlow_op_jfalse):
12197 (JSC::JIT::emitSlow_op_jtrue):
12198 * jit/JITStubCall.h:
12200 (JSC::JITStubCall::addArgument):
12201 * yarr/YarrJIT.cpp:
12202 (JSC::Yarr::YarrGenerator::backtrack):
12204 2012-03-05 Gavin Barraclough <barraclough@apple.com>
12206 putByIndex should throw in strict mode
12207 https://bugs.webkit.org/show_bug.cgi?id=80335
12209 Reviewed by Filip Pizlo.
12211 We'll need to pass an additional parameter.
12213 Part 1 - rename JSValue::put() for integer indices to JSValue::putByIndex()
12214 to match the method in the MethodTable, make this take a parameter indicating
12215 whether the put should throw. This fixes the cases where the base of the put
12218 * dfg/DFGOperations.cpp:
12220 (JSC::DFG::putByVal):
12221 (JSC::DFG::operationPutByValInternal):
12222 * interpreter/Interpreter.cpp:
12223 (JSC::Interpreter::execute):
12224 (JSC::Interpreter::privateExecute):
12225 * jit/JITStubs.cpp:
12226 (JSC::DEFINE_STUB_FUNCTION):
12227 * llint/LLIntSlowPaths.cpp:
12228 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
12229 * runtime/JSObject.h:
12230 (JSC::JSValue::putByIndex):
12231 * runtime/JSValue.cpp:
12233 * runtime/JSValue.h:
12236 2012-03-05 Sam Weinig <sam@webkit.org>
12238 Add support for hosting layers in the window server in WebKit2
12239 <rdar://problem/10400246>
12240 https://bugs.webkit.org/show_bug.cgi?id=80310
12242 Reviewed by Anders Carlsson.
12245 Add HAVE_LAYER_HOSTING_IN_WINDOW_SERVER.
12247 2012-03-05 Filip Pizlo <fpizlo@apple.com>
12249 Unreviewed, attempted build fix for !ENABLE(JIT) after r109705.
12251 * bytecode/ExecutionCounter.cpp:
12252 (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
12253 * bytecode/ExecutionCounter.h:
12255 2012-03-05 Patrick Gansterer <paroga@webkit.org>
12257 Unreviewed. Build fix for !ENABLE(JIT) after r109705.
12259 * bytecode/ExecutionCounter.cpp:
12260 * bytecode/ExecutionCounter.h:
12262 2012-03-05 Andy Wingo <wingo@igalia.com>
12264 Lexer: Specialize character predicates for LChar, UChar
12265 https://bugs.webkit.org/show_bug.cgi?id=79677
12267 Reviewed by Oliver Hunt.
12269 This patch specializes isIdentStart, isIdentPart, isWhiteSpace,
12270 and isLineTerminator to perform a more limited number of checks if
12271 the lexer is being instantiated to work on LChar sequences. This
12272 is about a 1.5% win on the --parse-only suite, here.
12274 * parser/Lexer.cpp:
12275 (JSC::isLatin1): New static helper, specialized for LChar and
12277 (JSC::typesOfLatin1Characters): Rename from
12278 typesOfASCIICharacters, and expand to the range of the LChar
12279 type. All uses of isASCII are changed to use isLatin1. Generated
12280 using libunistring.
12281 (JSC::isNonLatin1IdentStart):
12282 (JSC::isIdentStart):
12283 (JSC::isNonLatin1IdentPart):
12284 (JSC::isIdentPart):
12285 (JSC::Lexer::shiftLineTerminator):
12286 (JSC::Lexer::parseIdentifier):
12287 (JSC::Lexer::parseIdentifierSlowCase):
12288 (JSC::Lexer::parseStringSlowCase):
12289 (JSC::Lexer::parseMultilineComment):
12291 (JSC::Lexer::scanRegExp):
12292 (JSC::Lexer::skipRegExp): Sprinkle static_cast<T>(_) around.
12294 (JSC::Lexer::isWhiteSpace):
12295 (JSC::Lexer::isLineTerminator):
12296 * KeywordLookupGenerator.py:
12297 (Trie.printAsC): Declare specialized isIdentPart static functions.
12299 2012-03-05 Carlos Garcia Campos <cgarcia@igalia.com>
12301 Unreviewed. Fix make distcheck.
12303 * GNUmakefile.list.am: Add missing header file.
12305 2012-03-05 Andy Wingo <wingo@igalia.com>
12307 WTF: Micro-optimize cleanup of empty vectors and hash tables
12308 https://bugs.webkit.org/show_bug.cgi?id=79903
12310 Reviewed by Michael Saboff and Geoffrey Garen.
12312 This patch speeds up cleanup of vectors and hash tables whose
12313 backing store was never allocated. This is the case by default
12314 for most vectors / hash tables that never had any entries added.
12316 The result for me is that calling checkSyntax 1000 times on
12317 concat-jquery-mootools-prototype.js goes from 6.234s to 6.068s, a
12321 (WTF::HashTable::~HashTable):
12322 (WTF::::clear): Don't deallocate the storage or frob member
12323 variables if there is no backing storage.
12325 (WTF::VectorBufferBase::deallocateBuffer): Likewise.
12327 2012-03-04 Filip Pizlo <fpizlo@apple.com>
12329 JIT heuristics should be hyperbolic
12330 https://bugs.webkit.org/show_bug.cgi?id=80055
12331 <rdar://problem/10922260>
12333 Reviewed by Oliver Hunt.
12335 Added tracking of the amount of executable memory typically used for a bytecode
12336 instruction. Modified the execution counter scheme to use this, and the amount
12337 of free memory, to determine how long to wait before invoking the JIT.
12339 The result is that even if we bomb the VM with more code than can fit in our
12340 executable memory pool, we still keep running and almost never run out of
12341 executable memory - which ensures that if we have to JIT something critical, then
12342 we'll likely have enough memory to do so. This also does not regress performance
12343 on the three main benchmarks.
12346 * GNUmakefile.list.am:
12347 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
12348 * JavaScriptCore.xcodeproj/project.pbxproj:
12350 * bytecode/CodeBlock.cpp:
12351 (JSC::CodeBlock::predictedMachineCodeSize):
12353 (JSC::CodeBlock::usesOpcode):
12354 * bytecode/CodeBlock.h:
12356 (JSC::CodeBlock::checkIfJITThresholdReached):
12357 (JSC::CodeBlock::dontJITAnytimeSoon):
12358 (JSC::CodeBlock::jitAfterWarmUp):
12359 (JSC::CodeBlock::jitSoon):
12360 (JSC::CodeBlock::llintExecuteCounter):
12361 (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
12362 (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
12363 (JSC::CodeBlock::addressOfJITExecuteCounter):
12364 (JSC::CodeBlock::offsetOfJITExecuteCounter):
12365 (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
12366 (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
12367 (JSC::CodeBlock::jitExecuteCounter):
12368 (JSC::CodeBlock::checkIfOptimizationThresholdReached):
12369 (JSC::CodeBlock::optimizeNextInvocation):
12370 (JSC::CodeBlock::dontOptimizeAnytimeSoon):
12371 (JSC::CodeBlock::optimizeAfterWarmUp):
12372 (JSC::CodeBlock::optimizeAfterLongWarmUp):
12373 (JSC::CodeBlock::optimizeSoon):
12374 * bytecode/ExecutionCounter.cpp: Added.
12376 (JSC::ExecutionCounter::ExecutionCounter):
12377 (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
12378 (JSC::ExecutionCounter::setNewThreshold):
12379 (JSC::ExecutionCounter::deferIndefinitely):
12380 (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
12381 (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
12382 (JSC::ExecutionCounter::hasCrossedThreshold):
12383 (JSC::ExecutionCounter::setThreshold):
12384 (JSC::ExecutionCounter::reset):
12385 * bytecode/ExecutionCounter.h: Added.
12387 (ExecutionCounter):
12388 (JSC::ExecutionCounter::formattedTotalCount):
12389 * dfg/DFGOSRExitCompiler32_64.cpp:
12390 (JSC::DFG::OSRExitCompiler::compileExit):
12391 * dfg/DFGOSRExitCompiler64.cpp:
12392 (JSC::DFG::OSRExitCompiler::compileExit):
12393 * jit/ExecutableAllocator.cpp:
12394 (JSC::DemandExecutableAllocator::allocateNewSpace):
12395 (JSC::ExecutableAllocator::underMemoryPressure):
12397 (JSC::ExecutableAllocator::memoryPressureMultiplier):
12398 * jit/ExecutableAllocator.h:
12399 * jit/ExecutableAllocatorFixedVMPool.cpp:
12400 (JSC::ExecutableAllocator::memoryPressureMultiplier):
12403 (JSC::JIT::privateCompile):
12404 * jit/JITStubs.cpp:
12405 (JSC::DEFINE_STUB_FUNCTION):
12406 * llint/LLIntSlowPaths.cpp:
12407 (JSC::LLInt::jitCompileAndSetHeuristics):
12408 * llint/LowLevelInterpreter32_64.asm:
12409 * runtime/JSGlobalData.h:
12411 * runtime/Options.cpp:
12413 (JSC::Options::initializeOptions):
12414 * runtime/Options.h:
12416 * wtf/SimpleStats.h: Added.
12419 (WTF::SimpleStats::SimpleStats):
12420 (WTF::SimpleStats::add):
12421 (WTF::SimpleStats::operator!):
12422 (WTF::SimpleStats::count):
12423 (WTF::SimpleStats::sum):
12424 (WTF::SimpleStats::sumOfSquares):
12425 (WTF::SimpleStats::mean):
12426 (WTF::SimpleStats::variance):
12427 (WTF::SimpleStats::standardDeviation):
12429 2012-03-04 Raphael Kubo da Costa <kubo@profusion.mobi>
12431 [CMake] Libraries are installed to /usr/lib and not /usr/lib64 on x86_64
12432 https://bugs.webkit.org/show_bug.cgi?id=71507
12434 Reviewed by Antonio Gomes.
12436 * CMakeLists.txt: Use ${LIB_INSTALL_DIR} instead of hardcoding "lib".
12438 2012-03-04 David Kilzer <ddkilzer@apple.com>
12440 Fix build when the classic interpreter is enabled
12442 Reviewed by Gavin Barraclough.
12444 Fixes the following build error when running the "Generate
12445 Derived Sources" build phase script:
12447 offlineasm: Parsing JavaScriptCore/llint/LowLevelInterpreter.asm and ../../JSCLLIntOffsetsExtractor and creating assembly file LLIntAssembly.h.
12448 ./JavaScriptCore/offlineasm/offsets.rb:145:in `offsetsAndConfigurationIndex': unhandled exception
12449 from JavaScriptCore/offlineasm/asm.rb:131
12450 Command /bin/sh failed with exit code 1
12452 Gavin's fix in r109674 avoided the #error statement in
12453 JITStubs.h when compiling LLIntOffsetsExtractor.cpp, but it
12454 caused the "Generate Derived Sources" build phase script to fail
12455 when JavaScriptCore/offlineasm/asm.rb was run. The solution is
12456 to detect when the classic interpreter is being built and simply
12457 exit early from asm.rb in that case.
12459 * llint/LLIntOffsetsExtractor.cpp:
12460 (JSC::LLIntOffsetsExtractor::dummy): Return NULL pointer if the
12461 JIT is disabled. Note that offsets.rb doesn't care about the
12462 return value here, but instead it cares about finding the magic
12463 values in the binary. The magic values are no longer present
12464 when the JIT is disabled.
12465 * offlineasm/asm.rb: Catch MissingMagicValuesException and exit
12466 early with a status message.
12467 * offlineasm/offsets.rb:
12468 (MissingMagicValuesException): Add new exception class.
12469 (offsetsAndConfigurationIndex): Throw
12470 MissingMagicValuesException when no magic values are found.
12472 2012-03-04 Jurij Smakov <jurij@wooyd.org>
12474 SPARC also needs aligned accesses.
12476 Rubber-stamped by Gustavo Noronha Silva.
12480 2012-03-04 Gavin Barraclough <barraclough@apple.com>
12482 Unreviewed build fix.
12485 - Move ENABLE(JIT) to head of file.
12487 2012-03-03 Gavin Barraclough <barraclough@apple.com>
12489 Split JSArray's [[Put]] & [[DefineOwnProperty]] traps.
12490 https://bugs.webkit.org/show_bug.cgi?id=80217
12492 Reviewed by Filip Pizlo.
12494 putByIndex() provides similar behavior to put(), but for indexed property names.
12495 Many places in ArrayPrototype call putByIndex() where they really mean to call
12496 [[DefineOwnProperty]]. This is only okay due to a bug – putByIndex should be
12497 calling numeric accessors (& respecting numeric read only properties) on the
12498 prototype chain, but isn't. Add a new putDirectIndex (matching JSObject's
12499 putDirect* methods), to correctly provide a fast [[DefineOwnProperty]] interface.
12501 * runtime/ArrayPrototype.cpp:
12502 (JSC::arrayProtoFuncConcat):
12503 (JSC::arrayProtoFuncSlice):
12504 (JSC::arrayProtoFuncFilter):
12505 (JSC::arrayProtoFuncMap):
12506 * runtime/JSArray.cpp:
12509 (JSC::SparseArrayValueMap::putDirect):
12510 (JSC::JSArray::defineOwnNumericProperty):
12511 (JSC::JSArray::putByIndexBeyondVectorLength):
12512 (JSC::JSArray::putDirectIndexBeyondVectorLength):
12513 * runtime/JSArray.h:
12514 (SparseArrayValueMap):
12516 (JSC::JSArray::putDirectIndex):
12518 2012-03-03 Benjamin Poulain <benjamin@webkit.org>
12520 Implement the basis of KURLWTFURL
12521 https://bugs.webkit.org/show_bug.cgi?id=79600
12523 Reviewed by Adam Barth.
12525 Add an API to know if a ParsedURL is valid.
12527 * wtf/url/api/ParsedURL.cpp:
12528 (WTF::ParsedURL::ParsedURL):
12530 (WTF::ParsedURL::isolatedCopy): This is needed by APIs moving URL objects between thread
12531 and by KURL's detach() on write.
12532 (WTF::ParsedURL::baseAsString):
12533 (WTF::ParsedURL::segment):
12534 Add a stronger constraint on accessors: the client of this API should never ask for the segments
12536 * wtf/url/api/ParsedURL.h:
12538 (WTF::ParsedURL::ParsedURL):
12540 (WTF::ParsedURL::isValid):
12542 2012-03-03 Hans Wennborg <hans@chromium.org>
12544 Implement Speech JavaScript API
12545 https://bugs.webkit.org/show_bug.cgi?id=80019
12547 Reviewed by Adam Barth.
12549 Add ENABLE_SCRIPTED_SPEECH.
12551 * Configurations/FeatureDefines.xcconfig:
12553 2012-03-02 Filip Pizlo <fpizlo@apple.com>
12555 When getting the line number of a call into a call frame with no code block, it's
12556 incorrect to rely on the returnPC
12557 https://bugs.webkit.org/show_bug.cgi?id=80195
12559 Reviewed by Oliver Hunt.
12561 * interpreter/Interpreter.cpp:
12562 (JSC::getCallerInfo):
12564 (JSC::JIT::compileLoadVarargs):
12566 2012-03-02 Han Hojong <hojong.han@samsung.com>
12568 Expected results updated for checking type conversion
12569 https://bugs.webkit.org/show_bug.cgi?id=80138
12571 Reviewed by Gavin Barraclough.
12573 * tests/mozilla/ecma/TypeConversion/9.3.1-3.js:
12575 2012-03-02 Kenichi Ishibashi <bashi@chromium.org>
12577 Adding WebSocket per-frame DEFLATE extension
12578 https://bugs.webkit.org/show_bug.cgi?id=77522
12580 Added USE(ZLIB) flag.
12582 Reviewed by Kent Tamura.
12586 2012-03-02 Filip Pizlo <fpizlo@apple.com>
12588 Unreviewed build fix for platforms that have DFG_JIT disabled but PARALLEL_GC enabled.
12590 * bytecode/CodeBlock.cpp:
12591 (JSC::CodeBlock::visitAggregate):
12593 2012-03-01 Filip Pizlo <fpizlo@apple.com>
12595 DFGCodeBlocks should not trace CodeBlocks that are also going to be traced by
12596 virtue of being in the transitive closure
12597 https://bugs.webkit.org/show_bug.cgi?id=80098
12599 Reviewed by Anders Carlsson.
12601 If DFGCodeBlocks traces a CodeBlock that might also be traced via its owner Executable,
12602 then you might have the visitAggregate() method called concurrently by multiple threads.
12603 This is benign on 64-bit -- visitAggregate() and everything it calls turns out to be
12604 racy and slightly imprecise but not unsound. But on 32-bit, visitAggregate() may crash
12605 due to word tearing in ValueProfile bucket updates inside of computeUpdatedPrediction().
12607 It would seem that the fix is just to have DFGCodeBlocks not trace CodeBlocks that are
12608 not jettisoned. But CodeBlocks may be jettisoned later during the GC, so it must trace
12609 any CodeBlock that it knows to be live by virtue of it being reachable from the stack.
12610 Hence the real fix is to make sure that concurrent calls into CodeBlock::visitAggregate()
12611 don't lead to two threads racing over each other as they clobber state. This patch
12612 achieves this with a simple CAS loop: whichever thread wins the CAS race (which is
12613 trivially linearizable) will get to trace the CodeBlock; all other threads give up and
12616 Unfortunately there will be no new tests. It's possible to reproduce this maybe 1/10
12617 times by running V8-v6's raytrace repeatedly, using the V8 harness hacked to rerun it
12618 even when it's gotten sufficient counts. But that takes a while - sometimes up to a
12619 minute to get a crash. I have no other reliable repro case.
12621 * bytecode/CodeBlock.cpp:
12622 (JSC::CodeBlock::visitAggregate):
12623 * bytecode/CodeBlock.h:
12625 * heap/DFGCodeBlocks.cpp:
12626 (JSC::DFGCodeBlocks::clearMarks):
12628 2012-03-01 Filip Pizlo <fpizlo@apple.com>
12630 The JIT should not crash the entire process just because there is not enough executable
12631 memory, if the LLInt is enabled
12632 https://bugs.webkit.org/show_bug.cgi?id=79962
12634 Reviewed by Csaba Osztrogonác.
12638 * assembler/AssemblerBufferWithConstantPool.h:
12639 (JSC::AssemblerBufferWithConstantPool::executableCopy):
12641 2012-03-01 Ryosuke Niwa <rniwa@webkit.org>
12643 Revert my change. Broke builds.
12644 Source/JavaScriptCore/wtf/Atomics.h:188: error: redefinition of 'bool WTF::weakCompareAndSwap(volatile uintptr_t*, uintptr_t, uintptr_t)'
12645 Source/JavaScriptCore/wtf/Atomics.h:122: error: 'bool WTF::weakCompareAndSwap(volatile unsigned int*, unsigned int, unsigned i
12649 (WTF::weakCompareAndSwap):
12651 2012-03-01 Ryosuke Niwa <rniwa@webkit.org>
12655 Rubber-stamped by Filip Pizlo.
12659 (WTF::weakCompareAndSwap):
12661 2012-03-01 Gavin Barraclough <barraclough@apple.com>
12663 ES5.1-15.3.5.4. prohibits Function.caller from [[Get]]ting a strict caller
12664 https://bugs.webkit.org/show_bug.cgi?id=80011
12666 Reviewed by Oliver Hunt.
12668 Also, fix getting the caller from within a bound function, for within a getter,
12669 or setter (make our implementation match other browsers).
12671 * interpreter/Interpreter.cpp:
12672 (JSC::getCallerInfo):
12673 - Allow this to get the caller of host functions.
12674 (JSC::Interpreter::retrieveCallerFromVMCode):
12675 - This should use getCallerInfo, and should skip over function bindings.
12676 * runtime/JSFunction.cpp:
12677 (JSC::JSFunction::callerGetter):
12678 - This should never return a strict-mode function.
12680 2012-03-01 Yuqiang Xian <yuqiang.xian@intel.com>
12682 DFG local CSE for a node can be terminated earlier
12683 https://bugs.webkit.org/show_bug.cgi?id=80014
12685 Reviewed by Filip Pizlo.
12687 When one of the node's childredn is met in the process of back traversing
12688 the nodes, we don't need to traverse the remaining nodes.
12689 This is performance neutral on SunSpider, V8 and Kraken.
12691 * dfg/DFGCSEPhase.cpp:
12692 (JSC::DFG::CSEPhase::pureCSE):
12693 (JSC::DFG::CSEPhase::impureCSE):
12694 (JSC::DFG::CSEPhase::getByValLoadElimination):
12695 (JSC::DFG::CSEPhase::checkFunctionElimination):
12696 (JSC::DFG::CSEPhase::checkStructureLoadElimination):
12697 (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
12698 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
12699 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
12701 2012-02-29 Yuqiang Xian <yuqiang.xian@intel.com>
12703 DFG BasicBlocks should not require that their nodes have continuous indices in the graph
12704 https://bugs.webkit.org/show_bug.cgi?id=79899
12706 Reviewed by Filip Pizlo.
12708 This will make it more convenient to insert nodes into the DFG.
12709 With this capability we now place the Phi nodes in the corresponding
12711 Local CSE is modified to not to rely on the assumption of continuous
12712 node indices in a block.
12713 This is performance neutral on SunSpider, V8 and Kraken.
12715 * dfg/DFGAbstractState.cpp:
12716 (JSC::DFG::AbstractState::AbstractState):
12717 (JSC::DFG::AbstractState::beginBasicBlock):
12718 (JSC::DFG::AbstractState::execute):
12719 (JSC::DFG::AbstractState::clobberStructures):
12720 (JSC::DFG::AbstractState::mergeToSuccessors):
12721 (JSC::DFG::AbstractState::dump):
12722 * dfg/DFGAbstractState.h:
12723 (JSC::DFG::AbstractState::forNode):
12725 * dfg/DFGArithNodeFlagsInferencePhase.cpp:
12726 (ArithNodeFlagsInferencePhase):
12727 * dfg/DFGBasicBlock.h:
12728 (JSC::DFG::BasicBlock::BasicBlock):
12730 * dfg/DFGByteCodeParser.cpp:
12731 (JSC::DFG::ByteCodeParser::addToGraph):
12733 (JSC::DFG::ByteCodeParser::insertPhiNode):
12734 (JSC::DFG::ByteCodeParser::handleInlining):
12735 (JSC::DFG::ByteCodeParser::parseBlock):
12736 (JSC::DFG::ByteCodeParser::processPhiStack):
12737 (JSC::DFG::ByteCodeParser::linkBlock):
12738 (JSC::DFG::ByteCodeParser::determineReachability):
12739 (JSC::DFG::ByteCodeParser::parseCodeBlock):
12740 * dfg/DFGCFAPhase.cpp:
12741 (JSC::DFG::CFAPhase::performBlockCFA):
12743 * dfg/DFGCSEPhase.cpp:
12744 (JSC::DFG::CSEPhase::CSEPhase):
12745 (JSC::DFG::CSEPhase::endIndexForPureCSE):
12746 (JSC::DFG::CSEPhase::pureCSE):
12747 (JSC::DFG::CSEPhase::impureCSE):
12748 (JSC::DFG::CSEPhase::globalVarLoadElimination):
12749 (JSC::DFG::CSEPhase::getByValLoadElimination):
12750 (JSC::DFG::CSEPhase::checkFunctionElimination):
12751 (JSC::DFG::CSEPhase::checkStructureLoadElimination):
12752 (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
12753 (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
12754 (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
12755 (JSC::DFG::CSEPhase::getScopeChainLoadElimination):
12756 (JSC::DFG::CSEPhase::performNodeCSE):
12757 (JSC::DFG::CSEPhase::performBlockCSE):
12759 * dfg/DFGGraph.cpp:
12760 (JSC::DFG::Graph::dump):
12761 * dfg/DFGPhase.cpp:
12762 (JSC::DFG::Phase::beginPhase):
12763 * dfg/DFGSpeculativeJIT.cpp:
12764 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
12765 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
12766 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
12767 (JSC::DFG::SpeculativeJIT::compile):
12768 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
12769 (JSC::DFG::SpeculativeJIT::compileStrictEq):
12770 * dfg/DFGSpeculativeJIT.h:
12772 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
12773 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
12774 * dfg/DFGSpeculativeJIT32_64.cpp:
12775 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
12776 * dfg/DFGSpeculativeJIT64.cpp:
12777 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
12778 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
12779 (JSC::DFG::VirtualRegisterAllocationPhase::run):
12781 2012-02-29 Filip Pizlo <fpizlo@apple.com>
12783 The JIT should not crash the entire process just because there is not
12784 enough executable memory, if the LLInt is enabled
12785 https://bugs.webkit.org/show_bug.cgi?id=79962
12786 <rdar://problem/10922215>
12788 Unreviewed, adding forgotten file.
12790 * jit/JITCompilationEffort.h: Added.
12793 2012-02-29 Filip Pizlo <fpizlo@apple.com>
12795 The JIT should not crash the entire process just because there is not
12796 enough executable memory, if the LLInt is enabled
12797 https://bugs.webkit.org/show_bug.cgi?id=79962
12798 <rdar://problem/10922215>
12800 Reviewed by Gavin Barraclough.
12802 Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
12803 a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
12804 JITCompilationMustSucceed. This preserves the old behavior of LLInt is
12805 disabled or if we're compiling something that can't be interpreted (like
12808 * JavaScriptCore.xcodeproj/project.pbxproj:
12809 * assembler/ARMAssembler.cpp:
12810 (JSC::ARMAssembler::executableCopy):
12811 * assembler/ARMAssembler.h:
12813 * assembler/AssemblerBuffer.h:
12814 (JSC::AssemblerBuffer::executableCopy):
12815 * assembler/LinkBuffer.h:
12816 (JSC::LinkBuffer::LinkBuffer):
12817 (JSC::LinkBuffer::~LinkBuffer):
12819 (JSC::LinkBuffer::didFailToAllocate):
12820 (JSC::LinkBuffer::isValid):
12821 (JSC::LinkBuffer::linkCode):
12822 (JSC::LinkBuffer::performFinalization):
12823 * assembler/MIPSAssembler.h:
12824 (JSC::MIPSAssembler::executableCopy):
12825 * assembler/SH4Assembler.h:
12826 (JSC::SH4Assembler::executableCopy):
12827 * assembler/X86Assembler.h:
12828 (JSC::X86Assembler::executableCopy):
12829 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
12830 * bytecode/CodeBlock.cpp:
12831 (JSC::ProgramCodeBlock::jitCompileImpl):
12832 (JSC::EvalCodeBlock::jitCompileImpl):
12833 (JSC::FunctionCodeBlock::jitCompileImpl):
12834 * bytecode/CodeBlock.h:
12835 (JSC::CodeBlock::jitCompile):
12837 (ProgramCodeBlock):
12839 (FunctionCodeBlock):
12840 * dfg/DFGDriver.cpp:
12841 (JSC::DFG::compile):
12842 * dfg/DFGJITCompiler.cpp:
12843 (JSC::DFG::JITCompiler::compile):
12844 (JSC::DFG::JITCompiler::compileFunction):
12845 * dfg/DFGJITCompiler.h:
12847 * jit/ExecutableAllocator.cpp:
12848 (JSC::DemandExecutableAllocator::allocateNewSpace):
12849 (JSC::ExecutableAllocator::allocate):
12850 * jit/ExecutableAllocator.h:
12851 (ExecutableAllocator):
12852 * jit/ExecutableAllocatorFixedVMPool.cpp:
12853 (JSC::ExecutableAllocator::allocate):
12855 (JSC::JIT::privateCompile):
12857 (JSC::JIT::compile):
12859 * jit/JITCompilationEffort.h: Added.
12862 (JSC::jitCompileIfAppropriate):
12863 (JSC::jitCompileFunctionIfAppropriate):
12864 * llint/LLIntSlowPaths.cpp:
12866 (JSC::LLInt::jitCompileAndSetHeuristics):
12867 (JSC::LLInt::entryOSR):
12868 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
12869 * runtime/Executable.cpp:
12870 (JSC::EvalExecutable::jitCompile):
12871 (JSC::ProgramExecutable::jitCompile):
12872 (JSC::FunctionExecutable::jitCompileForCall):
12873 (JSC::FunctionExecutable::jitCompileForConstruct):
12874 * runtime/Executable.h:
12876 (ProgramExecutable):
12877 (FunctionExecutable):
12878 (JSC::FunctionExecutable::jitCompileFor):
12879 * runtime/ExecutionHarness.h:
12880 (JSC::prepareForExecution):
12881 (JSC::prepareFunctionForExecution):
12883 2012-02-29 No'am Rosenthal <noam.rosenthal@nokia.com>
12885 [Qt][WK2] Get rid of the #ifdef mess in LayerTreeHost[Proxy]
12886 https://bugs.webkit.org/show_bug.cgi?id=79501
12888 Enable WTF_USE_UI_SIDE_COMPOSITING for Qt.
12890 Reviewed by Kenneth Rohde Christiansen.
12894 2012-02-29 Gavin Barraclough <barraclough@apple.com>
12896 Rubber stamped by Oliver Hunt.
12898 * tests/mozilla/ecma_2/RegExp/constructor-001.js:
12899 * tests/mozilla/ecma_2/RegExp/function-001.js:
12900 * tests/mozilla/ecma_2/RegExp/properties-001.js:
12901 - Check in new test cases results.
12903 2012-02-29 Mark Rowe <mrowe@apple.com>
12905 Stop installing JSCLLIntOffsetsExtractor.
12907 Replace the separate TestRegExp and TestAPI xcconfig files with a single ToolExecutable xcconfig file
12908 that derives the product name from the target name. We can then use that xcconfig file for JSCLLIntOffsetsExtractor.
12909 This has the results of setting SKIP_INSTALL = YES for JSCLLIntOffsetsExtractor.
12911 While I was doing this fiddling I noticed that the JSCLLIntOffsetsExtractor target had a custom value
12912 for USER_HEADER_SEARCH_PATHS to allow it to find LLIntDesiredOffsets.h. A better way of doing that is
12913 to add LLIntDesiredOffsets.h to the Xcode project so that it'll be included in the header map. That
12914 allows us to remove the override of USER_HEADER_SEARCH_PATHS entirely. So I did that too!
12916 Reviewed by Filip Pizlo.
12918 * Configurations/TestRegExp.xcconfig: Removed.
12919 * Configurations/ToolExecutable.xcconfig: Renamed from Source/JavaScriptCore/Configurations/TestAPI.xcconfig.
12920 * JavaScriptCore.xcodeproj/project.pbxproj:
12922 2012-02-28 Filip Pizlo <fpizlo@apple.com>
12924 RefCounted::deprecatedTurnOffVerifier() should not be deprecated
12925 https://bugs.webkit.org/show_bug.cgi?id=79864
12927 Reviewed by Oliver Hunt.
12929 Removed the word "deprecated" from the name of this method, since this method
12930 should not be deprecated. It works just fine as it is, and there is simply no
12931 alternative to calling this method for many interesting JSC classes.
12933 * parser/SourceProvider.h:
12934 (JSC::SourceProvider::SourceProvider):
12935 * runtime/SymbolTable.h:
12936 (JSC::SharedSymbolTable::SharedSymbolTable):
12937 * wtf/MetaAllocator.cpp:
12938 (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
12939 (WTF::MetaAllocator::allocate):
12940 * wtf/RefCounted.h:
12942 (WTF::RefCountedBase::turnOffVerifier):
12944 2012-02-29 Gavin Barraclough <barraclough@apple.com>
12946 'source' property of RegExp instance cannot be ""
12947 https://bugs.webkit.org/show_bug.cgi?id=79938
12949 Reviewed by Oliver Hunt.
12951 15.10.6.4 specifies that RegExp.prototype.toString must return '/' + source + '/',
12952 and also states that the result must be a valid RegularExpressionLiteral. '//' is
12953 not a valid RegularExpressionLiteral (since it is a single line comment), and hence
12954 source cannot ever validly be "". If the source is empty, return a different Pattern
12955 that would match the same thing.
12957 * runtime/RegExpObject.cpp:
12958 (JSC::regExpObjectSource):
12959 - Do not return "" if the source is empty, this would lead to invalid behaviour in toString.
12960 * runtime/RegExpPrototype.cpp:
12961 (JSC::regExpProtoFuncToString):
12962 - No need to special case the empty string - this should be being done by 'source'.
12964 2012-02-29 Gavin Barraclough <barraclough@apple.com>
12966 Writable attribute not set correctly when redefining an accessor to a data descriptor
12967 https://bugs.webkit.org/show_bug.cgi?id=79931
12969 Reviewed by Oliver Hunt.
12971 * runtime/JSObject.cpp:
12972 (JSC::JSObject::defineOwnProperty):
12973 - use attributesOverridingCurrent instead of attributesWithOverride.
12974 * runtime/PropertyDescriptor.cpp:
12975 * runtime/PropertyDescriptor.h:
12976 - remove attributesWithOverride - attributesOverridingCurrent does the same thing.
12978 2012-02-29 Kevin Ollivier <kevino@theolliviers.com>
12980 Add JSCore symbol exports needed by wx port
12981 https://bugs.webkit.org/show_bug.cgi?id=77280
12983 Reviewed by Hajime Morita.
12985 * wtf/ArrayBufferView.h:
12986 * wtf/ExportMacros.h:
12988 2012-02-28 Raphael Kubo da Costa <kubo@profusion.mobi>
12990 [CMake] Always build wtf as a static library.
12991 https://bugs.webkit.org/show_bug.cgi?id=79857
12993 Reviewed by Eric Seidel.
12995 To help the efforts in bug 75673 to move WTF out of
12996 JavaScriptCore, act more like the other ports and remove the
12997 possibility of building WTF as a shared library.
12999 It does not make much sense to, for example, ship WTF as a
13000 separate .so with webkit-efl packages, and it should be small
13001 enough not to cause problems during linking.
13003 * wtf/CMakeLists.txt:
13005 2012-02-28 Dmitry Lomov <dslomov@google.com>
13007 [JSC] Implement ArrayBuffer transfer
13008 https://bugs.webkit.org/show_bug.cgi?id=73493.
13009 Implement ArrayBuffer transfer, per Khronos spec: http://www.khronos.org/registry/typedarray/specs/latest/#9.
13010 This brings parity with V8 implementation of transferable typed arrays.
13012 Reviewed by Oliver Hunt.
13014 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Extra export.
13015 * wtf/ArrayBuffer.h:
13016 (ArrayBuffer): Added extra export.
13018 2012-02-28 Kevin Ollivier <kevino@theolliviers.com>
13020 [wx] Unreviewed. Build fix after recent LLInt additions.
13024 2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
13026 Refactor SpeculativeJIT::emitAllocateJSFinalObject
13027 https://bugs.webkit.org/show_bug.cgi?id=79801
13029 Reviewed by Filip Pizlo.
13031 * dfg/DFGSpeculativeJIT.h:
13032 (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Split emitAllocateJSFinalObject out to form this
13033 function, which is more generic in that it can allocate a variety of classes.
13035 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Changed to use the new helper function.
13037 2012-02-28 Gavin Barraclough <barraclough@apple.com>
13039 [[Get]]/[[Put]] for primitives should not wrap on strict accessor call
13040 https://bugs.webkit.org/show_bug.cgi?id=79588
13042 Reviewed by Oliver Hunt.
13044 In the case of [[Get]], this is a pretty trivial bug - just don't wrap
13045 primitives at the point you call a getter.
13047 For setters, this is a little more involved, since we have already wrapped
13048 the value up in a synthesized object. Stop doing so. There is also a further
13049 subtely, that in strict mode all attempts to create a new data property on
13050 the object should throw.
13052 * runtime/JSCell.cpp:
13053 (JSC::JSCell::put):
13054 - [[Put]] to a string primitive should use JSValue::putToPrimitive.
13055 * runtime/JSObject.cpp:
13056 (JSC::JSObject::put):
13057 - Remove static function called in one place.
13058 * runtime/JSObject.h:
13059 (JSC::JSValue::put):
13060 - [[Put]] to a non-cell JSValue should use JSValue::putToPrimitive.
13061 * runtime/JSValue.cpp:
13062 (JSC::JSValue::synthesizePrototype):
13063 - Add support for synthesizing the prototype of strings.
13064 (JSC::JSValue::putToPrimitive):
13065 - Added, implements [[Put]] for primitive bases, per 8.7.2.
13066 * runtime/JSValue.h:
13068 - Add declaration for JSValue::putToPrimitive.
13069 * runtime/PropertySlot.cpp:
13070 (JSC::PropertySlot::functionGetter):
13071 - Don't call ToObject on primitive this values.
13073 2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
13075 Re-enable parallel GC on Mac
13076 https://bugs.webkit.org/show_bug.cgi?id=79837
13078 Rubber stamped by Filip Pizlo.
13080 * runtime/Options.cpp:
13081 (JSC::Options::initializeOptions): We accidentally disabled parallel GC with this line,
13082 so we removed it and things should go back to normal.
13084 2012-02-28 Filip Pizlo <fpizlo@apple.com>
13086 Some run-javascriptcore-tests broken for 32-bit debug
13087 https://bugs.webkit.org/show_bug.cgi?id=79844
13089 Rubber stamped by Oliver Hunt.
13091 These assertions are just plain wrong for 32-bit. We could either have a massive
13092 assertion that depends on value representation, that has to be changed every
13093 time we change the JITs, resulting in a bug tail of debug-mode crashes, or we
13094 could get rid of the assertions. I pick the latter.
13096 * dfg/DFGOperations.cpp:
13097 * jit/JITStubs.cpp:
13098 (JSC::DEFINE_STUB_FUNCTION):
13100 2012-02-28 Mark Hahnenberg <mhahnenberg@apple.com>
13102 Get rid of padding cruft in CopiedBlock
13103 https://bugs.webkit.org/show_bug.cgi?id=79686
13105 Reviewed by Filip Pizlo.
13107 * heap/CopiedBlock.h:
13108 (CopiedBlock): Removed the extra padding that was used for alignment purposes until
13109 the calculation of the payload offset into CopiedBlocks was redone recently.
13111 2012-02-28 Anders Carlsson <andersca@apple.com>
13113 Fix build with newer versions of clang.
13115 Clang now warns since we're not passing a CFString literal to CFStringCreateWithFormatAndArguments,
13116 but it's OK to ignore this warning since clang is also checking that the caller (vprintf_stderr_common)
13117 takes a string literal.
13119 * wtf/Assertions.cpp:
13121 2012-02-28 Mario Sanchez Prada <msanchez@igalia.com>
13123 [GTK] Add GMainLoop and GMainContext to be handled by GRefPtr
13124 https://bugs.webkit.org/show_bug.cgi?id=79496
13126 Reviewed by Martin Robinson.
13128 Handle GMainLoop and GMainContext in GRefPtr, by calling
13129 g_main_loop_(un)ref and g_main_context_(un)ref in the
13130 implementation of the refGPtr and derefGPtr template functions.
13132 * wtf/gobject/GRefPtr.cpp:
13136 * wtf/gobject/GRefPtr.h:
13138 * wtf/gobject/GTypedefs.h:
13140 2012-02-28 Yong Li <yoli@rim.com>
13142 JSString::resolveRope() should report extra memory cost to the heap.
13143 https://bugs.webkit.org/show_bug.cgi?id=79555
13145 Reviewed by Michael Saboff.
13147 At the time a JSString is constructed with fibers, it doesn't report
13148 extra memory cost, which is reasonable because it hasn't allocate
13149 new memory. However when the rope is resolved, it should report meory
13150 cost for the new buffer.
13152 * runtime/JSString.cpp:
13153 (JSC::JSString::resolveRope):
13155 2012-02-27 Oliver Hunt <oliver@apple.com>
13157 sputnik/Unicode/Unicode_500/S7.2_A1.6_T1.html crashes in the interpreter
13158 https://bugs.webkit.org/show_bug.cgi?id=79728
13160 Reviewed by Gavin Barraclough.
13162 When initialising a chained get instruction we may end up in a state where
13163 the instruction stream says we have a scopechain, but it has not yet been set
13164 (eg. if allocating the StructureChain itself is what leads to the GC). We could
13165 re-order the allocation, but it occurs in a couple of places, so it seems less
13166 fragile simply to null check the scopechain slot before we actually visit the slot.
13168 * bytecode/CodeBlock.cpp:
13169 (JSC::CodeBlock::visitStructures):
13171 2012-02-27 Filip Pizlo <fpizlo@apple.com>
13173 Old JIT's style of JSVALUE64 strict equality is subtly wrong
13174 https://bugs.webkit.org/show_bug.cgi?id=79700
13176 Reviewed by Oliver Hunt.
13178 * assembler/MacroAssemblerX86_64.h:
13179 (JSC::MacroAssemblerX86_64::comparePtr):
13180 (MacroAssemblerX86_64):
13181 * dfg/DFGOperations.cpp:
13182 * dfg/DFGSpeculativeJIT.cpp:
13183 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
13184 * dfg/DFGSpeculativeJIT64.cpp:
13185 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
13186 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
13187 * jit/JITOpcodes.cpp:
13188 (JSC::JIT::compileOpStrictEq):
13189 (JSC::JIT::emitSlow_op_stricteq):
13190 (JSC::JIT::emitSlow_op_nstricteq):
13191 * jit/JITStubs.cpp:
13192 (JSC::DEFINE_STUB_FUNCTION):
13194 2012-02-27 Gavin Barraclough <barraclough@apple.com>
13196 Implement support for op_negate and op_bitnot in the DFG JIT
13197 https://bugs.webkit.org/show_bug.cgi?id=79617
13199 Reviewed by Filip Pizlo.
13201 Add an ArithNegate op to the DFG JIT, to implement op_negate.
13203 This patch also adds support for op_negate to the JSVALUE64 baseline JIT
13204 (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
13206 This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
13208 * assembler/ARMv7Assembler.h:
13209 (JSC::ARMv7Assembler::sub_S):
13210 - Added sub_S from immediate.
13212 (JSC::ARMv7Assembler::vneg):
13213 - Added double negate.
13214 * assembler/MacroAssemblerARMv7.h:
13215 (JSC::MacroAssemblerARMv7::negateDouble):
13216 - Added double negate.
13217 (MacroAssemblerARMv7):
13218 (JSC::MacroAssemblerARMv7::branchNeg32):
13220 * assembler/MacroAssemblerX86.h:
13221 (MacroAssemblerX86):
13222 - moved loadDouble, absDouble to common.
13223 * assembler/MacroAssemblerX86Common.h:
13224 (MacroAssemblerX86Common):
13225 (JSC::MacroAssemblerX86Common::absDouble):
13226 - implementation can be shared.
13227 (JSC::MacroAssemblerX86Common::negateDouble):
13229 (JSC::MacroAssemblerX86Common::loadDouble):
13230 - allow absDouble to have a common implementation.
13231 * assembler/MacroAssemblerX86_64.h:
13232 (MacroAssemblerX86_64):
13233 - moved loadDouble, absDouble to common.
13234 * dfg/DFGAbstractState.cpp:
13235 (JSC::DFG::AbstractState::execute):
13236 - support ArithNegate.
13237 * dfg/DFGArithNodeFlagsInferencePhase.cpp:
13238 (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
13239 - support ArithNegate.
13240 * dfg/DFGByteCodeParser.cpp:
13241 (JSC::DFG::ByteCodeParser::makeSafe):
13242 - support ArithNegate.
13243 (JSC::DFG::ByteCodeParser::parseBlock):
13244 - support op_negate.
13245 * dfg/DFGCSEPhase.cpp:
13246 (JSC::DFG::CSEPhase::performNodeCSE):
13247 - support ArithNegate.
13248 * dfg/DFGCapabilities.h:
13249 (JSC::DFG::canCompileOpcode):
13250 - support op_negate.
13252 (JSC::DFG::Graph::negateShouldSpeculateInteger):
13253 - support ArithNegate.
13255 (JSC::DFG::Node::hasArithNodeFlags):
13256 - support ArithNegate.
13257 * dfg/DFGPredictionPropagationPhase.cpp:
13258 (JSC::DFG::PredictionPropagationPhase::propagate):
13259 - support ArithNegate.
13260 * dfg/DFGSpeculativeJIT.cpp:
13261 (JSC::DFG::SpeculativeJIT::compileArithNegate):
13262 - support ArithNegate.
13263 * dfg/DFGSpeculativeJIT.h:
13265 - support ArithNegate.
13266 * dfg/DFGSpeculativeJIT32_64.cpp:
13267 (JSC::DFG::SpeculativeJIT::compile):
13268 - support ArithNegate.
13269 * dfg/DFGSpeculativeJIT64.cpp:
13270 (JSC::DFG::SpeculativeJIT::compile):
13271 - support ArithNegate.
13273 (JSC::JIT::privateCompileMainPass):
13274 (JSC::JIT::privateCompileSlowCases):
13275 - Add support for op_negate in JSVALUE64.
13276 * jit/JITArithmetic.cpp:
13277 (JSC::JIT::emit_op_negate):
13278 (JSC::JIT::emitSlow_op_negate):
13279 - Add support for op_negate in JSVALUE64.
13281 2012-02-27 Mahesh Kulkarni <mahesh.kulkarni@nokia.com>
13283 Unreviewed. Build fix for linux-bot (qt) after r109021.
13285 * runtime/Error.cpp:
13287 2012-02-27 Oliver Hunt <oliver@apple.com>
13289 REGRESSION (r108112): AWS Management Console at amazon.com fails to initialize
13290 https://bugs.webkit.org/show_bug.cgi?id=79693
13292 Reviewed by Filip Pizlo.
13294 Alas we can't provide the stack trace as an array, as despite everyone wanting
13295 an array, everyone arbitrarily creates the array by calling split on the stack
13296 trace. To create the array we would have provided them in the first place.
13298 This changes the exception's stack property to a \n separated string. To get the
13299 old array just do <exception>.stack.split("\n").
13301 * runtime/Error.cpp:
13302 (JSC::addErrorInfo):
13304 2012-02-27 Gavin Barraclough <barraclough@apple.com>
13306 RegExp lastIndex should behave as a regular property
13307 https://bugs.webkit.org/show_bug.cgi?id=79446
13309 Reviewed by Sam Weinig.
13311 lastIndex should be a regular data descriptor, with the attributes configurable:false,
13312 enumerable:false, writable:true. As such, it should be possible to reconfigure writable
13313 as false. If the lastIndex property is reconfigured to be read-only, we should respect
13316 * runtime/CommonIdentifiers.h:
13317 - Removed some unused identifiers, added lastIndex.
13318 * runtime/RegExpObject.cpp:
13319 (JSC::RegExpObject::getOwnPropertySlot):
13320 - lastIndex is no longer a static value, provided specific handling.
13321 (JSC::RegExpObject::getOwnPropertyDescriptor):
13322 - lastIndex is no longer a static value, provided specific handling.
13323 (JSC::RegExpObject::deleteProperty):
13324 - lastIndex is no longer a static value, provided specific handling.
13325 (JSC::RegExpObject::getOwnPropertyNames):
13326 - lastIndex is no longer a static value, provided specific handling.
13327 (JSC::RegExpObject::getPropertyNames):
13328 - lastIndex is no longer a static value, provided specific handling.
13330 - helper function for defineOwnProperty.
13331 (JSC::RegExpObject::defineOwnProperty):
13332 - lastIndex is no longer a static value, provided specific handling.
13333 (JSC::RegExpObject::put):
13334 - lastIndex is no longer a static value, provided specific handling.
13335 (JSC::RegExpObject::match):
13336 - Pass setLastIndex an ExecState, so it can throw if read-only.
13337 * runtime/RegExpObject.h:
13338 (JSC::RegExpObject::setLastIndex):
13339 - Pass setLastIndex an ExecState, so it can throw if read-only.
13340 (RegExpObjectData):
13341 - Added lastIndexIsWritable.
13342 * runtime/RegExpPrototype.cpp:
13343 (JSC::regExpProtoFuncCompile):
13344 - Pass setLastIndex an ExecState, so it can throw if read-only.
13346 2012-02-27 Gavin Barraclough <barraclough@apple.com>
13348 Implement support for op_negate and op_bitnot in the DFG JIT
13349 https://bugs.webkit.org/show_bug.cgi?id=79617
13351 Reviewed by Sam Weinig.
13353 Remove op_bitnop - this is redundant, ~x === x^-1.
13354 This is a fractional (<1%) progression.
13356 Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
13357 Remove CanReuse from the result type - this was unused.
13360 * assembler/MacroAssemblerARM.h:
13361 (MacroAssemblerARM):
13362 (JSC::MacroAssemblerARM::xor32):
13363 * assembler/MacroAssemblerARMv7.h:
13364 (MacroAssemblerARMv7):
13365 (JSC::MacroAssemblerARMv7::xor32):
13366 * assembler/MacroAssemblerMIPS.h:
13367 (MacroAssemblerMIPS):
13368 (JSC::MacroAssemblerMIPS::xor32):
13369 * assembler/MacroAssemblerSH4.h:
13370 (MacroAssemblerSH4):
13371 (JSC::MacroAssemblerSH4::xor32):
13372 * assembler/MacroAssemblerX86Common.h:
13373 (MacroAssemblerX86Common):
13374 (JSC::MacroAssemblerX86Common::xor32):
13375 * bytecode/CodeBlock.cpp:
13376 (JSC::CodeBlock::dump):
13377 * bytecode/Opcode.h:
13379 (JSC::padOpcodeName):
13380 * bytecompiler/NodesCodegen.cpp:
13382 (JSC::BitwiseNotNode::emitBytecode):
13383 * interpreter/Interpreter.cpp:
13384 (JSC::Interpreter::privateExecute):
13386 (JSC::JIT::privateCompileMainPass):
13387 (JSC::JIT::privateCompileSlowCases):
13390 * jit/JITArithmetic32_64.cpp:
13392 * jit/JITOpcodes.cpp:
13394 * jit/JITStubs.cpp:
13397 * llint/LLIntSlowPaths.cpp:
13399 * llint/LLIntSlowPaths.h:
13401 * llint/LowLevelInterpreter32_64.asm:
13402 * parser/NodeConstructors.h:
13403 (JSC::NegateNode::NegateNode):
13404 (JSC::BitwiseNotNode::BitwiseNotNode):
13405 (JSC::MultNode::MultNode):
13406 (JSC::DivNode::DivNode):
13407 (JSC::ModNode::ModNode):
13408 (JSC::SubNode::SubNode):
13409 (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
13412 (JSC::BitwiseNotNode::expr):
13414 * parser/ResultType.h:
13416 (JSC::ResultType::numberTypeIsInt32):
13417 (JSC::ResultType::stringOrNumberType):
13418 (JSC::ResultType::forAdd):
13419 (JSC::ResultType::forBitOp):
13421 2012-02-27 Michael Saboff <msaboff@apple.com>
13423 Error check regexp min quantifier
13424 https://bugs.webkit.org/show_bug.cgi?id=70648
13426 Reviewed by Gavin Barraclough.
13428 Added checking for min or only quantifier being UINT_MAX.
13429 When encountered this becomes a SyntaxError during parsing.
13431 * yarr/YarrParser.h:
13432 (JSC::Yarr::Parser::parseQuantifier):
13433 (JSC::Yarr::Parser::parse):
13436 2012-02-27 Carlos Garcia Campos <cgarcia@igalia.com>
13438 Unreviewed. Fix make distcheck.
13440 * GNUmakefile.list.am: Add missing files.
13442 2012-02-26 Hajime Morrita <morrita@chromium.org>
13444 Move ChromeClient::showContextMenu() to ContextMenuClient
13445 https://bugs.webkit.org/show_bug.cgi?id=79427
13447 Reviewed by Adam Barth.
13449 Added ACCESSIBILITY_CONTEXT_MENUS.
13453 2012-02-26 Filip Pizlo <fpizlo@apple.com>
13455 LayoutTests/fast/xpath/xpath-functional-test.html is crashing in the DFG
13456 https://bugs.webkit.org/show_bug.cgi?id=79616
13458 Reviewed by Oliver Hunt.
13460 Guard against the fact that in JSVALUE64, JSValue().isCell() == true.
13462 * dfg/DFGAbstractValue.h:
13463 (JSC::DFG::AbstractValue::validate):
13465 2012-02-26 Filip Pizlo <fpizlo@apple.com>
13467 DFG should support activations and nested functions
13468 https://bugs.webkit.org/show_bug.cgi?id=79554
13470 Reviewed by Sam Weinig.
13472 Fix 32-bit. The 32-bit function+activation code had some really weird
13473 register reuse bugs.
13475 * dfg/DFGSpeculativeJIT32_64.cpp:
13476 (JSC::DFG::SpeculativeJIT::compile):
13478 2012-02-26 Filip Pizlo <fpizlo@apple.com>
13480 Getting the instruction stream for a code block should not require two loads
13481 https://bugs.webkit.org/show_bug.cgi?id=79608
13483 Reviewed by Sam Weinig.
13485 Introduced the RefCountedArray class, which contains a single inline pointer
13486 to a ref-counted non-resizeable vector backing store. This satisfies the
13487 requirements of CodeBlock, which desires the ability to share instruction
13488 streams with other CodeBlocks. It also reduces the number of loads required
13489 for getting the instruction stream by one.
13491 This patch also gets rid of the bytecode discarding logic, since we don't
13492 use it anymore and it's unlikely to ever work right with DFG or LLInt. And
13493 I didn't feel like porting dead code to use RefCountedArray.
13495 * GNUmakefile.list.am:
13496 * JavaScriptCore.xcodeproj/project.pbxproj:
13497 * bytecode/CodeBlock.cpp:
13498 (JSC::instructionOffsetForNth):
13499 (JSC::CodeBlock::dump):
13500 (JSC::CodeBlock::CodeBlock):
13501 (JSC::CodeBlock::finalizeUnconditionally):
13502 (JSC::CodeBlock::handlerForBytecodeOffset):
13503 (JSC::CodeBlock::lineNumberForBytecodeOffset):
13504 (JSC::CodeBlock::expressionRangeForBytecodeOffset):
13505 (JSC::CodeBlock::shrinkToFit):
13506 * bytecode/CodeBlock.h:
13508 (JSC::CodeBlock::numberOfInstructions):
13509 (JSC::CodeBlock::instructions):
13510 (JSC::CodeBlock::instructionCount):
13511 (JSC::CodeBlock::valueProfileForBytecodeOffset):
13513 * bytecompiler/BytecodeGenerator.cpp:
13514 (JSC::Label::setLocation):
13516 (JSC::BytecodeGenerator::generate):
13517 (JSC::BytecodeGenerator::newLabel):
13518 * bytecompiler/BytecodeGenerator.h:
13520 (BytecodeGenerator):
13521 (JSC::BytecodeGenerator::instructions):
13522 * bytecompiler/Label.h:
13523 (JSC::Label::Label):
13525 * dfg/DFGByteCodeCache.h:
13526 (JSC::DFG::ByteCodeCache::~ByteCodeCache):
13527 (JSC::DFG::ByteCodeCache::get):
13528 * jit/JITExceptions.cpp:
13529 (JSC::genericThrow):
13530 * llint/LowLevelInterpreter32_64.asm:
13531 * runtime/Executable.cpp:
13532 (JSC::EvalExecutable::compileInternal):
13533 (JSC::ProgramExecutable::compileInternal):
13534 (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
13535 (JSC::FunctionExecutable::produceCodeBlockFor):
13536 * wtf/RefCountedArray.h: Added.
13539 (WTF::RefCountedArray::RefCountedArray):
13540 (WTF::RefCountedArray::operator=):
13541 (WTF::RefCountedArray::~RefCountedArray):
13542 (WTF::RefCountedArray::size):
13543 (WTF::RefCountedArray::data):
13544 (WTF::RefCountedArray::begin):
13545 (WTF::RefCountedArray::end):
13546 (WTF::RefCountedArray::at):
13547 (WTF::RefCountedArray::operator[]):
13549 (WTF::RefCountedArray::Header::size):
13550 (WTF::RefCountedArray::Header::payload):
13551 (WTF::RefCountedArray::Header::fromPayload):
13554 2012-02-26 Yusuke Suzuki <utatane.tea@gmail.com>
13556 StringLiteral and NumericLiteral are allowed as ObjectLiteral getter / setter name
13557 https://bugs.webkit.org/show_bug.cgi?id=79571
13559 Reviewed by Gavin Barraclough.
13561 * parser/ASTBuilder.h:
13562 (JSC::ASTBuilder::createGetterOrSetterProperty):
13563 * parser/Parser.cpp:
13564 (JSC::::parseProperty):
13565 * parser/SyntaxChecker.h:
13566 (JSC::SyntaxChecker::createGetterOrSetterProperty):
13568 2012-02-26 Mark Hahnenberg <mhahnenberg@apple.com>
13570 Implement fast path for op_new_array in the baseline JIT
13571 https://bugs.webkit.org/show_bug.cgi?id=78612
13573 Reviewed by Filip Pizlo.
13575 heap/CopiedAllocator.h:
13576 (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
13577 * heap/CopiedSpace.h:
13578 (CopiedSpace): Friended the JIT to allow access to isOversize.
13579 (JSC::CopiedSpace::allocator):
13581 (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
13582 can use it for simple allocation i.e. when we can just bump the offset without having to
13585 (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
13586 we have to bail out because the fast allocation path fails for whatever reason.
13589 * jit/JITInlineMethods.h:
13590 (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
13591 allocate generic backing stores. This function is used by emitAllocateJSArray.
13593 (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
13594 more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
13595 it will also be used for emit_op_new_array_buffer.
13596 * jit/JITOpcodes.cpp:
13597 (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
13598 a stub call for oversize arrays.
13600 (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we
13601 fail in any way on the fast path.
13602 * runtime/JSArray.cpp:
13604 * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
13605 initialize in the JIT.
13607 (JSC::ArrayStorage::lengthOffset):
13608 (JSC::ArrayStorage::numValuesInVectorOffset):
13609 (JSC::ArrayStorage::allocBaseOffset):
13610 (JSC::ArrayStorage::vectorOffset):
13612 (JSC::JSArray::sparseValueMapOffset):
13613 (JSC::JSArray::subclassDataOffset):
13614 (JSC::JSArray::indexBiasOffset):
13616 (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
13617 to being a static function in the JSArray class. This move allows the JIT to call it to
13618 see what size it should allocate.
13620 2012-02-26 Patrick Gansterer <paroga@webkit.org>
13622 Unreviewed. Build fix for ENABLE(CLASSIC_INTERPRETER) after r108681.
13624 * interpreter/Interpreter.cpp:
13625 (JSC::getLineNumberForCallFrame):
13626 (JSC::Interpreter::getStackTrace):
13628 2012-02-26 Patrick Gansterer <paroga@webkit.org>
13630 Unreviewed. Build fix for !ENABLE(JIT) after r108681.
13632 * interpreter/Interpreter.cpp:
13633 (JSC::getLineNumberForCallFrame):
13635 2012-02-25 Filip Pizlo <fpizlo@apple.com>
13637 LLInt assembly file should be split into 32-bit and 64-bit parts
13638 https://bugs.webkit.org/show_bug.cgi?id=79584
13640 Reviewed by Sam Weinig.
13642 Moved LowLevelInterpreter.asm to LowLevelInterpreter32_64.asm. Gave offlineasm
13643 the ability to include files, and correctly track dependencies: it restricts
13644 the include mechanism to using the same directory as the source file, and uses
13645 the SHA1 hash of all .asm files in that directory as an input hash.
13647 * llint/LLIntOfflineAsmConfig.h:
13648 * llint/LowLevelInterpreter.asm:
13649 * llint/LowLevelInterpreter32_64.asm: Added.
13650 - This is just the entire contents of what was previously LowLevelInterpreter.asm
13651 * llint/LowLevelInterpreter64.asm: Added.
13652 * offlineasm/asm.rb:
13653 * offlineasm/ast.rb:
13654 * offlineasm/generate_offset_extractor.rb:
13655 * offlineasm/parser.rb:
13656 * offlineasm/self_hash.rb:
13658 2012-02-25 Filip Pizlo <fpizlo@apple.com>
13660 Offlineasm should support X86_64
13661 https://bugs.webkit.org/show_bug.cgi?id=79581
13663 Reviewed by Oliver Hunt.
13665 * llint/LLIntOfflineAsmConfig.h:
13666 * offlineasm/backends.rb:
13667 * offlineasm/instructions.rb:
13668 * offlineasm/settings.rb:
13669 * offlineasm/x86.rb:
13671 2012-02-25 Filip Pizlo <fpizlo@apple.com>
13673 DFG should support activations and nested functions
13674 https://bugs.webkit.org/show_bug.cgi?id=79554
13676 Reviewed by Oliver Hunt.
13678 Wrote the simplest possible implementation of activations. Big speed-up on
13679 code that uses activations, no speed-up on major benchmarks (SunSpider, V8,
13680 Kraken) because they do not appear to have sufficient coverage over code
13681 that uses activations.
13683 * bytecode/PredictedType.cpp:
13684 (JSC::predictionToString):
13685 (JSC::predictionFromValue):
13686 * bytecode/PredictedType.h:
13688 (JSC::isEmptyPrediction):
13689 * dfg/DFGAbstractState.cpp:
13690 (JSC::DFG::AbstractState::execute):
13691 * dfg/DFGByteCodeParser.cpp:
13692 (JSC::DFG::ByteCodeParser::ByteCodeParser):
13694 (JSC::DFG::ByteCodeParser::parseBlock):
13695 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
13696 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
13697 (JSC::DFG::ByteCodeParser::parse):
13698 * dfg/DFGCapabilities.h:
13699 (JSC::DFG::canCompileOpcode):
13700 (JSC::DFG::canInlineOpcode):
13702 (JSC::DFG::Graph::needsActivation):
13705 (JSC::DFG::Node::storageAccessDataIndex):
13707 (JSC::DFG::Node::hasFunctionDeclIndex):
13708 (JSC::DFG::Node::functionDeclIndex):
13709 (JSC::DFG::Node::hasFunctionExprIndex):
13710 (JSC::DFG::Node::functionExprIndex):
13711 * dfg/DFGOperations.cpp:
13712 * dfg/DFGOperations.h:
13713 * dfg/DFGPredictionPropagationPhase.cpp:
13714 (JSC::DFG::PredictionPropagationPhase::propagate):
13715 * dfg/DFGSpeculativeJIT.cpp:
13716 (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
13718 (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
13719 * dfg/DFGSpeculativeJIT.h:
13720 (JSC::DFG::SpeculativeJIT::callOperation):
13721 * dfg/DFGSpeculativeJIT32_64.cpp:
13722 (JSC::DFG::SpeculativeJIT::compile):
13723 * dfg/DFGSpeculativeJIT64.cpp:
13724 (JSC::DFG::SpeculativeJIT::compile):
13726 2012-02-25 Benjamin Poulain <benjamin@webkit.org>
13728 Add an empty skeleton of KURL for WTFURL
13729 https://bugs.webkit.org/show_bug.cgi?id=78990
13731 Reviewed by Adam Barth.
13733 * JavaScriptCore.xcodeproj/project.pbxproj: Export the relevant classes from WTFURL
13734 so that can use them in WebCore.
13736 2012-02-25 Filip Pizlo <fpizlo@apple.com>
13738 Unreviewed, fix build for DFG disabled and LLInt enabled.
13741 (JSC::JIT::privateCompile):
13742 * llint/LLIntSlowPaths.cpp:
13744 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
13746 2012-02-25 Mark Hahnenberg <mhahnenberg@apple.com>
13748 Fix the CopiedBlock offset alignment in a cross platform fashion
13749 https://bugs.webkit.org/show_bug.cgi?id=79556
13751 Reviewed by Filip Pizlo.
13753 Replaced m_payload with a payload() method that calculates the offset
13754 of the payload with the proper alignment. This change allows us to
13755 avoid alignment-related issues in a cross-platform manner.
13757 * heap/CopiedAllocator.h:
13758 (JSC::CopiedAllocator::currentUtilization):
13759 * heap/CopiedBlock.h:
13760 (JSC::CopiedBlock::CopiedBlock):
13761 (JSC::CopiedBlock::payload):
13763 * heap/CopiedSpace.cpp:
13764 (JSC::CopiedSpace::doneFillingBlock):
13765 * heap/CopiedSpaceInlineMethods.h:
13766 (JSC::CopiedSpace::borrowBlock):
13767 (JSC::CopiedSpace::allocateFromBlock):
13769 2012-02-24 Michael Saboff <msaboff@apple.com>
13771 Unreviewed, Windows build fix. Changed signature in export to match
13772 change made in r108858.
13774 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
13776 2012-02-24 Filip Pizlo <fpizlo@apple.com>
13778 DFG support for op_new_regexp should be enabled
13779 https://bugs.webkit.org/show_bug.cgi?id=79538
13781 Reviewed by Oliver Hunt.
13783 No performance change.
13785 * dfg/DFGCapabilities.h:
13786 (JSC::DFG::canCompileOpcode):
13789 2012-02-24 Michael Saboff <msaboff@apple.com>
13791 ASSERT(position < 0) in JSC::Yarr::Interpreter::InputStream::readChecked
13792 https://bugs.webkit.org/show_bug.cgi?id=73728
13794 Reviewed by Gavin Barraclough.
13796 Fixed the mixing of signed and unsigned character indeces in YARR
13799 * runtime/RegExp.cpp:
13800 (JSC::RegExp::match): Added code to check for match longer than 2^31 and
13801 return no match after resetting the offsets.
13802 * yarr/YarrInterpreter.cpp: Changed to use unsigned for all character index
13803 handling except when matching back references.
13804 (JSC::Yarr::Interpreter::InputStream::readChecked):
13805 (JSC::Yarr::Interpreter::InputStream::checkInput):
13806 (JSC::Yarr::Interpreter::InputStream::uncheckInput):
13807 (JSC::Yarr::Interpreter::InputStream::atStart):
13808 (JSC::Yarr::Interpreter::InputStream::atEnd):
13809 (JSC::Yarr::Interpreter::InputStream::isAvailableInput):
13810 (JSC::Yarr::Interpreter::checkCharacter):
13811 (JSC::Yarr::Interpreter::checkCasedCharacter):
13812 (JSC::Yarr::Interpreter::checkCharacterClass):
13813 (JSC::Yarr::Interpreter::tryConsumeBackReference):
13814 (JSC::Yarr::Interpreter::matchAssertionBOL):
13815 (JSC::Yarr::Interpreter::matchAssertionWordBoundary):
13816 (JSC::Yarr::Interpreter::backtrackPatternCharacter):
13817 (JSC::Yarr::Interpreter::backtrackPatternCasedCharacter):
13818 (JSC::Yarr::Interpreter::matchCharacterClass):
13819 (JSC::Yarr::Interpreter::backtrackCharacterClass):
13820 (JSC::Yarr::Interpreter::matchParenthesesOnceBegin):
13821 (JSC::Yarr::Interpreter::matchDisjunction):
13822 (JSC::Yarr::Interpreter::interpret):
13823 (JSC::Yarr::ByteCompiler::assertionBOL):
13824 (JSC::Yarr::ByteCompiler::assertionEOL):
13825 (JSC::Yarr::ByteCompiler::assertionWordBoundary):
13826 (JSC::Yarr::ByteCompiler::atomPatternCharacter):
13827 (JSC::Yarr::ByteCompiler::atomCharacterClass):
13828 (JSC::Yarr::ByteCompiler::atomBackReference):
13829 (JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
13830 (JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
13831 (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
13832 (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
13833 (JSC::Yarr::ByteCompiler::emitDisjunction):
13834 * yarr/YarrInterpreter.h:
13836 2012-02-24 Filip Pizlo <fpizlo@apple.com>
13838 Unreviewed, build fix for builds where the DFG is disabled but the LLInt is
13841 * llint/LLIntOfflineAsmConfig.h:
13842 * llint/LowLevelInterpreter.asm:
13844 2012-02-24 Filip Pizlo <fpizlo@apple.com>
13846 DFG should be able to handle variables getting captured
13847 https://bugs.webkit.org/show_bug.cgi?id=79469
13849 Reviewed by Oliver Hunt.
13851 Made captured variables work by placing a Flush on the SetLocal and
13852 forcing the emission of the GetLocal even if copy propagation tells us
13855 Changed the CFA and various prediction codes to understand that we can't
13856 really prove anything about captured variables. Well, we could in the
13857 future by just looking at what side effects are happening, but in this
13858 first cut we just assume that we can't reason about captured variables.
13860 Also added a mode where the DFG pretends that all variables and arguments
13861 got captured. Used this mode to harden the code.
13863 This is performance neutral. Capturing all variables is a slow down, but
13864 not too big of one. This seems to predict that when we add activation
13865 support, the amount of speed benefit we'll get from increased coverage
13866 will far outweigh the pessimism that we'll have to endure for captured
13869 * bytecode/CodeType.h:
13870 (JSC::codeTypeToString):
13871 * dfg/DFGAbstractState.cpp:
13872 (JSC::DFG::AbstractState::initialize):
13873 (JSC::DFG::AbstractState::endBasicBlock):
13874 (JSC::DFG::AbstractState::execute):
13875 (JSC::DFG::AbstractState::merge):
13876 * dfg/DFGAbstractState.h:
13878 * dfg/DFGByteCodeParser.cpp:
13879 (JSC::DFG::ByteCodeParser::getLocal):
13880 (JSC::DFG::ByteCodeParser::setLocal):
13881 (JSC::DFG::ByteCodeParser::getArgument):
13882 (JSC::DFG::ByteCodeParser::setArgument):
13883 (JSC::DFG::ByteCodeParser::flushArgument):
13884 (JSC::DFG::ByteCodeParser::handleInlining):
13885 (JSC::DFG::ByteCodeParser::processPhiStack):
13886 (JSC::DFG::ByteCodeParser::parseCodeBlock):
13887 (JSC::DFG::ByteCodeParser::parse):
13888 * dfg/DFGCapabilities.h:
13889 (JSC::DFG::mightInlineFunctionForCall):
13890 (JSC::DFG::mightInlineFunctionForConstruct):
13893 (JSC::DFG::Graph::needsActivation):
13895 (JSC::DFG::Graph::argumentIsCaptured):
13896 (JSC::DFG::Graph::localIsCaptured):
13897 (JSC::DFG::Graph::isCaptured):
13899 (JSC::DFG::Node::shouldGenerate):
13900 * dfg/DFGPredictionPropagationPhase.cpp:
13901 (JSC::DFG::PredictionPropagationPhase::propagate):
13902 (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
13903 * dfg/DFGSpeculativeJIT.cpp:
13905 (JSC::DFG::ValueSource::dump):
13906 (JSC::DFG::SpeculativeJIT::compile):
13907 * dfg/DFGSpeculativeJIT.h:
13909 * dfg/DFGSpeculativeJIT32_64.cpp:
13910 (JSC::DFG::SpeculativeJIT::compile):
13911 * dfg/DFGSpeculativeJIT64.cpp:
13912 (JSC::DFG::SpeculativeJIT::compile):
13913 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
13914 (JSC::DFG::VirtualRegisterAllocationPhase::run):
13916 2012-02-24 Gavin Barraclough <barraclough@apple.com>
13918 Should not allow malformed \x escapes
13919 https://bugs.webkit.org/show_bug.cgi?id=79462
13921 Reviewed by Oliver Hunt.
13923 * parser/Lexer.cpp:
13924 (JSC::::parseString):
13925 (JSC::::parseStringSlowCase):
13926 - Prohibit malformed '\x' escapes
13927 * tests/mozilla/ecma/Array/15.4.5.1-1.js:
13928 * tests/mozilla/ecma/LexicalConventions/7.7.4.js:
13929 * tests/mozilla/ecma_2/RegExp/hex-001.js:
13930 * tests/mozilla/js1_2/regexp/hexadecimal.js:
13931 - Remove erroneous test cases (correct behaviour is tested by LayoutTests/sputnik).
13933 2012-02-24 Daniel Bates <dbates@webkit.org>
13935 Fix change log entry for changeset r108819; add bug URL
13936 https://bugs.webkit.org/show_bug.cgi?id=79504
13938 Changeset r108819 is associated with bug #79504.
13942 2012-02-24 Daniel Bates <dbates@webkit.org>
13944 Substitute ENABLE(CLASSIC_INTERPRETER) for ENABLE(INTERPRETER) in Interpreter.cpp
13945 https://bugs.webkit.org/show_bug.cgi?id=79504
13947 Reviewed by Oliver Hunt.
13949 There are a few places in Interpreter.cpp that need to be updated to use
13950 ENABLE(CLASSIC_INTERPRETER) following the renaming of ENABLE_INTERPRETER to
13951 ENABLE_CLASSIC_INTERPRETER in changeset <http://trac.webkit.org/changeset/108020>
13952 (https://bugs.webkit.org/show_bug.cgi?id=78791).
13954 * interpreter/Interpreter.cpp:
13955 (JSC::getLineNumberForCallFrame):
13956 (JSC::getCallerInfo):
13957 (JSC::getSourceURLFromCallFrame):
13959 2012-02-24 Adam Roben <aroben@apple.com>
13961 Undo the BUILDING_WTF part of r108808
13963 This broke the build, which is obviously worse than the linker warning it was trying to
13966 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
13968 2012-02-24 Adam Roben <aroben@apple.com>
13970 Fix linker warnings on Windows
13972 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed symbols that are already
13973 exported via JS_EXPORTDATA.
13975 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops: Define BUILDING_WTF. We
13976 aren't actually building WTF, but we are statically linking it, so we need to define this
13977 symbol so that we export WTF's exports.
13979 2012-02-24 Philippe Normand <pnormand@igalia.com>
13981 Fix GTK WebAudio build for WebKitGTK 1.7.90.
13983 Patch by Priit Laes <plaes@plaes.org> on 2012-02-24
13984 Rubber-stamped by Philippe Normand.
13986 * GNUmakefile.list.am: Add Complex.h to the list of files so it
13987 gets disted in the tarballs.
13989 2012-02-24 Zoltan Herczeg <zherczeg@webkit.org>
13991 [Qt] Buildfix for "Zero out CopiedBlocks on initialization".
13992 https://bugs.webkit.org/show_bug.cgi?id=79199
13994 Ruber stamped by Csaba Osztrogonác.
13996 Temporary fix since the new member wastes a little space on
13997 64 bit systems. Although it is harmless, it is only needed
13998 for 32 bit systems.
14000 * heap/CopiedBlock.h:
14003 2012-02-24 Han Hojong <hojong.han@samsung.com>
14005 Remove useless jump instructions for short circuit
14006 https://bugs.webkit.org/show_bug.cgi?id=75602
14008 Reviewed by Michael Saboff.
14010 Jump instruction is inserted to make short circuit,
14011 however it does nothing but moving to the next instruction.
14012 Therefore useless jump instructions are removed,
14013 and jump list is moved into the case not for a short circuit,
14014 so that only necessary instructions are added to JIT code
14015 unless it has a 16 bit pattern character and an 8 bit string.
14017 * yarr/YarrJIT.cpp:
14018 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
14019 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
14021 2012-02-24 Sheriff Bot <webkit.review.bot@gmail.com>
14023 Unreviewed, rolling out r108731.
14024 http://trac.webkit.org/changeset/108731
14025 https://bugs.webkit.org/show_bug.cgi?id=79464
14027 Broke Chromium Win tests (Requested by bashi on #webkit).
14031 2012-02-24 Andrew Lo <anlo@rim.com>
14033 [BlackBerry] Enable requestAnimationFrame
14034 https://bugs.webkit.org/show_bug.cgi?id=79408
14036 Use timer implementation of requestAnimationFrame on BlackBerry.
14038 Reviewed by Rob Buis.
14042 2012-02-24 Mathias Bynens <mathias@qiwi.be>
14044 `\u200c` and `\u200d` should be allowed in IdentifierPart, as per ES5
14045 https://bugs.webkit.org/show_bug.cgi?id=78908
14047 Add additional checks for zero-width non-joiner (0x200C) and
14048 zero-width joiner (0x200D) characters.
14050 Reviewed by Michael Saboff.
14052 * parser/Lexer.cpp:
14053 (JSC::isNonASCIIIdentPart)
14054 * runtime/LiteralParser.cpp:
14055 (JSC::::Lexer::lexIdentifier)
14057 2012-02-23 Kenichi Ishibashi <bashi@chromium.org>
14059 Adding WebSocket per-frame DEFLATE extension
14060 https://bugs.webkit.org/show_bug.cgi?id=77522
14062 Added USE(ZLIB) flag.
14064 Reviewed by Kent Tamura.
14068 2012-02-23 Mark Hahnenberg <mhahnenberg@apple.com>
14070 Zero out CopiedBlocks on initialization
14071 https://bugs.webkit.org/show_bug.cgi?id=79199
14073 Reviewed by Filip Pizlo.
14075 Made CopyBlocks zero their payloads during construction. This allows
14076 JSArray to avoid having to manually clear its backing store upon allocation
14077 and also alleviates any future pain with regard to the garbage collector trying
14078 to mark what it thinks are values in what is actually uninitialized memory.
14080 * heap/CopiedBlock.h:
14081 (JSC::CopiedBlock::CopiedBlock):
14082 * runtime/JSArray.cpp:
14083 (JSC::JSArray::finishCreation):
14084 (JSC::JSArray::tryFinishCreationUninitialized):
14085 (JSC::JSArray::increaseVectorLength):
14086 (JSC::JSArray::unshiftCountSlowCase):
14088 2012-02-23 Oliver Hunt <oliver@apple.com>
14090 Make Interpreter::getStackTrace be able to generate the line number for the top callframe if none is provided
14091 https://bugs.webkit.org/show_bug.cgi?id=79407
14093 Reviewed by Gavin Barraclough.
14095 Outside of exception handling, we don't know what our source line number is. This
14096 change allows us to pass -1 is as the initial line number, and get the correct line
14097 number in the resultant stack trace. We can't completely elide the initial line
14098 number (yet) due to some idiosyncrasies of the exception handling machinery.
14100 * interpreter/Interpreter.cpp:
14101 (JSC::getLineNumberForCallFrame):
14103 (JSC::Interpreter::getStackTrace):
14105 2012-02-22 Filip Pizlo <fpizlo@apple.com>
14107 DFG OSR exit value profiling should have graceful handling of local variables and arguments
14108 https://bugs.webkit.org/show_bug.cgi?id=79310
14110 Reviewed by Gavin Barraclough.
14112 Previously, if we OSR exited because a prediction in a local was wrong, we'd
14113 only realize what the true type of the local was if the regular value profiling
14114 kicked in and told us. Unless the local was block-locally copy propagated, in
14115 which case we'd know from an OSR exit profile.
14117 This patch adds OSR exit profiling to all locals and arguments. Now, if we OSR
14118 exit because of a mispredicted local or argument type, we'll know what the type of
14119 the local or argument should be immediately upon exiting.
14121 The way that local variable OSR exit profiling works is that we now have a lazily
14122 added set of OSR-exit-only value profiles for exit sites that are BadType and that
14123 cited a GetLocal as their value source. The value profiles are only added if the
14124 OSR exit is taken, and are keyed by CodeBlock, bytecode index of the GetLocal, and
14125 operand. The look-up is performed by querying the
14126 CompressedLazyOperandValueProfileHolder in the CodeBlock, using a key that contains
14127 the bytecode index and the operand. Because the value profiles are added at random
14128 times, they are not sorted; instead they are just stored in an arbitrarily-ordered
14129 SegmentedVector. Look-ups are made fast by "decompressing": the DFG::ByteCodeParser
14130 creates a LazyOperandValueProfileParser, which turns the
14131 CompressedLazyOperandValueProfileHolder's contents into a HashMap for the duration
14134 Previously, OSR exits had a pointer to the ValueProfile that had the specFailBucket
14135 into which values observed during OSR exit would be placed. Now it uses a lazy
14136 thunk for a ValueProfile. I call this the MethodOfGettingAValueProfile. It may
14137 either contain a ValueProfile inside it (which works for previous uses of OSR exit
14138 profiling) or it may just have knowledge of how to go about creating the
14139 LazyOperandValueProfile in the case that the OSR exit is actually taken. This
14140 ensures that we never have to create NumOperands*NumBytecodeIndices*NumCodeBlocks
14141 value profiling buckets unless we actually did OSR exit on every single operand,
14142 in every single instruction, in each code block (that's probably unlikely).
14144 This appears to be neutral on the major benchmarks, but is a double-digit speed-up
14145 on code deliberately written to have data flow that spans basic blocks and where
14146 the code exhibits post-optimization polymorphism in a local variable.
14149 * GNUmakefile.list.am:
14150 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
14151 * JavaScriptCore.xcodeproj/project.pbxproj:
14153 * bytecode/CodeBlock.cpp:
14154 (JSC::CodeBlock::stronglyVisitStrongReferences):
14155 * bytecode/CodeBlock.h:
14157 (JSC::CodeBlock::lazyOperandValueProfiles):
14158 * bytecode/LazyOperandValueProfile.cpp: Added.
14160 (JSC::CompressedLazyOperandValueProfileHolder::CompressedLazyOperandValueProfileHolder):
14161 (JSC::CompressedLazyOperandValueProfileHolder::~CompressedLazyOperandValueProfileHolder):
14162 (JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
14163 (JSC::CompressedLazyOperandValueProfileHolder::add):
14164 (JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
14165 (JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
14166 (JSC::LazyOperandValueProfileParser::getIfPresent):
14167 (JSC::LazyOperandValueProfileParser::prediction):
14168 * bytecode/LazyOperandValueProfile.h: Added.
14170 (LazyOperandValueProfileKey):
14171 (JSC::LazyOperandValueProfileKey::LazyOperandValueProfileKey):
14172 (JSC::LazyOperandValueProfileKey::operator!):
14173 (JSC::LazyOperandValueProfileKey::operator==):
14174 (JSC::LazyOperandValueProfileKey::hash):
14175 (JSC::LazyOperandValueProfileKey::bytecodeOffset):
14176 (JSC::LazyOperandValueProfileKey::operand):
14177 (JSC::LazyOperandValueProfileKey::isHashTableDeletedValue):
14178 (JSC::LazyOperandValueProfileKeyHash::hash):
14179 (JSC::LazyOperandValueProfileKeyHash::equal):
14180 (LazyOperandValueProfileKeyHash):
14182 (JSC::LazyOperandValueProfile::LazyOperandValueProfile):
14183 (LazyOperandValueProfile):
14184 (JSC::LazyOperandValueProfile::key):
14185 (CompressedLazyOperandValueProfileHolder):
14186 (LazyOperandValueProfileParser):
14187 * bytecode/MethodOfGettingAValueProfile.cpp: Added.
14189 (JSC::MethodOfGettingAValueProfile::fromLazyOperand):
14190 (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
14191 * bytecode/MethodOfGettingAValueProfile.h: Added.
14193 (MethodOfGettingAValueProfile):
14194 (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):
14195 (JSC::MethodOfGettingAValueProfile::operator!):
14196 * bytecode/ValueProfile.cpp: Removed.
14197 * bytecode/ValueProfile.h:
14199 (ValueProfileBase):
14200 (JSC::ValueProfileBase::ValueProfileBase):
14201 (JSC::ValueProfileBase::dump):
14202 (JSC::ValueProfileBase::computeUpdatedPrediction):
14203 (JSC::MinimalValueProfile::MinimalValueProfile):
14204 (ValueProfileWithLogNumberOfBuckets):
14205 (JSC::ValueProfileWithLogNumberOfBuckets::ValueProfileWithLogNumberOfBuckets):
14206 (JSC::ValueProfile::ValueProfile):
14207 (JSC::getValueProfileBytecodeOffset):
14208 (JSC::getRareCaseProfileBytecodeOffset):
14209 * dfg/DFGByteCodeParser.cpp:
14211 (JSC::DFG::ByteCodeParser::injectLazyOperandPrediction):
14212 (JSC::DFG::ByteCodeParser::getLocal):
14213 (JSC::DFG::ByteCodeParser::getArgument):
14214 (InlineStackEntry):
14215 (JSC::DFG::ByteCodeParser::fixVariableAccessPredictions):
14217 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
14218 (JSC::DFG::ByteCodeParser::parse):
14219 * dfg/DFGDriver.cpp:
14220 (JSC::DFG::compile):
14222 (JSC::DFG::Graph::valueProfileFor):
14223 (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
14227 * dfg/DFGOSRExit.cpp:
14228 (JSC::DFG::OSRExit::OSRExit):
14229 * dfg/DFGOSRExit.h:
14231 * dfg/DFGOSRExitCompiler32_64.cpp:
14232 (JSC::DFG::OSRExitCompiler::compileExit):
14233 * dfg/DFGOSRExitCompiler64.cpp:
14234 (JSC::DFG::OSRExitCompiler::compileExit):
14235 * dfg/DFGPhase.cpp:
14236 (JSC::DFG::Phase::beginPhase):
14237 (JSC::DFG::Phase::endPhase):
14238 * dfg/DFGSpeculativeJIT.cpp:
14239 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
14240 * dfg/DFGSpeculativeJIT.h:
14241 (JSC::DFG::SpeculativeJIT::speculationCheck):
14242 * dfg/DFGVariableAccessData.h:
14243 (JSC::DFG::VariableAccessData::nonUnifiedPrediction):
14244 (VariableAccessData):
14246 2012-02-23 Filip Pizlo <fpizlo@apple.com>
14250 * llint/LLIntOffsetsExtractor.cpp:
14252 2012-02-23 Kevin Ollivier <kevino@theolliviers.com>
14254 [wx] Build fix, disable LLINT for now and fix ENABLE defines for it.
14256 * llint/LLIntOffsetsExtractor.cpp:
14259 2012-02-23 Kevin Ollivier <kevino@theolliviers.com>
14261 [wx] Build fix for non-Mac wx builds.
14263 * runtime/DatePrototype.cpp:
14265 2012-02-22 Filip Pizlo <fpizlo@apple.com>
14267 DFG's logic for emitting a Flush is too convoluted and contains an inaccurate comment
14268 https://bugs.webkit.org/show_bug.cgi?id=79334
14270 Reviewed by Oliver Hunt.
14272 * dfg/DFGByteCodeParser.cpp:
14273 (JSC::DFG::ByteCodeParser::getLocal):
14274 (JSC::DFG::ByteCodeParser::getArgument):
14275 (JSC::DFG::ByteCodeParser::flush):
14277 2012-02-23 Gavin Barraclough <barraclough@apple.com>
14279 Object.isSealed / Object.isFrozen don't work for native objects
14280 https://bugs.webkit.org/show_bug.cgi?id=79331
14282 Reviewed by Sam Weinig.
14284 Need to inspect all properties, including static ones.
14285 This exposes a couple of bugs in Array & Arguments:
14286 - getOwnPropertyDescriptor doesn't correctly report the writable attribute of array length.
14287 - Arguments object's defineOwnProperty does not handle callee/caller/length correctly.
14289 * runtime/Arguments.cpp:
14290 (JSC::Arguments::defineOwnProperty):
14291 - Add handling for callee/caller/length.
14292 * runtime/JSArray.cpp:
14293 (JSC::JSArray::getOwnPropertyDescriptor):
14294 - report length's writability correctly.
14295 * runtime/ObjectConstructor.cpp:
14296 (JSC::objectConstructorSeal):
14297 (JSC::objectConstructorFreeze):
14298 (JSC::objectConstructorIsSealed):
14299 (JSC::objectConstructorIsFrozen):
14300 - Add spec-based implementation for non-final objects.
14302 2012-02-23 Gavin Barraclough <barraclough@apple.com>
14304 pop of array hole should get from the prototype chain
14305 https://bugs.webkit.org/show_bug.cgi?id=79338
14307 Reviewed by Sam Weinig.
14309 * runtime/JSArray.cpp:
14310 (JSC::JSArray::pop):
14311 - If the fast fast vector case fails, more closely follow the spec.
14313 2012-02-23 Yong Li <yoli@rim.com>
14315 JSString::outOfMemory() should ASSERT(isRope()) rather than !isRope()
14316 https://bugs.webkit.org/show_bug.cgi?id=79268
14318 Reviewed by Michael Saboff.
14320 resolveRope() is the only caller of outOfMemory(), and it calls outOfMemory()
14321 after it fails to allocate a buffer for m_value. So outOfMemory() should assert
14322 isRope() rather than !isRope().
14324 * runtime/JSString.cpp:
14325 (JSC::JSString::outOfMemory):
14327 2012-02-23 Patrick Gansterer <paroga@webkit.org>
14329 [CMake] Add WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS macro
14330 https://bugs.webkit.org/show_bug.cgi?id=79371
14332 Reviewed by Daniel Bates.
14335 * shell/CMakeLists.txt:
14336 * wtf/CMakeLists.txt:
14338 2012-02-23 Aron Rosenberg <arosenberg@logitech.com>
14340 Fix the PRI macros used in WTF::String formatters to be compatible with Qt and Visual Studio 2005 and newer.
14341 https://bugs.webkit.org/show_bug.cgi?id=76210
14343 Add compile time check for Visual Studio 2005 or newer.
14345 Reviewed by Simon Hausmann.
14347 * os-win32/inttypes.h:
14349 2012-02-22 Gavin Barraclough <barraclough@apple.com>
14351 Implement [[DefineOwnProperty]] for the arguments object
14352 https://bugs.webkit.org/show_bug.cgi?id=79309
14354 Reviewed by Sam Weinig.
14356 * runtime/Arguments.cpp:
14357 (JSC::Arguments::deletePropertyByIndex):
14358 (JSC::Arguments::deleteProperty):
14359 - Deleting an argument should also delete the copy on the object, if any.
14360 (JSC::Arguments::defineOwnProperty):
14361 - Defining a property may override the live mapping.
14362 * runtime/Arguments.h:
14365 2012-02-22 Gavin Barraclough <barraclough@apple.com>
14367 Fix Object.freeze for non-final objects.
14368 https://bugs.webkit.org/show_bug.cgi?id=79286
14370 Reviewed by Oliver Hunt.
14372 For vanilla objects we implement this with a single transition, for objects
14373 with special properties we should just follow the spec defined algorithm.
14375 * runtime/JSArray.cpp:
14376 (JSC::SparseArrayValueMap::put):
14377 - this does need to handle inextensible objects.
14378 * runtime/ObjectConstructor.cpp:
14379 (JSC::objectConstructorSeal):
14380 (JSC::objectConstructorFreeze):
14381 - Implement spec defined algorithm for non-final objects.
14382 * runtime/Structure.cpp:
14383 (JSC::Structure::Structure):
14384 (JSC::Structure::freezeTransition):
14385 - freeze should set m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
14386 * runtime/Structure.h:
14387 (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
14388 (JSC::Structure::setHasGetterSetterProperties):
14389 (JSC::Structure::setContainsReadOnlyProperties):
14391 - renamed m_hasReadOnlyOrGetterSetterPropertiesExcludingProto.
14393 2012-02-22 Mark Hahnenberg <mhahnenberg@apple.com>
14395 Allocations from CopiedBlocks should always be 8-byte aligned
14396 https://bugs.webkit.org/show_bug.cgi?id=79271
14398 Reviewed by Geoffrey Garen.
14400 * heap/CopiedAllocator.h:
14401 (JSC::CopiedAllocator::allocate):
14402 * heap/CopiedBlock.h: Changed to add padding so that the start of the payload is always
14403 guaranteed to be 8 byte aligned on both 64- and 32-bit platforms.
14405 * heap/CopiedSpace.cpp: Changed all assertions of isPointerAligned to is8ByteAligned.
14406 (JSC::CopiedSpace::tryAllocateOversize):
14407 (JSC::CopiedSpace::getFreshBlock):
14408 * heap/CopiedSpaceInlineMethods.h:
14409 (JSC::CopiedSpace::allocateFromBlock):
14410 * runtime/JSArray.h:
14411 (ArrayStorage): Added padding for ArrayStorage to make sure that it is always 8 byte
14412 aligned on both 64- and 32-bit platforms.
14413 * wtf/StdLibExtras.h:
14414 (WTF::is8ByteAligned): Added new utility function that functions similarly to the
14415 way isPointerAligned does, but it just always checks for 8 byte alignment.
14418 2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
14420 Unreviewed, rolling out r108456.
14421 http://trac.webkit.org/changeset/108456
14422 https://bugs.webkit.org/show_bug.cgi?id=79223
14424 Broke fast/regex/pcre-test-4.html and cannot find anyone on
14425 IRC (Requested by zherczeg on #webkit).
14427 * yarr/YarrJIT.cpp:
14428 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
14430 2012-02-22 Sheriff Bot <webkit.review.bot@gmail.com>
14432 Unreviewed, rolling out r108468.
14433 http://trac.webkit.org/changeset/108468
14434 https://bugs.webkit.org/show_bug.cgi?id=79219
14436 Broke Chromium Win release build (Requested by bashi on
14441 2012-02-22 Kenichi Ishibashi <bashi@chromium.org>
14443 Adding WebSocket per-frame DEFLATE extension
14444 https://bugs.webkit.org/show_bug.cgi?id=77522
14446 Added USE(ZLIB) flag.
14448 Reviewed by Kent Tamura.
14452 2012-02-22 Hojong Han <hojong.han@samsung.com>
14454 Short circuit fixed for a 16 bt pattern character and an 8 bit string.
14455 https://bugs.webkit.org/show_bug.cgi?id=75602
14457 Reviewed by Gavin Barraclough.
14459 * yarr/YarrJIT.cpp:
14460 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
14462 2012-02-21 Filip Pizlo <fpizlo@apple.com>
14464 Build fix for systems with case sensitive disks.
14466 * llint/LLIntOfflineAsmConfig.h:
14468 2012-02-21 Filip Pizlo <fpizlo@apple.com>
14470 JSC should be a triple-tier VM
14471 https://bugs.webkit.org/show_bug.cgi?id=75812
14472 <rdar://problem/10079694>
14474 Reviewed by Gavin Barraclough.
14476 Implemented an interpreter that uses the JIT's calling convention. This
14477 interpreter is called LLInt, or the Low Level Interpreter. JSC will now
14478 will start by executing code in LLInt and will only tier up to the old
14479 JIT after the code is proven hot.
14481 LLInt is written in a modified form of our macro assembly. This new macro
14482 assembly is compiled by an offline assembler (see offlineasm), which
14483 implements many modern conveniences such as a Turing-complete CPS-based
14484 macro language and direct access to relevant C++ type information
14485 (basically offsets of fields and sizes of structs/classes).
14487 Code executing in LLInt appears to the rest of the JSC world "as if" it
14488 were executing in the old JIT. Hence, things like exception handling and
14489 cross-execution-engine calls just work and require pretty much no
14490 additional overhead.
14492 This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
14493 V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
14494 V8, and Kraken, but appear to get a double-digit improvement on real-world
14495 websites due to a huge reduction in the amount of JIT'ing.
14499 * GNUmakefile.list.am:
14500 * JavaScriptCore.pri:
14501 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
14502 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
14503 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
14504 * JavaScriptCore.xcodeproj/project.pbxproj:
14506 * assembler/LinkBuffer.h:
14507 * assembler/MacroAssemblerCodeRef.h:
14508 (MacroAssemblerCodePtr):
14509 (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
14510 * bytecode/BytecodeConventions.h: Added.
14511 * bytecode/CallLinkStatus.cpp:
14512 (JSC::CallLinkStatus::computeFromLLInt):
14514 (JSC::CallLinkStatus::computeFor):
14515 * bytecode/CallLinkStatus.h:
14516 (JSC::CallLinkStatus::isSet):
14517 (JSC::CallLinkStatus::operator!):
14519 * bytecode/CodeBlock.cpp:
14520 (JSC::CodeBlock::dump):
14521 (JSC::CodeBlock::CodeBlock):
14522 (JSC::CodeBlock::~CodeBlock):
14523 (JSC::CodeBlock::finalizeUnconditionally):
14524 (JSC::CodeBlock::stronglyVisitStrongReferences):
14526 (JSC::CodeBlock::unlinkCalls):
14527 (JSC::CodeBlock::unlinkIncomingCalls):
14528 (JSC::CodeBlock::bytecodeOffset):
14529 (JSC::ProgramCodeBlock::jettison):
14530 (JSC::EvalCodeBlock::jettison):
14531 (JSC::FunctionCodeBlock::jettison):
14532 (JSC::ProgramCodeBlock::jitCompileImpl):
14533 (JSC::EvalCodeBlock::jitCompileImpl):
14534 (JSC::FunctionCodeBlock::jitCompileImpl):
14535 * bytecode/CodeBlock.h:
14538 (JSC::CodeBlock::baselineVersion):
14539 (JSC::CodeBlock::linkIncomingCall):
14540 (JSC::CodeBlock::bytecodeOffset):
14541 (JSC::CodeBlock::jitCompile):
14542 (JSC::CodeBlock::hasOptimizedReplacement):
14543 (JSC::CodeBlock::addPropertyAccessInstruction):
14544 (JSC::CodeBlock::addGlobalResolveInstruction):
14545 (JSC::CodeBlock::addLLIntCallLinkInfo):
14546 (JSC::CodeBlock::addGlobalResolveInfo):
14547 (JSC::CodeBlock::numberOfMethodCallLinkInfos):
14548 (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
14549 (JSC::CodeBlock::likelyToTakeSlowCase):
14550 (JSC::CodeBlock::couldTakeSlowCase):
14551 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
14552 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
14553 (JSC::CodeBlock::likelyToTakeAnySlowCase):
14554 (JSC::CodeBlock::addFrequentExitSite):
14555 (JSC::CodeBlock::dontJITAnytimeSoon):
14556 (JSC::CodeBlock::jitAfterWarmUp):
14557 (JSC::CodeBlock::jitSoon):
14558 (JSC::CodeBlock::llintExecuteCounter):
14559 (ProgramCodeBlock):
14561 (FunctionCodeBlock):
14562 * bytecode/GetByIdStatus.cpp:
14563 (JSC::GetByIdStatus::computeFromLLInt):
14565 (JSC::GetByIdStatus::computeFor):
14566 * bytecode/GetByIdStatus.h:
14567 (JSC::GetByIdStatus::GetByIdStatus):
14568 (JSC::GetByIdStatus::wasSeenInJIT):
14570 * bytecode/Instruction.h:
14572 (JSC::Instruction::Instruction):
14574 * bytecode/LLIntCallLinkInfo.h: Added.
14576 (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
14577 (LLIntCallLinkInfo):
14578 (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
14579 (JSC::LLIntCallLinkInfo::isLinked):
14580 (JSC::LLIntCallLinkInfo::unlink):
14581 * bytecode/MethodCallLinkStatus.cpp:
14582 (JSC::MethodCallLinkStatus::computeFor):
14583 * bytecode/Opcode.cpp:
14585 * bytecode/Opcode.h:
14587 (JSC::padOpcodeName):
14588 * bytecode/PutByIdStatus.cpp:
14589 (JSC::PutByIdStatus::computeFromLLInt):
14591 (JSC::PutByIdStatus::computeFor):
14592 * bytecode/PutByIdStatus.h:
14594 * bytecompiler/BytecodeGenerator.cpp:
14595 (JSC::BytecodeGenerator::emitResolve):
14596 (JSC::BytecodeGenerator::emitResolveWithBase):
14597 (JSC::BytecodeGenerator::emitGetById):
14598 (JSC::BytecodeGenerator::emitPutById):
14599 (JSC::BytecodeGenerator::emitDirectPutById):
14600 (JSC::BytecodeGenerator::emitCall):
14601 (JSC::BytecodeGenerator::emitConstruct):
14602 (JSC::BytecodeGenerator::emitCatch):
14603 * dfg/DFGByteCodeParser.cpp:
14604 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
14605 (JSC::DFG::ByteCodeParser::handleInlining):
14606 (JSC::DFG::ByteCodeParser::parseBlock):
14607 * dfg/DFGCapabilities.h:
14608 (JSC::DFG::canCompileOpcode):
14609 * dfg/DFGOSRExitCompiler.cpp:
14610 * dfg/DFGOperations.cpp:
14613 (JSC::Heap::firstAllocatorWithoutDestructors):
14615 * heap/MarkStack.cpp:
14616 (JSC::visitChildren):
14617 * heap/MarkedAllocator.h:
14620 * heap/MarkedSpace.h:
14623 (JSC::MarkedSpace::firstAllocator):
14624 * interpreter/CallFrame.cpp:
14626 (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
14627 (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
14628 (JSC::CallFrame::currentVPC):
14629 (JSC::CallFrame::setCurrentVPC):
14630 (JSC::CallFrame::trueCallerFrame):
14631 * interpreter/CallFrame.h:
14632 (JSC::ExecState::hasReturnPC):
14633 (JSC::ExecState::clearReturnPC):
14635 (JSC::ExecState::bytecodeOffsetForNonDFGCode):
14636 (JSC::ExecState::currentVPC):
14637 (JSC::ExecState::setCurrentVPC):
14638 * interpreter/Interpreter.cpp:
14639 (JSC::Interpreter::Interpreter):
14640 (JSC::Interpreter::~Interpreter):
14642 (JSC::Interpreter::initialize):
14643 (JSC::Interpreter::isOpcode):
14644 (JSC::Interpreter::unwindCallFrame):
14645 (JSC::getCallerInfo):
14646 (JSC::Interpreter::privateExecute):
14647 (JSC::Interpreter::retrieveLastCaller):
14648 * interpreter/Interpreter.h:
14651 (JSC::Interpreter::getOpcode):
14652 (JSC::Interpreter::getOpcodeID):
14653 (JSC::Interpreter::classicEnabled):
14654 * interpreter/RegisterFile.h:
14657 * jit/ExecutableAllocator.h:
14659 * jit/HostCallReturnValue.cpp: Added.
14661 (JSC::getHostCallReturnValueWithExecState):
14662 * jit/HostCallReturnValue.h: Added.
14664 (JSC::initializeHostCallReturnValue):
14666 (JSC::JIT::privateCompileMainPass):
14667 (JSC::JIT::privateCompileSlowCases):
14668 (JSC::JIT::privateCompile):
14670 (JSC::JITCode::isOptimizingJIT):
14672 (JSC::JITCode::isBaselineCode):
14673 (JSC::JITCode::JITCode):
14675 (JSC::jitCompileIfAppropriate):
14676 (JSC::jitCompileFunctionIfAppropriate):
14677 * jit/JITExceptions.cpp:
14679 * jit/JITInlineMethods.h:
14680 (JSC::JIT::updateTopCallFrame):
14681 * jit/JITStubs.cpp:
14682 (JSC::DEFINE_STUB_FUNCTION):
14686 * jit/JSInterfaceJIT.h:
14688 * llint/LLIntCommon.h: Added.
14689 * llint/LLIntData.cpp: Added.
14691 (JSC::LLInt::Data::Data):
14692 (JSC::LLInt::Data::performAssertions):
14693 (JSC::LLInt::Data::~Data):
14694 * llint/LLIntData.h: Added.
14698 (JSC::LLInt::Data::exceptionInstructions):
14699 (JSC::LLInt::Data::opcodeMap):
14700 (JSC::LLInt::Data::performAssertions):
14701 * llint/LLIntEntrypoints.cpp: Added.
14703 (JSC::LLInt::getFunctionEntrypoint):
14704 (JSC::LLInt::getEvalEntrypoint):
14705 (JSC::LLInt::getProgramEntrypoint):
14706 * llint/LLIntEntrypoints.h: Added.
14709 (JSC::LLInt::getEntrypoint):
14710 * llint/LLIntExceptions.cpp: Added.
14712 (JSC::LLInt::interpreterThrowInCaller):
14713 (JSC::LLInt::returnToThrowForThrownException):
14714 (JSC::LLInt::returnToThrow):
14715 (JSC::LLInt::callToThrow):
14716 * llint/LLIntExceptions.h: Added.
14719 * llint/LLIntOfflineAsmConfig.h: Added.
14720 * llint/LLIntOffsetsExtractor.cpp: Added.
14722 (LLIntOffsetsExtractor):
14723 (JSC::LLIntOffsetsExtractor::dummy):
14725 * llint/LLIntSlowPaths.cpp: Added.
14727 (JSC::LLInt::llint_trace_operand):
14728 (JSC::LLInt::llint_trace_value):
14729 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
14730 (JSC::LLInt::traceFunctionPrologue):
14731 (JSC::LLInt::shouldJIT):
14732 (JSC::LLInt::entryOSR):
14733 (JSC::LLInt::resolveGlobal):
14734 (JSC::LLInt::getByVal):
14735 (JSC::LLInt::handleHostCall):
14736 (JSC::LLInt::setUpCall):
14737 (JSC::LLInt::genericCall):
14738 * llint/LLIntSlowPaths.h: Added.
14741 * llint/LLIntThunks.cpp: Added.
14743 (JSC::LLInt::generateThunkWithJumpTo):
14744 (JSC::LLInt::functionForCallEntryThunkGenerator):
14745 (JSC::LLInt::functionForConstructEntryThunkGenerator):
14746 (JSC::LLInt::functionForCallArityCheckThunkGenerator):
14747 (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
14748 (JSC::LLInt::evalEntryThunkGenerator):
14749 (JSC::LLInt::programEntryThunkGenerator):
14750 * llint/LLIntThunks.h: Added.
14753 * llint/LowLevelInterpreter.asm: Added.
14754 * llint/LowLevelInterpreter.cpp: Added.
14755 * llint/LowLevelInterpreter.h: Added.
14756 * offlineasm: Added.
14757 * offlineasm/armv7.rb: Added.
14758 * offlineasm/asm.rb: Added.
14759 * offlineasm/ast.rb: Added.
14760 * offlineasm/backends.rb: Added.
14761 * offlineasm/generate_offset_extractor.rb: Added.
14762 * offlineasm/instructions.rb: Added.
14763 * offlineasm/offset_extractor_constants.rb: Added.
14764 * offlineasm/offsets.rb: Added.
14765 * offlineasm/opt.rb: Added.
14766 * offlineasm/parser.rb: Added.
14767 * offlineasm/registers.rb: Added.
14768 * offlineasm/self_hash.rb: Added.
14769 * offlineasm/settings.rb: Added.
14770 * offlineasm/transform.rb: Added.
14771 * offlineasm/x86.rb: Added.
14772 * runtime/CodeSpecializationKind.h: Added.
14774 * runtime/CommonSlowPaths.h:
14775 (JSC::CommonSlowPaths::arityCheckFor):
14777 * runtime/Executable.cpp:
14778 (JSC::jettisonCodeBlock):
14780 (JSC::EvalExecutable::jitCompile):
14781 (JSC::samplingDescription):
14782 (JSC::EvalExecutable::compileInternal):
14783 (JSC::ProgramExecutable::jitCompile):
14784 (JSC::ProgramExecutable::compileInternal):
14785 (JSC::FunctionExecutable::baselineCodeBlockFor):
14786 (JSC::FunctionExecutable::jitCompileForCall):
14787 (JSC::FunctionExecutable::jitCompileForConstruct):
14788 (JSC::FunctionExecutable::compileForCallInternal):
14789 (JSC::FunctionExecutable::compileForConstructInternal):
14790 * runtime/Executable.h:
14793 (ProgramExecutable):
14794 (FunctionExecutable):
14795 (JSC::FunctionExecutable::jitCompileFor):
14796 * runtime/ExecutionHarness.h: Added.
14798 (JSC::prepareForExecution):
14799 (JSC::prepareFunctionForExecution):
14800 * runtime/JSArray.h:
14803 * runtime/JSCell.h:
14806 * runtime/JSFunction.h:
14809 * runtime/JSGlobalData.cpp:
14810 (JSC::JSGlobalData::JSGlobalData):
14811 * runtime/JSGlobalData.h:
14814 * runtime/JSGlobalObject.h:
14817 * runtime/JSObject.h:
14821 * runtime/JSPropertyNameIterator.h:
14823 (JSPropertyNameIterator):
14824 * runtime/JSString.h:
14827 * runtime/JSTypeInfo.h:
14830 * runtime/JSValue.cpp:
14831 (JSC::JSValue::description):
14832 * runtime/JSValue.h:
14835 * runtime/JSVariableObject.h:
14837 (JSVariableObject):
14838 * runtime/Options.cpp:
14840 (JSC::Options::initializeOptions):
14841 * runtime/Options.h:
14843 * runtime/ScopeChain.h:
14846 * runtime/Structure.cpp:
14847 (JSC::Structure::addPropertyTransition):
14848 * runtime/Structure.h:
14851 * runtime/StructureChain.h:
14856 * wtf/SentinelLinkedList.h:
14857 (SentinelLinkedList):
14858 (WTF::SentinelLinkedList::isEmpty):
14859 * wtf/text/StringImpl.h:
14863 2012-02-21 Oliver Hunt <oliver@apple.com>
14865 Unbreak double-typed arrays on ARMv7
14866 https://bugs.webkit.org/show_bug.cgi?id=79177
14868 Reviewed by Gavin Barraclough.
14870 The existing code had completely broken address arithmetic.
14872 * JSCTypedArrayStubs.h:
14874 * assembler/MacroAssemblerARMv7.h:
14875 (JSC::MacroAssemblerARMv7::storeDouble):
14876 (JSC::MacroAssemblerARMv7::storeFloat):
14878 2012-02-21 Gavin Barraclough <barraclough@apple.com>
14880 Should be able to reconfigure a non-configurable property as read-only
14881 https://bugs.webkit.org/show_bug.cgi?id=79170
14883 Reviewed by Sam Weinig.
14885 See ES5.1 8.12.9 10.a.i - the spec prohibits making a read-only property writable,
14886 but does not inhibit making a writable property read-only.
14888 * runtime/JSGlobalData.cpp:
14889 (JSC::JSGlobalData::JSGlobalData):
14890 * runtime/JSGlobalData.h:
14891 (JSC::JSGlobalData::setInDefineOwnProperty):
14893 (JSC::JSGlobalData::isInDefineOwnProperty):
14894 - Added flag, tracking whether we are in JSObject::defineOwnProperty.
14895 * runtime/JSObject.cpp:
14896 (JSC::JSObject::deleteProperty):
14897 (DefineOwnPropertyScope):
14898 - Always allow properties to be deleted by DefineOwnProperty - assume it knows what it is doing!
14899 (JSC::DefineOwnPropertyScope::DefineOwnPropertyScope):
14900 (JSC::DefineOwnPropertyScope::~DefineOwnPropertyScope):
14901 - Added RAII helper.
14902 (JSC::JSObject::defineOwnProperty):
14903 - Track on the globalData when we are in this method.
14905 2012-02-21 Oliver Hunt <oliver@apple.com>
14907 Make TypedArrays be available in commandline jsc
14908 https://bugs.webkit.org/show_bug.cgi?id=79163
14910 Reviewed by Gavin Barraclough.
14912 Adds a compile time option to have jsc support a basic implementation
14913 of the TypedArrays available in WebCore. This lets us test the typed
14914 array logic in the JIT witout having to build webcore.
14916 * JSCTypedArrayStubs.h: Added.
14918 * JavaScriptCore.xcodeproj/project.pbxproj:
14920 (GlobalObject::finishCreation):
14922 (GlobalObject::addConstructableFunction):
14923 * runtime/JSGlobalData.h:
14926 2012-02-21 Tom Sepez <tsepez@chromium.org>
14928 equalIgnoringNullity() only comparing half the bytes for equality
14929 https://bugs.webkit.org/show_bug.cgi?id=79135
14931 Reviewed by Adam Barth.
14933 * wtf/text/StringImpl.h:
14934 (WTF::equalIgnoringNullity):
14936 2012-02-21 Roland Takacs <takacs.roland@stud.u-szeged.hu>
14938 Unnecessary preprocessor macros in MainThread.h/cpp
14939 https://bugs.webkit.org/show_bug.cgi?id=79083
14941 Removed invalid/wrong PLATFORM(WINDOWS) preprocessor macro.
14943 * wtf/MainThread.cpp:
14945 * wtf/MainThread.h:
14948 2012-02-21 Sam Weinig <sam@webkit.org>
14950 Attempt to fix the Snow Leopard build.
14952 * Configurations/Base.xcconfig:
14954 2012-02-21 Sam Weinig <sam@webkit.org>
14956 Use libc++ when building with Clang on Mac
14957 https://bugs.webkit.org/show_bug.cgi?id=78981
14959 Reviewed by Dan Bernstein.
14961 * Configurations/Base.xcconfig:
14963 2012-02-21 Adam Roben <aroben@apple.com>
14965 Roll out r108309, r108323, and r108326
14967 They broke the 32-bit Lion build.
14969 Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
14973 * GNUmakefile.list.am:
14974 * JavaScriptCore.pri:
14975 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
14976 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
14977 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
14978 * JavaScriptCore.xcodeproj/project.pbxproj:
14980 * assembler/LinkBuffer.h:
14981 * assembler/MacroAssemblerCodeRef.h:
14982 * bytecode/BytecodeConventions.h: Removed.
14983 * bytecode/CallLinkStatus.cpp:
14984 * bytecode/CallLinkStatus.h:
14985 * bytecode/CodeBlock.cpp:
14986 * bytecode/CodeBlock.h:
14987 * bytecode/GetByIdStatus.cpp:
14988 * bytecode/GetByIdStatus.h:
14989 * bytecode/Instruction.h:
14990 * bytecode/LLIntCallLinkInfo.h: Removed.
14991 * bytecode/MethodCallLinkStatus.cpp:
14992 * bytecode/Opcode.cpp:
14993 * bytecode/Opcode.h:
14994 * bytecode/PutByIdStatus.cpp:
14995 * bytecode/PutByIdStatus.h:
14996 * bytecompiler/BytecodeGenerator.cpp:
14997 * dfg/DFGByteCodeParser.cpp:
14998 * dfg/DFGCapabilities.h:
14999 * dfg/DFGOSRExitCompiler.cpp:
15000 * dfg/DFGOperations.cpp:
15002 * heap/MarkStack.cpp:
15003 * heap/MarkedAllocator.h:
15004 * heap/MarkedSpace.h:
15005 * interpreter/CallFrame.cpp:
15006 * interpreter/CallFrame.h:
15007 * interpreter/Interpreter.cpp:
15008 * interpreter/Interpreter.h:
15009 * interpreter/RegisterFile.h:
15010 * jit/ExecutableAllocator.h:
15011 * jit/HostCallReturnValue.cpp: Removed.
15012 * jit/HostCallReturnValue.h: Removed.
15016 * jit/JITExceptions.cpp:
15017 * jit/JITInlineMethods.h:
15018 * jit/JITStubs.cpp:
15020 * jit/JSInterfaceJIT.h:
15021 * llint/LLIntCommon.h: Removed.
15022 * llint/LLIntData.cpp: Removed.
15023 * llint/LLIntData.h: Removed.
15024 * llint/LLIntEntrypoints.cpp: Removed.
15025 * llint/LLIntEntrypoints.h: Removed.
15026 * llint/LLIntExceptions.cpp: Removed.
15027 * llint/LLIntExceptions.h: Removed.
15028 * llint/LLIntOfflineAsmConfig.h: Removed.
15029 * llint/LLIntOffsetsExtractor.cpp: Removed.
15030 * llint/LLIntSlowPaths.cpp: Removed.
15031 * llint/LLIntSlowPaths.h: Removed.
15032 * llint/LLIntThunks.cpp: Removed.
15033 * llint/LLIntThunks.h: Removed.
15034 * llint/LowLevelInterpreter.asm: Removed.
15035 * llint/LowLevelInterpreter.cpp: Removed.
15036 * llint/LowLevelInterpreter.h: Removed.
15037 * offlineasm/armv7.rb: Removed.
15038 * offlineasm/asm.rb: Removed.
15039 * offlineasm/ast.rb: Removed.
15040 * offlineasm/backends.rb: Removed.
15041 * offlineasm/generate_offset_extractor.rb: Removed.
15042 * offlineasm/instructions.rb: Removed.
15043 * offlineasm/offset_extractor_constants.rb: Removed.
15044 * offlineasm/offsets.rb: Removed.
15045 * offlineasm/opt.rb: Removed.
15046 * offlineasm/parser.rb: Removed.
15047 * offlineasm/registers.rb: Removed.
15048 * offlineasm/self_hash.rb: Removed.
15049 * offlineasm/settings.rb: Removed.
15050 * offlineasm/transform.rb: Removed.
15051 * offlineasm/x86.rb: Removed.
15052 * runtime/CodeSpecializationKind.h: Removed.
15053 * runtime/CommonSlowPaths.h:
15054 * runtime/Executable.cpp:
15055 * runtime/Executable.h:
15056 * runtime/ExecutionHarness.h: Removed.
15057 * runtime/JSArray.h:
15058 * runtime/JSCell.h:
15059 * runtime/JSFunction.h:
15060 * runtime/JSGlobalData.cpp:
15061 * runtime/JSGlobalData.h:
15062 * runtime/JSGlobalObject.h:
15063 * runtime/JSObject.h:
15064 * runtime/JSPropertyNameIterator.h:
15065 * runtime/JSString.h:
15066 * runtime/JSTypeInfo.h:
15067 * runtime/JSValue.cpp:
15068 * runtime/JSValue.h:
15069 * runtime/JSVariableObject.h:
15070 * runtime/Options.cpp:
15071 * runtime/Options.h:
15072 * runtime/ScopeChain.h:
15073 * runtime/Structure.cpp:
15074 * runtime/Structure.h:
15075 * runtime/StructureChain.h:
15078 * wtf/SentinelLinkedList.h:
15079 * wtf/text/StringImpl.h:
15081 2012-02-21 Gustavo Noronha Silva <kov@debian.org> and Bob Tracy <rct@frus.com>
15083 Does not build on IA64, SPARC and Alpha
15084 https://bugs.webkit.org/show_bug.cgi?id=79047
15086 Rubber-stamped by Kent Tamura.
15088 * wtf/dtoa/utils.h: these architectures also have correct double
15089 operations, so add them to the appropriate side of the check.
15091 2012-02-21 Filip Pizlo <fpizlo@apple.com>
15093 Fix massive crashes in all tests introduced by previous build fix, and fix non-DFG build.
15094 https://bugs.webkit.org/show_bug.cgi?id=75812
15096 Reviewed by Csaba Osztrogonác.
15098 * dfg/DFGOperations.cpp:
15100 * jit/HostCallReturnValue.h:
15101 (JSC::initializeHostCallReturnValue):
15103 2012-02-21 Filip Pizlo <fpizlo@apple.com>
15105 Attempted build fix for ELF platforms.
15107 * dfg/DFGOperations.cpp:
15109 (JSC::getHostCallReturnValueWithExecState):
15110 * jit/HostCallReturnValue.cpp:
15112 * jit/HostCallReturnValue.h:
15113 (JSC::initializeHostCallReturnValue):
15115 2012-02-20 Filip Pizlo <fpizlo@apple.com>
15117 JSC should be a triple-tier VM
15118 https://bugs.webkit.org/show_bug.cgi?id=75812
15119 <rdar://problem/10079694>
15121 Reviewed by Gavin Barraclough.
15123 Implemented an interpreter that uses the JIT's calling convention. This
15124 interpreter is called LLInt, or the Low Level Interpreter. JSC will now
15125 will start by executing code in LLInt and will only tier up to the old
15126 JIT after the code is proven hot.
15128 LLInt is written in a modified form of our macro assembly. This new macro
15129 assembly is compiled by an offline assembler (see offlineasm), which
15130 implements many modern conveniences such as a Turing-complete CPS-based
15131 macro language and direct access to relevant C++ type information
15132 (basically offsets of fields and sizes of structs/classes).
15134 Code executing in LLInt appears to the rest of the JSC world "as if" it
15135 were executing in the old JIT. Hence, things like exception handling and
15136 cross-execution-engine calls just work and require pretty much no
15137 additional overhead.
15139 This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
15140 V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
15141 V8, and Kraken, but appear to get a double-digit improvement on real-world
15142 websites due to a huge reduction in the amount of JIT'ing.
15146 * GNUmakefile.list.am:
15147 * JavaScriptCore.pri:
15148 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
15149 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
15150 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
15151 * JavaScriptCore.xcodeproj/project.pbxproj:
15153 * assembler/LinkBuffer.h:
15154 * assembler/MacroAssemblerCodeRef.h:
15155 (MacroAssemblerCodePtr):
15156 (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
15157 * bytecode/BytecodeConventions.h: Added.
15158 * bytecode/CallLinkStatus.cpp:
15159 (JSC::CallLinkStatus::computeFromLLInt):
15161 (JSC::CallLinkStatus::computeFor):
15162 * bytecode/CallLinkStatus.h:
15163 (JSC::CallLinkStatus::isSet):
15164 (JSC::CallLinkStatus::operator!):
15166 * bytecode/CodeBlock.cpp:
15167 (JSC::CodeBlock::dump):
15168 (JSC::CodeBlock::CodeBlock):
15169 (JSC::CodeBlock::~CodeBlock):
15170 (JSC::CodeBlock::finalizeUnconditionally):
15171 (JSC::CodeBlock::stronglyVisitStrongReferences):
15173 (JSC::CodeBlock::unlinkCalls):
15174 (JSC::CodeBlock::unlinkIncomingCalls):
15175 (JSC::CodeBlock::bytecodeOffset):
15176 (JSC::ProgramCodeBlock::jettison):
15177 (JSC::EvalCodeBlock::jettison):
15178 (JSC::FunctionCodeBlock::jettison):
15179 (JSC::ProgramCodeBlock::jitCompileImpl):
15180 (JSC::EvalCodeBlock::jitCompileImpl):
15181 (JSC::FunctionCodeBlock::jitCompileImpl):
15182 * bytecode/CodeBlock.h:
15185 (JSC::CodeBlock::baselineVersion):
15186 (JSC::CodeBlock::linkIncomingCall):
15187 (JSC::CodeBlock::bytecodeOffset):
15188 (JSC::CodeBlock::jitCompile):
15189 (JSC::CodeBlock::hasOptimizedReplacement):
15190 (JSC::CodeBlock::addPropertyAccessInstruction):
15191 (JSC::CodeBlock::addGlobalResolveInstruction):
15192 (JSC::CodeBlock::addLLIntCallLinkInfo):
15193 (JSC::CodeBlock::addGlobalResolveInfo):
15194 (JSC::CodeBlock::numberOfMethodCallLinkInfos):
15195 (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
15196 (JSC::CodeBlock::likelyToTakeSlowCase):
15197 (JSC::CodeBlock::couldTakeSlowCase):
15198 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
15199 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
15200 (JSC::CodeBlock::likelyToTakeAnySlowCase):
15201 (JSC::CodeBlock::addFrequentExitSite):
15202 (JSC::CodeBlock::dontJITAnytimeSoon):
15203 (JSC::CodeBlock::jitAfterWarmUp):
15204 (JSC::CodeBlock::jitSoon):
15205 (JSC::CodeBlock::llintExecuteCounter):
15206 (ProgramCodeBlock):
15208 (FunctionCodeBlock):
15209 * bytecode/GetByIdStatus.cpp:
15210 (JSC::GetByIdStatus::computeFromLLInt):
15212 (JSC::GetByIdStatus::computeFor):
15213 * bytecode/GetByIdStatus.h:
15214 (JSC::GetByIdStatus::GetByIdStatus):
15215 (JSC::GetByIdStatus::wasSeenInJIT):
15217 * bytecode/Instruction.h:
15219 (JSC::Instruction::Instruction):
15221 * bytecode/LLIntCallLinkInfo.h: Added.
15223 (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
15224 (LLIntCallLinkInfo):
15225 (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
15226 (JSC::LLIntCallLinkInfo::isLinked):
15227 (JSC::LLIntCallLinkInfo::unlink):
15228 * bytecode/MethodCallLinkStatus.cpp:
15229 (JSC::MethodCallLinkStatus::computeFor):
15230 * bytecode/Opcode.cpp:
15232 * bytecode/Opcode.h:
15234 (JSC::padOpcodeName):
15235 * bytecode/PutByIdStatus.cpp:
15236 (JSC::PutByIdStatus::computeFromLLInt):
15238 (JSC::PutByIdStatus::computeFor):
15239 * bytecode/PutByIdStatus.h:
15241 * bytecompiler/BytecodeGenerator.cpp:
15242 (JSC::BytecodeGenerator::emitResolve):
15243 (JSC::BytecodeGenerator::emitResolveWithBase):
15244 (JSC::BytecodeGenerator::emitGetById):
15245 (JSC::BytecodeGenerator::emitPutById):
15246 (JSC::BytecodeGenerator::emitDirectPutById):
15247 (JSC::BytecodeGenerator::emitCall):
15248 (JSC::BytecodeGenerator::emitConstruct):
15249 (JSC::BytecodeGenerator::emitCatch):
15250 * dfg/DFGByteCodeParser.cpp:
15251 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
15252 (JSC::DFG::ByteCodeParser::handleInlining):
15253 (JSC::DFG::ByteCodeParser::parseBlock):
15254 * dfg/DFGCapabilities.h:
15255 (JSC::DFG::canCompileOpcode):
15256 * dfg/DFGOSRExitCompiler.cpp:
15257 * dfg/DFGOperations.cpp:
15260 (JSC::Heap::firstAllocatorWithoutDestructors):
15262 * heap/MarkStack.cpp:
15263 (JSC::visitChildren):
15264 * heap/MarkedAllocator.h:
15267 * heap/MarkedSpace.h:
15270 (JSC::MarkedSpace::firstAllocator):
15271 * interpreter/CallFrame.cpp:
15273 (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
15274 (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
15275 (JSC::CallFrame::currentVPC):
15276 (JSC::CallFrame::setCurrentVPC):
15277 (JSC::CallFrame::trueCallerFrame):
15278 * interpreter/CallFrame.h:
15279 (JSC::ExecState::hasReturnPC):
15280 (JSC::ExecState::clearReturnPC):
15282 (JSC::ExecState::bytecodeOffsetForNonDFGCode):
15283 (JSC::ExecState::currentVPC):
15284 (JSC::ExecState::setCurrentVPC):
15285 * interpreter/Interpreter.cpp:
15286 (JSC::Interpreter::Interpreter):
15287 (JSC::Interpreter::~Interpreter):
15289 (JSC::Interpreter::initialize):
15290 (JSC::Interpreter::isOpcode):
15291 (JSC::Interpreter::unwindCallFrame):
15292 (JSC::getCallerInfo):
15293 (JSC::Interpreter::privateExecute):
15294 (JSC::Interpreter::retrieveLastCaller):
15295 * interpreter/Interpreter.h:
15298 (JSC::Interpreter::getOpcode):
15299 (JSC::Interpreter::getOpcodeID):
15300 (JSC::Interpreter::classicEnabled):
15301 * interpreter/RegisterFile.h:
15304 * jit/ExecutableAllocator.h:
15306 * jit/HostCallReturnValue.cpp: Added.
15308 (JSC::getHostCallReturnValueWithExecState):
15309 * jit/HostCallReturnValue.h: Added.
15311 (JSC::initializeHostCallReturnValue):
15313 (JSC::JIT::privateCompileMainPass):
15314 (JSC::JIT::privateCompileSlowCases):
15315 (JSC::JIT::privateCompile):
15317 (JSC::JITCode::isOptimizingJIT):
15319 (JSC::JITCode::isBaselineCode):
15320 (JSC::JITCode::JITCode):
15322 (JSC::jitCompileIfAppropriate):
15323 (JSC::jitCompileFunctionIfAppropriate):
15324 * jit/JITExceptions.cpp:
15326 * jit/JITInlineMethods.h:
15327 (JSC::JIT::updateTopCallFrame):
15328 * jit/JITStubs.cpp:
15329 (JSC::DEFINE_STUB_FUNCTION):
15333 * jit/JSInterfaceJIT.h:
15335 * llint/LLIntCommon.h: Added.
15336 * llint/LLIntData.cpp: Added.
15338 (JSC::LLInt::Data::Data):
15339 (JSC::LLInt::Data::performAssertions):
15340 (JSC::LLInt::Data::~Data):
15341 * llint/LLIntData.h: Added.
15345 (JSC::LLInt::Data::exceptionInstructions):
15346 (JSC::LLInt::Data::opcodeMap):
15347 (JSC::LLInt::Data::performAssertions):
15348 * llint/LLIntEntrypoints.cpp: Added.
15350 (JSC::LLInt::getFunctionEntrypoint):
15351 (JSC::LLInt::getEvalEntrypoint):
15352 (JSC::LLInt::getProgramEntrypoint):
15353 * llint/LLIntEntrypoints.h: Added.
15356 (JSC::LLInt::getEntrypoint):
15357 * llint/LLIntExceptions.cpp: Added.
15359 (JSC::LLInt::interpreterThrowInCaller):
15360 (JSC::LLInt::returnToThrowForThrownException):
15361 (JSC::LLInt::returnToThrow):
15362 (JSC::LLInt::callToThrow):
15363 * llint/LLIntExceptions.h: Added.
15366 * llint/LLIntOfflineAsmConfig.h: Added.
15367 * llint/LLIntOffsetsExtractor.cpp: Added.
15369 (LLIntOffsetsExtractor):
15370 (JSC::LLIntOffsetsExtractor::dummy):
15372 * llint/LLIntSlowPaths.cpp: Added.
15374 (JSC::LLInt::llint_trace_operand):
15375 (JSC::LLInt::llint_trace_value):
15376 (JSC::LLInt::LLINT_SLOW_PATH_DECL):
15377 (JSC::LLInt::traceFunctionPrologue):
15378 (JSC::LLInt::shouldJIT):
15379 (JSC::LLInt::entryOSR):
15380 (JSC::LLInt::resolveGlobal):
15381 (JSC::LLInt::getByVal):
15382 (JSC::LLInt::handleHostCall):
15383 (JSC::LLInt::setUpCall):
15384 (JSC::LLInt::genericCall):
15385 * llint/LLIntSlowPaths.h: Added.
15388 * llint/LLIntThunks.cpp: Added.
15390 (JSC::LLInt::generateThunkWithJumpTo):
15391 (JSC::LLInt::functionForCallEntryThunkGenerator):
15392 (JSC::LLInt::functionForConstructEntryThunkGenerator):
15393 (JSC::LLInt::functionForCallArityCheckThunkGenerator):
15394 (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
15395 (JSC::LLInt::evalEntryThunkGenerator):
15396 (JSC::LLInt::programEntryThunkGenerator):
15397 * llint/LLIntThunks.h: Added.
15400 * llint/LowLevelInterpreter.asm: Added.
15401 * llint/LowLevelInterpreter.cpp: Added.
15402 * llint/LowLevelInterpreter.h: Added.
15403 * offlineasm: Added.
15404 * offlineasm/armv7.rb: Added.
15405 * offlineasm/asm.rb: Added.
15406 * offlineasm/ast.rb: Added.
15407 * offlineasm/backends.rb: Added.
15408 * offlineasm/generate_offset_extractor.rb: Added.
15409 * offlineasm/instructions.rb: Added.
15410 * offlineasm/offset_extractor_constants.rb: Added.
15411 * offlineasm/offsets.rb: Added.
15412 * offlineasm/opt.rb: Added.
15413 * offlineasm/parser.rb: Added.
15414 * offlineasm/registers.rb: Added.
15415 * offlineasm/self_hash.rb: Added.
15416 * offlineasm/settings.rb: Added.
15417 * offlineasm/transform.rb: Added.
15418 * offlineasm/x86.rb: Added.
15419 * runtime/CodeSpecializationKind.h: Added.
15421 * runtime/CommonSlowPaths.h:
15422 (JSC::CommonSlowPaths::arityCheckFor):
15424 * runtime/Executable.cpp:
15425 (JSC::jettisonCodeBlock):
15427 (JSC::EvalExecutable::jitCompile):
15428 (JSC::samplingDescription):
15429 (JSC::EvalExecutable::compileInternal):
15430 (JSC::ProgramExecutable::jitCompile):
15431 (JSC::ProgramExecutable::compileInternal):
15432 (JSC::FunctionExecutable::baselineCodeBlockFor):
15433 (JSC::FunctionExecutable::jitCompileForCall):
15434 (JSC::FunctionExecutable::jitCompileForConstruct):
15435 (JSC::FunctionExecutable::compileForCallInternal):
15436 (JSC::FunctionExecutable::compileForConstructInternal):
15437 * runtime/Executable.h:
15440 (ProgramExecutable):
15441 (FunctionExecutable):
15442 (JSC::FunctionExecutable::jitCompileFor):
15443 * runtime/ExecutionHarness.h: Added.
15445 (JSC::prepareForExecution):
15446 (JSC::prepareFunctionForExecution):
15447 * runtime/JSArray.h:
15450 * runtime/JSCell.h:
15453 * runtime/JSFunction.h:
15456 * runtime/JSGlobalData.cpp:
15457 (JSC::JSGlobalData::JSGlobalData):
15458 * runtime/JSGlobalData.h:
15461 * runtime/JSGlobalObject.h:
15464 * runtime/JSObject.h:
15468 * runtime/JSPropertyNameIterator.h:
15470 (JSPropertyNameIterator):
15471 * runtime/JSString.h:
15474 * runtime/JSTypeInfo.h:
15477 * runtime/JSValue.cpp:
15478 (JSC::JSValue::description):
15479 * runtime/JSValue.h:
15482 * runtime/JSVariableObject.h:
15484 (JSVariableObject):
15485 * runtime/Options.cpp:
15487 (JSC::Options::initializeOptions):
15488 * runtime/Options.h:
15490 * runtime/ScopeChain.h:
15493 * runtime/Structure.cpp:
15494 (JSC::Structure::addPropertyTransition):
15495 * runtime/Structure.h:
15498 * runtime/StructureChain.h:
15503 * wtf/SentinelLinkedList.h:
15504 (SentinelLinkedList):
15505 (WTF::SentinelLinkedList::isEmpty):
15506 * wtf/text/StringImpl.h:
15510 2012-02-20 Filip Pizlo <fpizlo@apple.com>
15512 Unreviewed, rolling out http://trac.webkit.org/changeset/108291
15513 It completely broke the 32-bit JIT.
15515 * heap/CopiedAllocator.h:
15516 * heap/CopiedSpace.h:
15519 (JSC::Heap::allocatorForObjectWithDestructor):
15521 (JSC::JIT::privateCompileSlowCases):
15524 * jit/JITInlineMethods.h:
15526 * jit/JITOpcodes.cpp:
15527 (JSC::JIT::emit_op_new_array):
15528 * runtime/JSArray.cpp:
15529 (JSC::storageSize):
15531 * runtime/JSArray.h:
15535 2012-02-20 Gavin Barraclough <barraclough@apple.com>
15537 [[Put]] should throw if prototype chain contains a readonly property.
15538 https://bugs.webkit.org/show_bug.cgi?id=79069
15540 Reviewed by Oliver Hunt.
15542 Currently we only check the base of the put, not the prototype chain.
15543 Fold this check in with the test for accessors.
15545 * runtime/JSObject.cpp:
15546 (JSC::JSObject::put):
15547 - Updated to test all objects in the propotype chain for readonly properties.
15548 (JSC::JSObject::putDirectAccessor):
15549 (JSC::putDescriptor):
15550 - Record the presence of readonly properties on the structure.
15551 * runtime/Structure.cpp:
15552 (JSC::Structure::Structure):
15553 - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
15554 * runtime/Structure.h:
15555 (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
15556 (JSC::Structure::setHasGetterSetterProperties):
15557 - hasGetterSetterPropertiesExcludingProto expanded to hasReadOnlyOrGetterSetterPropertiesExcludingProto.
15558 (JSC::Structure::setContainsReadOnlyProperties):
15561 2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
15563 Implement fast path for op_new_array in the baseline JIT
15564 https://bugs.webkit.org/show_bug.cgi?id=78612
15566 Reviewed by Filip Pizlo.
15568 * heap/CopiedAllocator.h:
15569 (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
15570 * heap/CopiedSpace.h:
15571 (CopiedSpace): Friended the JIT to allow access to
15572 (JSC::CopiedSpace::allocator):
15574 (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
15575 can use it for simple allocation i.e. when we can just bump the offset without having to
15578 (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
15579 we have to bail out because the fast allocation path fails for whatever reason.
15582 * jit/JITInlineMethods.h:
15583 (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
15584 allocate generic backing stores. This function is used by emitAllocateJSArray.
15586 (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
15587 more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
15588 it will also be used for emit_op_new_array_buffer.
15589 * jit/JITOpcodes.cpp:
15590 (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
15591 a stub call for oversize arrays.
15593 (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on
15595 * runtime/JSArray.cpp:
15597 * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
15598 initialize in the JIT.
15600 (JSC::ArrayStorage::lengthOffset):
15601 (JSC::ArrayStorage::numValuesInVectorOffset):
15602 (JSC::ArrayStorage::allocBaseOffset):
15603 (JSC::ArrayStorage::vectorOffset):
15605 (JSC::JSArray::sparseValueMapOffset):
15606 (JSC::JSArray::subclassDataOffset):
15607 (JSC::JSArray::indexBiasOffset):
15609 (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
15610 to being a static function in the JSArray class. This move allows the JIT to call it to
15611 see what size it should allocate.
15613 2012-02-20 Gavin Barraclough <barraclough@apple.com>
15615 DefineOwnProperty fails with numeric properties & Object.prototype
15616 https://bugs.webkit.org/show_bug.cgi?id=79059
15618 Reviewed by Oliver Hunt.
15620 ObjectPrototype caches whether it contains any numeric properties (m_hasNoPropertiesWithUInt32Names),
15621 calls to defineOwnProperty need to update this cache.
15623 * runtime/ObjectPrototype.cpp:
15624 (JSC::ObjectPrototype::put):
15625 (JSC::ObjectPrototype::defineOwnProperty):
15627 (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
15628 * runtime/ObjectPrototype.h:
15631 2012-02-20 Pino Toscano <pino@debian.org>
15633 Does not build on GNU Hurd
15634 https://bugs.webkit.org/show_bug.cgi?id=79045
15636 Reviewed by Gustavo Noronha Silva.
15638 * wtf/Platform.h: define WTF_OS_HURD.
15639 * wtf/ThreadIdentifierDataPthreads.cpp: adds a band-aid fix
15640 for the lack of PTHREAD_KEYS_MAX definition, with a value which
15641 should not cause issues.
15643 2012-02-20 Gavin Barraclough <barraclough@apple.com>
15645 Unreviewed windows build fix.
15647 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
15649 2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
15651 Undoing accidental changes
15654 (JSC::Heap::collectAllGarbage):
15656 2012-02-20 Mark Hahnenberg <mhahnenberg@apple.com>
15658 Factor out allocation in CopySpace into a separate CopyAllocator
15659 https://bugs.webkit.org/show_bug.cgi?id=78610
15661 Reviewed by Oliver Hunt.
15663 Added a new CopyAllocator class, which allows us to do allocations without
15664 having to load the current offset and store the current offset in the current
15665 block. This change will allow us to easily do inline assembly in the JIT for
15668 * GNUmakefile.list.am:
15669 * JavaScriptCore.gypi:
15670 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
15671 * JavaScriptCore.xcodeproj/project.pbxproj:
15672 * heap/CopiedAllocator.h: Added.
15675 (JSC::CopiedAllocator::currentBlock):
15676 (JSC::CopiedAllocator::CopiedAllocator):
15677 (JSC::CopiedAllocator::allocate):
15678 (JSC::CopiedAllocator::fitsInCurrentBlock):
15679 (JSC::CopiedAllocator::wasLastAllocation):
15680 (JSC::CopiedAllocator::startedCopying):
15681 (JSC::CopiedAllocator::resetCurrentBlock):
15682 (JSC::CopiedAllocator::currentUtilization):
15683 (JSC::CopiedAllocator::resetLastAllocation):
15684 * heap/CopiedBlock.h:
15686 * heap/CopiedSpace.cpp: Moved some stuff from CopiedSpaceInlineMethods to here because we
15687 weren't really getting any benefits from having such big functions in a header file.
15688 (JSC::CopiedSpace::CopiedSpace):
15690 (JSC::CopiedSpace::init):
15691 (JSC::CopiedSpace::tryAllocateSlowCase):
15692 (JSC::CopiedSpace::tryAllocateOversize):
15693 (JSC::CopiedSpace::tryReallocate):
15694 (JSC::CopiedSpace::tryReallocateOversize):
15695 (JSC::CopiedSpace::doneFillingBlock):
15696 (JSC::CopiedSpace::doneCopying):
15697 (JSC::CopiedSpace::getFreshBlock):
15698 * heap/CopiedSpace.h:
15700 * heap/CopiedSpaceInlineMethods.h:
15702 (JSC::CopiedSpace::startedCopying):
15703 (JSC::CopiedSpace::addNewBlock):
15704 (JSC::CopiedSpace::allocateNewBlock):
15705 (JSC::CopiedSpace::fitsInBlock):
15706 (JSC::CopiedSpace::tryAllocate):
15707 (JSC::CopiedSpace::allocateFromBlock):
15709 (JSC::Heap::collectAllGarbage):
15710 * heap/HeapBlock.h:
15713 2012-02-20 Patrick Gansterer <paroga@webkit.org>
15715 Fix Visual Studio 2010 build.
15717 * bytecompiler/NodesCodegen.cpp:
15718 (JSC::PropertyListNode::emitBytecode):
15720 2012-02-16 Gavin Barraclough <barraclough@apple.com>
15722 Move special __proto__ property to Object.prototype
15723 https://bugs.webkit.org/show_bug.cgi?id=78409
15725 Reviewed by Oliver Hunt.
15727 Re-implement this as a regular accessor property. This has three key benefits:
15728 1) It makes it possible for objects to be given properties named __proto__.
15729 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
15730 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
15732 * parser/Parser.cpp:
15733 (JSC::::parseFunctionInfo):
15734 - No need to prohibit functions named __proto__.
15735 * runtime/JSGlobalObject.cpp:
15736 (JSC::JSGlobalObject::reset):
15737 - Add __proto__ accessor to Object.prototype.
15738 * runtime/JSGlobalObjectFunctions.cpp:
15739 (JSC::globalFuncProtoGetter):
15740 (JSC::globalFuncProtoSetter):
15741 - Definition of the __proto__ accessor functions.
15742 * runtime/JSGlobalObjectFunctions.h:
15743 - Declaration of the __proto__ accessor functions.
15744 * runtime/JSObject.cpp:
15745 (JSC::JSObject::put):
15746 - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
15747 (JSC::JSObject::putDirectAccessor):
15748 - Track on the structure whether an object contains accessors other than one for __proto__.
15749 (JSC::JSObject::defineOwnProperty):
15750 - No need to prohibit definition of own properties named __proto__.
15751 * runtime/JSObject.h:
15752 (JSC::JSObject::inlineGetOwnPropertySlot):
15753 - Remove the special handling for __proto__.
15754 (JSC::JSValue::get):
15755 - Remove the special handling for __proto__.
15756 * runtime/JSString.cpp:
15757 (JSC::JSString::getOwnPropertySlot):
15758 - Remove the special handling for __proto__.
15759 * runtime/JSValue.h:
15761 - Made synthesizePrototype public (this may be needed by the __proto__ getter).
15762 * runtime/ObjectConstructor.cpp:
15763 (JSC::objectConstructorGetPrototypeOf):
15764 - Perform the security check & call prototype() directly.
15765 * runtime/Structure.cpp:
15766 (JSC::Structure::Structure):
15767 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
15768 * runtime/Structure.h:
15769 (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
15770 (JSC::Structure::setHasGetterSetterProperties):
15772 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
15774 2012-02-20 Michael Saboff <msaboff@apple.com>
15776 Update toLower and toUpper tests for Unicode 6.1 changes
15777 https://bugs.webkit.org/show_bug.cgi?id=78923
15779 Reviewed by Oliver Hunt.
15781 * tests/mozilla/ecma/String/15.5.4.11-2.js: Updated the test
15782 to handle a third set of results for updated Unicode 6.1
15785 (TestCaseMultiExpected):
15786 (writeTestCaseResultMultiExpected):
15787 (getTestCaseResultMultiExpected):
15789 (GetUnicodeValues):
15790 (DecimalToHexString):
15792 2012-02-20 Andy Wingo <wingo@igalia.com>
15794 Remove unused features from CodeFeatures
15795 https://bugs.webkit.org/show_bug.cgi?id=78804
15797 Reviewed by Gavin Barraclough.
15800 * parser/ASTBuilder.h:
15801 (JSC::ClosureFeature):
15802 (JSC::ASTBuilder::createFunctionBody):
15803 (JSC::ASTBuilder::usesClosures):
15804 Remove "ClosureFeature". Since we track captured variables more
15805 precisely, this bit doesn't do us any good.
15807 (JSC::AssignFeature):
15808 (JSC::ASTBuilder::makeAssignNode):
15809 (JSC::ASTBuilder::makePrefixNode):
15810 (JSC::ASTBuilder::makePostfixNode):
15811 (JSC::ASTBuilder::usesAssignment):
15812 Similarly, remove AssignFeature. It is unused.
15814 2012-02-19 Carlos Garcia Campos <cgarcia@igalia.com>
15816 Unreviewed. Fix make distcheck issues.
15818 * GNUmakefile.list.am: Add missing files.
15820 2012-02-18 Sam Weinig <sam@webkit.org>
15822 Fix style issues in DFG Phase classes
15823 https://bugs.webkit.org/show_bug.cgi?id=78983
15825 Reviewed by Ryosuke Niwa.
15827 * dfg/DFGArithNodeFlagsInferencePhase.cpp:
15828 * dfg/DFGCFAPhase.cpp:
15829 * dfg/DFGCSEPhase.cpp:
15830 * dfg/DFGPredictionPropagationPhase.cpp:
15831 * dfg/DFGVirtualRegisterAllocationPhase.cpp:
15832 Add a space before the colon in class declarations.
15834 2012-02-18 Filip Pizlo <fpizlo@apple.com>
15836 Attempt to fix Windows build.
15838 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
15840 2012-02-18 Sam Weinig <sam@webkit.org>
15842 Fix the libc++ build.
15844 Reviewed by Anders Carlsson.
15847 Libc++'s nullptr emulation does not allow default construction
15848 of the nullptr_t type. Work around this with the arguably clearer
15849 just returning nullptr.
15851 2012-02-18 Filip Pizlo <fpizlo@apple.com>
15853 DFGPropagator.cpp has too many things
15854 https://bugs.webkit.org/show_bug.cgi?id=78956
15856 Reviewed by Oliver Hunt.
15858 Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
15859 various things and put them into separate files. These new phases follow
15860 the naming convention "DFG<name>Phase" where <name> is a noun. They are
15861 called via functions of the form "perform<name>".
15864 * GNUmakefile.list.am:
15865 * JavaScriptCore.xcodeproj/project.pbxproj:
15867 * dfg/DFGArithNodeFlagsInferencePhase.cpp: Added.
15869 (JSC::DFG::performArithNodeFlagsInference):
15870 * dfg/DFGArithNodeFlagsInferencePhase.h: Added.
15872 * dfg/DFGCFAPhase.cpp: Added.
15874 (JSC::DFG::performCFA):
15875 * dfg/DFGCFAPhase.h: Added.
15877 * dfg/DFGCSEPhase.cpp: Added.
15879 (JSC::DFG::performCSE):
15880 * dfg/DFGCSEPhase.h: Added.
15882 * dfg/DFGDriver.cpp:
15883 (JSC::DFG::compile):
15884 * dfg/DFGPhase.cpp: Added.
15886 (JSC::DFG::Phase::beginPhase):
15887 (JSC::DFG::Phase::endPhase):
15888 * dfg/DFGPhase.h: Added.
15891 (JSC::DFG::Phase::Phase):
15892 (JSC::DFG::Phase::~Phase):
15893 (JSC::DFG::Phase::globalData):
15894 (JSC::DFG::Phase::codeBlock):
15895 (JSC::DFG::Phase::profiledBlock):
15896 (JSC::DFG::Phase::beginPhase):
15897 (JSC::DFG::Phase::endPhase):
15898 (JSC::DFG::runPhase):
15899 * dfg/DFGPredictionPropagationPhase.cpp: Added.
15901 (JSC::DFG::performPredictionPropagation):
15902 * dfg/DFGPredictionPropagationPhase.h: Added.
15904 * dfg/DFGPropagator.cpp: Removed.
15905 * dfg/DFGPropagator.h: Removed.
15906 * dfg/DFGVirtualRegisterAllocationPhase.cpp: Added.
15908 (JSC::DFG::performVirtualRegisterAllocation):
15909 * dfg/DFGVirtualRegisterAllocationPhase.h: Added.
15912 2012-02-17 Filip Pizlo <fpizlo@apple.com>
15914 DFG::Graph should have references to JSGlobalData, the CodeBlock being compiled, and
15915 the CodeBlock that was used for profiling
15916 https://bugs.webkit.org/show_bug.cgi?id=78954
15918 Reviewed by Gavin Barraclough.
15920 * bytecode/CodeBlock.h:
15921 (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
15923 * dfg/DFGAbstractState.cpp:
15924 (JSC::DFG::AbstractState::AbstractState):
15925 (JSC::DFG::AbstractState::execute):
15926 * dfg/DFGAbstractState.h:
15927 * dfg/DFGAssemblyHelpers.h:
15929 * dfg/DFGByteCodeParser.cpp:
15930 (JSC::DFG::ByteCodeParser::ByteCodeParser):
15931 (JSC::DFG::ByteCodeParser::handleCall):
15933 * dfg/DFGByteCodeParser.h:
15935 * dfg/DFGDriver.cpp:
15936 (JSC::DFG::compile):
15937 * dfg/DFGGraph.cpp:
15938 (JSC::DFG::Graph::dump):
15939 (JSC::DFG::Graph::predictArgumentTypes):
15941 (JSC::DFG::Graph::Graph):
15943 (JSC::DFG::Graph::getJSConstantPrediction):
15944 (JSC::DFG::Graph::addShouldSpeculateInteger):
15945 (JSC::DFG::Graph::isInt32Constant):
15946 (JSC::DFG::Graph::isDoubleConstant):
15947 (JSC::DFG::Graph::isNumberConstant):
15948 (JSC::DFG::Graph::isBooleanConstant):
15949 (JSC::DFG::Graph::isFunctionConstant):
15950 (JSC::DFG::Graph::valueOfJSConstant):
15951 (JSC::DFG::Graph::valueOfInt32Constant):
15952 (JSC::DFG::Graph::valueOfNumberConstant):
15953 (JSC::DFG::Graph::valueOfBooleanConstant):
15954 (JSC::DFG::Graph::valueOfFunctionConstant):
15955 (JSC::DFG::Graph::baselineCodeBlockFor):
15956 (JSC::DFG::Graph::valueProfileFor):
15957 (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
15958 * dfg/DFGJITCompiler.h:
15959 (JSC::DFG::JITCompiler::JITCompiler):
15961 * dfg/DFGOSRExit.cpp:
15962 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
15963 * dfg/DFGPropagator.cpp:
15964 (JSC::DFG::Propagator::Propagator):
15965 (JSC::DFG::Propagator::isNotNegZero):
15966 (JSC::DFG::Propagator::isNotZero):
15967 (JSC::DFG::Propagator::propagateNodePredictions):
15968 (JSC::DFG::Propagator::doRoundOfDoubleVoting):
15969 (JSC::DFG::Propagator::globalCFA):
15970 (JSC::DFG::propagate):
15971 * dfg/DFGPropagator.h:
15973 * dfg/DFGSpeculativeJIT.cpp:
15974 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
15975 (JSC::DFG::SpeculativeJIT::compileAdd):
15976 (JSC::DFG::SpeculativeJIT::compileArithSub):
15977 * dfg/DFGSpeculativeJIT.h:
15978 (JSC::DFG::SpeculativeJIT::isConstant):
15979 (JSC::DFG::SpeculativeJIT::isJSConstant):
15980 (JSC::DFG::SpeculativeJIT::isInt32Constant):
15981 (JSC::DFG::SpeculativeJIT::isDoubleConstant):
15982 (JSC::DFG::SpeculativeJIT::isNumberConstant):
15983 (JSC::DFG::SpeculativeJIT::isBooleanConstant):
15984 (JSC::DFG::SpeculativeJIT::isFunctionConstant):
15985 (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
15986 (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
15987 (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
15988 (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
15989 (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
15990 (JSC::DFG::SpeculativeJIT::speculationCheck):
15991 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
15993 2012-02-17 Ahmad Sharif <asharif.tools@gmail.com>
15995 There is a warning in memset in glibc that gets triggered through a
15996 warndecl when the fill-value of memset is a non-zero constant and the
15997 size is zero. This warning is enabled when building with
15998 -D_FORTIFY_SOURCE=2. This patch fixes the warning.
16000 https://bugs.webkit.org/show_bug.cgi?id=78513
16002 Reviewed by Alexey Proskuryakov
16006 2012-02-17 Kalev Lember <kalevlember@gmail.com>
16008 Remove unused parameters from WTF threading API
16009 https://bugs.webkit.org/show_bug.cgi?id=78389
16011 Reviewed by Adam Roben.
16013 waitForThreadCompletion() had an out param 'void **result' to get the
16014 'void *' returned by ThreadFunction. However, the implementation in
16015 ThreadingWin.cpp ignored the out param, not filling it in. This had
16016 led to a situation where none of the client code made use of the param
16017 and just ignored it.
16019 To clean this up, the patch changes the signature of ThreadFunction to
16020 return void instead of void* and drops the the unused 'void **result'
16021 parameter from waitForThreadCompletion. Also, all client code is
16022 updated for the API change.
16024 As mentioned in https://bugs.webkit.org/show_bug.cgi?id=78389 , even
16025 though the change only affects internal API, Safari is using it
16026 directly and we'll need to keep the old versions around for ABI
16027 compatibility. For this, the patch adds compatibility wrappers with
16030 * JavaScriptCore.order:
16031 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
16032 * bytecode/SamplingTool.cpp:
16033 (JSC::SamplingThread::threadStartFunc):
16034 (JSC::SamplingThread::stop):
16035 * bytecode/SamplingTool.h:
16038 (JSC::Heap::~Heap):
16039 (JSC::Heap::blockFreeingThreadStartFunc):
16041 * heap/MarkStack.cpp:
16042 (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
16043 (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
16044 * heap/MarkStack.h:
16045 (MarkStackThreadSharedData):
16046 * wtf/ParallelJobsGeneric.cpp:
16047 (WTF::ParallelEnvironment::ThreadPrivate::workerThread):
16048 * wtf/ParallelJobsGeneric.h:
16050 * wtf/ThreadFunctionInvocation.h: Update the signature of
16053 * wtf/Threading.cpp:
16054 (WTF::threadEntryPoint): Update for ThreadFunction signature change.
16056 (WTF::ThreadFunctionWithReturnValueInvocation::ThreadFunctionWithReturnValueInvocation):
16057 ABI compatibility function for Safari.
16058 (ThreadFunctionWithReturnValueInvocation): Ditto.
16059 (WTF::compatEntryPoint): Ditto.
16060 (WTF::createThread): Ditto.
16061 (WTF::waitForThreadCompletion): Ditto.
16062 * wtf/Threading.h: Update the signature of ThreadFunction and
16063 waitForThreadCompletion.
16065 * wtf/ThreadingPthreads.cpp: Implement the new API.
16066 (WTF::wtfThreadEntryPoint):
16068 (WTF::createThreadInternal):
16069 (WTF::waitForThreadCompletion):
16070 * wtf/ThreadingWin.cpp: Implement the new API.
16071 (WTF::wtfThreadEntryPoint):
16072 (WTF::waitForThreadCompletion):
16074 2012-02-16 Oliver Hunt <oliver@apple.com>
16076 Implement Error.stack
16077 https://bugs.webkit.org/show_bug.cgi?id=66994
16079 Reviewed by Gavin Barraclough.
16081 Implement support for stack traces on exception objects. This is a rewrite
16082 of the core portion of the last stack walking logic, but the mechanical work
16083 of adding the information to an exception comes from the original work by
16084 Juan Carlos Montemayor Elosua.
16086 * interpreter/Interpreter.cpp:
16087 (JSC::getCallerInfo):
16089 (JSC::getSourceURLFromCallFrame):
16090 (JSC::getStackFrameCodeType):
16091 (JSC::Interpreter::getStackTrace):
16092 (JSC::Interpreter::throwException):
16093 (JSC::Interpreter::privateExecute):
16094 * interpreter/Interpreter.h:
16097 (JSC::StackFrame::toString):
16100 (GlobalObject::finishCreation):
16101 (functionJSCStack):
16103 (JSC::FunctionBodyNode::setInferredName):
16106 * runtime/CommonIdentifiers.h:
16107 * runtime/Error.cpp:
16108 (JSC::addErrorInfo):
16112 2012-02-17 Mark Hahnenberg <mhahnenberg@apple.com>
16114 Rename Bump* to Copy*
16115 https://bugs.webkit.org/show_bug.cgi?id=78573
16117 Reviewed by Geoffrey Garen.
16119 Renamed anything with "Bump" in the name to have "Copied" instead.
16122 * GNUmakefile.list.am:
16123 * JavaScriptCore.gypi:
16124 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
16125 * JavaScriptCore.xcodeproj/project.pbxproj:
16127 * heap/BumpBlock.h: Removed.
16128 * heap/BumpSpace.cpp: Removed.
16129 * heap/BumpSpace.h: Removed.
16130 * heap/BumpSpaceInlineMethods.h: Removed.
16131 * heap/ConservativeRoots.cpp:
16132 (JSC::ConservativeRoots::ConservativeRoots):
16133 (JSC::ConservativeRoots::genericAddPointer):
16134 * heap/ConservativeRoots.h:
16135 (ConservativeRoots):
16136 * heap/CopiedBlock.h: Added.
16139 (JSC::CopiedBlock::CopiedBlock):
16140 * heap/CopiedSpace.cpp: Added.
16142 (JSC::CopiedSpace::tryAllocateSlowCase):
16143 * heap/CopiedSpace.h: Added.
16146 (JSC::CopiedSpace::isInCopyPhase):
16147 (JSC::CopiedSpace::totalMemoryAllocated):
16148 (JSC::CopiedSpace::totalMemoryUtilized):
16149 * heap/CopiedSpaceInlineMethods.h: Added.
16151 (JSC::CopiedSpace::CopiedSpace):
16152 (JSC::CopiedSpace::init):
16153 (JSC::CopiedSpace::contains):
16154 (JSC::CopiedSpace::pin):
16155 (JSC::CopiedSpace::startedCopying):
16156 (JSC::CopiedSpace::doneCopying):
16157 (JSC::CopiedSpace::doneFillingBlock):
16158 (JSC::CopiedSpace::recycleBlock):
16159 (JSC::CopiedSpace::getFreshBlock):
16160 (JSC::CopiedSpace::borrowBlock):
16161 (JSC::CopiedSpace::addNewBlock):
16162 (JSC::CopiedSpace::allocateNewBlock):
16163 (JSC::CopiedSpace::fitsInBlock):
16164 (JSC::CopiedSpace::fitsInCurrentBlock):
16165 (JSC::CopiedSpace::tryAllocate):
16166 (JSC::CopiedSpace::tryAllocateOversize):
16167 (JSC::CopiedSpace::allocateFromBlock):
16168 (JSC::CopiedSpace::tryReallocate):
16169 (JSC::CopiedSpace::tryReallocateOversize):
16170 (JSC::CopiedSpace::isOversize):
16171 (JSC::CopiedSpace::isPinned):
16172 (JSC::CopiedSpace::oversizeBlockFor):
16173 (JSC::CopiedSpace::blockFor):
16178 * heap/MarkStack.cpp:
16179 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
16180 (JSC::SlotVisitor::drainFromShared):
16181 (JSC::SlotVisitor::startCopying):
16182 (JSC::SlotVisitor::allocateNewSpace):
16183 (JSC::SlotVisitor::doneCopying):
16184 * heap/MarkStack.h:
16185 (MarkStackThreadSharedData):
16186 * heap/SlotVisitor.h:
16188 * runtime/JSArray.cpp:
16189 * runtime/JSObject.cpp:
16191 2012-02-16 Yuqiang Xian <yuqiang.xian@intel.com>
16193 Add JSC code profiling support on Linux x86
16194 https://bugs.webkit.org/show_bug.cgi?id=78871
16196 Reviewed by Gavin Barraclough.
16198 We don't unwind the stack for now as we cannot guarantee all the
16199 libraries are compiled without -fomit-frame-pointer.
16201 * tools/CodeProfile.cpp:
16202 (JSC::CodeProfile::sample):
16203 * tools/CodeProfiling.cpp:
16205 (JSC::profilingTimer):
16206 (JSC::CodeProfiling::begin):
16207 (JSC::CodeProfiling::end):
16209 2012-02-16 Csaba Osztrogonác <ossy@webkit.org>
16211 Unreviewed. Rolling out r107980, because it broke 32 bit platforms.
16213 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
16214 * interpreter/Interpreter.cpp:
16215 (JSC::Interpreter::throwException):
16216 (JSC::Interpreter::privateExecute):
16217 * interpreter/Interpreter.h:
16221 (GlobalObject::finishCreation):
16223 (JSC::FunctionBodyNode::setInferredName):
16226 * runtime/CommonIdentifiers.h:
16227 * runtime/Error.cpp:
16228 (JSC::addErrorInfo):
16232 2012-02-16 Filip Pizlo <fpizlo@apple.com>
16234 ENABLE_INTERPRETER should be ENABLE_CLASSIC_INTERPRETER
16235 https://bugs.webkit.org/show_bug.cgi?id=78791
16237 Rubber stamped by Oliver Hunt.
16239 Just a renaming, nothing more. Also renamed COMPUTED_GOTO_INTERPRETER to
16240 COMPUTED_GOTO_CLASSIC_INTERPRETER.
16242 * bytecode/CodeBlock.cpp:
16243 (JSC::CodeBlock::dump):
16244 (JSC::CodeBlock::stronglyVisitStrongReferences):
16246 (JSC::CodeBlock::shrinkToFit):
16247 * bytecode/CodeBlock.h:
16249 * bytecode/Instruction.h:
16250 (JSC::Instruction::Instruction):
16251 * bytecode/Opcode.h:
16252 (JSC::padOpcodeName):
16253 * bytecompiler/BytecodeGenerator.cpp:
16254 (JSC::BytecodeGenerator::emitResolve):
16255 (JSC::BytecodeGenerator::emitResolveWithBase):
16256 (JSC::BytecodeGenerator::emitGetById):
16257 (JSC::BytecodeGenerator::emitPutById):
16258 (JSC::BytecodeGenerator::emitDirectPutById):
16259 * interpreter/AbstractPC.cpp:
16260 (JSC::AbstractPC::AbstractPC):
16261 * interpreter/AbstractPC.h:
16263 * interpreter/CallFrame.h:
16265 * interpreter/Interpreter.cpp:
16267 (JSC::Interpreter::initialize):
16268 (JSC::Interpreter::isOpcode):
16269 (JSC::Interpreter::unwindCallFrame):
16270 (JSC::Interpreter::execute):
16271 (JSC::Interpreter::privateExecute):
16272 (JSC::Interpreter::retrieveLastCaller):
16273 * interpreter/Interpreter.h:
16274 (JSC::Interpreter::getOpcode):
16275 (JSC::Interpreter::getOpcodeID):
16277 * jit/ExecutableAllocatorFixedVMPool.cpp:
16278 (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
16279 * runtime/Executable.cpp:
16280 (JSC::EvalExecutable::compileInternal):
16281 (JSC::ProgramExecutable::compileInternal):
16282 (JSC::FunctionExecutable::compileForCallInternal):
16283 (JSC::FunctionExecutable::compileForConstructInternal):
16284 * runtime/Executable.h:
16285 (NativeExecutable):
16286 * runtime/JSGlobalData.cpp:
16287 (JSC::JSGlobalData::JSGlobalData):
16288 (JSC::JSGlobalData::getHostFunction):
16289 * runtime/JSGlobalData.h:
16291 * wtf/OSAllocatorPosix.cpp:
16292 (WTF::OSAllocator::reserveAndCommit):
16295 2012-02-15 Geoffrey Garen <ggaren@apple.com>
16297 Made Weak<T> single-owner, adding PassWeak<T>
16298 https://bugs.webkit.org/show_bug.cgi?id=78740
16300 Reviewed by Sam Weinig.
16302 This works basically the same way as OwnPtr<T> and PassOwnPtr<T>.
16304 This clarifies the semantics of finalizers: It's ambiguous and probably
16305 a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
16306 twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a
16307 Weak<T>, we now use PassWeak<T>.
16309 This also makes Weak<T> HashMaps more efficient.
16311 * API/JSClassRef.cpp:
16312 (OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since
16315 * JavaScriptCore.xcodeproj/project.pbxproj: Export!
16317 * heap/PassWeak.h: Added.
16320 (JSC::PassWeak::PassWeak):
16321 (JSC::PassWeak::~PassWeak):
16322 (JSC::PassWeak::get):
16323 (JSC::::leakHandle):
16326 (JSC::operator!=): This is the Weak<T> version of PassOwnPtr<T>.
16331 (JSC::Weak::release):
16332 (JSC::Weak::hashTableDeletedValue):
16334 (JSC): Changed to be non-copyable, removing a lot of copying-related
16335 APIs. Added hash traits so hash maps still work.
16337 * jit/JITStubs.cpp:
16338 (JSC::JITThunks::hostFunctionStub):
16339 * runtime/RegExpCache.cpp:
16340 (JSC::RegExpCache::lookupOrCreate): Use PassWeak<T>, as required by
16341 our new hash map API.
16343 2012-02-16 Mark Hahnenberg <mhahnenberg@apple.com>
16345 Fix the broken viewport tests
16346 https://bugs.webkit.org/show_bug.cgi?id=78774
16348 Reviewed by Kenneth Rohde Christiansen.
16350 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
16351 * wtf/text/WTFString.cpp:
16353 (WTF::toDoubleType): Template-ized to allow other functions to specify whether they
16354 want to allow trailing junk or not when calling strtod.
16355 (WTF::charactersToDouble):
16356 (WTF::charactersToFloat):
16357 (WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows
16359 * wtf/text/WTFString.h:
16362 2012-02-16 Oliver Hunt <oliver@apple.com>
16364 Implement Error.stack
16365 https://bugs.webkit.org/show_bug.cgi?id=66994
16367 Reviewed by Gavin Barraclough.
16369 Implement support for stack traces on exception objects. This is a rewrite
16370 of the core portion of the last stack walking logic, but the mechanical work
16371 of adding the information to an exception comes from the original work by
16372 Juan Carlos Montemayor Elosua.
16374 * interpreter/Interpreter.cpp:
16375 (JSC::getCallerInfo):
16377 (JSC::getSourceURLFromCallFrame):
16378 (JSC::getStackFrameCodeType):
16379 (JSC::Interpreter::getStackTrace):
16380 (JSC::Interpreter::throwException):
16381 (JSC::Interpreter::privateExecute):
16382 * interpreter/Interpreter.h:
16385 (JSC::StackFrame::toString):
16388 (GlobalObject::finishCreation):
16389 (functionJSCStack):
16391 (JSC::FunctionBodyNode::setInferredName):
16394 * runtime/CommonIdentifiers.h:
16395 * runtime/Error.cpp:
16396 (JSC::addErrorInfo):
16400 2012-02-15 Gavin Barraclough <barraclough@apple.com>
16402 Numerous trivial bugs in Object.defineProperty
16403 https://bugs.webkit.org/show_bug.cgi?id=78777
16405 Reviewed by Sam Weinig.
16407 There are a handful of really trivial bugs, related to Object.defineProperty:
16408 * Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
16409 * Calling an undefined setter should only throw in strict mode.
16410 * When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
16411 * Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
16412 * Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
16413 * If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
16414 * 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
16415 * Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
16416 * Should be able to define an non-configurable accessor.
16417 These are mostly all one-line changes, e.g. inverted boolean checks, masking against wrong attribute.
16419 * runtime/JSArray.cpp:
16420 (JSC::SparseArrayValueMap::put):
16422 - Calling an undefined setter should only throw in strict mode.
16423 (JSC::JSArray::putDescriptor):
16424 - Should be able to define an non-configurable accessor.
16425 (JSC::JSArray::defineOwnNumericProperty):
16426 - Any attempt to redefine a non-configurable property of an array as configurable should be rejected.
16427 (JSC::JSArray::putByIndexBeyondVectorLength):
16428 - If preventExtensions has been called on an array, subsequent assignment beyond array bounds should fail.
16429 * runtime/JSArray.h:
16431 - made enterDictionaryMode public, called from JSObject.
16432 * runtime/JSObject.cpp:
16433 (JSC::JSObject::put):
16434 - Calling an undefined setter should only throw in strict mode.
16435 (JSC::JSObject::preventExtensions):
16436 - Put array objects into dictionary mode to handle this!
16437 (JSC::JSObject::defineOwnProperty):
16438 - Should be able to redefine an non-writable, non-configurable property, with the same value and attributes.
16439 - Redefining an accessor with different attributes changes the attributes, but not the get/set functions!
16440 * runtime/ObjectConstructor.cpp:
16441 (JSC::objectConstructorDefineProperties):
16442 - Object.defineProperties should call toObject on 'Properties' argument, rather than throwing if it is not an object.
16443 * runtime/PropertyDescriptor.cpp:
16444 (JSC::PropertyDescriptor::attributesWithOverride):
16445 - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
16446 (JSC::PropertyDescriptor::attributesOverridingCurrent):
16447 - When redefining an accessor to a data decriptor, if writable is not specified we should default to false.
16448 * runtime/Structure.cpp:
16449 (JSC::Structure::freezeTransition):
16450 - 'freezeTransition' shouldn't be setting the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
16451 (JSC::Structure::isFrozen):
16452 - 'isFrozen' shouldn't be checking the ReadOnly bit for accessor descriptors (we presently always keep this bit as 'false').
16454 2012-02-13 Filip Pizlo <fpizlo@apple.com>
16456 DFG should not check the types of arguments that are dead
16457 https://bugs.webkit.org/show_bug.cgi?id=78518
16459 Reviewed by Geoff Garen.
16461 The argument checks are now elided if the corresponding SetArgument is dead,
16462 and the abstract value of the argument is set to bottom (None, []). This is
16463 performance neutral on the benchmarks we currently track.
16465 * dfg/DFGAbstractState.cpp:
16466 (JSC::DFG::AbstractState::initialize):
16467 * dfg/DFGSpeculativeJIT.cpp:
16468 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
16470 2012-02-15 Oliver Hunt <oliver@apple.com>
16472 Ensure that the DFG JIT always plants a CodeOrigin when making calls
16473 https://bugs.webkit.org/show_bug.cgi?id=78763
16475 Reviewed by Gavin Barraclough.
16477 Make all calls plant a CodeOrigin prior to the actual
16478 call. Also clobbers the Interpreter with logic to ensure
16479 that the interpreter always plants a bytecode offset.
16481 * dfg/DFGJITCompiler.cpp:
16482 (JSC::DFG::JITCompiler::link):
16483 (JSC::DFG::JITCompiler::compileFunction):
16484 * dfg/DFGJITCompiler.h:
16486 (JSC::DFG::JITCompiler::beginJSCall):
16487 (JSC::DFG::JITCompiler::beginCall):
16488 * dfg/DFGRepatch.cpp:
16489 (JSC::DFG::tryBuildGetByIDList):
16490 * dfg/DFGSpeculativeJIT.h:
16491 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
16492 * dfg/DFGSpeculativeJIT32_64.cpp:
16493 (JSC::DFG::SpeculativeJIT::emitCall):
16494 * dfg/DFGSpeculativeJIT64.cpp:
16495 (JSC::DFG::SpeculativeJIT::emitCall):
16496 * interpreter/AbstractPC.cpp:
16497 (JSC::AbstractPC::AbstractPC):
16498 * interpreter/CallFrame.cpp:
16499 (JSC::CallFrame::trueCallFrame):
16500 * interpreter/CallFrame.h:
16501 (JSC::ExecState::bytecodeOffsetForNonDFGCode):
16503 (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
16504 (JSC::ExecState::codeOriginIndexForDFG):
16506 2012-02-14 Oliver Hunt <oliver@apple.com>
16510 * runtime/Executable.cpp:
16512 * runtime/Executable.h:
16515 2012-02-14 Matt Lilek <mrl@apple.com>
16517 Don't ENABLE_DASHBOARD_SUPPORT unconditionally on all Mac platforms
16518 https://bugs.webkit.org/show_bug.cgi?id=78629
16520 Reviewed by David Kilzer.
16522 * Configurations/FeatureDefines.xcconfig:
16524 2012-02-14 Filip Pizlo <fpizlo@apple.com>
16526 Unreviewed, build fix for non-DFG platforms.
16528 * assembler/MacroAssembler.h:
16531 2012-02-14 Filip Pizlo <fpizlo@apple.com>
16533 Unreviewed, fix build and configuration goof.
16535 * assembler/MacroAssembler.h:
16536 (JSC::MacroAssembler::invert):
16539 2012-02-13 Filip Pizlo <fpizlo@apple.com>
16541 DFG should be able to emit code on control flow edges
16542 https://bugs.webkit.org/show_bug.cgi?id=78515
16544 Reviewed by Gavin Barraclough.
16546 This gets us a few steps closer to being able to perform global register allocation,
16547 by allowing us to have landing pads on control flow edges. This will let us reshuffle
16548 registers if it happens to be necessary due to different reg alloc decisions in
16551 This also introduces the notion of a landing pad for OSR entry, which will allow us
16552 to emit code that places data into registers when we're entering into the DFG from
16555 Finally, this patch introduces a verification mode that checks that the landing pads
16556 are actually emitted and do actually work as advertised. When verification is disabled,
16557 this has no effect on behavior.
16559 * assembler/MacroAssembler.h:
16561 (JSC::MacroAssembler::invert):
16562 (JSC::MacroAssembler::isInvertible):
16564 * dfg/DFGJITCompiler.cpp:
16565 (JSC::DFG::JITCompiler::compile):
16566 (JSC::DFG::JITCompiler::compileFunction):
16567 * dfg/DFGSpeculativeJIT.cpp:
16568 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
16569 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
16570 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
16571 (JSC::DFG::SpeculativeJIT::compile):
16572 (JSC::DFG::SpeculativeJIT::createOSREntries):
16574 (JSC::DFG::SpeculativeJIT::linkOSREntries):
16575 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
16576 * dfg/DFGSpeculativeJIT.h:
16578 (JSC::DFG::SpeculativeJIT::branchDouble):
16579 (JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
16580 (JSC::DFG::SpeculativeJIT::branch32):
16581 (JSC::DFG::SpeculativeJIT::branchTest32):
16582 (JSC::DFG::SpeculativeJIT::branchPtr):
16583 (JSC::DFG::SpeculativeJIT::branchTestPtr):
16584 (JSC::DFG::SpeculativeJIT::branchTest8):
16585 (JSC::DFG::SpeculativeJIT::jump):
16586 (JSC::DFG::SpeculativeJIT::haveEdgeCodeToEmit):
16587 (JSC::DFG::SpeculativeJIT::emitEdgeCode):
16588 * dfg/DFGSpeculativeJIT32_64.cpp:
16589 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
16590 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
16591 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
16592 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
16593 (JSC::DFG::SpeculativeJIT::emitBranch):
16594 (JSC::DFG::SpeculativeJIT::compile):
16595 * dfg/DFGSpeculativeJIT64.cpp:
16596 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
16597 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
16598 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
16599 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
16600 (JSC::DFG::SpeculativeJIT::emitBranch):
16601 (JSC::DFG::SpeculativeJIT::compile):
16603 2012-02-14 Filip Pizlo <fpizlo@apple.com>
16605 Assertion failure under JSC::DFG::AbstractState::execute loading economist.com
16606 https://bugs.webkit.org/show_bug.cgi?id=78153
16607 <rdar://problem/10861712> <rdar://problem/10861947>
16609 Reviewed by Oliver Hunt.
16611 * dfg/DFGAbstractState.cpp:
16612 (JSC::DFG::AbstractState::execute):
16613 * dfg/DFGSpeculativeJIT.cpp:
16614 (JSC::DFG::SpeculativeJIT::compileAdd):
16616 2012-02-14 Eric Seidel <eric@webkit.org>
16618 Upstream Android's additions to Platform.h
16619 https://bugs.webkit.org/show_bug.cgi?id=78536
16621 Reviewed by Adam Barth.
16625 2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com>
16627 Replace old strtod with new strtod
16628 https://bugs.webkit.org/show_bug.cgi?id=68044
16630 Reviewed by Geoffrey Garen.
16632 * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
16634 * runtime/JSGlobalObjectFunctions.cpp: Ditto.
16636 (JSC::jsStrDecimalLiteral):
16637 * runtime/LiteralParser.cpp: Ditto.
16638 (JSC::::Lexer::lexNumber):
16639 * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
16640 It takes a template argument to allow clients to determine statically whether it should allow
16641 junk after the numbers or not.
16646 * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
16647 (WTF::toDoubleType):
16649 2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com>
16651 More windows build fixing
16653 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
16655 2012-02-13 Oliver Hunt <oliver@apple.com>
16657 Executing out of bounds in JSC::Yarr::YarrCodeBlock::execute / JSC::RegExp::match
16658 https://bugs.webkit.org/show_bug.cgi?id=76315
16660 Reviewed by Gavin Barraclough.
16662 Perform a 3 byte compare using two comparisons, rather than trying to perform the
16663 operation with a four byte load.
16665 * yarr/YarrJIT.cpp:
16666 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
16668 2012-02-13 Mark Hahnenberg <mhahnenberg@apple.com>
16672 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
16674 2012-02-12 Mark Hahnenberg <mhahnenberg@apple.com>
16676 Replace old strtod with new strtod
16677 https://bugs.webkit.org/show_bug.cgi?id=68044
16679 Reviewed by Geoffrey Garen.
16681 * parser/Lexer.cpp: Added template argument. This version allows junk after numbers.
16683 * runtime/JSGlobalObjectFunctions.cpp: Ditto.
16685 (JSC::jsStrDecimalLiteral):
16686 * runtime/LiteralParser.cpp: Ditto.
16687 (JSC::::Lexer::lexNumber):
16688 * wtf/dtoa.cpp: Replaced old strtod with a new version that uses the new StringToDoubleConverter.
16689 It takes a template argument to allow clients to determine statically whether it should allow
16690 junk after the numbers or not.
16695 * wtf/text/WTFString.cpp: Added template argument. This version does not allow junk after numbers.
16696 (WTF::toDoubleType):
16698 2012-02-13 Sam Weinig <sam@webkit.org>
16700 Move JSC related assertions out of Assertions.h and into their own header
16701 https://bugs.webkit.org/show_bug.cgi?id=78508
16703 Reviewed by Gavin Barraclough.
16705 * GNUmakefile.list.am:
16706 * JavaScriptCore.gypi:
16707 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
16708 * JavaScriptCore.xcodeproj/project.pbxproj:
16711 * heap/GCAssertions.h: Added.
16712 Move assertions here.
16714 * runtime/WriteBarrier.h:
16715 Add #include of GCAssertions.h
16717 * wtf/Assertions.h:
16718 Remove JSC related assertions.
16721 Add compiler check for __has_trivial_destructor.
16723 2012-02-13 Chao-ying Fu <fu@mips.com>
16725 Update MIPS patchOffsetGetByIdSlowCaseCall
16726 https://bugs.webkit.org/show_bug.cgi?id=78392
16728 Reviewed by Gavin Barraclough.
16733 2012-02-13 Patrick Gansterer <paroga@webkit.org>
16735 Remove obsolete #if from ThreadSpecific.h
16736 https://bugs.webkit.org/show_bug.cgi?id=78485
16738 Reviewed by Adam Roben.
16740 Since alle platform use either pthread or Win32 for threading,
16741 we can remove all PLATFORM() preprocessor statements.
16743 * wtf/ThreadSpecific.h:
16746 2012-02-13 Jessie Berlin <jberlin@apple.com>
16748 Fix the Windows build.
16750 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
16752 2012-02-13 Sam Weinig <sam@webkit.org>
16754 Use C11's _Static_assert for COMPILE_ASSERT if it is available
16755 https://bugs.webkit.org/show_bug.cgi?id=78506
16757 Rubber-stamped by Antti Koivisto.
16759 Use C11's _Static_assert for COMPILE_ASSERT if it is available to give slightly
16760 better error messages.
16762 * wtf/Assertions.h:
16763 Use _Static_assert if it is available.
16766 Add COMPILER_SUPPORTS support for _Static_assert when using the LLVM Compiler.
16768 2012-02-13 Mario Sanchez Prada <msanchez@igalia.com>
16770 [GTK] Add GSList to the list of GObject types in GOwnPtr
16771 https://bugs.webkit.org/show_bug.cgi?id=78487
16773 Reviewed by Philippe Normand.
16775 Handle the GSList type in GOwnPtr, by calling g_slist_free in the
16776 implementation of the freeOwnedGPtr template function.
16778 * wtf/gobject/GOwnPtr.cpp:
16781 * wtf/gobject/GOwnPtr.h:
16783 * wtf/gobject/GTypedefs.h:
16785 2012-02-06 Raphael Kubo da Costa <kubo@profusion.mobi>
16787 [EFL] Drop support for the Curl network backend.
16788 https://bugs.webkit.org/show_bug.cgi?id=77874
16790 Reviewed by Eric Seidel.
16792 Nobody seems to be maintaining the Curl backend in WebCore, the
16793 EFL port developers all seem to be using the Soup backend and the
16794 port itself has many features which are only implemented for the
16797 * wtf/PlatformEfl.cmake: Always build the gobject-dependent source
16800 2012-02-13 Patrick Gansterer <paroga@webkit.org>
16802 Unreviewed. Build fix for !ENABLE(JIT) after r107485.
16804 * bytecode/PolymorphicPutByIdList.cpp:
16806 2012-02-13 Gavin Barraclough <barraclough@apple.com>
16808 https://bugs.webkit.org/show_bug.cgi?id=78434
16809 Unreviewed - temporarily reverting r107498 will I fix a couple of testcases.
16811 * parser/Parser.cpp:
16812 (JSC::::parseFunctionInfo):
16813 * runtime/ClassInfo.h:
16816 * runtime/JSCell.cpp:
16818 * runtime/JSCell.h:
16820 * runtime/JSGlobalObject.cpp:
16821 (JSC::JSGlobalObject::reset):
16822 * runtime/JSGlobalObjectFunctions.cpp:
16824 * runtime/JSGlobalObjectFunctions.h:
16826 * runtime/JSObject.cpp:
16827 (JSC::JSObject::put):
16829 (JSC::JSObject::putDirectAccessor):
16830 (JSC::JSObject::defineOwnProperty):
16831 * runtime/JSObject.h:
16832 (JSC::JSObject::inlineGetOwnPropertySlot):
16833 (JSC::JSValue::get):
16834 * runtime/JSString.cpp:
16835 (JSC::JSString::getOwnPropertySlot):
16836 * runtime/JSValue.h:
16838 * runtime/ObjectConstructor.cpp:
16839 (JSC::objectConstructorGetPrototypeOf):
16840 * runtime/Structure.cpp:
16841 (JSC::Structure::Structure):
16842 * runtime/Structure.h:
16843 (JSC::Structure::setHasGetterSetterProperties):
16846 2012-02-12 Ashod Nakashian <ashodnakashian@yahoo.com>
16848 KeywordLookupGenerator.py script fails in some cases
16849 https://bugs.webkit.org/show_bug.cgi?id=77886
16851 Reviewed by Benjamin Poulain.
16853 * parser/Keywords.table: Converted to LF-only.
16855 2012-02-12 Shinya Kawanaka <shinyak@google.com>
16857 Introduce ShadowRootList.
16858 https://bugs.webkit.org/show_bug.cgi?id=78069
16860 Reviewed by Hajime Morita.
16862 DoublyLinkedList should have tail() method to take the last element.
16864 * wtf/DoublyLinkedList.h:
16865 (DoublyLinkedList):
16869 2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi>
16871 [CMake] Move source files in WTF_HEADERS to WTF_SOURCES.
16872 https://bugs.webkit.org/show_bug.cgi?id=78436
16874 Reviewed by Daniel Bates.
16876 * wtf/CMakeLists.txt: Move .cpp files from WTF_HEADERS to WTF_SOURCES,
16877 and correctly sort the files which start with 'M'.
16879 2012-02-12 Sam Weinig <sam@webkit.org>
16881 Move the NumberOfCores.h/cpp files into the WTF group of JavaScriptCore.xcodeproj.
16883 Rubber-stamped by Anders Carlsson.
16885 * JavaScriptCore.xcodeproj/project.pbxproj:
16887 2012-02-12 Raphael Kubo da Costa <kubo@profusion.mobi>
16889 [CMake] Remove unused or empty variable definitions.
16890 https://bugs.webkit.org/show_bug.cgi?id=78437
16892 Reviewed by Daniel Bates.
16894 * CMakeLists.txt: Remove unused JavaScriptCore_HEADERS definition.
16895 * shell/CMakeLists.txt: Remove unused JSC_HEADERS definition.
16896 * wtf/CMakeLists.txt: Remove empty WTF_LIBRARIES definition, it will
16897 be defined later by Platform*.cmake via LIST(APPEND WTF_LIBRARIES).
16899 2012-02-12 Filip Pizlo <fpizlo@apple.com>
16901 DFG::SpeculativeJIT calls fprintf() instead of dataLog in terminateSpeculativeExecution()
16902 https://bugs.webkit.org/show_bug.cgi?id=78431
16904 Reviewed by Gavin Barraclough.
16906 * dfg/DFGSpeculativeJIT.h:
16907 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
16909 2012-02-11 Benjamin Poulain <benjamin@webkit.org>
16911 Add back WTFURL to WebKit
16912 https://bugs.webkit.org/show_bug.cgi?id=77291
16914 Reviewed by Adam Barth.
16916 WTFURL was removed from WebKit in r86787.
16918 This patch adds the code back to WTF with the following changes:
16919 -Guard the feature with USE(WTFURL).
16920 -Change the typename CHAR to CharacterType to follow recent WebKit conventions.
16921 -Fix some coding style to make check-webkit-style happy.
16923 * JavaScriptCore.xcodeproj/project.pbxproj:
16925 * wtf/url/api/ParsedURL.cpp: Added.
16927 (WTF::ParsedURL::ParsedURL):
16928 (WTF::ParsedURL::scheme):
16929 (WTF::ParsedURL::username):
16930 (WTF::ParsedURL::password):
16931 (WTF::ParsedURL::host):
16932 (WTF::ParsedURL::port):
16933 (WTF::ParsedURL::path):
16934 (WTF::ParsedURL::query):
16935 (WTF::ParsedURL::fragment):
16936 (WTF::ParsedURL::segment):
16937 * wtf/url/api/ParsedURL.h: Added.
16940 (WTF::ParsedURL::spec):
16941 * wtf/url/api/URLString.h: Added.
16944 (WTF::URLString::URLString):
16945 (WTF::URLString::string):
16946 * wtf/url/src/RawURLBuffer.h: Added.
16949 (WTF::RawURLBuffer::RawURLBuffer):
16950 (WTF::RawURLBuffer::~RawURLBuffer):
16951 (WTF::RawURLBuffer::resize):
16952 * wtf/url/src/URLBuffer.h: Added.
16955 (WTF::URLBuffer::URLBuffer):
16956 (WTF::URLBuffer::~URLBuffer):
16957 (WTF::URLBuffer::at):
16958 (WTF::URLBuffer::set):
16959 (WTF::URLBuffer::capacity):
16960 (WTF::URLBuffer::length):
16961 (WTF::URLBuffer::data):
16962 (WTF::URLBuffer::setLength):
16963 (WTF::URLBuffer::append):
16964 (WTF::URLBuffer::grow):
16965 * wtf/url/src/URLCharacterTypes.cpp: Added.
16968 * wtf/url/src/URLCharacterTypes.h: Added.
16970 (URLCharacterTypes):
16971 (WTF::URLCharacterTypes::isQueryChar):
16972 (WTF::URLCharacterTypes::isIPv4Char):
16973 (WTF::URLCharacterTypes::isHexChar):
16975 (WTF::URLCharacterTypes::isCharOfType):
16976 * wtf/url/src/URLComponent.h: Added.
16979 (WTF::URLComponent::URLComponent):
16980 (WTF::URLComponent::fromRange):
16981 (WTF::URLComponent::isValid):
16982 (WTF::URLComponent::isNonEmpty):
16983 (WTF::URLComponent::isEmptyOrInvalid):
16984 (WTF::URLComponent::reset):
16985 (WTF::URLComponent::operator==):
16986 (WTF::URLComponent::begin):
16987 (WTF::URLComponent::setBegin):
16988 (WTF::URLComponent::length):
16989 (WTF::URLComponent::setLength):
16990 (WTF::URLComponent::end):
16991 * wtf/url/src/URLEscape.cpp: Added.
16994 * wtf/url/src/URLEscape.h: Added.
16996 (WTF::appendURLEscapedCharacter):
16997 * wtf/url/src/URLParser.h: Added.
17001 (WTF::URLParser::isPossibleAuthorityTerminator):
17002 (WTF::URLParser::parseAuthority):
17003 (WTF::URLParser::extractScheme):
17004 (WTF::URLParser::parseAfterScheme):
17005 (WTF::URLParser::parseStandardURL):
17006 (WTF::URLParser::parsePath):
17007 (WTF::URLParser::parsePathURL):
17008 (WTF::URLParser::parseMailtoURL):
17009 (WTF::URLParser::parsePort):
17010 (WTF::URLParser::extractFileName):
17011 (WTF::URLParser::extractQueryKeyValue):
17012 (WTF::URLParser::isURLSlash):
17013 (WTF::URLParser::shouldTrimFromURL):
17014 (WTF::URLParser::trimURL):
17015 (WTF::URLParser::consecutiveSlashes):
17016 (WTF::URLParser::isPortDigit):
17017 (WTF::URLParser::nextAuthorityTerminator):
17018 (WTF::URLParser::parseUserInfo):
17019 (WTF::URLParser::parseServerInfo):
17020 * wtf/url/src/URLQueryCanonicalizer.h: Added.
17022 (URLQueryCanonicalizer):
17023 (WTF::URLQueryCanonicalizer::canonicalize):
17024 (WTF::URLQueryCanonicalizer::isAllASCII):
17025 (WTF::URLQueryCanonicalizer::isRaw8Bit):
17026 (WTF::URLQueryCanonicalizer::appendRaw8BitQueryString):
17027 (WTF::URLQueryCanonicalizer::convertToQueryEncoding):
17028 * wtf/url/src/URLSegments.cpp: Added.
17030 (WTF::URLSegments::length):
17031 (WTF::URLSegments::charactersBefore):
17032 * wtf/url/src/URLSegments.h: Added.
17036 (WTF::URLSegments::URLSegments):
17038 2012-02-11 Filip Pizlo <fpizlo@apple.com>
17040 Old JIT put_by_id profiling counts every put_by_id_transition as taking slow path
17041 https://bugs.webkit.org/show_bug.cgi?id=78430
17042 <rdar://problem/10849469> <rdar://problem/10849684>
17044 Reviewed by Gavin Barraclough.
17046 The old JIT's put_by_id transition caching involves repatching the slow call to
17047 a generated stub. That means that the call is counted as "slow case". So, this
17048 patch inserts code to decrement the slow case count if the stub succeeds.
17050 Looks like a ~1% speed-up on V8.
17052 * jit/JITPropertyAccess.cpp:
17053 (JSC::JIT::privateCompilePutByIdTransition):
17054 * jit/JITPropertyAccess32_64.cpp:
17055 (JSC::JIT::privateCompilePutByIdTransition):
17057 2012-02-11 Filip Pizlo <fpizlo@apple.com>
17063 2012-02-11 Filip Pizlo <fpizlo@apple.com>
17065 It should be possible to send all JSC debug logging to a file
17066 https://bugs.webkit.org/show_bug.cgi?id=78418
17068 Reviewed by Sam Weinig.
17070 Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
17071 and WTF::dataLogV. Changed all debugging- and profiling-related printfs
17072 to use WTF::dataLog() or one of its friends. By default, debug logging
17073 goes to stderr, unless you change the setting in wtf/DataLog.cpp.
17075 * GNUmakefile.list.am:
17076 * JavaScriptCore.gypi:
17077 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
17078 * JavaScriptCore.xcodeproj/project.pbxproj:
17079 * assembler/LinkBuffer.h:
17080 (JSC::LinkBuffer::dumpLinkStatistics):
17081 (JSC::LinkBuffer::dumpCode):
17082 * assembler/SH4Assembler.h:
17083 (JSC::SH4Assembler::vprintfStdoutInstr):
17084 * bytecode/CodeBlock.cpp:
17085 (JSC::CodeBlock::printUnaryOp):
17086 (JSC::CodeBlock::printBinaryOp):
17087 (JSC::CodeBlock::printConditionalJump):
17088 (JSC::CodeBlock::printGetByIdOp):
17089 (JSC::CodeBlock::printCallOp):
17090 (JSC::CodeBlock::printPutByIdOp):
17091 (JSC::printGlobalResolveInfo):
17092 (JSC::printStructureStubInfo):
17093 (JSC::CodeBlock::printStructure):
17094 (JSC::CodeBlock::printStructures):
17095 (JSC::CodeBlock::dump):
17096 (JSC::CodeBlock::dumpStatistics):
17097 (JSC::CodeBlock::finalizeUnconditionally):
17098 (JSC::CodeBlock::shouldOptimizeNow):
17099 (JSC::CodeBlock::tallyFrequentExitSites):
17100 (JSC::CodeBlock::dumpValueProfiles):
17101 * bytecode/Opcode.cpp:
17102 (JSC::OpcodeStats::~OpcodeStats):
17103 * bytecode/SamplingTool.cpp:
17104 (JSC::SamplingFlags::stop):
17105 (JSC::SamplingRegion::dumpInternal):
17106 (JSC::SamplingTool::dump):
17107 * dfg/DFGAbstractState.cpp:
17108 (JSC::DFG::AbstractState::endBasicBlock):
17109 (JSC::DFG::AbstractState::mergeStateAtTail):
17110 * dfg/DFGByteCodeParser.cpp:
17111 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
17112 (JSC::DFG::ByteCodeParser::makeSafe):
17113 (JSC::DFG::ByteCodeParser::makeDivSafe):
17114 (JSC::DFG::ByteCodeParser::handleCall):
17115 (JSC::DFG::ByteCodeParser::handleInlining):
17116 (JSC::DFG::ByteCodeParser::parseBlock):
17117 (JSC::DFG::ByteCodeParser::processPhiStack):
17118 (JSC::DFG::ByteCodeParser::linkBlock):
17119 (JSC::DFG::ByteCodeParser::parseCodeBlock):
17120 (JSC::DFG::ByteCodeParser::parse):
17122 * dfg/DFGDriver.cpp:
17123 (JSC::DFG::compile):
17124 * dfg/DFGGraph.cpp:
17125 (JSC::DFG::printWhiteSpace):
17126 (JSC::DFG::Graph::dumpCodeOrigin):
17127 (JSC::DFG::Graph::dump):
17128 (JSC::DFG::Graph::predictArgumentTypes):
17129 * dfg/DFGJITCompiler.cpp:
17130 (JSC::DFG::JITCompiler::link):
17131 * dfg/DFGOSREntry.cpp:
17132 (JSC::DFG::prepareOSREntry):
17133 * dfg/DFGOSRExitCompiler.cpp:
17134 * dfg/DFGOSRExitCompiler32_64.cpp:
17135 (JSC::DFG::OSRExitCompiler::compileExit):
17136 * dfg/DFGOSRExitCompiler64.cpp:
17137 (JSC::DFG::OSRExitCompiler::compileExit):
17138 * dfg/DFGOperations.cpp:
17139 * dfg/DFGPropagator.cpp:
17140 (JSC::DFG::Propagator::fixpoint):
17141 (JSC::DFG::Propagator::propagateArithNodeFlags):
17142 (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
17143 (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
17144 (JSC::DFG::Propagator::propagateNodePredictions):
17145 (JSC::DFG::Propagator::propagatePredictionsForward):
17146 (JSC::DFG::Propagator::propagatePredictionsBackward):
17147 (JSC::DFG::Propagator::doRoundOfDoubleVoting):
17148 (JSC::DFG::Propagator::fixupNode):
17149 (JSC::DFG::Propagator::fixup):
17150 (JSC::DFG::Propagator::startIndexForChildren):
17151 (JSC::DFG::Propagator::endIndexForPureCSE):
17152 (JSC::DFG::Propagator::setReplacement):
17153 (JSC::DFG::Propagator::eliminate):
17154 (JSC::DFG::Propagator::performNodeCSE):
17155 (JSC::DFG::Propagator::localCSE):
17156 (JSC::DFG::Propagator::allocateVirtualRegisters):
17157 (JSC::DFG::Propagator::performBlockCFA):
17158 (JSC::DFG::Propagator::performForwardCFA):
17159 * dfg/DFGRegisterBank.h:
17160 (JSC::DFG::RegisterBank::dump):
17161 * dfg/DFGScoreBoard.h:
17162 (JSC::DFG::ScoreBoard::dump):
17163 * dfg/DFGSpeculativeJIT.cpp:
17164 (JSC::DFG::SpeculativeJIT::dump):
17165 (JSC::DFG::SpeculativeJIT::checkConsistency):
17166 (JSC::DFG::SpeculativeJIT::compile):
17167 * dfg/DFGSpeculativeJIT32_64.cpp:
17168 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
17169 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
17170 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
17171 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
17172 * dfg/DFGSpeculativeJIT64.cpp:
17173 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
17174 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
17175 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
17176 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
17178 (JSC::Heap::destroy):
17179 * heap/MarkedBlock.h:
17180 * interpreter/CallFrame.cpp:
17181 (JSC::CallFrame::dumpCaller):
17182 * interpreter/Interpreter.cpp:
17183 (JSC::Interpreter::dumpRegisters):
17185 (JSC::JIT::privateCompileMainPass):
17186 (JSC::JIT::privateCompileSlowCases):
17187 (JSC::JIT::privateCompile):
17188 * jit/JITStubs.cpp:
17189 (JSC::DEFINE_STUB_FUNCTION):
17190 * profiler/Profile.cpp:
17191 (JSC::Profile::debugPrintData):
17192 (JSC::Profile::debugPrintDataSampleStyle):
17193 * profiler/ProfileNode.cpp:
17194 (JSC::ProfileNode::debugPrintData):
17195 (JSC::ProfileNode::debugPrintDataSampleStyle):
17196 * runtime/JSGlobalData.cpp:
17197 (JSC::JSGlobalData::dumpRegExpTrace):
17198 * runtime/RegExp.cpp:
17199 (JSC::RegExp::matchCompareWithInterpreter):
17200 * runtime/SamplingCounter.cpp:
17201 (JSC::AbstractSamplingCounter::dump):
17202 * runtime/SamplingCounter.h:
17203 (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
17204 * runtime/ScopeChain.cpp:
17205 (JSC::ScopeChainNode::print):
17206 * runtime/Structure.cpp:
17207 (JSC::Structure::dumpStatistics):
17208 (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
17209 * tools/CodeProfile.cpp:
17210 (JSC::CodeProfile::report):
17211 * tools/ProfileTreeNode.h:
17212 (JSC::ProfileTreeNode::dumpInternal):
17213 * wtf/CMakeLists.txt:
17214 * wtf/DataLog.cpp: Added.
17216 (WTF::initializeLogFileOnce):
17217 (WTF::initializeLogFile):
17221 * wtf/DataLog.h: Added.
17223 * wtf/HashTable.cpp:
17224 (WTF::HashTableStats::~HashTableStats):
17225 * wtf/MetaAllocator.cpp:
17226 (WTF::MetaAllocator::dumpProfile):
17227 * wtf/text/WTFString.cpp:
17229 * yarr/YarrInterpreter.cpp:
17230 (JSC::Yarr::ByteCompiler::dumpDisjunction):
17232 2012-02-11 Gavin Barraclough <barraclough@apple.com>
17234 Move special __proto__ property to Object.prototype
17235 https://bugs.webkit.org/show_bug.cgi?id=78409
17237 Reviewed by Oliver Hunt.
17239 Re-implement this as a regular accessor property. This has three key benefits:
17240 1) It makes it possible for objects to be given properties named __proto__.
17241 2) Object.prototype.__proto__ can be deleted, preventing object prototypes from being changed.
17242 3) This largely removes the magic used the implement __proto__, it can just be made a regular accessor property.
17244 * parser/Parser.cpp:
17245 (JSC::::parseFunctionInfo):
17246 - No need to prohibit functions named __proto__.
17247 * runtime/JSGlobalObject.cpp:
17248 (JSC::JSGlobalObject::reset):
17249 - Add __proto__ accessor to Object.prototype.
17250 * runtime/JSGlobalObjectFunctions.cpp:
17251 (JSC::globalFuncProtoGetter):
17252 (JSC::globalFuncProtoSetter):
17253 - Definition of the __proto__ accessor functions.
17254 * runtime/JSGlobalObjectFunctions.h:
17255 - Declaration of the __proto__ accessor functions.
17256 * runtime/JSObject.cpp:
17257 (JSC::JSObject::put):
17258 - Remove the special handling for __proto__, there is still a check to allow for a fast guard for accessors excluding __proto__.
17259 (JSC::JSObject::putDirectAccessor):
17260 - Track on the structure whether an object contains accessors other than one for __proto__.
17261 (JSC::JSObject::defineOwnProperty):
17262 - No need to prohibit definition of own properties named __proto__.
17263 * runtime/JSObject.h:
17264 (JSC::JSObject::inlineGetOwnPropertySlot):
17265 - Remove the special handling for __proto__.
17266 (JSC::JSValue::get):
17267 - Remove the special handling for __proto__.
17268 * runtime/JSString.cpp:
17269 (JSC::JSString::getOwnPropertySlot):
17270 - Remove the special handling for __proto__.
17271 * runtime/JSValue.h:
17273 - Made synthesizePrototype public (this may be needed by the __proto__ getter).
17274 * runtime/ObjectConstructor.cpp:
17275 (JSC::objectConstructorGetPrototypeOf):
17276 - Perform the security check & call prototype() directly.
17277 * runtime/Structure.cpp:
17278 (JSC::Structure::Structure):
17279 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
17280 * runtime/Structure.h:
17281 (JSC::Structure::hasGetterSetterPropertiesExcludingProto):
17282 (JSC::Structure::setHasGetterSetterProperties):
17284 - Added 'ExcludingProto' variant of the 'hasGetterSetterProperties' state.
17286 2012-02-11 Filip Pizlo <fpizlo@apple.com>
17288 DFG CFA assumes that a WeakJSConstant's structure is known
17289 https://bugs.webkit.org/show_bug.cgi?id=78428
17290 <rdar://problem/10849492> <rdar://problem/10849621>
17292 Reviewed by Gavin Barraclough.
17294 * dfg/DFGAbstractState.cpp:
17295 (JSC::DFG::AbstractState::execute):
17297 2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com>
17301 * heap/MarkedBlock.cpp:
17302 (JSC::MarkedBlock::callDestructor): Platforms that don't use clang will allocate
17303 JSFinalObjects in the destuctor subspace, so we should remove this assert so it
17304 doesn't cause crashes.
17306 2012-02-11 Filip Pizlo <fpizlo@apple.com>
17308 Old 32_64 JIT should assert that its use of map() is consistent with the DFG
17309 OSR exit's expectations
17310 https://bugs.webkit.org/show_bug.cgi?id=78419
17311 <rdar://problem/10817121>
17313 Reviewed by Oliver Hunt.
17315 * jit/JITInlineMethods.h:
17318 2012-02-11 Mark Hahnenberg <mhahnenberg@apple.com>
17320 Reduce the reentrancy limit of the interpreter for the iOS simulator
17321 https://bugs.webkit.org/show_bug.cgi?id=78400
17323 Reviewed by Gavin Barraclough.
17325 * interpreter/Interpreter.h: Lowered the maximum reentrancy limit for large thread stacks.
17328 2012-02-11 Filip Pizlo <fpizlo@apple.com>
17330 [DFG] Misuse of WeakJSConstants in silentFillGPR code.
17331 https://bugs.webkit.org/show_bug.cgi?id=78423
17332 <rdar://problem/10849353> <rdar://problem/10804043>
17334 Reviewed by Sam Weinig.
17336 The code was using Node::isConstant(), when it was supposed to use Node::hasConstant().
17337 This patch is a surgical fix; the bigger problem is: why do we have isConstant() and
17338 hasConstant() when hasConstant() is correct and isConstant() is almost always wrong?
17340 * dfg/DFGSpeculativeJIT.h:
17341 (JSC::DFG::SpeculativeJIT::silentFillGPR):
17343 2012-02-11 Sam Weinig <sam@webkit.org>
17345 Prepare JavaScriptCore to build with libc++
17346 <rdar://problem/10426673>
17347 https://bugs.webkit.org/show_bug.cgi?id=78424
17349 Reviewed by Anders Carlsson.
17353 libc++ provides std::nullptr emulation, so we don't have to.
17355 2012-02-07 Filip Pizlo <fpizlo@apple.com>
17357 DFG should have polymorphic put_by_id caching
17358 https://bugs.webkit.org/show_bug.cgi?id=78062
17359 <rdar://problem/10326439> <rdar://problem/10824839>
17361 Reviewed by Oliver Hunt.
17363 Implemented polymorphic put_by_id caching in the DFG, and added much of the
17364 machinery that would be needed to implement it in the old JIT as well.
17366 I decided against using the old PolymorphicAccessStructureList mechanism as
17367 this didn't quite fit with put_by_id. In particular, I wanted the ability to
17368 have one list that captured all relevant cases (including proto put_by_id
17369 if we ever decided to do it). And I wanted the code to have better
17370 encapsulation. And I didn't want to get confused by the fact that the
17371 original (non-list) put_by_id cache may itself consist of a stub routine.
17373 This code is still sub-optimal (for example adding a replace to a list whose
17374 previous elements are all transitions should just repatch the original code,
17375 but here it will generate a stub) but it already generates a >20% speed-up
17376 on V8-splay, leading to a 2% win overall in splay. Neutral elsewhere.
17379 * GNUmakefile.list.am:
17380 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
17381 * JavaScriptCore.xcodeproj/project.pbxproj:
17383 * bytecode/PolymorphicPutByIdList.cpp: Added.
17385 (JSC::PutByIdAccess::fromStructureStubInfo):
17386 (JSC::PutByIdAccess::visitWeak):
17387 (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
17388 (JSC::PolymorphicPutByIdList::from):
17389 (JSC::PolymorphicPutByIdList::~PolymorphicPutByIdList):
17390 (JSC::PolymorphicPutByIdList::isFull):
17391 (JSC::PolymorphicPutByIdList::isAlmostFull):
17392 (JSC::PolymorphicPutByIdList::addAccess):
17393 (JSC::PolymorphicPutByIdList::visitWeak):
17394 * bytecode/PolymorphicPutByIdList.h: Added.
17397 (JSC::PutByIdAccess::PutByIdAccess):
17398 (JSC::PutByIdAccess::transition):
17399 (JSC::PutByIdAccess::replace):
17400 (JSC::PutByIdAccess::isSet):
17401 (JSC::PutByIdAccess::operator!):
17402 (JSC::PutByIdAccess::type):
17403 (JSC::PutByIdAccess::isTransition):
17404 (JSC::PutByIdAccess::isReplace):
17405 (JSC::PutByIdAccess::oldStructure):
17406 (JSC::PutByIdAccess::structure):
17407 (JSC::PutByIdAccess::newStructure):
17408 (JSC::PutByIdAccess::chain):
17409 (JSC::PutByIdAccess::stubRoutine):
17410 (PolymorphicPutByIdList):
17411 (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
17412 (JSC::PolymorphicPutByIdList::isEmpty):
17413 (JSC::PolymorphicPutByIdList::size):
17414 (JSC::PolymorphicPutByIdList::at):
17415 (JSC::PolymorphicPutByIdList::operator[]):
17416 (JSC::PolymorphicPutByIdList::kind):
17417 * bytecode/PutKind.h: Added.
17419 * bytecode/StructureStubInfo.cpp:
17420 (JSC::StructureStubInfo::deref):
17421 (JSC::StructureStubInfo::visitWeakReferences):
17422 * bytecode/StructureStubInfo.h:
17424 (JSC::isPutByIdAccess):
17425 (JSC::StructureStubInfo::initPutByIdList):
17426 (StructureStubInfo):
17427 (JSC::StructureStubInfo::reset):
17428 * dfg/DFGOperations.cpp:
17429 * dfg/DFGOperations.h:
17431 * dfg/DFGRepatch.cpp:
17432 (JSC::DFG::appropriateGenericPutByIdFunction):
17433 (JSC::DFG::appropriateListBuildingPutByIdFunction):
17435 (JSC::DFG::emitPutReplaceStub):
17436 (JSC::DFG::emitPutTransitionStub):
17437 (JSC::DFG::tryCachePutByID):
17438 (JSC::DFG::dfgRepatchPutByID):
17439 (JSC::DFG::tryBuildPutByIdList):
17440 (JSC::DFG::dfgBuildPutByIdList):
17441 (JSC::DFG::dfgResetPutByID):
17442 * dfg/DFGRepatch.h:
17444 * runtime/WriteBarrier.h:
17445 (WriteBarrierBase):
17446 (JSC::WriteBarrierBase::copyFrom):
17448 2012-02-10 Vineet Chaudhary <rgf748@motorola.com>
17450 https://bugs.webkit.org/show_bug.cgi?id=72756
17451 DOMHTMLElement’s accessKey property is declared as available in WebKit version that didn’t have it
17453 Reviewed by Timothy Hatcher.
17455 * API/WebKitAvailability.h: Added AVAILABLE_AFTER_WEBKIT_VERSION_5_1 and
17456 AVAILABLE_WEBKIT_VERSION_1_3_AND_LATER_BUT_DEPRECATED_AFTER_WEBKIT_VERSION_5_1 for the new versions.
17458 2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
17460 Fixing windows build
17462 Unreviewed build fix
17464 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
17466 2012-02-10 Adam Klein <adamk@chromium.org>
17468 Enable MUTATION_OBSERVERS by default on all platforms
17469 https://bugs.webkit.org/show_bug.cgi?id=78196
17471 Reviewed by Ojan Vafai.
17473 * Configurations/FeatureDefines.xcconfig:
17475 2012-02-10 Yong Li <yoli@rim.com>
17477 ENABLE(ASSEMBLER_WX_EXCLUSIVE): LinkBuffer can leave pages not marked as executable.
17478 https://bugs.webkit.org/show_bug.cgi?id=76724
17480 Reviewed by Rob Buis.
17482 This issue only exists when both ENABLE(ASSEMBLER_WX_EXCLUSIVE) and ENABLE(BRANCH_COMPACTION) are on.
17483 The size used to call makeExecutable can be smaller than the one that was used for makeWritable.
17484 So it can leave pages behind that are not set back to default flags. When an assembly on one of those
17485 pages is executed or JIT returns to those pages in the case it was already executing from there, the
17486 software will crash.
17488 * assembler/LinkBuffer.h: Add m_initialSize and use it in performFinalization().
17489 (JSC::LinkBuffer::LinkBuffer):
17490 (JSC::LinkBuffer::linkCode):
17491 (JSC::LinkBuffer::performFinalization):
17494 2012-02-10 Mark Hahnenberg <mhahnenberg@apple.com>
17496 Split MarkedSpace into destructor and destructor-free subspaces
17497 https://bugs.webkit.org/show_bug.cgi?id=77761
17499 Reviewed by Geoffrey Garen.
17501 * dfg/DFGSpeculativeJIT.h:
17502 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
17504 (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to
17505 pick which subspace they want to allocate out of.
17506 (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
17508 (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
17510 (JSC::Heap::allocateWithoutDestructor): Ditto.
17511 * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate
17512 their MarkedBlocks correctly.
17513 (JSC::MarkedAllocator::allocateBlock):
17514 * heap/MarkedAllocator.h:
17515 (JSC::MarkedAllocator::cellsNeedDestruction):
17517 (JSC::MarkedAllocator::MarkedAllocator):
17519 (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
17520 an init function that does all of that stuff in fewer lines.
17521 * heap/MarkedBlock.cpp:
17522 (JSC::MarkedBlock::create):
17523 (JSC::MarkedBlock::recycle):
17524 (JSC::MarkedBlock::MarkedBlock):
17525 (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make
17526 checking the m_cellsNeedDestructor flag faster and cleaner looking.
17528 (JSC::MarkedBlock::specializedSweep):
17529 (JSC::MarkedBlock::sweep):
17530 (JSC::MarkedBlock::sweepHelper):
17531 * heap/MarkedBlock.h:
17533 (JSC::MarkedBlock::cellsNeedDestruction):
17535 * heap/MarkedSpace.cpp:
17536 (JSC::MarkedSpace::MarkedSpace):
17537 (JSC::MarkedSpace::resetAllocators):
17538 (JSC::MarkedSpace::canonicalizeCellLivenessData):
17539 (JSC::TakeIfUnmarked::operator()):
17540 * heap/MarkedSpace.h:
17543 (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of
17546 (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
17547 (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
17548 (JSC::MarkedSpace::allocateWithDestructor): Ditto.
17549 (JSC::MarkedSpace::forEachBlock):
17551 * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
17552 (JSC::JIT::emitAllocateBasicJSObject):
17553 (JSC::JIT::emitAllocateJSFinalObject):
17554 (JSC::JIT::emitAllocateJSFunction):
17555 * runtime/JSArray.cpp:
17557 * runtime/JSArray.h:
17559 (JSC::JSArray::create):
17561 (JSC::JSArray::tryCreateUninitialized):
17562 * runtime/JSCell.h:
17565 (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires
17566 destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this
17567 constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
17568 (JSC::allocateCell):
17569 * runtime/JSFunction.cpp:
17571 * runtime/JSFunction.h:
17573 * runtime/JSObject.cpp:
17575 * runtime/JSObject.h:
17576 (JSNonFinalObject):
17579 (JSC::JSFinalObject::create):
17581 2012-02-10 Adrienne Walker <enne@google.com>
17583 Remove implicit copy constructor usage in HashMaps with OwnPtr
17584 https://bugs.webkit.org/show_bug.cgi?id=78071
17586 Reviewed by Darin Adler.
17588 Change the return type of emptyValue() in PairHashTraits to be the
17589 actual type returned rather than the trait type to avoid an implicit
17590 generation of the OwnPtr copy constructor. This happens for hash
17591 traits involving OwnPtr where the empty value is not zero and each
17592 hash bucket needs to be initialized with emptyValue().
17594 Also, update StructureTransitionTable to use default hash traits
17595 rather than rolling its own, in order to update it to handle
17598 Test: patch from bug 74154 compiles on Clang with this patch
17600 * runtime/StructureTransitionTable.h:
17601 (StructureTransitionTable):
17602 * wtf/HashTraits.h:
17603 (GenericHashTraits):
17605 (WTF::PairHashTraits::emptyValue):
17607 2012-02-10 Aron Rosenberg <arosenberg@logitech.com>
17609 [Qt] Fix compiler warning in Visual Studio 2010 about TR1
17610 https://bugs.webkit.org/show_bug.cgi?id=63642
17612 Reviewed by Simon Hausmann.
17614 * JavaScriptCore.pri:
17616 2012-02-10 Michael Saboff <msaboff@apple.com>
17618 Yarr assert with regexp where alternative in *-quantified group matches empty
17619 https://bugs.webkit.org/show_bug.cgi?id=67752
17621 Reviewed by Gavin Barraclough.
17623 Added backtracking for the prior alternative if it matched
17624 but didn't consume any input characters.
17626 * yarr/YarrJIT.cpp:
17627 (YarrOp): New jump.
17628 (JSC::Yarr::YarrGenerator::generate): Emit conditional jump
17629 when an alternative matches and no input was consumed. Moved the
17630 zero length match check for a set of alternatives to the alternative
17631 code from the parentheses cases to the alternative end cases.
17632 Converted the existing zero length checks in the parentheses cases
17633 to runtime assertion checks.
17634 (JSC::Yarr::YarrGenerator::backtrack): Link new jump to backtrack
17637 2012-02-10 Roland Takacs <takacs.roland@stud.u-szeged.hu>
17639 [Qt] GC should be parallel on Qt platform
17640 https://bugs.webkit.org/show_bug.cgi?id=73309
17642 Reviewed by Zoltan Herczeg.
17644 These changes made the parallel gc feature available for Qt port.
17645 The implementation of "registerGCThread" and "isMainThreadOrGCThread",
17646 and a local static function [initializeGCThreads] is moved from
17647 MainThreadMac.mm to the common MainThread.cpp to make them available
17648 for other platforms.
17650 Measurement results:
17651 V8 speed-up: 1.025x as fast [From: 663.4ms To: 647.0ms ]
17652 V8 Splay speed-up: 1.185x as fast [From: 138.4ms To: 116.8ms ]
17654 Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
17656 * JavaScriptCore.order:
17657 * wtf/MainThread.cpp:
17658 (WTF::initializeMainThread):
17660 (WTF::initializeGCThreads):
17661 (WTF::registerGCThread):
17662 (WTF::isMainThreadOrGCThread):
17663 * wtf/MainThread.h:
17666 * wtf/mac/MainThreadMac.mm:
17669 2012-02-09 Andy Wingo <wingo@igalia.com>
17671 Eliminate dead code in BytecodeGenerator::resolve()
17672 https://bugs.webkit.org/show_bug.cgi?id=78242
17674 Reviewed by Gavin Barraclough.
17676 * bytecompiler/BytecodeGenerator.cpp:
17677 (JSC::BytecodeGenerator::resolve):
17678 BytecodeGenerator::shouldOptimizeLocals() is only true for
17679 FunctionCode, and thus cannot be true for GlobalCode.
17681 2012-02-09 Andy Wingo <wingo@igalia.com>
17683 Remove BytecodeGenerator::isLocal
17684 https://bugs.webkit.org/show_bug.cgi?id=78241
17686 Minor refactor to BytecodeGenerator.
17688 Reviewed by Gavin Barraclough.
17690 * bytecompiler/BytecodeGenerator.h:
17691 * bytecompiler/BytecodeGenerator.cpp:
17692 (JSC::BytecodeGenerator::isLocal):
17693 (JSC::BytecodeGenerator::isLocalConstant): Remove now-unused
17695 * bytecompiler/NodesCodegen.cpp:
17696 (JSC::ResolveNode::isPure): Use the ResolveResult mechanism
17697 instead of isLocal. This will recognize more resolve nodes as
17699 (JSC::PrefixResolveNode::emitBytecode): Use isReadOnly on the
17700 location instead of isLocalConstant.
17702 2012-02-09 Oliver Hunt <oliver@apple.com>
17704 The JS Parser scope object needs a VectorTrait specialization
17705 https://bugs.webkit.org/show_bug.cgi?id=78308
17707 Reviewed by Gavin Barraclough.
17709 This showed up as a periodic crash in various bits of generated code
17710 originally, but I've added an assertion in the bytecode generator
17711 that makes the effected code much more crash-happy should it go
17714 * bytecompiler/BytecodeGenerator.cpp:
17715 (JSC::BytecodeGenerator::BytecodeGenerator):
17716 (JSC::BytecodeGenerator::resolve):
17717 * parser/Parser.cpp:
17720 * runtime/JSActivation.h:
17721 (JSC::JSActivation::isValidScopedLookup):
17724 2012-02-08 Oliver Hunt <oliver@apple.com>
17726 Whoops, fix the build.
17728 * runtime/Executable.cpp:
17729 (JSC::FunctionExecutable::FunctionExecutable):
17731 2012-02-08 Oliver Hunt <oliver@apple.com>
17733 Fix issue encountered while debugging stacktraces
17734 https://bugs.webkit.org/show_bug.cgi?id=78147
17736 Reviewed by Gavin Barraclough.
17738 Debugging is easier if we always ensure that we have a non-null
17741 * runtime/Executable.cpp:
17742 (JSC::FunctionExecutable::FunctionExecutable):
17744 2012-02-08 Oliver Hunt <oliver@apple.com>
17746 updateTopCallframe in the baseline JIT doesn't provide enough information to the stubs
17747 https://bugs.webkit.org/show_bug.cgi?id=78145
17749 Reviewed by Gavin Barraclough.
17751 Fix the updateTopCallFrame helper to store additional information
17752 that becomes necessary when we are trying to provide more stack
17755 * interpreter/CallFrame.h:
17756 (JSC::ExecState::bytecodeOffsetForBaselineJIT):
17759 (JSC::JIT::privateCompile):
17761 (JSC::JIT::compileGetByIdProto):
17762 (JSC::JIT::compileGetByIdSelfList):
17763 (JSC::JIT::compileGetByIdProtoList):
17764 (JSC::JIT::compileGetByIdChainList):
17765 (JSC::JIT::compileGetByIdChain):
17766 (JSC::JIT::compilePutByIdTransition):
17768 * jit/JITInlineMethods.h:
17769 (JSC::JIT::updateTopCallFrame):
17771 2012-02-07 Robert Kroeger <rjkroege@chromium.org>
17773 [chromium] Remove the enable marcro for the no longer necessary Chromium
17774 gesture recognizer.
17775 https://bugs.webkit.org/show_bug.cgi?id=77492
17777 Reviewed by Adam Barth.
17781 2012-02-07 Tony Chang <tony@chromium.org>
17783 merge DashboardSupportCSSPropertyNames.in into CSSPropertyNames.in
17784 https://bugs.webkit.org/show_bug.cgi?id=78036
17786 Reviewed by Darin Adler.
17788 * Configurations/FeatureDefines.xcconfig: Add ENABLE_DASHBOARD_SUPPORT to FEATURE_DEFINES.
17790 2012-02-07 Gyuyoung Kim <gyuyoung.kim@samsung.com>
17792 [CMAKE] Use *bin* and *lib* directories for executable and libraries.
17793 https://bugs.webkit.org/show_bug.cgi?id=77928
17795 Reviewed by Daniel Bates.
17797 CMake has used *Programs* directory for executable. In addition, shared libraries are being
17798 built in source directory. It is better to set common places in order to maintain executable
17799 and libraries. *bin* is for executable and *lib* is for library.
17801 * shell/CMakeLists.txt: Change *Programs* with *bin*.
17803 2012-02-07 Gavin Barraclough <barraclough@apple.com>
17805 Crash on http://www.rickshawbags.com/
17806 https://bugs.webkit.org/show_bug.cgi?id=78045
17808 Reviewed by Darin Adler.
17810 Problem URL is: http://www.rickshawbags.com/customize/custom-bag#!thl=rickshaw/bag()
17812 This is a bug introduced by https://bugs.webkit.org/show_bug.cgi?id=71933,
17813 isVariableObject() checks were excluding StaticScopeObjects, this patch
17814 inadvertently changed them to be included.
17816 * runtime/JSType.h:
17817 - sort JSType enum such that StaticScopeObjectType comes before VariableObjectType,
17818 and thus is excluded from isVariableObject() checks.
17820 2012-02-06 Jer Noble <jer.noble@apple.com>
17822 Use CMClock as a timing source for PlatformClock where available.
17823 https://bugs.webkit.org/show_bug.cgi?id=77885
17825 Reviewed by Eric Carlson.
17827 * wtf/Platform.h: Added WTF_USE_COREMEDIA.
17829 2012-02-06 Filip Pizlo <fpizlo@apple.com>
17831 ValueToNumber and ValueToDouble nodes don't do anything and should be removed
17832 https://bugs.webkit.org/show_bug.cgi?id=77855
17833 <rdar://problem/10811325>
17835 Reviewed by Gavin Barraclough.
17837 Removed ValueToNumber and ValueToDouble, because the only thing they were doing
17838 was wasting registers.
17840 This looks like a 1% win on V8 (with a 5% win on crypto) and a 2-3% win on Kraken,
17841 mostly due to a >10% win on gaussian-blur. No win anywhere else.
17843 * dfg/DFGAbstractState.cpp:
17844 (JSC::DFG::AbstractState::execute):
17845 * dfg/DFGByteCodeParser.cpp:
17846 (JSC::DFG::ByteCodeParser::getToInt32):
17848 (JSC::DFG::ByteCodeParser::handleMinMax):
17849 (JSC::DFG::ByteCodeParser::handleIntrinsic):
17850 (JSC::DFG::ByteCodeParser::parseBlock):
17853 (JSC::DFG::Node::hasArithNodeFlags):
17854 * dfg/DFGPropagator.cpp:
17855 (JSC::DFG::Propagator::propagateArithNodeFlags):
17856 (JSC::DFG::Propagator::propagateNodePredictions):
17857 (JSC::DFG::Propagator::vote):
17858 (JSC::DFG::Propagator::doRoundOfDoubleVoting):
17860 (JSC::DFG::Propagator::fixupNode):
17861 (JSC::DFG::Propagator::canonicalize):
17862 * dfg/DFGSpeculativeJIT.cpp:
17863 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
17864 * dfg/DFGSpeculativeJIT32_64.cpp:
17865 (JSC::DFG::SpeculativeJIT::compile):
17866 * dfg/DFGSpeculativeJIT64.cpp:
17867 (JSC::DFG::SpeculativeJIT::compile):
17869 2012-02-06 Patrick Gansterer <paroga@webkit.org>
17871 Unreviewed WinCE build fix after r106197.
17873 * tools/CodeProfiling.cpp:
17874 (JSC::CodeProfiling::notifyAllocator): getenv() isn't supported by WinCE. Don't call it.
17876 2012-02-05 Gavin Barraclough <barraclough@apple.com>
17878 Remove JSObject defineGetter/defineSetter lookupGetter/lookupSetter
17879 https://bugs.webkit.org/show_bug.cgi?id=77451
17881 Reviewed by Sam Weinig.
17883 These can now all be implemented in terms of defineOwnProperty & getPropertyDescriptor.
17884 Also remove initializeGetterSetterProperty, since this is equivalent to putDirectAccessor.
17886 * JavaScriptCore.exp:
17887 * debugger/DebuggerActivation.cpp:
17888 (JSC::DebuggerActivation::defineOwnProperty):
17889 * debugger/DebuggerActivation.h:
17890 (DebuggerActivation):
17891 * runtime/ClassInfo.h:
17894 * runtime/JSBoundFunction.cpp:
17895 (JSC::JSBoundFunction::finishCreation):
17896 * runtime/JSCell.cpp:
17898 * runtime/JSCell.h:
17900 * runtime/JSFunction.cpp:
17901 (JSC::JSFunction::getOwnPropertySlot):
17902 (JSC::JSFunction::getOwnPropertyDescriptor):
17903 * runtime/JSGlobalObject.cpp:
17904 (JSC::JSGlobalObject::defineOwnProperty):
17906 * runtime/JSGlobalObject.h:
17908 * runtime/JSObject.cpp:
17910 * runtime/JSObject.h:
17912 * runtime/ObjectPrototype.cpp:
17913 (JSC::objectProtoFuncDefineGetter):
17914 (JSC::objectProtoFuncDefineSetter):
17915 (JSC::objectProtoFuncLookupGetter):
17916 (JSC::objectProtoFuncLookupSetter):
17918 2012-02-06 Carlos Garcia Campos <cgarcia@igalia.com>
17920 Unreviewed. Fix make distcheck.
17922 * GNUmakefile.list.am: Add missing files.
17924 2012-02-05 Filip Pizlo <fpizlo@apple.com>
17926 DFG's child references from one node to another should have room for type information
17927 https://bugs.webkit.org/show_bug.cgi?id=77797
17929 Reviewed by Oliver Hunt.
17931 The DFG::Node::child fields now contain both a DFG::NodeIndex (which is just an unsigned)
17932 and a DFG::UseKind (which is currently an effectively empty enum). They are encapsulated
17933 together as a DFG::NodeUse, which can in most cases still be used as an index (for
17934 example DFG::Graph, AbstractState, and SpeculativeJIT all accept NodeUse in most places
17935 where they really want a NodeIndex).
17937 The NodeUse stores both the index and the UseKind without bloating the memory usage of
17938 DFG::Node, since we really don't need full 32 bits for the NodeIndex (a DFG::Node is
17939 roughly 11 words, so if we assume that we never want to use more than 1GB to DFG compile
17940 something - likely a sensible assumption! - then we will only be able to have room for
17941 about 24 million nodes, which means we only need about 24.5 bits for the node index).
17942 Currently the DFG::NodeUse allocates 4 bits for the UseKind and 28 bits for the index,
17943 but stores the index as a signed number to make NoNode work naturally. Hence we really
17944 just have 27 bits for the index.
17946 This is performance-neutral on all benchmarks we track.
17948 * JavaScriptCore.xcodeproj/project.pbxproj:
17949 * dfg/DFGAbstractState.h:
17950 (JSC::DFG::AbstractState::forNode):
17952 * dfg/DFGByteCodeParser.cpp:
17953 (JSC::DFG::ByteCodeParser::getLocal):
17954 (JSC::DFG::ByteCodeParser::getArgument):
17955 (JSC::DFG::ByteCodeParser::toInt32):
17956 (JSC::DFG::ByteCodeParser::addVarArgChild):
17957 (JSC::DFG::ByteCodeParser::processPhiStack):
17959 * dfg/DFGGraph.cpp:
17960 (JSC::DFG::Graph::dump):
17964 (JSC::DFG::Graph::operator[]):
17965 (JSC::DFG::Graph::at):
17966 (JSC::DFG::Graph::ref):
17967 (JSC::DFG::Graph::deref):
17968 (JSC::DFG::Graph::clearAndDerefChild1):
17969 (JSC::DFG::Graph::clearAndDerefChild2):
17970 (JSC::DFG::Graph::clearAndDerefChild3):
17971 * dfg/DFGJITCompiler.h:
17972 (JSC::DFG::JITCompiler::getPrediction):
17974 (JSC::DFG::Node::Node):
17975 (JSC::DFG::Node::child1):
17976 (JSC::DFG::Node::child1Unchecked):
17977 (JSC::DFG::Node::child2):
17978 (JSC::DFG::Node::child3):
17979 (JSC::DFG::Node::firstChild):
17980 (JSC::DFG::Node::numChildren):
17981 (JSC::DFG::Node::dumpChildren):
17983 * dfg/DFGNodeReferenceBlob.h: Added.
17985 (NodeReferenceBlob):
17986 (JSC::DFG::NodeReferenceBlob::NodeReferenceBlob):
17987 (JSC::DFG::NodeReferenceBlob::child):
17988 (JSC::DFG::NodeReferenceBlob::child1):
17989 (JSC::DFG::NodeReferenceBlob::child2):
17990 (JSC::DFG::NodeReferenceBlob::child3):
17991 (JSC::DFG::NodeReferenceBlob::child1Unchecked):
17992 (JSC::DFG::NodeReferenceBlob::initialize):
17993 (JSC::DFG::NodeReferenceBlob::firstChild):
17994 (JSC::DFG::NodeReferenceBlob::setFirstChild):
17995 (JSC::DFG::NodeReferenceBlob::numChildren):
17996 (JSC::DFG::NodeReferenceBlob::setNumChildren):
17997 * dfg/DFGNodeUse.h: Added.
18000 (JSC::DFG::NodeUse::NodeUse):
18001 (JSC::DFG::NodeUse::indexUnchecked):
18002 (JSC::DFG::NodeUse::index):
18003 (JSC::DFG::NodeUse::setIndex):
18004 (JSC::DFG::NodeUse::useKind):
18005 (JSC::DFG::NodeUse::setUseKind):
18006 (JSC::DFG::NodeUse::isSet):
18007 (JSC::DFG::NodeUse::operator!):
18008 (JSC::DFG::NodeUse::operator==):
18009 (JSC::DFG::NodeUse::operator!=):
18010 (JSC::DFG::NodeUse::shift):
18011 (JSC::DFG::NodeUse::makeWord):
18012 (JSC::DFG::operator==):
18013 (JSC::DFG::operator!=):
18014 * dfg/DFGPropagator.cpp:
18015 (JSC::DFG::Propagator::propagateArithNodeFlags):
18016 (JSC::DFG::Propagator::vote):
18017 (JSC::DFG::Propagator::toDouble):
18018 (JSC::DFG::Propagator::fixupNode):
18019 (JSC::DFG::Propagator::canonicalize):
18020 (JSC::DFG::Propagator::startIndex):
18021 (JSC::DFG::Propagator::globalVarLoadElimination):
18022 (JSC::DFG::Propagator::getByValLoadElimination):
18023 (JSC::DFG::Propagator::getByOffsetLoadElimination):
18024 (JSC::DFG::Propagator::performSubstitution):
18025 (JSC::DFG::Propagator::performNodeCSE):
18026 * dfg/DFGScoreBoard.h:
18027 (JSC::DFG::ScoreBoard::use):
18028 * dfg/DFGSpeculativeJIT.cpp:
18029 (JSC::DFG::SpeculativeJIT::useChildren):
18030 (JSC::DFG::SpeculativeJIT::writeBarrier):
18031 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
18032 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
18033 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
18034 (JSC::DFG::SpeculativeJIT::compileMovHint):
18035 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
18036 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
18037 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
18038 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
18039 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
18040 (JSC::DFG::SpeculativeJIT::compileAdd):
18041 (JSC::DFG::SpeculativeJIT::compileArithSub):
18042 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
18043 (JSC::DFG::SpeculativeJIT::compileStrictEq):
18044 * dfg/DFGSpeculativeJIT.h:
18045 (JSC::DFG::SpeculativeJIT::at):
18046 (JSC::DFG::SpeculativeJIT::canReuse):
18047 (JSC::DFG::SpeculativeJIT::use):
18049 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
18050 (JSC::DFG::SpeculativeJIT::speculationCheck):
18051 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
18052 (JSC::DFG::IntegerOperand::IntegerOperand):
18053 (JSC::DFG::DoubleOperand::DoubleOperand):
18054 (JSC::DFG::JSValueOperand::JSValueOperand):
18055 (JSC::DFG::StorageOperand::StorageOperand):
18056 (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
18057 (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
18058 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
18059 (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
18060 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
18061 * dfg/DFGSpeculativeJIT32_64.cpp:
18062 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
18063 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
18064 (JSC::DFG::SpeculativeJIT::cachedPutById):
18065 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
18066 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
18067 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
18068 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
18069 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
18070 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
18071 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
18072 (JSC::DFG::SpeculativeJIT::emitCall):
18073 (JSC::DFG::SpeculativeJIT::compileValueAdd):
18074 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
18075 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
18076 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
18077 (JSC::DFG::SpeculativeJIT::emitBranch):
18078 (JSC::DFG::SpeculativeJIT::compile):
18079 * dfg/DFGSpeculativeJIT64.cpp:
18080 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
18081 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
18082 (JSC::DFG::SpeculativeJIT::cachedPutById):
18083 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
18084 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
18085 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
18086 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
18087 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
18088 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
18089 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
18090 (JSC::DFG::SpeculativeJIT::emitCall):
18091 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
18092 (JSC::DFG::SpeculativeJIT::compileValueAdd):
18093 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
18094 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
18095 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
18096 (JSC::DFG::SpeculativeJIT::emitBranch):
18097 (JSC::DFG::SpeculativeJIT::compile):
18099 2012-02-05 Gyuyoung Kim <gyuyoung.kim@samsung.com>
18101 [CMAKE] Support javascriptcore test for EFL port.
18102 https://bugs.webkit.org/show_bug.cgi?id=77425
18104 Reviewed by Daniel Bates.
18106 Efl and WinCE as well as Blackberry port are now using Cmake as its build system
18107 and they are share the make file to create jsc excutable. In order to run
18108 "run-javascriptcore-tests", EFL port needs to change jsc installation configuration
18109 with executable output directory(e.g. Programs). So, this patch change jsc installation
18110 configuration only for EFL port.
18112 * shell/CMakeLists.txt:
18114 2012-02-04 Gavin Barraclough <barraclough@apple.com>
18116 Rubber stamped by Sam Weinig.
18118 * yarr/YarrPattern.cpp:
18119 (JSC::Yarr::YarrPatternConstructor::quantifyAtom):
18122 2012-02-04 Kalev Lember <kalevlember@gmail.com>
18124 [GTK] CurrentTime: Reorder headers for win32
18125 https://bugs.webkit.org/show_bug.cgi?id=77808
18127 Reviewed by Martin Robinson.
18129 In GTK+ win32 port, monotonicallyIncreasingTime() implementation is
18130 based on g_get_monotonic_time(). Reorder headers to make sure glib.h
18131 gets included even when the platform is win32.
18133 CurrentTime.cpp: In function 'double WTF::monotonicallyIncreasingTime()':
18134 CurrentTime.cpp:321:53: error: 'g_get_monotonic_time' was not declared in this scope
18135 CurrentTime.cpp:322:1: warning: control reaches end of non-void function [-Wreturn-type]
18137 * wtf/CurrentTime.cpp:
18139 2012-02-03 Anders Carlsson <andersca@apple.com>
18141 Prefix the typedef in WTF_MAKE_FAST_ALLOCATED with underscores
18142 https://bugs.webkit.org/show_bug.cgi?id=77788
18144 Reviewed by Andreas Kling.
18146 The current typedef name, 'ThisIsHereToForceASemicolonAfterThisMacro', shows up when trying to
18147 code-complete 'this' in Xcode. Prefix the typedef with two underscores to stop this from happening.
18149 * wtf/FastAllocBase.h:
18151 2012-02-03 Rob Buis <rbuis@rim.com>
18153 Fix alignment warnings in ARMv7
18154 https://bugs.webkit.org/show_bug.cgi?id=55368
18156 Reviewed by Filip Pizlo.
18158 Use reinterpret_cast_ptr and static_cast to get rid of alignment issues in ARMv7 code.
18160 * heap/HandleTypes.h:
18161 (JSC::HandleTypes::getFromSlot):
18162 * heap/MarkedBlock.cpp:
18163 (JSC::MarkedBlock::specializedSweep):
18164 * heap/MarkedBlock.h:
18165 (JSC::MarkedBlock::forEachCell):
18166 * runtime/WriteBarrier.h:
18167 (JSC::WriteBarrierBase::get):
18168 (JSC::WriteBarrierBase::unvalidatedGet):
18170 2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
18174 Unreviewed build fix
18176 Forgot to add a couple files.
18178 * heap/MarkedAllocator.cpp: Added.
18180 (JSC::MarkedAllocator::tryAllocateHelper):
18181 (JSC::MarkedAllocator::tryAllocate):
18182 (JSC::MarkedAllocator::allocateSlowCase):
18183 (JSC::MarkedAllocator::allocateBlock):
18184 (JSC::MarkedAllocator::addBlock):
18185 (JSC::MarkedAllocator::removeBlock):
18186 * heap/MarkedAllocator.h: Added.
18190 (JSC::MarkedAllocator::cellSize):
18191 (JSC::MarkedAllocator::heap):
18192 (JSC::MarkedAllocator::setHeap):
18193 (JSC::MarkedAllocator::setCellSize):
18194 (JSC::MarkedAllocator::setMarkedSpace):
18195 (JSC::MarkedAllocator::MarkedAllocator):
18196 (JSC::MarkedAllocator::allocate):
18197 (JSC::MarkedAllocator::reset):
18198 (JSC::MarkedAllocator::zapFreeList):
18199 (JSC::MarkedAllocator::forEachBlock):
18201 2012-02-03 Mark Hahnenberg <mhahnenberg@apple.com>
18203 Refactor MarkedBlock::SizeClass into a separate class
18204 https://bugs.webkit.org/show_bug.cgi?id=77600
18206 Reviewed by Geoffrey Garen.
18208 We pulled SizeClass out into its own class, named MarkedAllocator, and gave it
18209 the responsibility of allocating objects from the collection of MarkedBlocks
18210 that it manages. Also limited the amount of coupling to internal data fields
18211 from other places, although it's mostly unavoidable in the JIT code.
18213 Eventually MarkedAllocator will implement various policies to do with object
18214 management, e.g. whether or not to run destructors on objects that it manages.
18215 MarkedSpace will manage a collection of MarkedAllocators with varying policies,
18216 as it does now but to a larger extent.
18219 * GNUmakefile.list.am:
18220 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
18221 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
18222 * JavaScriptCore.xcodeproj/project.pbxproj:
18224 * dfg/DFGSpeculativeJIT.h:
18225 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
18227 (JSC::Heap::collect):
18228 (JSC::Heap::resetAllocators):
18230 (JSC::Heap::allocatorForObject):
18232 * heap/MarkedAllocator.cpp: Added.
18234 (JSC::MarkedAllocator::tryAllocateHelper):
18235 (JSC::MarkedAllocator::tryAllocate):
18236 (JSC::MarkedAllocator::allocateSlowCase):
18237 (JSC::MarkedAllocator::allocateBlock):
18238 (JSC::MarkedAllocator::addBlock):
18239 (JSC::MarkedAllocator::removeBlock):
18240 * heap/MarkedAllocator.h: Added.
18244 (JSC::MarkedAllocator::cellSize):
18245 (JSC::MarkedAllocator::heap):
18246 (JSC::MarkedAllocator::setHeap):
18247 (JSC::MarkedAllocator::setCellSize):
18248 (JSC::MarkedAllocator::setMarkedSpace):
18249 (JSC::MarkedAllocator::MarkedAllocator):
18250 (JSC::MarkedAllocator::allocate):
18251 (JSC::MarkedAllocator::reset):
18252 (JSC::MarkedAllocator::zapFreeList):
18253 (JSC::MarkedAllocator::forEachBlock):
18254 * heap/MarkedSpace.cpp:
18255 (JSC::MarkedSpace::MarkedSpace):
18256 (JSC::MarkedSpace::resetAllocators):
18257 (JSC::MarkedSpace::canonicalizeCellLivenessData):
18258 (JSC::TakeIfUnmarked::operator()):
18259 * heap/MarkedSpace.h:
18261 (JSC::MarkedSpace::allocatorFor):
18262 (JSC::MarkedSpace::allocate):
18263 (JSC::MarkedSpace::forEachBlock):
18264 (JSC::MarkedSpace::didAddBlock):
18265 (JSC::MarkedSpace::didConsumeFreeList):
18266 * jit/JITInlineMethods.h:
18267 (JSC::JIT::emitAllocateBasicJSObject):
18269 2012-02-03 Simon Hausmann <simon.hausmann@nokia.com>
18271 [Qt] Replace GNU linker script for exports with export macros in WTF/JSC
18272 https://bugs.webkit.org/show_bug.cgi?id=77723
18274 Reviewed by Tor Arne Vestbø.
18276 * wtf/Platform.h: Enable use of export macros.
18278 2012-02-02 Hajime Morrita <morrita@chromium.org>
18280 Unreviewed, removing an unnecessarily JS_PRIVATE_EXPORT annotation.
18282 * interpreter/Interpreter.h:
18285 2012-01-31 Hajime Morrita <morrita@chromium.org>
18287 [Mac] eliminate JavaScriptCore.exp
18288 https://bugs.webkit.org/show_bug.cgi?id=72854
18290 Reviewed by Darin Adler.
18292 - Removed exp files and corresponding makefile entries.
18293 - Changed the build configuration no to use exp file.
18295 * Configurations/JavaScriptCore.xcconfig:
18296 * DerivedSources.make:
18297 * JavaScriptCore.JSVALUE32_64only.exp: Removed.
18298 * JavaScriptCore.JSVALUE64only.exp: Removed.
18299 * JavaScriptCore.exp: Removed.
18300 * JavaScriptCore.xcodeproj/project.pbxproj:
18303 2012-02-02 Benjamin Poulain <bpoulain@apple.com>
18305 Running a Web Worker on about:blank crashes the interpreter
18306 https://bugs.webkit.org/show_bug.cgi?id=77593
18308 Reviewed by Michael Saboff.
18310 The method Interpreter::execute() was crashing on empty programs because
18311 the assumption is made the source is not null.
18313 This patch shortcut the execution when the String is null to avoid invalid
18316 * interpreter/Interpreter.cpp:
18317 (JSC::Interpreter::execute):
18319 2012-02-02 Kalev Lember <kalevlember@gmail.com>
18321 [GTK] Use win32 native threading
18322 https://bugs.webkit.org/show_bug.cgi?id=77676
18324 Reviewed by Martin Robinson.
18326 r97269 switched from glib threading to pthreads, breaking win32 GTK+.
18327 This is a follow up, removing some leftovers in ThreadSpecific.h and
18328 switching win32 to use the native threading in ThreadingWin.cpp.
18330 * GNUmakefile.list.am: Compile in win32 native threading support
18331 * wtf/ThreadSpecific.h: Remove GTK+-specific definitions
18335 2012-02-02 Filip Pizlo <fpizlo@apple.com>
18337 retrieveCallerFromVMCode should call trueCallerFrame
18338 https://bugs.webkit.org/show_bug.cgi?id=77684
18340 Reviewed by Oliver Hunt.
18342 * interpreter/Interpreter.cpp:
18343 (JSC::Interpreter::retrieveCallerFromVMCode):
18345 2012-02-02 Kalev Lember <kalevlember@gmail.com>
18347 [GTK] Implement current executable path finding for win32
18348 https://bugs.webkit.org/show_bug.cgi?id=77677
18350 Reviewed by Martin Robinson.
18352 The WTF helper for getting the binary path that was added in r101710
18353 left out the win32 implementation. Fix this.
18355 * wtf/gobject/GlibUtilities.cpp:
18356 (getCurrentExecutablePath):
18358 2012-02-02 Filip Pizlo <fpizlo@apple.com>
18360 Throwing away bytecode and then reparsing during DFG optimization is just
18361 plain wrong and makes things crash
18362 https://bugs.webkit.org/show_bug.cgi?id=77680
18363 <rdar://problem/10798490>
18365 Reviewed by Oliver Hunt.
18367 This is the minimal surgical fix: it removes the code that triggered bytecode
18368 throw-away. Once we're confident that this is a good idea, we can kill all of
18369 the code that implements the feature.
18371 * bytecode/CodeBlock.h:
18372 (JSC::CodeBlock::discardBytecodeLater):
18373 (JSC::CodeBlock::addValueProfile):
18375 (JSC::jitCompileIfAppropriate):
18376 (JSC::jitCompileFunctionIfAppropriate):
18378 2012-02-02 Filip Pizlo <fpizlo@apple.com>
18380 Release build debugging should be easier
18381 https://bugs.webkit.org/show_bug.cgi?id=77669
18383 Reviewed by Gavin Barraclough.
18385 * assembler/ARMAssembler.h:
18387 (JSC::ARMAssembler::debugOffset):
18388 * assembler/ARMv7Assembler.h:
18390 (JSC::ARMv7Assembler::debugOffset):
18391 (ARMInstructionFormatter):
18392 (JSC::ARMv7Assembler::ARMInstructionFormatter::debugOffset):
18393 * assembler/AbstractMacroAssembler.h:
18394 (AbstractMacroAssembler):
18395 (JSC::AbstractMacroAssembler::debugOffset):
18396 * assembler/AssemblerBuffer.h:
18398 (JSC::AssemblerBuffer::debugOffset):
18399 * assembler/LinkBuffer.h:
18401 (JSC::LinkBuffer::debugSize):
18402 * assembler/MIPSAssembler.h:
18404 (JSC::MIPSAssembler::debugOffset):
18405 * assembler/X86Assembler.h:
18407 (JSC::X86Assembler::debugOffset):
18408 (X86InstructionFormatter):
18409 (JSC::X86Assembler::X86InstructionFormatter::debugOffset):
18410 * bytecode/CodeBlock.cpp:
18412 * bytecode/CodeBlock.h:
18414 * bytecode/CodeOrigin.h:
18417 (JSC::CodeOrigin::inlineStack):
18418 * bytecode/DFGExitProfile.h:
18419 (JSC::DFG::exitKindToString):
18420 * bytecode/DataFormat.h:
18421 (JSC::dataFormatToString):
18422 * bytecode/PredictedType.cpp:
18424 (JSC::predictionToString):
18425 * bytecode/PredictedType.h:
18427 * bytecode/ValueRecovery.h:
18429 (JSC::ValueRecovery::dump):
18430 * bytecompiler/BytecodeGenerator.cpp:
18432 (JSC::BytecodeGenerator::setDumpsGeneratedCode):
18433 (JSC::BytecodeGenerator::dumpsGeneratedCode):
18434 (JSC::BytecodeGenerator::generate):
18435 * dfg/DFGAbstractValue.h:
18436 (StructureAbstractValue):
18437 (JSC::DFG::StructureAbstractValue::dump):
18439 (JSC::DFG::AbstractValue::dump):
18440 * dfg/DFGAssemblyHelpers.h:
18443 (JSC::DFG::AssemblyHelpers::debugCall):
18444 * dfg/DFGFPRInfo.h:
18446 (JSC::DFG::FPRInfo::debugName):
18447 * dfg/DFGGPRInfo.h:
18449 (JSC::DFG::GPRInfo::debugName):
18450 * dfg/DFGGraph.cpp:
18456 (JSC::DFG::arithNodeFlagsAsString):
18458 (JSC::DFG::Node::hasIdentifier):
18459 (JSC::DFG::Node::dumpChildren):
18460 * dfg/DFGOSRExit.cpp:
18462 (JSC::DFG::OSRExit::dump):
18463 * dfg/DFGOSRExit.h:
18465 * runtime/JSValue.cpp:
18467 (JSC::JSValue::description):
18468 * runtime/JSValue.h:
18470 * wtf/BitVector.cpp:
18472 (WTF::BitVector::dump):
18476 2012-02-02 Oliver Hunt <oliver@apple.com>
18478 Getters and setters cause line numbers in errors/console.log to be offset for the whole file
18479 https://bugs.webkit.org/show_bug.cgi?id=77675
18481 Reviewed by Timothy Hatcher.
18483 Our default literal parsing logic doesn't handle the extra work required for
18484 getters and setters. When it encounters one, it rolls back the lexer and
18485 then switches to a more complete parsing function. Unfortunately it was only
18486 winding back the character position, and was ignoring the line number and
18487 other lexer data. This led to every getter and setter causing the line number
18488 to be incorrectly incremented leading to increasingly incorrect numbers for
18489 the rest of the file.
18491 * parser/Parser.cpp:
18492 (JSC::::parseObjectLiteral):
18494 2012-02-02 Andy Wingo <wingo@igalia.com>
18496 Fix type punning warning in HashTable.h debug builds
18497 https://bugs.webkit.org/show_bug.cgi?id=77422
18499 Reviewed by Gavin Barraclough.
18501 * wtf/HashTable.h (WTF::HashTable::checkKey): Fix type punning
18502 warning appearing in debug builds with gcc-4.6.2 on GNU/Linux.
18504 2012-02-01 Michael Saboff <msaboff@apple.com>
18506 Yarr crash with regexp replace
18507 https://bugs.webkit.org/show_bug.cgi?id=67454
18509 Reviewed by Gavin Barraclough.
18511 Properly handle the case of a back reference to an unmatched
18512 subpattern by always matching without consuming any characters.
18514 * yarr/YarrInterpreter.cpp:
18515 (JSC::Yarr::Interpreter::matchBackReference):
18516 (JSC::Yarr::Interpreter::backtrackBackReference):
18518 2012-02-01 Gavin Barraclough <barraclough@apple.com>
18520 calling function on catch block scope containing an eval result in wrong this value being passed
18521 https://bugs.webkit.org/show_bug.cgi?id=77581
18523 Reviewed by Oliver Hunt.
18525 javascript:function F(){ return 'F' in this; }; try { throw F; } catch (e) { eval(""); alert(e()); }
18527 * bytecompiler/NodesCodegen.cpp:
18528 (JSC::TryNode::emitBytecode):
18529 * interpreter/Interpreter.cpp:
18530 (JSC::Interpreter::execute):
18531 * parser/ASTBuilder.h:
18532 (JSC::ASTBuilder::createTryStatement):
18533 * parser/NodeConstructors.h:
18534 (JSC::TryNode::TryNode):
18537 * parser/Parser.cpp:
18538 (JSC::::parseTryStatement):
18539 * parser/SyntaxChecker.h:
18540 (JSC::SyntaxChecker::createTryStatement):
18541 * runtime/JSObject.h:
18543 (JSC::JSObject::isStaticScopeObject):
18546 2012-02-01 Oliver Hunt <oliver@apple.com>
18548 Add support for inferred function names
18549 https://bugs.webkit.org/show_bug.cgi?id=77579
18551 Reviewed by Gavin Barraclough.
18553 Add new "inferred" names to function expressions, getters, and setters.
18554 This property is not exposed to JS, so is only visible in the debugger
18557 * JavaScriptCore.exp:
18558 * bytecompiler/BytecodeGenerator.h:
18559 (JSC::BytecodeGenerator::makeFunction):
18560 * debugger/DebuggerCallFrame.cpp:
18561 (JSC::DebuggerCallFrame::calculatedFunctionName):
18562 * parser/ASTBuilder.h:
18563 (JSC::ASTBuilder::createAssignResolve):
18564 (JSC::ASTBuilder::createGetterOrSetterProperty):
18565 (JSC::ASTBuilder::createProperty):
18566 (JSC::ASTBuilder::makeAssignNode):
18568 (JSC::FunctionBodyNode::setInferredName):
18569 (JSC::FunctionBodyNode::inferredName):
18570 (FunctionBodyNode):
18571 * profiler/Profiler.cpp:
18573 (JSC::Profiler::createCallIdentifier):
18574 (JSC::createCallIdentifierFromFunctionImp):
18575 * runtime/Executable.cpp:
18576 (JSC::FunctionExecutable::FunctionExecutable):
18577 (JSC::FunctionExecutable::fromGlobalCode):
18578 * runtime/Executable.h:
18579 (JSC::FunctionExecutable::create):
18580 (JSC::FunctionExecutable::inferredName):
18581 (FunctionExecutable):
18582 * runtime/JSFunction.cpp:
18583 (JSC::JSFunction::calculatedDisplayName):
18585 (JSC::getCalculatedDisplayName):
18586 * runtime/JSFunction.h:
18589 2012-02-01 Filip Pizlo <fpizlo@apple.com>
18591 DFG should fold double-to-int conversions
18592 https://bugs.webkit.org/show_bug.cgi?id=77532
18594 Reviewed by Oliver Hunt.
18596 Performance neutral on major benchmarks. But it makes calling V8's
18597 Math.random() 4x faster.
18599 * bytecode/CodeBlock.cpp:
18601 (JSC::CodeBlock::addOrFindConstant):
18602 * bytecode/CodeBlock.h:
18603 (JSC::CodeBlock::addConstant):
18605 * dfg/DFGAbstractState.cpp:
18606 (JSC::DFG::AbstractState::execute):
18607 * dfg/DFGByteCodeParser.cpp:
18608 (JSC::DFG::ByteCodeParser::toInt32):
18610 (JSC::DFG::ByteCodeParser::getJSConstantForValue):
18611 (JSC::DFG::ByteCodeParser::isInt32Constant):
18613 (JSC::DFG::Graph::addShouldSpeculateInteger):
18615 (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
18616 * dfg/DFGPropagator.cpp:
18617 (JSC::DFG::Propagator::propagateNodePredictions):
18618 (JSC::DFG::Propagator::doRoundOfDoubleVoting):
18619 (JSC::DFG::Propagator::fixupNode):
18620 * dfg/DFGSpeculativeJIT.cpp:
18621 (JSC::DFG::SpeculativeJIT::compileAdd):
18623 (JSC::DFG::SpeculativeJIT::compileArithSub):
18624 * dfg/DFGSpeculativeJIT.h:
18625 (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
18627 * dfg/DFGSpeculativeJIT32_64.cpp:
18628 (JSC::DFG::SpeculativeJIT::compile):
18629 * dfg/DFGSpeculativeJIT64.cpp:
18630 (JSC::DFG::SpeculativeJIT::compile):
18631 * runtime/JSValueInlineMethods.h:
18632 (JSC::JSValue::asDouble):
18634 2012-02-01 Filip Pizlo <fpizlo@apple.com>
18636 DFG graph dump for GetScopedVar should show the correct prediction
18637 https://bugs.webkit.org/show_bug.cgi?id=77530
18639 Reviewed by Geoff Garen.
18641 GetScopedVar has a heap prediction, not a variable prediction. But it does
18642 have a variable. Hence we need to check for heap predictions before checking
18643 for variable predictions.
18645 * dfg/DFGGraph.cpp:
18646 (JSC::DFG::Graph::dump):
18648 2012-02-01 Mark Hahnenberg <mhahnenberg@apple.com>
18650 Replace JSArray destructor with finalizer
18651 https://bugs.webkit.org/show_bug.cgi?id=77488
18653 Reviewed by Geoffrey Garen.
18655 * JavaScriptCore.exp:
18656 * runtime/JSArray.cpp:
18657 (JSC::JSArray::finalize): Added finalizer.
18658 (JSC::JSArray::allocateSparseMap): Factored out code for allocating new sparse maps.
18660 (JSC::JSArray::deallocateSparseMap): Factored out code for deallocating sparse maps.
18661 (JSC::JSArray::enterDictionaryMode): Renamed enterSparseMode to enterDictionaryMode
18662 because the old name was confusing because we could have a sparse array that never
18663 called enterSparseMode.
18664 (JSC::JSArray::defineOwnNumericProperty):
18665 (JSC::JSArray::setLengthWritable):
18666 (JSC::JSArray::putByIndexBeyondVectorLength):
18667 (JSC::JSArray::setLength):
18668 (JSC::JSArray::pop):
18669 (JSC::JSArray::sort):
18670 (JSC::JSArray::compactForSorting):
18671 * runtime/JSArray.h:
18674 2012-02-01 Andy Wingo <wingo@igalia.com>
18676 Refactor identifier resolution in BytecodeGenerator
18677 https://bugs.webkit.org/show_bug.cgi?id=76285
18679 Reviewed by Geoffrey Garen.
18681 * bytecompiler/BytecodeGenerator.h:
18682 (JSC::ResolveResult): New class, to describe the storage
18683 location corresponding to an identifier in a program.
18684 * bytecompiler/BytecodeGenerator.cpp:
18685 (JSC::BytecodeGenerator::resolve): New function, replacing
18686 findScopedProperty.
18687 (JSC::BytecodeGenerator::resolveConstDecl): New function,
18688 encapsulating what ConstDeclNode::emitBytecode used to do.
18689 (JSC::BytecodeGenerator::emitGetStaticVar):
18690 (JSC::BytecodeGenerator::emitPutStaticVar): New functions,
18691 corresponding to the old emitGetScopedVar and emitPutScopedVar.
18692 (JSC::BytecodeGenerator::registerFor): Remove version that took an
18693 Identifier&; replaced by ResolveResult::local().
18694 (JSC::BytecodeGenerator::emitResolve):
18695 (JSC::BytecodeGenerator::emitResolveBase):
18696 (JSC::BytecodeGenerator::emitResolveBaseForPut):
18697 (JSC::BytecodeGenerator::emitResolveWithBase):
18698 (JSC::BytecodeGenerator::emitResolveWithThis): Change to accept a
18699 "resolveResult" argument. This is more clear, and reduces the
18700 amount of double analysis happening at compile-time.
18701 * bytecompiler/NodesCodegen.cpp:
18702 (JSC::ResolveNode::emitBytecode):
18703 (JSC::EvalFunctionCallNode::emitBytecode):
18704 (JSC::FunctionCallResolveNode::emitBytecode):
18705 (JSC::PostfixResolveNode::emitBytecode):
18706 (JSC::DeleteResolveNode::emitBytecode):
18707 (JSC::TypeOfResolveNode::emitBytecode):
18708 (JSC::PrefixResolveNode::emitBytecode):
18709 (JSC::ReadModifyResolveNode::emitBytecode):
18710 (JSC::AssignResolveNode::emitBytecode):
18711 (JSC::ConstDeclNode::emitCodeSingle):
18712 (JSC::ForInNode::emitBytecode): Refactor to use the new
18713 ResolveResult structure.
18715 2012-02-01 Csaba Osztrogonác <ossy@webkit.org>
18717 Implement Error.stack
18718 https://bugs.webkit.org/show_bug.cgi?id=66994
18720 Unreviewed, rolling out r106407.
18722 * JavaScriptCore.exp:
18723 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
18724 * interpreter/AbstractPC.cpp:
18725 (JSC::AbstractPC::AbstractPC):
18726 * interpreter/Interpreter.cpp:
18727 (JSC::Interpreter::throwException):
18728 * interpreter/Interpreter.h:
18732 (GlobalObject::finishCreation):
18735 * runtime/CommonIdentifiers.h:
18736 * runtime/Error.cpp:
18737 (JSC::addErrorInfo):
18741 2012-01-31 Hajime Morrita <morrita@chromium.org>
18743 Add missing JS_PRIVATE_EXPORTs
18744 https://bugs.webkit.org/show_bug.cgi?id=77507
18746 Reviewed by Kevin Ollivier.
18748 * heap/MarkedSpace.h:
18750 * interpreter/Interpreter.h:
18752 * runtime/JSValue.h:
18754 * wtf/text/AtomicString.h:
18755 (WTF::AtomicString::add):
18756 * wtf/text/WTFString.h:
18759 2012-01-31 Geoffrey Garen <ggaren@apple.com>
18761 Stop using -fomit-frame-pointer
18762 https://bugs.webkit.org/show_bug.cgi?id=77403
18764 Reviewed by Filip Pizlo.
18766 JavaScriptCore is too fast. I'm just the man to fix it.
18768 * Configurations/JavaScriptCore.xcconfig:
18770 2012-01-31 Michael Saboff <msaboff@apple.com>
18772 StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
18773 https://bugs.webkit.org/show_bug.cgi?id=76647
18775 Reviewed by Darin Adler.
18777 Changed stringProtoFuncToUpperCase to call StringImpl::upper() in a manor similar
18778 to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle to special
18779 cases. One case is s-sharp (0xdf) which converts to "SS". The other case is
18780 for characters which become 16 bit values when converted to upper case. For
18781 those, we up convert the the source string and use the 16 bit path.
18783 * runtime/StringPrototype.cpp:
18784 (JSC::stringProtoFuncToUpperCase):
18785 * wtf/text/StringImpl.cpp:
18786 (WTF::StringImpl::upper):
18787 * wtf/unicode/CharacterNames.h:
18788 (smallLetterSharpS): New constant
18790 2012-01-31 Oliver Hunt <oliver@apple.com>
18792 Remove unneeded sourceId property
18793 https://bugs.webkit.org/show_bug.cgi?id=77495
18795 Reviewed by Filip Pizlo.
18797 sourceId isn't used anymore, so we'll just remove it.
18799 * runtime/Error.cpp:
18801 (JSC::addErrorInfo):
18802 (JSC::hasErrorInfo):
18804 2012-01-31 Oliver Hunt <oliver@apple.com>
18806 Implement Error.stack
18807 https://bugs.webkit.org/show_bug.cgi?id=66994
18809 Reviewed by Gavin Barraclough.
18811 Original patch by Juan Carlos Montemayor Elosua:
18812 This patch utilizes topCallFrame to create a stack trace when
18813 an error is thrown. Users will also be able to use the stack()
18814 command in jsc to get arrays with stack trace information.
18816 Modified to be correct on ToT, with a variety of correctness,
18817 performance, and security improvements.
18819 * JavaScriptCore.exp:
18820 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
18821 * interpreter/Interpreter.cpp:
18822 (JSC::getCallerLine):
18823 (JSC::getSourceURLFromCallFrame):
18824 (JSC::getStackFrameCodeType):
18825 (JSC::Interpreter::getStackTrace):
18826 (JSC::Interpreter::throwException):
18827 * interpreter/Interpreter.h:
18828 (JSC::StackFrame::toString):
18830 (GlobalObject::finishCreation):
18831 (functionJSCStack):
18833 (JSC::Parser::parse):
18834 * runtime/CommonIdentifiers.h:
18835 * runtime/Error.cpp:
18836 (JSC::addErrorInfo):
18839 2012-01-31 Scott Graham <scottmg@chromium.org>
18841 [Chromium] Remove references to gyp cygwin build target
18842 https://bugs.webkit.org/show_bug.cgi?id=77253
18844 Reviewed by Julien Chaffraix.
18846 Target dependency is no longer required, it's done earlier in the
18849 * JavaScriptCore.gyp/JavaScriptCore.gyp:
18851 2012-01-31 Michael Saboff <msaboff@apple.com>
18853 ASSERT(m_jumpsToLink.isEmpty()) failing in ARMv7Assembler dtor
18854 https://bugs.webkit.org/show_bug.cgi?id=77443
18856 Reviewed by Gavin Barraclough.
18858 Removed failing ASSERT() and thus destructor. The ASSERT isn't needed.
18859 We are hitting it in the YARR JIT case where we bail out and go to the
18860 interpreter with a partially JIT'ed function. Since we haven't linked
18861 the JIT'ed code, there is likely to be some unresolved jumps in the vector
18862 when the ARMv7Assembler destructor is called. For the case where we
18863 complete the JIT process, we clear the vector at the end of
18864 LinkBuffer::linkCode (LinkBuffer.h:292).
18866 * assembler/ARMv7Assembler.h:
18869 2012-01-31 Anders Carlsson <andersca@apple.com>
18871 Vector<T>::operator== shouldn't require T to have operator!=
18872 https://bugs.webkit.org/show_bug.cgi?id=77448
18874 Reviewed by Andreas Kling.
18876 Change VectorComparer::compare to use !(a == b) instead of a != b since
18877 it makes more sense for Vector::operator== to use the element's operator==.
18881 2012-01-30 Oliver Hunt <oliver@apple.com>
18883 get_by_val_arguments is broken in the interpreter
18884 https://bugs.webkit.org/show_bug.cgi?id=77389
18886 Reviewed by Gavin Barraclough.
18888 When get_by_val had wad a value profile added, the same slot was not added to
18889 get_by_val_arguments. This broke the interpreter as the interpreter falls
18890 back on its regular get_by_val implementation.
18892 No tests are added as the interpreter is fairly broken in its
18893 current state (multiple tests fail due to this bug).
18895 * bytecode/CodeBlock.cpp:
18896 (JSC::CodeBlock::dump):
18897 * bytecode/Opcode.h:
18900 * bytecompiler/BytecodeGenerator.cpp:
18901 (JSC::BytecodeGenerator::emitGetArgumentByVal):
18903 2012-01-30 Oliver Hunt <oliver@apple.com>
18905 Unexpected syntax error
18906 https://bugs.webkit.org/show_bug.cgi?id=77340
18908 Reviewed by Gavin Barraclough.
18910 Function calls and new expressions have the same semantics for
18911 assignment, so should simply share their lhs handling.
18913 * parser/Parser.cpp:
18914 (JSC::::parseMemberExpression):
18916 2012-01-30 Gavin Barraclough <barraclough@apple.com>
18918 Unreviewed ARMv7 build fix.
18920 * tools/CodeProfiling.cpp:
18922 (JSC::setProfileTimer):
18923 (JSC::CodeProfiling::begin):
18924 (JSC::CodeProfiling::end):
18926 2012-01-30 David Levin <levin@chromium.org>
18928 Using OS(WIN) or OS(MAC) should cause a build error.
18929 https://bugs.webkit.org/show_bug.cgi?id=77162
18931 Reviewed by Darin Adler.
18933 * wtf/Platform.h: Expand them into something that will
18934 cause a compile error.
18936 2012-01-30 Yong Li <yoli@rim.com>
18938 [BlackBerry] OS(QNX) also has TM_GMTOFF, TM_ZONE, and TIMEGM
18939 https://bugs.webkit.org/show_bug.cgi?id=77360
18941 Reviewed by Rob Buis.
18943 Turn on HAVE(TM_GMTOFF), HAVE(TM_ZONE), and HAVE(TIMEGM)
18948 2012-01-30 Gavin Barraclough <barraclough@apple.com>
18950 Speculative Windows build fix.
18952 * assembler/MacroAssemblerCodeRef.h:
18955 2012-01-30 Gavin Barraclough <barraclough@apple.com>
18957 https://bugs.webkit.org/show_bug.cgi?id=77163
18958 MacroAssemblerCodeRef.h uses OS(WIN) instead of OS(WINDOWS)
18960 Rubber stamped by Geoff Garen
18962 * assembler/MacroAssemblerCodeRef.h:
18964 2012-01-30 Gavin Barraclough <barraclough@apple.com>
18966 Unreviewed build fix for interpreter builds.
18968 * bytecode/CodeBlock.cpp:
18969 (JSC::CodeBlock::CodeBlock):
18970 * bytecode/CodeBlock.h:
18972 * interpreter/Interpreter.cpp:
18973 (JSC::Interpreter::privateExecute):
18974 * tools/CodeProfile.cpp:
18975 (JSC::CodeProfile::sample):
18977 2012-01-30 Gavin Barraclough <barraclough@apple.com>
18979 Unreviewed build fix following bug#76855
18981 * JavaScriptCore.exp:
18983 2012-01-30 Michael Saboff <msaboff@apple.com>
18985 CaseFoldingHash::hash() doesn't handle 8 bit strings directly
18986 https://bugs.webkit.org/show_bug.cgi?id=76652
18988 Reviewed by Andreas Kling.
18990 * wtf/text/StringHash.h:
18991 (WTF::CaseFoldingHash::hash): Added 8 bit string code path.
18993 2012-01-30 Michael Saboff <msaboff@apple.com>
18995 stringProtoFuncReplace converts 8 bit strings to 16 bit during replacement
18996 https://bugs.webkit.org/show_bug.cgi?id=76651
18998 Reviewed by Geoffrey Garen.
19000 Made local function substituteBackreferencesSlow a template function
19001 based on character width. Cleaned up getCharacters() in both UString
19002 and StringImpl. Changed getCharacters<UChar> to up convert an 8 bit
19003 string to 16 bits if necessary.
19005 * runtime/StringPrototype.cpp:
19006 (JSC::substituteBackreferencesSlow):
19007 (JSC::substituteBackreferences):
19008 * runtime/UString.h:
19011 * wtf/text/StringImpl.h:
19014 2012-01-30 Gavin Barraclough <barraclough@apple.com>
19017 https://bugs.webkit.org/show_bug.cgi?id=76232
19019 Reviewed by Sam Weinig.
19021 Part 3 - merge op_put_getter & op_put_setter.
19023 Putting these separately is inefficient (and makes future optimiation,
19024 e.g. making GetterSetter immutable) harder. Change to emit a single
19025 op_put_getter_setter bytecode op. Ultimately we should probably be
19026 able to merge this with put direct, to create a common op to initialize
19027 object literal properties.
19029 * bytecode/CodeBlock.cpp:
19030 (JSC::CodeBlock::dump):
19031 * bytecode/Opcode.h:
19034 * bytecompiler/BytecodeGenerator.cpp:
19035 (JSC::BytecodeGenerator::emitPutGetterSetter):
19036 * bytecompiler/BytecodeGenerator.h:
19037 (BytecodeGenerator):
19038 * bytecompiler/NodesCodegen.cpp:
19039 (JSC::PropertyListNode::emitBytecode):
19040 * interpreter/Interpreter.cpp:
19041 (JSC::Interpreter::privateExecute):
19043 (JSC::JIT::privateCompileMainPass):
19046 * jit/JITPropertyAccess.cpp:
19047 (JSC::JIT::emit_op_put_getter_setter):
19048 * jit/JITPropertyAccess32_64.cpp:
19049 (JSC::JIT::emit_op_put_getter_setter):
19050 * jit/JITStubs.cpp:
19051 (JSC::DEFINE_STUB_FUNCTION):
19054 * runtime/JSObject.cpp:
19055 (JSC::JSObject::putDirectVirtual):
19056 (JSC::JSObject::putDirectAccessor):
19058 (JSC::putDescriptor):
19059 (JSC::JSObject::defineOwnProperty):
19060 * runtime/JSObject.h:
19062 (JSC::JSObject::putDirectInternal):
19063 (JSC::JSObject::putDirect):
19064 (JSC::JSObject::putDirectWithoutTransition):
19066 2012-01-30 Michael Saboff <msaboff@apple.com>
19068 Dromaeo tests call parseSimpleLengthValue() on 8 bit strings
19069 https://bugs.webkit.org/show_bug.cgi?id=76649
19071 Reviewed by Geoffrey Garen.
19073 * JavaScriptCore.exp: Added export for charactersToDouble.
19075 2012-01-30 Michael Saboff <msaboff@apple.com>
19077 WebCore decodeEscapeSequences unnecessarily converts 8 bit strings to 16 bit when decoding.
19078 https://bugs.webkit.org/show_bug.cgi?id=76648
19080 Reviewed by Geoffrey Garen.
19082 Added a new overloaded append member that takes a String& argument, an offest
19083 and a length to do direct sub string appending to a StringBuilder.
19085 * wtf/text/StringBuilder.h:
19086 (WTF::StringBuilder::append):
19088 2012-01-29 Zoltan Herczeg <zherczeg@webkit.org>
19090 Custom written CSS lexer
19091 https://bugs.webkit.org/show_bug.cgi?id=70107
19093 Reviewed by Antti Koivisto and Oliver Hunt.
19095 Add new helper functions for the custom written CSS lexer.
19097 * wtf/ASCIICType.h:
19098 (WTF::toASCIILowerUnchecked):
19100 (WTF::isASCIIAlphaCaselessEqual):
19102 2012-01-29 Filip Pizlo <fpizlo@apple.com>
19104 REGRESSION (r105576-r105582): Web Inspector Crash in JSC::JSValue::toString(JSC::ExecState*) const
19105 https://bugs.webkit.org/show_bug.cgi?id=77146
19106 <rdar://problem/10770586>
19108 Reviewed by Oliver Hunt.
19110 The old JIT expects that the result of the last operation is in the lastResultRegister. The DFG JIT is
19111 designed to correctly track the lastResultRegister by looking at SetLocal nodes. However, when the DFG
19112 JIT inlines a code block, it forgets that the inlined code block's result would have been placed in the
19113 lastResultRegister. Hence if we OSR exit on the first node following the end of an inlined code block
19114 that had a return value, and that first node uses the return value, the old JIT will get massively
19115 confused. This patch takes a surgical approach: instead of making the DFG smarter, it makes the old
19116 JIT slightly dumber.
19119 (JSC::JIT::emit_op_call_put_result):
19121 2012-01-29 Filip Pizlo <fpizlo@apple.com>
19123 Build fix for Mac non-x64 platforms.
19125 * tools/CodeProfiling.cpp:
19128 2012-01-28 Gavin Barraclough <barraclough@apple.com>
19131 https://bugs.webkit.org/show_bug.cgi?id=77293
19133 Rubber stamped by Oliver Hunt.
19135 'let' may become a keyword in ES6. We're going to try experimentally reserving it,
19136 to see if this breaks the web.
19138 * parser/Keywords.table:
19140 2012-01-27 Gavin Barraclough <barraclough@apple.com>
19142 Implement a JIT-code aware sampling profiler for JSC
19143 https://bugs.webkit.org/show_bug.cgi?id=76855
19145 Reviewed by Oliver Hunt.
19147 To enable the profiler, set the JSC_CODE_PROFILING environment variable to
19148 1 (no tracing the C stack), 2 (trace one level of C code) or 3 (recursively
19149 trace all samples).
19151 The profiler requires -fomit-frame-pointer to be removed from the build flags.
19153 * JavaScriptCore.exp:
19154 - Removed an export.
19155 * JavaScriptCore.xcodeproj/project.pbxproj:
19157 * bytecode/CodeBlock.cpp:
19158 - For baseline codeblocks, cache the result of canCompileWithDFG.
19159 * bytecode/CodeBlock.h:
19160 - For baseline codeblocks, cache the result of canCompileWithDFG.
19161 * jit/ExecutableAllocator.cpp:
19162 (JSC::ExecutableAllocator::initializeAllocator):
19163 - Notify the profiler when the allocator is created.
19164 (JSC::ExecutableAllocator::allocate):
19165 - Inform the allocated of the ownerUID.
19166 * jit/ExecutableAllocatorFixedVMPool.cpp:
19167 (JSC::ExecutableAllocator::initializeAllocator):
19168 - Notify the profiler when the allocator is created.
19169 (JSC::ExecutableAllocator::allocate):
19170 - Inform the allocated of the ownerUID.
19171 * jit/JITStubs.cpp:
19172 - If profiling, don't mask the return address in JIT code.
19173 (We do so to provide nicer backtraces in debug builds).
19174 * runtime/Completion.cpp:
19176 - Notify the profiler of script evaluations.
19178 * tools/CodeProfile.cpp: Added.
19180 - Helper function to get the name of a symbol in the framework.
19181 (JSC::truncateTrace):
19182 - Helper to truncate traces into methods know to have uninformatively deep stacks.
19183 (JSC::CodeProfile::sample):
19184 - Record a stack trace classifying samples.
19185 (JSC::CodeProfile::report):
19186 - {Print profiler output.
19187 * tools/CodeProfile.h: Added.
19188 - new class, captures a set of samples associated with an evaluated script,
19189 and nested to record samples from subscripts.
19190 * tools/CodeProfiling.cpp: Added.
19191 (JSC::CodeProfiling::profilingTimer):
19192 - callback fired then a timer event occurs.
19193 (JSC::CodeProfiling::notifyAllocator):
19194 - called when the executable allocator is constructed.
19195 (JSC::CodeProfiling::getOwnerUIDForPC):
19196 - helper to lookup the codeblock from an address in JIT code
19197 (JSC::CodeProfiling::begin):
19198 - enter a profiling scope.
19199 (JSC::CodeProfiling::end):
19200 - exit a profiling scope.
19201 * tools/CodeProfiling.h: Added.
19202 - new class, instantialed from Completion to define a profiling scope.
19203 * tools/ProfileTreeNode.h: Added.
19204 - new class, used to construct a tree of samples.
19205 * tools/TieredMMapArray.h: Added.
19206 - new class, a malloc-free vector (can be used while the main thread is suspended,
19207 possibly holding the malloc heap lock).
19208 * wtf/MetaAllocator.cpp:
19209 (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
19210 (WTF::MetaAllocator::allocate):
19211 - Allow allocation handles to track information about their owner.
19212 * wtf/MetaAllocator.h:
19214 - Allow allocation handles to track information about their owner.
19215 * wtf/MetaAllocatorHandle.h:
19216 (MetaAllocatorHandle):
19217 (WTF::MetaAllocatorHandle::ownerUID):
19218 - Allow allocation handles to track information about their owner.
19219 * wtf/OSAllocator.h:
19220 (WTF::OSAllocator::reallocateCommitted):
19221 - reallocate an existing, committed memory allocation.
19223 2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
19225 Unreviewed, rolling out r106187.
19226 http://trac.webkit.org/changeset/106187
19227 https://bugs.webkit.org/show_bug.cgi?id=77276
19229 The last rollout was a false charge. (Requested by morrita on
19232 * runtime/ExceptionHelpers.h:
19233 (InterruptedExecutionError):
19234 * runtime/JSBoundFunction.h:
19236 * runtime/RegExp.h:
19238 * runtime/RegExpMatchesArray.h:
19239 (RegExpMatchesArray):
19241 2012-01-28 Sheriff Bot <webkit.review.bot@gmail.com>
19243 Unreviewed, rolling out r106151.
19244 http://trac.webkit.org/changeset/106151
19245 https://bugs.webkit.org/show_bug.cgi?id=77275
19247 may break windows build (Requested by morrita on #webkit).
19249 * runtime/ExceptionHelpers.h:
19250 (InterruptedExecutionError):
19251 * runtime/JSBoundFunction.h:
19253 * runtime/RegExp.h:
19255 * runtime/RegExpMatchesArray.h:
19256 (RegExpMatchesArray):
19258 2012-01-28 Filip Pizlo <fpizlo@apple.com>
19260 GC invoked while doing an old JIT property storage reallocation may lead
19261 to an object that refers to a dead structure
19262 https://bugs.webkit.org/show_bug.cgi?id=77273
19263 <rdar://problem/10770565>
19265 Reviewed by Gavin Barraclough.
19267 The put_by_id transition was already saving the old structure by virtue of
19268 having the object on the stack, so that wasn't going to get deleted. But the
19269 new structure was unprotected in the transition. I've now changed the
19270 transition code to save the new structure, ensuring that the GC will know it
19271 to be marked if invoked from within put_by_id_transition_realloc.
19273 * jit/JITPropertyAccess.cpp:
19274 (JSC::JIT::privateCompilePutByIdTransition):
19275 * jit/JITPropertyAccess32_64.cpp:
19276 (JSC::JIT::privateCompilePutByIdTransition):
19277 * jit/JITStubs.cpp:
19278 (JSC::DEFINE_STUB_FUNCTION):
19283 2012-01-27 Sheriff Bot <webkit.review.bot@gmail.com>
19285 Unreviewed, rolling out r106167.
19286 http://trac.webkit.org/changeset/106167
19287 https://bugs.webkit.org/show_bug.cgi?id=77264
19289 broke LayoutTests/fast/js/string-capitalization.html
19290 (Requested by msaboff on #webkit).
19292 * runtime/StringPrototype.cpp:
19293 (JSC::stringProtoFuncToLowerCase):
19294 (JSC::stringProtoFuncToUpperCase):
19295 * wtf/text/StringImpl.cpp:
19296 (WTF::StringImpl::upper):
19298 2012-01-27 Filip Pizlo <fpizlo@apple.com>
19300 Build fix for interpreter platforms.
19302 * interpreter/AbstractPC.cpp:
19303 (JSC::AbstractPC::AbstractPC):
19305 2012-01-27 Michael Saboff <msaboff@apple.com>
19307 StringProtoFuncToUpperCase should call StringImpl::upper similar to StringProtoToLowerCase
19308 https://bugs.webkit.org/show_bug.cgi?id=76647
19310 Reviewed by Geoffrey Garen.
19312 Changed stringProtoFuncToUpperCase to call StringImpl::upper() is a manor similar
19313 to stringProtoFuncToLowerCase(). Fixed StringImpl::upper() to handle the two
19314 8 bit characters that when converted to upper case become 16 bit characters.
19316 * runtime/StringPrototype.cpp:
19317 (JSC::stringProtoFuncToLowerCase): Removed extra trailing whitespace.
19318 (JSC::stringProtoFuncToUpperCase):
19319 * wtf/text/StringImpl.cpp:
19320 (WTF::StringImpl::upper):
19322 2012-01-27 Hajime Morita <morrita@google.com>
19324 [JSC] ThunkGenerators.cpp should hide its asm-defined symbols
19325 https://bugs.webkit.org/show_bug.cgi?id=77244
19327 Reviewed by Filip Pizlo.
19329 * jit/ThunkGenerators.cpp: Added HIDE_SYMBOLS()
19330 * wtf/InlineASM.h: Moved some duplicated macros from ThunkGenerators.cpp
19332 2012-01-27 Simon Hausmann <simon.hausmann@nokia.com>
19334 [JSC] Asm-originated symbols should be marked as hidden
19335 https://bugs.webkit.org/show_bug.cgi?id=77150
19337 Reviewed by Filip Pizlo.
19339 * dfg/DFGOperations.cpp: The HIDE_SYMBOLS macros were present in the CPU(ARM) preprocessor branches,
19340 but they were missing in the CPU(X86) and the CPU(X86_64) cases.
19342 2012-01-27 MORITA Hajime <morrita@google.com>
19344 [JSC] Some JS_EXPORTDATA may not be necessary.
19345 https://bugs.webkit.org/show_bug.cgi?id=77145
19347 Reviewed by Darin Adler.
19349 Removed JS_EXPORTDATA attributes whose attributing symbols are
19350 not exported on Mac port.
19352 * runtime/ExceptionHelpers.h:
19353 (InterruptedExecutionError):
19354 * runtime/JSBoundFunction.h:
19356 * runtime/RegExp.h:
19358 * runtime/RegExpMatchesArray.h:
19359 (RegExpMatchesArray):
19361 2012-01-27 MORITA Hajime <morrita@google.com>
19363 [WTF] WTFString.h has some extra JS_EXPORT_PRIVATEs
19364 https://bugs.webkit.org/show_bug.cgi?id=77113
19366 Reviewed by Darin Adler.
19368 * wtf/text/WTFString.h: Removed some WTF_EXPORT_PRIVATE attributes which we don't need to export.
19370 2012-01-27 Zeno Albisser <zeno@webkit.org>
19372 [Qt][Mac] Build fails after adding ICU support (r105997).
19373 https://bugs.webkit.org/show_bug.cgi?id=77118
19375 Use Apple code path for unicode date formats on mac.
19377 Reviewed by Tor Arne Vestbø.
19379 * runtime/DatePrototype.cpp:
19382 2012-01-27 Carlos Garcia Campos <cgarcia@igalia.com>
19384 [GTK] Add a GKeyFile especialization to GOwnPtr
19385 https://bugs.webkit.org/show_bug.cgi?id=77191
19387 Reviewed by Martin Robinson.
19389 * wtf/gobject/GOwnPtr.cpp:
19390 (WTF::GKeyFile): Implement freeOwnedGPtr for GKeyFile.
19391 * wtf/gobject/GOwnPtr.h: Add GKeyFile template.
19392 * wtf/gobject/GTypedefs.h: Add forward declaration for GKeyFile.
19394 2012-01-25 Yury Semikhatsky <yurys@chromium.org>
19396 Web Inspector: should be possible to open function declaration from script popover
19397 https://bugs.webkit.org/show_bug.cgi?id=76913
19399 Added display function name and source location to the popover in scripts panel.
19400 Now when a function is hovered user can navigate to its definition.
19402 Reviewed by Pavel Feldman.
19404 * JavaScriptCore/JavaScriptCore.exp
19405 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
19406 * runtime/JSFunction.h:
19409 2012-01-26 Kevin Ollivier <kevino@theolliviers.com>
19411 [wx] Unreviewed. Build fix, wx uses the Mac ICU headers so we must match Mac behavior.
19413 * runtime/DatePrototype.cpp:
19416 2012-01-26 Mark Hahnenberg <mhahnenberg@apple.com>
19418 Merge AllocationSpace into MarkedSpace
19419 https://bugs.webkit.org/show_bug.cgi?id=77116
19421 Reviewed by Geoffrey Garen.
19423 Merging AllocationSpace and MarkedSpace in preparation for future refactoring/enhancement to
19424 MarkedSpace allocation.
19427 * GNUmakefile.list.am:
19428 * JavaScriptCore.exp:
19429 * JavaScriptCore.gypi:
19430 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
19431 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
19432 * JavaScriptCore.xcodeproj/project.pbxproj:
19434 * heap/AllocationSpace.cpp: Removed.
19435 * heap/AllocationSpace.h: Removed.
19436 * heap/BumpSpace.h:
19439 (JSC::Heap::objectSpace):
19442 * heap/HeapBlock.h:
19444 * heap/MarkedSpace.cpp:
19445 (JSC::MarkedSpace::tryAllocateHelper):
19447 (JSC::MarkedSpace::tryAllocate):
19448 (JSC::MarkedSpace::allocateSlowCase):
19449 (JSC::MarkedSpace::allocateBlock):
19450 (JSC::MarkedSpace::freeBlocks):
19452 (JSC::TakeIfUnmarked::TakeIfUnmarked):
19453 (JSC::TakeIfUnmarked::operator()):
19454 (JSC::TakeIfUnmarked::returnValue):
19455 (JSC::MarkedSpace::shrink):
19456 (GatherDirtyCells):
19457 (JSC::GatherDirtyCells::returnValue):
19458 (JSC::GatherDirtyCells::GatherDirtyCells):
19459 (JSC::GatherDirtyCells::operator()):
19460 (JSC::MarkedSpace::gatherDirtyCells):
19461 * heap/MarkedSpace.h:
19463 (JSC::MarkedSpace::blocks):
19464 (JSC::MarkedSpace::forEachCell):
19466 (JSC::MarkedSpace::allocate):
19468 2012-01-26 Oliver Hunt <oliver@apple.com>
19471 <rdar://problem/10703671> MSVC generates bad code for enum compare.
19475 Make bitfield large enough to work around MSVC's desire to make enums
19478 * bytecode/CallLinkInfo.h:
19481 2012-01-26 Filip Pizlo <fpizlo@apple.com>
19483 All DFG helpers that may call out to arbitrary JS code must know where they
19484 were called from due to inlining and call stack walking
19485 https://bugs.webkit.org/show_bug.cgi?id=77070
19486 <rdar://problem/10750834>
19488 Reviewed by Geoff Garen.
19490 Changed the DFG to always record a code origin index in the tag of the argument
19491 count (which we previously left blank for the benefit of LLInt, but is still
19492 otherwise unused by the DFG), so that if we ever need to walk the stack accurately
19493 we know where to start. In particular, if the current ExecState* points several
19494 semantic call frames away from the true semantic call frame because we had
19495 performed inlining, having the code origin index recorded means that we can reify
19496 those call frames as necessary to give runtime/library code an accurate view of
19497 the current JS state.
19499 This required several large but mechanical changes:
19501 - Calling a function from the DFG now plants a store32 instruction to store the
19502 code origin index. But the indices of code origins were previously picked by
19503 the DFG::JITCompiler after code generation completed. I changed this somewhat;
19504 even though the code origins are put into the CodeBlock after code gen, the
19505 code gen now knows a priori what their indices will be. Extensive assertions
19506 are in place to ensure that the two don't get out of sync, in the form of the
19507 DFG::CallBeginToken. Note that this mechanism has almost no effect on JS calls;
19508 those don't need the code origin index set in the call frame because we can get
19509 it by doing a binary search on the return PC.
19511 - Stack walking now always calls trueCallFrame() first before beginning the walk,
19512 since even the top call frame may be wrong. It still calls trueCallerFrame() as
19513 before to get to the next frame, though trueCallerFrame() is now mostly a
19514 wrapper around callerFrame()->trueCallFrame().
19516 - Because the mechanism for getting the code origin of a call frame is bimodal
19517 (either the call frame knows its code origin because the code origin index was
19518 set, or it's necessary to use the callee frame's return PC), I put in extra
19519 mechanisms to determine whether your caller, or your callee, corresponds to
19520 a call out of C++ code. Previously we just had the host call flag, but this is
19521 insufficient as it does not cover the case of someone calling JSC::call(). But
19522 luckily we can determine this just by looking at the return PC: if the return
19523 PC is in range of the ctiTrampiline, then two things are true: this call
19524 frame's PC will tell you nothing about where you came from in your caller, and
19525 the caller already knows where it's at because it must have set the code origin
19526 index (unless it's not DFG code, in which case we don't care because there is
19527 no inlining to worry about).
19529 - During testing this revealed a simple off-by-one goof in DFG::ByteCodeParser's
19530 inlining code, so I fixed it.
19532 - Finally because I was tired of doing random #if's for checking if I should be
19533 passing around an Instruction* or a ReturnAddressPtr, I created a class called
19534 AbstractPC that holds whatever notion of a PC is appropriate for the current
19535 execution environment. It's designed to work gracefully even if both the
19536 interpreter and the JIT are compiled in, and should integrate nicely with the
19539 This is neutral on all benchmarks and fixes some nasty corner-case regressions of
19540 evil code that uses combinations of getters/setters and function.arguments.
19543 * GNUmakefile.list.am:
19544 * JavaScriptCore.exp:
19545 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
19546 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
19547 * JavaScriptCore.xcodeproj/project.pbxproj:
19549 * bytecode/CodeBlock.h:
19550 (JSC::CodeBlock::codeOrigin):
19552 * dfg/DFGByteCodeParser.cpp:
19553 (JSC::DFG::ByteCodeParser::handleInlining):
19554 * dfg/DFGJITCompiler.cpp:
19555 (JSC::DFG::JITCompiler::link):
19556 * dfg/DFGJITCompiler.h:
19558 (JSC::DFG::CallBeginToken::CallBeginToken):
19559 (JSC::DFG::CallBeginToken::assertCodeOriginIndex):
19560 (JSC::DFG::CallBeginToken::assertNoCodeOriginIndex):
19562 (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
19563 (CallExceptionRecord):
19564 (JSC::DFG::JITCompiler::JITCompiler):
19566 (JSC::DFG::JITCompiler::nextCallBeginToken):
19567 (JSC::DFG::JITCompiler::beginCall):
19568 (JSC::DFG::JITCompiler::notifyCall):
19569 (JSC::DFG::JITCompiler::addExceptionCheck):
19570 (JSC::DFG::JITCompiler::addFastExceptionCheck):
19571 * dfg/DFGOperations.cpp:
19573 * dfg/DFGRepatch.cpp:
19574 (JSC::DFG::tryBuildGetByIDList):
19575 * dfg/DFGSpeculativeJIT.h:
19576 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
19577 * dfg/DFGSpeculativeJIT32_64.cpp:
19578 (JSC::DFG::SpeculativeJIT::emitCall):
19579 * dfg/DFGSpeculativeJIT64.cpp:
19580 (JSC::DFG::SpeculativeJIT::emitCall):
19581 * interpreter/AbstractPC.cpp: Added.
19583 (JSC::AbstractPC::AbstractPC):
19584 * interpreter/AbstractPC.h: Added.
19587 (JSC::AbstractPC::AbstractPC):
19588 (JSC::AbstractPC::hasJITReturnAddress):
19589 (JSC::AbstractPC::jitReturnAddress):
19590 (JSC::AbstractPC::hasInterpreterReturnAddress):
19591 (JSC::AbstractPC::interpreterReturnAddress):
19592 (JSC::AbstractPC::isSet):
19593 (JSC::AbstractPC::operator!):
19595 * interpreter/CallFrame.cpp:
19597 (JSC::CallFrame::trueCallFrame):
19598 (JSC::CallFrame::trueCallerFrame):
19599 * interpreter/CallFrame.h:
19600 (JSC::ExecState::abstractReturnPC):
19601 (JSC::ExecState::codeOriginIndexForDFGWithInlining):
19603 (JSC::ExecState::trueCallFrame):
19604 (JSC::ExecState::trueCallFrameFromVMCode):
19605 * interpreter/Interpreter.cpp:
19606 (JSC::Interpreter::retrieveArgumentsFromVMCode):
19607 (JSC::Interpreter::retrieveCallerFromVMCode):
19608 (JSC::Interpreter::findFunctionCallFrameFromVMCode):
19609 * interpreter/Interpreter.h:
19612 * jit/JITStubs.cpp:
19617 (JSC::returnAddressIsInCtiTrampoline):
19618 * runtime/JSFunction.cpp:
19619 (JSC::JSFunction::argumentsGetter):
19620 (JSC::JSFunction::callerGetter):
19621 (JSC::JSFunction::getOwnPropertyDescriptor):
19623 2012-01-26 Peter Varga <pvarga@webkit.org>
19625 Fix build when VERBOSE_SPECULATION_FAILURE is enabled in DFG
19626 https://bugs.webkit.org/show_bug.cgi?id=77104
19628 Reviewed by Filip Pizlo.
19630 * dfg/DFGOperations.cpp:
19633 2012-01-26 Michael Saboff <msaboff@apple.com>
19635 String::latin1() should take advantage of 8 bit strings
19636 https://bugs.webkit.org/show_bug.cgi?id=76646
19638 Reviewed by Geoffrey Garen.
19640 * wtf/text/WTFString.cpp:
19641 (WTF::String::latin1): For 8 bit strings, use existing buffer
19642 without conversion.
19644 2012-01-26 Michael Saboff <msaboff@apple.com>
19646 Dromaeo tests usage of StringImpl find routines cause 8->16 bit conversions
19647 https://bugs.webkit.org/show_bug.cgi?id=76645
19649 Reviewed by Geoffrey Garen.
19651 * wtf/text/StringImpl.cpp:
19652 (WTF::equalIgnoringCase): New LChar version.
19653 (WTF::findInner): New helper function.
19654 (WTF::StringImpl::find): Added 8 bit path.
19655 (WTF::reverseFindInner): New helper funciton.
19656 (WTF::StringImpl::reverseFind): Added 8 bit path.
19657 (WTF::StringImpl::reverseFindIgnoringCase): Added 8 bit path.
19658 * wtf/text/StringImpl.h:
19661 2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
19663 [Qt][Win] One more speculative buildfix after r105970.
19665 * JavaScriptCore.pri:
19667 2012-01-26 Csaba Osztrogonác <ossy@webkit.org>
19669 [Qt][Win] Speculative buildfix after r105970.
19671 * JavaScriptCore.pri: Link lgdi for DeleteObject() and DeleteDC().
19673 2012-01-26 Sheriff Bot <webkit.review.bot@gmail.com>
19675 Unreviewed, rolling out r105982.
19676 http://trac.webkit.org/changeset/105982
19677 https://bugs.webkit.org/show_bug.cgi?id=77090
19679 breaks the world (Requested by WildFox on #webkit).
19681 * wtf/MainThread.cpp:
19684 * wtf/mac/MainThreadMac.mm:
19686 (WTF::registerGCThread):
19687 (WTF::isMainThreadOrGCThread):
19689 2012-01-26 Roland Takacs <takacs.roland@stud.u-szeged.hu>
19691 [Qt] GC should be parallel on Qt platform
19692 https://bugs.webkit.org/show_bug.cgi?id=73309
19694 Reviewed by Zoltan Herczeg.
19696 These changes made the parallel gc feature available for Qt port.
19697 The implementation of "registerGCThread" and "isMainThreadOrGCThread"
19698 is moved from MainThreadMac.mm to the common MainThread.cpp to make
19699 them available for other platforms.
19701 Measurement results:
19702 V8 speed-up: 1.071x as fast [From: 746.1ms To: 696.4ms ]
19703 WindScorpion speed-up: 1.082x as fast [From: 3490.4ms To: 3226.7ms]
19704 V8 Splay speed-up: 1.158x as fast [From: 145.8ms To: 125.9ms ]
19706 Tested on Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz with 4-core.
19708 * wtf/MainThread.cpp:
19710 (WTF::registerGCThread):
19711 (WTF::isMainThreadOrGCThread):
19713 * wtf/mac/MainThreadMac.mm:
19715 2012-01-26 Andy Estes <aestes@apple.com>
19717 REGRESSION (r105555): Incorrect use of OS() macro breaks OwnPtr when used with Win32 data types
19718 https://bugs.webkit.org/show_bug.cgi?id=77073
19720 Reviewed by Ryosuke Niwa.
19722 r105555 changed PLATFORM(WIN) to OS(WIN), but WTF_OS_WIN isn't defined.
19723 This should have been changed to OS(WINDOWS). This causes the
19724 preprocessor to strip out Win32 data type overrides for deleteOwnedPtr,
19725 causing allocations made by Win32 to be deleted by fastmalloc.
19727 * wtf/OwnPtrCommon.h:
19728 (WTF): Use OS(WINDOWS) instead of OS(WIN).
19730 2012-01-25 Mark Rowe <mrowe@apple.com>
19732 Attempted Mac build fix after r105939.
19734 * runtime/DatePrototype.cpp: Don't #include unicode/udat.h on Mac or iOS.
19735 It isn't used on these platforms and isn't available in the ICU headers
19738 2012-01-25 Mark Rowe <mrowe@apple.com>
19740 Build in to an alternate location when USE_STAGING_INSTALL_PATH is set.
19742 <rdar://problem/10609417> Adopt USE_STAGING_INSTALL_PATH
19744 Reviewed by David Kilzer.
19746 * Configurations/Base.xcconfig: Define NORMAL_JAVASCRIPTCORE_FRAMEWORKS_DIR, which contains
19747 the path where JavaScriptCore is normally installed. Update JAVASCRIPTCORE_FRAMEWORKS_DIR
19748 to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set.
19749 * Configurations/JavaScriptCore.xcconfig: Always set the framework's install name based on
19750 the normal framework location. This prevents an incorrect install name from being used when
19751 installing in to the staged frameworks directory.
19753 2012-01-25 Eli Fidler <efidler@rim.com>
19755 Implement Date.toLocaleString() using ICU
19756 https://bugs.webkit.org/show_bug.cgi?id=76714
19758 Reviewed by Darin Adler.
19760 * runtime/DatePrototype.cpp:
19761 (JSC::formatLocaleDate):
19763 2012-01-25 Hajime Morita <morrita@google.com>
19765 ENABLE_SHADOW_DOM should be available via build-webkit --shadow-dom
19766 https://bugs.webkit.org/show_bug.cgi?id=76863
19768 Reviewed by Dimitri Glazkov.
19770 Added a feature flag.
19772 * Configurations/FeatureDefines.xcconfig:
19774 2012-01-25 Yong Li <yoli@rim.com>
19776 [BlackBerry] Implement OSAllocator::commit/decommit.
19777 BlackBerry port should support virtual memory decommiting.
19778 https://bugs.webkit.org/show_bug.cgi?id=77013
19780 Reviewed by Rob Buis.
19782 * wtf/OSAllocatorPosix.cpp:
19783 (WTF::OSAllocator::reserveUncommitted):
19784 (WTF::OSAllocator::commit):
19785 (WTF::OSAllocator::decommit):
19788 2012-01-24 Oliver Hunt <oliver@apple.com>
19790 Make DFG update topCallFrame
19791 https://bugs.webkit.org/show_bug.cgi?id=76969
19793 Reviewed by Filip Pizlo.
19795 Add NativeCallFrameTracer to manage topCallFrame assignment
19796 in the DFG operations, and make use of it.
19798 * dfg/DFGOperations.cpp:
19799 (JSC::DFG::operationPutByValInternal):
19801 * interpreter/Interpreter.h:
19803 (NativeCallFrameTracer):
19804 (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
19806 2012-01-24 Filip Pizlo <fpizlo@apple.com>
19808 Inlining breaks call frame walking when the walking is done from outside the inlinee,
19809 but inside a code block that had inlining
19810 https://bugs.webkit.org/show_bug.cgi?id=76978
19811 <rdar://problem/10720904>
19813 Reviewed by Oliver Hunt.
19815 * bytecode/CodeBlock.h:
19816 (JSC::CodeBlock::codeOriginForReturn):
19817 * interpreter/CallFrame.cpp:
19818 (JSC::CallFrame::trueCallerFrame):
19820 2012-01-24 Gavin Barraclough <barraclough@apple.com>
19822 https://bugs.webkit.org/show_bug.cgi?id=76855
19823 Implement a JIT-code aware sampling profiler for JSC
19825 Reviewed by Oliver Hunt.
19827 Add support to MetaAllocator.cpp to track all live handles in a map,
19828 allowing lookup based on any address within the allocation.
19830 * wtf/MetaAllocator.cpp:
19831 (WTF::MetaAllocatorTracker::notify):
19832 (WTF::MetaAllocatorTracker::release):
19833 - Track live handle objects in a map.
19834 (WTF::MetaAllocator::release):
19835 - Removed support for handles with null m_allocator (no longer used).
19836 - Notify the tracker of handles being released.
19837 (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
19838 - Moved functionality out into MetaAllocator::release.
19839 (WTF::MetaAllocatorHandle::shrink):
19840 - Removed support for handles with null m_allocator (no longer used).
19841 (WTF::MetaAllocator::MetaAllocator):
19842 - Initialize m_tracker.
19843 (WTF::MetaAllocator::allocate):
19844 - Notify the tracker of new allocations.
19845 * wtf/MetaAllocator.h:
19846 (WTF::MetaAllocatorTracker::find):
19847 - Lookup a MetaAllocatorHandle based on an address inside the allocation.
19848 (WTF::MetaAllocator::trackAllocations):
19849 - Register a callback object to track allocation state.
19850 * wtf/MetaAllocatorHandle.h:
19851 - Remove unused createSelfManagedHandle/constructor.
19852 (WTF::MetaAllocatorHandle::key):
19853 - Added, for use in RedBlackTree.
19855 2012-01-24 Mark Hahnenberg <mhahnenberg@apple.com>
19857 Use copying collector for out-of-line JSObject property storage
19858 https://bugs.webkit.org/show_bug.cgi?id=76665
19860 Reviewed by Geoffrey Garen.
19862 * runtime/JSObject.cpp:
19863 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
19864 Also added a temporary variable to avoid warnings from GCC.
19865 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
19866 operator new. Also added a temporary variable to avoid warnings from GCC.
19867 * runtime/JSObject.h:
19869 2012-01-24 Geoffrey Garen <ggaren@apple.com>
19871 JSValue::toString() should return a JSString* instead of a UString
19872 https://bugs.webkit.org/show_bug.cgi?id=76861
19874 Fixed two failing layout tests after my last patch.
19876 Reviewed by Gavin Barraclough.
19878 * runtime/ArrayPrototype.cpp:
19879 (JSC::arrayProtoFuncSort): Call value() after calling toString(), as
19880 in all other cases.
19882 I missed this case because the JSString* type has a valid operator<,
19883 so the compiler didn't complain.
19885 2012-01-24 Kenichi Ishibashi <bashi@chromium.org>
19887 [V8] Add Uint8ClampedArray support
19888 https://bugs.webkit.org/show_bug.cgi?id=76803
19890 Reviewed by Kenneth Russell.
19892 * wtf/ArrayBufferView.h:
19893 (WTF::ArrayBufferView::isUnsignedByteClampedArray): Added.
19894 * wtf/Uint8ClampedArray.h:
19895 (WTF::Uint8ClampedArray::isUnsignedByteClampedArray): Overridden to return true.
19897 2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
19899 [GTK] Add WebKitDownload to WebKit2 GTK+ API
19900 https://bugs.webkit.org/show_bug.cgi?id=72949
19902 Reviewed by Martin Robinson.
19904 * wtf/gobject/GOwnPtr.cpp:
19905 (WTF::GTimer): Use g_timer_destroy() to free a GTimer.
19906 * wtf/gobject/GOwnPtr.h: Add GTimer template.
19907 * wtf/gobject/GTypedefs.h: Add GTimer forward declaration.
19909 2012-01-24 Ilya Tikhonovsky <loislo@chromium.org>
19911 Unreviewed build fix for Qt LinuxSH4 build after r105698.
19913 * interpreter/Interpreter.cpp:
19914 (JSC::Interpreter::privateExecute):
19916 2012-01-23 Geoffrey Garen <ggaren@apple.com>
19918 JSValue::toString() should return a JSString* instead of a UString
19919 https://bugs.webkit.org/show_bug.cgi?id=76861
19921 Reviewed by Gavin Barraclough.
19923 This makes the common case -- toString() on a string -- faster and
19924 inline-able. (Not a measureable speedup, but we can now remove a bunch
19925 of duplicate hand-rolled code for this optimization.)
19927 This also clarifies the boundary between "C++ strings" and "JS strings".
19929 In all cases other than true, false, null, undefined, and multi-digit
19930 numbers, the JS runtime was just retrieving a UString from a JSString,
19931 so returning a JSString* is strictly better. In the other cases, we can
19932 optimize to avoid creating a new JSString if we care to, but it doesn't
19933 seem to be a big deal.
19935 * JavaScriptCore.exp: Export!
19942 (functionCheckSyntax):
19945 * API/JSValueRef.cpp:
19946 (JSValueToStringCopy):
19947 * bytecode/CodeBlock.cpp:
19948 (JSC::valueToSourceString): Call value() after calling toString(), to
19949 convert from "JS string" (JSString*) to "C++ string" (UString), since
19950 toString() no longer returns a "C++ string".
19952 * dfg/DFGOperations.cpp:
19953 (JSC::DFG::operationValueAddNotNumber):
19954 * jit/JITStubs.cpp:
19955 (op_add): Updated for removal of toPrimitiveString():
19956 all '+' operands can use toString(), except for object operands, which
19957 need to take a slow path to call toPrimitive().
19959 * runtime/ArrayPrototype.cpp:
19960 (JSC::arrayProtoFuncToString):
19961 (JSC::arrayProtoFuncToLocaleString):
19962 (JSC::arrayProtoFuncJoin):
19963 (JSC::arrayProtoFuncPush):
19964 * runtime/CommonSlowPaths.h:
19965 (JSC::CommonSlowPaths::opIn):
19966 * runtime/DateConstructor.cpp:
19968 * runtime/DatePrototype.cpp:
19969 (JSC::formatLocaleDate): Call value() after calling toString(), as above.
19971 * runtime/ErrorInstance.h:
19972 (JSC::ErrorInstance::create): Simplified down to one canonical create()
19973 function, to make string handling easier.
19975 * runtime/ErrorPrototype.cpp:
19976 (JSC::errorProtoFuncToString):
19977 * runtime/ExceptionHelpers.cpp:
19978 (JSC::createInvalidParamError):
19979 (JSC::createNotAConstructorError):
19980 (JSC::createNotAFunctionError):
19981 (JSC::createNotAnObjectError):
19982 * runtime/FunctionConstructor.cpp:
19983 (JSC::constructFunctionSkippingEvalEnabledCheck):
19984 * runtime/FunctionPrototype.cpp:
19985 (JSC::functionProtoFuncBind):
19986 * runtime/JSArray.cpp:
19987 (JSC::JSArray::sort): Call value() after calling toString(), as above.
19989 * runtime/JSCell.cpp:
19990 * runtime/JSCell.h: Removed JSCell::toString() because JSValue does this
19991 job now. Doing it in JSCell is slower (requires extra type checking), and
19992 creates the misimpression that language-defined toString() behavior is
19993 an implementation detail of JSCell.
19995 * runtime/JSGlobalObjectFunctions.cpp:
19998 (JSC::globalFuncEval):
19999 (JSC::globalFuncParseInt):
20000 (JSC::globalFuncParseFloat):
20001 (JSC::globalFuncEscape):
20002 (JSC::globalFuncUnescape): Call value() after calling toString(), as above.
20004 * runtime/JSONObject.cpp:
20005 (JSC::unwrapBoxedPrimitive):
20006 (JSC::Stringifier::Stringifier):
20007 (JSC::JSONProtoFuncParse): Removed some manual optimization that toString()
20010 * runtime/JSObject.cpp:
20011 (JSC::JSObject::toString):
20012 * runtime/JSObject.h: Updated to return JSString*.
20014 * runtime/JSString.cpp:
20015 * runtime/JSString.h:
20016 (JSC::JSValue::toString): Removed, since I removed JSCell::toString().
20018 * runtime/JSValue.cpp:
20019 (JSC::JSValue::toStringSlowCase): Removed toPrimitiveString(), and re-
20020 spawned toStringSlowCase() from its zombie corpse, since toPrimitiveString()
20021 basically did what we want all the time. (Note that the toPrimitive()
20022 preference changes from NoPreference to PreferString, because that's
20023 how ToString is defined in the language. op_add does not want this behavior.)
20025 * runtime/NumberPrototype.cpp:
20026 (JSC::numberProtoFuncToString):
20027 (JSC::numberProtoFuncToLocaleString): A little simpler, now that toString()
20028 returns a JSString*.
20030 * runtime/ObjectConstructor.cpp:
20031 (JSC::objectConstructorGetOwnPropertyDescriptor):
20032 (JSC::objectConstructorDefineProperty):
20033 * runtime/ObjectPrototype.cpp:
20034 (JSC::objectProtoFuncHasOwnProperty):
20035 (JSC::objectProtoFuncDefineGetter):
20036 (JSC::objectProtoFuncDefineSetter):
20037 (JSC::objectProtoFuncLookupGetter):
20038 (JSC::objectProtoFuncLookupSetter):
20039 (JSC::objectProtoFuncPropertyIsEnumerable): More calls to value(), as above.
20041 * runtime/Operations.cpp:
20042 (JSC::jsAddSlowCase): Need to check for object before taking the toString()
20043 fast path becuase adding an object to a string requires calling toPrimitive()
20044 on the object, not toString(). (They differ in their preferred conversion
20047 * runtime/Operations.h:
20049 (JSC::jsStringFromArguments): This code gets simpler, now that toString()
20050 does the right thing.
20052 (JSC::jsAdd): Now checks for object, just like jsAddSlowCase().
20054 * runtime/RegExpConstructor.cpp:
20055 (JSC::setRegExpConstructorInput):
20056 (JSC::constructRegExp):
20057 * runtime/RegExpObject.cpp:
20058 (JSC::RegExpObject::match):
20059 * runtime/RegExpPrototype.cpp:
20060 (JSC::regExpProtoFuncCompile):
20061 (JSC::regExpProtoFuncToString): More calls to value(), as above.
20063 * runtime/StringConstructor.cpp:
20064 (JSC::constructWithStringConstructor):
20065 (JSC::callStringConstructor): This code gets simpler, now that toString()
20066 does the right thing.
20068 * runtime/StringPrototype.cpp:
20069 (JSC::replaceUsingRegExpSearch):
20070 (JSC::replaceUsingStringSearch):
20071 (JSC::stringProtoFuncReplace):
20072 (JSC::stringProtoFuncCharAt):
20073 (JSC::stringProtoFuncCharCodeAt):
20074 (JSC::stringProtoFuncConcat):
20075 (JSC::stringProtoFuncIndexOf):
20076 (JSC::stringProtoFuncLastIndexOf):
20077 (JSC::stringProtoFuncMatch):
20078 (JSC::stringProtoFuncSearch):
20079 (JSC::stringProtoFuncSlice):
20080 (JSC::stringProtoFuncSplit):
20081 (JSC::stringProtoFuncSubstr):
20082 (JSC::stringProtoFuncSubstring):
20083 (JSC::stringProtoFuncToLowerCase):
20084 (JSC::stringProtoFuncToUpperCase):
20085 (JSC::stringProtoFuncLocaleCompare):
20086 (JSC::stringProtoFuncBig):
20087 (JSC::stringProtoFuncSmall):
20088 (JSC::stringProtoFuncBlink):
20089 (JSC::stringProtoFuncBold):
20090 (JSC::stringProtoFuncFixed):
20091 (JSC::stringProtoFuncItalics):
20092 (JSC::stringProtoFuncStrike):
20093 (JSC::stringProtoFuncSub):
20094 (JSC::stringProtoFuncSup):
20095 (JSC::stringProtoFuncFontcolor):
20096 (JSC::stringProtoFuncFontsize):
20097 (JSC::stringProtoFuncAnchor):
20098 (JSC::stringProtoFuncLink):
20099 (JSC::trimString): Some of this code gets simpler, now that toString()
20100 does the right thing. More calls to value(), as above.
20102 2012-01-23 Luke Macpherson <macpherson@chromium.org>
20104 Unreviewed, rolling out r105676.
20105 http://trac.webkit.org/changeset/105676
20106 https://bugs.webkit.org/show_bug.cgi?id=76665
20108 Breaks build on max due to compile warnings.
20110 * runtime/JSObject.cpp:
20111 (JSC::JSObject::finalize):
20112 (JSC::JSObject::visitChildren):
20113 (JSC::JSObject::allocatePropertyStorage):
20114 * runtime/JSObject.h:
20116 2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
20118 Use copying collector for out-of-line JSObject property storage
20119 https://bugs.webkit.org/show_bug.cgi?id=76665
20121 Reviewed by Geoffrey Garen.
20123 * runtime/JSObject.cpp:
20124 (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
20125 (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
20127 * runtime/JSObject.h:
20129 2012-01-23 Brian Weinstein <bweinstein@apple.com>
20131 More build fixing after r105646.
20133 * JavaScriptCore.exp:
20135 2012-01-23 Gavin Barraclough <barraclough@apple.com>
20137 https://bugs.webkit.org/show_bug.cgi?id=76855
20138 Implement a JIT-code aware sampling profiler for JSC
20140 Reviewed by Geoff Garen.
20142 Step 2: generalize RedBlackTree. The profiler is going to want tio use
20143 a RedBlackTree, allow this class to work with subclasses of
20144 RedBlackTree::Node, Node should not need to know the names of the m_key
20145 and m_value fields (the subclass can provide a key() accessor), and
20146 RedBlackTree does not need to know anything about ValueType.
20148 * JavaScriptCore.exp:
20149 * wtf/MetaAllocator.cpp:
20150 (WTF::MetaAllocator::findAndRemoveFreeSpace):
20151 (WTF::MetaAllocator::debugFreeSpaceSize):
20152 (WTF::MetaAllocator::addFreeSpace):
20153 * wtf/MetaAllocator.h:
20154 (WTF::MetaAllocator::FreeSpaceNode::FreeSpaceNode):
20155 (WTF::MetaAllocator::FreeSpaceNode::key):
20156 * wtf/MetaAllocatorHandle.h:
20157 (WTF::MetaAllocatorHandle::key):
20158 * wtf/RedBlackTree.h:
20159 (WTF::RedBlackTree::Node::successor):
20160 (WTF::RedBlackTree::Node::predecessor):
20161 (WTF::RedBlackTree::Node::parent):
20162 (WTF::RedBlackTree::Node::setParent):
20163 (WTF::RedBlackTree::Node::left):
20164 (WTF::RedBlackTree::Node::setLeft):
20165 (WTF::RedBlackTree::Node::right):
20166 (WTF::RedBlackTree::Node::setRight):
20167 (WTF::RedBlackTree::insert):
20168 (WTF::RedBlackTree::remove):
20169 (WTF::RedBlackTree::findExact):
20170 (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
20171 (WTF::RedBlackTree::findGreatestLessThanOrEqual):
20172 (WTF::RedBlackTree::first):
20173 (WTF::RedBlackTree::last):
20174 (WTF::RedBlackTree::size):
20175 (WTF::RedBlackTree::treeMinimum):
20176 (WTF::RedBlackTree::treeMaximum):
20177 (WTF::RedBlackTree::treeInsert):
20178 (WTF::RedBlackTree::leftRotate):
20179 (WTF::RedBlackTree::rightRotate):
20180 (WTF::RedBlackTree::removeFixup):
20182 2012-01-23 Andy Estes <aestes@apple.com>
20184 Fix the build after r105635.
20186 * JavaScriptCore.exp:
20188 2012-01-23 Mark Hahnenberg <mhahnenberg@apple.com>
20190 Remove StackBounds from JSGlobalData
20191 https://bugs.webkit.org/show_bug.cgi?id=76310
20193 Reviewed by Sam Weinig.
20195 Removed StackBounds and the stack() function from JSGlobalData since it no
20196 longer accessed any members of JSGlobalData.
20198 * bytecompiler/BytecodeGenerator.cpp:
20199 (JSC::BytecodeGenerator::BytecodeGenerator):
20200 * heap/MachineStackMarker.cpp:
20201 (JSC::MachineThreads::addCurrentThread):
20202 (JSC::MachineThreads::gatherFromCurrentThread):
20203 * parser/Parser.cpp:
20205 * runtime/JSGlobalData.cpp:
20206 (JSC::JSGlobalData::JSGlobalData):
20207 * runtime/JSGlobalData.h:
20209 2012-01-23 Gavin Barraclough <barraclough@apple.com>
20211 Implement a JIT-code aware sampling profiler for JSC
20212 https://bugs.webkit.org/show_bug.cgi?id=76855
20214 Rubber stanmped by Geoff Garen.
20216 Mechanical change - pass CodeBlock through to the executable allocator,
20217 such that we will be able to map ranges of JIT code back to their owner.
20219 * assembler/ARMAssembler.cpp:
20220 (JSC::ARMAssembler::executableCopy):
20221 * assembler/ARMAssembler.h:
20222 * assembler/AssemblerBuffer.h:
20223 (JSC::AssemblerBuffer::executableCopy):
20224 * assembler/AssemblerBufferWithConstantPool.h:
20225 (JSC::AssemblerBufferWithConstantPool::executableCopy):
20226 * assembler/LinkBuffer.h:
20227 (JSC::LinkBuffer::LinkBuffer):
20228 (JSC::LinkBuffer::linkCode):
20229 * assembler/MIPSAssembler.h:
20230 (JSC::MIPSAssembler::executableCopy):
20231 * assembler/SH4Assembler.h:
20232 (JSC::SH4Assembler::executableCopy):
20233 * assembler/X86Assembler.h:
20234 (JSC::X86Assembler::executableCopy):
20235 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
20236 * dfg/DFGJITCompiler.cpp:
20237 (JSC::DFG::JITCompiler::compile):
20238 (JSC::DFG::JITCompiler::compileFunction):
20239 * dfg/DFGOSRExitCompiler.cpp:
20240 * dfg/DFGRepatch.cpp:
20241 (JSC::DFG::generateProtoChainAccessStub):
20242 (JSC::DFG::tryCacheGetByID):
20243 (JSC::DFG::tryBuildGetByIDList):
20244 (JSC::DFG::tryCachePutByID):
20245 * dfg/DFGThunks.cpp:
20246 (JSC::DFG::osrExitGenerationThunkGenerator):
20247 * jit/ExecutableAllocator.cpp:
20248 (JSC::ExecutableAllocator::allocate):
20249 * jit/ExecutableAllocator.h:
20250 * jit/ExecutableAllocatorFixedVMPool.cpp:
20251 (JSC::ExecutableAllocator::allocate):
20253 (JSC::JIT::privateCompile):
20254 * jit/JITOpcodes.cpp:
20255 (JSC::JIT::privateCompileCTIMachineTrampolines):
20256 * jit/JITOpcodes32_64.cpp:
20257 (JSC::JIT::privateCompileCTIMachineTrampolines):
20258 (JSC::JIT::privateCompileCTINativeCall):
20259 * jit/JITPropertyAccess.cpp:
20260 (JSC::JIT::stringGetByValStubGenerator):
20261 (JSC::JIT::privateCompilePutByIdTransition):
20262 (JSC::JIT::privateCompilePatchGetArrayLength):
20263 (JSC::JIT::privateCompileGetByIdProto):
20264 (JSC::JIT::privateCompileGetByIdSelfList):
20265 (JSC::JIT::privateCompileGetByIdProtoList):
20266 (JSC::JIT::privateCompileGetByIdChainList):
20267 (JSC::JIT::privateCompileGetByIdChain):
20268 * jit/JITPropertyAccess32_64.cpp:
20269 (JSC::JIT::stringGetByValStubGenerator):
20270 (JSC::JIT::privateCompilePutByIdTransition):
20271 (JSC::JIT::privateCompilePatchGetArrayLength):
20272 (JSC::JIT::privateCompileGetByIdProto):
20273 (JSC::JIT::privateCompileGetByIdSelfList):
20274 (JSC::JIT::privateCompileGetByIdProtoList):
20275 (JSC::JIT::privateCompileGetByIdChainList):
20276 (JSC::JIT::privateCompileGetByIdChain):
20277 * jit/JITStubs.cpp:
20278 * jit/SpecializedThunkJIT.h:
20279 (JSC::SpecializedThunkJIT::finalize):
20280 * yarr/YarrJIT.cpp:
20281 (JSC::Yarr::YarrGenerator::compile):
20283 2012-01-23 Xianzhu Wang <wangxianzhu@chromium.org>
20285 Basic enhancements to StringBuilder
20286 https://bugs.webkit.org/show_bug.cgi?id=67081
20288 This change contains the following enhancements to StringBuilder,
20289 for convenience, performance, testability, etc.:
20290 - Change toStringPreserveCapacity() to const
20291 - new public methods: capacity(), swap(), toAtomicString(), canShrink()
20292 and append(const StringBuilder&)
20293 - == and != opearators to compare StringBuilders and a StringBuilder/String
20295 Unit tests: Tools/TestWebKitAPI/Tests/WTF/StringBuilder.cpp
20297 Reviewed by Darin Adler.
20299 * JavaScriptCore.exp:
20300 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
20301 * wtf/text/AtomicString.cpp:
20302 (WTF::SubstringTranslator::hash):
20303 (WTF::SubstringTranslator::equal):
20304 (WTF::SubstringTranslator::translate):
20305 (WTF::AtomicString::add):
20306 (WTF::AtomicString::addSlowCase):
20307 * wtf/text/AtomicString.h:
20308 (WTF::AtomicString::AtomicString):
20309 (WTF::AtomicString::add):
20310 * wtf/text/StringBuilder.cpp:
20311 (WTF::StringBuilder::reifyString):
20312 (WTF::StringBuilder::resize):
20313 (WTF::StringBuilder::canShrink):
20314 (WTF::StringBuilder::shrinkToFit):
20315 * wtf/text/StringBuilder.h:
20316 (WTF::StringBuilder::append):
20317 (WTF::StringBuilder::toString):
20318 (WTF::StringBuilder::toStringPreserveCapacity):
20319 (WTF::StringBuilder::toAtomicString):
20320 (WTF::StringBuilder::isEmpty):
20321 (WTF::StringBuilder::capacity):
20322 (WTF::StringBuilder::is8Bit):
20323 (WTF::StringBuilder::swap):
20327 * wtf/text/StringImpl.h:
20329 2012-01-23 Carlos Garcia Campos <cgarcia@igalia.com>
20331 Unreviewed. Fix make distcheck.
20333 * GNUmakefile.list.am: Add missing files, remove deleted files and
20336 2012-01-22 Filip Pizlo <fpizlo@apple.com>
20338 Build fix for non-DFG platforms that error out on warn-unused-parameter.
20340 * bytecode/CallLinkStatus.cpp:
20341 (JSC::CallLinkStatus::computeFor):
20342 * bytecode/GetByIdStatus.cpp:
20343 (JSC::GetByIdStatus::computeFor):
20344 * bytecode/MethodCallLinkStatus.cpp:
20345 (JSC::MethodCallLinkStatus::computeFor):
20346 * bytecode/PutByIdStatus.cpp:
20347 (JSC::PutByIdStatus::computeFor):
20349 2012-01-22 Filip Pizlo <fpizlo@apple.com>
20351 Build fix for non-DFG platforms.
20353 * bytecode/CallLinkStatus.cpp:
20354 (JSC::CallLinkStatus::computeFor):
20355 * bytecode/GetByIdStatus.cpp:
20356 (JSC::GetByIdStatus::computeFor):
20357 * bytecode/MethodCallLinkStatus.cpp:
20358 (JSC::MethodCallLinkStatus::computeFor):
20359 * bytecode/PutByIdStatus.cpp:
20360 (JSC::PutByIdStatus::computeFor):
20362 2012-01-20 Filip Pizlo <fpizlo@apple.com>
20364 DFG should not have code that directly decodes the states of old JIT inline
20365 cache data structures
20366 https://bugs.webkit.org/show_bug.cgi?id=76768
20368 Reviewed by Sam Weinig.
20370 Introduced new classes (like GetByIdStatus) that encapsulate the set of things
20371 that the DFG would like to know about property accesses and calls. Whereas it
20372 previously got this information by directly decoding the data structures used
20373 by the old JIT for inline caching, it now uses these classes, which do the work
20374 for it. This should make it somewhat more straight forward to introduce new
20375 ways of profiling the same information.
20377 Also hoisted StructureSet into bytecode/ from dfg/, because it's now used by
20380 Making this work right involved carefully ensuring that the heuristics for
20381 choosing how to handle property accesses was at least as good as what we had
20382 before, since I completely restructured that code. Currently the performance
20383 looks neutral. Since I rewrote the code I did change some things that I never
20384 liked before, like previously if a put_bu_id had executed exactly once then
20385 we'd compile it as if it had taken slow-path. Executing once is special because
20386 then the inline cache is not baked in, so there is no information about how the
20387 DFG should optimize the code. Now this is rationalized: if the put_by_id does
20388 not offer enough information to be optimized (i.e. had executed 0 or 1 times)
20389 then we turn it into a forced OSR exit (i.e. a patch point). However, get_by_id
20390 still has the old behavior; I left it that way because I didn't want to make
20391 too many changes at once.
20394 * GNUmakefile.list.am:
20395 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
20396 * JavaScriptCore.xcodeproj/project.pbxproj:
20398 * bytecode/CallLinkStatus.cpp: Added.
20399 (JSC::CallLinkStatus::computeFor):
20400 * bytecode/CallLinkStatus.h: Added.
20401 (JSC::CallLinkStatus::CallLinkStatus):
20402 (JSC::CallLinkStatus::isSet):
20403 (JSC::CallLinkStatus::operator!):
20404 (JSC::CallLinkStatus::couldTakeSlowPath):
20405 (JSC::CallLinkStatus::callTarget):
20406 * bytecode/GetByIdStatus.cpp: Added.
20407 (JSC::GetByIdStatus::computeFor):
20408 * bytecode/GetByIdStatus.h: Added.
20409 (JSC::GetByIdStatus::GetByIdStatus):
20410 (JSC::GetByIdStatus::state):
20411 (JSC::GetByIdStatus::isSet):
20412 (JSC::GetByIdStatus::operator!):
20413 (JSC::GetByIdStatus::isSimpleDirect):
20414 (JSC::GetByIdStatus::takesSlowPath):
20415 (JSC::GetByIdStatus::makesCalls):
20416 (JSC::GetByIdStatus::structureSet):
20417 (JSC::GetByIdStatus::offset):
20418 * bytecode/MethodCallLinkStatus.cpp: Added.
20419 (JSC::MethodCallLinkStatus::computeFor):
20420 * bytecode/MethodCallLinkStatus.h: Added.
20421 (JSC::MethodCallLinkStatus::MethodCallLinkStatus):
20422 (JSC::MethodCallLinkStatus::isSet):
20423 (JSC::MethodCallLinkStatus::operator!):
20424 (JSC::MethodCallLinkStatus::needsPrototypeCheck):
20425 (JSC::MethodCallLinkStatus::structure):
20426 (JSC::MethodCallLinkStatus::prototypeStructure):
20427 (JSC::MethodCallLinkStatus::function):
20428 (JSC::MethodCallLinkStatus::prototype):
20429 * bytecode/PutByIdStatus.cpp: Added.
20430 (JSC::PutByIdStatus::computeFor):
20431 * bytecode/PutByIdStatus.h: Added.
20432 (JSC::PutByIdStatus::PutByIdStatus):
20433 (JSC::PutByIdStatus::state):
20434 (JSC::PutByIdStatus::isSet):
20435 (JSC::PutByIdStatus::operator!):
20436 (JSC::PutByIdStatus::isSimpleReplace):
20437 (JSC::PutByIdStatus::isSimpleTransition):
20438 (JSC::PutByIdStatus::takesSlowPath):
20439 (JSC::PutByIdStatus::oldStructure):
20440 (JSC::PutByIdStatus::newStructure):
20441 (JSC::PutByIdStatus::structureChain):
20442 (JSC::PutByIdStatus::offset):
20443 * bytecode/StructureSet.h: Added.
20444 (JSC::StructureSet::StructureSet):
20445 (JSC::StructureSet::clear):
20446 (JSC::StructureSet::add):
20447 (JSC::StructureSet::addAll):
20448 (JSC::StructureSet::remove):
20449 (JSC::StructureSet::contains):
20450 (JSC::StructureSet::isSubsetOf):
20451 (JSC::StructureSet::isSupersetOf):
20452 (JSC::StructureSet::size):
20453 (JSC::StructureSet::at):
20454 (JSC::StructureSet::operator[]):
20455 (JSC::StructureSet::last):
20456 (JSC::StructureSet::predictionFromStructures):
20457 (JSC::StructureSet::operator==):
20458 (JSC::StructureSet::dump):
20459 * dfg/DFGAbstractValue.h:
20460 * dfg/DFGByteCodeParser.cpp:
20461 (JSC::DFG::ByteCodeParser::handleCall):
20462 (JSC::DFG::ByteCodeParser::parseBlock):
20463 * dfg/DFGStructureSet.h: Removed.
20465 2012-01-20 Filip Pizlo <fpizlo@apple.com>
20467 JIT compilation should not require ExecState
20468 https://bugs.webkit.org/show_bug.cgi?id=76729
20469 <rdar://problem/10731545>
20471 Reviewed by Gavin Barraclough.
20473 Changed the relevant JIT driver functions to take JSGlobalData& instead of
20474 ExecState*, since really they just needed the global data.
20476 * dfg/DFGDriver.cpp:
20477 (JSC::DFG::compile):
20478 (JSC::DFG::tryCompile):
20479 (JSC::DFG::tryCompileFunction):
20481 (JSC::DFG::tryCompile):
20482 (JSC::DFG::tryCompileFunction):
20484 (JSC::jitCompileIfAppropriate):
20485 (JSC::jitCompileFunctionIfAppropriate):
20486 * runtime/Executable.cpp:
20487 (JSC::EvalExecutable::compileInternal):
20488 (JSC::ProgramExecutable::compileInternal):
20489 (JSC::FunctionExecutable::compileForCallInternal):
20490 (JSC::FunctionExecutable::compileForConstructInternal):
20492 2012-01-20 David Levin <levin@chromium.org>
20494 Make OwnPtr<HDC> work for the Chromium Windows port.
20495 https://bugs.webkit.org/show_bug.cgi?id=76738
20497 Reviewed by Jian Li.
20499 * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnPtrWin.cpp to the
20500 Chromium Windows build.
20501 * wtf/OwnPtrCommon.h: Changed from platform WIN to OS WIN for
20502 OwnPtr<HDC> and similar constructs.
20504 2012-01-19 Geoffrey Garen <ggaren@apple.com>
20506 Removed some regexp entry boilerplate code
20507 https://bugs.webkit.org/show_bug.cgi?id=76687
20509 Reviewed by Darin Adler.
20511 1% - 2% speedup on regexp tests, no change overall.
20513 * runtime/RegExp.cpp:
20514 (JSC::RegExp::match):
20515 - ASSERT that our startIndex is non-negative, because anything less
20516 would be uncivilized.
20518 - ASSERT that our input is not the null string for the same reason.
20520 - No need to test for startOffset being past the end of the string,
20521 since the regular expression engine will do this test for us.
20523 - No need to initialize the output vector, since the regular expression
20524 engine will fill it in for us.
20526 * yarr/YarrInterpreter.cpp:
20527 (JSC::Yarr::Interpreter::interpret):
20528 * yarr/YarrJIT.cpp:
20529 (JSC::Yarr::YarrGenerator::compile):
20531 RegExp used to do these jobs for us, but now we do them for ourselves
20532 because it's a better separation of concerns, and the JIT can do them
20533 more efficiently than C++ code:
20535 - Test for "past the end" before doing any matching -- otherwise
20536 a* will match with zero length past the end of the string, which is wrong.
20538 - Initialize the output vector before doing any matching.
20540 2012-01-20 Filip Pizlo <fpizlo@apple.com>
20542 Build fix for no-DFG configuration.
20543 Needed for <rdar://problem/10727689>.
20545 * bytecompiler/BytecodeGenerator.cpp:
20546 (JSC::BytecodeGenerator::emitProfiledOpcode):
20548 (JSC::JIT::emitValueProfilingSite):
20550 2012-01-19 Filip Pizlo <fpizlo@apple.com>
20552 Bytecode instructions that may have value profiling should have a direct inline
20553 link to the ValueProfile instance
20554 https://bugs.webkit.org/show_bug.cgi?id=76682
20555 <rdar://problem/10727689>
20557 Reviewed by Sam Weinig.
20559 Each opcode that gets value profiled now has a link to its ValueProfile. This
20560 required rationalizing the emission of value profiles for opcode combos, like
20561 op_method_check/op_get_by_id and op_call/op_call_put_result. It only makes
20562 sense for one of them to have a value profile link, and it makes most sense
20563 for it to be the one that actually sets the result. The previous behavior was
20564 to have op_method_check profile for op_get_by_id when they were used together,
20565 but otherwise for op_get_by_id to have its own profiles. op_call already did
20566 the right thing; all profiling was done by op_call_put_result.
20568 But rationalizing this code required breaking some of the natural boundaries
20569 that the code had; for instance the code in DFG that emits a GetById in place
20570 of both op_method_check and op_get_by_id must now know that it's the latter of
20571 those that has the value profile, while the first of those constitutes the OSR
20572 target. Hence each CodeOrigin must now have two bytecode indices - one for
20573 OSR exit and one for profiling.
20575 Finally this change required some refiddling of our optimization heuristics,
20576 because now all code blocks have "more instructions" due to the value profile
20579 * bytecode/CodeBlock.cpp:
20580 (JSC::CodeBlock::printGetByIdOp):
20581 (JSC::CodeBlock::dump):
20582 * bytecode/CodeBlock.h:
20583 (JSC::CodeBlock::valueProfileForBytecodeOffset):
20584 * bytecode/CodeOrigin.h:
20585 (JSC::CodeOrigin::CodeOrigin):
20586 (JSC::CodeOrigin::bytecodeIndexForValueProfile):
20587 * bytecode/Instruction.h:
20588 (JSC::Instruction::Instruction):
20589 * bytecode/Opcode.h:
20590 * bytecompiler/BytecodeGenerator.cpp:
20591 (JSC::BytecodeGenerator::emitProfiledOpcode):
20592 (JSC::BytecodeGenerator::emitResolve):
20593 (JSC::BytecodeGenerator::emitGetScopedVar):
20594 (JSC::BytecodeGenerator::emitResolveBase):
20595 (JSC::BytecodeGenerator::emitResolveBaseForPut):
20596 (JSC::BytecodeGenerator::emitResolveWithBase):
20597 (JSC::BytecodeGenerator::emitResolveWithThis):
20598 (JSC::BytecodeGenerator::emitGetById):
20599 (JSC::BytecodeGenerator::emitGetByVal):
20600 (JSC::BytecodeGenerator::emitCall):
20601 (JSC::BytecodeGenerator::emitCallVarargs):
20602 (JSC::BytecodeGenerator::emitConstruct):
20603 * bytecompiler/BytecodeGenerator.h:
20604 * dfg/DFGByteCodeParser.cpp:
20605 (JSC::DFG::ByteCodeParser::ByteCodeParser):
20606 (JSC::DFG::ByteCodeParser::currentCodeOrigin):
20607 (JSC::DFG::ByteCodeParser::addCall):
20608 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
20609 (JSC::DFG::ByteCodeParser::getPrediction):
20610 (JSC::DFG::ByteCodeParser::handleCall):
20611 (JSC::DFG::ByteCodeParser::handleInlining):
20612 (JSC::DFG::ByteCodeParser::parseBlock):
20613 (JSC::DFG::ByteCodeParser::parse):
20615 (JSC::DFG::Graph::valueProfileFor):
20617 (JSC::JIT::emitValueProfilingSite):
20619 (JSC::JIT::emit_op_call_put_result):
20620 * jit/JITCall32_64.cpp:
20621 (JSC::JIT::emit_op_call_put_result):
20622 * jit/JITInlineMethods.h:
20623 (JSC::JIT::emitValueProfilingSite):
20624 * jit/JITOpcodes.cpp:
20625 (JSC::JIT::emit_op_resolve):
20626 (JSC::JIT::emit_op_resolve_base):
20627 (JSC::JIT::emit_op_resolve_skip):
20628 (JSC::JIT::emit_op_resolve_global):
20629 (JSC::JIT::emitSlow_op_resolve_global):
20630 (JSC::JIT::emit_op_resolve_with_base):
20631 (JSC::JIT::emit_op_resolve_with_this):
20632 (JSC::JIT::emitSlow_op_resolve_global_dynamic):
20633 * jit/JITOpcodes32_64.cpp:
20634 (JSC::JIT::emit_op_resolve):
20635 (JSC::JIT::emit_op_resolve_base):
20636 (JSC::JIT::emit_op_resolve_skip):
20637 (JSC::JIT::emit_op_resolve_global):
20638 (JSC::JIT::emitSlow_op_resolve_global):
20639 (JSC::JIT::emit_op_resolve_with_base):
20640 (JSC::JIT::emit_op_resolve_with_this):
20641 * jit/JITPropertyAccess.cpp:
20642 (JSC::JIT::emit_op_get_by_val):
20643 (JSC::JIT::emitSlow_op_get_by_val):
20644 (JSC::JIT::emit_op_method_check):
20645 (JSC::JIT::emitSlow_op_method_check):
20646 (JSC::JIT::emit_op_get_by_id):
20647 (JSC::JIT::emitSlow_op_get_by_id):
20648 (JSC::JIT::emit_op_get_scoped_var):
20649 (JSC::JIT::emit_op_get_global_var):
20650 * jit/JITPropertyAccess32_64.cpp:
20651 (JSC::JIT::emit_op_method_check):
20652 (JSC::JIT::emitSlow_op_method_check):
20653 (JSC::JIT::emit_op_get_by_val):
20654 (JSC::JIT::emitSlow_op_get_by_val):
20655 (JSC::JIT::emit_op_get_by_id):
20656 (JSC::JIT::emitSlow_op_get_by_id):
20657 (JSC::JIT::emit_op_get_scoped_var):
20658 (JSC::JIT::emit_op_get_global_var):
20659 * jit/JITStubCall.h:
20660 (JSC::JITStubCall::callWithValueProfiling):
20661 * runtime/Options.cpp:
20662 (JSC::Options::initializeOptions):
20664 2012-01-20 ChangSeok Oh <shivamidow@gmail.com>
20666 undefined reference to symbol eina_module_free
20667 https://bugs.webkit.org/show_bug.cgi?id=76681
20669 Reviewed by Martin Robinson.
20671 eina_module_free has been used without including eina libraries after r104936.
20673 * wtf/PlatformEfl.cmake: Add EINA_LIBRARIES.
20675 2012-01-19 Tony Chang <tony@chromium.org>
20677 [chromium] Remove an obsolete comment about features.gypi
20678 https://bugs.webkit.org/show_bug.cgi?id=76643
20680 There can be only one features.gypi.
20682 Reviewed by James Robinson.
20684 * JavaScriptCore.gyp/JavaScriptCore.gyp:
20686 2012-01-19 Geoffrey Garen <ggaren@apple.com>
20688 Implicit creation of a regular expression should eagerly check for syntax errors
20689 https://bugs.webkit.org/show_bug.cgi?id=76642
20691 Reviewed by Oliver Hunt.
20693 This is a correctness fix and a slight optimization.
20695 * runtime/StringPrototype.cpp:
20696 (JSC::stringProtoFuncMatch):
20697 (JSC::stringProtoFuncSearch): Check for syntax errors because that's the
20700 * runtime/RegExp.cpp:
20701 (JSC::RegExp::match): ASSERT that we aren't a syntax error. (One line
20702 of code change, many lines of indentation change.)
20704 Since we have no clients that try to match a RegExp that is a syntax error,
20705 let's optimize out the check.
20707 2012-01-19 Mark Hahnenberg <mhahnenberg@apple.com>
20709 Implement a new allocator for backing stores
20710 https://bugs.webkit.org/show_bug.cgi?id=75181
20712 Reviewed by Filip Pizlo.
20714 We want to move away from using fastMalloc for the backing stores for
20715 some of our objects (e.g. JSArray, JSObject, JSString, etc). These backing
20716 stores have a nice property in that they only have a single owner (i.e. a
20717 single pointer to them at any one time). One way that we can take advantage
20718 of this property is to implement a simple bump allocator/copying collector,
20719 which will run alongside our normal mark/sweep collector, that only needs to
20720 update the single owner pointer rather than having to redirect an arbitrary
20721 number of pointers in from-space to to-space.
20723 This plan can give us a number of benefits. We can beat fastMalloc in terms
20724 of both performance and memory usage, we can track how much memory we're using
20725 far more accurately than our rough estimation now through the use of
20726 reportExtraMemoryCost, and we can allocate arbitrary size objects (as opposed
20727 to being limited to size classes like we have been historically). This is also
20728 another step toward moving away from lazy destruction, which will improve our memory footprint.
20730 We start by creating said allocator and moving the ArrayStorage for JSArray
20731 to use it rather than fastMalloc.
20733 The design of the collector is as follows:
20735 -The collector allocates 64KB chunks from the OS to use for object allocation.
20736 -Each chunk contains an offset, a flag indicating if the block has been pinned,
20737 and a payload, along with next and prev pointers so that they can be put in DoublyLinkedLists.
20738 -Any allocation greater than 64KB gets its own separate oversize block, which
20739 is managed separately from the rest.
20740 -If the allocator receives a request for more than the remaining amount in the
20741 current block, it grabs a fresh block.
20742 -Grabbing a fresh block means grabbing one off of the global free list (which is now
20743 shared between the mark/sweep allocator and the bump allocator) if there is one.
20744 If there isn't a new one we do one of two things: allocate a new block from the OS
20745 if we're not ready for a GC yet, or run a GC and then try again. If we still don't
20746 have enough space after the GC, we allocate a new block from the OS.
20748 Garbage collection:
20749 -At the start of garbage collection during conservative stack scanning, if we encounter
20750 what appears to be a pointer to a bump-allocated block of memory, we pin that block so
20751 that it will not be copied for this round of collection.
20752 -We also pin any oversize blocks that we encounter, which effectively doubles as a
20753 "mark bit" for that block. Any oversize blocks that aren't pinned at the end of copying
20754 are given back to the OS.
20755 -Marking threads are now also responsible for copying bump-allocated objects to newSpace
20756 -Each marking thread has a private 64KB block into which it copies bump-allocated objects that it encounters.
20757 -When that block fills up, the marking thread gives it back to the allocator and requests a new one.
20758 -When all marking has concluded, each thread gives back its copy block, even if it isn't full.
20759 -At the conclusion of copying (which is done by the end of the marking phase), we un-pin
20760 any pinned blocks and give any blocks left in from-space to the global free list.
20763 * GNUmakefile.list.am:
20764 * JavaScriptCore.gypi:
20765 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
20766 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
20767 * JavaScriptCore.xcodeproj/project.pbxproj:
20769 * heap/AllocationSpace.cpp:
20770 (JSC::AllocationSpace::allocateSlowCase):
20771 (JSC::AllocationSpace::allocateBlock):
20772 (JSC::AllocationSpace::freeBlocks):
20773 * heap/AllocationSpace.h:
20774 (JSC::AllocationSpace::waterMark):
20775 * heap/BumpBlock.h: Added.
20776 (JSC::BumpBlock::BumpBlock):
20777 * heap/BumpSpace.cpp: Added.
20778 (JSC::BumpSpace::tryAllocateSlowCase):
20779 * heap/BumpSpace.h: Added.
20780 (JSC::BumpSpace::isInCopyPhase):
20781 (JSC::BumpSpace::totalMemoryAllocated):
20782 (JSC::BumpSpace::totalMemoryUtilized):
20783 * heap/BumpSpaceInlineMethods.h: Added.
20784 (JSC::BumpSpace::BumpSpace):
20785 (JSC::BumpSpace::init):
20786 (JSC::BumpSpace::contains):
20787 (JSC::BumpSpace::pin):
20788 (JSC::BumpSpace::startedCopying):
20789 (JSC::BumpSpace::doneCopying):
20790 (JSC::BumpSpace::doneFillingBlock):
20791 (JSC::BumpSpace::recycleBlock):
20792 (JSC::BumpSpace::getFreshBlock):
20793 (JSC::BumpSpace::borrowBlock):
20794 (JSC::BumpSpace::addNewBlock):
20795 (JSC::BumpSpace::allocateNewBlock):
20796 (JSC::BumpSpace::fitsInBlock):
20797 (JSC::BumpSpace::fitsInCurrentBlock):
20798 (JSC::BumpSpace::tryAllocate):
20799 (JSC::BumpSpace::tryAllocateOversize):
20800 (JSC::BumpSpace::allocateFromBlock):
20801 (JSC::BumpSpace::tryReallocate):
20802 (JSC::BumpSpace::tryReallocateOversize):
20803 (JSC::BumpSpace::isOversize):
20804 (JSC::BumpSpace::isPinned):
20805 (JSC::BumpSpace::oversizeBlockFor):
20806 (JSC::BumpSpace::blockFor):
20807 * heap/ConservativeRoots.cpp:
20808 (JSC::ConservativeRoots::ConservativeRoots):
20809 (JSC::ConservativeRoots::genericAddPointer):
20810 (JSC::ConservativeRoots::add):
20811 * heap/ConservativeRoots.h:
20814 (JSC::Heap::blockFreeingThreadMain):
20815 (JSC::Heap::reportExtraMemoryCostSlowCase):
20816 (JSC::Heap::getConservativeRegisterRoots):
20817 (JSC::Heap::markRoots):
20818 (JSC::Heap::collect):
20819 (JSC::Heap::releaseFreeBlocks):
20821 (JSC::Heap::waterMark):
20822 (JSC::Heap::highWaterMark):
20823 (JSC::Heap::setHighWaterMark):
20824 (JSC::Heap::tryAllocateStorage):
20825 (JSC::Heap::tryReallocateStorage):
20826 * heap/HeapBlock.h: Added.
20827 (JSC::HeapBlock::HeapBlock):
20828 * heap/MarkStack.cpp:
20829 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
20830 (JSC::SlotVisitor::drain):
20831 (JSC::SlotVisitor::drainFromShared):
20832 (JSC::SlotVisitor::startCopying):
20833 (JSC::SlotVisitor::allocateNewSpace):
20834 (JSC::SlotVisitor::copy):
20835 (JSC::SlotVisitor::copyAndAppend):
20836 (JSC::SlotVisitor::doneCopying):
20837 * heap/MarkStack.h:
20838 * heap/MarkedBlock.cpp:
20839 (JSC::MarkedBlock::recycle):
20840 (JSC::MarkedBlock::MarkedBlock):
20841 * heap/MarkedBlock.h:
20842 * heap/MarkedSpace.cpp:
20843 (JSC::MarkedSpace::MarkedSpace):
20844 * heap/MarkedSpace.h:
20845 (JSC::MarkedSpace::allocate):
20846 (JSC::MarkedSpace::forEachBlock):
20847 (JSC::MarkedSpace::SizeClass::resetAllocator):
20848 * heap/SlotVisitor.h:
20849 (JSC::SlotVisitor::SlotVisitor):
20850 * heap/TinyBloomFilter.h:
20851 (JSC::TinyBloomFilter::reset):
20852 * runtime/JSArray.cpp:
20853 (JSC::JSArray::JSArray):
20854 (JSC::JSArray::finishCreation):
20855 (JSC::JSArray::tryFinishCreationUninitialized):
20856 (JSC::JSArray::~JSArray):
20857 (JSC::JSArray::enterSparseMode):
20858 (JSC::JSArray::defineOwnNumericProperty):
20859 (JSC::JSArray::setLengthWritable):
20860 (JSC::JSArray::getOwnPropertySlotByIndex):
20861 (JSC::JSArray::getOwnPropertyDescriptor):
20862 (JSC::JSArray::putByIndexBeyondVectorLength):
20863 (JSC::JSArray::deletePropertyByIndex):
20864 (JSC::JSArray::getOwnPropertyNames):
20865 (JSC::JSArray::increaseVectorLength):
20866 (JSC::JSArray::unshiftCountSlowCase):
20867 (JSC::JSArray::setLength):
20868 (JSC::JSArray::pop):
20869 (JSC::JSArray::unshiftCount):
20870 (JSC::JSArray::visitChildren):
20871 (JSC::JSArray::sortNumeric):
20872 (JSC::JSArray::sort):
20873 (JSC::JSArray::compactForSorting):
20874 (JSC::JSArray::subclassData):
20875 (JSC::JSArray::setSubclassData):
20876 (JSC::JSArray::checkConsistency):
20877 * runtime/JSArray.h:
20878 (JSC::JSArray::inSparseMode):
20879 (JSC::JSArray::isLengthWritable):
20880 * wtf/CheckedBoolean.h: Added.
20881 (CheckedBoolean::CheckedBoolean):
20882 (CheckedBoolean::~CheckedBoolean):
20883 (CheckedBoolean::operator bool):
20884 * wtf/DoublyLinkedList.h:
20886 * wtf/StdLibExtras.h:
20887 (WTF::isPointerAligned):
20889 2012-01-19 Joi Sigurdsson <joi@chromium.org>
20891 Enable use of precompiled headers in Chromium port on Windows.
20893 Bug 76381 - Use precompiled headers in Chromium port on Windows
20894 https://bugs.webkit.org/show_bug.cgi?id=76381
20896 Reviewed by Tony Chang.
20898 * JavaScriptCore.gyp/JavaScriptCore.gyp: Include WinPrecompile.gypi.
20900 2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
20902 Cross-platform processor core counter fix
20903 https://bugs.webkit.org/show_bug.cgi?id=76540
20905 Reviewed by Zoltan Herczeg.
20907 I attached "OS(FREEBSD)" to "#if OS(DARWIN) || OS(OPENBSD) || OS(NETBSD)"
20908 and I removed the OS checking macros from ParallelJobsGeneric.cpp because
20909 the NumberOfCores.cpp contains them for counting CPU cores.
20910 The processor core counter patch located at
20911 https://bugs.webkit.org/show_bug.cgi?id=76530
20913 * wtf/NumberOfCores.cpp:
20914 * wtf/ParallelJobsGeneric.cpp:
20916 2012-01-18 Csaba Osztrogonác <ossy@webkit.org>
20918 Cross-platform processor core counter
20919 https://bugs.webkit.org/show_bug.cgi?id=76530
20921 Unreviewed cross-MinGW buildfix after r105270.
20923 * wtf/NumberOfCores.cpp: Use windows.h instead of Windows.h.
20925 2012-01-18 Roland Takacs <takacs.roland@stud.u-szeged.hu>
20927 Cross-platform processor core counter
20928 https://bugs.webkit.org/show_bug.cgi?id=76530
20930 Reviewed by Zoltan Herczeg.
20932 Two files have been created that include the processor core counter function.
20933 It used to be in ParallelJobsGeneric.h/cpp before.
20935 * GNUmakefile.list.am:
20936 * JavaScriptCore.gypi:
20937 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
20938 * JavaScriptCore.xcodeproj/project.pbxproj:
20939 * runtime/Options.cpp:
20940 (JSC::Options::initializeOptions):
20941 * wtf/CMakeLists.txt:
20942 * wtf/NumberOfCores.cpp: Added.
20943 (WTF::numberOfProcessorCores):
20944 * wtf/NumberOfCores.h: Added.
20945 * wtf/ParallelJobsGeneric.cpp:
20946 (WTF::ParallelEnvironment::ParallelEnvironment):
20947 * wtf/ParallelJobsGeneric.h:
20949 2012-01-18 Balazs Kelemen <kbalazs@webkit.org>
20951 [Qt] Consolidate layout test crash logging
20952 https://bugs.webkit.org/show_bug.cgi?id=75088
20954 Reviewed by Simon Hausmann.
20956 Move backtrace generating logic into WTFReportBacktrace
20957 and add a way to deinstall signal handlers if we know
20958 that we have already printed the backtrace.
20960 * JavaScriptCore.exp:
20961 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
20962 * wtf/Assertions.cpp:
20963 (WTFLogLocker::WTFReportBacktrace):
20964 (WTFLogLocker::WTFSetCrashHook):
20965 (WTFLogLocker::WTFInvokeCrashHook):
20966 * wtf/Assertions.h:
20968 2012-01-17 Geoffrey Garen <ggaren@apple.com>
20970 Factored out some code into a helper function.
20972 I think this might help getting rid of omit-frame-pointer.
20974 Reviewed by Sam Weinig.
20976 No benchmark change.
20978 * runtime/StringPrototype.cpp:
20979 (JSC::removeUsingRegExpSearch): Moved to here...
20980 (JSC::replaceUsingRegExpSearch): ...from here.
20982 2012-01-17 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
20984 Uint8ClampedArray support
20985 https://bugs.webkit.org/show_bug.cgi?id=74455
20987 Reviewed by Filip Pizlo.
20989 * GNUmakefile.list.am:
20990 * JavaScriptCore.xcodeproj/project.pbxproj:
20991 * bytecode/PredictedType.cpp:
20992 (JSC::predictionToString):
20993 (JSC::predictionFromClassInfo):
20994 * bytecode/PredictedType.h:
20995 (JSC::isUint8ClampedArrayPrediction):
20996 (JSC::isActionableMutableArrayPrediction):
20997 * dfg/DFGAbstractState.cpp:
20998 (JSC::DFG::AbstractState::initialize):
20999 (JSC::DFG::AbstractState::execute):
21001 (JSC::DFG::Node::shouldSpeculateUint8ClampedArray):
21002 * dfg/DFGPropagator.cpp:
21003 (JSC::DFG::Propagator::propagateNodePredictions):
21004 (JSC::DFG::Propagator::fixupNode):
21005 (JSC::DFG::Propagator::performNodeCSE):
21006 * dfg/DFGSpeculativeJIT.cpp:
21007 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
21008 (JSC::DFG::clampDoubleToByte):
21009 (JSC::DFG::compileClampIntegerToByte):
21010 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
21011 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
21012 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
21013 * dfg/DFGSpeculativeJIT.h:
21014 * dfg/DFGSpeculativeJIT32_64.cpp:
21015 (JSC::DFG::SpeculativeJIT::compile):
21016 * dfg/DFGSpeculativeJIT64.cpp:
21017 (JSC::DFG::SpeculativeJIT::compile):
21018 * runtime/JSCell.h:
21019 * runtime/JSGlobalData.h:
21021 * wtf/Uint8Array.h:
21022 * wtf/Uint8ClampedArray.h: Added.
21023 (WTF::Uint8ClampedArray::set):
21024 (WTF::Uint8ClampedArray::create):
21025 (WTF::Uint8ClampedArray::Uint8ClampedArray):
21026 (WTF::Uint8ClampedArray::subarray):
21028 2012-01-17 Sam Weinig <sam@webkit.org>
21030 Add helper macro for forward declaring objective-c classes
21031 https://bugs.webkit.org/show_bug.cgi?id=76485
21033 Reviewed by Anders Carlsson.
21036 Add OBJC_CLASS macro which helps reduce code when forward declaring an
21037 objective-c class in a header which can be included from both Objective-C
21038 and non-Objective-C files.
21040 2012-01-17 Filip Pizlo <fpizlo@apple.com>
21042 DFG should be able to do JS and custom getter caching
21043 https://bugs.webkit.org/show_bug.cgi?id=76361
21045 Reviewed by Csaba Osztrogonác.
21049 * dfg/DFGRepatch.cpp:
21050 (JSC::DFG::tryBuildGetByIDList):
21051 * dfg/DFGSpeculativeJIT32_64.cpp:
21052 (JSC::DFG::SpeculativeJIT::compile):
21054 2012-01-15 Filip Pizlo <fpizlo@apple.com>
21056 DFG should be able to do JS and custom getter caching
21057 https://bugs.webkit.org/show_bug.cgi?id=76361
21058 <rdar://problem/10698060>
21060 Reviewed by Geoff Garen.
21062 Added the ability to cache JS getter calls and custom getter calls in the DFG.
21063 Most of this is pretty mundane, since the old JIT supported this functionality
21064 as well. But a couple interesting things had to happen:
21066 - There are now two variants of GetById: GetById, which works as before, and
21067 GetByIdFlush, which flushes registers prior to doing the GetById. Only
21068 GetByIdFlush can be used for caching getters. We detect which GetById style
21069 to use by looking at the inline caches of the old JIT.
21071 - Exception handling for getter calls planted in stubs uses a separate lookup
21072 handler routine, which uses the CodeOrigin stored in the StructureStubInfo.
21074 This is a 40% speed-up in the Dromaeo DOM Traversal average. It removes all of
21075 the DFG regressions we saw in Dromaeo. This is neutral on SunSpider, V8, and
21078 * bytecode/StructureStubInfo.h:
21079 * dfg/DFGAbstractState.cpp:
21080 (JSC::DFG::AbstractState::execute):
21081 * dfg/DFGAssemblyHelpers.h:
21082 (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
21083 * dfg/DFGByteCodeParser.cpp:
21084 (JSC::DFG::ByteCodeParser::willNeedFlush):
21085 (JSC::DFG::ByteCodeParser::parseBlock):
21086 * dfg/DFGCCallHelpers.h:
21087 (JSC::DFG::CCallHelpers::setupResults):
21088 * dfg/DFGJITCompiler.cpp:
21089 (JSC::DFG::JITCompiler::link):
21090 * dfg/DFGJITCompiler.h:
21091 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
21092 (JSC::DFG::JITCompiler::addExceptionCheck):
21094 (JSC::DFG::Node::hasIdentifier):
21095 (JSC::DFG::Node::hasHeapPrediction):
21096 * dfg/DFGOperations.cpp:
21097 * dfg/DFGOperations.h:
21098 * dfg/DFGPropagator.cpp:
21099 (JSC::DFG::Propagator::propagateNodePredictions):
21100 * dfg/DFGRepatch.cpp:
21101 (JSC::DFG::tryCacheGetByID):
21102 (JSC::DFG::tryBuildGetByIDList):
21103 * dfg/DFGSpeculativeJIT.h:
21104 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
21105 * dfg/DFGSpeculativeJIT32_64.cpp:
21106 (JSC::DFG::SpeculativeJIT::cachedGetById):
21107 (JSC::DFG::SpeculativeJIT::compile):
21108 * dfg/DFGSpeculativeJIT64.cpp:
21109 (JSC::DFG::SpeculativeJIT::cachedGetById):
21110 (JSC::DFG::SpeculativeJIT::compile):
21112 2012-01-16 Jon Lee <jonlee@apple.com>
21114 Build fix for r105086.
21116 * Configurations/FeatureDefines.xcconfig:
21119 2012-01-16 Jon Lee <jonlee@apple.com>
21121 Remove HTML notifications support on Mac
21122 https://bugs.webkit.org/show_bug.cgi?id=76401
21123 <rdar://problem/10589881>
21125 Reviewed by Sam Weinig.
21127 * wtf/Platform.h: Define ENABLE_HTML_NOTIFICATIONS macro.
21129 2012-01-16 Zeno Albisser <zeno@webkit.org>
21131 [Qt] Fix QT_VERSION related warnings when building on Mac OS X
21132 https://bugs.webkit.org/show_bug.cgi?id=76340
21134 This bug was caused by r104826.
21135 As already mentioned for https://bugs.webkit.org/show_bug.cgi?id=57239
21136 we should not use "using namespace WebCore" in header files,
21137 because it might cause ambiguous references.
21138 This patch reverts the changes from r104826 and r104981
21139 and removes the "using namespace WebCore" statement from
21142 Reviewed by Tor Arne Vestbø.
21146 2012-01-16 Carlos Garcia Campos <cgarcia@igalia.com>
21148 Unreviewed. Fix make distcheck.
21150 * GNUmakefile.list.am: Fix typo.
21152 2012-01-16 Pavel Heimlich <tropikhajma@gmail.com>
21154 Solaris Studio supports alignment macros too
21155 https://bugs.webkit.org/show_bug.cgi?id=75453
21157 Reviewed by Hajime Morita.
21161 2012-01-16 Yuqiang Xian <yuqiang.xian@intel.com>
21163 Build fix on 32bit if verbose debug is enabled in DFG
21164 https://bugs.webkit.org/show_bug.cgi?id=76351
21166 Reviewed by Hajime Morita.
21168 Mostly change "%lu" to "%zu" to print a "size_t" variable.
21170 * dfg/DFGAbstractState.cpp:
21171 (JSC::DFG::AbstractState::endBasicBlock):
21172 * dfg/DFGByteCodeParser.cpp:
21173 (JSC::DFG::ByteCodeParser::handleCall):
21174 (JSC::DFG::ByteCodeParser::handleInlining):
21175 (JSC::DFG::ByteCodeParser::parseBlock):
21176 (JSC::DFG::ByteCodeParser::parseCodeBlock):
21177 * dfg/DFGGraph.cpp:
21178 (JSC::DFG::Graph::predictArgumentTypes):
21179 * dfg/DFGJITCompiler.cpp:
21180 (JSC::DFG::JITCompiler::link):
21181 * dfg/DFGOSREntry.cpp:
21182 (JSC::DFG::prepareOSREntry):
21184 2012-01-15 Filip Pizlo <fpizlo@apple.com>
21186 The C calling convention logic in DFG::SpeculativeJIT should be available even
21187 when not generating code for the DFG speculative path
21188 https://bugs.webkit.org/show_bug.cgi?id=76355
21190 Reviewed by Dan Bernstein.
21192 Moved all of the logic for placing C call arguments into the right place (stack
21193 or registers) into a new class, DFG::CCallHelpers. This class inherits from
21194 AssemblyHelpers, another DFG grab-bag of helper functions. I could have moved
21195 this code into AssemblyHelpers, but decided against it, because I wanted to
21196 limit the number of methods each class in the JIT has. Hence now we have a
21197 slightly odd organization of JIT classes in DFG: MacroAssembler (basic instruction
21198 emission) <= AssemblyHelpers (some additional JS smarts) <= CCallHelpers
21199 (understands calls to C functions) <= JITCompiler (can compile a graph to machine
21200 code). Each of these except for JITCompiler can be reused for stub compilation.
21202 * GNUmakefile.list.am:
21203 * JavaScriptCore.xcodeproj/project.pbxproj:
21204 * dfg/DFGCCallHelpers.h: Added.
21205 (JSC::DFG::CCallHelpers::CCallHelpers):
21206 (JSC::DFG::CCallHelpers::resetCallArguments):
21207 (JSC::DFG::CCallHelpers::addCallArgument):
21208 (JSC::DFG::CCallHelpers::setupArguments):
21209 (JSC::DFG::CCallHelpers::setupArgumentsExecState):
21210 (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
21211 (JSC::DFG::CCallHelpers::setupTwoStubArgs):
21212 (JSC::DFG::CCallHelpers::setupStubArguments):
21213 * dfg/DFGJITCompiler.h:
21214 (JSC::DFG::JITCompiler::JITCompiler):
21215 * dfg/DFGSpeculativeJIT.h:
21216 (JSC::DFG::SpeculativeJIT::callOperation):
21218 2012-01-15 Pablo Flouret <pablof@motorola.com>
21220 Fix compilation errors on build-webkit --debug --no-video on mac.
21221 https://bugs.webkit.org/show_bug.cgi?id=75867
21223 Reviewed by Philippe Normand.
21225 Make ENABLE_VIDEO_TRACK conditional on ENABLE_VIDEO, video track feature
21226 doesn't build without video.
21230 2012-01-14 David Levin <levin@chromium.org>
21232 HWndDC should be in platform/win instead of wtf.
21233 https://bugs.webkit.org/show_bug.cgi?id=76314
21235 Reviewed by Sam Weinig.
21237 * JavaScriptCore.gyp/JavaScriptCore.gyp:
21238 * JavaScriptCore.gypi:
21240 2012-01-13 David Levin <levin@chromium.org>
21242 check-webkit-style: should encourage the use of Own* classes for Windows DC.
21243 https://bugs.webkit.org/show_bug.cgi?id=76227
21245 Reviewed by Dirk Pranke.
21247 * wtf/win/HWndDCWin.h:
21248 (WTF::HwndDC::HwndDC): Add a way to do GetDCEx.
21249 There are no users, but I want to catch this in check-webkit-style
21250 and tell any users to use HwndDC to avoid leaks.
21252 2012-01-13 David Levin <levin@chromium.org>
21254 Header file is missing header guard.
21256 Reviewed by Dirk Pranke.
21258 * wtf/win/HWndDCWin.h: Added the guards.
21260 2012-01-13 Andy Wingo <wingo@igalia.com>
21262 Eval in strict mode does not need dynamic checks
21263 https://bugs.webkit.org/show_bug.cgi?id=76286
21265 Reviewed by Oliver Hunt.
21267 * runtime/JSActivation.cpp (JSC::JSActivation::JSActivation):
21268 Eval in strict mode cannot introduce variables, so it not impose
21269 the need for dynamic checks.
21271 2012-01-13 David Levin <levin@chromium.org>
21273 HWndDC is a better name than HwndDC.
21274 https://bugs.webkit.org/show_bug.cgi?id=76281
21276 Reviewed by Darin Adler.
21278 * JavaScriptCore.gyp/JavaScriptCore.gyp:
21279 * JavaScriptCore.gypi:
21280 * wtf/win/HWndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/HwndDCWin.h.
21281 (WTF::HWndDC::HWndDC):
21282 (WTF::HWndDC::~HWndDC):
21283 (WTF::HWndDC::operator HDC):
21285 2012-01-13 YoungTaeck Song <youngtaeck.song@samsung.com>
21287 [EFL] Add OwnPtr specialization for Eina_Module.
21288 https://bugs.webkit.org/show_bug.cgi?id=76255
21290 Reviewed by Andreas Kling.
21292 Add an overload for deleteOwnedPtr(Eina_Module*) on EFL port.
21294 * wtf/OwnPtrCommon.h:
21295 * wtf/efl/OwnPtrEfl.cpp:
21296 (WTF::deleteOwnedPtr):
21298 2012-01-13 Yuqiang Xian <yuqiang.xian@intel.com>
21300 Unreviewed build fix after r104787 if JIT_VERBOSE_OSR is defined
21302 * jit/JITStubs.cpp:
21303 (JSC::DEFINE_STUB_FUNCTION):
21305 2012-01-12 Hajime Morrita <morrita@chromium.org>
21307 JavaScriptCore: Mark all exported symbols in the header file automatically.
21308 https://bugs.webkit.org/show_bug.cgi?id=72855
21310 Reviewed by Darin Adler.
21312 Added WTF_EXPORT_PRIVATE and JS_EXPORT_PRIVATE based on JavaScriptCore.exp files.
21313 The change is generated by a tool calledListExportables (https://github.com/omo/ListExportables)
21315 * API/OpaqueJSString.h:
21316 * bytecode/CodeBlock.h:
21317 * bytecode/SamplingTool.h:
21318 * debugger/Debugger.h:
21319 * debugger/DebuggerActivation.h:
21320 * debugger/DebuggerCallFrame.h:
21321 * heap/AllocationSpace.h:
21322 * heap/HandleHeap.h:
21324 * heap/MachineStackMarker.h:
21325 * heap/MarkStack.h:
21326 * heap/VTableSpectrum.h:
21327 * heap/WriteBarrierSupport.h:
21329 * parser/ParserArena.h:
21330 * profiler/Profile.h:
21331 * runtime/ArgList.h:
21332 * runtime/CallData.h:
21333 * runtime/Completion.h:
21334 * runtime/ConstructData.h:
21335 * runtime/DateInstance.h:
21337 * runtime/ExceptionHelpers.h:
21338 * runtime/FunctionConstructor.h:
21339 * runtime/Identifier.h:
21340 * runtime/InitializeThreading.h:
21341 * runtime/InternalFunction.h:
21342 * runtime/JSArray.h:
21343 * runtime/JSByteArray.h:
21344 * runtime/JSCell.h:
21345 * runtime/JSFunction.h:
21346 * runtime/JSGlobalData.cpp:
21347 * runtime/JSGlobalData.h:
21348 * runtime/JSGlobalObject.h:
21349 * runtime/JSGlobalThis.h:
21350 * runtime/JSLock.h:
21351 * runtime/JSObject.h:
21352 * runtime/JSString.h:
21353 * runtime/JSValue.h:
21354 * runtime/JSVariableObject.h:
21355 * runtime/Lookup.h:
21356 * runtime/MemoryStatistics.h:
21357 * runtime/ObjectPrototype.h:
21358 * runtime/Options.h:
21359 * runtime/PropertyDescriptor.h:
21360 * runtime/PropertyNameArray.h:
21361 * runtime/PropertySlot.h:
21362 * runtime/RegExp.h:
21363 * runtime/RegExpObject.h:
21364 * runtime/SamplingCounter.h:
21365 * runtime/SmallStrings.h:
21366 * runtime/StringObject.h:
21367 * runtime/Structure.h:
21368 * runtime/TimeoutChecker.h:
21369 * runtime/UString.h:
21370 * runtime/WriteBarrier.h:
21371 * wtf/ArrayBufferView.h:
21373 * wtf/CryptographicallyRandomNumber.h:
21374 * wtf/CurrentTime.h:
21376 * wtf/DecimalNumber.h:
21377 * wtf/FastMalloc.cpp:
21378 * wtf/FastMalloc.h:
21380 * wtf/MainThread.h:
21381 * wtf/MetaAllocator.h:
21382 * wtf/MetaAllocatorHandle.h:
21383 * wtf/OSAllocator.h:
21385 * wtf/RandomNumber.h:
21386 * wtf/RefCountedLeakCounter.h:
21388 * wtf/Threading.cpp:
21390 * wtf/ThreadingPrimitives.h:
21391 * wtf/WTFThreadData.h:
21393 * wtf/text/AtomicString.h:
21394 * wtf/text/CString.h:
21395 * wtf/text/StringBuilder.h:
21396 * wtf/text/StringImpl.h:
21397 * wtf/text/WTFString.h:
21398 * wtf/unicode/Collator.h:
21399 * wtf/unicode/UTF8.h:
21401 * yarr/YarrPattern.h:
21403 2012-01-12 MORITA Hajime <morrita@google.com>
21405 [Chromium] JSExportMacros.h should be visible.
21406 https://bugs.webkit.org/show_bug.cgi?id=76147
21408 Reviewed by Tony Chang.
21412 2012-01-12 David Levin <levin@chromium.org>
21414 HwndDC is a better name than OwnGetDC.
21415 https://bugs.webkit.org/show_bug.cgi?id=76235
21417 Reviewed by Dmitry Titov.
21419 This is a better name for two reasons:
21420 1. "Own" implies "delete". In this case, the final call is a release (ReleaseDC).
21421 2. "Ref" would be a better name due to the release but the RefPtr (and OwnPtr)
21422 classes always take something to hold on to. In this case, the object (the DC)
21423 is created by the class once it is given a Window to ensure that the HDC
21424 was actually created using GetDC.
21426 * JavaScriptCore.gyp/JavaScriptCore.gyp:
21427 * JavaScriptCore.gypi:
21428 * wtf/win/HwndDCWin.h: Renamed from Source/JavaScriptCore/wtf/win/OwnGetDCWin.h.
21429 (WTF::HwndDC::HwndDC):
21430 (WTF::HwndDC::~HwndDC):
21431 (WTF::HwndDC::operator HDC):
21433 2012-01-12 Gavin Barraclough <barraclough@apple.com>
21435 Clean up putDirect (part 2)
21436 https://bugs.webkit.org/show_bug.cgi?id=76232
21438 Reviewed by Sam Weinig.
21440 Rename putWithAttributes to putDirectVirtual, to identify that this
21441 has the same unchecked-DefineOwnProperty behaviour, change putDirectInternal
21442 to be templated on an enum indicating which behaviour it is supposed to be
21443 implementing, and change clients that are defining properties to call
21444 putDirectInternal correctly.
21446 * API/JSObjectRef.cpp:
21447 (JSObjectSetProperty):
21448 * JavaScriptCore.exp:
21449 * debugger/DebuggerActivation.cpp:
21450 (JSC::DebuggerActivation::putDirectVirtual):
21451 * debugger/DebuggerActivation.h:
21452 * interpreter/Interpreter.cpp:
21453 (JSC::Interpreter::execute):
21454 * runtime/ClassInfo.h:
21455 * runtime/Error.cpp:
21456 (JSC::addErrorInfo):
21457 * runtime/JSActivation.cpp:
21458 (JSC::JSActivation::putDirectVirtual):
21459 * runtime/JSActivation.h:
21460 * runtime/JSCell.cpp:
21461 (JSC::JSCell::putDirectVirtual):
21462 * runtime/JSCell.h:
21463 * runtime/JSGlobalObject.cpp:
21464 (JSC::JSGlobalObject::putDirectVirtual):
21465 * runtime/JSGlobalObject.h:
21466 * runtime/JSObject.cpp:
21467 (JSC::JSObject::put):
21468 (JSC::JSObject::putDirectVirtual):
21469 (JSC::JSObject::defineGetter):
21470 (JSC::JSObject::initializeGetterSetterProperty):
21471 (JSC::JSObject::defineSetter):
21472 (JSC::putDescriptor):
21473 * runtime/JSObject.h:
21474 (JSC::JSObject::putDirectInternal):
21475 (JSC::JSObject::putOwnDataProperty):
21476 (JSC::JSObject::putDirect):
21477 * runtime/JSStaticScopeObject.cpp:
21478 (JSC::JSStaticScopeObject::putDirectVirtual):
21479 * runtime/JSStaticScopeObject.h:
21480 * runtime/JSVariableObject.cpp:
21481 (JSC::JSVariableObject::putDirectVirtual):
21482 * runtime/JSVariableObject.h:
21484 2012-01-12 Gavin Barraclough <barraclough@apple.com>
21486 Clean up putDirect (part 1)
21487 https://bugs.webkit.org/show_bug.cgi?id=76232
21489 Reviewed by Sam Weinig.
21491 putDirect has ambiguous semantics, clean these up a bit.
21493 putDirect generally behaves a bit like a fast defineOwnProperty, but one that
21494 always creates the property, with no checking to validate the put it permitted.
21496 It also encompasses two slightly different behaviors.
21497 (1) a fast form of put for JSActivation, which doesn't have to handle searching
21498 the prototype chain, getter/setter properties, or the magic __proto__ value.
21499 Break this out as a new method, 'putOwnDataProperty'.
21500 (2) the version of putDirect on JSValue will also check for overwriting ReadOnly
21501 values, in strict mode. This is, however, not so smart on a few level, since
21502 it is only called from op_put_by_id with direct set, which is only used with
21503 an object as the base, and is only used to put new properties onto objects.
21505 * dfg/DFGOperations.cpp:
21506 * interpreter/Interpreter.cpp:
21507 (JSC::Interpreter::privateExecute):
21508 * jit/JITStubs.cpp:
21509 (JSC::DEFINE_STUB_FUNCTION):
21510 * runtime/JSActivation.cpp:
21511 (JSC::JSActivation::put):
21512 * runtime/JSFunction.cpp:
21513 (JSC::JSFunction::getOwnPropertySlot):
21514 * runtime/JSObject.h:
21515 (JSC::JSObject::putOwnDataProperty):
21516 * runtime/JSValue.h:
21518 2012-01-12 Gavin Barraclough <barraclough@apple.com>
21520 https://bugs.webkit.org/show_bug.cgi?id=76141
21521 defineSetter/defineGetter may fail to update Accessor attribute
21523 Reviewed by Oliver Hunt.
21525 * runtime/JSObject.cpp:
21526 (JSC::JSObject::defineGetter):
21527 (JSC::JSObject::initializeGetterSetterProperty):
21528 (JSC::JSObject::defineSetter):
21529 * runtime/Structure.cpp:
21530 (JSC::Structure::attributeChangeTransition):
21531 * runtime/Structure.h:
21533 2012-01-12 David Levin <levin@chromium.org>
21535 [chromium] Fix DC leak in WebScreenInfoFactory.
21536 https://bugs.webkit.org/show_bug.cgi?id=76203
21538 Reviewed by Dmitry Titov.
21540 * JavaScriptCore.gyp/JavaScriptCore.gyp: Added OwnGetDCWin.h
21541 * JavaScriptCore.gypi: Added OwnGetDCWin.h
21542 * JavaScriptCore/wtf/win/OwnGetDCWin.h: Made an owner class for GetDC which needs ReleaseDC as opposed to DeleteDC.
21544 2012-01-11 Gavin Barraclough <barraclough@apple.com>
21546 Allow accessor get/set property to be set to undefined
21547 https://bugs.webkit.org/show_bug.cgi?id=76148
21549 Reviewed by Oliver Hunt.
21551 AccessorDescriptor properties may have their get & set properties defined to reference a function
21552 (Callable object) or be set to undefined. Valid PropertyDescriptors created by toPropertyDescriptor
21553 (defined from JS code via Object.defineProperty, etc) have get and set properties that are in one of
21554 three states (1) nonexistent, (2) set to undefined, or (3) a function (any Callable object).
21556 On the PropertyDescriptor object these three states are represneted by JSValue(), jsUndefined(), and
21557 any JSObject* (with a constraint that this must be callable).
21559 Logically the get/set property of an accessor descriptor on an object might be in any of the three
21560 states above, but in practice there is no way to distinguish between the first two states. As such
21561 we stor the get/set values in property storage in a JSObject* field, with 0 indicating absent or
21562 undefined. When unboxing to a PropertyDescriptor, map this back to a JS undefined value.
21564 * runtime/GetterSetter.h:
21565 (JSC::GetterSetter::setGetter):
21566 (JSC::GetterSetter::setSetter):
21567 - Allow the getter/setter to be cleared.
21568 * runtime/JSArray.cpp:
21569 (JSC::JSArray::putDescriptor):
21570 - Changed to call getterObject/setterObject.
21571 (JSC::JSArray::defineOwnNumericProperty):
21573 * runtime/JSObject.cpp:
21574 (JSC::putDescriptor):
21575 (JSC::JSObject::defineOwnProperty):
21576 - Changed to call getterObject/setterObject.
21577 * runtime/ObjectConstructor.cpp:
21578 (JSC::objectConstructorGetOwnPropertyDescriptor):
21579 - getter/setter values read from properties on object are never missing, they will now be set as undefined by 'setDescriptor'.
21580 (JSC::toPropertyDescriptor):
21581 - Do not translate undefined->empty, this loses an important distinction between a get/set property being absent, or being explicitly set to undefined.
21582 * runtime/PropertyDescriptor.cpp:
21583 (JSC::PropertyDescriptor::getterObject):
21584 (JSC::PropertyDescriptor::setterObject):
21585 - Accessors to convert the get/set property to an object pointer, converting undefined to 0.
21586 (JSC::PropertyDescriptor::setDescriptor):
21587 (JSC::PropertyDescriptor::setAccessorDescriptor):
21588 - Translate a getter/setter internally represented at 0 to undefined, indicating that it is present.
21589 * runtime/PropertyDescriptor.h:
21590 - Declare getterObject/setterObject.
21592 2012-01-12 Zeno Albisser <zeno@webkit.org>
21594 [Qt][WK2][Mac] Conflict of MacTypes.h defining a Fixed type after r104560.
21595 https://bugs.webkit.org/show_bug.cgi?id=76175
21597 Defining ENABLE_CSS_FILTERS leads to ambiguous references
21598 due to MacTypes.h being included.
21599 Defining CF_OPEN_SOURCE works around this problem.
21601 Reviewed by Simon Hausmann.
21605 2012-01-12 Simon Hausmann <simon.hausmann@nokia.com>
21607 Make the new WTF module build on Qt
21608 https://bugs.webkit.org/show_bug.cgi?id=76163
21610 Reviewed by Tor Arne Vestbø.
21612 * JavaScriptCore.pro: Removed wtf from the subdirs to build.
21614 2012-01-11 Filip Pizlo <fpizlo@apple.com>
21616 CodeBlock::m_executeCounter should be renamed to CodeBlock::m_jitExecuteCounter
21617 https://bugs.webkit.org/show_bug.cgi?id=76144
21618 <rdar://problem/10681711>
21620 Rubber stamped by Gavin Barraclough.
21622 * bytecode/CodeBlock.h:
21623 (JSC::CodeBlock::addressOfJITExecuteCounter):
21624 (JSC::CodeBlock::offsetOfJITExecuteCounter):
21625 (JSC::CodeBlock::jitExecuteCounter):
21626 (JSC::CodeBlock::optimizeNextInvocation):
21627 (JSC::CodeBlock::dontOptimizeAnytimeSoon):
21628 (JSC::CodeBlock::optimizeAfterWarmUp):
21629 (JSC::CodeBlock::optimizeAfterLongWarmUp):
21630 (JSC::CodeBlock::optimizeSoon):
21631 * dfg/DFGOSRExitCompiler32_64.cpp:
21632 (JSC::DFG::OSRExitCompiler::compileExit):
21633 * dfg/DFGOSRExitCompiler64.cpp:
21634 (JSC::DFG::OSRExitCompiler::compileExit):
21636 (JSC::JIT::emitOptimizationCheck):
21638 2012-01-11 Gavin Barraclough <barraclough@apple.com>
21640 Merge 'Getter'/'Setter' attributes into 'Accessor'
21641 https://bugs.webkit.org/show_bug.cgi?id=76141
21643 Reviewed by Filip Pizlo.
21645 These are currently ambiguous (and used inconsistently). It would logically appear
21646 that either being bit set implies that the corresponding type of accessor is present
21647 but (a) we don't correctly enforce this, and (b) this means the attributes would not
21648 be able to distinguish between a data descriptor and an accessor descriptor with
21649 neither a getter nor setter defined (which is a descriptor permissible under the spec).
21650 This ambiguity would lead to unsafe property caching behavior (though this does not
21651 represent an actual current bug, since we are currently unable to create descriptors
21652 that have neither a getter nor setter, it just prevents us from doing so).
21654 * runtime/Arguments.cpp:
21655 (JSC::Arguments::createStrictModeCallerIfNecessary):
21656 (JSC::Arguments::createStrictModeCalleeIfNecessary):
21657 * runtime/JSArray.cpp:
21658 (JSC::SparseArrayValueMap::put):
21659 (JSC::JSArray::putDescriptor):
21660 * runtime/JSBoundFunction.cpp:
21661 (JSC::JSBoundFunction::finishCreation):
21662 * runtime/JSFunction.cpp:
21663 (JSC::JSFunction::getOwnPropertySlot):
21664 (JSC::JSFunction::getOwnPropertyDescriptor):
21665 * runtime/JSObject.cpp:
21666 (JSC::JSObject::defineGetter):
21667 (JSC::JSObject::initializeGetterSetterProperty):
21668 (JSC::JSObject::defineSetter):
21669 (JSC::putDescriptor):
21670 (JSC::JSObject::defineOwnProperty):
21671 * runtime/JSObject.h:
21672 * runtime/ObjectConstructor.cpp:
21673 (JSC::objectConstructorDefineProperty):
21674 * runtime/PropertyDescriptor.cpp:
21675 (JSC::PropertyDescriptor::setDescriptor):
21676 (JSC::PropertyDescriptor::setAccessorDescriptor):
21677 (JSC::PropertyDescriptor::setSetter):
21678 (JSC::PropertyDescriptor::setGetter):
21679 (JSC::PropertyDescriptor::attributesOverridingCurrent):
21681 2012-01-11 Gavin Barraclough <barraclough@apple.com>
21683 Object.defineProperty([], 'length', {}) should not make length read-only
21684 https://bugs.webkit.org/show_bug.cgi?id=76097
21686 Reviewed by Oliver Hunt.
21688 * runtime/JSArray.cpp:
21689 (JSC::JSArray::defineOwnProperty):
21690 - We should be checking writablePresent().
21692 2012-01-11 Filip Pizlo <fpizlo@apple.com>
21694 Code duplication for invoking the JIT and DFG should be reduced
21695 https://bugs.webkit.org/show_bug.cgi?id=76117
21696 <rdar://problem/10680189>
21698 Rubber stamped by Geoff Garen.
21700 * GNUmakefile.list.am:
21701 * JavaScriptCore.xcodeproj/project.pbxproj:
21702 * jit/JITDriver.h: Added.
21703 (JSC::jitCompileIfAppropriate):
21704 (JSC::jitCompileFunctionIfAppropriate):
21705 * runtime/Executable.cpp:
21706 (JSC::EvalExecutable::compileInternal):
21707 (JSC::ProgramExecutable::compileInternal):
21708 (JSC::FunctionExecutable::compileForCallInternal):
21709 (JSC::FunctionExecutable::compileForConstructInternal):
21711 2012-01-11 Geoffrey Garen <ggaren@apple.com>
21713 Bytecode dumping is broken for call opcodes (due to two new operands)
21714 https://bugs.webkit.org/show_bug.cgi?id=75886
21716 Reviewed by Oliver Hunt.
21718 * bytecode/CodeBlock.cpp:
21719 (JSC::CodeBlock::printCallOp): Made a helper function, so I wouldn't have
21720 to fix this more than once. The helper function skips the extra two operands
21721 at the end of the opcode, used for optimization.
21723 (JSC::CodeBlock::dump): Used the helper function.
21725 * bytecode/CodeBlock.h: Declared the helper function.
21727 2012-01-09 Geoffrey Garen <ggaren@apple.com>
21729 REGRESSION: d3 Bullet Charts demo doesn't work (call with argument assignment is broken)
21730 https://bugs.webkit.org/show_bug.cgi?id=75911
21732 * bytecompiler/BytecodeGenerator.h:
21733 (JSC::BytecodeGenerator::emitNodeForLeftHandSide): Cleanup: No need to
21734 explicitly cast to our return type in C++.
21736 * bytecompiler/NodesCodegen.cpp:
21737 (JSC::FunctionCallResolveNode::emitBytecode):
21738 (JSC::ApplyFunctionCallDotNode::emitBytecode): Make sure to copy our function
21739 into a temporary register before evaluating our arguments, since argument
21740 evaluation might include function calls or assignments that overwrite our callee by name.
21742 2012-01-11 Michael Saboff <msaboff@apple.com>
21744 v8-regexp spends 35% of its time allocating and copying internal regexp results data
21745 https://bugs.webkit.org/show_bug.cgi?id=76079
21747 Reviewed by Geoffrey Garen.
21749 Added a new RegExpResults struct that has the input string, the number of
21750 subexpressions and the output vector. Changed RegExpConstructor to
21751 include a RegExpConstructorPrivate instead of having a reference to one.
21752 Changed RegExpMatchesArray to include a RegExpResults instead of a
21753 reference to a RegExpConstructorPrivate. Created an overloaded assignment
21754 operator to assign a RegExpConstructorPrivate to a RegExpResults.
21755 Collectively this change is worth 24% performance improvement to v8-regexp.
21757 * runtime/RegExpConstructor.cpp:
21758 (JSC::RegExpResult::operator=):
21759 (JSC::RegExpConstructor::RegExpConstructor):
21760 (JSC::RegExpMatchesArray::RegExpMatchesArray):
21761 (JSC::RegExpMatchesArray::finishCreation):
21762 (JSC::RegExpMatchesArray::~RegExpMatchesArray):
21763 (JSC::RegExpMatchesArray::fillArrayInstance):
21764 (JSC::RegExpConstructor::arrayOfMatches):
21765 (JSC::RegExpConstructor::getBackref):
21766 (JSC::RegExpConstructor::getLastParen):
21767 (JSC::RegExpConstructor::getLeftContext):
21768 (JSC::RegExpConstructor::getRightContext):
21769 (JSC::RegExpConstructor::setInput):
21770 (JSC::RegExpConstructor::input):
21771 (JSC::RegExpConstructor::setMultiline):
21772 (JSC::RegExpConstructor::multiline):
21773 * runtime/RegExpConstructor.h:
21774 (JSC::RegExpResult::RegExpResult):
21775 (JSC::RegExpConstructor::performMatch):
21776 * runtime/RegExpMatchesArray.h:
21777 (JSC::RegExpMatchesArray::create):
21778 (JSC::RegExpMatchesArray::getOwnPropertySlot):
21779 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
21780 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
21781 (JSC::RegExpMatchesArray::put):
21782 (JSC::RegExpMatchesArray::putByIndex):
21783 (JSC::RegExpMatchesArray::deleteProperty):
21784 (JSC::RegExpMatchesArray::deletePropertyByIndex):
21785 (JSC::RegExpMatchesArray::getOwnPropertyNames):
21787 2012-01-11 Eugene Girard <girard@google.com>
21789 Typo in error message: Unexpected token 'defualt'
21790 https://bugs.webkit.org/show_bug.cgi?id=75105
21792 Reviewed by Simon Fraser.
21795 (JSC::Parser::getTokenName):
21797 2012-01-11 Anders Carlsson <andersca@apple.com>
21799 Assertion failure in JSC::allocateCell trying to allocate a JSString
21800 https://bugs.webkit.org/show_bug.cgi?id=76101
21802 Reviewed by Adam Roben.
21804 Remove the ExecutableBase::s_info and JSString::s_info static member variables from the .def file and
21805 export them explicitly using the JS_EXPORTDATA macro.
21807 member variables explicitly using
21808 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
21809 * runtime/Executable.h:
21810 * runtime/JSString.h:
21812 2012-01-10 Mark Rowe <mrowe@apple.com>
21814 <rdar://problem/10673792> jsc should install directly in to versioned Resources subfolder
21816 This ensures that jsc ends up in a consistent location whether built in to the same DSTROOT
21817 as JavaScriptCore.framework or in to a different one.
21819 Rubber-stamped by Dan Bernstein.
21821 * Configurations/JSC.xcconfig: Update INSTALL_PATH.
21823 2012-01-10 Filip Pizlo <fpizlo@apple.com>
21825 DFG inlining block linking compares BlockIndex against bytecode index
21826 https://bugs.webkit.org/show_bug.cgi?id=76018
21827 <rdar://problem/10671979>
21829 Reviewed by Gavin Barraclough.
21831 * dfg/DFGByteCodeParser.cpp:
21832 (JSC::DFG::ByteCodeParser::parseCodeBlock):
21834 2012-01-10 Filip Pizlo <fpizlo@apple.com>
21836 CodeBlock.h declares too many things
21837 https://bugs.webkit.org/show_bug.cgi?id=76001
21839 Rubber stamped by Gavin Barraclough.
21841 Removed all non-CodeBlock type declarations from CodeBlock.h, and put them
21842 into separate header files. Also removed all non-CodeBlock method implementations
21843 from CodeBlock.cpp and put them into corresponding cpp files.
21846 * GNUmakefile.list.am:
21847 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
21848 * JavaScriptCore.xcodeproj/project.pbxproj:
21850 * assembler/RepatchBuffer.h:
21851 * bytecode/CallLinkInfo.cpp: Added.
21852 (JSC::CallLinkInfo::unlink):
21853 * bytecode/CallLinkInfo.h: Added.
21854 (JSC::CallLinkInfo::callTypeFor):
21855 (JSC::CallLinkInfo::CallLinkInfo):
21856 (JSC::CallLinkInfo::~CallLinkInfo):
21857 (JSC::CallLinkInfo::isLinked):
21858 (JSC::CallLinkInfo::seenOnce):
21859 (JSC::CallLinkInfo::setSeen):
21860 (JSC::getCallLinkInfoReturnLocation):
21861 (JSC::getCallLinkInfoBytecodeIndex):
21862 * bytecode/CallReturnOffsetToBytecodeOffset.h: Added.
21863 (JSC::CallReturnOffsetToBytecodeOffset::CallReturnOffsetToBytecodeOffset):
21864 (JSC::getCallReturnOffset):
21865 * bytecode/CodeBlock.cpp:
21866 * bytecode/CodeBlock.h:
21867 * bytecode/CodeType.h: Added.
21868 * bytecode/ExpressionRangeInfo.h: Added.
21869 * bytecode/GlobalResolveInfo.h: Added.
21870 (JSC::GlobalResolveInfo::GlobalResolveInfo):
21871 * bytecode/HandlerInfo.h: Added.
21872 * bytecode/LineInfo.h: Added.
21873 * bytecode/MethodCallLinkInfo.cpp: Added.
21874 (JSC::MethodCallLinkInfo::reset):
21875 * bytecode/MethodCallLinkInfo.h: Added.
21876 (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
21877 (JSC::MethodCallLinkInfo::seenOnce):
21878 (JSC::MethodCallLinkInfo::setSeen):
21879 (JSC::getMethodCallLinkInfoReturnLocation):
21880 (JSC::getMethodCallLinkInfoBytecodeIndex):
21881 * bytecode/StructureStubInfo.h:
21882 (JSC::getStructureStubInfoReturnLocation):
21883 (JSC::getStructureStubInfoBytecodeIndex):
21885 2012-01-10 Anders Carlsson <andersca@apple.com>
21887 Hang opening movie that requires authentication
21888 https://bugs.webkit.org/show_bug.cgi?id=75989
21889 <rdar://problem/9601915>
21891 Reviewed by Sam Weinig.
21893 * wtf/Functional.h:
21894 Add function wrapper for a function that takes three parameters.
21896 2012-01-10 Filip Pizlo <fpizlo@apple.com>
21898 CodeBlock::m_numParameters should be encapsulated
21899 https://bugs.webkit.org/show_bug.cgi?id=75985
21900 <rdar://problem/10671020>
21902 Reviewed by Oliver Hunt.
21904 Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
21905 into it. This appears to be performance neutral.
21907 * bytecode/CodeBlock.cpp:
21908 (JSC::CodeBlock::CodeBlock):
21909 (JSC::CodeBlock::setNumParameters):
21910 (JSC::CodeBlock::addParameter):
21911 * bytecode/CodeBlock.h:
21912 (JSC::CodeBlock::numParameters):
21913 (JSC::CodeBlock::addressOfNumParameters):
21914 (JSC::CodeBlock::offsetOfNumParameters):
21915 (JSC::CodeBlock::numberOfArgumentValueProfiles):
21916 * bytecompiler/BytecodeGenerator.cpp:
21917 (JSC::BytecodeGenerator::BytecodeGenerator):
21918 (JSC::BytecodeGenerator::addParameter):
21919 (JSC::BytecodeGenerator::emitReturn):
21920 * dfg/DFGAbstractState.cpp:
21921 (JSC::DFG::AbstractState::AbstractState):
21922 * dfg/DFGByteCodeParser.cpp:
21923 (JSC::DFG::ByteCodeParser::ByteCodeParser):
21924 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
21925 * dfg/DFGGraph.cpp:
21926 (JSC::DFG::Graph::predictArgumentTypes):
21927 * dfg/DFGJITCompiler.cpp:
21928 (JSC::DFG::JITCompiler::compileFunction):
21929 * dfg/DFGOperations.cpp:
21930 * dfg/DFGSpeculativeJIT.cpp:
21931 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
21932 * dfg/DFGSpeculativeJIT.h:
21933 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
21934 * interpreter/Interpreter.cpp:
21935 (JSC::Interpreter::slideRegisterWindowForCall):
21936 (JSC::Interpreter::dumpRegisters):
21937 (JSC::Interpreter::execute):
21938 (JSC::Interpreter::prepareForRepeatCall):
21940 (JSC::JIT::privateCompile):
21941 * jit/JITStubs.cpp:
21942 (JSC::arityCheckFor):
21943 (JSC::lazyLinkFor):
21944 * runtime/Executable.cpp:
21945 (JSC::FunctionExecutable::compileForCallInternal):
21946 (JSC::FunctionExecutable::compileForConstructInternal):
21948 2012-01-10 Gavin Barraclough <barraclough@apple.com>
21950 Build fix following https://bugs.webkit.org/show_bug.cgi?id=75935
21954 * runtime/JSArray.cpp:
21955 (JSC::JSArray::getOwnPropertyNames):
21956 (JSC::JSArray::setLength):
21958 2012-01-10 Gavin Barraclough <barraclough@apple.com>
21962 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
21964 2012-01-10 Gavin Barraclough <barraclough@apple.com>
21966 Do not allow Array length to be set if it is non-configurable
21967 https://bugs.webkit.org/show_bug.cgi?id=75935
21969 Reviewed by Sam Weinig.
21971 Do not allow Array length to be set if it is non-configurable, and if the new
21972 length is less than the old length then intervening properties should removed
21973 in reverse order. Removal of properties should cease if an intervening indexed
21974 property being removed is non-configurable.
21976 * JavaScriptCore.exp:
21977 - Removed export for setLength.
21978 * runtime/ArrayPrototype.cpp:
21979 (JSC::arrayProtoFuncConcat):
21980 - JSArray::setLength now takes an ExecState*
21981 (JSC::arrayProtoFuncSlice):
21982 - JSArray::setLength now takes an ExecState*
21983 * runtime/JSArray.cpp:
21984 (JSC::JSArray::defineOwnProperty):
21985 - JSArray::setLength now takes an ExecState*
21986 (JSC::JSArray::put):
21987 - JSArray::setLength now takes an ExecState*
21988 (JSC::compareKeysForQSort):
21989 - Keys extracted from the map can be stored as unsigneds.
21990 (JSC::JSArray::getOwnPropertyNames):
21991 - Keys extracted from the map can be stored as unsigneds.
21992 (JSC::JSArray::setLength):
21993 - Check lengthIsReadOnly(), rather than copying the entire map to iterate
21994 over to determine which keys to remove, instead just copy the keys from
21995 the map to a Vector. When inSparseMode sort the keys in the Vector so
21996 that we can remove properties in reverse order.
21997 * runtime/JSArray.h:
21998 - JSArray::setLength now takes an ExecState*
22000 2012-01-10 Gavin Barraclough <barraclough@apple.com>
22002 Use SameValue to compare property descriptor values
22003 https://bugs.webkit.org/show_bug.cgi?id=75975
22005 Reviewed by Sam Weinig.
22007 Rather than strictEqual.
22009 * runtime/JSArray.cpp:
22010 (JSC::JSArray::defineOwnNumericProperty):
22011 - Missing configurablePresent() check.
22012 * runtime/JSObject.cpp:
22013 (JSC::JSObject::defineOwnProperty):
22015 * runtime/PropertyDescriptor.cpp:
22017 - Moved from JSArray.cpp, fix NaN comparison.
22018 (JSC::PropertyDescriptor::equalTo):
22020 * runtime/PropertyDescriptor.h:
22021 - Added declaration for sameValue.
22022 2012-01-09 Gavin Barraclough <barraclough@apple.com>
22024 Error handling : in ISO8601 timezone
22025 https://bugs.webkit.org/show_bug.cgi?id=75919
22027 Reviewed by Sam Weinig.
22029 * wtf/DateMath.cpp:
22030 (WTF::parseDateFromNullTerminatedCharacters):
22031 - need to increment the string position.
22033 2012-01-09 Mark Rowe <mrowe@apple.com>
22035 JavaScriptCore executable targets shouldn't explicitly depend on the JavaScriptCore framework target
22036 <http://webkit.org/b/75907> / <rdar://problem/10659862>
22038 We'd like for it to be possible to build jsc without building JavaScriptCore.framework and the explicit
22039 dependencies prevent this.
22041 Reviewed by Dan Bernstein.
22043 * JavaScriptCore.xcodeproj/project.pbxproj:
22045 2012-01-09 Adam Treat <atreat@rim.com>
22047 Log is a little to verbose for blackberry port
22048 https://bugs.webkit.org/show_bug.cgi?id=75728
22050 The BlackBerry::Platform::Log* functions take care of the call to vfprintf
22051 which is resulting in unintentional noise in our logs. Add a conditional
22054 Change to using BlackBerry::Platform::logStreamV which does not insert
22055 threading info and newlines unlike BlackBerry::Platform::log.
22057 Finally, add log locking and unlocking which the BlackBerry platform
22058 uses to ensure that N threads do not trample on each other's logs.
22060 Reviewed by Rob Buis.
22062 * wtf/Assertions.cpp:
22063 (WTFLogLocker::WTFReportAssertionFailure):
22064 (WTFLogLocker::WTFReportAssertionFailureWithMessage):
22065 (WTFLogLocker::WTFReportArgumentAssertionFailure):
22066 (WTFLogLocker::WTFReportFatalError):
22067 (WTFLogLocker::WTFReportError):
22068 (WTFLogLocker::WTFLog):
22069 (WTFLogLocker::WTFLogVerbose):
22071 2012-01-09 Gavin Barraclough <barraclough@apple.com>
22073 https://bugs.webkit.org/show_bug.cgi?id=75789
22074 defineOwnProperty not implemented for Array objects
22076 Reviewed by Sam Weinig.
22078 Implements support for getter/setter & non-default attribute properties on arrays,
22079 by forcing them into a dictionary-like 'SparseMode'. This fixes ~300 test-262
22082 * JavaScriptCore.exp:
22084 * dfg/DFGOperations.cpp:
22085 - JSArray::pop now requires an exec state.
22086 * runtime/ArrayPrototype.cpp:
22087 (JSC::arrayProtoFuncPop):
22088 - JSArray::pop now requires an exec state.
22089 * runtime/JSArray.cpp:
22090 (JSC::SparseArrayValueMap::add):
22091 - Add a potentially empty entry into the map.
22092 (JSC::SparseArrayValueMap::put):
22093 - Changed to call setter.
22094 (JSC::SparseArrayEntry::get):
22096 (JSC::SparseArrayEntry::getNonSparseMode):
22097 - does not call getters.
22098 (JSC::JSArray::enterSparseMode):
22099 - Convert into 'SparseMode' - removes the vectors, don't allow it to be recreated.
22100 (JSC::JSArray::putDescriptor):
22101 - Create a numeric property based on a descriptor.
22105 - Helper for the [[DefineOwnProperty]] algorithm.
22106 (JSC::JSArray::defineOwnNumericProperty):
22107 - Define an indexed property on an array object.
22108 (JSC::JSArray::setLengthWritable):
22109 - Marks the length read-only, enters SparseMode as necessary.
22110 (JSC::JSArray::defineOwnProperty):
22111 - Defines either an indexed property or 'length' on an array object.
22112 (JSC::JSArray::getOwnPropertySlotByIndex):
22113 - Updated to correctly handle accessor descriptors & attributes.
22114 (JSC::JSArray::getOwnPropertyDescriptor):
22115 - Updated to correctly handle accessor descriptors & attributes.
22116 (JSC::JSArray::put):
22117 - Pass strict mode flag to setLength.
22118 (JSC::JSArray::putByIndex):
22119 - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
22120 (JSC::JSArray::putByIndexBeyondVectorLength):
22121 - Pass exec to SparseArrayValueMap::put.
22122 (JSC::JSArray::deletePropertyByIndex):
22123 - Do not allow deletion of non-configurable properties.
22124 (JSC::compareKeysForQSort):
22125 - used in implementation of getOwnPropertyNames.
22126 (JSC::JSArray::getOwnPropertyNames):
22127 - Properties in the sparse map should be iterated in order.
22128 (JSC::JSArray::setLength):
22129 - Updated to take a 'shouldThrow' flag, return a result indicating error.
22130 (JSC::JSArray::pop):
22131 - pop should throw an error if length is not writable, even if the array is empty.
22132 (JSC::JSArray::push):
22133 - putByIndexBeyondVectorLength requires an ExecState* rather than a JSGloablData&.
22134 (JSC::JSArray::sort):
22135 - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
22136 (JSC::JSArray::compactForSorting):
22137 - Changed 'get' to 'getNonSparseMode' (can't be getters to call).
22138 * runtime/JSArray.h:
22139 (JSC::SparseArrayValueMap::lengthIsReadOnly):
22140 - Check if the length is read only.
22141 (JSC::SparseArrayValueMap::setLengthIsReadOnly):
22142 - Mark the length as read only.
22143 (JSC::SparseArrayValueMap::find):
22144 - Moved into header.
22145 (JSC::JSArray::isLengthWritable):
22146 - Wraps SparseArrayValueMap::lengthIsReadOnly.
22147 * runtime/JSObject.cpp:
22148 (JSC::JSObject::defineOwnProperty):
22149 - Should be returning the result of putDescriptor.
22150 * runtime/PropertyDescriptor.cpp:
22151 (JSC::PropertyDescriptor::attributesOverridingCurrent):
22152 - Added attributesOverridingCurrent - this should probably be merged with attributesWithOverride.
22153 * runtime/PropertyDescriptor.h:
22154 - Added attributesOverridingCurrent.
22156 2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
22158 There is no support for fastcall in Solaris Studio.
22159 Fixes build on Solaris.
22160 https://bugs.webkit.org/show_bug.cgi?id=75736
22162 Reviewed by Gavin Barraclough.
22166 2012-01-09 Pavel Heimlich <tropikhajma@gmail.com>
22168 Fix build failure on Solaris
22169 https://bugs.webkit.org/show_bug.cgi?id=75733
22171 Reviewed by Gavin Barraclough.
22175 2012-01-01 Raphael Kubo da Costa <kubo@profusion.mobi>
22177 [CMake] Clean up some cruft from WTF's CMakeLists.txt
22178 https://bugs.webkit.org/show_bug.cgi?id=75420
22180 Reviewed by Daniel Bates.
22182 * wtf/CMakeLists.txt: Remove the unused WTF_PORT_FLAGS variable; add
22183 all needed paths to WTF_INCLUDE_DIRECTORIES in a single place.
22185 2012-01-08 Xianzhu Wang <wangxianzhu@chromium.org>
22187 Fix compilation error about ListHashSetReverseIterator
22188 https://bugs.webkit.org/show_bug.cgi?id=75372
22190 Reviewed by Darin Adler.
22192 There is a typo in class ListHashSetReverseIterator:
22193 typedef ListHashSetConstIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
22195 typedef ListHashSetConstReverseIterator<ValueArg, inlineCapacity, HashArg> const_reverse_iterator;
22197 * wtf/ListHashSet.h:
22199 2012-01-08 Ryosuke Niwa <rniwa@webkit.org>
22201 WinCE build fix after r104415.
22203 * jit/JITExceptions.cpp:
22204 * jit/JITExceptions.h:
22206 2012-01-08 Filip Pizlo <fpizlo@apple.com>
22208 The JIT's protocol for exception handling should be available to other parts of the system
22209 https://bugs.webkit.org/show_bug.cgi?id=75808
22210 <rdar://problem/10661025>
22212 Reviewed by Oliver Hunt.
22215 * GNUmakefile.list.am:
22216 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
22217 * JavaScriptCore.xcodeproj/project.pbxproj:
22219 * jit/JITExceptions.cpp: Added.
22220 (JSC::genericThrow):
22222 * jit/JITExceptions.h: Added.
22223 * jit/JITStubs.cpp:
22224 * runtime/JSGlobalData.h:
22226 2012-01-06 Hajime Morrita <morrita@chromium.org>
22228 https://bugs.webkit.org/show_bug.cgi?id=75296
22229 JSString should not have JS_EXPORTCLASS annotation
22231 Reviewed by Kevin Ollivier.
22233 * runtime/JSString.h: Removed JS_EXPORTCLASS annotation.
22234 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
22235 Added missing symbols which were hidden by JS_EXPORTCLASS.
22237 2012-01-06 Michael Saboff <msaboff@apple.com>
22239 JSArray::pop() should compare SparseArrayValueMap::find() to SparseArrayValueMap::notFound()
22240 https://bugs.webkit.org/show_bug.cgi?id=75757
22242 Reviewed by Gavin Barraclough.
22244 * runtime/JSArray.cpp:
22245 (JSC::JSArray::pop): Changed map->end() to map->notFound().
22247 2012-01-06 Filip Pizlo <fpizlo@apple.com>
22249 JIT stub slow paths that would be identical to that of an interpreter should be factored out
22250 https://bugs.webkit.org/show_bug.cgi?id=75743
22251 <rdar://problem/10657024>
22253 Reviewed by Geoff Garen.
22255 * GNUmakefile.list.am:
22256 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
22257 * JavaScriptCore.xcodeproj/project.pbxproj:
22258 * jit/JITStubs.cpp:
22259 (JSC::DEFINE_STUB_FUNCTION):
22260 * runtime/CommonSlowPaths.h: Added.
22261 (JSC::CommonSlowPaths::opInstanceOfSlow):
22262 (JSC::CommonSlowPaths::opIn):
22263 (JSC::CommonSlowPaths::opResolve):
22264 (JSC::CommonSlowPaths::opResolveSkip):
22265 (JSC::CommonSlowPaths::opResolveWithBase):
22266 (JSC::CommonSlowPaths::opResolveWithThis):
22268 2012-01-06 Sam Weinig <sam@webkit.org>
22272 * wtf/TypeTraits.cpp:
22274 2012-01-05 Michael Saboff <msaboff@apple.com>
22276 Default HashTraits for Opcode don't work for Opcode = 0
22277 https://bugs.webkit.org/show_bug.cgi?id=75595
22279 Reviewed by Oliver Hunt.
22281 Removed the populating of the m_opcodeIDTable table in the
22282 case where the OpcodeID and Opcode are the same (m_enabled is false).
22283 Instead we just cast the one type to the other.
22285 * interpreter/Interpreter.cpp:
22286 (JSC::Interpreter::initialize):
22287 (JSC::Interpreter::isOpcode):
22288 * interpreter/Interpreter.h:
22289 (JSC::Interpreter::getOpcodeID):
22291 2012-01-06 Sam Weinig <sam@webkit.org>
22293 Add a DecayArray type trait as a first step towards merging OwnPtr and OwnArrayPtr
22294 https://bugs.webkit.org/show_bug.cgi?id=75737
22296 Reviewed by Anders Carlsson.
22298 * wtf/TypeTraits.cpp:
22299 * wtf/TypeTraits.h:
22300 Added a DecayArray trait, that can convert T[] and T[3] -> T*. DecayArray
22301 is composed of some helpers which are also exposed, Conditional<>, which
22302 can provide one type or another based on a boolean predicate, IsArray<>
22303 which can deduce array types, and RemoveExtent<>, which removes the extent
22304 from an array type.
22306 2012-01-06 Oliver Hunt <oliver@apple.com>
22308 GetByteArrayLength is incorrect
22309 https://bugs.webkit.org/show_bug.cgi?id=75735
22311 Reviewed by Filip Pizlo.
22313 Load the byte array length from the correct location.
22314 This stops an existing test from hanging.
22316 * dfg/DFGSpeculativeJIT32_64.cpp:
22317 (JSC::DFG::SpeculativeJIT::compile):
22318 * dfg/DFGSpeculativeJIT64.cpp:
22319 (JSC::DFG::SpeculativeJIT::compile):
22321 2012-01-06 Filip Pizlo <fpizlo@apple.com>
22325 * JavaScriptCore.xcodeproj/project.pbxproj:
22327 2012-01-06 Oliver Hunt <oliver@apple.com>
22329 DFG no longer optimises CanvasPixelArray
22330 https://bugs.webkit.org/show_bug.cgi?id=75729
22332 Reviewed by Gavin Barraclough.
22334 Rename ByteArray (in its ClassInfo) to Uint8ClampedArray to match
22335 the future name when we switch over to the new typed-array based
22336 ImageData specification.
22338 * runtime/JSByteArray.cpp:
22340 2012-01-06 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
22342 Use HashMap<OwnPtr> for SourceProviderCache items
22343 https://bugs.webkit.org/show_bug.cgi?id=75346
22345 Reviewed by Daniel Bates.
22347 * parser/Parser.cpp:
22348 * parser/SourceProviderCache.cpp:
22349 (JSC::SourceProviderCache::clear):
22350 (JSC::SourceProviderCache::add):
22351 * parser/SourceProviderCache.h:
22353 2012-01-06 Sam Weinig <sam@webkit.org>
22355 Remove unused OwnFastMallocPtr class.
22356 https://bugs.webkit.org/show_bug.cgi?id=75722
22358 Reviewed by Geoffrey Garen.
22360 * GNUmakefile.list.am:
22361 * JavaScriptCore.gypi:
22362 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
22363 * JavaScriptCore.xcodeproj/project.pbxproj:
22364 * wtf/CMakeLists.txt:
22365 * wtf/OwnFastMallocPtr.h: Removed.
22366 * wtf/text/StringImpl.h:
22369 2012-01-06 Benjamin Poulain <bpoulain@webkit.org>
22371 [Mac] Sort the resources of JavaScriptCore.xcodeproj and remove duplicates
22372 https://bugs.webkit.org/show_bug.cgi?id=75631
22374 Reviewed by Andreas Kling.
22376 * JavaScriptCore.xcodeproj/project.pbxproj:
22378 2012-01-06 Eric Seidel <eric@webkit.org> and Gustavo Noronha Silva <gustavo.noronha@collabora.com>
22380 Make the new WTF module build on Gtk
22381 https://bugs.webkit.org/show_bug.cgi?id=75669
22385 2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
22387 [Qt] Remove un-needed VPATHs from project includes
22389 Reviewed by Simon Hausmann.
22391 * JavaScriptCore.pri:
22394 2012-01-06 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
22396 [Qt] Move listing of include paths and libs to pri files in sources
22398 Includepaths are sometimes modified by non-Qt contributors so keeping
22399 them in files inside Sources makes it more likely that they are updated
22400 along with project files for the other ports.
22402 Using pri files instead of prf files for this also has the benefit that
22403 the include() from the main target file can be parsed and followed by
22404 Qt Creator -- something that does not work with load().
22406 Dependency from a target to a library through the WEBKIT variable are
22407 handled through forwarding-files in Tools/qmake/mkspecs/modules, which
22408 set the source root of the module and include the right pri file.
22410 Ideally we'd use the variant of include() that takes an optional
22411 namespace to read the variables into, or the fromfile() function,
22412 but both of these add an overhead of about 40% on the total qmake
22413 runtime, due to making a deep copy of all the variables in the
22414 project or re-reading all the prf files from scratch.
22416 Reviewed by Simon Hausmann.
22419 * JavaScriptCore.pri: Renamed from Tools/qmake/mkspecs/features/javascriptcore.prf.
22421 * wtf/wtf.pri: Renamed from Tools/qmake/mkspecs/features/wtf.prf.
22424 2012-01-06 Hajime Morrita <morrita@chromium.org>
22426 WTF::String: Inline method shouldn't have WTF_EXPORT_PRIVATE
22427 https://bugs.webkit.org/show_bug.cgi?id=75612
22429 Reviewed by Kevin Ollivier.
22431 * wtf/text/WTFString.h:
22432 (WTF::String::findIgnoringCase):
22433 (WTF::String::append):
22434 (WTF::String::fromUTF8):
22435 (WTF::String::fromUTF8WithLatin1Fallback):
22436 (WTF::String::isHashTableDeletedValue):
22438 2012-01-05 Dan Bernstein <mitz@apple.com>
22440 <rdar://problem/10633760> Update copyright strings
22442 Reviewed by Mark Rowe.
22446 2012-01-05 Gavin Barraclough <barraclough@apple.com>
22448 Date constructor handles infinite values incorrectly.
22449 https://bugs.webkit.org/show_bug.cgi?id=70998
22451 Reviewed by Filip Pizlo.
22453 * runtime/DateConstructor.cpp:
22454 (JSC::constructDate):
22455 - should be checking !finite rather then isnan.
22457 2012-01-05 Gavin Barraclough <barraclough@apple.com>
22459 date.toISOString produces incorrect results for dates with ms prior to 1970
22460 https://bugs.webkit.org/show_bug.cgi?id=75684
22462 Reviewed by Sam Weinig.
22464 * runtime/DatePrototype.cpp:
22465 (JSC::dateProtoFuncToISOString):
22467 2012-01-05 Gavin Barraclough <barraclough@apple.com>
22469 Array.prototype.lastIndexOf ignores undefined fromIndex.
22470 https://bugs.webkit.org/show_bug.cgi?id=75678
22472 Reviewed by Sam Weinig.
22474 array.lastIndexOf(x, undefined) is equivalent to array.lastIndexOf(x, 0), not array.lastIndexOf(x)
22476 * runtime/ArrayPrototype.cpp:
22477 (JSC::arrayProtoFuncLastIndexOf):
22478 - should check argumnet count, rather than checking agument value for undefined.
22480 2012-01-05 Gavin Barraclough <barraclough@apple.com>
22482 Date parsing is too restrictive.
22483 https://bugs.webkit.org/show_bug.cgi?id=75671
22485 Reviewed by Oliver Hunt.
22487 ES5 date parsing currently requires all fields to be present, which does not match the spec (ES5.1 15.9.1.15).
22488 The spec allow a date to be date only, or date + time.
22490 The date portion on the should match: (pseudocode!:)
22491 [(+|-)YY]YYYY[-MM[-DD]]
22492 though we are slightly more liberal (permitted by the spec), allowing:
22494 The time portion should match:
22495 THH:mm[:ss[.sss]][Z|(+|-)HH:mm]
22496 again we're slightly more liberal, allowing:
22497 THH:mm[:ss[.s+]][Z|(+|-)HH:mm]
22499 * wtf/DateMath.cpp:
22500 (WTF::parseES5DatePortion):
22501 - Month/day fields are optional, default to 01.
22502 (WTF::parseES5TimePortion):
22503 - Hours/Minutes are requires, seconds/timezone are optional.
22504 (WTF::parseES5DateFromNullTerminatedCharacters):
22505 - Dates may be date only, or date + time.
22507 2012-01-05 Bruno Dilly <bdilly@profusion.mobi>
22509 [EFL] Undefined references to ICU_I18N symbols on WTF
22510 https://bugs.webkit.org/show_bug.cgi?id=75642
22512 Unreviewed build fix.
22514 Add ${ICU_I18N_LIBRARIES} to WTF_LIBRARIES on wtf efl platform cmake.
22515 Some undefined references were ucol_setAttribute_44, ucol_close_44,
22516 ucol_getAttribute_44...
22518 * wtf/PlatformEfl.cmake:
22520 2012-01-05 Geoffrey Garen <ggaren@apple.com>
22522 Refined the fast path for StringImpl::hash()
22523 https://bugs.webkit.org/show_bug.cgi?id=75178
22525 Reviewed by Darin Adler.
22527 Moved the hash calculation code into an out-of-line function to clean up
22530 No measurable benchmark change, but this knocks some samples off in
22531 Instruments, and I think this is a step toward removing -fomit-frame-pointer.
22533 * wtf/text/StringImpl.cpp:
22534 (WTF::StringImpl::hashSlowCase):
22535 * wtf/text/StringImpl.h:
22536 (WTF::StringImpl::hash): The patch.
22538 * wtf/text/StringStatics.cpp:
22539 (WTF::StringImpl::hashSlowCase): Abide by the cockamamie Windows build
22540 scheme, which requires all out-of-line StringImpl functions used by
22541 WebCore be defined in this file instead of StringImpl.cpp. (See http://trac.webkit.org/changeset/59187.)
22543 2012-01-05 Gavin Barraclough <barraclough@apple.com>
22545 Literal tab in JSONString fails
22546 https://bugs.webkit.org/show_bug.cgi?id=71772
22548 Reviewed by Oliver Hunt.
22550 rfc4627 does not allow literal tab characters in JSON source.
22552 * runtime/LiteralParser.cpp:
22553 (JSC::isSafeStringCharacter):
22554 - do not allow literal tab in StrictJSON mode.
22556 2012-01-05 Gavin Barraclough <barraclough@apple.com>
22558 push/shift fifo may consume excessive memory
22559 https://bugs.webkit.org/show_bug.cgi?id=75610
22561 Reviewed by Sam Weinig.
22563 Array object commonly store data in a vector, consisting of a portion that is
22564 in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
22565 m_length and m_vectorLength). Calls to shift with grow the pre-capacity, and
22566 the current algorithm for increaseVectorLength (used by push, or [[Put]]) will
22567 never shrink the pre-capacity, so a push/shift fifo may consume an inordinate
22568 amount of memory, whilst having a relatively small active length.
22570 * runtime/JSArray.cpp:
22571 (JSC::JSArray::increaseVectorLength):
22572 - If m_indexBias is non-zero, decay it over time.
22574 2012-01-05 Csaba Osztrogonác <ossy@webkit.org>
22576 unshift/pop fifo may consume excessive memory
22577 https://bugs.webkit.org/show_bug.cgi?id=75588
22579 Reviewed by Zoltan Herczeg.
22581 Buildfix after r104120.
22583 * runtime/JSArray.cpp: Remove useless asserts, baecause unsigned expression >= 0 is always true
22584 (JSC::JSArray::unshiftCount):
22586 2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
22588 Unreviewed gardening after r104134.
22590 * wtf/Assertions.cpp:
22592 2012-01-05 Zoltan Herczeg <zherczeg@webkit.org>
22594 Unreviewed gardening after r75605.
22596 Rubber stamped by NOBODY Csaba Osztrogonác.
22598 * wtf/Assertions.cpp:
22600 2012-01-05 Benjamin Poulain <benjamin@webkit.org>
22602 Improve charactersAreAllASCII() to compare multiple characters at a time
22603 https://bugs.webkit.org/show_bug.cgi?id=74063
22605 Reviewed by Darin Adler.
22607 A new header ASCIIFastPath.h contains the functions related to
22608 the detection of ASCII by using machine words. Part of it comes from
22609 WebCore's TextCodecASCIIFastPath.h.
22611 The function charactersAreAllASCII() is moved to TextCodecASCIIFastPath.h
22612 and is implemented with computer word comparison.
22613 The gain over the previous implementation of charactersAreAllASCII() is of
22614 the order of how many comparison are avoided (4x, 8x, 16x depending on the
22615 format and the CPU type).
22617 * GNUmakefile.list.am:
22618 * JavaScriptCore.gypi:
22619 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
22620 * JavaScriptCore.xcodeproj/project.pbxproj:
22621 * wtf/text/ASCIIFastPath.h: Added.
22622 (WTF::isAlignedToMachineWord):
22623 (WTF::alignToMachineWord):
22625 (WTF::charactersAreAllASCII):
22626 * wtf/text/WTFString.h:
22629 2012-01-05 Mark Rowe <mrowe@apple.com>
22631 <http://webkit.org/b/75606> [Mac] WTF logging functions should output to both stderr and ASL
22633 We should always log to both ASL and stderr on platforms where this won't result in launchd
22634 duplicating the messages.
22636 Reviewed by Dan Bernstein.
22638 * wtf/Assertions.cpp:
22639 (vprintf_stderr_common):
22641 2012-01-05 Mark Rowe <mrowe@apple.com>
22643 <http://webkit.org/b/75605> WTF logging functions should call vprintf_stderr_common only once per line
22645 Several of the WTF logging functions make multiple calls to vprintf_stderr_common to output a
22646 single line of text. This results in strangely formatted output if vprintf_stderr_common is
22647 retargeted to an output device that is message-oriented (such as ASL) rather than stream-oriented
22650 Reviewed by Dan Bernstein.
22652 * wtf/Assertions.cpp:
22653 (vprintf_stderr_with_prefix): Helper function to prepend a given prefix on to the given format
22654 string before handing it off to vprintf_stderr_common. This requires disabling warnings about
22655 calling a printf-like function with a non-literal format string for this piece of code. It's
22656 safe in this particular case as vprintf_stderr_with_prefix is only ever given a literal prefix.
22657 (vprintf_stderr_with_trailing_newline): Helper function to append a trailling newline on to the
22658 given format string if one does not already exist. It requires the same treatment with regards
22659 to the non-literal format string warning.
22660 (WTFReportAssertionFailureWithMessage): Switch to using vprintf_stderr_with_prefix.
22661 (WTFReportBacktrace): Switch from calling fprintf directly to using fprintf_stderr_common.
22662 (WTFReportFatalError): Switch to using vprintf_stderr_with_prefix.
22663 (WTFReportError): Ditto.
22664 (WTFLog): Switch to using vprintf_stderr_with_trailing_newline.
22665 (WTFLogVerbose): Ditto.
22667 2012-01-04 Gavin Barraclough <barraclough@apple.com>
22669 unshift/pop fifo may consume excessive memory
22670 https://bugs.webkit.org/show_bug.cgi?id=75588
22672 Reviewed by Sam Weinig.
22674 The Array object commonly store data in a vector, consisting of a portion that
22675 is in use, a pre-capacity (m_indexBias) and a post-capacity (the delta between
22676 m_length and m_vectorLength). Calls to pop with grow the post-capacity, and the
22677 current algorithm for increasePrefixVectorLength (used by unshift) will never
22678 stink the post-capacity, so a unshift/pop fifo may consume an inordinate amount
22679 of memory, whilst having a relatively small active length.
22681 * runtime/JSArray.cpp:
22682 (JSC::storageSize):
22683 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
22684 (JSC::SparseArrayValueMap::put):
22685 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
22686 (JSC::JSArray::increaseVectorLength):
22687 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>)
22688 (JSC::JSArray::unshiftCountSlowCase):
22689 - renamed from increaseVectorPrefixLength (this was a bad name, since it
22690 also moved the ArrayStorage header), rewritten.
22691 (JSC::JSArray::shiftCount):
22692 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned
22693 (JSC::JSArray::unshiftCount):
22694 - sizeof(JSValue) should be sizeof(WriteBarrier<Unknown>), count should be unsigned,
22695 increaseVectorPrefixLength renamed to unshiftCountSlowCase
22696 (JSC::JSArray::sortNumeric):
22697 * runtime/JSArray.h:
22698 - Updated function declarations, m_indexBias should be unsigned.
22700 2012-01-04 Mark Rowe <mrowe@apple.com>
22702 <http://webkit.org/b/75604> All instances of JSC::ArgumentsData appear to be leaked by JSC::Arguments
22704 Since JSC::Arguments has an OwnPtr for a member it needs to override destroy
22705 to ensure that the correct destructor is invoked. This is necessary because
22706 JSCell subclasses all intentionally have non-virtual destructors.
22708 Reviewed by Filip Pizlo.
22710 * runtime/Arguments.cpp:
22711 (JSC::Arguments::destroy):
22712 * runtime/Arguments.h:
22714 2012-01-04 Filip Pizlo <fpizlo@apple.com>
22716 Unreviewed, accidentally turned off the JIT in previous commit. Turning
22721 2012-01-04 Filip Pizlo <fpizlo@apple.com>
22723 Changed "return" to "break" in some macrology I introduced in
22724 http://trac.webkit.org/changeset/104086. This is a benign change, as
22725 "return" was technically correct for all uses of the macro.
22727 Reviewed by Oliver Hunt.
22729 * dfg/DFGGraph.cpp:
22732 2012-01-04 Michael Saboff <msaboff@apple.com>
22734 StructureStubInfo not reset when corresponding MethodCallLinkInfo is reset
22735 https://bugs.webkit.org/show_bug.cgi?id=75583
22737 Reviewed by Filip Pizlo.
22739 * bytecode/CodeBlock.cpp:
22740 (JSC::CodeBlock::finalizeUnconditionally): Find the corresponding
22741 StructureStubInfo and reset the appropriate JIT and
22742 the StructureStubInfo itself when reseting a MethodCallLinkInfo.
22744 2012-01-04 Michael Saboff <msaboff@apple.com>
22746 Invalid ASSERT() in DFGRepatch.cpp near line 385
22747 https://bugs.webkit.org/show_bug.cgi?id=75584
22749 Reviewed by Filip Pizlo.
22751 * dfg/DFGRepatch.cpp:
22752 (JSC::DFG::tryBuildGetByIDProtoList): Fixed ASSERT to use ==.
22754 2012-01-04 Filip Pizlo <fpizlo@apple.com>
22756 Incorrect use of DFG node reference counts when mutating the graph
22757 https://bugs.webkit.org/show_bug.cgi?id=75580
22758 <rdar://problem/10644607>
22760 Reviewed by Oliver Hunt.
22762 Made deref(node) follow the pattern of ref(node), which it should have
22765 * dfg/DFGGraph.cpp:
22766 (JSC::DFG::Graph::refChildren):
22767 (JSC::DFG::Graph::derefChildren):
22769 (JSC::DFG::Graph::deref):
22770 (JSC::DFG::Graph::clearAndDerefChild1):
22771 (JSC::DFG::Graph::clearAndDerefChild2):
22772 (JSC::DFG::Graph::clearAndDerefChild3):
22774 (JSC::DFG::Node::deref):
22775 * dfg/DFGPropagator.cpp:
22776 (JSC::DFG::Propagator::fixupNode):
22778 2012-01-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
22780 [Qt] Introduce new qmake variable 'WEBKIT' for signaling dependencies
22782 The custom qmake variable 'WEBKIT' is used for signaling that a
22783 target depends in some way on other subproject of the WebKit
22784 project. For now this is limited to the set of intermediate
22785 libraries: wtf, javascriptcore, webcore, and webkit2.
22787 This replaces the previous convension of using load(foo) for
22788 just include paths, and CONFIG += foo to also link against foo.
22790 Adding a dependency results in additional include paths being
22791 available, and potentially linking to the library. This is
22792 decided by the build system based on conditions such as what
22793 kind of target is being built and the general build config.
22795 An advantage to his approach is that it simplifies the individual
22796 foo.prf files, for example by allowing us to use INCLUDEPATH +=
22797 and LIBS += as normal instead of prepending.
22799 Reviewed by Simon Hausmann.
22805 2012-01-03 Filip Pizlo <fpizlo@apple.com>
22807 DFG: The assertion that a double-voted variable cannot become double-unvoted is wrong
22808 https://bugs.webkit.org/show_bug.cgi?id=75516
22809 <rdar://problem/10640266>
22811 Reviewed by Gavin Barraclough.
22813 Removed the offending assertion, since it was wrong. Also hardened the code to make
22814 this case less likely by first having the propagator fixpoint converge, and then doing
22815 double voting combined with a second fixpoint. This is neutral on benchmarks and
22816 fixes the assertion in a fairly low-risk way (i.e. we won't vote a variable double
22817 until we've converged to the conclusion that it really is double).
22819 * dfg/DFGPropagator.cpp:
22820 (JSC::DFG::Propagator::propagatePredictions):
22821 * dfg/DFGVariableAccessData.h:
22822 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
22824 2012-01-03 Filip Pizlo <fpizlo@apple.com>
22826 REGRESSION (r98196-98236): Incorrect layout of iGoogle with RSS feeds
22827 https://bugs.webkit.org/show_bug.cgi?id=75303
22828 <rdar://problem/10633533>
22830 Reviewed by Gavin Barraclough.
22832 The this argument was not being kept alive in some cases during inlining and intrinsic
22835 * dfg/DFGByteCodeParser.cpp:
22836 (JSC::DFG::ByteCodeParser::handleCall):
22837 (JSC::DFG::ByteCodeParser::emitFunctionCheck):
22838 (JSC::DFG::ByteCodeParser::handleInlining):
22840 2012-01-03 Gavin Barraclough <barraclough@apple.com>
22844 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
22846 2012-01-03 Gavin Barraclough <barraclough@apple.com>
22850 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
22852 2012-01-03 Gavin Barraclough <barraclough@apple.com>
22854 https://bugs.webkit.org/show_bug.cgi?id=75140
22856 Reviewed by Sam Weinig.
22858 Rewrite JSArray::putSlowCase to be much cleaner & simpler.
22860 This rewrite only significantly changes behaviour for sparse array, specifically
22861 in how sparse arrays are reified back to vector form. This does not affect arrays
22862 with less than 10000 entries (since these always use a vector). The more common
22863 cases of sparse array behavior (though large sparse arrays are rare) - arrays that
22864 always remain sparse, and arrays that are filled in reverse sequential order -
22865 should be just as fast or faster (since reification is simpler & no longer
22866 requires map lookups) after these changes.
22868 Simplifying this code allows all cases of putByIndex that need to grow the vector
22869 to do so via increaseVectorLength, which means that this method can encapsulate
22870 the policy of determining how the vector should be grown.
22872 No performance impact.
22874 * runtime/JSArray.cpp:
22875 (JSC::isDenseEnoughForVector):
22876 - any array of length <= MIN_SPARSE_ARRAY_INDEX is dense enough for a vector.
22877 (JSC::JSArray::putByIndex):
22878 - simplify & comment.
22879 (JSC::JSArray::putByIndexBeyondVectorLength):
22880 - Re-written to be much clearer & simpler.
22881 (JSC::JSArray::increaseVectorLength):
22882 (JSC::JSArray::increaseVectorPrefixLength):
22883 - add explicit checks against MAX_STORAGE_VECTOR_LENGTH, so clients do not need do so.
22884 (JSC::JSArray::push):
22885 - simplify & comment.
22886 * runtime/JSArray.h:
22887 - removed SparseArrayValueMap::take.
22889 2012-01-03 Gavin Barraclough <barraclough@apple.com>
22893 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
22895 2012-01-03 Gavin Barraclough <barraclough@apple.com>
22897 https://bugs.webkit.org/show_bug.cgi?id=75140
22899 Reviewed by Sam Weinig.
22901 Simplify JSArray creation - remove ArgsList/JSValue* create methods
22902 (this functionality can be implemented in terms of tryCreateUninitialized).
22904 * JavaScriptCore.exp:
22905 * runtime/ArrayConstructor.cpp:
22906 - use constructArray/constructEmptyArray instead of calling JSArray::create directly
22907 (JSC::constructArrayWithSizeQuirk):
22908 * runtime/JSArray.cpp:
22909 * runtime/JSArray.h:
22910 - removed ArgsList/JSValue* create methods
22911 * runtime/JSGlobalObject.h:
22912 (JSC::constructEmptyArray):
22913 (JSC::constructArray):
22914 - changed to be implemented in terms of JSArray::tryCreateUninitialized
22916 2012-01-03 Gavin Barraclough <barraclough@apple.com>
22918 https://bugs.webkit.org/show_bug.cgi?id=75429
22919 ThrowTypeError should be a singleton object
22921 Reviewed by Sam Weinig.
22923 Per section 13.2.3 of the spec.
22924 We could change setAccessorDescriptor to be able to share the global
22925 GetterSetter object, rather than storing the accessor functions and
22926 creating a new GetterSetter in defineProperty - but this won't be a
22927 small change to PropertyDescriptors (and would probably mean making
22928 GetterSetter objects immutable?) - so I'll leave that for another
22931 * JavaScriptCore.exp:
22932 - don't export setAccessorDescriptor
22933 * runtime/Arguments.cpp:
22934 (JSC::Arguments::createStrictModeCallerIfNecessary):
22935 (JSC::Arguments::createStrictModeCalleeIfNecessary):
22936 - call throwTypeErrorGetterSetter instead of createTypeErrorFunction
22937 * runtime/Error.cpp:
22939 - remove createTypeErrorFunction
22940 * runtime/JSFunction.cpp:
22941 * runtime/JSFunction.h:
22942 - remove unused createDescriptorForThrowingProperty
22943 * runtime/JSGlobalObject.cpp:
22944 (JSC::JSGlobalObject::reset):
22945 (JSC::JSGlobalObject::visitChildren):
22946 - removed m_strictModeTypeErrorFunctionStructure.
22947 * runtime/JSGlobalObject.h:
22948 (JSC::JSGlobalObject::internalFunctionStructure):
22949 - removed m_strictModeTypeErrorFunctionStructure.
22950 * runtime/PropertyDescriptor.cpp:
22951 (JSC::PropertyDescriptor::setAccessorDescriptor):
22952 - changed to take a GetterSetter
22953 * runtime/PropertyDescriptor.h:
22954 - changed to take a GetterSetter
22956 2012-01-02 Gavin Barraclough <barraclough@apple.com>
22958 Check in fixes for jsc tests following bug #75455.
22960 * tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
22961 * tests/mozilla/ecma/GlobalObject/15.1.2.2-2.js:
22963 2012-01-02 Gavin Barraclough <barraclough@apple.com>
22965 https://bugs.webkit.org/show_bug.cgi?id=75452
22966 If argument to Error is undefined, message is not set
22968 Reviewed by Sam Weinig.
22970 Per section 15.11.1.1 of the spec.
22972 * runtime/ErrorInstance.h:
22973 (JSC::ErrorInstance::create):
22974 (JSC::ErrorInstance::finishCreation):
22976 2012-01-02 Gavin Barraclough <barraclough@apple.com>
22978 ES5 prohibits parseInt from supporting octal
22979 https://bugs.webkit.org/show_bug.cgi?id=75455
22981 Reviewed by Sam Weinig.
22983 See sections 15.1.2.2 and annex E.
22985 * runtime/JSGlobalObjectFunctions.cpp:
22988 2012-01-02 Gavin Barraclough <barraclough@apple.com>
22990 https://bugs.webkit.org/show_bug.cgi?id=55343
22991 Global JSON should be configurable but isn't
22993 Reviewed by Sam Weinig.
22995 * runtime/JSGlobalObject.cpp:
22996 (JSC::JSGlobalObject::reset):
22997 - make JSON configurable
22999 2012-01-01 Filip Pizlo <fpizlo@apple.com>
23001 Call instructions should leave room for linking information
23002 https://bugs.webkit.org/show_bug.cgi?id=75422
23003 <rdar://problem/10633985>
23005 Reviewed by Oliver Hunt.
23007 * bytecode/Opcode.h:
23008 * bytecompiler/BytecodeGenerator.cpp:
23009 (JSC::BytecodeGenerator::emitCall):
23010 (JSC::BytecodeGenerator::emitConstruct):
23012 2011-12-31 Dan Bernstein <mitz@apple.com>
23014 Continue trying to fix the Windows build after r103823.
23016 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
23018 2011-12-31 Dan Bernstein <mitz@apple.com>
23020 Start trying to fix the Windows build after r103823.
23022 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
23024 2011-12-30 Anders Carlsson <andersca@apple.com>
23026 Add a ParamStorageTraits specialization for RetainPtr
23027 https://bugs.webkit.org/show_bug.cgi?id=75392
23029 Reviewed by Daniel Bates.
23031 * wtf/Functional.h:
23032 Add a partial specialization of ParamStorageTraits for RetainPtr<T>.
23035 Bring in the retainPtr function template from WTF.
23037 2011-12-29 Sam Weinig <sam@webkit.org>
23039 It should be easier to iterate a Vector backwards
23040 https://bugs.webkit.org/show_bug.cgi?id=75359
23042 Reviewed by Anders Carlsson.
23044 Adds Vector::rbegin(), Vector::rend(), and Vector::reversed(),
23045 a new proxy driven way to access a vector backwards. One can use
23046 reversed() in a range-based for loop like so:
23048 for (auto val: myVector.reversed())
23052 (WTF::Vector::~Vector):
23055 (WTF::Vector::rbegin):
23056 (WTF::Vector::rend):
23057 Added using standard adaptor std::reverse_iterator.
23059 (WTF::Vector::reversed):
23060 (WTF::Vector::VectorReverseProxy::begin):
23061 (WTF::Vector::VectorReverseProxy::end):
23062 Add proxy similar to one used in HashMap for keys() and values()
23063 which allows access to a Vector backwards for use in range-based
23066 2011-12-29 Gavin Barraclough <barraclough@apple.com>
23068 https://bugs.webkit.org/show_bug.cgi?id=75140
23070 Reviewed by Oliver Hunt.
23072 Start cleaning up JSArray construction. JSArray has a set of create methods,
23073 one of which (currently) takes a 'creation mode' enum parameter. Based on that
23074 parameter, the constructor does one of two completely different things. If the
23075 parameter is 'CreateInitialized' it creates an array, setting the length, but
23076 does not eagerly allocate a storage vector of the specified length. A small
23077 (BASE_VECTOR_LEN sized) initial vector will be allocated, and cleared, property
23078 access to the vector will read the hole value (return undefined). The alternate
23079 usage of this method ('CreateCompact') does something very different. It tries
23080 to create an array of the requested length, and also allocates a storage vector
23081 large enough to hold all properties. It does not clear the storage vector,
23082 leaving the memory uninitialized and requiring the user to call a method
23083 'uncheckedSetIndex' to initialize values in the vector.
23085 This patch factors out these two behaviours, moving the 'CreateCompact' mode
23086 into its own method, 'tryCreateUninitialized' (matching the naming for this
23087 functionality in the string classes). 'tryCreateUninitialized' may return 0 if
23088 memory allocation fails during construction of the object. The construction
23089 pattern changes such that values added during initialization will be marked if
23090 a GC is triggered during array allocation. 'CreateInitialized' no longer need
23091 be passed to create a normal, fully constructed array with a length, and this
23092 method is merged with the version of 'create' that does not take an initial
23093 length (length parameter defaults to 0).
23095 * JavaScriptCore.exp:
23096 * runtime/ArrayConstructor.cpp:
23097 (JSC::constructArrayWithSizeQuirk):
23098 - removed 'CreateInitialized' argument
23099 * runtime/ArrayPrototype.cpp:
23100 (JSC::arrayProtoFuncSplice):
23101 - changed to call 'tryCreateUninitialized'
23102 * runtime/FunctionPrototype.cpp:
23103 (JSC::functionProtoFuncBind):
23104 - changed to call 'tryCreateUninitialized'
23105 * runtime/JSArray.cpp:
23106 (JSC::JSArray::JSArray):
23107 - initialize m_storage to null; if construction fails, make destruction safe
23108 (JSC::JSArray::finishCreation):
23109 - merge versions of this method, takes an initialLength parameter defaulting to zero
23110 (JSC::JSArray::tryFinishCreationUninitialized):
23111 - version of 'finishCreation' that tries to eagerly allocate storage; may fail & return 0
23112 (JSC::JSArray::~JSArray):
23113 - check for null m_storage, in case array construction failed.
23114 (JSC::JSArray::increaseVectorPrefixLength):
23115 * runtime/JSArray.h:
23116 (JSC::JSArray::create):
23117 - merge versions of this method, takes an initialLength parameter defaulting to zero
23118 (JSC::JSArray::tryCreateUninitialized):
23119 - version of 'create' that tries to eagerly allocate storage; may fail & return 0
23120 (JSC::JSArray::initializeIndex):
23121 (JSC::JSArray::completeInitialization):
23122 - used in conjunction with 'tryCreateUninitialized' to initialize the array
23123 * runtime/JSGlobalObject.h:
23124 (JSC::constructEmptyArray):
23125 - removed 'CreateInitialized' argument
23126 * runtime/RegExpConstructor.cpp:
23127 (JSC::RegExpMatchesArray::finishCreation):
23128 - removed 'CreateInitialized' argument
23130 2011-12-29 Anders Carlsson <andersca@apple.com>
23132 Add a retainPtr function template
23133 https://bugs.webkit.org/show_bug.cgi?id=75365
23135 Reviewed by Dan Bernstein.
23137 This makes it easier to make a RetainPtr using template argument deduction, which
23138 is useful when passing RetainPtr objects as function arguments.
23143 2011-12-28 Yuqiang Xian <yuqiang.xian@intel.com>
23145 spill unboxed values in DFG 32_64
23146 https://bugs.webkit.org/show_bug.cgi?id=75291
23148 Reviewed by Filip Pizlo.
23150 Currently all the values are spilled as boxed in DFG 32_64, which is
23151 not necessary and introduces additional stores/loads. Instead we
23152 can spill them as unboxed if feasible. It can be applied to the
23153 Integers, Cells and Booleans in DFG 32_64. Doubles are left as is
23154 because they don't need to be boxed at all. The modifications to the
23155 spill/fill and the OSR exit are required, as well as a bug fix to the
23156 "isUnknownJS" logic.
23158 * bytecode/ValueRecovery.h:
23159 (JSC::ValueRecovery::displacedInRegisterFile):
23160 (JSC::ValueRecovery::virtualRegister):
23161 (JSC::ValueRecovery::dump):
23162 * dfg/DFGGenerationInfo.h:
23163 (JSC::DFG::GenerationInfo::isUnknownJS):
23164 (JSC::DFG::GenerationInfo::spill):
23165 * dfg/DFGOSRExitCompiler32_64.cpp:
23166 (JSC::DFG::OSRExitCompiler::compileExit):
23167 * dfg/DFGSpeculativeJIT.cpp:
23168 (JSC::DFG::SpeculativeJIT::isKnownNotBoolean):
23169 * dfg/DFGSpeculativeJIT.h:
23170 (JSC::DFG::SpeculativeJIT::silentFillGPR):
23171 (JSC::DFG::SpeculativeJIT::spill):
23172 * dfg/DFGSpeculativeJIT32_64.cpp:
23173 (JSC::DFG::SpeculativeJIT::fillInteger):
23174 (JSC::DFG::SpeculativeJIT::fillDouble):
23175 (JSC::DFG::SpeculativeJIT::fillJSValue):
23176 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
23177 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
23178 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
23179 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
23180 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
23181 (JSC::DFG::SpeculativeJIT::compile):
23183 2011-12-28 Anders Carlsson <andersca@apple.com>
23185 Add an implicit block conversion operator to WTF::Function
23186 https://bugs.webkit.org/show_bug.cgi?id=75325
23188 Reviewed by Dan Bernstein.
23191 Add a define for COMPILER_SUPPORTS(BLOCKS). It's only defined for clang, since the gcc blocks implementation
23192 is buggy, especially when it comes to C++.
23194 * wtf/Functional.h:
23195 Add a block conversion operator that creates and returns an autoreleased block that will call the function when executed.
23197 2011-12-27 Anders Carlsson <andersca@apple.com>
23199 Add a new WTF::bind overload that takes 6 parameters
23200 https://bugs.webkit.org/show_bug.cgi?id=75287
23202 Reviewed by Sam Weinig.
23204 * wtf/Functional.h:
23206 2011-12-27 Sam Weinig <sam@webkit.org>
23208 Continue moving compiler feature checks to use the COMPILER_SUPPORTS() macro
23209 https://bugs.webkit.org/show_bug.cgi?id=75268
23211 Reviewed by Anders Carlsson.
23214 Add support for COMPILER_SUPPORTS(CXX_NULLPTR) and COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
23216 * wtf/Noncopyable.h:
23217 Use COMPILER_SUPPORTS(CXX_DELETED_FUNCTIONS).
23221 Use COMPILER_SUPPORTS(CXX_NULLPTR). Remove support for HAVE(NULLPTR).
23225 Switch from HAVE(NULLPTR) to COMPILER_SUPPORTS(CXX_NULLPTR).
23227 2011-12-27 Anders Carlsson <andersca@apple.com>
23229 Misc fixes and cleanups in Functional.h
23230 https://bugs.webkit.org/show_bug.cgi?id=75281
23232 Reviewed by Andreas Kling.
23234 - Reformat template declarations so that the class begins on a new line.
23235 - Change the parameter template parameters to start at P1 instead of P0.
23236 - Add function wrappers and bind overloads for 4 and 5 parameter functions.
23237 - Change the Function call operator to be const so const functions can be called.
23239 * wtf/Functional.h:
23241 2011-12-27 Tony Chang <tony@chromium.org>
23243 [chromium] Minor cleanup of gyp files.
23244 https://bugs.webkit.org/show_bug.cgi?id=75269
23246 Reviewed by Adam Barth.
23248 * JavaScriptCore.gyp/JavaScriptCore.gyp: msvs_guid is no longer needed
23249 and vim/emacs specific hooks should be added by the user.
23251 2011-12-27 Gavin Barraclough <barraclough@apple.com>
23253 https://bugs.webkit.org/show_bug.cgi?id=75260
23254 Null name for host function can result in dereference of uninitialize memory
23256 Reviewed by Filip Pizlo.
23258 This is a recent regression in ToT, if the name passed to finishCreation of a host function is null,
23259 we are currently skipping the putDirect, which leaves memory uninitialized. This patch reverts the
23260 aspect of the change that introduced the issue. It might be better if functions that don't have a
23261 name don't have this property at all, but that's change should be separate from fixing the bug.
23263 * runtime/JSFunction.cpp:
23264 (JSC::JSFunction::finishCreation):
23265 - Always initialize the name property.
23267 2011-12-27 Anders Carlsson <andersca@apple.com>
23269 Function should handle wrapping/unwrapping RefPtr and PassRefPtr
23270 https://bugs.webkit.org/show_bug.cgi?id=75266
23272 Reviewed by Sam Weinig.
23274 Add ParamStorageTraits that can be used for deciding how bound parameters should be stored
23275 and peeked at. For RefPtr we want to use the raw pointer when "peeking" to avoid ref-churn.
23276 For PassRefPtr, we want to use RefPtr for storage but still use the raw pointer when peeking.
23278 * wtf/Functional.h:
23279 (WTF::ParamStorageTraits::wrap):
23280 (WTF::ParamStorageTraits::unwrap):
23282 2011-12-27 Tony Chang <tony@chromium.org>
23284 [chromium] really enable wpo for WebCore libs and for WTF
23285 https://bugs.webkit.org/show_bug.cgi?id=75264
23287 Reviewed by Adam Barth.
23289 * JavaScriptCore.gyp/JavaScriptCore.gyp: Enable WPO for wtf and yarr.
23291 2011-12-26 Gavin Barraclough <barraclough@apple.com>
23293 Errk! OS X build fix.
23295 * JavaScriptCore.exp:
23297 2011-12-26 Gavin Barraclough <barraclough@apple.com>
23301 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
23302 * runtime/JSObject.h:
23304 2011-12-26 Gavin Barraclough <barraclough@apple.com>
23306 https://bugs.webkit.org/show_bug.cgi?id=75231
23307 Fail to throw in strict mode on assign to read only static properties
23309 Reviewed by Filip Pizlo.
23311 There are three bugs here:
23312 * symbolTablePut should throw for strict mode accesses.
23313 * lookupPut should throw for strict mode accesses.
23314 * NumberConstructor should override put to call lookupPut, to trap assignment to readonly properties.
23316 * runtime/JSActivation.cpp:
23317 (JSC::JSActivation::symbolTablePut):
23318 (JSC::JSActivation::put):
23319 * runtime/JSActivation.h:
23320 * runtime/JSGlobalObject.cpp:
23321 (JSC::JSGlobalObject::put):
23322 * runtime/JSStaticScopeObject.cpp:
23323 (JSC::JSStaticScopeObject::put):
23324 * runtime/JSVariableObject.h:
23325 (JSC::JSVariableObject::symbolTablePut):
23326 * runtime/Lookup.h:
23328 * runtime/NumberConstructor.cpp:
23329 (JSC::NumberConstructor::put):
23330 * runtime/NumberConstructor.h:
23332 2011-12-26 Gavin Barraclough <barraclough@apple.com>
23334 Fix miss-commit of utf8 change.
23336 Reviewed by Filip Pizlo
23338 Eeep, patch as landed a while ago had no effect! - acidentally landed
23339 modified version of patch used for performance testing.
23341 (This isn't covered by layout tests because layour tests don't use jsc,
23342 and the tests/mozilla tests use latin1, which was already supported!)
23344 Landing changes as intended (and as originally reviewed).
23349 2011-12-26 Filip Pizlo <fpizlo@apple.com>
23351 Unreviewed build fix for ARMv7.
23353 * assembler/MacroAssemblerARMv7.h:
23354 (JSC::MacroAssemblerARMv7::load16Signed):
23355 (JSC::MacroAssemblerARMv7::load8Signed):
23357 2011-12-26 Hajime Morrita <morrita@google.com>
23359 Rename WTF_INLINE, JS_INLINE to HIDDEN_INLINE
23360 https://bugs.webkit.org/show_bug.cgi?id=74990
23362 Reviewed by Kevin Ollivier.
23364 * runtime/JSExportMacros.h: Removed JS_INLINE
23365 * wtf/ExportMacros.h: Renamed WTF_INLINE to HIDDEN_INLINE
23367 2011-12-24 Filip Pizlo <fpizlo@apple.com>
23369 The ArgumentCount field in the CallFrame should have its tag left blank for other uses
23370 https://bugs.webkit.org/show_bug.cgi?id=75199
23371 <rdar://problem/10625105>
23372 <rdar://problem/10625106>
23374 Reviewed by Oliver Hunt.
23376 * dfg/DFGOSRExitCompiler32_64.cpp:
23377 (JSC::DFG::OSRExitCompiler::compileExit):
23378 * dfg/DFGOSRExitCompiler64.cpp:
23379 (JSC::DFG::OSRExitCompiler::compileExit):
23380 * dfg/DFGSpeculativeJIT.h:
23381 (JSC::DFG::SpeculativeJIT::argumentPayloadSlot):
23382 * dfg/DFGSpeculativeJIT32_64.cpp:
23383 (JSC::DFG::SpeculativeJIT::emitCall):
23384 * dfg/DFGSpeculativeJIT64.cpp:
23385 (JSC::DFG::SpeculativeJIT::emitCall):
23386 * interpreter/CallFrame.h:
23387 (JSC::ExecState::argumentCountIncludingThis):
23388 (JSC::ExecState::setArgumentCountIncludingThis):
23389 * interpreter/Register.h:
23390 (JSC::Register::unboxedInt32):
23391 (JSC::Register::unboxedBoolean):
23392 (JSC::Register::unboxedCell):
23393 (JSC::Register::payload):
23394 (JSC::Register::tag):
23396 (JSC::JIT::compileOpCall):
23397 * jit/JITCall32_64.cpp:
23398 (JSC::JIT::compileLoadVarargs):
23399 (JSC::JIT::compileOpCall):
23401 2011-12-25 Andreas Kling <awesomekling@apple.com>
23403 Yarr: Avoid copying vectors in CharacterClassConstructor.
23404 <http://webkit.org/b/75206>
23406 Reviewed by Darin Adler.
23408 Yarr::CharacterClassConstructor::charClass() was hot when loading twitter
23409 feeds (1.2%), replace the usage of Vector::append() by swap() since we're
23410 always clearing the source vector afterwards anyway.
23412 * yarr/YarrPattern.cpp:
23413 (JSC::Yarr::CharacterClassConstructor::charClass):
23415 2011-12-24 Darin Adler <darin@apple.com>
23417 Specialize HashTraits for RefPtr to use PassRefPtr as "pass type" to reduce reference count churn
23418 https://bugs.webkit.org/show_bug.cgi?id=72476
23420 Reviewed by Sam Weinig.
23422 * wtf/HashTraits.h: Defined PassInType and store function in HashTraits<RefPtr>.
23424 2011-12-23 Geoffrey Garen <ggaren@apple.com>
23426 Inlined Yarr::execute
23427 https://bugs.webkit.org/show_bug.cgi?id=75180
23429 Reviewed reluctantly by Beth Dakin.
23431 Tiny speedup on SunSpider string tests. Removes some samples from
23432 Instruments. A step toward removing -fomit-frame-pointer.
23434 * yarr/YarrJIT.cpp:
23436 (JSC::Yarr::execute): ONE LINE FUNCTION, Y U NOT INLINED?!
23438 2011-12-23 Filip Pizlo <fpizlo@apple.com>
23440 DFG loads from signed 8-bit and 16-bit typed arrays are broken
23441 https://bugs.webkit.org/show_bug.cgi?id=75163
23443 Reviewed by Geoffrey Garen.
23445 Added 8-bit and 16-bit signed loads. Because doing so on ARM is less trivial, I'm
23446 currently disabling Int8Array and Int16Array optimizations on ARM.
23448 * assembler/MacroAssemblerX86Common.h:
23449 (JSC::MacroAssemblerX86Common::load8Signed):
23450 (JSC::MacroAssemblerX86Common::load16Signed):
23451 * assembler/X86Assembler.h:
23452 (JSC::X86Assembler::movswl_mr):
23453 (JSC::X86Assembler::movsbl_mr):
23454 * bytecode/PredictedType.h:
23455 (JSC::isActionableMutableArrayPrediction):
23457 (JSC::DFG::Node::shouldSpeculateInt8Array):
23458 (JSC::DFG::Node::shouldSpeculateInt16Array):
23459 * dfg/DFGSpeculativeJIT.cpp:
23460 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
23462 2011-12-23 Filip Pizlo <fpizlo@apple.com>
23464 DFG does double-to-int conversion incorrectly when storing into int typed arrays
23465 https://bugs.webkit.org/show_bug.cgi?id=75164
23466 <rdar://problem/10557547>
23468 Reviewed by Geoffrey Garen.
23470 * assembler/MacroAssemblerARMv7.h:
23471 (JSC::MacroAssemblerARMv7::branchTruncateDoubleToUint32):
23472 * assembler/MacroAssemblerX86Common.h:
23473 (JSC::MacroAssemblerX86Common::branchTruncateDoubleToUint32):
23474 (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
23475 * dfg/DFGSpeculativeJIT.cpp:
23476 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
23478 2011-12-23 Geoffrey Garen <ggaren@apple.com>
23480 Refactored String.prototype.replace
23481 https://bugs.webkit.org/show_bug.cgi?id=75114
23483 Reviewed by Darin Adler.
23485 No performance difference.
23487 I think this is a step toward removing -fomit-frame-pointer.
23489 * runtime/JSString.cpp:
23490 * runtime/JSString.h: Removed the test and special case for a single-character
23491 search string because the standard path does this test and special case
23492 for us. (As an aside, if we do come up with a unique single-character
23493 replace optimization in future, it probably belongs in the replace function,
23494 and not in JSString.)
23496 * runtime/StringPrototype.cpp:
23497 (JSC::stringProtoFuncReplace): Split this mega-sized function into:
23498 (JSC::replaceUsingStringSearch): - This reasonably sized function, and
23499 (JSC::replaceUsingRegExpSearch): - This still mega-sized function.
23501 2011-12-23 Pierre Rossi <pierre.rossi@gmail.com>
23503 [Qt] REGRESSION(r103467): It broke fast/images/animated-gif-restored-from-bfcache.html
23504 https://bugs.webkit.org/show_bug.cgi?id=75087
23506 monotonicallyIncreasingTime needs to hava a higher resolution than milliseconds.
23508 Reviewed by Darin Adler.
23510 * wtf/CurrentTime.cpp:
23511 (WTF::monotonicallyIncreasingTime):
23513 2011-12-22 Filip Pizlo <fpizlo@apple.com>
23515 DFG should not speculate array even when predictions say that the base is not an array
23516 https://bugs.webkit.org/show_bug.cgi?id=75160
23517 <rdar://problem/10622646>
23518 <rdar://problem/10622649>
23520 Reviewed by Oliver Hunt.
23522 Added the ability to call slow path when the base is known to not be an array.
23523 Also rationalized the logic for deciding when the index is not an int, and
23524 cleaned up the logic for deciding when to speculate typed array.
23526 Neutral for the most part, with odd speed-ups and slow-downs. The slow-downs can
23527 likely be mitigated by having the notion of a polymorphic array access, where we
23528 try, but don't speculate, to access the array one way before either trying some
23529 other ways or calling slow path.
23531 * bytecode/PredictedType.h:
23532 (JSC::isActionableMutableArrayPrediction):
23533 (JSC::isActionableArrayPrediction):
23534 * dfg/DFGAbstractState.cpp:
23535 (JSC::DFG::AbstractState::execute):
23537 (JSC::DFG::Node::shouldSpeculateInt8Array):
23538 (JSC::DFG::Node::shouldSpeculateInt16Array):
23539 (JSC::DFG::Node::shouldSpeculateInt32Array):
23540 (JSC::DFG::Node::shouldSpeculateUint8Array):
23541 (JSC::DFG::Node::shouldSpeculateUint16Array):
23542 (JSC::DFG::Node::shouldSpeculateUint32Array):
23543 (JSC::DFG::Node::shouldSpeculateFloat32Array):
23544 (JSC::DFG::Node::shouldSpeculateFloat64Array):
23545 * dfg/DFGPropagator.cpp:
23546 (JSC::DFG::Propagator::byValIsPure):
23547 * dfg/DFGSpeculativeJIT.cpp:
23548 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
23549 * dfg/DFGSpeculativeJIT32_64.cpp:
23550 (JSC::DFG::SpeculativeJIT::compile):
23551 * dfg/DFGSpeculativeJIT64.cpp:
23552 (JSC::DFG::SpeculativeJIT::compile):
23554 2011-12-22 Gavin Barraclough <barraclough@apple.com>
23556 Unreviewed - fix stylebot issues from last patch.
23558 * runtime/JSArray.cpp:
23559 (JSC::JSArray::putSlowCase):
23561 2011-12-22 Gavin Barraclough <barraclough@apple.com>
23563 https://bugs.webkit.org/show_bug.cgi?id=75151
23564 Add attributes field to JSArray's SparseMap
23566 Reviewed by Sam Weinig.
23568 This will be necessary to be able to support non- writable/configurable/enumerable
23569 properties, and helpful for getters/setters.
23571 Added a concept of being 'inSparseMode' - this indicates the array has a non-standard
23573 * runtime/ArrayPrototype.cpp:
23574 (JSC::arrayProtoFuncSort):
23575 - JSArray::sort methods not allowed on arrays that are 'inSparseMode'.
23576 (must fall back to generic sort alogrithm).
23577 * runtime/JSArray.cpp:
23578 (JSC::JSArray::finishCreation):
23579 - moved reportedMapCapacity into the SparseArrayValueMap object.
23580 (JSC::SparseArrayValueMap::find):
23581 (JSC::SparseArrayValueMap::put):
23582 (JSC::SparseArrayValueMap::visitChildren):
23584 (JSC::JSArray::getOwnPropertySlotByIndex):
23585 (JSC::JSArray::getOwnPropertyDescriptor):
23586 (JSC::JSArray::putSlowCase):
23587 (JSC::JSArray::deletePropertyByIndex):
23588 (JSC::JSArray::getOwnPropertyNames):
23589 (JSC::JSArray::setLength):
23590 (JSC::JSArray::pop):
23591 (JSC::JSArray::visitChildren):
23592 - Updated for changes in SparseArrayValueMap.
23593 (JSC::JSArray::sortNumeric):
23594 (JSC::JSArray::sort):
23595 (JSC::JSArray::compactForSorting):
23596 - Disallow on 'SparseMode' arrays.
23597 * runtime/JSArray.h:
23598 (JSC::SparseArrayEntry::SparseArrayEntry):
23599 - An entry in the sparse array - value (WriteBarrier) + attributes.
23600 (JSC::SparseArrayValueMap::SparseArrayValueMap):
23601 (JSC::SparseArrayValueMap::sparseMode):
23602 (JSC::SparseArrayValueMap::setSparseMode):
23603 - Flags to track whether an Array is forced into SparseMode.
23604 (JSC::SparseArrayValueMap::remove):
23605 (JSC::SparseArrayValueMap::notFound):
23606 (JSC::SparseArrayValueMap::isEmpty):
23607 (JSC::SparseArrayValueMap::contains):
23608 (JSC::SparseArrayValueMap::size):
23609 (JSC::SparseArrayValueMap::begin):
23610 (JSC::SparseArrayValueMap::end):
23611 - accessors to the map
23612 (JSC::SparseArrayValueMap::take):
23613 - only for use on non-SpareMode arrays.
23614 (JSC::JSArray::inSparseMode):
23617 2011-12-22 Filip Pizlo <fpizlo@apple.com>
23619 DFG CFA sometimes generates an incorrect proof that a node is known to be a typed array
23620 https://bugs.webkit.org/show_bug.cgi?id=75150
23621 <rdar://problem/10621900>
23623 Reviewed by Gavin Barraclough.
23625 * dfg/DFGAbstractState.cpp:
23626 (JSC::DFG::AbstractState::execute):
23628 2011-12-22 Filip Pizlo <fpizlo@apple.com>
23630 DFG JIT does exactly the wrong thing when doing strict equality on two known cells
23631 https://bugs.webkit.org/show_bug.cgi?id=75138
23632 <rdar://problem/10621526>
23634 Reviewed by Oliver Hunt.
23636 * dfg/DFGSpeculativeJIT32_64.cpp:
23637 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
23638 * dfg/DFGSpeculativeJIT64.cpp:
23639 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
23641 2011-12-22 Balazs Kelemen <kbalazs@webkit.org>
23643 Fix debug build with assertions disabled
23644 https://bugs.webkit.org/show_bug.cgi?id=75075
23646 Reviewed by Darin Adler.
23648 Check whether assertions are disabled instead of NDEBUG
23649 where appropriate to avoid "defined but not used" warnings.
23651 * wtf/DateMath.cpp:
23652 (WTF::initializeDates):
23654 2011-12-22 Mariusz Grzegorczyk <mariusz.g@samsung.com>
23656 [EFL] Missing plugins support for efl port
23657 https://bugs.webkit.org/show_bug.cgi?id=44505
23659 Reviewed by Anders Carlsson.
23661 Add define of ENABLE_PLUGIN_PACKAGE_SIMPLE_HASH for efl port.
23665 2011-12-22 Wei Charles <charles.wei@torchmobile.com.cn>
23667 Remove un-used data member of LiteralParser::Lex::m_string
23668 https://bugs.webkit.org/show_bug.cgi?id=68216
23670 Reviewed by George Staikos.
23672 * runtime/LiteralParser.h:
23674 2011-12-21 Dan Bernstein <mitz@apple.com>
23676 OS X build fix after r103488.
23678 * JavaScriptCore.exp:
23680 2011-12-21 Konrad Piascik <kpiascik@rim.com>
23682 Implement the JavaScriptCore bindings for eventListenerHandlerLocation
23683 https://bugs.webkit.org/show_bug.cgi?id=74313
23685 Reviewed by Eric Seidel.
23687 Updated project files to get Windows and Mac builds working.
23689 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
23690 * JavaScriptCore.xcodeproj/project.pbxproj:
23692 2011-12-21 Filip Pizlo <fpizlo@apple.com>
23694 DFG ConvertThis optimizations do not honor the distinction between the global object and the global this object
23695 https://bugs.webkit.org/show_bug.cgi?id=75058
23696 <rdar://problem/10616612>
23697 <rdar://problem/10617500>
23699 Reviewed by Oliver Hunt.
23701 Added a call to toThisObject() in the DFG when planting a direct reference to the global this object.
23702 Instead of adding a separate toThisObject() method on JSCell which does not take ExecState*, I reascribed
23703 a new contract: if you're calling toThisObject() on JSObject or one of its subtypes, then the ExecState*
23706 * dfg/DFGAssemblyHelpers.h:
23707 (JSC::DFG::AssemblyHelpers::globalThisObjectFor):
23708 * dfg/DFGSpeculativeJIT32_64.cpp:
23709 (JSC::DFG::SpeculativeJIT::compile):
23710 * dfg/DFGSpeculativeJIT64.cpp:
23711 (JSC::DFG::SpeculativeJIT::compile):
23712 * runtime/JSObject.h:
23714 2011-12-21 Pierre Rossi <pierre.rossi@gmail.com>
23716 Implement montonicallyIncreasingClock() on Qt
23717 https://bugs.webkit.org/show_bug.cgi?id=62159
23719 Reviewed by Darin Adler.
23721 * wtf/CurrentTime.cpp:
23722 (WTF::monotonicallyIncreasingTime):
23724 2011-12-20 Filip Pizlo <fpizlo@apple.com>
23726 32_64 baseline JIT should attempt to convert division results to integers, and record when that fails
23727 https://bugs.webkit.org/show_bug.cgi?id=74997
23728 <rdar://problem/10612389>
23730 Reviewed by Gavin Barraclough.
23732 * jit/JITArithmetic32_64.cpp:
23733 (JSC::JIT::emit_op_div):
23735 2011-12-20 Filip Pizlo <fpizlo@apple.com>
23737 JavaScriptCore should be consistent about how it reads and writes ArgumentCount
23738 https://bugs.webkit.org/show_bug.cgi?id=74989
23739 <rdar://problem/10612006>
23741 Reviewed by Gavin Barraclough.
23743 * dfg/DFGJITCompiler.cpp:
23744 (JSC::DFG::JITCompiler::compileFunction):
23746 (JSC::JIT::privateCompile):
23747 * jit/JITCall32_64.cpp:
23748 (JSC::JIT::compileLoadVarargs):
23749 * jit/JITOpcodes32_64.cpp:
23750 (JSC::JIT::emit_op_get_arguments_length):
23751 (JSC::JIT::emit_op_get_argument_by_val):
23752 * jit/SpecializedThunkJIT.h:
23753 (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
23755 2011-12-20 Filip Pizlo <fpizlo@apple.com>
23757 Value Profiles for arguments should be more easily accessible to the interpreter
23758 https://bugs.webkit.org/show_bug.cgi?id=74984
23759 <rdar://problem/10611364>
23761 Reviewed by Gavin Barraclough.
23763 * bytecode/CodeBlock.cpp:
23764 (JSC::CodeBlock::stronglyVisitStrongReferences):
23765 (JSC::CodeBlock::shouldOptimizeNow):
23766 (JSC::CodeBlock::dumpValueProfiles):
23767 * bytecode/CodeBlock.h:
23768 (JSC::CodeBlock::setArgumentValueProfileSize):
23769 (JSC::CodeBlock::numberOfArgumentValueProfiles):
23770 (JSC::CodeBlock::valueProfileForArgument):
23771 (JSC::CodeBlock::addValueProfile):
23772 (JSC::CodeBlock::valueProfile):
23773 (JSC::CodeBlock::valueProfileForBytecodeOffset):
23774 (JSC::CodeBlock::totalNumberOfValueProfiles):
23775 (JSC::CodeBlock::getFromAllValueProfiles):
23776 * bytecode/ValueProfile.h:
23777 (JSC::ValueProfile::ValueProfile):
23779 (JSC::JIT::privateCompile):
23781 * jit/JITInlineMethods.h:
23782 (JSC::JIT::emitValueProfilingSite):
23784 2011-12-20 Gavin Barraclough <barraclough@apple.com>
23786 JSC shell should accept utf8 input.
23788 Reviewed by Filip Pizlo.
23794 (functionCheckSyntax):
23798 2011-12-20 Gavin Barraclough <barraclough@apple.com>
23800 Rubber Stamped by Sam Weinig
23802 * runtime/JSGlobalData.cpp:
23803 - removed some dead code.
23805 2011-12-19 Geoffrey Garen <ggaren@apple.com>
23807 Tightened up Vector<T>::append
23808 https://bugs.webkit.org/show_bug.cgi?id=74906
23810 Reviewed by Sam Weinig.
23812 Not a measurable speedup, but code inspection shows better code generated,
23813 and I believe this is a step toward turning off -fomit-frame-pointer.
23817 (WTF::::appendSlowCase): Split out the slow case into a separate function
23818 to keep unnecessary instructions off the hot path. This means the hot
23819 path can now be inlined more often.
23821 Removed some old MSVC7 cruft. Hopefully, we don't need to hang on to a
23822 compiler work-around from 2007.
23824 2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
23826 Temporary GPR should not be lazily allocated in DFG JIT on X86
23827 https://bugs.webkit.org/show_bug.cgi?id=74908
23829 Reviewed by Filip Pizlo.
23831 On X86, we used to allocate a temporary GPR lazily when it's really
23832 used rather than defined. This may cause potential issues of
23833 allocating registers inside control flow and result in problems in
23834 subsequent code generation, for example the DFG JIT may think an
23835 operand already being spilled (to satisfy the allocation request) and
23836 generate code to read the data from memory, but the allocation and
23837 spilling are in a branch which is not taken at runtime, so the
23838 generated code is incorrect.
23840 Although current DFG JIT code doesn't have this problematic pattern,
23841 it's better to cut-off the root to avoid any potential issues in the
23844 * dfg/DFGSpeculativeJIT.cpp:
23845 (JSC::DFG::GPRTemporary::GPRTemporary):
23846 * dfg/DFGSpeculativeJIT.h:
23847 (JSC::DFG::GPRTemporary::gpr):
23848 * dfg/DFGSpeculativeJIT32_64.cpp:
23849 (JSC::DFG::SpeculativeJIT::compile):
23851 2011-12-19 Yuqiang Xian <yuqiang.xian@intel.com>
23853 Remove unused code for non-speculative Arith operations from DFG JIT
23854 https://bugs.webkit.org/show_bug.cgi?id=74905
23856 Reviewed by Filip Pizlo.
23858 * dfg/DFGSpeculativeJIT.h:
23859 * dfg/DFGSpeculativeJIT32_64.cpp:
23860 * dfg/DFGSpeculativeJIT64.cpp:
23862 2011-12-19 Gavin Barraclough <barraclough@apple.com>
23864 https://bugs.webkit.org/show_bug.cgi?id=74903
23865 Exceptions not thrown correctly from DFG JIT on 32bit
23867 Reviewed by Oliver Hunt.
23869 Arguments for lookupExceptionHandler are not setup correctly.
23870 In the case of ARMv7 we rely on lr being preserved over a call,
23871 this in invalid. On x86 we don't should be poking the arguments onto the stack!
23873 * bytecode/CodeBlock.h:
23874 (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
23875 * dfg/DFGAssemblyHelpers.h:
23876 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
23877 * dfg/DFGGPRInfo.h:
23878 * dfg/DFGJITCompiler.cpp:
23879 (JSC::DFG::JITCompiler::compileBody):
23880 * dfg/DFGJITCompiler.h:
23881 (JSC::DFG::JITCompiler::addExceptionCheck):
23882 (JSC::DFG::JITCompiler::addFastExceptionCheck):
23883 * dfg/DFGOperations.cpp:
23884 * dfg/DFGOperations.h:
23886 2011-12-19 Filip Pizlo <fpizlo@apple.com>
23888 If we detect that we can use the JIT, don't use computed opcode lookups
23889 https://bugs.webkit.org/show_bug.cgi?id=74899
23890 <rdar://problem/10604551>
23892 Reviewed by Gavin Barraclough.
23894 * interpreter/Interpreter.cpp:
23895 (JSC::Interpreter::Interpreter):
23896 (JSC::Interpreter::initialize):
23897 (JSC::Interpreter::privateExecute):
23898 * interpreter/Interpreter.h:
23899 (JSC::Interpreter::getOpcode):
23900 (JSC::Interpreter::getOpcodeID):
23901 * runtime/JSGlobalData.cpp:
23902 (JSC::JSGlobalData::JSGlobalData):
23904 2011-12-19 Geoffrey Garen <ggaren@apple.com>
23906 Try to fix the Qt build.
23910 * wtf/ThreadSpecific.h: #include!
23912 2011-12-18 Filip Pizlo <fpizlo@apple.com>
23914 It should be possible to change the value of an Options variable without recompiling the world
23915 https://bugs.webkit.org/show_bug.cgi?id=74807
23917 Reviewed by Gavin Barraclough.
23919 * runtime/Options.cpp:
23920 (JSC::Options::initializeOptions):
23921 * runtime/Options.h:
23923 2011-12-19 Sheriff Bot <webkit.review.bot@gmail.com>
23925 Unreviewed, rolling out r103250.
23926 http://trac.webkit.org/changeset/103250
23927 https://bugs.webkit.org/show_bug.cgi?id=74877
23929 it still breaks codegen (Requested by olliej on #webkit).
23931 * dfg/DFGAbstractState.cpp:
23932 (JSC::DFG::AbstractState::execute):
23933 * dfg/DFGByteCodeParser.cpp:
23934 (JSC::DFG::ByteCodeParser::parseBlock):
23936 * dfg/DFGPropagator.cpp:
23937 (JSC::DFG::Propagator::propagateArithNodeFlags):
23938 (JSC::DFG::Propagator::fixupNode):
23939 (JSC::DFG::Propagator::byValIsPure):
23940 (JSC::DFG::Propagator::clobbersWorld):
23941 (JSC::DFG::Propagator::getByValLoadElimination):
23942 (JSC::DFG::Propagator::checkStructureLoadElimination):
23943 (JSC::DFG::Propagator::getByOffsetLoadElimination):
23944 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
23945 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
23946 (JSC::DFG::Propagator::performNodeCSE):
23947 * dfg/DFGSpeculativeJIT.cpp:
23948 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
23949 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
23950 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
23951 * dfg/DFGSpeculativeJIT.h:
23952 * dfg/DFGSpeculativeJIT32_64.cpp:
23953 (JSC::DFG::SpeculativeJIT::compile):
23954 * dfg/DFGSpeculativeJIT64.cpp:
23955 (JSC::DFG::SpeculativeJIT::compile):
23957 2011-12-16 Oliver Hunt <oliver@apple.com>
23959 Rolling r103120 back in with merge errors corrected.
23961 PutByVal[Alias] unnecessarily reloads the storage buffer
23962 https://bugs.webkit.org/show_bug.cgi?id=74747
23964 Reviewed by Gavin Barraclough.
23966 Make PutByVal use GetIndexedStorage to load the storage buffer.
23967 This required switching PutByVal to a vararg node (which is
23968 responsible for most of the noise in this patch). This fixes the
23969 remaining portion of the kraken regression caused by the GetByVal
23970 storage load elimination, and a 1-5% win on some of the sub tests of
23971 the typed array benchmark at:
23972 http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
23974 * dfg/DFGAbstractState.cpp:
23975 (JSC::DFG::AbstractState::execute):
23976 * dfg/DFGByteCodeParser.cpp:
23977 (JSC::DFG::ByteCodeParser::parseBlock):
23979 * dfg/DFGPropagator.cpp:
23980 (JSC::DFG::Propagator::propagateArithNodeFlags):
23981 (JSC::DFG::Propagator::fixupNode):
23982 (JSC::DFG::Propagator::byValIndexIsPure):
23983 (JSC::DFG::Propagator::clobbersWorld):
23984 (JSC::DFG::Propagator::getByValLoadElimination):
23985 (JSC::DFG::Propagator::checkStructureLoadElimination):
23986 (JSC::DFG::Propagator::getByOffsetLoadElimination):
23987 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
23988 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
23989 (JSC::DFG::Propagator::performNodeCSE):
23990 * dfg/DFGSpeculativeJIT.cpp:
23991 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
23992 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
23993 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
23994 * dfg/DFGSpeculativeJIT.h:
23995 * dfg/DFGSpeculativeJIT32_64.cpp:
23996 (JSC::DFG::SpeculativeJIT::compile):
23997 * dfg/DFGSpeculativeJIT64.cpp:
23998 (JSC::DFG::SpeculativeJIT::compile):
24000 2011-12-15 Geoffrey Garen <ggaren@apple.com>
24002 Placement new does an unnecessary NULL check
24003 https://bugs.webkit.org/show_bug.cgi?id=74676
24005 Reviewed by Sam Weinig.
24007 We can define our own version, which skips the NULL check.
24009 Not a measurable speedup, but code inspection shows better code generated,
24010 and I believe this is a step toward turning off -fomit-frame-pointer.
24012 * API/JSCallbackConstructor.h:
24013 (JSC::JSCallbackConstructor::create):
24014 * API/JSCallbackFunction.h:
24015 (JSC::JSCallbackFunction::create): Use the NotNull version of placement
24016 new to skip the NULL check.
24018 * API/JSCallbackObject.h: Removed a conflicting, unnecessaray placement new.
24020 (JSC::JSCallbackObject::create):
24021 * debugger/DebuggerActivation.h:
24022 (JSC::DebuggerActivation::create):
24023 * heap/HandleHeap.cpp:
24024 (JSC::HandleHeap::grow):
24025 * heap/HandleHeap.h:
24026 (JSC::HandleHeap::allocate):
24027 * heap/MarkedBlock.cpp:
24028 (JSC::MarkedBlock::create):
24029 (JSC::MarkedBlock::recycle):
24031 (JSC::JITCode::clear):
24033 (GlobalObject::create):
24034 * profiler/CallIdentifier.h:
24035 * runtime/Arguments.h:
24036 (JSC::Arguments::create):
24037 * runtime/ArrayConstructor.h:
24038 (JSC::ArrayConstructor::create):
24039 * runtime/ArrayPrototype.h:
24040 (JSC::ArrayPrototype::create):
24041 * runtime/BooleanConstructor.h:
24042 (JSC::BooleanConstructor::create):
24043 * runtime/BooleanObject.h:
24044 (JSC::BooleanObject::create):
24045 * runtime/BooleanPrototype.h:
24046 (JSC::BooleanPrototype::create):
24047 * runtime/DateConstructor.h:
24048 (JSC::DateConstructor::create):
24049 * runtime/DateInstance.h:
24050 (JSC::DateInstance::create):
24051 * runtime/DatePrototype.h:
24052 (JSC::DatePrototype::create):
24054 (JSC::StrictModeTypeErrorFunction::create):
24055 * runtime/ErrorConstructor.h:
24056 (JSC::ErrorConstructor::create):
24057 * runtime/ErrorInstance.h:
24058 (JSC::ErrorInstance::create):
24059 * runtime/ErrorPrototype.h:
24060 (JSC::ErrorPrototype::create):
24061 * runtime/ExceptionHelpers.h:
24062 (JSC::InterruptedExecutionError::create):
24063 (JSC::TerminatedExecutionError::create):
24064 * runtime/Executable.h:
24065 (JSC::NativeExecutable::create):
24066 (JSC::EvalExecutable::create):
24067 (JSC::ProgramExecutable::create):
24068 (JSC::FunctionExecutable::create):
24069 * runtime/FunctionConstructor.h:
24070 (JSC::FunctionConstructor::create):
24071 * runtime/FunctionPrototype.h:
24072 (JSC::FunctionPrototype::create):
24073 * runtime/GetterSetter.h:
24074 (JSC::GetterSetter::create):
24075 * runtime/JSAPIValueWrapper.h:
24076 (JSC::JSAPIValueWrapper::create):
24077 * runtime/JSActivation.h:
24078 (JSC::JSActivation::create):
24079 * runtime/JSArray.h:
24080 (JSC::JSArray::create):
24081 * runtime/JSBoundFunction.cpp:
24082 (JSC::JSBoundFunction::create):
24083 * runtime/JSByteArray.h:
24084 (JSC::JSByteArray::create): Use the NotNull version of placement
24085 new to skip the NULL check.
24087 * runtime/JSCell.h: Removed a conflicting, unnecessaray placement new.
24089 * runtime/JSFunction.cpp:
24090 (JSC::JSFunction::create):
24091 * runtime/JSFunction.h:
24092 (JSC::JSFunction::create):
24093 * runtime/JSGlobalObject.h:
24094 (JSC::JSGlobalObject::create):
24095 * runtime/JSGlobalThis.h:
24096 (JSC::JSGlobalThis::create):
24097 * runtime/JSNotAnObject.h:
24098 (JSC::JSNotAnObject::create):
24099 * runtime/JSONObject.h:
24100 (JSC::JSONObject::create):
24101 * runtime/JSObject.h:
24102 (JSC::JSFinalObject::create):
24103 * runtime/JSPropertyNameIterator.cpp:
24104 (JSC::JSPropertyNameIterator::create):
24105 * runtime/JSPropertyNameIterator.h:
24106 (JSC::JSPropertyNameIterator::create):
24107 * runtime/JSStaticScopeObject.h:
24108 (JSC::JSStaticScopeObject::create):
24109 * runtime/JSString.cpp:
24110 (JSC::StringObject::create):
24111 * runtime/JSString.h:
24112 (JSC::RopeBuilder::createNull):
24113 (JSC::RopeBuilder::create):
24114 (JSC::RopeBuilder::createHasOtherOwner):
24115 * runtime/MathObject.h:
24116 (JSC::MathObject::create):
24117 * runtime/NativeErrorConstructor.h:
24118 (JSC::NativeErrorConstructor::create):
24119 * runtime/NativeErrorPrototype.h:
24120 (JSC::NativeErrorPrototype::create):
24121 * runtime/NumberConstructor.h:
24122 (JSC::NumberConstructor::create):
24123 * runtime/NumberObject.h:
24124 (JSC::NumberObject::create):
24125 * runtime/NumberPrototype.h:
24126 (JSC::NumberPrototype::create):
24127 * runtime/ObjectConstructor.h:
24128 (JSC::ObjectConstructor::create):
24129 * runtime/ObjectPrototype.h:
24130 (JSC::ObjectPrototype::create):
24131 * runtime/RegExp.cpp:
24132 (JSC::RegExp::createWithoutCaching):
24133 * runtime/RegExpConstructor.h:
24134 (JSC::RegExpConstructor::create):
24135 * runtime/RegExpMatchesArray.h:
24136 (JSC::RegExpMatchesArray::create):
24137 * runtime/RegExpObject.h:
24138 (JSC::RegExpObject::create):
24139 * runtime/RegExpPrototype.h:
24140 (JSC::RegExpPrototype::create):
24141 * runtime/ScopeChain.h:
24142 (JSC::ScopeChainNode::create):
24143 * runtime/StrictEvalActivation.h:
24144 (JSC::StrictEvalActivation::create):
24145 * runtime/StringConstructor.h:
24146 (JSC::StringConstructor::create):
24147 * runtime/StringObject.h:
24148 (JSC::StringObject::create):
24149 * runtime/StringPrototype.h:
24150 (JSC::StringPrototype::create):
24151 * runtime/Structure.h:
24152 (JSC::Structure::create):
24153 (JSC::Structure::createStructure):
24154 * runtime/StructureChain.h:
24155 (JSC::StructureChain::create):
24157 (GlobalObject::create):
24158 * wtf/BitVector.cpp:
24159 (WTF::BitVector::OutOfLineBits::create): Use the NotNull version of placement
24160 new to skip the NULL check.
24162 * wtf/BumpPointerAllocator.h:
24163 (WTF::BumpPointerPool::create): Standardized spacing to make grep easier.
24165 * wtf/ByteArray.cpp:
24166 (WTF::ByteArray::create):
24169 (WTF::::prepend): Use NotNull, as above.
24171 * wtf/FastAllocBase.h: Added a placement new, since this class would otherwise
24172 hide the name of the global placement new.
24174 (WTF::fastNew): Standardized spacing. Most of these functions don't need
24175 NotNull, since they check for NULL, and the optimizer can see that.
24178 * wtf/HashTraits.h:
24179 (WTF::SimpleClassHashTraits::constructDeletedValue):
24180 * wtf/MetaAllocator.cpp:
24181 (WTF::MetaAllocator::allocFreeSpaceNode): NotNull, as above.
24183 * wtf/StdLibExtras.h:
24184 (throw): This is our NotNull placement new. Declaring that we throw is
24185 the C++ way to say that operator new will not return NULL.
24187 * wtf/ThreadSpecific.h:
24191 (WTF::::tryAppend):
24192 (WTF::::uncheckedAppend):
24194 * wtf/text/AtomicStringHash.h:
24195 * wtf/text/StringImpl.cpp:
24196 (WTF::StringImpl::createUninitialized):
24197 (WTF::StringImpl::reallocate):
24198 * wtf/text/StringImpl.h:
24199 (WTF::StringImpl::tryCreateUninitialized):
24200 * wtf/text/StringStatics.cpp:
24201 (WTF::AtomicString::init): Use NotNull, as above.
24203 * yarr/YarrInterpreter.cpp:
24204 (JSC::Yarr::Interpreter::allocDisjunctionContext):
24205 (JSC::Yarr::Interpreter::ParenthesesDisjunctionContext::ParenthesesDisjunctionContext):
24206 (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Standardized
24207 spacing for easy grep.
24209 2011-12-19 Eric Carlson <eric.carlson@apple.com>
24211 Enable <track> for Mac build
24212 https://bugs.webkit.org/show_bug.cgi?id=74838
24214 Reviewed by Darin Adler.
24218 2011-12-18 Filip Pizlo <fpizlo@apple.com>
24220 DFG is too sloppy with register allocation
24221 https://bugs.webkit.org/show_bug.cgi?id=74835
24223 Reviewed by Gavin Barraclough.
24225 Added assertions that at the end of a successfully generated basic block,
24226 all use counts should be zero. This revealed a number of bugs:
24228 - Array length optimizations were turning a must-generate node into one
24229 that is not must-generate, but failing to change the ref count
24232 - Indexed property storage optimizations were failing to deref their
24233 children, or to deref the indexed property storage node itself. Also,
24234 they used the Phantom node as a replacement. But the Phantom node is
24235 must-generate, which was causing bizarre issues. So this introduces a
24236 Nop node, which should be used in cases where you want a node that is
24237 skipped and has no children.
24239 This does not have any significant performance effect, but it should
24240 relieve some register pressure. The main thing this patch adds, though,
24241 are the assertions, which should make it easier to do register allocation
24242 related changes in the future.
24244 * dfg/DFGAbstractState.cpp:
24245 (JSC::DFG::AbstractState::execute):
24246 * dfg/DFGGenerationInfo.h:
24247 (JSC::DFG::GenerationInfo::initConstant):
24248 (JSC::DFG::GenerationInfo::initInteger):
24249 (JSC::DFG::GenerationInfo::initJSValue):
24250 (JSC::DFG::GenerationInfo::initCell):
24251 (JSC::DFG::GenerationInfo::initBoolean):
24252 (JSC::DFG::GenerationInfo::initDouble):
24253 (JSC::DFG::GenerationInfo::initStorage):
24254 (JSC::DFG::GenerationInfo::use):
24256 (JSC::DFG::Graph::clearAndDerefChild1):
24257 (JSC::DFG::Graph::clearAndDerefChild2):
24258 (JSC::DFG::Graph::clearAndDerefChild3):
24260 (JSC::DFG::Node::deref):
24261 * dfg/DFGPropagator.cpp:
24262 (JSC::DFG::Propagator::propagateNodePredictions):
24263 (JSC::DFG::Propagator::fixupNode):
24264 * dfg/DFGSpeculativeJIT.cpp:
24265 (JSC::DFG::SpeculativeJIT::compile):
24266 * dfg/DFGSpeculativeJIT32_64.cpp:
24267 (JSC::DFG::SpeculativeJIT::compile):
24268 * dfg/DFGSpeculativeJIT64.cpp:
24269 (JSC::DFG::SpeculativeJIT::compile):
24271 2011-12-18 Benjamin Poulain <bpoulain@apple.com>
24273 Remove the duplicated code from ASCIICType.h
24274 https://bugs.webkit.org/show_bug.cgi?id=74771
24276 Reviewed by Andreas Kling.
24278 Use isASCIIDigit() and isASCIIAlpha() instead of copying the code.
24280 * wtf/ASCIICType.h:
24281 (WTF::isASCIIDigit):
24282 (WTF::isASCIIAlphanumeric):
24283 (WTF::isASCIIHexDigit):
24285 2011-12-18 Anders Carlsson <andersca@apple.com>
24287 Set the main frame view scroll position asynchronously
24288 https://bugs.webkit.org/show_bug.cgi?id=74823
24290 Reviewed by Sam Weinig.
24292 * JavaScriptCore.exp:
24294 2011-12-10 Andreas Kling <kling@webkit.org>
24296 OpaqueJSClass: Remove RVCT2 workarounds.
24297 <http://webkit.org/b/74250>
24299 Reviewed by Benjamin Poulain.
24301 We no longer need workarounds for the RVCT2 compiler since it was
24302 only used for the Symbian port of WebKit which is now defunct.
24304 * API/JSClassRef.cpp:
24305 (OpaqueJSClass::OpaqueJSClass):
24306 (OpaqueJSClassContextData::OpaqueJSClassContextData):
24308 2011-12-16 Benjamin Poulain <bpoulain@apple.com>
24310 Remove the duplicated code from ASCIICType.h
24311 https://bugs.webkit.org/show_bug.cgi?id=74771
24313 Reviewed by Andreas Kling.
24315 The functions were sharing similar code and were defined for the various input types.
24316 Use templates instead to avoid code duplication.
24318 * wtf/ASCIICType.h:
24320 (WTF::isASCIIAlpha):
24321 (WTF::isASCIIAlphanumeric):
24322 (WTF::isASCIIDigit):
24323 (WTF::isASCIIHexDigit):
24324 (WTF::isASCIILower):
24325 (WTF::isASCIIOctalDigit):
24326 (WTF::isASCIIPrintable):
24327 (WTF::isASCIISpace):
24328 (WTF::isASCIIUpper):
24329 (WTF::toASCIILower):
24330 (WTF::toASCIIUpper):
24331 (WTF::toASCIIHexValue):
24332 (WTF::lowerNibbleToASCIIHexDigit):
24333 (WTF::upperNibbleToASCIIHexDigit):
24335 2011-12-16 Filip Pizlo <fpizlo@apple.com>
24337 DFG OSR exit may get confused about where in the scratch buffer it stored a value
24338 https://bugs.webkit.org/show_bug.cgi?id=74695
24340 Reviewed by Oliver Hunt.
24342 The code that reads from the scratch buffer now explicitly knows which locations to
24343 read from. No new tests, since this patch covers a case so uncommon that I don't know
24344 how to make a test for it.
24346 * dfg/DFGOSRExitCompiler.h:
24347 (JSC::DFG::OSRExitCompiler::badIndex):
24348 (JSC::DFG::OSRExitCompiler::initializePoisoned):
24349 (JSC::DFG::OSRExitCompiler::poisonIndex):
24350 * dfg/DFGOSRExitCompiler32_64.cpp:
24351 (JSC::DFG::OSRExitCompiler::compileExit):
24352 * dfg/DFGOSRExitCompiler64.cpp:
24353 (JSC::DFG::OSRExitCompiler::compileExit):
24355 2011-12-16 Oliver Hunt <oliver@apple.com>
24357 PutByVal[Alias] unnecessarily reloads the storage buffer
24358 https://bugs.webkit.org/show_bug.cgi?id=74747
24360 Reviewed by Gavin Barraclough.
24362 Make PutByVal use GetIndexedStorage to load the storage buffer.
24363 This required switching PutByVal to a vararg node (which is
24364 responsible for most of the noise in this patch). This fixes the
24365 remaining portion of the kraken regression caused by the GetByVal
24366 storage load elimination, and a 1-5% win on some of the sub tests of
24367 the typed array benchmark at:
24368 http://stepheneb.github.com/webgl-matrix-benchmarks/matrix_benchmark.html
24370 * dfg/DFGAbstractState.cpp:
24371 (JSC::DFG::AbstractState::execute):
24372 * dfg/DFGByteCodeParser.cpp:
24373 (JSC::DFG::ByteCodeParser::parseBlock):
24375 * dfg/DFGPropagator.cpp:
24376 (JSC::DFG::Propagator::propagateArithNodeFlags):
24377 (JSC::DFG::Propagator::fixupNode):
24378 (JSC::DFG::Propagator::byValIndexIsPure):
24379 (JSC::DFG::Propagator::clobbersWorld):
24380 (JSC::DFG::Propagator::getByValLoadElimination):
24381 (JSC::DFG::Propagator::checkStructureLoadElimination):
24382 (JSC::DFG::Propagator::getByOffsetLoadElimination):
24383 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
24384 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
24385 (JSC::DFG::Propagator::performNodeCSE):
24386 * dfg/DFGSpeculativeJIT.cpp:
24387 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
24388 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
24389 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
24390 * dfg/DFGSpeculativeJIT.h:
24391 * dfg/DFGSpeculativeJIT32_64.cpp:
24392 (JSC::DFG::SpeculativeJIT::compile):
24393 * dfg/DFGSpeculativeJIT64.cpp:
24394 (JSC::DFG::SpeculativeJIT::compile):
24396 2011-12-16 Daniel Bates <dbates@rim.com>
24398 Include BlackBerryPlatformLog.h instead of BlackBerryPlatformMisc.h
24400 Rubber-stamped by Antonio Gomes.
24402 BlackBerry::Platform::logV() is declared in BlackBerryPlatformLog.h. That is, it isn't
24403 declared in BlackBerryPlatformMisc.h. Hence, we should include BlackBerryPlatformLog.h
24404 instead of BlackBerryPlatformMisc.h.
24406 * wtf/Assertions.cpp:
24408 2011-12-16 Mark Hahnenberg <mhahnenberg@apple.com>
24410 De-virtualize destructors
24411 https://bugs.webkit.org/show_bug.cgi?id=74331
24413 Reviewed by Geoffrey Garen.
24415 This is a megapatch which frees us from the chains of virtual destructors.
24417 In order to remove the virtual destructors, which are the last of the virtual
24418 functions, from the JSCell hierarchy, we need to add the ClassInfo pointer to
24419 the cell rather than to the structure because in order to be able to lazily call
24420 the static destroy() functions that will replace the virtual destructors, we
24421 need to be able to access the ClassInfo without the danger of the object's
24422 Structure being collected before the object itself.
24424 After adding the ClassInfo to the cell, we can then begin to remove our use
24425 of vptrs for optimizations within the JIT and the GC. When we have removed
24426 all of the stored vptrs from JSGlobalData, we can then also remove all of
24427 the related VPtrStealingHack code.
24429 The replacement for virtual destructors will be to add a static destroy function
24430 pointer to the MethodTable stored in ClassInfo. Any subclass of JSCell that has
24431 a non-trivial destructor will require its own static destroy function to static
24432 call its corresponding destructor, which will now be non-virtual. In future
24433 patches we will slowly move away from destructors altogether as we make more and
24434 more objects backed by GC memory rather than malloc-ed memory. The GC will now
24435 call the static destroy method rather than the virtual destructor.
24437 As we go through the hierarchy and add static destroy functions to classes,
24438 we will also add a new assert, ASSERT_HAS_TRIVIAL_DESTRUCTOR, to those classes
24439 to which it applies. The future goal is to eventually have every class have that assert.
24441 * API/JSCallbackConstructor.cpp:
24442 (JSC::JSCallbackConstructor::destroy): Add a destroy function to statically call
24443 ~JSCallbackConstructor because it has some extra destruction logic.
24444 * API/JSCallbackConstructor.h:
24445 * API/JSCallbackFunction.cpp: Add trivial destructor assert for JSCallbackFunction.
24446 * API/JSCallbackObject.cpp: Add a destroy function to statically call ~JSCallbackObject
24447 because it has a member OwnPtr that needs destruction.
24449 * API/JSCallbackObject.h:
24450 * JavaScriptCore.exp: Add/remove necessary symbols for JSC.
24451 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Same for Windows symbols.
24452 * debugger/DebuggerActivation.cpp: DebuggerActivation, for some strange reason, didn't
24453 have its own ClassInfo despite the fact that it overrides a number of MethodTable
24454 methods. Added the ClassInfo, along with an assertion that its destructor is trivial.
24455 * debugger/DebuggerActivation.h:
24456 * dfg/DFGOperations.cpp: Remove global data first argument to isJSArray, isJSByteArray,
24457 isJSString, as it is no longer necessary.
24458 (JSC::DFG::putByVal):
24459 * dfg/DFGRepatch.cpp: Ditto. Also remove uses of jsArrayVPtr in favor of using the
24460 JSArray ClassInfo pointer.
24461 (JSC::DFG::tryCacheGetByID):
24462 * dfg/DFGSpeculativeJIT.cpp: Replace uses of the old vptrs with new ClassInfo
24463 comparisons since we don't have vptrs anymore.
24464 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
24465 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
24466 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
24467 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
24468 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
24469 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
24470 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
24471 (JSC::DFG::SpeculativeJIT::compare):
24472 (JSC::DFG::SpeculativeJIT::compileStrictEq):
24473 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
24474 * dfg/DFGSpeculativeJIT.h: Ditto.
24475 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
24476 * dfg/DFGSpeculativeJIT32_64.cpp: Ditto.
24477 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
24478 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
24479 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
24480 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
24481 (JSC::DFG::SpeculativeJIT::emitBranch):
24482 (JSC::DFG::SpeculativeJIT::compile):
24483 * dfg/DFGSpeculativeJIT64.cpp: Ditto.
24484 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
24485 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
24486 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
24487 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
24488 (JSC::DFG::SpeculativeJIT::emitBranch):
24489 (JSC::DFG::SpeculativeJIT::compile):
24490 * heap/Heap.cpp: Remove all uses of vptrs in GC optimizations and replace them with
24491 ClassInfo comparisons.
24493 * heap/MarkStack.cpp: Ditto.
24494 (JSC::MarkStackThreadSharedData::markingThreadMain):
24495 (JSC::visitChildren):
24496 (JSC::SlotVisitor::drain):
24497 * heap/MarkStack.h: Ditto.
24498 (JSC::MarkStack::MarkStack):
24499 * heap/MarkedBlock.cpp: Ditto.
24500 (JSC::MarkedBlock::callDestructor):
24501 (JSC::MarkedBlock::specializedSweep):
24502 * heap/MarkedBlock.h: Ditto.
24503 * heap/SlotVisitor.h: Ditto.
24504 (JSC::SlotVisitor::SlotVisitor):
24505 * heap/VTableSpectrum.cpp: Now that we don't have vptrs, we can't count them.
24506 We'll have to rename this class and make it use ClassInfo ptrs in a future patch.
24507 (JSC::VTableSpectrum::count):
24508 * interpreter/Interpreter.cpp: Remove all global data arguments from isJSArray,
24510 (JSC::loadVarargs):
24511 (JSC::Interpreter::tryCacheGetByID):
24512 (JSC::Interpreter::privateExecute):
24513 * jit/JIT.h: Remove vptr argument from emitAllocateBasicJSObject
24514 * jit/JITInlineMethods.h: Remove vptr planting, and add ClassInfo planting,
24515 remove all vtable related code.
24516 (JSC::JIT::emitLoadCharacterString):
24517 (JSC::JIT::emitAllocateBasicJSObject):
24518 (JSC::JIT::emitAllocateJSFinalObject):
24519 (JSC::JIT::emitAllocateJSFunction):
24520 * jit/JITOpcodes.cpp: Replace vptr related branch code with corresponding ClassInfo.
24521 (JSC::JIT::privateCompileCTIMachineTrampolines):
24522 (JSC::JIT::emit_op_to_primitive):
24523 (JSC::JIT::emit_op_convert_this):
24524 * jit/JITOpcodes32_64.cpp: Ditto.
24525 (JSC::JIT::privateCompileCTIMachineTrampolines):
24526 (JSC::JIT::emit_op_to_primitive):
24527 (JSC::JIT::emitSlow_op_eq):
24528 (JSC::JIT::emitSlow_op_neq):
24529 (JSC::JIT::compileOpStrictEq):
24530 (JSC::JIT::emit_op_convert_this):
24531 * jit/JITPropertyAccess.cpp: Ditto.
24532 (JSC::JIT::stringGetByValStubGenerator):
24533 (JSC::JIT::emit_op_get_by_val):
24534 (JSC::JIT::emitSlow_op_get_by_val):
24535 (JSC::JIT::emit_op_put_by_val):
24536 (JSC::JIT::privateCompilePutByIdTransition):
24537 (JSC::JIT::privateCompilePatchGetArrayLength):
24538 * jit/JITPropertyAccess32_64.cpp: Ditto.
24539 (JSC::JIT::stringGetByValStubGenerator):
24540 (JSC::JIT::emit_op_get_by_val):
24541 (JSC::JIT::emitSlow_op_get_by_val):
24542 (JSC::JIT::emit_op_put_by_val):
24543 (JSC::JIT::privateCompilePatchGetArrayLength):
24544 * jit/JITStubs.cpp: Remove global data argument from isJSString, etc.
24545 (JSC::JITThunks::tryCacheGetByID):
24546 (JSC::DEFINE_STUB_FUNCTION):
24547 * jit/SpecializedThunkJIT.h: Replace vptr related stuff with ClassInfo stuff.
24548 (JSC::SpecializedThunkJIT::loadJSStringArgument):
24549 * runtime/ArrayConstructor.cpp: Add trivial destructor assert.
24550 * runtime/ArrayPrototype.cpp: Remove global data argument from isJSArray.
24551 (JSC::arrayProtoFuncToString):
24552 (JSC::arrayProtoFuncJoin):
24553 (JSC::arrayProtoFuncPop):
24554 (JSC::arrayProtoFuncPush):
24555 (JSC::arrayProtoFuncShift):
24556 (JSC::arrayProtoFuncSplice):
24557 (JSC::arrayProtoFuncUnShift):
24558 (JSC::arrayProtoFuncFilter):
24559 (JSC::arrayProtoFuncMap):
24560 (JSC::arrayProtoFuncEvery):
24561 (JSC::arrayProtoFuncForEach):
24562 (JSC::arrayProtoFuncSome):
24563 (JSC::arrayProtoFuncReduce):
24564 (JSC::arrayProtoFuncReduceRight):
24565 * runtime/BooleanConstructor.cpp: Add trivial destructor assert.
24566 * runtime/BooleanObject.cpp: Ditto.
24567 * runtime/BooleanPrototype.cpp: Ditto.
24568 * runtime/ClassInfo.h: Add destroy function pointer to MethodTable.
24569 * runtime/DateConstructor.cpp: Add trivial destructor assert.
24570 * runtime/DateInstance.cpp: Add destroy function for DateInstance because it has a RefPtr
24571 that needs destruction.
24572 (JSC::DateInstance::destroy):
24573 * runtime/DateInstance.h:
24574 * runtime/Error.cpp: Ditto (because of UString member).
24575 (JSC::StrictModeTypeErrorFunction::destroy):
24577 * runtime/ErrorConstructor.cpp: Add trivial destructor assert.
24578 * runtime/ErrorInstance.cpp: Ditto.
24579 * runtime/ExceptionHelpers.cpp: Ditto.
24580 * runtime/Executable.cpp: Add destroy functions for ExecutableBase and subclasses.
24581 (JSC::ExecutableBase::destroy):
24582 (JSC::NativeExecutable::destroy):
24583 (JSC::ScriptExecutable::destroy):
24584 (JSC::EvalExecutable::destroy):
24585 (JSC::ProgramExecutable::destroy):
24586 (JSC::FunctionExecutable::destroy):
24587 * runtime/Executable.h:
24588 * runtime/FunctionConstructor.cpp: Add trivial destructor assert.
24589 * runtime/FunctionPrototype.cpp: Ditto. Also remove global data first arg from isJSArray.
24590 (JSC::functionProtoFuncApply):
24591 * runtime/GetterSetter.cpp: Ditto.
24592 * runtime/InitializeThreading.cpp: Remove call to JSGlobalData::storeVPtrs since it no
24594 (JSC::initializeThreadingOnce):
24595 * runtime/InternalFunction.cpp: Remove vtableAnchor function, add trivial destructor assert,
24596 remove first arg from isJSString.
24597 (JSC::InternalFunction::displayName):
24598 * runtime/InternalFunction.h: Remove VPtrStealingHack.
24599 * runtime/JSAPIValueWrapper.cpp: Add trivial destructor assert.
24600 * runtime/JSArray.cpp: Add static destroy to call ~JSArray. Replace vptr checks in
24601 destructor with ClassInfo checks.
24602 (JSC::JSArray::~JSArray):
24603 (JSC::JSArray::destroy):
24604 * runtime/JSArray.h: Remove VPtrStealingHack. Remove globalData argument from isJSArray
24605 and change them to check the ClassInfo rather than the vptrs.
24607 * runtime/JSBoundFunction.cpp: Add trival destructor assert. Remove first arg from isJSArray.
24608 (JSC::boundFunctionCall):
24609 (JSC::boundFunctionConstruct):
24610 * runtime/JSByteArray.cpp: Add static destroy function, replace vptr checks with ClassInfo checks.
24611 (JSC::JSByteArray::~JSByteArray):
24612 (JSC::JSByteArray::destroy):
24613 * runtime/JSByteArray.h: Remove VPtrStealingHack code.
24614 (JSC::isJSByteArray):
24615 * runtime/JSCell.cpp: Add trivial destructor assert. Add static destroy function.
24616 (JSC::JSCell::destroy):
24617 * runtime/JSCell.h: Remove VPtrStealingHack code. Add function for returning the offset
24618 of the ClassInfo pointer in the object for use by the JIT. Add the ClassInfo pointer to
24619 the JSCell itself, and grab it from the Structure. Remove the vptr and setVPtr functions,
24620 as they are no longer used. Add a validatedClassInfo function to JSCell for any clients
24621 that want to verify, while in Debug mode, that the ClassInfo contained in the cell is the
24622 same one as that contained in the Structure. This isn't used too often, because most of
24623 the places where we compare the ClassInfo to things can be called during destruction.
24624 Since the Structure is unreliable during the phase when destructors are being called,
24625 we can't call validatedClassInfo.
24626 (JSC::JSCell::classInfoOffset):
24627 (JSC::JSCell::structure):
24628 (JSC::JSCell::classInfo):
24629 * runtime/JSFunction.cpp: Remove VPtrStealingHack code. Add static destroy, remove vtableAnchor,
24630 remove first arg from call to isJSString.
24631 (JSC::JSFunction::destroy):
24632 (JSC::JSFunction::displayName):
24633 * runtime/JSFunction.h:
24634 * runtime/JSGlobalData.cpp: Remove all VPtr stealing code and storage, including storeVPtrs,
24635 as these vptrs are no longer needed in the codebase.
24636 * runtime/JSGlobalData.h:
24637 (JSC::TypedArrayDescriptor::TypedArrayDescriptor): Changed the TypedArrayDescriptor to use
24638 ClassInfo rather than the vptr.
24639 * runtime/JSGlobalObject.cpp: Add static destroy function.
24640 (JSC::JSGlobalObject::destroy):
24641 * runtime/JSGlobalObject.h:
24642 * runtime/JSGlobalThis.cpp: Add trivial destructor assert.
24643 * runtime/JSNotAnObject.cpp: Ditto.
24644 * runtime/JSONObject.cpp: Ditto. Remove first arg from isJSArray calls.
24645 (JSC::Stringifier::Holder::appendNextProperty):
24646 (JSC::Walker::walk):
24647 * runtime/JSObject.cpp:
24648 (JSC::JSFinalObject::destroy):
24649 (JSC::JSNonFinalObject::destroy):
24650 (JSC::JSObject::destroy):
24651 * runtime/JSObject.h: Add trivial destructor assert for JSObject, remove vtableAnchor
24652 from JSNonFinalObject and JSFinalObject, add static destroy for JSFinalObject and
24653 JSNonFinalObject, add isJSFinalObject utility function similar to isJSArray, remove all VPtrStealingHack code.
24654 (JSC::JSObject::finishCreation):
24655 (JSC::JSNonFinalObject::finishCreation):
24656 (JSC::JSFinalObject::finishCreation):
24657 (JSC::isJSFinalObject):
24658 * runtime/JSPropertyNameIterator.cpp: Add static destroy.
24659 (JSC::JSPropertyNameIterator::destroy):
24660 * runtime/JSPropertyNameIterator.h:
24661 * runtime/JSStaticScopeObject.cpp: Ditto.
24662 (JSC::JSStaticScopeObject::destroy):
24663 * runtime/JSStaticScopeObject.h: Ditto.
24664 * runtime/JSString.cpp:
24665 (JSC::JSString::destroy):
24666 * runtime/JSString.h: Ditto. Remove VPtrStealingHack code. Also remove fixupVPtr code,
24667 since we no longer need to fixup vptrs.
24668 (JSC::jsSingleCharacterString):
24669 (JSC::jsSingleCharacterSubstring):
24670 (JSC::jsNontrivialString):
24672 (JSC::jsSubstring8):
24673 (JSC::jsSubstring):
24674 (JSC::jsOwnedString):
24675 (JSC::jsStringBuilder):
24677 * runtime/JSVariableObject.cpp:
24678 (JSC::JSVariableObject::destroy):
24679 * runtime/JSVariableObject.h: Ditto.
24680 * runtime/JSWrapperObject.cpp:
24681 * runtime/JSWrapperObject.h: Add trivial destructor assert.
24682 * runtime/MathObject.cpp: Ditto.
24683 * runtime/NativeErrorConstructor.cpp: Ditto.
24684 * runtime/NumberConstructor.cpp: Ditto.
24685 * runtime/NumberObject.cpp: Ditto.
24686 * runtime/NumberPrototype.cpp: Ditto.
24687 * runtime/ObjectConstructor.cpp: Ditto.
24688 * runtime/ObjectPrototype.cpp: Ditto.
24689 * runtime/Operations.h: Remove calls to fixupVPtr, remove first arg to isJSString.
24693 * runtime/RegExp.cpp: Add static destroy.
24694 (JSC::RegExp::destroy):
24695 * runtime/RegExp.h:
24696 * runtime/RegExpConstructor.cpp: Add static destroy for RegExpConstructor and RegExpMatchesArray.
24697 (JSC::RegExpConstructor::destroy):
24698 (JSC::RegExpMatchesArray::destroy):
24699 * runtime/RegExpConstructor.h:
24700 * runtime/RegExpMatchesArray.h:
24701 * runtime/RegExpObject.cpp: Add static destroy.
24702 (JSC::RegExpObject::destroy):
24703 * runtime/RegExpObject.h:
24704 * runtime/ScopeChain.cpp: Add trivial destructor assert.
24705 * runtime/ScopeChain.h:
24706 * runtime/StrictEvalActivation.cpp: Ditto.
24707 * runtime/StringConstructor.cpp:
24708 * runtime/StringObject.cpp: Ditto. Remove vtableAnchor.
24709 * runtime/StringObject.h:
24710 * runtime/StringPrototype.cpp: Ditto.
24711 * runtime/Structure.cpp: Add static destroy.
24712 (JSC::Structure::destroy):
24713 * runtime/Structure.h: Move JSCell::finishCreation and JSCell constructor into Structure.h
24714 because they need to have the full Structure type to access the ClassInfo to store in the JSCell.
24715 (JSC::JSCell::setStructure):
24716 (JSC::JSCell::validatedClassInfo):
24717 (JSC::JSCell::JSCell):
24718 (JSC::JSCell::finishCreation):
24719 * runtime/StructureChain.cpp: Add static destroy.
24720 (JSC::StructureChain::destroy):
24721 * runtime/StructureChain.h:
24722 * wtf/Assertions.h: Add new assertion ASSERT_HAS_TRIVIAL_DESTRUCTOR, which uses clangs
24723 ability to tell us when a class has a trivial destructor. We will use this assert
24724 more in future patches as we move toward having all JSC objects backed by GC memory,
24725 which means moving away from using destructors/finalizers.
24727 2011-12-15 Martin Robinson <mrobinson@igalia.com>
24729 Fix 'make dist' in preparation for the GTK+ release.
24731 * GNUmakefile.list.am: Add missing header.
24733 2011-12-15 Sam Weinig <sam@webkit.org>
24735 <rdar://problem/10552550> JavaScriptCore uses obsolete 'cpy' mnemonic in ARM assembly
24737 Reviewed by Gavin Barraclough.
24739 Original patch by Jim Grosbach.
24741 * jit/JITStubs.cpp:
24742 (JSC::ctiTrampoline):
24743 (JSC::ctiVMThrowTrampoline):
24744 Replace uses of the 'cpy' mnemonic with 'mov'.
24746 2011-12-15 Filip Pizlo <fpizlo@apple.com>
24748 Value profiling should distinguished between NaN and non-NaN doubles
24749 https://bugs.webkit.org/show_bug.cgi?id=74682
24751 Reviewed by Gavin Barraclough.
24753 Added PredictDoubleReal and PredictDoubleNaN. PredictDouble is now the union
24756 * bytecode/PredictedType.cpp:
24757 (JSC::predictionToString):
24758 (JSC::predictionFromValue):
24759 * bytecode/PredictedType.h:
24760 (JSC::isDoubleRealPrediction):
24761 (JSC::isDoublePrediction):
24763 2011-12-15 Anders Carlsson <andersca@apple.com>
24765 Regression (r102866): Navigating away from or closing a page with a plugin crashes
24766 https://bugs.webkit.org/show_bug.cgi?id=74655
24767 <rdar://problem/10590024>
24769 Reviewed by Sam Weinig.
24771 Rewrite HasRefAndDeref to work if ref and deref are implemented in base classes,
24772 using a modified version of the technique described here:
24773 http://groups.google.com/group/comp.lang.c++.moderated/msg/e5fbc9305539f699
24775 * wtf/Functional.h:
24777 2011-12-15 Andy Wingo <wingo@igalia.com>
24779 Warnings fixes in Interpreter.cpp and PrivateExecute.cpp
24780 https://bugs.webkit.org/show_bug.cgi?id=74624
24782 Reviewed by Darin Adler.
24784 * interpreter/Interpreter.cpp:
24785 (JSC::Interpreter::privateExecute): Fix variables unused in
24787 * wtf/ParallelJobsGeneric.cpp:
24788 (WTF::ParallelEnvironment::ParallelEnvironment): Fix
24789 signed/unsigned comparison warning, with a cast.
24791 2011-12-15 Andy Wingo <wingo@igalia.com>
24793 Use more macrology in JSC::Options
24794 https://bugs.webkit.org/show_bug.cgi?id=72938
24796 Reviewed by Filip Pizlo.
24798 * runtime/Options.cpp:
24799 (JSC::Options::initializeOptions):
24800 * runtime/Options.h: Use macros to ensure that all heuristics are
24801 declared and have initializers.
24803 2011-12-15 Anders Carlsson <andersca@apple.com>
24805 Add ScrollingCoordinator class and ENABLE_THREADED_SCROLLING define
24806 https://bugs.webkit.org/show_bug.cgi?id=74639
24808 Reviewed by Andreas Kling.
24810 Add ENABLE_THREADED_SCROLLING #define.
24814 2011-12-15 Anders Carlsson <andersca@apple.com>
24816 EventDispatcher should handle wheel events on the connection queue
24817 https://bugs.webkit.org/show_bug.cgi?id=74627
24819 Reviewed by Andreas Kling.
24821 Add a BoundFunctionImpl specialization that takes three parameters.
24823 * wtf/Functional.h:
24828 2011-12-14 Anders Carlsson <andersca@apple.com>
24830 Add WTF::Function to wtf/Forward.h
24831 https://bugs.webkit.org/show_bug.cgi?id=74576
24833 Reviewed by Adam Roben.
24836 Work around a name conflict in the readline library.
24841 2011-12-15 Igor Oliveira <igor.oliveira@openbossa.org>
24843 [Qt] Support requestAnimationFrame API
24844 https://bugs.webkit.org/show_bug.cgi?id=74528
24846 Let Qt port use REQUEST_ANIMATION_FRAME_TIMER.
24848 Reviewed by Kenneth Rohde Christiansen.
24852 2011-12-15 Andy Wingo <wingo@igalia.com>
24854 Minor refactor to Parser::parseTryStatement
24855 https://bugs.webkit.org/show_bug.cgi?id=74507
24857 Reviewed by Geoffrey Garen.
24859 * parser/Parser.cpp (JSC::Parser::parseTryStatement): Use the
24860 Parser's declareVariable instead of going directly to the scope.
24861 This will facilitate future checks related to harmony block
24864 2011-12-15 Andy Wingo <wingo@igalia.com>
24866 Rename JSC::Heuristics to JSC::Options
24867 https://bugs.webkit.org/show_bug.cgi?id=72889
24869 Reviewed by Filip Pizlo.
24871 * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
24872 * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
24875 * GNUmakefile.list.am:
24876 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
24877 * JavaScriptCore.xcodeproj/project.pbxproj:
24879 * bytecode/CodeBlock.cpp:
24880 (JSC::CodeBlock::shouldOptimizeNow):
24881 * bytecode/CodeBlock.h:
24882 (JSC::CodeBlock::likelyToTakeSlowCase):
24883 (JSC::CodeBlock::couldTakeSlowCase):
24884 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
24885 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
24886 (JSC::CodeBlock::likelyToTakeAnySlowCase):
24887 (JSC::CodeBlock::reoptimizationRetryCounter):
24888 (JSC::CodeBlock::countReoptimization):
24889 (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
24890 (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
24891 (JSC::CodeBlock::optimizeNextInvocation):
24892 (JSC::CodeBlock::dontOptimizeAnytimeSoon):
24893 (JSC::CodeBlock::optimizeSoon):
24894 (JSC::CodeBlock::largeFailCountThreshold):
24895 (JSC::CodeBlock::largeFailCountThresholdForLoop):
24896 (JSC::CodeBlock::shouldReoptimizeNow):
24897 (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
24898 * dfg/DFGByteCodeParser.cpp:
24899 (JSC::DFG::ByteCodeParser::handleInlining):
24900 * dfg/DFGCapabilities.h:
24901 (JSC::DFG::mightCompileEval):
24902 (JSC::DFG::mightCompileProgram):
24903 (JSC::DFG::mightCompileFunctionForCall):
24904 (JSC::DFG::mightCompileFunctionForConstruct):
24905 (JSC::DFG::mightInlineFunctionForCall):
24906 (JSC::DFG::mightInlineFunctionForConstruct):
24907 * dfg/DFGOSRExit.cpp:
24908 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
24909 * dfg/DFGOSRExitCompiler32_64.cpp:
24910 (JSC::DFG::OSRExitCompiler::compileExit):
24911 * dfg/DFGOSRExitCompiler64.cpp:
24912 (JSC::DFG::OSRExitCompiler::compileExit):
24913 * dfg/DFGVariableAccessData.h:
24914 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
24915 * heap/MarkStack.cpp:
24916 (JSC::MarkStackSegmentAllocator::allocate):
24917 (JSC::MarkStackSegmentAllocator::shrinkReserve):
24918 (JSC::MarkStackArray::MarkStackArray):
24919 (JSC::MarkStackArray::donateSomeCellsTo):
24920 (JSC::MarkStackArray::stealSomeCellsFrom):
24921 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
24922 (JSC::SlotVisitor::donateSlow):
24923 (JSC::SlotVisitor::drain):
24924 (JSC::SlotVisitor::drainFromShared):
24925 * heap/MarkStack.h:
24926 (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
24927 (JSC::MarkStack::addOpaqueRoot):
24928 (JSC::MarkStackArray::canDonateSomeCells):
24929 * heap/SlotVisitor.h:
24930 (JSC::SlotVisitor::donate):
24932 (JSC::JIT::emitOptimizationCheck):
24933 * runtime/InitializeThreading.cpp:
24934 (JSC::initializeThreadingOnce): Adapt callers and build systems.
24937 (CommandLine::CommandLine):
24939 (CommandLine::CommandLine):
24940 Rename from Options, to avoid name conflict.
24942 2011-12-14 Sam Weinig <sam@webkit.org>
24944 Revert unintentional change to JavaScriptCore.def
24946 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
24948 2011-12-14 Sam Weinig <weinig@apple.com>
24950 Remove whitespace from InheritedPropertySheets attributes in
24951 vsprops files to appease the Visual Studio project migrator.
24953 Reviewed by Adam Roben.
24955 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
24956 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebug.vsprops:
24957 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugAll.vsprops:
24958 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreDebugCairoCFLite.vsprops:
24959 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebug.vsprops:
24960 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugAll.vsprops:
24961 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedDebugCairoCFLite.vsprops:
24962 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedProduction.vsprops:
24963 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedRelease.vsprops:
24964 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleaseCairoCFLite.vsprops:
24965 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGeneratedReleasePGO.vsprops:
24966 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreProduction.vsprops:
24967 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreRelease.vsprops:
24968 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleaseCairoCFLite.vsprops:
24969 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGO.vsprops:
24970 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreReleasePGOOptimize.vsprops:
24971 * JavaScriptCore.vcproj/WTF/WTFDebug.vsprops:
24972 * JavaScriptCore.vcproj/WTF/WTFDebugAll.vsprops:
24973 * JavaScriptCore.vcproj/WTF/WTFDebugCairoCFLite.vsprops:
24974 * JavaScriptCore.vcproj/WTF/WTFProduction.vsprops:
24975 * JavaScriptCore.vcproj/WTF/WTFRelease.vsprops:
24976 * JavaScriptCore.vcproj/WTF/WTFReleaseCairoCFLite.vsprops:
24977 * JavaScriptCore.vcproj/WTF/WTFReleasePGO.vsprops:
24978 * JavaScriptCore.vcproj/jsc/jscDebug.vsprops:
24979 * JavaScriptCore.vcproj/jsc/jscDebugAll.vsprops:
24980 * JavaScriptCore.vcproj/jsc/jscDebugCairoCFLite.vsprops:
24981 * JavaScriptCore.vcproj/jsc/jscProduction.vsprops:
24982 * JavaScriptCore.vcproj/jsc/jscRelease.vsprops:
24983 * JavaScriptCore.vcproj/jsc/jscReleaseCairoCFLite.vsprops:
24984 * JavaScriptCore.vcproj/jsc/jscReleasePGO.vsprops:
24985 * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops:
24986 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops:
24987 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops:
24988 * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops:
24989 * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops:
24990 * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops:
24991 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops:
24992 * JavaScriptCore.vcproj/testapi/testapiDebug.vsprops:
24993 * JavaScriptCore.vcproj/testapi/testapiDebugAll.vsprops:
24994 * JavaScriptCore.vcproj/testapi/testapiDebugCairoCFLite.vsprops:
24995 * JavaScriptCore.vcproj/testapi/testapiProduction.vsprops:
24996 * JavaScriptCore.vcproj/testapi/testapiRelease.vsprops:
24997 * JavaScriptCore.vcproj/testapi/testapiReleaseCairoCFLite.vsprops:
24999 2011-12-14 Anders Carlsson <andersca@apple.com>
25001 binding a member function should ref/deref the object pointer if needed
25002 https://bugs.webkit.org/show_bug.cgi?id=74552
25004 Reviewed by Sam Weinig.
25006 Add a HasRefAndDeref helper class template which checks if a given class type has ref and deref
25007 member functions which the right type. Use this to determine if we should ref/deref the first parameter.
25009 * wtf/Functional.h:
25012 (WTF::RefAndDeref::ref):
25013 (WTF::RefAndDeref::deref):
25015 2011-12-14 Hajime Morrita <morrita@chromium.org>
25017 JS_INLINE and WTF_INLINE should be visible from WebCore
25018 https://bugs.webkit.org/show_bug.cgi?id=73191
25020 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
25021 - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
25022 - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
25024 Reviewed by Kevin Ollivier.
25026 * JavaScriptCore.xcodeproj/project.pbxproj:
25028 * runtime/JSExportMacros.h: Added.
25029 * wtf/ExportMacros.h:
25031 * wtf/WTFThreadData.h:
25032 * wtf/text/AtomicString.h:
25033 * wtf/text/StringStatics.cpp:
25035 2011-12-14 Anders Carlsson <andersca@apple.com>
25037 Work around a bug in the MSVC2005 compiler
25038 https://bugs.webkit.org/show_bug.cgi?id=74550
25040 Reviewed by Sam Weinig.
25042 Add template parameters for the return types of the partial specializations of BoundFunctionImpl.
25044 * wtf/Functional.h:
25047 2011-12-13 Jon Lee <jonlee@apple.com>
25049 Enable notifications on Mac.
25051 Reviewed by Sam Weinig.
25053 * Configurations/FeatureDefines.xcconfig:
25055 2011-12-14 David Kilzer <ddkilzer@apple.com>
25057 Remove definition of old ENABLE(YARR) macro
25058 <http://webkit.org/b/74532>
25060 Reviewed by Darin Adler.
25062 * wtf/Platform.h: Removed ENABLE_YARR macros.
25064 2011-12-14 Anders Carlsson <andersca@apple.com>
25066 bind should handle member functions
25067 https://bugs.webkit.org/show_bug.cgi?id=74529
25069 Reviewed by Sam Weinig.
25071 Add FunctionWrapper partial specializations for member function pointers.
25073 * wtf/Functional.h:
25076 2011-12-14 Gavin Barraclough <barraclough@apple.com>
25078 DFG relies on returning a struct in registers
25079 https://bugs.webkit.org/show_bug.cgi?id=74527
25081 Reviewed by Geoff Garen.
25083 This will not work on all platforms. Returning a uint64_t will more reliably achieve
25084 what we want, on 32-bit platforms (on 64-bit, stick with the struct return).
25086 * dfg/DFGOperations.cpp:
25087 * dfg/DFGOperations.h:
25088 (JSC::DFG::DFGHandler::dfgHandlerEncoded):
25090 2011-12-14 Anders Carlsson <andersca@apple.com>
25092 Add unary and binary bind overloads
25093 https://bugs.webkit.org/show_bug.cgi?id=74524
25095 Reviewed by Sam Weinig.
25097 * wtf/Functional.h:
25099 (WTF::FunctionWrapper::ResultType):
25102 2011-12-14 Anders Carlsson <andersca@apple.com>
25104 Add back the callOnMainThread overload that takes a WTF::Function
25105 https://bugs.webkit.org/show_bug.cgi?id=74512
25107 Reviewed by Darin Adler.
25109 Add back the overload; the changes to WebCore should hopefully keep Windows building.
25111 * wtf/MainThread.cpp:
25112 (WTF::callFunctionObject):
25113 (WTF::callOnMainThread):
25114 * wtf/MainThread.h:
25116 2011-12-13 Filip Pizlo <fpizlo@apple.com>
25118 DFG should infer when local variables are doubles
25119 https://bugs.webkit.org/show_bug.cgi?id=74480
25121 Reviewed by Oliver Hunt.
25123 Introduced the notion that a local variable (though not an argument, yet!) can
25124 be stored as a double, and will be guaranteed to always contain a double. This
25125 requires more magic in the OSR (conversion in both entry and exit). The inference
25126 is quite unorthodox: all uses of a variable vote on whether they think it should
25127 be a double or a JSValue, based on how they use it. If they use it in an integer
25128 or boxed value context, they vote JSValue. If they use it in a double context,
25129 they vote double. This voting is interleaved in the propagator's fixpoint, so
25130 that variables voted double then have a double prediction propagated from them.
25131 This interleaving is needed because a variable that actually always contains an
25132 integer that always gets used in arithmetic that involves doubles may end up
25133 being voted double, which then means that all uses of the variable will see a
25134 double rather than an integer.
25136 This is worth 18% to SunSpider/3d-cube, 7% to Kraken/audio-beat-detection, 7%
25137 to Kraken/audio-fft, 6% to Kraken/imaging-darkroom, 20% to
25138 Kraken/imaging-gaussian-blur, and just over 1% to Kraken/json-parse-financial.
25139 It results in a 1% speed-up on SunSpider and a 4% speed-up in Kraken. Similar
25140 results on JSVALUE32_64, though with a bigger win on Kraken (5%) and no overall
25143 * bytecode/ValueRecovery.h:
25144 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedDouble):
25145 (JSC::ValueRecovery::dump):
25146 * dfg/DFGAbstractState.cpp:
25147 (JSC::DFG::AbstractState::execute):
25148 * dfg/DFGAssemblyHelpers.h:
25149 (JSC::DFG::AssemblyHelpers::boxDouble):
25150 * dfg/DFGGraph.cpp:
25151 (JSC::DFG::Graph::dump):
25152 * dfg/DFGJITCompiler.h:
25153 (JSC::DFG::JITCompiler::noticeOSREntry):
25154 * dfg/DFGOSREntry.cpp:
25155 (JSC::DFG::prepareOSREntry):
25156 * dfg/DFGOSREntry.h:
25157 * dfg/DFGOSRExitCompiler64.cpp:
25158 (JSC::DFG::OSRExitCompiler::compileExit):
25159 * dfg/DFGPropagator.cpp:
25160 (JSC::DFG::Propagator::vote):
25161 (JSC::DFG::Propagator::doRoundOfDoubleVoting):
25162 (JSC::DFG::Propagator::propagatePredictions):
25163 (JSC::DFG::Propagator::fixupNode):
25164 * dfg/DFGSpeculativeJIT.cpp:
25165 (JSC::DFG::ValueSource::dump):
25166 (JSC::DFG::SpeculativeJIT::compile):
25167 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
25168 * dfg/DFGSpeculativeJIT.h:
25169 * dfg/DFGSpeculativeJIT32_64.cpp:
25170 (JSC::DFG::SpeculativeJIT::compile):
25171 * dfg/DFGSpeculativeJIT64.cpp:
25172 (JSC::DFG::SpeculativeJIT::compile):
25173 * dfg/DFGVariableAccessData.h:
25174 (JSC::DFG::VariableAccessData::VariableAccessData):
25175 (JSC::DFG::VariableAccessData::clearVotes):
25176 (JSC::DFG::VariableAccessData::vote):
25177 (JSC::DFG::VariableAccessData::doubleVoteRatio):
25178 (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
25179 (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
25180 (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
25181 * runtime/Arguments.cpp:
25182 (JSC::Arguments::tearOff):
25183 * runtime/Heuristics.cpp:
25184 (JSC::Heuristics::initializeHeuristics):
25185 * runtime/Heuristics.h:
25187 2011-12-13 Anders Carlsson <andersca@apple.com>
25189 Try to fix the Windows build.
25191 Remove the callOnMainThread overload that takes a WTF::Function since it's not being used.
25193 * wtf/MainThread.cpp:
25194 * wtf/MainThread.h:
25196 2011-12-13 Anders Carlsson <andersca@apple.com>
25198 Add a very bare-bones implementation of bind and Function to WTF
25199 https://bugs.webkit.org/show_bug.cgi?id=74462
25201 Reviewed by Sam Weinig.
25203 In order to make it easier to package up function calls and send them across
25204 threads, add a (currently very simple) implementation of WTF::bind and WTF::Function to a new
25205 wtf/Functional.h header.
25207 Currently, all bind can do is bind a nullary function and return a Function object that can be called and copied,
25208 but I'll add more as the need arises.
25210 * GNUmakefile.list.am:
25211 * JavaScriptCore.gypi:
25212 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
25213 * JavaScriptCore.xcodeproj/project.pbxproj:
25214 * wtf/Functional.h: Added.
25216 (WTF::FunctionImplBase::~FunctionImplBase):
25217 (WTF::FunctionWrapper::ResultType):
25218 (WTF::FunctionBase::isNull):
25219 (WTF::FunctionBase::FunctionBase):
25220 (WTF::FunctionBase::impl):
25222 * wtf/MainThread.cpp:
25223 (WTF::callFunctionObject):
25224 (WTF::callOnMainThread):
25225 * wtf/MainThread.h:
25228 2011-12-13 Geoffrey Garen <ggaren@apple.com>
25230 <rdar://problem/10577239> GC Crash introduced in r102545
25232 Reviewed by Gavin Barraclough.
25234 MarkedArgumentBuffer was still marking items in forwards order, even though
25235 the argument order has been reversed.
25237 I fixed this bug, and replaced address calculation code with some helper
25238 functions -- mallocBase() and slotFor() -- so it stays fixed everywhere.
25240 * runtime/ArgList.cpp:
25241 (JSC::MarkedArgumentBuffer::markLists):
25242 (JSC::MarkedArgumentBuffer::slowAppend):
25243 * runtime/ArgList.h:
25244 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
25245 (JSC::MarkedArgumentBuffer::at):
25246 (JSC::MarkedArgumentBuffer::append):
25247 (JSC::MarkedArgumentBuffer::last):
25248 (JSC::MarkedArgumentBuffer::slotFor):
25249 (JSC::MarkedArgumentBuffer::mallocBase):
25251 2011-12-13 Filip Pizlo <fpizlo@apple.com>
25253 DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
25254 https://bugs.webkit.org/show_bug.cgi?id=74463
25256 Reviewed by Gavin Barraclough.
25258 Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
25259 how to execute the slow path of UInt32ToNumber.
25261 * bytecode/CodeBlock.h:
25262 (JSC::CodeBlock::lastOSRExit):
25263 * bytecode/CodeOrigin.h:
25264 (JSC::CodeOrigin::operator!=):
25265 * bytecode/ValueRecovery.h:
25266 (JSC::ValueRecovery::uint32InGPR):
25267 (JSC::ValueRecovery::gpr):
25268 (JSC::ValueRecovery::dump):
25269 * dfg/DFGAssemblyHelpers.cpp:
25270 * dfg/DFGAssemblyHelpers.h:
25271 * dfg/DFGOSRExit.h:
25272 (JSC::DFG::OSRExit::valueRecoveryForOperand):
25273 * dfg/DFGOSRExitCompiler32_64.cpp:
25274 (JSC::DFG::OSRExitCompiler::compileExit):
25275 * dfg/DFGOSRExitCompiler64.cpp:
25276 (JSC::DFG::OSRExitCompiler::compileExit):
25277 * dfg/DFGSpeculativeJIT.cpp:
25278 (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
25279 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
25280 * dfg/DFGSpeculativeJIT.h:
25281 * dfg/DFGSpeculativeJIT32_64.cpp:
25282 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
25283 (JSC::DFG::SpeculativeJIT::compile):
25284 * dfg/DFGSpeculativeJIT64.cpp:
25285 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
25286 (JSC::DFG::SpeculativeJIT::compile):
25288 2011-12-13 Oliver Hunt <oliver@apple.com>
25290 Arguments object doesn't handle mutation of length property correctly
25291 https://bugs.webkit.org/show_bug.cgi?id=74454
25293 Reviewed by Gavin Barraclough.
25295 Correct handling of arguments objects with overridden length property
25297 * interpreter/Interpreter.cpp:
25298 (JSC::loadVarargs):
25299 * runtime/Arguments.cpp:
25300 (JSC::Arguments::copyToArguments):
25301 (JSC::Arguments::fillArgList):
25303 2011-12-13 Filip Pizlo <fpizlo@apple.com>
25305 DFG GetByVal CSE rule should match PutByValAlias
25306 https://bugs.webkit.org/show_bug.cgi?id=74390
25308 Reviewed by Geoff Garen.
25310 Tiny win on some benchmarks. Maybe a 0.2% win on SunSpider.
25312 * dfg/DFGPropagator.cpp:
25313 (JSC::DFG::Propagator::getByValLoadElimination):
25315 2011-12-13 Andy Wingo <wingo@igalia.com>
25317 Fix interpreter debug build.
25318 https://bugs.webkit.org/show_bug.cgi?id=74439
25320 Reviewed by Geoffrey Garen.
25322 * bytecode/ValueRecovery.h: Include stdio.h on debug builds.
25324 2011-12-13 Filip Pizlo <fpizlo@apple.com>
25326 DFG should know exactly why recompilation was triggered
25327 https://bugs.webkit.org/show_bug.cgi?id=74362
25329 Reviewed by Oliver Hunt.
25331 Each OSR exit is now individually counted, as well as counting the total number
25332 of OSR exits that occurred in a code block. If recompilation is triggered, we
25333 check to see if there are OSR exit sites that make up a sufficiently large
25334 portion of the total OSR exits that occurred. For any such OSR exit sites, we
25335 add a description of the site (bytecode index, kind) to a data structure in the
25336 corresponding baseline CodeBlock. Then, when we recompile the code, we immediately
25337 know which speculations would be unwise based on the fact that previous such
25338 speculations proved to be fruitless.
25340 This means 2% win on two of the SunSpider string tests, a 4% win on V8's deltablue,
25341 and 5% on Kraken's imaging-darkroom. It is only a minor win in the averages, less
25345 * GNUmakefile.list.am:
25346 * JavaScriptCore.xcodeproj/project.pbxproj:
25348 * bytecode/CodeBlock.cpp:
25349 (JSC::CodeBlock::tallyFrequentExitSites):
25350 * bytecode/CodeBlock.h:
25351 (JSC::CodeBlock::addFrequentExitSite):
25352 (JSC::CodeBlock::exitProfile):
25353 (JSC::CodeBlock::reoptimize):
25354 (JSC::CodeBlock::tallyFrequentExitSites):
25355 * bytecode/DFGExitProfile.cpp: Added.
25356 (JSC::DFG::ExitProfile::ExitProfile):
25357 (JSC::DFG::ExitProfile::~ExitProfile):
25358 (JSC::DFG::ExitProfile::add):
25359 (JSC::DFG::QueryableExitProfile::QueryableExitProfile):
25360 (JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
25361 * bytecode/DFGExitProfile.h: Added.
25362 (JSC::DFG::exitKindToString):
25363 (JSC::DFG::exitKindIsCountable):
25364 (JSC::DFG::FrequentExitSite::FrequentExitSite):
25365 (JSC::DFG::FrequentExitSite::operator!):
25366 (JSC::DFG::FrequentExitSite::operator==):
25367 (JSC::DFG::FrequentExitSite::hash):
25368 (JSC::DFG::FrequentExitSite::bytecodeOffset):
25369 (JSC::DFG::FrequentExitSite::kind):
25370 (JSC::DFG::FrequentExitSite::isHashTableDeletedValue):
25371 (JSC::DFG::FrequentExitSiteHash::hash):
25372 (JSC::DFG::FrequentExitSiteHash::equal):
25373 (JSC::DFG::QueryableExitProfile::hasExitSite):
25374 * dfg/DFGAssemblyHelpers.h:
25375 (JSC::DFG::AssemblyHelpers::baselineCodeBlockForOriginAndBaselineCodeBlock):
25376 (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
25377 * dfg/DFGByteCodeParser.cpp:
25378 (JSC::DFG::ByteCodeParser::makeSafe):
25379 (JSC::DFG::ByteCodeParser::makeDivSafe):
25380 (JSC::DFG::ByteCodeParser::handleCall):
25381 (JSC::DFG::ByteCodeParser::handleIntrinsic):
25382 (JSC::DFG::ByteCodeParser::parseBlock):
25383 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
25384 * dfg/DFGOSRExit.cpp:
25385 (JSC::DFG::OSRExit::OSRExit):
25386 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
25387 * dfg/DFGOSRExit.h:
25388 (JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):
25389 * dfg/DFGOSRExitCompiler.cpp:
25390 * dfg/DFGOSRExitCompiler32_64.cpp:
25391 (JSC::DFG::OSRExitCompiler::compileExit):
25392 * dfg/DFGOSRExitCompiler64.cpp:
25393 (JSC::DFG::OSRExitCompiler::compileExit):
25394 * dfg/DFGSpeculativeJIT.cpp:
25395 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
25396 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
25397 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
25398 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
25399 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
25400 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
25401 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
25402 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
25403 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
25404 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
25405 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
25406 (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
25407 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
25408 (JSC::DFG::SpeculativeJIT::compileArithMul):
25409 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
25410 * dfg/DFGSpeculativeJIT.h:
25411 (JSC::DFG::SpeculativeJIT::speculationCheck):
25412 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
25413 * dfg/DFGSpeculativeJIT32_64.cpp:
25414 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
25415 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
25416 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
25417 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
25418 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
25419 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
25420 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
25421 (JSC::DFG::SpeculativeJIT::compile):
25422 * dfg/DFGSpeculativeJIT64.cpp:
25423 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
25424 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
25425 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
25426 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
25427 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
25428 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
25429 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
25430 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
25431 (JSC::DFG::SpeculativeJIT::emitBranch):
25432 (JSC::DFG::SpeculativeJIT::compile):
25433 * runtime/Heuristics.cpp:
25434 (JSC::Heuristics::initializeHeuristics):
25435 * runtime/Heuristics.h:
25437 2011-12-13 Michael Saboff <msaboff@apple.com>
25439 Cleanup of StringImpl::equal in r102631 post commit
25440 https://bugs.webkit.org/show_bug.cgi?id=74421
25442 Reviewed by Darin Adler.
25444 * wtf/text/AtomicString.h:
25445 (WTF::operator==): Removed cast no longer needed.
25446 * wtf/text/StringImpl.h:
25447 (WTF::equal): Changed template to several overloaded methods.
25449 2011-12-12 Michael Saboff <msaboff@apple.com>
25451 Eliminate Duplicate word at a time equal code in StringImpl.cpp and StringHash.h
25452 https://bugs.webkit.org/show_bug.cgi?id=73622
25454 Reviewed by Oliver Hunt.
25456 Moved equal(charType1 *, charType2, unsigned) template methods
25457 from static StringImpl.cpp to StringImpl.h and then replaced the
25458 processor specific character comparison code in StringHash::equal
25459 with calls to these methods.
25461 This change is worth 3% on SunSpider string-unpack-code as reported
25462 by the SunSpider command line harness. No other tests appear to
25463 have measurable performance changes.
25465 * wtf/text/AtomicString.h:
25467 * wtf/text/StringHash.h:
25468 (WTF::StringHash::equal):
25469 * wtf/text/StringImpl.cpp:
25470 * wtf/text/StringImpl.h:
25475 2011-12-12 Filip Pizlo <fpizlo@apple.com>
25477 ARMv7 version of DFG soft modulo does register allocation inside of control flow
25478 https://bugs.webkit.org/show_bug.cgi?id=74354
25480 Reviewed by Gavin Barraclough.
25482 * dfg/DFGSpeculativeJIT.cpp:
25483 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
25485 2011-12-12 Andy Wingo <wingo@igalia.com>
25487 Simplify autotools configure.ac
25488 https://bugs.webkit.org/show_bug.cgi?id=74312
25490 Reviewed by Martin Robinson.
25492 * GNUmakefile.am: Add JSC_CPPFLAGS to javascriptcore_cppflags.
25494 2011-12-12 Filip Pizlo <fpizlo@apple.com>
25496 DFG GetByVal CSE incorrectly assumes that a non-matching PutByVal cannot clobber
25497 https://bugs.webkit.org/show_bug.cgi?id=74329
25499 Reviewed by Gavin Barraclough.
25501 * dfg/DFGPropagator.cpp:
25502 (JSC::DFG::Propagator::getByValLoadElimination):
25504 2011-12-09 Alexander Pavlov <apavlov@chromium.org>
25506 WebKit does not enumerate over CSS properties in HTMLElement.style
25507 https://bugs.webkit.org/show_bug.cgi?id=23946
25509 Reviewed by Darin Adler.
25511 Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
25512 introduce an std::sort() comparator function.
25514 * JavaScriptCore.exp:
25515 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
25516 * wtf/text/WTFString.h:
25517 (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
25519 2011-12-12 Alexander Pavlov <apavlov@chromium.org>
25521 Unreviewed, build fix.
25523 Revert r102570 which broke SnowLeopard builders.
25525 * JavaScriptCore.exp:
25526 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
25527 * wtf/text/WTFString.h:
25529 2011-12-09 Alexander Pavlov <apavlov@chromium.org>
25531 WebKit does not enumerate over CSS properties in HTMLElement.style
25532 https://bugs.webkit.org/show_bug.cgi?id=23946
25534 Reviewed by Darin Adler.
25536 Add a few exports to follow the JSCSSStyleDeclaration.cpp changes,
25537 introduce an std::sort() comparator function.
25539 * JavaScriptCore.exp:
25540 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
25541 * wtf/text/WTFString.h:
25542 (WTF::codePointCompareLessThan): Used by std::sort() to sort properties.
25544 2011-12-12 Carlos Garcia Campos <cgarcia@igalia.com>
25546 Unreviewed. Fix make distcheck issues.
25548 * GNUmakefile.list.am:
25550 2011-12-11 Sam Weinig <sam@webkit.org>
25552 Fix another signed vs. unsigned warning
25554 * runtime/ArgList.h:
25555 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
25557 2011-12-11 Sam Weinig <sam@webkit.org>
25559 Fix a signed vs. unsigned warning.
25561 * runtime/ArgList.cpp:
25562 (JSC::MarkedArgumentBuffer::slowAppend):
25563 Cast inlineCapacity to an int to appease the warning. This is known OK
25564 since inlineCapacity is defined to be 8.
25566 2011-12-11 Geoffrey Garen <ggaren@apple.com>
25568 Rolled out *another* debugging change I committed accidentally.
25572 * Configurations/Base.xcconfig:
25574 2011-12-11 Geoffrey Garen <ggaren@apple.com>
25576 Rolled out a debug counter I committed accidentally.
25580 * jit/JITStubs.cpp:
25581 (JSC::arityCheckFor):
25583 2011-12-10 Geoffrey Garen <ggaren@apple.com>
25585 v8 benchmark takes 12-13 million function call slow paths due to extra arguments
25586 https://bugs.webkit.org/show_bug.cgi?id=74244
25588 Reviewed by Filip Pizlo.
25590 .arguments function of order the Reversed
25592 10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
25595 * bytecode/CodeBlock.h:
25596 (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
25597 to this function is an argument number.
25599 * bytecompiler/BytecodeGenerator.cpp:
25600 (JSC::BytecodeGenerator::BytecodeGenerator):
25601 (JSC::BytecodeGenerator::emitCall):
25602 (JSC::BytecodeGenerator::emitConstruct):
25603 (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
25604 helper functions for computing offsets for arguments, rather than doing
25607 Switched to iterating argument offsets backwards (--) instead of forwards (++).
25609 * bytecompiler/BytecodeGenerator.h:
25610 (JSC::CallArguments::thisRegister):
25611 (JSC::CallArguments::argumentRegister):
25612 (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
25614 * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
25616 * dfg/DFGByteCodeParser.cpp:
25617 (JSC::DFG::ByteCodeParser::getArgument):
25618 (JSC::DFG::ByteCodeParser::setArgument):
25619 (JSC::DFG::ByteCodeParser::flush):
25620 (JSC::DFG::ByteCodeParser::addCall):
25621 (JSC::DFG::ByteCodeParser::handleCall):
25622 (JSC::DFG::ByteCodeParser::handleInlining):
25623 (JSC::DFG::ByteCodeParser::handleMinMax):
25624 (JSC::DFG::ByteCodeParser::handleIntrinsic):
25625 (JSC::DFG::ByteCodeParser::parseBlock):
25626 (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
25627 that just-in-time convert to bytecode operands (i.e., indexes in the register
25628 file) through helper functions. This means only one piece of code needs
25629 to know how arguments are laid out in the register file.
25631 * dfg/DFGGraph.cpp:
25632 (JSC::DFG::Graph::dump): Ditto.
25635 (JSC::DFG::Graph::valueProfileFor): Ditto.
25637 * dfg/DFGJITCompiler.cpp:
25638 (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
25639 Treat too many arguments as an arity match.
25641 * dfg/DFGOSRExit.h:
25642 (JSC::DFG::OSRExit::variableForIndex):
25643 (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
25645 * dfg/DFGOperands.h:
25646 (JSC::DFG::operandToArgument):
25647 (JSC::DFG::argumentToOperand): These are now the only two lines of code in
25648 the DFG compiler that know how arguments are laid out in memory.
25650 (JSC::DFG::Operands::operand):
25651 (JSC::DFG::Operands::setOperand): Use helper functions, as above.
25653 * dfg/DFGOperations.cpp: The whole point of this patch:
25654 Treat too many arguments as an arity match.
25656 * dfg/DFGSpeculativeJIT32_64.cpp:
25657 (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
25659 Also, don't tag the caller frame slot as a cell, because it's not a cell.
25661 * dfg/DFGSpeculativeJIT64.cpp:
25662 (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
25664 * dfg/DFGSpeculativeJIT.cpp:
25665 (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
25667 (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
25668 argument virtual register instead of recomputing by hand.
25670 * dfg/DFGSpeculativeJIT.h:
25671 (JSC::DFG::SpeculativeJIT::callFrameSlot):
25672 (JSC::DFG::SpeculativeJIT::argumentSlot):
25673 (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
25674 (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
25675 (JSC::DFG::SpeculativeJIT::argumentTagSlot):
25676 (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
25677 functions for dealing with callee arguments specifically. These still
25678 build on top of our other helper functions, and have no direct knowledge
25679 of how arguments are laid out in the register file.
25681 (JSC::DFG::SpeculativeJIT::resetCallArguments):
25682 (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
25683 argumentOffset to match CallFrame naming.
25685 (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
25686 functions, as above.
25688 * interpreter/CallFrame.h:
25689 (JSC::ExecState::argumentOffset):
25690 (JSC::ExecState::argumentOffsetIncludingThis):
25691 (JSC::ExecState::argument):
25692 (JSC::ExecState::setArgument):
25693 (JSC::ExecState::thisArgumentOffset):
25694 (JSC::ExecState::thisValue):
25695 (JSC::ExecState::setThisValue):
25696 (JSC::ExecState::offsetFor):
25697 (JSC::ExecState::hostThisRegister):
25698 (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
25699 computing where an argument is in the register file. Anything in the
25700 runtime that needs to access arguments should use these helpers.
25702 * interpreter/CallFrameClosure.h:
25703 (JSC::CallFrameClosure::setThis):
25704 (JSC::CallFrameClosure::setArgument):
25705 (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
25706 that too many arguments counts as an arity match and doesn't require
25707 preserving two copies of our arguments.
25709 * interpreter/Interpreter.cpp:
25710 (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
25711 special if the caller provided too few arguments.
25713 Key simplification: We never need to maintain two copies of our arguments
25717 (JSC::loadVarargs): Use helper functions.
25719 (JSC::Interpreter::unwindCallFrame): Updated for new interface.
25721 (JSC::Interpreter::execute):
25722 (JSC::Interpreter::executeCall):
25723 (JSC::Interpreter::executeConstruct):
25724 (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
25727 (JSC::Interpreter::privateExecute): No need to check for stack overflow
25728 when calling host functions because they have zero callee registers.
25730 (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
25731 object, since there's no special constructor for this anymore.
25733 * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
25734 workers tests were hitting stack overflow in some of my testing. We should
25735 make this test more exact in future.
25737 * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
25738 location that does not belong to the CallFrame class!
25741 (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
25743 Also, the whole point of this patch: Treat too many arguments as an arity match.
25745 * jit/JITCall32_64.cpp:
25746 (JSC::JIT::compileLoadVarargs):
25748 (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
25749 helper functions, for backwards-correctness. Removed the condition
25750 pertaining to declared argument count because, now that arguments are
25751 always in just one place, this optimization is valid for all functions.
25752 Standardized the if predicate for each line of the optimization. This might
25753 fix a bug, but I couldn't get the bug to crash in practice.
25755 * jit/JITOpcodes32_64.cpp:
25756 (JSC::JIT::emit_op_create_arguments):
25757 (JSC::JIT::emit_op_get_argument_by_val):
25758 (JSC::JIT::emitSlow_op_get_argument_by_val):
25759 * jit/JITOpcodes.cpp:
25760 (JSC::JIT::emit_op_create_arguments):
25761 (JSC::JIT::emit_op_get_argument_by_val):
25762 (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
25763 optimization because it's no longer an optimization, now that arguments
25764 are always contiguous in a known location.
25766 Updated argument access opcode math for backwards-correctness.
25768 * jit/JITStubs.cpp:
25769 (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
25770 function is slightly different because it copies the call frame in
25771 addition to the arguments. (In the Interpreter, the call frame is not
25772 set up by this point.)
25774 (JSC::lazyLinkFor): The whole point of this patch: Treat too many
25775 arguments as an arity match.
25777 (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
25780 * jit/SpecializedThunkJIT.h:
25781 (JSC::SpecializedThunkJIT::loadDoubleArgument):
25782 (JSC::SpecializedThunkJIT::loadCellArgument):
25783 (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
25784 build strong bones and teeth!
25786 * runtime/ArgList.cpp:
25787 (JSC::ArgList::getSlice):
25788 (JSC::MarkedArgumentBuffer::slowAppend):
25789 * runtime/ArgList.h:
25790 (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
25791 (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
25792 (JSC::MarkedArgumentBuffer::at):
25793 (JSC::MarkedArgumentBuffer::clear):
25794 (JSC::MarkedArgumentBuffer::append):
25795 (JSC::MarkedArgumentBuffer::removeLast):
25796 (JSC::MarkedArgumentBuffer::last):
25797 (JSC::ArgList::ArgList):
25798 (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
25799 play nice with backwards-ness, so I changed to using manual allocation.
25801 Fixed a FIXME about not all values being marked in the case of out-of-line
25802 arguments. I had to rewrite the loop anyway, and I didn't feel like
25803 maintaining fidelity to its old bugs.
25805 * runtime/Arguments.cpp:
25806 (JSC::Arguments::visitChildren):
25807 (JSC::Arguments::copyToArguments):
25808 (JSC::Arguments::fillArgList):
25809 (JSC::Arguments::getOwnPropertySlotByIndex):
25810 (JSC::Arguments::getOwnPropertySlot):
25811 (JSC::Arguments::getOwnPropertyDescriptor):
25812 (JSC::Arguments::putByIndex):
25813 (JSC::Arguments::put):
25814 (JSC::Arguments::tearOff):
25815 * runtime/Arguments.h:
25816 (JSC::Arguments::create):
25817 (JSC::Arguments::Arguments):
25818 (JSC::Arguments::argument):
25819 (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
25820 lots of tricky code designed to maintain two different copies of function
25821 arguments. Now that arguments are always contiguous in one place in memory,
25822 this complexity can go away.
25824 Reduced down to one create function for the Arguments class, from three.
25826 Moved tearOff() into an out-of-line function because it's huge.
25828 Moved logic about whether to tear off eagerly into the Arguments class,
25829 so we didn't have to duplicate it elsewhere.
25831 * runtime/JSActivation.cpp:
25832 (JSC::JSActivation::JSActivation):
25833 (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
25834 m_numCapturedArgs because if the value really were m_numParametersMinusThis
25835 we would be marking too much. (We shouldn't mark 'this' because it can't
25836 be captured.) Also, use helper functions.
25838 * runtime/JSActivation.h:
25839 (JSC::JSActivation::tearOff): Use helper functions.
25841 * runtime/JSArray.cpp:
25842 (JSC::JSArray::copyToArguments):
25843 * runtime/JSArray.h: Use helper functions, as above.
25845 2011-12-10 Mark Hahnenberg <mhahnenberg@apple.com>
25847 JSC testapi is crashing on Windows
25848 https://bugs.webkit.org/show_bug.cgi?id=74233
25850 Reviewed by Sam Weinig.
25852 Same error we've encountered before where we are calling the wrong version of
25853 visitChildren and objects that are still reachable aren't getting marked.
25854 This problem will go away soon with the removal of vptrs for these sorts of
25855 optimizations in favor of using the ClassInfo, but for now we can simply give
25856 JSFinalObject a bogus virtual method that Visual Studio can't optimize away to
25857 ensure that JSFinalObject will always have a unique vptr. We don't have to worry
25858 about JSString or JSArray right now, which are the other two special cases for
25859 visitChildren, since they already have their own virtual functions.
25861 * JavaScriptCore.exp:
25862 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
25863 * runtime/JSObject.cpp:
25864 (JSC::JSFinalObject::vtableAnchor):
25865 * runtime/JSObject.h:
25867 2011-12-10 Alexis Menard <alexis.menard@openbossa.org>
25869 Unused variable in YarrJIT.cpp.
25870 https://bugs.webkit.org/show_bug.cgi?id=74237
25872 Reviewed by Andreas Kling.
25874 Variable is set but not used so we can remove it.
25876 * yarr/YarrJIT.cpp:
25877 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
25879 2011-12-09 Filip Pizlo <fpizlo@apple.com>
25881 DFG ArithMul power-of-two case does not check for overflow
25882 https://bugs.webkit.org/show_bug.cgi?id=74230
25884 Reviewed by Gavin Barraclough.
25886 Disabled power-of-2 peephole optimization for multiplication, because it was wrong,
25887 and any attempt to fix it would likely introduce code bloat and register pressure.
25889 * dfg/DFGSpeculativeJIT.cpp:
25890 (JSC::DFG::SpeculativeJIT::compileArithMul):
25892 2011-12-09 David Levin <levin@chromium.org>
25894 REGRESSION(r101863-r102042): Assertion hit: m_verifier.isSafeToUse() in RefCountedBase::ref in FunctionCodeBlock
25895 https://bugs.webkit.org/show_bug.cgi?id=73886
25897 Reviewed by Darin Adler.
25899 * runtime/SymbolTable.h:
25900 (JSC::SharedSymbolTable::SharedSymbolTable): Added deprecatedTurnOffVerifier for
25901 another JavaScriptObject, since JavaScriptCore objects allow use on multiple threads.
25902 Bug 58091 is about changing these deprecated calls to something else but that something
25903 else will still need to be in all of these places.
25905 2011-12-09 Konrad Piascik <kpiascik@rim.com>
25907 Remove unnecessary file DissasemblerARM.cpp from build system
25908 https://bugs.webkit.org/show_bug.cgi?id=74184
25910 Reviewed by Daniel Bates.
25912 * PlatformBlackBerry.cmake:
25914 2011-12-09 Filip Pizlo <fpizlo@apple.com>
25916 DFG's interpretation of rare case profiles should be frequency-based not count-based
25917 https://bugs.webkit.org/show_bug.cgi?id=74170
25919 Reviewed by Geoff Garen.
25921 DFG optimizes for rare cases only when the rare case counter is above some threshold
25922 and it also constitutes a large enough fraction of total function executions. Also
25923 added some minor debug logic.
25925 * bytecode/CodeBlock.cpp:
25926 (JSC::CodeBlock::CodeBlock):
25927 * bytecode/CodeBlock.h:
25928 (JSC::CodeBlock::likelyToTakeSlowCase):
25929 (JSC::CodeBlock::couldTakeSlowCase):
25930 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
25931 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
25932 (JSC::CodeBlock::likelyToTakeAnySlowCase):
25933 (JSC::CodeBlock::executionEntryCount):
25934 * dfg/DFGByteCodeParser.cpp:
25935 (JSC::DFG::ByteCodeParser::makeSafe):
25936 (JSC::DFG::ByteCodeParser::makeDivSafe):
25937 (JSC::DFG::ByteCodeParser::handleCall):
25938 (JSC::DFG::ByteCodeParser::parseBlock):
25939 * dfg/DFGDriver.cpp:
25940 (JSC::DFG::compile):
25942 (JSC::JIT::privateCompile):
25943 * runtime/Heuristics.cpp:
25944 (JSC::Heuristics::initializeHeuristics):
25945 * runtime/Heuristics.h:
25947 2011-12-09 Oliver Hunt <oliver@apple.com>
25949 PutByValAlias unnecessarily clobbers GetIndexedPropertyStorage
25950 https://bugs.webkit.org/show_bug.cgi?id=74223
25952 Reviewed by Geoffrey Garen.
25954 Don't clobber GetIndexedPropertyStorage when we see PutByValAlias
25956 * dfg/DFGPropagator.cpp:
25957 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
25959 2011-12-09 David Levin <levin@chromium.org>
25961 Hash* iterators should allow comparison between const and const versions.
25962 https://bugs.webkit.org/show_bug.cgi?id=73370
25964 Reviewed by Darin Adler.
25966 * wtf/HashTable.h: Add the operators needed to do this.
25967 (WTF::HashTableConstIterator::operator==):
25968 (WTF::HashTableConstIterator::operator!=):
25969 (WTF::HashTableIterator::operator==):
25970 (WTF::HashTableIterator::operator!=):
25974 2011-12-09 Michael Saboff <msaboff@apple.com>
25976 YARR: Multi-character read optimization for 8bit strings
25977 https://bugs.webkit.org/show_bug.cgi?id=74191
25979 Reviewed by Oliver Hunt.
25981 Changed generatePatternCharacterOnce to generate
25982 code for 1 to 4 characters in the 8 bit case.
25983 This is worth 29% improvement on SunSpider regexp-dna test.
25984 It provides no benefit to v8-regexp.
25986 * yarr/YarrJIT.cpp:
25987 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
25988 (JSC::Yarr::YarrGenerator::generate): Spelling fix in comment.
25990 2011-12-09 David Levin <levin@chromium.org>
25992 Regression(r53595): Sync xhr requests in workers aren't terminated on worker close.
25993 https://bugs.webkit.org/show_bug.cgi?id=71695
25995 Reviewed by Zoltan Herczeg.
25997 * wtf/MessageQueue.h:
25998 (WTF::MessageQueue::tryGetMessageIgnoringKilled): Added a way to get messages
25999 even after the queue has been killed. This is useful when one wants to
26000 kill a queue but then go through it to run clean up tasks from it.
26002 2011-12-09 Adrienne Walker <enne@google.com>
26004 Fix HashMap<..., OwnPtr<...> >::add compilation errors
26005 https://bugs.webkit.org/show_bug.cgi?id=74159
26007 Reviewed by Darin Adler.
26009 Add a constructor to OwnPtr that takes the empty value (nullptr_t)
26010 from HashTraits so that this function can compile.
26013 (WTF::OwnPtr::OwnPtr):
26015 2011-12-09 Oliver Hunt <oliver@apple.com>
26017 Avoid reloading storage pointer for indexed properties unnecessarily
26018 https://bugs.webkit.org/show_bug.cgi?id=74136
26020 Reviewed by Filip Pizlo.
26022 Add a node to represent loading property storage for indexed properties.
26023 This allows us to reduce code generated for sequential access of arrays,
26024 strings, etc. This results in up to 5% improvement in code that is
26025 very heavy on indexed reads, such as matrix operations in typed arrays
26026 and 20% faster on microbenchmarks.
26028 Currently this is only supported by GetByVal and other similar indexed reads.
26030 * bytecode/PredictedType.h:
26031 (JSC::isFixedIndexedStorageObjectPrediction):
26032 * dfg/DFGAbstractState.cpp:
26033 (JSC::DFG::AbstractState::execute):
26034 * dfg/DFGByteCodeParser.cpp:
26035 (JSC::DFG::ByteCodeParser::handleIntrinsic):
26036 (JSC::DFG::ByteCodeParser::parseBlock):
26038 * dfg/DFGPropagator.cpp:
26039 (JSC::DFG::Propagator::propagateNodePredictions):
26040 (JSC::DFG::Propagator::fixupNode):
26041 (JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
26042 (JSC::DFG::Propagator::performNodeCSE):
26043 * dfg/DFGSpeculativeJIT.cpp:
26044 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
26045 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
26046 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
26047 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
26048 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
26049 (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
26050 * dfg/DFGSpeculativeJIT.h:
26051 * dfg/DFGSpeculativeJIT32_64.cpp:
26052 (JSC::DFG::SpeculativeJIT::compile):
26053 * dfg/DFGSpeculativeJIT64.cpp:
26054 (JSC::DFG::SpeculativeJIT::compile):
26056 2011-12-08 Fady Samuel <fsamuel@chromium.org>
26058 [Chromium] Enable viewport metatag
26059 https://bugs.webkit.org/show_bug.cgi?id=73495
26061 Reviewed by Darin Fisher.
26063 * wtf/Platform.h: Added ENABLE(VIEWPORT) tag.
26065 2011-12-08 Adam Klein <adamk@chromium.org>
26067 Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
26068 https://bugs.webkit.org/show_bug.cgi?id=73964
26070 Reviewed by Darin Adler.
26072 * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on a HashMap of OwnPtrs.
26074 2011-12-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
26076 https://bugs.webkit.org/show_bug.cgi?id=74005
26077 fix unaligned access memory in generatePatternCharacterOnce function
26080 Reviewed by Gavin Barraclough.
26082 * assembler/MacroAssemblerARM.h:
26083 (JSC::MacroAssemblerARM::load16Unaligned):
26084 * assembler/MacroAssemblerARMv7.h:
26085 (JSC::MacroAssemblerARMv7::load16Unaligned):
26086 * assembler/MacroAssemblerMIPS.h:
26087 (JSC::MacroAssemblerMIPS::load16Unaligned):
26088 * assembler/MacroAssemblerSH4.h:
26089 (JSC::MacroAssemblerSH4::lshift32):
26090 (JSC::MacroAssemblerSH4::load8):
26091 (JSC::MacroAssemblerSH4::load16):
26092 (JSC::MacroAssemblerSH4::load16Unaligned):
26093 (JSC::MacroAssemblerSH4::branch8):
26094 * assembler/MacroAssemblerX86Common.h:
26095 (JSC::MacroAssemblerX86Common::load16Unaligned):
26097 * yarr/YarrJIT.cpp:
26098 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
26100 2011-12-08 Michael Saboff <msaboff@apple.com>
26102 Add 8 bit paths for StringTypeAdapter classes
26103 https://bugs.webkit.org/show_bug.cgi?id=73882
26105 Reviewed by Darin Adler.
26107 Added is8Bit() method and writeTo(LChar*) methods
26108 to StringTypeAdapter<> classes. The writeTo(LChar*)
26109 method can be used if is8Bit() returns true. The
26110 non-native 8 bit classes contain ASSERT(is8Bit())
26111 in their writeTo(LChar*).
26113 Updated all of the various versions of tryMakeString() to
26114 use 8 bit processing in the updated StringTypeAdapter<>
26117 This has slight if any performance improvement on kraken.
26119 * runtime/UStringConcatenate.h:
26120 * wtf/text/StringConcatenate.h:
26121 (WTF::tryMakeString):
26122 * wtf/text/StringOperators.h:
26123 (WTF::StringAppend::is8Bit):
26124 (WTF::StringAppend::writeTo):
26126 2011-12-07 Filip Pizlo <fpizlo@apple.com>
26128 DFG CSE should know that CheckFunction is pure
26129 https://bugs.webkit.org/show_bug.cgi?id=74044
26131 Reviewed by Oliver Hunt.
26133 Possible slight win on V8, no regressions.
26135 * dfg/DFGPropagator.cpp:
26136 (JSC::DFG::Propagator::checkFunctionElimination):
26138 2011-12-07 Michael Saboff <msaboff@apple.com>
26140 StringBuilderTest.Append and StringBuilderTest.ToStringPreserveCapacity are failing.
26141 https://bugs.webkit.org/show_bug.cgi?id=73995
26143 Reviewed by Geoffrey Garen.
26145 Problem was that a call to characters on an StringImpl associated
26146 with a StringBuilder that is being appended to gets stale.
26147 Added a new m_valid16BitShadowlen that keeps the length of
26148 the 16 bit shadow that has been upconverted or will be up converted
26149 with the first getCharacters(). When StringBuilder::characters or
26150 ::reifyString is called, further characters are upconverted if
26151 we have a shadow16bit copy and the m_valid16BitShadowlen is updated.
26153 * JavaScriptCore.exp:
26154 * wtf/text/StringBuilder.cpp:
26155 (WTF::StringBuilder::reifyString):
26156 * wtf/text/StringBuilder.h:
26157 (WTF::StringBuilder::StringBuilder):
26158 (WTF::StringBuilder::characters):
26159 (WTF::StringBuilder::clear): Cleaned up as part of the change.
26160 * wtf/text/StringImpl.cpp:
26161 (WTF::StringImpl::getData16SlowCase):
26162 (WTF::StringImpl::upconvertCharacters):
26163 * wtf/text/StringImpl.h:
26165 2011-12-07 Filip Pizlo <fpizlo@apple.com>
26167 Compare and Swap should be enabled on ARMv7
26168 https://bugs.webkit.org/show_bug.cgi?id=74023
26170 Reviewed by Geoff Garen.
26172 Implemented weakCompareAndSwap in terms of LDREX/STREX and enabled PARALLEL_GC.
26173 It gives the expected speed-up on multi-core ARMv7 devices.
26176 (WTF::weakCompareAndSwap):
26179 2011-12-07 Filip Pizlo <fpizlo@apple.com>
26181 DFG CSE is overzealous with GetByVal
26182 https://bugs.webkit.org/show_bug.cgi?id=74042
26184 Reviewed by Oliver Hunt.
26186 Made sure that the purity of GetByVal and the limited-clobber-itude of PutByVal
26187 is tested in all places that matter.
26189 * dfg/DFGPropagator.cpp:
26190 (JSC::DFG::Propagator::byValIsPure):
26191 (JSC::DFG::Propagator::clobbersWorld):
26192 (JSC::DFG::Propagator::getByValLoadElimination):
26193 (JSC::DFG::Propagator::checkStructureLoadElimination):
26194 (JSC::DFG::Propagator::getByOffsetLoadElimination):
26195 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
26196 (JSC::DFG::Propagator::performNodeCSE):
26198 2011-12-07 Sheriff Bot <webkit.review.bot@gmail.com>
26200 Unreviewed, rolling out r102267.
26201 http://trac.webkit.org/changeset/102267
26202 https://bugs.webkit.org/show_bug.cgi?id=74032
26204 Breaks build on Chromium Mac Debug (Requested by aklein on
26207 * wtf/HashTraits.h:
26209 2011-12-07 Adam Klein <adamk@chromium.org>
26211 Use HashMap<Node*, OwnPtr<...>> in ChildListMutationScope
26212 https://bugs.webkit.org/show_bug.cgi?id=73964
26214 Reviewed by Ryosuke Niwa.
26216 * wtf/HashTraits.h: Add passOut(std::nullptr_t) to allow callers to use HashMap::take on an entry whose value is null.
26218 2011-12-07 Filip Pizlo <fpizlo@apple.com>
26220 Non-Mac devices should benefit from a larger heap
26221 https://bugs.webkit.org/show_bug.cgi?id=74015
26223 Reviewed by Geoff Garen.
26225 Removed the ENABLE(LARGE_HEAP) option from Platform.h, since it was only used in
26226 Heap.cpp, and got in the way of having more granular, per-platform control over
26227 what the heap size should be. Bumped the heap size to 8MB on iOS (was 512KB).
26230 (JSC::GCTimer::heapSizeForHint):
26233 2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
26235 [Qt] V8 build fixes.
26237 Reviewed by Tor Arne Vestbø.
26239 * yarr/yarr.pri: Don't rely on Source/JavaScriptCore being in
26240 VPATH. Prefix SOURCES correctly and make sure that runtime/ is
26241 in the include search path when building with v8.
26243 2011-12-06 Filip Pizlo <fpizlo@apple.com>
26245 Zapping a block that is Marked leads to dead objects being mistaken for live ones
26246 https://bugs.webkit.org/show_bug.cgi?id=73982
26248 Reviewed by Geoff Garen.
26250 Changed the zapping code to ignore blocks that are Marked or Zapped. Additionally,
26251 the code asserts that:
26253 - If we zap a Marked or Zapped block then the free list is empty, because this
26254 can only happen if the block was never free-listed.
26256 - Zapping can only happen for Marked, Zapped, or FreeListed blocks, since Allocated
26257 blocks are those that cannot be referred to by SizeClass::currentBlock (since
26258 SizeClass::currentBlock only refers to blocks that are candidates for allocation,
26259 and Allocated blocks are those who have been exhausted by allocation and will not
26260 be allocated from again), and New blocks cannot be referred to by anything except
26261 during a brief window inside the allocation slow-path.
26263 * heap/MarkedBlock.cpp:
26264 (JSC::MarkedBlock::zapFreeList):
26266 2011-12-06 Filip Pizlo <fpizlo@apple.com>
26268 DFG 32_64 call linking does not handle non-cell callees correctly
26269 https://bugs.webkit.org/show_bug.cgi?id=73965
26271 Reviewed by Sam Weinig.
26273 * dfg/DFGSpeculativeJIT32_64.cpp:
26274 (JSC::DFG::SpeculativeJIT::emitCall):
26276 2011-12-06 Sam Weinig <sam@webkit.org>
26278 Remove unintentional type name shadowing in the Interpreter
26279 https://bugs.webkit.org/show_bug.cgi?id=73963
26281 Reviewed by Oliver Hunt.
26283 * interpreter/Interpreter.cpp:
26284 (JSC::Interpreter::prepareForRepeatCall): Replace the parameter name FunctionExecutable,
26285 which shadows the FunctionExecutable type name, with functionExecutable.
26287 2011-12-06 Michael Saboff <msaboff@apple.com>
26289 r102146 from 73875 broke fast/js/encode-URI-test.html
26290 https://bugs.webkit.org/show_bug.cgi?id=73950
26292 Reviewed by Gavin Barraclough.
26294 * runtime/JSGlobalObjectFunctions.cpp:
26295 (JSC::globalFuncUnescape): Restructured to handle
26296 the %uHHHH case to output the resulting character
26297 and continue so that a failure in finding 4 hex
26298 digits will fall through and output the '%'.
26299 Due to style check, changed the temporary
26300 character variable to a more descriptive name.
26302 2011-12-06 Filip Pizlo <fpizlo@apple.com>
26304 GC zapping logic could benefit from some more assertions
26305 https://bugs.webkit.org/show_bug.cgi?id=73947
26307 Reviewed by Gavin Barraclough.
26309 - If you're in a zapped block and you're zapped, then your mark bit should
26312 - If you're being marked, then you should never be zapped.
26314 * heap/MarkedBlock.h:
26315 (JSC::MarkedBlock::isLive):
26316 * runtime/Structure.h:
26317 (JSC::MarkStack::internalAppend):
26319 2011-12-06 Oliver Hunt <oliver@apple.com>
26321 Don't allocate register in typedarray control flow
26322 https://bugs.webkit.org/show_bug.cgi?id=73944
26324 Reviewed by Gavin Barraclough.
26326 Move a temporary allocation outside of control flow.
26328 * dfg/DFGSpeculativeJIT.cpp:
26329 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
26331 2011-12-06 Gavin Barraclough <barraclough@apple.com>
26333 https://bugs.webkit.org/show_bug.cgi?id=68328
26334 The generator and intrinsic fields in HashTableValue/HashEntry and associated structures and methods are redundant
26336 Reviewed by Geoff Garen.
26338 Move the instrinsic enum out of the DFG, into runtime. Add entires for all host functions
26339 that have an intrinsic in the form of a generated thunk. Remove the thunk pointer from the
26340 hashtable, and make Intrinsic field no longer ifdef on JIT/DFG. In getHostFunction select
26341 a thunk genertaor to use based on the Intrinsic.
26343 * JavaScriptCore.xcodeproj/project.pbxproj:
26344 * create_hash_table:
26345 * dfg/DFGByteCodeParser.cpp:
26346 (JSC::DFG::ByteCodeParser::handleCall):
26347 (JSC::DFG::ByteCodeParser::handleIntrinsic):
26348 * dfg/DFGCapabilities.h:
26349 * dfg/DFGIntrinsic.h: Removed.
26350 * jit/JITStubs.cpp:
26351 (JSC::JITThunks::hostFunctionStub):
26353 * runtime/Executable.cpp:
26354 (JSC::ExecutableBase::intrinsic):
26355 (JSC::NativeExecutable::intrinsic):
26356 * runtime/Executable.h:
26357 (JSC::ExecutableBase::intrinsicFor):
26358 (JSC::NativeExecutable::create):
26359 (JSC::NativeExecutable::finishCreation):
26360 * runtime/Intrinsic.h: Copied from Source/JavaScriptCore/dfg/DFGIntrinsic.h.
26361 * runtime/JSGlobalData.cpp:
26362 (JSC::thunkGeneratorForIntrinsic):
26363 (JSC::JSGlobalData::getHostFunction):
26364 * runtime/JSGlobalData.h:
26365 * runtime/Lookup.cpp:
26366 (JSC::HashTable::createTable):
26367 (JSC::setUpStaticFunctionSlot):
26368 * runtime/Lookup.h:
26369 (JSC::HashEntry::initialize):
26370 (JSC::HashEntry::intrinsic):
26372 2011-12-06 Michael Saboff <msaboff@apple.com>
26374 Add 8 bit paths to global object functions
26375 https://bugs.webkit.org/show_bug.cgi?id=73875
26377 Added 8 bit paths for converions methods.
26379 This is worth 1.5% on kraken audio-oscillator,
26380 1.6% on stanford-crypto-ccm and 2.5% on
26381 stanford-crypto-sha256-iterative. See bug for
26384 Reviewed by Oliver Hunt.
26386 * runtime/JSGlobalObjectFunctions.cpp:
26387 (JSC::decode): Split into a templated helper.
26388 (JSC::parseInt): Split into a templated helper.
26389 (JSC::parseFloat): Added an 8 bit path
26390 (JSC::globalFuncEscape): Added 8 bit path
26391 (JSC::globalFuncUnescape): Added 8 bit path
26392 * runtime/JSStringBuilder.h:
26393 (JSC::JSStringBuilder::append): New append for LChar
26394 * wtf/text/StringBuilder.h:
26395 (WTF::StringBuilder::append): New append for LChar
26397 2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
26399 Enable ParallelJobs by default
26400 https://bugs.webkit.org/show_bug.cgi?id=70032
26402 Reviewed by Zoltan Herczeg.
26404 According to measurements on Mac and Linux it is a
26405 considerable speedup for SVG on multicore.
26407 Remove the ENABLE(PARALLEL_JOBS) guard.
26408 Fix build on Windows and Chromium.
26410 * JavaScriptCore.gypi: Add the files to the build. It was
26411 missing for the gyp build system.
26412 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
26414 * wtf/ParallelJobs.h:
26415 * wtf/ParallelJobsGeneric.cpp:
26416 (WTF::ParallelEnvironment::ParallelEnvironment):
26417 (WTF::ParallelEnvironment::execute):
26418 Deinline these to avoid exporting a lot of symbols.
26419 These are non-trivial and called only once on a given object
26420 so it doesn't seems to be worthwile to inline them.
26421 Additionally fix a signed-unsigned comparison in the constructor.
26422 * wtf/ParallelJobsGeneric.h:
26425 2011-12-06 Simon Hausmann <simon.hausmann@nokia.com>
26427 [Qt] build-jsc script doesn't work
26428 https://bugs.webkit.org/show_bug.cgi?id=73910
26430 Reviewed by Tor Arne Vestbø.
26432 * JavaScriptCore.pro: Build WTF before JavaScriptCore and JSC
26433 (moved from top-level WebKit.pro). Also add v8 scopes to only build
26434 WTF during v8 builds.
26436 2011-12-05 Anders Carlsson <andersca@apple.com>
26438 Add HashMap::keys() and HashMap::values() for easy iteration of hash map keys and values in C++11.
26440 Reviewed by Darin Adler.
26444 2011-12-05 Michael Saboff <msaboff@apple.com>
26446 Create StringImpl::empty() as an 8 bit string
26447 https://bugs.webkit.org/show_bug.cgi?id=73871
26449 Reviewed by Oliver Hunt.
26451 * wtf/text/StringStatics.cpp:
26452 (WTF::StringImpl::empty): Changed to be an 8 bit string.
26454 2011-12-05 Darin Adler <darin@apple.com>
26456 Convert JSClassRef to use HashMap<OwnPtr>
26457 https://bugs.webkit.org/show_bug.cgi?id=73780
26459 Reviewed by Andreas Kling.
26461 * API/JSCallbackObjectFunctions.h:
26462 (JSC::JSCallbackObject::getOwnPropertyNames): Use get() on the hash map
26463 entries because the hash map now has an OwnPtr instead of a raw pointer.
26465 * API/JSClassRef.cpp:
26466 (OpaqueJSClass::OpaqueJSClass): No need to initialize m_staticValues and
26467 m_staticFunctions since they are now OwnPtr. Use adoptPtr when allocating.
26468 Removed the code that gets and deletes existing entries, and just use set,
26469 which now handles deletion automatically due to it being OwnPtr.
26470 (OpaqueJSClass::~OpaqueJSClass): Replaced code to do all the deletion
26471 with assertion-only NDEBUG-only code.
26472 (OpaqueJSClassContextData::OpaqueJSClassContextData): Use adoptPtr when
26473 allocating. Use OwnPtr when adding. Removed unneeded code to set
26474 staticValues and staticFunctions to 0. Removed unneeded destructor.
26475 (OpaqueJSClass::staticValues): Added get call. Also removed unneeded local.
26476 (OpaqueJSClass::staticFunctions): Ditto.
26477 (OpaqueJSClass::prototype): Added use of adoptPtr.
26479 * API/JSClassRef.h: Made the static values and static functions tables
26480 use OwnPtr for the entries. Also used OwnPtr for the pointers to the
26481 tables themselves. Also removed ~OpaqueJSClassContextData(), letting
26482 the compiler generate it.
26484 2011-12-05 Oliver Hunt <oliver@apple.com>
26486 Land uncommitted bit of float array support
26487 https://bugs.webkit.org/show_bug.cgi?id=73873
26489 Reviewed by Filip Pizlo.
26491 * dfg/DFGSpeculativeJIT.cpp:
26492 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
26494 2011-12-05 Benjamin Poulain <benjamin@webkit.org>
26496 Update String::containsOnlyASCII() to handle 8 bits strings
26497 https://bugs.webkit.org/show_bug.cgi?id=73799
26499 Reviewed by Darin Adler.
26501 Implement String::containsOnlyASCII() so that it does not
26502 call String::characters().
26504 * wtf/text/WTFString.h:
26505 (WTF::String::containsOnlyASCII):
26507 2011-12-05 Filip Pizlo <fpizlo@apple.com>
26509 Unreviewed build fix for non-DFG platforms.
26511 * dfg/DFGRepatch.h:
26513 2011-12-05 Filip Pizlo <fpizlo@apple.com>
26515 Old JIT emits 32-bit offsets for put_by_id but sometimes patches them as if they
26516 were compact offsets
26517 https://bugs.webkit.org/show_bug.cgi?id=73861
26519 Reviewed by Gavin Barraclough.
26521 * jit/JITPropertyAccess32_64.cpp:
26522 (JSC::JIT::resetPatchPutById):
26524 2011-12-05 Filip Pizlo <fpizlo@apple.com>
26526 Unreviewed, build fixes for ARM.
26528 * assembler/AbstractMacroAssembler.h:
26529 (JSC::AbstractMacroAssembler::unreachableForPlatform):
26530 * assembler/MacroAssemblerARMv7.h:
26531 (JSC::MacroAssemblerARMv7::loadDouble):
26532 (JSC::MacroAssemblerARMv7::loadFloat):
26533 (JSC::MacroAssemblerARMv7::storeFloat):
26534 (JSC::MacroAssemblerARMv7::convertFloatToDouble):
26535 (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
26537 2011-12-05 Benjamin Poulain <benjamin@webkit.org>
26539 Update String::containsOnlyLatin1() to avoid converting to 16 bits
26540 https://bugs.webkit.org/show_bug.cgi?id=73797
26542 Reviewed by Andreas Kling.
26544 When the String use 8bits StringImpl, there is no need to iterate
26547 The function charactersAreAllLatin1() is removed because it is not
26550 * wtf/text/WTFString.h:
26551 (WTF::String::containsOnlyLatin1):
26553 2011-12-05 Michael Saboff <msaboff@apple.com>
26555 8 bit string work slows down Kraken json-stringify-tinderbox
26556 https://bugs.webkit.org/show_bug.cgi?id=73457
26558 Added 8 bit path to StringBuilder. StringBuilder starts
26559 assuming 8 bit contents and gets converted to 16 bit upon
26560 seeing the first 16 bit character or string. Split
26561 appendUninitialiezed into an inlined fast and function call
26564 Factored out the processing of the UString argument from
26565 Stringifier::appendQuotedString() to a static templated function
26566 based on character size.
26568 This change eliminates 5% of the 7% slowdown to json-stringify-tinderbox.
26569 This change introduces a 4.8% slowdown to json-parse-financial.
26570 This slowdown will be addressed in a subsequent patch to StringImpl::equal.
26572 Reviewed by Oliver Hunt.
26574 * runtime/JSONObject.cpp:
26575 (JSC::appendStringToUStringBuilder):
26576 (JSC::Stringifier::appendQuotedString):
26577 * wtf/text/StringBuilder.cpp:
26578 (WTF::StringBuilder::resize):
26579 (WTF::StringBuilder::allocateBuffer):
26580 (WTF::StringBuilder::allocateBufferUpConvert):
26583 (WTF::StringBuilder::reserveCapacity):
26584 (WTF::StringBuilder::appendUninitialized):
26585 (WTF::StringBuilder::appendUninitializedSlow):
26586 (WTF::StringBuilder::append):
26587 (WTF::StringBuilder::shrinkToFit):
26588 * wtf/text/StringBuilder.h:
26589 (WTF::StringBuilder::StringBuilder):
26590 (WTF::StringBuilder::append):
26591 (WTF::StringBuilder::operator[]):
26592 (WTF::StringBuilder::characters8):
26593 (WTF::StringBuilder::characters16):
26594 (WTF::StringBuilder::charactersBlah):
26598 2011-12-01 Gavin Barraclough <barraclough@apple.com>
26600 https://bugs.webkit.org/show_bug.cgi?id=73624
26601 JIT + INTERPRETER builds are broken
26603 Reviewed by Geoff Garen, Sam Weinig.
26605 These don't fallback to the interpreter correctly.
26606 Thunk creation assumes that is the JIT is compiled in, then it is enabled.
26608 * jit/JITStubs.cpp:
26609 (JSC::JITThunks::JITThunks):
26610 * runtime/Executable.h:
26611 (JSC::NativeExecutable::create):
26612 (JSC::NativeExecutable::finishCreation):
26613 * runtime/JSGlobalData.cpp:
26614 (JSC::JSGlobalData::getHostFunction):
26616 2011-12-05 Zoltan Herczeg <zherczeg@webkit.org>
26618 MacroAssemblerSH4 does not implement readCallTarget
26619 https://bugs.webkit.org/show_bug.cgi?id=73434
26621 Reviewed by Csaba Osztrogonác.
26623 * assembler/MacroAssemblerSH4.h: Support for SH4.
26624 (JSC::MacroAssemblerSH4::readCallTarget):
26625 * assembler/SH4Assembler.h:
26626 (JSC::SH4Assembler::readCallTarget):
26628 2011-12-04 Filip Pizlo <fpizlo@apple.com>
26630 DFG should optimize strict equality
26631 https://bugs.webkit.org/show_bug.cgi?id=73764
26633 Reviewed by Oliver Hunt.
26637 * dfg/DFGSpeculativeJIT.cpp:
26638 (JSC::DFG::SpeculativeJIT::compare):
26639 (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
26640 (JSC::DFG::SpeculativeJIT::compileStrictEq):
26641 * dfg/DFGSpeculativeJIT.h:
26642 * dfg/DFGSpeculativeJIT32_64.cpp:
26643 (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
26644 (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
26645 (JSC::DFG::SpeculativeJIT::compile):
26646 * dfg/DFGSpeculativeJIT64.cpp:
26647 (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
26648 (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
26649 (JSC::DFG::SpeculativeJIT::compile):
26651 2011-12-03 Darin Adler <darin@apple.com>
26653 Use HashMap<OwnPtr> for ScriptSampleRecordMap
26654 https://bugs.webkit.org/show_bug.cgi?id=73758
26656 Reviewed by Andreas Kling.
26658 * bytecode/SamplingTool.cpp:
26659 (JSC::SamplingTool::notifyOfScope): Added adoptPtr.
26660 (JSC::SamplingTool::dump): Added get.
26661 * bytecode/SamplingTool.h: Changed the value type of ScriptSampleRecordMap to be OwnPtr.
26663 2011-12-03 Darin Adler <darin@apple.com>
26665 Use HashMap<OwnPtr> for the opaqueJSClassData map
26666 https://bugs.webkit.org/show_bug.cgi?id=73759
26668 Reviewed by Andreas Kling.
26670 * API/JSClassRef.cpp:
26671 (OpaqueJSClass::contextData): Update types.
26672 * runtime/JSGlobalData.cpp:
26673 (JSC::JSGlobalData::~JSGlobalData): Add an explicit clear of opaqueJSClassData to keep the
26674 timing the same. If we didn't care about the order of operations, we could remove this, too.
26675 * runtime/JSGlobalData.h: Use OwnPtr instead of raw pointer for the mapped type in the
26676 opaqueJSClassData map.
26678 2011-12-03 Darin Adler <darin@apple.com>
26680 Change HashMap implementation to use the pass type and peek type from traits for the mapped value
26681 https://bugs.webkit.org/show_bug.cgi?id=72474
26683 Reviewed by Anders Carlsson.
26685 * wtf/HashMap.h: Added ReferenceTypeMaker struct template. Get PassInType, PassOutType,
26686 and PeekType from the traits of the mapped value instead of hard-coding them here.
26687 Changed inlineAdd to take a reference to the PassInType instead of the PassInType itself,
26688 to accomodate a PassInType that can't be copied. Use the store, peek, and passOut
26689 functions from the traits as well.
26691 * wtf/HashTraits.h: Updated GenericHashTraits and HashTraits for OwnPtr to include
26692 PassInType, PassOutType, PeekType, store, passOut, and peek. Before this, the file had
26693 an earlier version that was just PassType, PeekType, pass, and peek. Also commented
26694 the HashTraits for RefPtr to foreshadow some work we can do there.
26696 * wtf/RefPtrHashMap.h: Same changes as HashMap.h.
26698 2011-12-02 David Levin <levin@chromium.org>
26700 Rename WTF class from TemporarilyChange to TemporaryChange.
26701 https://bugs.webkit.org/show_bug.cgi?id=73479
26703 Reviewed by Eric Seidel.
26705 * JavaScriptCore.gypi:
26706 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
26707 * JavaScriptCore.xcodeproj/project.pbxproj:
26708 * wtf/TemporaryChange.h: Renamed from Source/JavaScriptCore/wtf/TemporarilyChange.h.
26709 (WTF::TemporaryChange::TemporaryChange):
26710 (WTF::TemporaryChange::~TemporaryChange):
26712 2011-12-02 Mark Hahnenberg <mhahnenberg@apple.com>
26714 REGRESSION (r99754): All layout tests crash on Windows
26715 https://bugs.webkit.org/show_bug.cgi?id=72305
26717 Reviewed by Geoffrey Garen.
26719 Fixes a crash in release builds on Windows. Windows was optimizing the out-of-line virtual destructor in
26720 JSFunction away, which left it with no virtual functions. Its vtable ptr was then identical to that of
26721 a different class, therefore the optimization in the visitChildren helper function in MarkedStack.cpp was calling an
26722 incorrect version of visitChildren on the object, which left its children unmarked, causing them to be
26723 collected when they were still reachable.
26725 * runtime/JSFunction.cpp:
26726 (JSC::JSFunction::vtableAnchor): Add a virtual function to JSFunction that Visual Studio can't optimize away.
26727 * runtime/JSFunction.h:
26728 * runtime/JSGlobalData.cpp:
26729 (JSC::JSGlobalData::storeVPtrs): Add checks to make sure that all virtual pointers that we rely on for optimization
26730 purposes are distinct from one another.
26732 2011-12-02 Oliver Hunt <oliver@apple.com>
26734 Improve float array support in the DFG JIT
26735 https://bugs.webkit.org/show_bug.cgi?id=73722
26737 Reviewed by Gavin Barraclough.
26739 Add basic support for float typed arrays in JSC. This is currently
26740 less optimal than it could be in the following ways:
26741 * float32Array1[0] = float32Array2[0] (eg. an element by element copy)
26742 promotes float to double and then back to float.
26743 * float64Array[0] will always perform NaN tests in order to prevent
26744 signalling NaNs from entering the engine.
26746 We also don't support Float32Array on ARMv7
26748 * assembler/MacroAssemblerARMv7.h:
26749 (JSC::MacroAssemblerARMv7::loadDouble):
26750 (JSC::MacroAssemblerARMv7::loadFloat):
26751 (JSC::MacroAssemblerARMv7::storeDouble):
26752 (JSC::MacroAssemblerARMv7::storeFloat):
26753 (JSC::MacroAssemblerARMv7::convertFloatToDouble):
26754 (JSC::MacroAssemblerARMv7::convertDoubleToFloat):
26755 * assembler/MacroAssemblerX86Common.h:
26756 (JSC::MacroAssemblerX86Common::loadDouble):
26757 (JSC::MacroAssemblerX86Common::loadFloat):
26758 (JSC::MacroAssemblerX86Common::storeDouble):
26759 (JSC::MacroAssemblerX86Common::storeFloat):
26760 (JSC::MacroAssemblerX86Common::convertDoubleToFloat):
26761 (JSC::MacroAssemblerX86Common::convertFloatToDouble):
26762 * assembler/X86Assembler.h:
26763 (JSC::X86Assembler::cvtsd2ss_rr):
26764 (JSC::X86Assembler::cvtss2sd_rr):
26765 (JSC::X86Assembler::movsd_rm):
26766 (JSC::X86Assembler::movss_rm):
26767 (JSC::X86Assembler::movsd_mr):
26768 (JSC::X86Assembler::movss_mr):
26769 * dfg/DFGAbstractState.cpp:
26770 (JSC::DFG::AbstractState::execute):
26772 (JSC::DFG::Node::shouldSpeculateFloat32Array):
26773 * dfg/DFGPropagator.cpp:
26774 (JSC::DFG::Propagator::propagateNodePredictions):
26775 * dfg/DFGSpeculativeJIT.cpp:
26776 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
26777 (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
26778 (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
26779 * dfg/DFGSpeculativeJIT.h:
26780 * dfg/DFGSpeculativeJIT32_64.cpp:
26781 (JSC::DFG::SpeculativeJIT::compile):
26782 * dfg/DFGSpeculativeJIT64.cpp:
26783 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
26784 (JSC::DFG::SpeculativeJIT::compile):
26786 2011-12-02 Sheriff Bot <webkit.review.bot@gmail.com>
26788 Unreviewed, rolling out r101801.
26789 http://trac.webkit.org/changeset/101801
26790 https://bugs.webkit.org/show_bug.cgi?id=73667
26792 Build is still broken (Requested by Ossy on #webkit).
26794 * assembler/SH4Assembler.h:
26796 2011-12-01 Darin Adler <darin@apple.com>
26798 Prepare to deploy pass and peek types in the HashMap class
26799 https://bugs.webkit.org/show_bug.cgi?id=73477
26801 Reviewed by Adam Roben.
26803 This patch adds private typedefs inside the HashMap class,
26804 and uses them as appropriate. A future patch will actually
26805 tie those typedefs to hash traits, which will allow us to
26806 make HashMap work with OwnPtr mapped values and to optimize
26807 how HashMap works with RefPtr mapped values.
26809 Also changed the hash translator and adapter struct templates
26810 to use template functions to simplify them and make them more
26813 Also removed some unused template arguments.
26815 This goes out of its way to not change behavior. Future patches
26816 will change the peek type to be a reference type, which will
26817 reduce reference count churn a bit for hash tables with RefPtr
26818 mapped values, and then do further optimizations for RefPtr
26819 and OwnPtr by getting types from the hash traits.
26821 * wtf/HashMap.h: Added MappedPassInType, MappedPassOutType,
26822 and MappedPeekType typedefs, and used them for the arguments
26823 and return types of the get, set, add, take, and inlineAdd
26825 (WTF::HashMapTranslator): Changed this struct template to take
26826 fewer arguments, and changed its member functions to be
26827 function templates instead. This allows the compiler to
26828 determine types more flexibly and also simplifies use of it.
26829 (WTF::HashMapTranslatorAdapter): Ditto.
26830 (WTF::HashMap::find): Updated to use new HashMapTranslatorAdapter.
26831 Also reduced the arguments passed to the HashTable function template.
26832 (WTF::HashMap::contains): Ditto.
26833 (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
26834 (WTF::HashMap::set): Ditto.
26835 (WTF::HashMap::add): Ditto.
26836 (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
26837 (WTF::HashMap::get): Ditto.
26838 (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
26839 that type in the implementation.
26840 (WTF::deleteAllValues): Removed unneeded template arguments from
26841 call to deleteAllPairSeconds.
26842 (WTF::deleteAllKeys): Removed unneeded template arguments from
26843 call to deleteAllPairFirsts.
26846 (WTF::IdentityExtractor): Changed this to be a struct rather than
26847 a struct template, and replaced the extract function with a function
26848 template. This allows the compiler to deduce the type.
26849 (WTF::HashSetTranslatorAdapter): Changed this struct template to take
26850 fewer arguments, and changed its member functions to be
26851 function templates instead. This allows the compiler to
26852 determine types more flexibly and also simplifies use of it.
26853 (WTF::HashSet::find): Updated to use new HashSetTranslatorAdapter.
26854 Also reduced the arguments passed to the HashTable function template.
26855 (WTF::HashSet::contains): Ditto.
26856 (WTF::HashSet::add): Ditto.
26859 (WTF::IdentityHashTranslator): Changed this struct template to take
26860 fewer arguments, and changed its member functions to be
26861 function templates instead. This allows the compiler to
26862 determine types more flexibly and also simplifies use of it.
26863 (WTF::HashTable::add): Reduced arguments passed to the function template.
26864 (WTF::HashTable::find): Ditto, also reversed the template arguments so the
26865 translator comes first so the compiler can deduce the other type.
26866 (WTF::HashTable::contains): Ditto.
26867 (WTF::HashTable::lookup): Ditto.
26868 (WTF::HashTable::lookupForWriting): Ditto.
26869 (WTF::HashTable::checkKey): Ditto.
26870 (WTF::HashTable::fullLookupForWriting): Ditto.
26871 (WTF::HashTable::add): Ditto.
26872 (WTF::HashTable::addPassingHashCode): Ditto.
26873 (WTF::HashTable::find): Ditto.
26874 (WTF::HashTable::contains): Ditto.
26876 * wtf/ListHashSet.h:
26877 (WTF::ListHashSetNodeHashFunctions): Changed this struct template to take
26878 fewer arguments, and changed its member functions to be function templates
26879 instead. This allows the compiler to determine types more flexibly and
26880 also simplifies use of it.
26881 (WTF::ListHashSet::find): Reduced the arguments passed to the HashTable
26883 (WTF::ListHashSetTranslatorAdapter): Changed this struct template in the
26884 same way we changed ListHashSetNodeHashFunctions above.
26885 (WTF::ListHashSetTranslatorAdapter::equal):
26888 (WTF::::insertBefore):
26890 * wtf/RefPtrHashMap.h: Updated comments. Removed the
26891 RefPtrHashMapRawKeyTranslator struct template; we can use the
26892 HashMapTranslator struct template from HashMap.h instead now that
26893 it is more flexible. Added MappedPassInType, MappedPassOutType,
26894 and MappedPeekType typedefs, and used them for the arguments
26895 and return types of the get, inlineGet, set, add, take, and inlineAdd
26896 functions. Changed the name of the RawKeyTranslator type to
26897 Translator since it's now a class that can handle both raw keys
26898 and conventional keys.
26899 (WTF::HashMap::find): Changed to use Translator instead of RawKeyTranslator.
26900 Reduced the arguments passed to the HashTable function template.
26901 (WTF::HashMap::contains): Ditto.
26902 (WTF::HashMap::inlineAdd): Ditto. Also take MappedPassInType.
26903 (WTF::HashMap::set): Ditto.
26904 (WTF::HashMap::add): Ditto.
26905 (WTF::HashMap::inlineGet): Ditto, but return MappedPeekType.
26906 (WTF::HashMap::get): Ditto.
26907 (WTF::HashMap::take): Ditto, but return MappedPassOutType and use
26908 that type in the implementation.
26909 (WTF::deleteAllValues): Removed unneeded template arguments from
26910 call to deleteAllPairSeconds.
26911 (WTF::deleteAllKeys): Removed unneeded template arguments from
26912 call to deleteAllPairFirsts.
26914 2011-12-02 Zoltan Herczeg <zherczeg@webkit.org>
26916 MacroAssemblerSH4 does not implement readCallTarget
26917 https://bugs.webkit.org/show_bug.cgi?id=73434
26919 Reviewed by Csaba Osztrogonác.
26921 * assembler/SH4Assembler.h:
26922 (JSC::SH4Assembler::readCallTarget): Support for SH4.
26924 2011-12-02 Hajime Morrita <morrita@chromium.org>
26926 Unreviewed, rolling out r101751 and r101775.
26927 http://trac.webkit.org/changeset/101751
26928 http://trac.webkit.org/changeset/101775
26929 https://bugs.webkit.org/show_bug.cgi?id=73191
26931 breaks Windows build
26933 * JavaScriptCore.xcodeproj/project.pbxproj:
26935 * runtime/JSExportMacros.h: Removed.
26936 * wtf/ExportMacros.h:
26938 * wtf/WTFThreadData.h:
26939 * wtf/text/AtomicString.h:
26940 * wtf/text/StringStatics.cpp:
26942 2011-12-01 Hajime Morrita <morrita@chromium.org>
26944 JS_INLINE and WTF_INLINE should be visible from WebCore
26945 https://bugs.webkit.org/show_bug.cgi?id=73191
26947 - Moved Export related macro definitions from config.h to ExportMacros.h and JSExportMacros.h.
26948 - Moved WTF_USE_JSC and WTF_USE_V8 from various config.h family to Platform.h.
26949 - Replaced JS_EXPORTDATA in wtf moudule with newly introduced WTF_EXPORTDATA.
26951 Reviewed by Kevin Ollivier.
26953 * JavaScriptCore.xcodeproj/project.pbxproj:
26955 * runtime/JSExportMacros.h: Added.
26956 * wtf/ExportMacros.h:
26958 * wtf/WTFThreadData.h:
26959 * wtf/text/AtomicString.h:
26960 * wtf/text/StringStatics.cpp:
26962 2011-12-01 Michael Saboff <msaboff@apple.com>
26964 Changes proposed for 73457 slow down Kraken json-parse-financial
26965 https://bugs.webkit.org/show_bug.cgi?id=73584
26967 Restructured StringImpl::equal to take advantage of 8 or 4 bytes
26968 at a time when possible.
26970 This is worth ~3% on Kraken json-parse-financial. It provides
26971 ~2% on SunSpider string-unpack-code.
26973 Reviewed by Sam Weinig.
26975 * wtf/text/StringImpl.cpp:
26978 2011-12-01 Oliver Hunt <oliver@apple.com>
26980 Support integer typed arrays in the DFG JIT
26981 https://bugs.webkit.org/show_bug.cgi?id=73608
26983 Reviewed by Filip Pizlo.
26985 Add support for all the integral typed arrays in the DFG JIT.
26986 Currently this loads the contents of Uint32 arrays as doubles,
26987 which is clearly not as efficient as it could be, but this is
26988 still in the order of 10-20x faster than the existing behaviour.
26990 This needed us to add support for writing 16bit values to the
26991 macroassembler, and also to support double<->unsigned conversion.
26993 * assembler/ARMv7Assembler.h:
26994 (JSC::ARMv7Assembler::strh):
26995 (JSC::ARMv7Assembler::vcvt_floatingPointToUnsigned):
26996 * assembler/MacroAssemblerARMv7.h:
26997 (JSC::MacroAssemblerARMv7::store16):
26998 (JSC::MacroAssemblerARMv7::truncateDoubleToUint32):
26999 * assembler/MacroAssemblerX86Common.h:
27000 (JSC::MacroAssemblerX86Common::store16):
27001 (JSC::MacroAssemblerX86Common::truncateDoubleToUint32):
27002 * assembler/X86Assembler.h:
27003 (JSC::X86Assembler::movw_rm):
27004 (JSC::X86Assembler::cvttsd2siq_rr):
27005 * bytecode/PredictedType.cpp:
27006 (JSC::predictionToString):
27007 (JSC::predictionFromClassInfo):
27008 * bytecode/PredictedType.h:
27009 (JSC::isInt8ArrayPrediction):
27010 (JSC::isInt16ArrayPrediction):
27011 (JSC::isInt32ArrayPrediction):
27012 (JSC::isUint8ArrayPrediction):
27013 (JSC::isUint16ArrayPrediction):
27014 (JSC::isUint32ArrayPrediction):
27015 (JSC::isFloat32ArrayPrediction):
27016 (JSC::isFloat64ArrayPrediction):
27017 * dfg/DFGAbstractState.cpp:
27018 (JSC::DFG::AbstractState::initialize):
27019 (JSC::DFG::AbstractState::execute):
27021 (JSC::DFG::Node::shouldSpeculateInt8Array):
27022 (JSC::DFG::Node::shouldSpeculateInt16Array):
27023 (JSC::DFG::Node::shouldSpeculateInt32Array):
27024 (JSC::DFG::Node::shouldSpeculateUint8Array):
27025 (JSC::DFG::Node::shouldSpeculateUint16Array):
27026 (JSC::DFG::Node::shouldSpeculateUint32Array):
27027 (JSC::DFG::Node::shouldSpeculateFloat32Array):
27028 (JSC::DFG::Node::shouldSpeculateFloat64Array):
27029 * dfg/DFGPropagator.cpp:
27030 (JSC::DFG::Propagator::propagateNodePredictions):
27031 (JSC::DFG::Propagator::fixupNode):
27032 (JSC::DFG::Propagator::performNodeCSE):
27033 * dfg/DFGSpeculativeJIT.cpp:
27034 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
27035 (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLength):
27036 (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
27037 (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
27038 * dfg/DFGSpeculativeJIT.h:
27039 * dfg/DFGSpeculativeJIT32_64.cpp:
27040 (JSC::DFG::SpeculativeJIT::compile):
27041 * dfg/DFGSpeculativeJIT64.cpp:
27042 (JSC::DFG::SpeculativeJIT::compile):
27043 * runtime/JSGlobalData.h:
27045 2011-12-01 Benjamin Poulain <benjamin@webkit.org>
27047 URLs are encoded in UTF-8, then decoded as if they are Latin1
27048 https://bugs.webkit.org/show_bug.cgi?id=71758
27050 Reviewed by Darin Adler.
27052 Add the operator == between a String and a Vector of char. The implementation
27053 is the same as the comparison of String and char* but adds the length as a
27054 parameter for comparing the strings.
27056 * JavaScriptCore.exp:
27057 * wtf/text/StringImpl.h:
27059 * wtf/text/WTFString.h:
27063 2011-12-01 Martin Robinson <mrobinson@igalia.com>
27065 [GTK] Read fonts from the jhbuild root
27066 https://bugs.webkit.org/show_bug.cgi?id=73487
27068 Reviewed by Gustavo Noronha Silva.
27070 Read fonts from the jhbuild root instead of from the system. This will ensure
27071 that all testers use the same fonts instead of leaving this up to luck.
27073 * wtf/gobject/GlibUtilities.h: Add Assertions.h which was required for the WebKit2TestRunner.
27075 2011-12-01 Martin Robinson <mrobinson@igalia.com>
27077 [GTK] Add a helper function to find the current executable's path
27078 https://bugs.webkit.org/show_bug.cgi?id=73473
27080 Reviewed by Gustavo Noronha Silva.
27082 Add a WTF helper which gets the binary path. This is currently only used
27085 * GNUmakefile.list.am: Add the new file to the source list.
27086 * wtf/gobject/GlibUtilities.cpp: Added.
27087 (getCurrentExecutablePath):
27088 * wtf/gobject/GlibUtilities.h: Added.
27090 2011-12-01 Sheriff Bot <webkit.review.bot@gmail.com>
27092 Unreviewed, rolling out r101691.
27093 http://trac.webkit.org/changeset/101691
27094 https://bugs.webkit.org/show_bug.cgi?id=73588
27096 Tests fail on Chromium bots, early warning system warned
27097 committer, please adjust test_expectations in patch (Requested
27098 by scheib on #webkit).
27100 * JavaScriptCore.exp:
27101 * wtf/text/StringImpl.h:
27102 * wtf/text/WTFString.h:
27104 2011-12-01 Filip Pizlo <fpizlo@apple.com>
27106 ARMv7 only allows for one-shot patching of compact offsets, while the
27107 JIT expects to be able to repatch
27108 https://bugs.webkit.org/show_bug.cgi?id=73548
27110 Reviewed by Oliver Hunt.
27112 * assembler/ARMv7Assembler.h:
27113 (JSC::ARMv7Assembler::setUInt7ForLoad):
27115 2011-11-30 Benjamin Poulain <benjamin@webkit.org>
27117 URLs are encoded in UTF-8, then decoded as if they are Latin1
27118 https://bugs.webkit.org/show_bug.cgi?id=71758
27120 Reviewed by Darin Adler.
27122 Add the operator == between a String and a Vector of char. The implementation
27123 is the same as the comparison of String and char* but adds the length as a
27124 parameter for comparing the strings.
27126 * JavaScriptCore.exp:
27127 * wtf/text/StringImpl.h:
27129 * wtf/text/WTFString.h:
27133 2011-11-30 Dmitry Lomov <dslomov@google.com>
27135 https://bugs.webkit.org/show_bug.cgi?id=73503
27136 [Chromium][V8] Implement ArrayBuffer transfer in chromium.
27137 Portions of this patch come from Luke Zarko.
27139 Reviewed by David Levin.
27141 * wtf/ArrayBuffer.cpp:
27142 (WTF::ArrayBuffer::transfer): Changed prototype from pointers to RefPtr.
27143 * wtf/ArrayBuffer.h:
27144 (WTF::ArrayBufferContents::transfer): Changed prototype from pointers to RefPtr.
27145 (WTF::ArrayBuffer::isNeutered):
27146 * wtf/TypedArrayBase.h:
27147 (WTF::TypedArrayBase::neuter):
27149 2011-12-01 Chao-ying Fu <fu@mips.com>
27151 MacroAssemblerMIPS does not implement readCallTarget
27152 https://bugs.webkit.org/show_bug.cgi?id=73432
27154 Reviewed by Zoltan Herczeg.
27156 * assembler/MIPSAssembler.h:
27157 (JSC::MIPSAssembler::readCallTarget):
27158 * assembler/MacroAssemblerMIPS.h:
27159 (JSC::MacroAssemblerMIPS::readCallTarget):
27161 2011-12-01 Noel Gordon <noel.gordon@gmail.com>
27163 [chromium] Remove wtf/qt/ThreadingQt.cpp from the gyp projects
27164 https://bugs.webkit.org/show_bug.cgi?id=73527
27166 Reviewed by Simon Hausmann.
27168 wtf/qt/ThreadingQt.cpp was removed in r101477
27170 * JavaScriptCore.gypi: remove wtf/qt/ThreadingQt.cpp
27172 2011-12-01 Filip Pizlo <fpizlo@apple.com>
27174 BitVector isInline check could fail
27175 https://bugs.webkit.org/show_bug.cgi?id=70691
27177 Reviewed by Gavin Barraclough.
27179 Switch back to using the high bit as the inline marker, to make
27180 all of the bit indexing operations simpler. Computing the size in
27181 words and in bytes of a bitvector, using the number of bits as
27182 input is error-prone enough; and with the current approach to
27183 solving the X86 bug we end up getting it wrong. Making it right
27186 So instead, to solve the original problem (the high bit may be
27187 meaningful on 32-bit systems), the out-of-line storage pointer is
27188 right-shifted by 1. Compared to the original BitVector code, this
27189 is a much smaller change (just three lines).
27191 This solves a bug where the DFG was corrupting its call frame
27192 because BitVector lost track of some bits.
27194 * wtf/BitVector.cpp:
27195 (WTF::BitVector::setSlow):
27196 (WTF::BitVector::resizeOutOfLine):
27198 (WTF::BitVector::quickGet):
27199 (WTF::BitVector::quickSet):
27200 (WTF::BitVector::quickClear):
27201 (WTF::BitVector::makeInlineBits):
27202 (WTF::BitVector::isInline):
27203 (WTF::BitVector::outOfLineBits):
27205 2011-11-30 Filip Pizlo <fpizlo@apple.com>
27207 DFG should make it easier to notice node boundaries in disassembly
27208 https://bugs.webkit.org/show_bug.cgi?id=73509
27210 Rubber-stamped by Gavin Barraclough
27212 If you set XOR_DEBUG_AID to 1 in DFGCommon.h, a pair of xor's will
27213 be emitted at node boundaries, where the immediate being xor'd is the
27217 * dfg/DFGSpeculativeJIT.cpp:
27218 (JSC::DFG::SpeculativeJIT::compile):
27220 2011-11-30 Geoffrey Garen <ggaren@apple.com>
27222 Removed ArgList iterators.
27224 Reviewed by Gavin Barraclough.
27226 Another step toward reversing the argument order.
27228 * interpreter/Interpreter.cpp:
27229 (JSC::Interpreter::executeCall):
27230 (JSC::Interpreter::executeConstruct): Switched from iterator to int.
27232 * runtime/ArgList.h:
27233 (JSC::ArgList::ArgList):
27234 (JSC::ArgList::isEmpty): Removed iterators.
27236 * runtime/JSArray.cpp:
27237 (JSC::JSArray::finishCreation): Switched from iterator to int.
27239 2011-11-30 Yuqiang Xian <yuqiang.xian@intel.com>
27241 32 bit DFG should handle logicalNot slow case instead of simply bailing out
27242 https://bugs.webkit.org/show_bug.cgi?id=73515
27244 Reviewed by Filip Pizlo.
27246 This improves Kraken performance by 14%, mainly due to ~3X improvement
27247 on imaging-desaturate.
27249 * dfg/DFGSpeculativeJIT32_64.cpp:
27250 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
27252 2011-11-30 Max Vujovic <mvujovic@adobe.com>
27254 Some date values not handled consistently with IE/Firefox
27255 https://bugs.webkit.org/show_bug.cgi?id=14176
27257 Reviewed by Gavin Barraclough.
27259 Changed time zone offset parsing behavior to match IE/Firefox/Opera's in
27260 implementation dependent cases like "GMT-4".
27262 * wtf/DateMath.cpp:
27263 (WTF::parseDateFromNullTerminatedCharacters):
27265 2011-11-30 Mark Hahnenberg <mhahnenberg@apple.com>
27267 toStringCallback and valueOfCallback do not check the entire prototype chain for convertToType callback
27268 https://bugs.webkit.org/show_bug.cgi?id=73368
27270 Reviewed by Darin Adler.
27272 We need to search the entire prototype chain for the convertToType callback, rather than just calling whatever
27273 happens to be in the first class of the chain, which potentially could be null.
27275 <rdar://problem/10493218>
27277 * API/JSCallbackFunction.cpp:
27278 (JSC::JSCallbackFunction::toStringCallback):
27279 (JSC::JSCallbackFunction::valueOfCallback):
27281 2011-11-29 Sam Weinig <sam@webkit.org>
27283 Add adoptCF and adoptNS convenience functions to RetainPtr.h
27284 https://bugs.webkit.org/show_bug.cgi?id=73399
27286 Reviewed by Anders Carlsson.
27291 These adoption functions match the pattern we use in other
27292 smart pointer classes.
27294 2011-11-30 Adam Roben <aroben@apple.com>
27296 Fix RetainPtr's move assignment operators
27298 Fixes <http://webkit.org/b/73449> RetainPtr's move assignment operators don't modify the
27299 pointer being assigned to
27301 I didn't write a test for this because we don't have a way of unit testing C++11 code (see
27302 <http://webkit.org/b/73448>).
27304 Reviewed by Anders Carlsson.
27307 (WTF::RetainPtr::operator=): Adopt the passed-in RetainPtr's underlying pointer, not our own
27310 2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
27312 Unreviewed rolling out incorrect r101481.
27314 * assembler/MIPSAssembler.h:
27315 * assembler/MacroAssemblerMIPS.h:
27317 2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
27319 Fix compilation with MingW.
27321 Reviewed by Csaba Osztrogonác.
27323 * wtf/ThreadingWin.cpp:
27324 (WTF::initializeCurrentThreadInternal): MingW doesn't support MSVC exception handling, so for
27325 the time being make the thread name setting unimplemented for MingW.
27327 2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
27329 Unreviewed propective build fix for Qt/Windows part 2 after r101477.
27331 * wtf/ThreadSpecific.h: Fix the OS(WINDOWS) defines for the friend declaration for ThreadSpecific<T>::Data
27333 2011-11-30 Simon Hausmann <simon.hausmann@nokia.com>
27335 Unreviewed propective build fix for Qt/Windows after r101477.
27337 * wtf/ThreadSpecific.h: Use OS(WINDOWS) for declaring "destructor", as it's
27338 only referenced from within another OS(WINDOWS) section.
27340 2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
27342 Unreviewed speculative buildfix after r101457.
27344 * assembler/MIPSAssembler.h:
27345 (JSC::MIPSAssembler::readCallTarget):
27346 * assembler/MacroAssemblerMIPS.h:
27347 (JSC::MacroAssemblerMIPS::readCallTarget):
27349 2011-11-30 Andrew Wason <rectalogic@rectalogic.com>
27351 Replace Qt QThread threading back-end with pthread/Win32 threading back-ends
27352 https://bugs.webkit.org/show_bug.cgi?id=72155
27354 Reviewed by Simon Hausmann.
27356 Use ThreadingPthreads and ThreadingWin instead of ThreadingQt.
27358 * heap/MachineStackMarker.cpp:
27359 * wtf/MainThread.cpp:
27360 (WTF::initializeMainThread):
27362 * wtf/ThreadSpecific.h: Drop QThreadStorage related code.
27364 * wtf/ThreadingPrimitives.h:
27365 * wtf/qt/MainThreadQt.cpp: Drop Qt specific isMainThread().
27366 (WTF::initializeMainThreadPlatform): Initialize MainThreadInvoker on main thread to avoid infecting secondary thread with QAdoptedThread.
27367 (WTF::scheduleDispatchFunctionsOnMainThread):
27368 * wtf/qt/ThreadingQt.cpp: Removed.
27371 2011-11-30 Csaba Osztrogonác <ossy@webkit.org>
27373 MacroAssemblerARM does not implement readCallTarget
27374 https://bugs.webkit.org/show_bug.cgi?id=73413
27376 Based on Filip Pizlo's patch.
27378 Buildfix. Rubber-stamped by Gabor Loki.
27380 * assembler/ARMAssembler.h:
27381 (JSC::ARMAssembler::readCallTarget):
27382 * assembler/MacroAssemblerARM.h:
27383 (JSC::MacroAssemblerARM::readCallTarget):
27385 2011-11-29 Filip Pizlo <fpizlo@apple.com>
27387 Resetting a put_by_id inline cache should preserve the "isDirect" bit
27388 https://bugs.webkit.org/show_bug.cgi?id=73375
27390 Reviewed by Gavin Barraclough.
27392 For the replace case, we can find out if it was direct by looking at the
27393 slow call. For the transition case, we explicitly remember if it was
27396 * bytecode/CodeBlock.cpp:
27397 (JSC::printStructureStubInfo):
27398 * bytecode/StructureStubInfo.cpp:
27399 (JSC::StructureStubInfo::deref):
27400 (JSC::StructureStubInfo::visitWeakReferences):
27401 * bytecode/StructureStubInfo.h:
27402 (JSC::isPutByIdAccess):
27403 (JSC::StructureStubInfo::initPutByIdTransition):
27404 * dfg/DFGByteCodeParser.cpp:
27405 (JSC::DFG::ByteCodeParser::parseBlock):
27406 * dfg/DFGRepatch.cpp:
27407 (JSC::DFG::tryCachePutByID):
27409 * jit/JITPropertyAccess.cpp:
27410 (JSC::JIT::resetPatchPutById):
27411 (JSC::JIT::isDirectPutById):
27412 * jit/JITPropertyAccess32_64.cpp:
27413 (JSC::JIT::resetPatchPutById):
27414 * jit/JITStubs.cpp:
27415 (JSC::JITThunks::tryCachePutByID):
27417 2011-11-29 Sam Weinig <sam@webkit.org>
27419 Remove RetainPtr::releaseRef
27420 https://bugs.webkit.org/show_bug.cgi?id=73396
27422 Reviewed by Dan Bernstein.
27425 Be gone releaseRef! Long live leakRef!
27427 2011-11-29 Sam Weinig <sam@webkit.org>
27429 Add move semantics to RetainPtr
27430 https://bugs.webkit.org/show_bug.cgi?id=73393
27432 Reviewed by Anders Carlsson.
27435 (WTF::RetainPtr::RetainPtr):
27436 Add a move constructor and move enabled assignment operators
27437 to RetainPtr if the compiler being used supports rvalue
27438 references. If the compiler does not support it, we fallback
27439 to the copy semantics we have always had.
27441 2011-11-29 Yuqiang Xian <yuqiang.xian@intel.com>
27443 DFG local CSE may cause incorrect reference counting for a node
27444 https://bugs.webkit.org/show_bug.cgi?id=73390
27446 Reviewed by Filip Pizlo.
27448 When performing a node substitution, the ref count of the replaced
27449 child will be increased, no matter whether the user node is skipped in
27450 code generation or not. This will cause the reference count of the
27451 replaced child never get the chance to become zero and so the
27452 registers occupied by it cannot be reused simply without spilling, if
27453 it's used by a "skipped" node.
27454 This is a 1% gain on V8 benchmark, tested on IA32 Linux.
27456 * dfg/DFGPropagator.cpp:
27457 (JSC::DFG::Propagator::performSubstitution):
27458 (JSC::DFG::Propagator::performNodeCSE):
27460 2011-11-29 David Levin <levin@chromium.org>
27462 Add a way to revert a variable to its previous value after leaving a scope.
27463 https://bugs.webkit.org/show_bug.cgi?id=73371
27465 Reviewed by Adam Barth.
27467 In case anyone from Chromium sees this, it is nearly identical to AutoReset
27468 but if the same name were used, it causes unnecessary ambiguity.
27470 * JavaScriptCore.xcodeproj/project.pbxproj:
27471 * wtf/TemporarilyChange.h: Added.
27472 (WTF::TemporarilyChange::TemporarilyChange):
27473 (WTF::TemporarilyChange::~TemporarilyChange):
27475 2011-11-29 Sam Weinig <sam@webkit.org>
27477 Add COMPILER_SUPPORTS macro to allow for compiler feature testing
27478 https://bugs.webkit.org/show_bug.cgi?id=73386
27480 Reviewed by Anders Carlsson.
27483 Add COMPILER_SUPPORTS and #defines for C++11 variadic templates and
27484 rvalue references for Clang.
27486 2011-11-29 Oliver Hunt <oliver@apple.com>
27488 Allow WebCore to describe typed arrays to JSC
27489 https://bugs.webkit.org/show_bug.cgi?id=73355
27491 Reviewed by Gavin Barraclough.
27493 Allow globaldata to track the structure of typed arrays.
27495 * runtime/JSGlobalData.h:
27496 (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
27498 2011-11-28 Filip Pizlo <fpizlo@apple.com>
27500 DFG debugCall() mechanism only works on X86 and X86-64
27501 https://bugs.webkit.org/show_bug.cgi?id=73282
27503 Reviewed by Oliver Hunt.
27505 * dfg/DFGAssemblyHelpers.h:
27506 (JSC::DFG::AssemblyHelpers::debugCall):
27508 2011-11-28 Filip Pizlo <fpizlo@apple.com>
27510 DFG non-X86 ArithDiv does speculation failure after mutating state,
27511 without a value recovery
27512 https://bugs.webkit.org/show_bug.cgi?id=73286
27514 Reviewed by Gavin Barraclough.
27516 * dfg/DFGSpeculativeJIT32_64.cpp:
27517 (JSC::DFG::SpeculativeJIT::compile):
27519 2011-11-28 Filip Pizlo <fpizlo@apple.com>
27521 Unreviewed build fixes for ARM.
27523 * assembler/MacroAssemblerARMv7.h:
27524 (JSC::MacroAssemblerARMv7::readCallTarget):
27525 * dfg/DFGSpeculativeJIT.h:
27526 (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
27528 2011-11-20 Roland Steiner <rolandsteiner@chromium.org>
27530 <style scoped>: add ENABLE(STYLE_SCOPED) flag to WebKit
27531 https://bugs.webkit.org/show_bug.cgi?id=72848
27533 Add ENABLE_STYLE_SCOPED flag.
27535 Reviewed by Dimitri Glazkov.
27537 * Configurations/FeatureDefines.xcconfig:
27539 2011-11-28 Jon Lee <jonlee@apple.com>
27541 Create skeleton framework for notifications support in WK2
27542 https://bugs.webkit.org/show_bug.cgi?id=73253
27543 <rdar://problem/10356943>
27545 * Configurations/FeatureDefines.xcconfig: Split out ENABLE_NOTIFICATIONS based on platform.
27547 2011-11-28 Oliver Hunt <oliver@apple.com>
27551 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
27553 2011-11-28 Oliver Hunt <oliver@apple.com>
27557 * JavaScriptCore.gypi:
27559 2011-11-28 Filip Pizlo <fpizlo@apple.com>
27561 GetById should not always speculate cell
27562 https://bugs.webkit.org/show_bug.cgi?id=73181
27564 Reviewed by Gavin Barraclough.
27566 GetById will now speculate cell if the predictions of the base are cell.
27567 Otherwise it will do like the old JIT (and like the old non-speculative
27568 DFG JIT): if not cell, go straight to slow-path but otherwise don't OSR
27569 out. This is a 1% speed-up on SunSpider.
27571 * dfg/DFGAbstractState.cpp:
27572 (JSC::DFG::AbstractState::execute):
27573 * dfg/DFGOperations.cpp:
27574 * dfg/DFGOperations.h:
27575 * dfg/DFGSpeculativeJIT.h:
27576 (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
27577 (JSC::DFG::SpeculativeJIT::callOperation):
27578 * dfg/DFGSpeculativeJIT32_64.cpp:
27579 (JSC::DFG::SpeculativeJIT::cachedGetById):
27580 (JSC::DFG::SpeculativeJIT::compile):
27581 * dfg/DFGSpeculativeJIT64.cpp:
27582 (JSC::DFG::SpeculativeJIT::compile):
27584 2011-11-28 Oliver Hunt <oliver@apple.com>
27586 Move typed array implementations into wtf
27587 https://bugs.webkit.org/show_bug.cgi?id=73248
27589 Reviewed by Sam Weinig.
27591 Move typed array implementation files from WebCore to wtf. Inline the
27592 .cpp files for each of the array views to cut down on unnecessary exports
27593 and function call overhead for trivial operations.
27595 Added files to all the project files.
27597 * GNUmakefile.list.am:
27598 * JavaScriptCore.exp:
27599 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
27600 * JavaScriptCore.xcodeproj/project.pbxproj:
27601 * wtf/ArrayBuffer.cpp: Renamed from Source/WebCore/html/canvas/Float32Array.cpp.
27602 (WTF::ArrayBuffer::transfer):
27603 (WTF::ArrayBuffer::addView):
27604 (WTF::ArrayBuffer::removeView):
27605 * wtf/ArrayBuffer.h: Renamed from Source/WebCore/html/canvas/ArrayBuffer.cpp.
27606 (WTF::ArrayBufferContents::ArrayBufferContents):
27607 (WTF::ArrayBufferContents::data):
27608 (WTF::ArrayBufferContents::sizeInBytes):
27609 (WTF::ArrayBufferContents::transfer):
27610 (WTF::ArrayBuffer::~ArrayBuffer):
27611 (WTF::ArrayBuffer::clampValue):
27612 (WTF::ArrayBuffer::create):
27613 (WTF::ArrayBuffer::ArrayBuffer):
27614 (WTF::ArrayBuffer::data):
27615 (WTF::ArrayBuffer::byteLength):
27616 (WTF::ArrayBuffer::slice):
27617 (WTF::ArrayBuffer::sliceImpl):
27618 (WTF::ArrayBuffer::clampIndex):
27619 (WTF::ArrayBufferContents::tryAllocate):
27620 (WTF::ArrayBufferContents::~ArrayBufferContents):
27621 * wtf/ArrayBufferView.cpp: Copied from Source/WebCore/bindings/js/JSArrayBufferCustom.cpp.
27622 (WTF::ArrayBufferView::ArrayBufferView):
27623 (WTF::ArrayBufferView::~ArrayBufferView):
27624 (WTF::ArrayBufferView::neuter):
27625 * wtf/ArrayBufferView.h: Renamed from Source/WebCore/html/canvas/ArrayBufferView.h.
27626 (WTF::ArrayBufferView::isByteArray):
27627 (WTF::ArrayBufferView::isUnsignedByteArray):
27628 (WTF::ArrayBufferView::isShortArray):
27629 (WTF::ArrayBufferView::isUnsignedShortArray):
27630 (WTF::ArrayBufferView::isIntArray):
27631 (WTF::ArrayBufferView::isUnsignedIntArray):
27632 (WTF::ArrayBufferView::isFloatArray):
27633 (WTF::ArrayBufferView::isDoubleArray):
27634 (WTF::ArrayBufferView::isDataView):
27635 (WTF::ArrayBufferView::buffer):
27636 (WTF::ArrayBufferView::baseAddress):
27637 (WTF::ArrayBufferView::byteOffset):
27638 (WTF::ArrayBufferView::verifySubRange):
27639 (WTF::ArrayBufferView::clampOffsetAndNumElements):
27640 (WTF::ArrayBufferView::setImpl):
27641 (WTF::ArrayBufferView::setRangeImpl):
27642 (WTF::ArrayBufferView::zeroRangeImpl):
27643 (WTF::ArrayBufferView::calculateOffsetAndLength):
27644 * wtf/CMakeLists.txt:
27645 * wtf/Float32Array.h: Renamed from Source/WebCore/html/canvas/Float32Array.h.
27646 (WTF::Float32Array::set):
27647 (WTF::Float32Array::item):
27648 (WTF::Float32Array::isFloatArray):
27649 (WTF::Float32Array::create):
27650 (WTF::Float32Array::Float32Array):
27651 (WTF::Float32Array::subarray):
27652 * wtf/Float64Array.h: Renamed from Source/WebCore/html/canvas/Float64Array.h.
27653 (WTF::Float64Array::set):
27654 (WTF::Float64Array::item):
27655 (WTF::Float64Array::isDoubleArray):
27656 (WTF::Float64Array::create):
27657 (WTF::Float64Array::Float64Array):
27658 (WTF::Float64Array::subarray):
27659 * wtf/Int16Array.h: Renamed from Source/WebCore/html/canvas/Int16Array.cpp.
27660 (WTF::Int16Array::set):
27661 (WTF::Int16Array::isShortArray):
27662 (WTF::Int16Array::create):
27663 (WTF::Int16Array::Int16Array):
27664 (WTF::Int16Array::subarray):
27665 * wtf/Int32Array.h: Renamed from Source/WebCore/html/canvas/Int32Array.cpp.
27666 (WTF::Int32Array::set):
27667 (WTF::Int32Array::isIntArray):
27668 (WTF::Int32Array::create):
27669 (WTF::Int32Array::Int32Array):
27670 (WTF::Int32Array::subarray):
27671 * wtf/Int8Array.h: Renamed from Source/WebCore/html/canvas/Int8Array.cpp.
27672 (WTF::Int8Array::set):
27673 (WTF::Int8Array::isByteArray):
27674 (WTF::Int8Array::create):
27675 (WTF::Int8Array::Int8Array):
27676 (WTF::Int8Array::subarray):
27677 * wtf/IntegralTypedArrayBase.h: Renamed from Source/WebCore/html/canvas/IntegralTypedArrayBase.h.
27678 (WTF::IntegralTypedArrayBase::set):
27679 (WTF::IntegralTypedArrayBase::item):
27680 (WTF::IntegralTypedArrayBase::IntegralTypedArrayBase):
27681 * wtf/TypedArrayBase.h: Renamed from Source/WebCore/html/canvas/TypedArrayBase.h.
27682 (WTF::TypedArrayBase::data):
27683 (WTF::TypedArrayBase::set):
27684 (WTF::TypedArrayBase::setRange):
27685 (WTF::TypedArrayBase::zeroRange):
27686 (WTF::TypedArrayBase::length):
27687 (WTF::TypedArrayBase::byteLength):
27688 (WTF::TypedArrayBase::TypedArrayBase):
27689 (WTF::TypedArrayBase::create):
27690 (WTF::TypedArrayBase::subarrayImpl):
27691 * wtf/Uint16Array.h: Renamed from Source/WebCore/html/canvas/Uint16Array.cpp.
27692 (WTF::Uint16Array::set):
27693 (WTF::Uint16Array::isUnsignedShortArray):
27694 (WTF::Uint16Array::create):
27695 (WTF::Uint16Array::Uint16Array):
27696 (WTF::Uint16Array::subarray):
27697 * wtf/Uint32Array.h: Renamed from Source/WebCore/html/canvas/Uint32Array.cpp.
27698 (WTF::Uint32Array::set):
27699 (WTF::Uint32Array::isUnsignedIntArray):
27700 (WTF::Uint32Array::create):
27701 (WTF::Uint32Array::Uint32Array):
27702 (WTF::Uint32Array::subarray):
27703 * wtf/Uint8Array.h: Renamed from Source/WebCore/html/canvas/Uint8Array.h.
27704 (WTF::Uint8Array::set):
27705 (WTF::Uint8Array::isUnsignedByteArray):
27706 (WTF::Uint8Array::create):
27707 (WTF::Uint8Array::Uint8Array):
27708 (WTF::Uint8Array::subarray):
27711 2011-11-27 Filip Pizlo <fpizlo@apple.com>
27713 Don't try to optimize huge code blocks
27714 https://bugs.webkit.org/show_bug.cgi?id=73187
27716 Reviewed by Oliver Hunt.
27718 This unifies the heuristics used for deciding if a code block is too big
27719 to optimize, and sets this heuristic to 1000, which is intuitively better
27720 than numeric_limits<unsigned>::max(). It also results in what looks like
27721 a speed-up on both SunSpider and V8 (in Tools/Scripts/bencher).
27723 * dfg/DFGCapabilities.h:
27724 (JSC::DFG::mightCompileEval):
27725 (JSC::DFG::mightCompileProgram):
27726 (JSC::DFG::mightCompileFunctionForCall):
27727 (JSC::DFG::mightCompileFunctionForConstruct):
27728 * runtime/Heuristics.cpp:
27729 (JSC::Heuristics::initializeHeuristics):
27730 * runtime/Heuristics.h:
27732 2011-11-28 Filip Pizlo <fpizlo@apple.com>
27734 Either remove the GetMethod node from the DFG backend, or find a use for it
27735 https://bugs.webkit.org/show_bug.cgi?id=73178
27737 Reviewed by Gavin Barraclough.
27739 More testing seemed to imply that the GetMethod code was indeed not profitable
27740 in any major test. So, it's probably best to just remove it.
27742 * bytecode/CodeBlock.cpp:
27743 (JSC::MethodCallLinkInfo::reset):
27744 * dfg/DFGAbstractState.cpp:
27745 (JSC::DFG::AbstractState::execute):
27746 * dfg/DFGJITCompiler.cpp:
27747 (JSC::DFG::JITCompiler::link):
27748 * dfg/DFGJITCompiler.h:
27750 (JSC::DFG::Node::hasIdentifier):
27751 (JSC::DFG::Node::hasHeapPrediction):
27752 * dfg/DFGOperations.cpp:
27753 * dfg/DFGOperations.h:
27754 * dfg/DFGPropagator.cpp:
27755 (JSC::DFG::Propagator::propagateNodePredictions):
27756 * dfg/DFGRepatch.cpp:
27757 * dfg/DFGRepatch.h:
27758 * dfg/DFGSpeculativeJIT.h:
27759 * dfg/DFGSpeculativeJIT32_64.cpp:
27760 (JSC::DFG::SpeculativeJIT::cachedGetById):
27761 (JSC::DFG::SpeculativeJIT::compile):
27762 * dfg/DFGSpeculativeJIT64.cpp:
27763 (JSC::DFG::SpeculativeJIT::cachedGetById):
27764 (JSC::DFG::SpeculativeJIT::compile):
27766 2011-11-28 Michael Saboff <msaboff@apple.com>
27768 Change set 101187 from bug 73154 removed already lower case optimization
27769 https://bugs.webkit.org/show_bug.cgi?id=73174
27771 Added back the "string is already lower case" optimization.
27773 Reviewed by Geoffrey Garen.
27775 * runtime/StringPrototype.cpp:
27776 (JSC::stringProtoFuncToLowerCase):
27778 2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
27780 Unreviewed prospective build fix. Touch the file to trigger correct
27781 rebuild on the Qt mips/sh4/sl bot.
27783 * wtf/unicode/qt4/UnicodeQt4.h:
27785 2011-11-28 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
27787 [Qt] Remove cruft from project file
27789 Reviewed by Simon Hausmann.
27793 2011-11-28 Simon Hausmann <simon.hausmann@nokia.com>
27795 [Qt] WTF should be built as separate static library
27796 https://bugs.webkit.org/show_bug.cgi?id=73201
27798 Reviewed by Tor Arne Vestbø.
27800 * Target.pri: Don't claim to build WTF, as that would cause
27801 the debug-with-shlibs build to not link in wtf.
27802 * jsc.pro: Require wtf.
27803 * wtf/wtf.pri: Removed.
27804 * wtf/wtf.pro: Added. Pro file to build wtf statically.
27806 2011-11-28 Martin Robinson <mrobinson@igalia.com>
27808 [GTK] JavaScriptCore generated sources should build in the DerivedSources directory
27809 https://bugs.webkit.org/show_bug.cgi?id=73197
27811 Reviewed by Philippe Normand.
27813 Build all JavaScriptCore generated sources in DerivedSources.
27815 * GNUmakefile.am: Update generation rules.
27816 * GNUmakefile.list.am: Update source lists.
27818 2011-11-27 Filip Pizlo <fpizlo@apple.com>
27820 DFG should not emit GetMethod node
27821 https://bugs.webkit.org/show_bug.cgi?id=73175
27823 Reviewed by Gavin Barraclough.
27825 Replaces all instances of the GetMethod node with GetById. This appears to
27826 be a slight win on V8. This patch leaves GetMethod support in the code-base,
27827 making this decision easy to reverse, for now.
27829 * dfg/DFGByteCodeParser.cpp:
27830 (JSC::DFG::ByteCodeParser::parseBlock):
27832 2011-11-26 Hajime Morrita <morrita@chromium.org>
27834 Needs WTF_INLINE and JS_INLINE
27835 https://bugs.webkit.org/show_bug.cgi?id=72853
27837 Reviewed by Kevin Ollivier.
27839 Added WTF_HIDDEN, WTF_INLINE and JS_INLINE which
27840 indirect __attribute__((visibility("hidden"))
27843 * wtf/ExportMacros.h:
27845 2011-11-25 Michael Saboff <msaboff@apple.com>
27847 String.prototype.toLower should be optimized for 8 bit strings
27848 https://bugs.webkit.org/show_bug.cgi?id=73154
27850 Changed stringProtoFuncToLowerCase to use StringImpl::lower() which has
27851 been optimized for 8 bit strings.
27853 This is worth ~7% to sunspider string.tagcloud.
27855 Reviewed by Filip Pizlo.
27857 * runtime/StringPrototype.cpp:
27858 (JSC::stringProtoFuncToLowerCase):
27860 2011-11-25 Michael Saboff <msaboff@apple.com>
27862 Array.toString always uses StringImpl::characters()
27863 https://bugs.webkit.org/show_bug.cgi?id=72969
27865 If all component strings are 8 bit, create an 8 bit result string for toString().
27867 This appears to be performance neutral to sunspider and v8.
27869 Reviewed by Filip Pizlo.
27871 * runtime/ArrayPrototype.cpp:
27872 (JSC::arrayProtoFuncToString):
27874 2011-11-24 Michael Saboff <msaboff@apple.com>
27876 UString methods are not character size aware
27877 https://bugs.webkit.org/show_bug.cgi?id=72975
27879 Changed the UString number constructors to build 8 bit strings.
27880 Modified the other methods to check string bitness and process
27881 with 8 bits wherre appropriate.
27883 * runtime/UString.cpp:
27884 (JSC::UString::number):
27887 (JSC::UString::ascii):
27889 2011-11-24 Michael Saboff <msaboff@apple.com>
27891 JavaScript string to number conversion functions use characters()
27892 https://bugs.webkit.org/show_bug.cgi?id=72974
27894 Change the various JS to number routines to process strings
27895 using characters8() or characters16() as appropriate.
27896 Implemented using static template methods.
27898 Reviewed by Filip Pizlo.
27900 * runtime/JSGlobalObjectFunctions.cpp:
27902 (JSC::jsHexIntegerLiteral):
27903 (JSC::jsStrDecimalLiteral):
27907 2011-11-24 Michael Saboff <msaboff@apple.com>
27909 Empty JSStrings are created as 16 bit
27910 https://bugs.webkit.org/show_bug.cgi?id=72968
27912 Clear m_is8Bit flag for empty strings.
27914 Reviewed by Filip Pizlo.
27916 * runtime/JSString.h:
27917 (JSC::RopeBuilder::finishCreation):
27919 2011-11-24 Michael Saboff <msaboff@apple.com>
27921 Tune JSStringBuilder for 8 bit Strings
27922 https://bugs.webkit.org/show_bug.cgi?id=72683
27924 Changed JSStringBuilder to use 8 bit buffers until 16 bit data is added.
27925 When 16 bit data is to be added, the 8 bit buffer is converted to 16 bit
27926 and building continues with a 16 bit buffer.
27928 Reviewed by Filip Pizlo.
27930 * runtime/JSStringBuilder.h:
27931 (JSC::JSStringBuilder::JSStringBuilder):
27932 (JSC::JSStringBuilder::append):
27933 (JSC::JSStringBuilder::upConvert):
27934 (JSC::JSStringBuilder::build):
27935 * runtime/UString.h:
27936 (JSC::UString::adopt):
27937 * wtf/text/StringImpl.h:
27938 (WTF::StringImpl::adopt):
27940 2011-11-24 Zeno Albisser <zeno@webkit.org>
27942 [Qt]WK2][Mac] Use Mac port's IPC implementation instead of Unix sockets
27943 https://bugs.webkit.org/show_bug.cgi?id=72495
27945 Update defines to not use Unix Domain Sockets for platform Qt on Mac.
27946 This enables Qt to reuse existing code for mach ports and Grand
27947 Central Dispatch based IPC.
27949 Reviewed by Simon Hausmann.
27953 2011-11-24 Simon Hausmann <simon.hausmann@nokia.com>
27955 [Qt] REGRESSION(r101131): WTF::scheduleDispatchFunctionsOnMainThread() doesn't work reliably
27957 Reviewed by Andreas Kling.
27959 We must make sure that the MainThreadInvoker object lives in the gui thread. There are a few
27960 ways of doing that and this fix seems like the least intrusive one by simply pushing the
27961 invoker to the gui thread if it's not there already.
27963 * wtf/qt/MainThreadQt.cpp:
27964 (WTF::scheduleDispatchFunctionsOnMainThread):
27966 2011-11-24 Patrick Gansterer <paroga@webkit.org>
27968 [Qt] Use QEvent for dispatchFunctionsFromMainThread()
27969 https://bugs.webkit.org/show_bug.cgi?id=72704
27971 Reviewed by Simon Hausmann.
27973 Replace QMetaObject::invokeMethod with QCoreApplication::postEvent.
27974 This is the same as what invokeMethod does internally, but reduces
27975 the dependency on some internal QThread stuff.
27977 * wtf/qt/MainThreadQt.cpp:
27978 (WTF::MainThreadInvoker::MainThreadInvoker):
27979 (WTF::MainThreadInvoker::event):
27980 (WTF::scheduleDispatchFunctionsOnMainThread):
27982 2011-11-23 George Staikos <staikos@webkit.org>
27984 Remove BlackBerry OS support from RandomNumberSeed, making QNX=UNIX.
27985 https://bugs.webkit.org/show_bug.cgi?id=73028
27987 Reviewed by Daniel Bates.
27989 * wtf/RandomNumberSeed.h:
27990 (WTF::initializeRandomNumberGenerator):
27992 2011-11-23 Nikolas Zimmermann <nzimmermann@rim.com>
27994 Add flags/precision arguments to String::number(double) to allow fine-grained control over the result string
27995 https://bugs.webkit.org/show_bug.cgi?id=72793
27997 Reviewed by Zoltan Herczeg.
27999 This new code will be used in follow-up patches to replace the String::format("%.2f") usage in
28000 platform/text/TextStream.cpp, and String::format("%.6lg") usage in svg/SVGPathStringBuilder.cpp.
28002 The String::number(double) currently calls String::format("%.6lg") in trunk. In order to replace
28003 this by a variant that properly rounds to six significant figures, JSC code could be refactored.
28004 JSCs Number.toPrecision/toFixed uses wtf/dtoa/double-conversion which provides all features we need,
28005 except truncating trailing zeros, needed to mimic the "g" format, which is either f or e but with
28006 trailing zeros removed, producing shorter results. Changed the default signature to:
28008 "static String number(double, unsigned = ShouldRoundSignificantFigures | ShouldTruncateTrailingZeros, unsigned precision = 6);".
28010 In WebCore we can now replace String::format() calls like this:
28011 String::format("%.2f", f) -> String::number(f, ShouldRoundDecimalPlaces, 2)
28012 String::format("%.6lg", f) -> String::number(f)
28014 The default parameters for precison & flags exactly match the format of the string produced now, except that the result
28015 is rounded according to the rounding mode / formatting mode and precision. This paves the way towards reliable results
28016 in the d="" attribute dumps of SVG paths across platforms. The dtoa rounding code enforces a unique zero, resolving
28017 all 0.0 vs. -0.0 issues currently seen on Windows, and some Gtk/Qt bots.
28019 This patch needs a rebaseline of svg/dom/length-list-parser.html as we don't perfecly mimic the String::format() "lg" mode
28020 result for exponentials, we used to return eg. "e-7" and now return "e-07" - the trailing zero truncation hasn't been
28021 implemented for exponentials, as this really affects only this test and thus wasn't worth the trouble - in contrary the
28022 trailing zero truncation is needed for thousands of other results in "f" notation, and thus needed to match the DRT results.
28024 Here's a performance comparision using a JSC release build and some arbitary numbers:
28025 Converting 123.456 using old approach took 95.527100ms. avg 0.000955ms/call.
28026 Converting 123.456 using new approach took 28.126953ms. avg 0.000281ms/call.
28028 Converting 123 using old approach took 85.411133ms. avg 0.000854ms/call.
28029 Converting 123 using new approach took 24.190186ms. avg 0.000242ms/call.
28031 Converting 0.1 using old approach took 92.622803ms. avg 0.000926ms/call.
28032 Converting 0.1 using new approach took 23.317871ms. avg 0.000233ms/call.
28034 Converting 1/i using old approach took 106.893066ms. avg 0.001069ms/call.
28035 Converting 1/i using new approach took 27.164062ms. avg 0.000272ms/call.
28037 For all numbers I've tested in RoundingSignificantFigures mode and 6 digit precision the speedup was at least 250%.
28039 * JavaScriptCore.exp: Change String::number(double) signature.
28040 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Ditto.
28041 * runtime/NumberPrototype.cpp:
28042 (JSC::numberProtoFuncToFixed): Refactor this into numberToFixedPrecisionString(), move to wtf/dtoa.cpp.
28043 (JSC::numberProtoFuncToPrecision): Ditto, refactor this into numberToFixedWidthString.
28044 * wtf/dtoa.cpp: Moved fixedWidth/Precision helpers into dtoa, extend numberToFixedPrecisionString(). Add a mode which allows to truncate trailing zeros/decimal point.
28045 to make it possible to use them to generate strings that match the output from String::format("%6.lg"), while using our dtoas rounding facilities.
28047 * wtf/dtoa/utils.h: Expose new helper method, which allows us to truncate the result, before generating the output const char*.
28048 (WTF::double_conversion::StringBuilder::SetPosition):
28049 * wtf/text/WTFString.cpp:
28050 (WTF::String::number): Remove String::format("%6.lg") usage! Switch to rounding to six significant figures, while matching the output of String::format.
28051 * wtf/text/WTFString.h:
28053 2011-11-23 Hajime Morrita <morrita@chromium.org>
28055 WTF::String has extra WTF_EXPORT_PRIVATE
28056 https://bugs.webkit.org/show_bug.cgi?id=72858
28058 Reviewed by Kevin Ollivier.
28060 * wtf/text/WTFString.h:
28061 (WTF::String::String):
28063 2011-11-23 Raphael Kubo da Costa <kubo@profusion.mobi>
28065 [CMake] Move the top-level logic to the top-level directory.
28066 https://bugs.webkit.org/show_bug.cgi?id=72685
28068 Reviewed by Brent Fulgham.
28070 * CMakeLists.txt: Point to the right Source/ directory.
28071 * wtf/CMakeLists.txt: Ditto.
28073 2011-11-22 Yuqiang Xian <yuqiang.xian@intel.com>
28075 Strength reduction for Mul and Mod operations for known constants in DFG
28076 https://bugs.webkit.org/show_bug.cgi?id=72878
28078 Reviewed by Filip Pizlo.
28080 Also the code should be commonly shared by both 32_64 and 64.
28083 (JSC::DFG::nodeMayOverflow):
28084 * dfg/DFGSpeculativeJIT.cpp:
28085 (JSC::DFG::fmodAsDFGOperation):
28086 (JSC::DFG::SpeculativeJIT::compileInstanceOf):
28087 (JSC::DFG::isPowerOfTwo):
28088 (JSC::DFG::logTwo):
28089 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
28090 (JSC::DFG::SpeculativeJIT::compileArithMul):
28091 (JSC::DFG::SpeculativeJIT::compileArithMod):
28092 * dfg/DFGSpeculativeJIT.h:
28093 * dfg/DFGSpeculativeJIT32_64.cpp:
28094 (JSC::DFG::SpeculativeJIT::compile):
28095 * dfg/DFGSpeculativeJIT64.cpp:
28096 (JSC::DFG::SpeculativeJIT::compile):
28098 2011-11-22 Daniel Bates <dbates@rim.com>
28100 Add WTF infrastructure for the BlackBerry port
28101 https://bugs.webkit.org/show_bug.cgi?id=72970
28103 Reviewed by Antonio Gomes.
28105 * wtf/Assertions.cpp: Added BlackBerry-specific logging directive.
28106 * wtf/MathExtras.h:
28107 (abs): Added; stdlib doesn't contain abs() on QNX.
28108 * wtf/Platform.h: Define WTF_PLATFORM_BLACKBERRY and enable some platform features.
28109 * wtf/RandomNumberSeed.h:
28110 (WTF::initializeRandomNumberGenerator): For the BlackBerry port, we initialize
28111 the bad pseudo random number generator using time(3) before initializing the
28112 Mersenne Twister random number generator.
28113 * wtf/ThreadingPthreads.cpp:
28114 (WTF::createThreadInternal): Added.
28115 * wtf/blackberry: Added.
28116 * wtf/blackberry/MainThreadBlackBerry.cpp: Added.
28117 (WTF::initializeMainThreadPlatform):
28118 (WTF::scheduleDispatchFunctionsOnMainThread):
28119 * wtf/text/WTFString.h: Added constructor and conversion operator for
28120 BlackBerry WebString string object.
28122 2011-11-22 Sheriff Bot <webkit.review.bot@gmail.com>
28124 Unreviewed, rolling out r100988.
28125 http://trac.webkit.org/changeset/100988
28126 https://bugs.webkit.org/show_bug.cgi?id=72941
28128 "Broke pixel tests on Chromium-Linux" (Requested by kbalazs on
28131 * JavaScriptCore.gypi:
28132 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
28133 * wtf/ParallelJobs.h:
28134 * wtf/ParallelJobsGeneric.cpp:
28135 * wtf/ParallelJobsGeneric.h:
28136 (WTF::ParallelEnvironment::ParallelEnvironment):
28137 (WTF::ParallelEnvironment::execute):
28140 2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
28142 Enable ParallelJobs by default
28143 https://bugs.webkit.org/show_bug.cgi?id=70032
28145 Reviewed by Zoltan Herczeg.
28147 According to measurements on Mac and Linux it is a
28148 considerable speedup for SVG on multicore.
28150 Remove the ENABLE(PARALLEL_JOBS) guard.
28151 Fix build on Windows and Chromium.
28153 * JavaScriptCore.gypi: Add the files to the build. It was
28154 missing for the gyp build system.
28155 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
28157 * wtf/ParallelJobs.h:
28158 * wtf/ParallelJobsGeneric.cpp:
28159 (WTF::ParallelEnvironment::ParallelEnvironment):
28160 (WTF::ParallelEnvironment::execute):
28161 Deinline these to avoid exporting a lot of symbols.
28162 These are non-trivial and called only once on a given object
28163 so it doesn't seems to be worthwile to inline them.
28164 Additionally fix a signed-unsigned comparison in the constructor.
28165 * wtf/ParallelJobsGeneric.h:
28168 2011-11-21 Filip Pizlo <fpizlo@apple.com>
28170 DFG should have richer debug output for CFA and phi processing
28171 https://bugs.webkit.org/show_bug.cgi?id=72922
28173 Reviewed by Gavin Barraclough.
28175 In the default verbose mode, we now print information about variable
28176 state at the bottom of basic blocks in addition to the top, and we
28177 also print local variable linking. In the verbose propagation mode,
28178 the state of phi processing is dumped more richly and CFA merging (the
28179 most subtle part of CFA) is traced as well.
28181 * dfg/DFGAbstractState.cpp:
28182 (JSC::DFG::AbstractState::endBasicBlock):
28183 (JSC::DFG::AbstractState::mergeStateAtTail):
28184 * dfg/DFGAbstractValue.h:
28185 (JSC::DFG::StructureAbstractValue::dump):
28186 (JSC::DFG::AbstractValue::dump):
28187 * dfg/DFGByteCodeParser.cpp:
28188 (JSC::DFG::ByteCodeParser::processPhiStack):
28189 (JSC::DFG::ByteCodeParser::parse):
28191 (JSC::DFG::NodeIndexTraits::dump):
28192 * dfg/DFGDriver.cpp:
28193 (JSC::DFG::compile):
28194 * dfg/DFGGraph.cpp:
28195 (JSC::DFG::Graph::dump):
28197 (JSC::DFG::Node::dumpChildren):
28198 * dfg/DFGOSRExitCompiler.cpp:
28199 * dfg/DFGOperands.h:
28200 (JSC::DFG::OperandValueTraits::dump):
28201 (JSC::DFG::dumpOperands):
28203 2011-11-21 Filip Pizlo <fpizlo@apple.com>
28205 Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
28206 https://bugs.webkit.org/show_bug.cgi?id=71505
28208 Reviewed by Gavin Barraclough.
28210 It turns out that we were corrupting phi nodes in case of overflow. The bug is
28211 really obvious, but producing a test case that causes the badness is hard. Even
28212 when the phi nodes do get corrupt, there's more that has to happen before it
28213 causes incorrect execution - and I wasn't able to reproduce in any kind of
28214 sensible reduced case.
28216 * dfg/DFGByteCodeParser.cpp:
28217 (JSC::DFG::ByteCodeParser::processPhiStack):
28219 2011-11-21 Simon Hausmann <simon.hausmann@nokia.com>
28221 [Qt] Speed up debug builds.
28222 https://bugs.webkit.org/show_bug.cgi?id=72882
28224 Reviewed by Tor Arne Vestbø.
28226 * Target.pri: Make BUILDING_JavaScriptCore available earlier, so it can be
28227 used by the build system.
28229 2011-11-21 Sheriff Bot <webkit.review.bot@gmail.com>
28231 Unreviewed, rolling out r100913.
28232 http://trac.webkit.org/changeset/100913
28233 https://bugs.webkit.org/show_bug.cgi?id=72885
28235 "Break Windows build" (Requested by kbalazs on #webkit).
28237 * JavaScriptCore.gypi:
28238 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
28239 * wtf/ParallelJobs.h:
28240 * wtf/ParallelJobsGeneric.cpp:
28241 * wtf/ParallelJobsGeneric.h:
28242 (WTF::ParallelEnvironment::ParallelEnvironment):
28243 (WTF::ParallelEnvironment::execute):
28246 2011-11-21 Balazs Kelemen <kbalazs@webkit.org>
28248 Enable ParallelJobs by default
28249 https://bugs.webkit.org/show_bug.cgi?id=70032
28251 Reviewed by Zoltan Herczeg.
28253 According to measurements on Mac and Linux it is a
28254 considerable speedup for SVG on multicore.
28256 Remove the ENABLE(PARALLEL_JOBS) guard.
28257 Fix build on Windows and Chromium.
28259 * JavaScriptCore.gypi: Add the files to the build. It was
28260 missing for the gyp build system.
28261 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
28263 * wtf/ParallelJobs.h:
28264 * wtf/ParallelJobsGeneric.cpp:
28265 (WTF::ParallelEnvironment::ParallelEnvironment):
28266 (WTF::ParallelEnvironment::execute):
28267 Deinline these to avoid exporting a lot of symbols.
28268 These are non-trivial and called only once on a given object
28269 so it doesn't seems to be worthwile to inline them.
28270 Additionally fix a signed-unsigned comparison in the constructor.
28271 * wtf/ParallelJobsGeneric.h:
28274 2011-11-21 Andy Wingo <wingo@igalia.com>
28276 Add .dir-locals.el file for better Emacs defaults
28277 https://bugs.webkit.org/show_bug.cgi?id=72483
28279 Reviewed by Xan Lopez.
28281 * .dir-locals.el: Set appropriate directory-local variables for Emacs.
28283 2011-11-21 Filip Pizlo <fpizlo@apple.com>
28285 Another attempt at a build fix.
28287 * dfg/DFGRepatch.h:
28288 (JSC::DFG::dfgResetGetByID):
28289 (JSC::DFG::dfgResetPutByID):
28291 2011-11-20 Filip Pizlo <fpizlo@apple.com>
28293 Unreviewed interpreter build fix.
28295 * bytecode/CodeBlock.cpp:
28296 (JSC::CodeBlock::finalizeUnconditionally):
28297 * dfg/DFGRepatch.h:
28299 2011-11-20 Yuqiang Xian <yuqiang.xian@intel.com>
28301 Improve modulo operation on 32bit platforms
28302 https://bugs.webkit.org/show_bug.cgi?id=72501
28304 Reviewed by Filip Pizlo.
28306 Extend softModulo to support X86 and MIPS in baseline JIT.
28307 Apply the same optimization to 32bit DFG JIT.
28308 1% gain on Kraken, tested on Linux Core i7 Nehalem 32bit.
28310 * dfg/DFGSpeculativeJIT.h:
28311 * dfg/DFGSpeculativeJIT32_64.cpp:
28312 (JSC::DFG::SpeculativeJIT::compileSoftModulo):
28313 (JSC::DFG::SpeculativeJIT::compile):
28314 * jit/JITArithmetic32_64.cpp:
28315 (JSC::JIT::emit_op_mod):
28316 (JSC::JIT::emitSlow_op_mod):
28317 * jit/JITOpcodes32_64.cpp:
28318 (JSC::JIT::softModulo):
28321 2011-11-18 Filip Pizlo <fpizlo@apple.com>
28323 Inline caches that refer to otherwise dead objects should be cleared
28324 https://bugs.webkit.org/show_bug.cgi?id=72311
28326 Reviewed by Geoff Garen.
28328 DFG code blocks now participate in the weak reference harvester fixpoint
28329 so that they only consider themselves to be live if either they are
28330 currently executing, or their owner is live and all of their weak references
28331 are live. If not, the relevant code blocks are jettisoned.
28333 Inline caches in both the old JIT and the DFG are now cleared if any of
28334 their references are not marked at the end of a GC.
28336 This is performance-neutral on SunSpider, V8, and Kraken. With the clear-
28337 all-code-on-GC policy that we currently have, it shows a slight reduction
28338 in memory usage. If we turn that policy off, it's pretty easy to come up
28339 with an example program that will cause ToT to experience linear heap
28340 growth, while with this patch, the heap stays small and remains at a
28343 * assembler/ARMv7Assembler.h:
28344 (JSC::ARMv7Assembler::readCallTarget):
28345 * assembler/MacroAssemblerARMv7.h:
28346 (JSC::MacroAssemblerARMv7::readCallTarget):
28347 * assembler/MacroAssemblerX86.h:
28348 (JSC::MacroAssemblerX86::readCallTarget):
28349 * assembler/MacroAssemblerX86_64.h:
28350 (JSC::MacroAssemblerX86_64::readCallTarget):
28351 * bytecode/CodeBlock.cpp:
28352 (JSC::CodeBlock::visitAggregate):
28353 (JSC::CodeBlock::performTracingFixpointIteration):
28354 (JSC::CodeBlock::visitWeakReferences):
28355 (JSC::CodeBlock::finalizeUnconditionally):
28356 (JSC::CodeBlock::stronglyVisitStrongReferences):
28357 (JSC::MethodCallLinkInfo::reset):
28358 (JSC::ProgramCodeBlock::jettison):
28359 (JSC::EvalCodeBlock::jettison):
28360 (JSC::FunctionCodeBlock::jettison):
28361 * bytecode/CodeBlock.h:
28362 (JSC::CodeBlock::reoptimize):
28363 (JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
28364 * bytecode/Instruction.h:
28365 (JSC::PolymorphicAccessStructureList::visitWeak):
28366 * bytecode/StructureStubInfo.cpp:
28367 (JSC::StructureStubInfo::visitWeakReferences):
28368 * bytecode/StructureStubInfo.h:
28369 (JSC::isGetByIdAccess):
28370 (JSC::isPutByIdAccess):
28371 (JSC::StructureStubInfo::reset):
28372 * dfg/DFGJITCompiler.cpp:
28373 (JSC::DFG::JITCompiler::link):
28374 * dfg/DFGOperations.cpp:
28375 * dfg/DFGRepatch.cpp:
28376 (JSC::DFG::dfgRepatchByIdSelfAccess):
28377 (JSC::DFG::dfgResetGetByID):
28378 (JSC::DFG::dfgResetPutByID):
28379 * dfg/DFGRepatch.h:
28380 (JSC::DFG::dfgResetGetByID):
28381 (JSC::DFG::dfgResetPutByID):
28383 * jit/JITPropertyAccess.cpp:
28384 (JSC::JIT::resetPatchGetById):
28385 (JSC::JIT::resetPatchPutById):
28386 * jit/JITPropertyAccess32_64.cpp:
28387 (JSC::JIT::resetPatchGetById):
28388 (JSC::JIT::resetPatchPutById):
28389 * jit/JITStubs.cpp:
28390 (JSC::DEFINE_STUB_FUNCTION):
28391 * jit/JITWriteBarrier.h:
28392 (JSC::JITWriteBarrierBase::clearToMaxUnsigned):
28394 2011-11-20 Filip Pizlo <fpizlo@apple.com>
28396 Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
28397 https://bugs.webkit.org/show_bug.cgi?id=71505
28399 Reviewed by Oliver Hunt.
28401 The bytecode generator was assuming that call_varargs never reuses the base register
28402 (i.e. the function being called) for the result. This is no longer true.
28404 * bytecompiler/BytecodeGenerator.cpp:
28405 (JSC::BytecodeGenerator::emitCallVarargs):
28406 * bytecompiler/BytecodeGenerator.h:
28407 * bytecompiler/NodesCodegen.cpp:
28408 (JSC::ApplyFunctionCallDotNode::emitBytecode):
28410 2011-11-20 Filip Pizlo <fpizlo@apple.com>
28412 DFG 32_64 should directly store double virtual registers on SetLocal
28413 https://bugs.webkit.org/show_bug.cgi?id=72845
28415 Reviewed by Oliver Hunt.
28419 * dfg/DFGSpeculativeJIT32_64.cpp:
28420 (JSC::DFG::SpeculativeJIT::compile):
28422 2011-11-20 Noel Gordon <noel.gordon@gmail.com>
28424 [chromium] Remove DFG::JITCodeGenerator from the gyp projects
28425 https://bugs.webkit.org/show_bug.cgi?id=72842
28427 Reviewed by Filip Pizlo.
28429 dfg/DFGJITCodeGenerator.{h,cpp} were removed in r100244
28431 * JavaScriptCore.gypi: remove dfg/DFGJITCodeGenerator.{h,cpp}
28433 2011-11-18 Daniel Bates <dbates@rim.com>
28435 Add CMake build infrastructure for the BlackBerry port
28436 https://bugs.webkit.org/show_bug.cgi?id=72768
28438 Reviewed by Antonio Gomes.
28440 * PlatformBlackBerry.cmake: Added.
28441 * shell/PlatformBlackBerry.cmake: Added.
28442 * wtf/PlatformBlackBerry.cmake: Added.
28444 2011-11-18 Filip Pizlo <fpizlo@apple.com>
28446 DFG JIT fails speculation on InstanceOf if the base is not an object
28447 https://bugs.webkit.org/show_bug.cgi?id=72709
28449 Reviewed by Geoff Garen.
28451 InstanceOf already leverages the fact that we only allow the default
28452 hasInstance implementation. So, if the base is predicted to possibly
28453 be not an object and the CFA has not yet proven otherwise, InstanceOf
28454 will abstain from speculating cell and instead return false if the
28455 base is not a cell.
28457 This appears to be a 1% speed-up on V8 on the V8 harness. 3-4% or so
28458 speed-up in earley-boyer. Neutral according to bencher on SunSpider,
28459 V8, and Kraken. In 32-bit, it's a 0.5% win on SunSpider and a 1.9%
28460 win on V8 even on my harness, due to a 12.5% win on earley-boyer.
28462 I also took this opportunity to make the code for InstanceOf common
28463 between the two JITs. This was partially successful, in that the
28464 "common code" has a bunch of #if's, but overall it seems like a code
28467 * dfg/DFGAbstractState.cpp:
28468 (JSC::DFG::AbstractState::execute):
28469 * dfg/DFGSpeculativeJIT.cpp:
28470 (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
28471 (JSC::DFG::SpeculativeJIT::compileInstanceOf):
28472 * dfg/DFGSpeculativeJIT.h:
28473 * dfg/DFGSpeculativeJIT32_64.cpp:
28474 (JSC::DFG::SpeculativeJIT::compile):
28475 * dfg/DFGSpeculativeJIT64.cpp:
28476 (JSC::DFG::SpeculativeJIT::compile):
28478 2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
28480 Forgot to completely de-virtualize isDynamicScope
28481 https://bugs.webkit.org/show_bug.cgi?id=72763
28483 Reviewed by Darin Adler.
28485 * runtime/JSActivation.h: Removed virtual keyword.
28487 2011-11-18 Filip Pizlo <fpizlo@apple.com>
28489 Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
28490 https://bugs.webkit.org/show_bug.cgi?id=72292
28492 Reviewed by Darin Adler.
28494 Fix this for 32_64.
28496 * dfg/DFGOSRExitCompiler32_64.cpp:
28497 (JSC::DFG::OSRExitCompiler::compileExit):
28499 2011-11-18 Mark Hahnenberg <mhahnenberg@apple.com>
28501 De-virtualize ExecutableBase::intrinsic
28502 https://bugs.webkit.org/show_bug.cgi?id=72548
28504 Reviewed by Oliver Hunt.
28506 * runtime/Executable.cpp:
28507 (JSC::ExecutableBase::intrinsic): Dynamic cast to NativeExecutable. If successful, call intrinsic, otherwise return default value.
28508 * runtime/Executable.h:
28509 * runtime/JSCell.h:
28510 (JSC::jsDynamicCast): Add jsDynamicCast that duplicates the functionality of dynamic_cast in C++ but uses ClassInfo
28511 rather than requiring C++ RTTI.
28513 2011-11-18 Patrick Gansterer <paroga@webkit.org>
28515 [CMake] Remove duplicate dtoa files from CMakeLists.txt
28516 https://bugs.webkit.org/show_bug.cgi?id=72711
28518 Reviewed by Brent Fulgham.
28520 * wtf/CMakeLists.txt:
28522 2011-11-17 Michael Saboff <msaboff@apple.com>
28524 [Qt] REGRESSION(r100510): Enable 8 Bit Strings in JavaScriptCore
28525 https://bugs.webkit.org/show_bug.cgi?id=72602
28527 Fixed StringImpl::foldCase by adding return in the case we need to handle
28528 folding of 8 bit strings with Latin-1 characters.
28530 Fixed case where StringImpl::replace was using a char temp instead of an
28533 Because of the second change, I changed other uses of char or
28534 unsigned char to LChar.
28536 Reviewed by Zoltan Herczeg.
28538 * wtf/text/StringImpl.cpp:
28539 (WTF::StringImpl::upper):
28540 (WTF::StringImpl::foldCase):
28542 (WTF::equalIgnoringCase):
28543 (WTF::StringImpl::replace):
28545 2011-11-17 Patrick Gansterer <paroga@webkit.org>
28547 [CMake] Move FAST_MALLOC specific lines from Platform*.cmake to CMakeLists.txt
28548 https://bugs.webkit.org/show_bug.cgi?id=72644
28550 Reviewed by Brent Fulgham.
28552 All ports need to do the same determination about fast malloc. Move the CMake code from
28553 platform specific files into the generic one, so that additional ports can reuse it.
28555 * wtf/CMakeLists.txt:
28556 * wtf/PlatformEfl.cmake:
28557 * wtf/PlatformWinCE.cmake:
28559 2011-11-17 Mark Hahnenberg <mhahnenberg@apple.com>
28561 Add finalizer to JSActivation
28562 https://bugs.webkit.org/show_bug.cgi?id=72575
28564 Reviewed by Geoffrey Garen.
28566 * runtime/JSActivation.cpp:
28567 (JSC::JSActivation::finishCreation): Attach finalize function to objects during creation.
28568 (JSC::JSActivation::finalize):
28569 * runtime/JSActivation.h: Replaced virtual destructor with static finalize function.
28571 2011-11-15 Filip Pizlo <fpizlo@apple.com>
28573 Code block jettisoning should be part of the GC's transitive closure
28574 https://bugs.webkit.org/show_bug.cgi?id=72467
28576 Reviewed by Geoff Garen.
28578 Replaced JettisonedCodeBlocks with DFGCodeBlocks. The latter knows about all
28579 DFG code blocks (i.e. those that may be jettisoned, and may have inlined weak
28580 references) and helps track what state each of those code blocks is in during
28581 GC. The state consists of two flags; mayBeExecuting, which tells if the code block
28582 is live from call frames; and isJettisoned, which tells if the code block is
28583 not owned by any executable and thus should be deleted as soon as it is not
28586 - Not executing, Not jettisoned: The code block may or may not be reachable from
28587 any executables, but it is owned by an executable, and hence should be
28588 kept alive if its executable is live and if all of its weak references are
28589 live. Otherwise it should be deleted during the current GC cycle, and its
28590 outgoing references should not be scanned.
28592 - Not executing but jettisoned: The code block should be deleted as soon as
28593 possible and none of its outgoing references should be scanned.
28595 - Executing but not jettisoned: The code block should be kept alive during this
28596 GC cycle, and all of its outgoing references (including the weak ones)
28597 should be scanned and marked strongly. The mayBeExecuting bit will be cleared at
28598 the end of the GC cycle.
28600 - Executing and jettisoned: The code block should be kept alive during this
28601 GC cycle, and all of its outgoing references (including the weak ones)
28602 should be scanned and marked strongly. However, on the next GC cycle, it
28603 will have its mayBeExecuting bit cleared and hence it will become a candidate
28604 for immediate deletion provided it is not executing again.
28606 This is performance-neutral.
28609 * GNUmakefile.list.am:
28610 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
28611 * JavaScriptCore.xcodeproj/project.pbxproj:
28613 * bytecode/CodeBlock.cpp:
28614 (JSC::CodeBlock::~CodeBlock):
28615 * bytecode/CodeBlock.h:
28616 (JSC::CodeBlock::setJITCode):
28617 (JSC::CodeBlock::DFGData::DFGData):
28618 (JSC::DFGCodeBlocks::mark):
28619 * heap/ConservativeRoots.cpp:
28620 (JSC::ConservativeRoots::add):
28621 * heap/ConservativeRoots.h:
28622 * heap/DFGCodeBlocks.cpp: Added.
28623 (JSC::DFGCodeBlocks::DFGCodeBlocks):
28624 (JSC::DFGCodeBlocks::~DFGCodeBlocks):
28625 (JSC::DFGCodeBlocks::jettison):
28626 (JSC::DFGCodeBlocks::clearMarks):
28627 (JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
28628 (JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
28629 * heap/DFGCodeBlocks.h: Added.
28631 (JSC::Heap::jettisonDFGCodeBlock):
28632 (JSC::Heap::markRoots):
28633 (JSC::Heap::collect):
28635 * heap/JettisonedCodeBlocks.cpp: Removed.
28636 * heap/JettisonedCodeBlocks.h: Removed.
28637 * interpreter/RegisterFile.cpp:
28638 (JSC::RegisterFile::gatherConservativeRoots):
28639 * interpreter/RegisterFile.h:
28640 * runtime/Executable.cpp:
28641 (JSC::jettisonCodeBlock):
28643 2011-11-16 Filip Pizlo <fpizlo@apple.com>
28645 Unreviewed, build fix for 32-bit.
28647 * dfg/DFGSpeculativeJIT32_64.cpp:
28648 (JSC::DFG::SpeculativeJIT::compile):
28650 2011-11-16 Geoffrey Garen <ggaren@apple.com>
28652 Some CachedCall cleanup, in preparation for reversing argument order.
28654 Reviewed by Gavin Barraclough.
28656 * bytecode/CodeBlock.cpp:
28657 (JSC::CodeBlock::stronglyVisitWeakReferences): A build fix for the interpreter,
28660 * interpreter/CachedCall.h:
28661 (JSC::CachedCall::CachedCall): Renamed argCount to argumentCount because
28662 we are not that desperate for character saving.
28664 (JSC::CachedCall::setThis):
28665 (JSC::CachedCall::setArgument): Adopted new 0-based argument indexing for
28668 * interpreter/CallFrameClosure.h:
28669 (JSC::CallFrameClosure::setThis):
28670 (JSC::CallFrameClosure::setArgument):
28671 (JSC::CallFrameClosure::resetCallFrame): Provide 0-based argument indexing,
28672 with an explicit setter for 'this', since that's how most clients think.
28674 * interpreter/Interpreter.cpp:
28675 (JSC::Interpreter::prepareForRepeatCall):
28676 * interpreter/Interpreter.h: Change argCount to argumentCountIncludingThis,
28679 2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
28681 De-virtualize ScriptExecutable::unlinkCalls
28682 https://bugs.webkit.org/show_bug.cgi?id=72546
28684 Reviewed by Geoffrey Garen.
28686 * runtime/Executable.cpp:
28687 (JSC::FunctionExecutable::~FunctionExecutable): Added an empty explicit virtual destructor to prevent a very odd compilation error
28688 due to the fact that the compiler was trying to generate the implicit inline destructor in every translation unit, some of which
28689 didn't have complete type information on the things that needed to be destructed in the implicit destructor.
28690 * runtime/Executable.h:
28691 (JSC::EvalExecutable::createStructure): Used new type value from JSType
28692 (JSC::ProgramExecutable::createStructure): Ditto
28693 (JSC::FunctionExecutable::createStructure): Ditto
28694 (JSC::ScriptExecutable::unlinkCalls): Condition upon the type value, cast and call the corresponding unlinkCalls implementation.
28695 * runtime/JSType.h: Added new values for EvalExecutable, ProgramExecutable, and FunctionExecutable. Remove explicit numbers, since
28696 that just adds noise to patches and they currently have no significance.
28698 2011-11-16 Filip Pizlo <fpizlo@apple.com>
28700 JSC::CodeBlock should know which references generated by the DFG are weak
28701 https://bugs.webkit.org/show_bug.cgi?id=72563
28703 Reviewed by Geoff Garen.
28705 CodeBlock::m_dfgData now tracks weak references and weak reference transitions
28706 (like ephemerons) generated by the DFG. The DFG makes sure to notify the
28707 CodeBlock of all uses of weak references and weak reference transitions.
28708 CodeBlock currently marks them strongly, since the weak marking logic is not
28711 * bytecode/CodeBlock.cpp:
28712 (JSC::CodeBlock::visitAggregate):
28713 (JSC::CodeBlock::stronglyVisitWeakReferences):
28714 * bytecode/CodeBlock.h:
28715 (JSC::CodeBlock::appendWeakReference):
28716 (JSC::CodeBlock::shrinkWeakReferencesToFit):
28717 (JSC::CodeBlock::appendWeakReferenceTransition):
28718 (JSC::CodeBlock::shrinkWeakReferenceTransitionsToFit):
28719 (JSC::CodeBlock::WeakReferenceTransition::WeakReferenceTransition):
28720 * bytecode/CodeOrigin.h:
28721 (JSC::CodeOrigin::codeOriginOwner):
28722 * dfg/DFGByteCodeParser.cpp:
28723 (JSC::DFG::ByteCodeParser::handleCall):
28724 (JSC::DFG::ByteCodeParser::handleInlining):
28725 (JSC::DFG::ByteCodeParser::parseBlock):
28726 * dfg/DFGJITCompiler.cpp:
28727 (JSC::DFG::JITCompiler::link):
28728 * dfg/DFGJITCompiler.h:
28729 (JSC::DFG::JITCompiler::addWeakReference):
28730 (JSC::DFG::JITCompiler::addWeakReferenceTransition):
28731 (JSC::DFG::JITCompiler::branchWeakPtr):
28732 * dfg/DFGSpeculativeJIT.h:
28733 * dfg/DFGSpeculativeJIT32_64.cpp:
28734 (JSC::DFG::SpeculativeJIT::compile):
28735 * dfg/DFGSpeculativeJIT64.cpp:
28736 (JSC::DFG::SpeculativeJIT::fillJSValue):
28737 (JSC::DFG::SpeculativeJIT::compile):
28739 2011-11-16 Michael Saboff <msaboff@apple.com>
28741 LayoutTests for Debug Builds Crashes in JavaScriptCore/yarr/YarrInterpreter.cpp(185)
28742 https://bugs.webkit.org/show_bug.cgi?id=72561
28744 Removed #if USE(JSC) and therefore the ASSERT_NOT_REACHED().
28745 Simplified the code in the process.
28747 Reviewed by James Robinson.
28749 * yarr/YarrInterpreter.cpp:
28750 (JSC::Yarr::Interpreter::CharAccess::CharAccess):
28751 (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
28753 2011-11-16 Geoffrey Garen <ggaren@apple.com>
28755 Interpreter build fixes.
28757 * bytecode/CodeBlock.h:
28758 * interpreter/Interpreter.cpp:
28759 (JSC::Interpreter::privateExecute):
28761 2011-11-16 Patrick Gansterer <paroga@webkit.org>
28763 Unreviewed. Build fix for !ENABLE(JIT) after r100363.
28765 * bytecode/CodeBlock.h:
28767 2011-11-16 Geoffrey Garen <ggaren@apple.com>
28769 Rolled back in r100375 and r100385 with 32-bit build fixed.
28771 * dfg/DFGOperations.cpp:
28772 * jit/JITStubs.cpp:
28773 (JSC::DEFINE_STUB_FUNCTION):
28774 * runtime/ArgList.cpp:
28775 (JSC::ArgList::getSlice):
28776 * runtime/ArgList.h:
28777 * runtime/JSArray.cpp:
28778 (JSC::JSArray::finishCreation):
28779 * runtime/JSArray.h:
28780 (JSC::JSArray::create):
28781 * runtime/JSGlobalObject.h:
28782 (JSC::constructArray):
28784 2011-11-16 Filip Pizlo <fpizlo@apple.com>
28786 DFG global variable CSE mishandles the cross-global-object inlining corner case
28787 https://bugs.webkit.org/show_bug.cgi?id=72542
28789 Reviewed by Geoff Garen.
28791 Moved code to get the global object for a code origin into CodeBlock, so it is
28792 more broadly accessible. Fixed CSE to compare both the variable number, and the
28793 global object, before deciding to perform elimination.
28795 * bytecode/CodeBlock.h:
28796 (JSC::CodeBlock::globalObjectFor):
28797 * dfg/DFGAssemblyHelpers.h:
28798 (JSC::DFG::AssemblyHelpers::globalObjectFor):
28799 * dfg/DFGPropagator.cpp:
28800 (JSC::DFG::Propagator::globalVarLoadElimination):
28801 (JSC::DFG::Propagator::performNodeCSE):
28803 2011-11-16 Michael Saboff <msaboff@apple.com>
28805 Enable 8 Bit Strings in JavaScriptCore
28806 https://bugs.webkit.org/show_bug.cgi?id=71337
28808 This patch turns on 8 bit strings in StringImpl and enables
28809 their use in JavaScriptCore. Some of the changes are to
28810 turn on code that had been staged (Lexer.cpp, Identifier.cpp,
28811 SmallStrings.cpp and some of StringImpl.{h,cpp}).
28812 Other changes are minor fixes to make 8 bit strings work
28813 (UString.h, StringImpl::getData16SlowCase()).
28814 Changed StringBuffer to be a templated class based on character
28815 type. This change rippled into WebCore code as well.
28817 Reviewed by Geoffrey Garen.
28819 * JavaScriptCore.exp:
28820 * parser/Lexer.cpp:
28821 (JSC::::append8): Changed to use 8 bit buffers.
28822 (JSC::::parseIdentifier): Changed to use 8 bit buffers.
28823 (JSC::::parseString): Changed to use 8 bit buffers.
28824 * runtime/Identifier.cpp:
28825 (JSC::IdentifierCStringTranslator::translate): 8 bit version keeps data 8 bit
28826 (JSC::Identifier::toUInt32FromCharacters): Templated helper.
28827 (JSC::Identifier::toUInt32): Added 8 bit optimized path.
28828 * runtime/SmallStrings.cpp:
28829 (JSC::SmallStringsStorage::SmallStringsStorage): Changed to be 8 bit strings
28830 * runtime/UString.h:
28831 (JSC::UString::characters): Now calls StringImpl::characters()
28833 * wtf/text/StringBuffer.h: Made StringBuffer a template base on character type.
28834 (WTF::StringBuffer::StringBuffer):
28835 (WTF::StringBuffer::characters):
28836 (WTF::StringBuffer::release):
28837 * wtf/text/StringImpl.cpp:
28838 (WTF::StringImpl::create):
28839 (WTF::StringImpl::getData16SlowCase): Fixed null terminated case.
28840 (WTF::StringImpl::removeCharacters): Added 8 bit path.
28841 (WTF::StringImpl::simplifyMatchedCharactersToSpace):
28842 (WTF::StringImpl::simplifyWhiteSpace):
28843 (WTF::equal): Removed bug from code copied from null terminated version.
28844 (WTF::StringImpl::adopt): Added 8 bit path.
28845 (WTF::StringImpl::createWithTerminatingNullCharacter): Fixed 8 bi flag propagation.
28846 * wtf/text/StringImpl.h:
28847 (WTF::StringImpl::StringImpl): Added new 8 bit constructor.
28848 (WTF::StringImpl::characters8): Removed ASSERT_NOT_REACHED().
28849 (WTF::getCharacters<LChar>): Added templated accessor for 8 bit strings.
28850 (WTF::getCharacters<UChar>): Added templated accessor for 16 bit strings.
28851 * wtf/text/WTFString.h:
28852 (WTF::String::adopt): Changed to use StringBuffer template.
28854 2011-11-16 Mark Hahnenberg <mhahnenberg@apple.com>
28856 De-virtualize ExecutableBase::clearCodeVirtual
28857 https://bugs.webkit.org/show_bug.cgi?id=72337
28859 Reviewed by Darin Adler.
28861 Added static finalize functions to the subclasses of ExecutableBase that provide an implementation
28862 of clearCodeVirtual, changed all of the clearCodeVirtual methods to non-virtual clearCode method,
28863 and had the finalize functions call the corresponding clearCode methods.
28865 * runtime/Executable.cpp:
28866 (JSC::ExecutableBase::clearCode):
28867 (JSC::NativeExecutable::finalize):
28868 (JSC::EvalExecutable::finalize):
28869 (JSC::EvalExecutable::clearCode):
28870 (JSC::ProgramExecutable::finalize):
28871 (JSC::ProgramExecutable::clearCode):
28872 (JSC::FunctionExecutable::discardCode):
28873 (JSC::FunctionExecutable::finalize):
28874 (JSC::FunctionExecutable::clearCode):
28875 * runtime/Executable.h:
28876 (JSC::ExecutableBase::finishCreation):
28877 (JSC::NativeExecutable::create):
28878 (JSC::EvalExecutable::create):
28879 (JSC::ProgramExecutable::create):
28880 (JSC::FunctionExecutable::create):
28882 2011-11-16 Yusuke Suzuki <utatane.tea@gmail.com>
28884 String new RegExp('\n').toString() returns is invalid RegularExpressionLiteral
28885 https://bugs.webkit.org/show_bug.cgi?id=71572
28887 Reviewed by Gavin Barraclough and Darin Adler.
28889 * runtime/RegExpObject.cpp:
28890 (JSC::regExpObjectSource):
28892 2011-11-16 Darin Adler <darin@apple.com>
28894 Specialize HashTraits for OwnPtr to use PassOwnPtr and raw pointer
28895 https://bugs.webkit.org/show_bug.cgi?id=72475
28897 Reviewed by Adam Roben.
28899 * wtf/HashTraits.h: Specialize HashTraits for OwnPtr.
28900 Do overloads so we can pass a nullptr and also be sure to get the
28901 raw pointer type from the OwnPtr template so we handle both forms
28902 of OwnPtr: OwnPtr<T> and OwnPtr<T*>.
28904 2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
28906 [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
28908 Reviewed by Tor Arne Vestbø.
28910 * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
28912 2011-11-16 Simon Hausmann <simon.hausmann@nokia.com>
28914 Unreviewed, rolling out r100266.
28915 http://trac.webkit.org/changeset/100266
28921 2011-11-16 Darin Adler <darin@apple.com>
28923 Add a "pass type" and "peek type" concept to HashTraits
28924 https://bugs.webkit.org/show_bug.cgi?id=72473
28926 Reviewed by Filip Pizlo.
28928 * wtf/HashTraits.h: Added the pass type and peek type.
28929 For OwnPtr, the pass type will be PassOwnPtr and the peek
28930 type will be a raw pointer.
28932 2011-11-16 Darin Adler <darin@apple.com>
28934 Fix some hash traits that don't derive from the base hash traits
28935 https://bugs.webkit.org/show_bug.cgi?id=72470
28937 Reviewed by Filip Pizlo.
28939 Hash traits structures need to derive from the base hash traits in
28940 HashTraits.h, but some were not. This is needed for compatibility with
28941 some additional traits we will be adding to make OwnPtr work with HashMap.
28943 * runtime/Identifier.h: Make IdentifierMapIndexHashTraits derive from
28944 HashTraits<int>. This enabled removal of all the members except for the
28945 ones that control the empty value, because this is otherwise the same
28946 as the standard int hash.
28948 * runtime/SymbolTable.h: Changed SymbolTableIndexHashTraits to derive
28949 from HashTraits<SymbolTableEntry> and removed redundant members.
28951 2011-11-15 Sheriff Bot <webkit.review.bot@gmail.com>
28953 Unreviewed, rolling out r100375 and r100385.
28954 http://trac.webkit.org/changeset/100375
28955 http://trac.webkit.org/changeset/100385
28956 https://bugs.webkit.org/show_bug.cgi?id=72465
28958 They broke 32 bit builds on Qt (Requested by ossy on #webkit).
28960 * dfg/DFGOperations.cpp:
28961 * jit/JITStubs.cpp:
28962 (JSC::DEFINE_STUB_FUNCTION):
28963 * runtime/ArgList.cpp:
28964 (JSC::ArgList::getSlice):
28965 * runtime/ArgList.h:
28966 (JSC::ArgList::ArgList):
28967 * runtime/JSArray.cpp:
28968 * runtime/JSArray.h:
28969 * runtime/JSGlobalObject.h:
28971 2011-11-15 George Staikos <staikos@webkit.org>
28973 Remove the guard page from the addressable stack region on QNX.
28974 https://bugs.webkit.org/show_bug.cgi?id=72455
28976 Reviewed by Daniel Bates.
28978 * wtf/StackBounds.cpp:
28979 (WTF::StackBounds::initialize):
28981 2011-11-15 Michael Saboff <msaboff@apple.com>
28983 Towards 8 bit Strings - Update utf8() and ascii() methods for 8 bit strings
28984 https://bugs.webkit.org/show_bug.cgi?id=72323
28986 Added 8 bit optimized paths for String and UString ascii() and utf8() methods.
28988 Added String::characters8(), characters16() and is8Bit() helper methods.
28990 Added an new Unicode::convertLatin1ToUTF8() method that works on
28991 LChar (8 bit) strings that is a stripped down version of convertUTF16ToUTF8().
28993 Reviewed by Geoff Garen.
28995 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
28996 * runtime/UString.cpp:
28997 (JSC::UString::utf8):
28998 * wtf/text/WTFString.cpp:
28999 (WTF::String::ascii):
29000 (WTF::String::utf8):
29001 * wtf/text/WTFString.h:
29002 (WTF::String::characters8):
29003 (WTF::String::characters16):
29004 (WTF::String::is8Bit):
29007 * wtf/unicode/UTF8.cpp:
29008 (WTF::Unicode::convertLatin1ToUTF8):
29009 * wtf/unicode/UTF8.h:
29010 * wtf/unicode/Unicode.h:
29012 2011-11-15 Darin Adler <darin@apple.com>
29014 REGRESSION (r98887): ParserArena and Keywords leaking
29015 https://bugs.webkit.org/show_bug.cgi?id=72428
29017 Reviewed by Sam Weinig.
29019 * parser/Lexer.h: Made Keywords destructor public since OwnPtr and PassOwnPtr
29020 need to be able to destroy it.
29022 * parser/Parser.cpp:
29023 (JSC::Parser::Parser): Use get now that parserArena is an OwnPtr.
29025 * runtime/JSGlobalData.cpp:
29026 (JSC::JSGlobalData::JSGlobalData): Use adoptPtr to initialize OwnPtr members.
29028 * runtime/JSGlobalData.h: Make parserArena and keywords be OwnPtr.
29030 2011-11-15 Geoffrey Garen <ggaren@apple.com>
29032 Removed another use of ArgList that baked in the assumption that arguments
29033 are forward in the regiter file.
29035 Reviewed by Sam Weinig.
29037 * dfg/DFGOperations.cpp:
29038 * jit/JITStubs.cpp:
29039 (JSC::DEFINE_STUB_FUNCTION): Use our new array creation API, instead of
29040 working through ArgList.
29042 * runtime/ArgList.h: Removed!
29044 2011-11-15 Geoffrey Garen <ggaren@apple.com>
29046 Removed a use of ArgList that baked in the assumption that arguments
29047 are forward in the regiter file.
29049 Reviewed by Sam Weinig.
29051 * dfg/DFGOperations.cpp:
29052 * jit/JITStubs.cpp:
29053 (JSC::DEFINE_STUB_FUNCTION): Use new API.
29055 * runtime/ArgList.cpp:
29056 (JSC::ArgList::getSlice): No need to provide an arbitrary constructor --
29057 getSlice can do the right thing by using its rights to private data.
29059 * runtime/ArgList.h: Removed constructor that took a forward-contiguous
29062 * runtime/JSArray.cpp:
29063 (JSC::JSArray::finishCreation):
29064 * runtime/JSArray.h:
29065 (JSC::JSArray::create):
29066 * runtime/JSGlobalObject.h:
29067 (JSC::constructArray): Added explicit support for creating an array from
29068 a pre-allocated set of values, so we could stop relying on the ArgList
29069 API we want to remove.
29071 2011-11-15 Filip Pizlo <fpizlo@apple.com>
29073 Crash in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::DFG::SpeculationRecovery*)
29074 https://bugs.webkit.org/show_bug.cgi?id=72292
29076 Reviewed by Geoff Garen.
29078 We need to be careful about how we look for the baseline CodeBlock if we're lazy-compiling
29079 an OSR exit after our CodeBlock has been jettisoned. In short, use CodeBlock::baselineVersion()
29080 instead of CodeBlock::alternative().
29082 No performance effect.
29084 No tests because all of our heuristics work very hard to make sure that this never happens in
29085 the first place. OSR exits are rare by design, and jettisoning of CodeBlocks (i.e. recompilation)
29086 is even rarer. Furthermore, OSR exits after a CodeBlock has been jettisoned is rarer still
29087 because the whole point of jettisoning is to bring the probability of future OSR exits to as
29088 close to zero as possible. But even that isn't enough to trigger this bug; it requires the OSR
29089 exit after a jettison to be the first of its kind; our whole design tries to ensure that
29090 CodeBlocks tend to OSR exit at a handful (i.e. 1 in most cases) of points, and since jettisoning
29091 is triggered by OSR, in most sane cases the OSR exits after jettison will not require lazy OSR
29092 compilation. So this is a truly evil case, and any test for it would be quite fragile.
29094 * bytecode/CodeBlock.h:
29095 (JSC::CodeBlock::specializationKind):
29096 (JSC::CodeBlock::largeFailCountThreshold):
29097 (JSC::CodeBlock::largeFailCountThresholdForLoop):
29098 * dfg/DFGAssemblyHelpers.h:
29099 (JSC::DFG::AssemblyHelpers::AssemblyHelpers):
29100 (JSC::DFG::AssemblyHelpers::baselineCodeBlockFor):
29101 (JSC::DFG::AssemblyHelpers::baselineCodeBlock):
29102 * dfg/DFGDriver.cpp:
29103 (JSC::DFG::compile):
29104 * dfg/DFGOSRExitCompiler.cpp:
29105 * dfg/DFGOSRExitCompiler64.cpp:
29106 (JSC::DFG::OSRExitCompiler::compileExit):
29108 2011-11-15 Geoffrey Garen <ggaren@apple.com>
29110 Use MarkedArgumentBuffer to avoid making assumptions about argument order
29111 https://bugs.webkit.org/show_bug.cgi?id=72418
29113 Reviewed by Sam Weinig.
29115 A step toward reversing the argument order.
29117 * runtime/JSONObject.cpp:
29118 (JSC::Stringifier::toJSON):
29119 (JSC::Stringifier::appendStringifiedValue):
29120 (JSC::Walker::callReviver): Don't assume that ArgList wants to point
29121 at arguments in forward order. Instead, use MarkedArgumentBuffer, which
29122 will make the decision for us.
29124 2011-11-15 Filip Pizlo <fpizlo@apple.com>
29126 DFG should distinguish between constants in the constant pool and weak
29127 constants added as artifacts of code generation
29128 https://bugs.webkit.org/show_bug.cgi?id=72367
29130 Reviewed by Geoff Garen.
29132 Added the notion of a WeakJSConstant, which is like a JSConstant except that
29133 it can only refer to JSCell*. Currently all WeakJSConstants are also backed
29134 by constants in the constant pool, since weak references originated from
29135 machine code are not yet properly handled.
29137 Replaced CheckMethod, and MethodCheckData, with a combination of WeakJSConstant
29138 and CheckStructure. This results in improved CSE, leading to a 1% win on V8.
29140 * dfg/DFGAbstractState.cpp:
29141 (JSC::DFG::AbstractState::execute):
29142 * dfg/DFGByteCodeParser.cpp:
29143 (JSC::DFG::ByteCodeParser::cellConstant):
29144 (JSC::DFG::ByteCodeParser::prepareToParseBlock):
29145 (JSC::DFG::ByteCodeParser::parseBlock):
29146 * dfg/DFGGraph.cpp:
29147 (JSC::DFG::Graph::dump):
29149 (JSC::DFG::Graph::getJSConstantPrediction):
29150 (JSC::DFG::Graph::valueOfJSConstant):
29151 (JSC::DFG::Graph::valueOfInt32Constant):
29152 (JSC::DFG::Graph::valueOfNumberConstant):
29153 (JSC::DFG::Graph::valueOfBooleanConstant):
29155 (JSC::DFG::Node::isWeakConstant):
29156 (JSC::DFG::Node::hasConstant):
29157 (JSC::DFG::Node::weakConstant):
29158 (JSC::DFG::Node::valueOfJSConstant):
29159 (JSC::DFG::Node::isInt32Constant):
29160 (JSC::DFG::Node::isDoubleConstant):
29161 (JSC::DFG::Node::isNumberConstant):
29162 (JSC::DFG::Node::isBooleanConstant):
29163 (JSC::DFG::Node::hasIdentifier):
29164 * dfg/DFGPropagator.cpp:
29165 (JSC::DFG::Propagator::propagateNodePredictions):
29166 (JSC::DFG::Propagator::performNodeCSE):
29167 * dfg/DFGSpeculativeJIT32_64.cpp:
29168 (JSC::DFG::SpeculativeJIT::compile):
29169 * dfg/DFGSpeculativeJIT64.cpp:
29170 (JSC::DFG::SpeculativeJIT::compile):
29172 2011-11-15 Michael Saboff <msaboff@apple.com>
29174 Towards 8 bit Strings - Initial JS String Tuning
29175 https://bugs.webkit.org/show_bug.cgi?id=72326
29177 Added 8 bit optimized paths for the methods below.
29179 Reviewed by Geoffrey Garen.
29181 * runtime/JSString.h:
29182 (JSC::jsSubstring8):
29183 * runtime/StringPrototype.cpp:
29184 (JSC::jsSpliceSubstrings):
29185 (JSC::jsSpliceSubstringsWithSeparators):
29186 (JSC::stringProtoFuncReplace):
29187 (JSC::stringProtoFuncCharCodeAt):
29189 2011-11-15 Gavin Barraclough <barraclough@apple.com>
29191 Result of Error.prototype.toString not ES5 conformant
29192 https://bugs.webkit.org/show_bug.cgi?id=70889
29194 Reviewed by Oliver Hunt.
29196 * runtime/ErrorPrototype.cpp:
29197 (JSC::errorProtoFuncToString):
29199 2011-11-15 Simon Hausmann <simon.hausmann@nokia.com>
29201 [Qt] Centralize hide_symbols and ensure all libs are built with symbol visibility & bsymbolic_functions
29203 Reviewed by Tor Arne Vestbø.
29205 * Target.pri: Eliminate duplicated symbol stuff that lives now in default_post.prf.
29207 2011-11-15 Yuqiang Xian <yuqiang.xian@intel.com>
29209 Remove DFGJITCompilerInlineMethods
29210 https://bugs.webkit.org/show_bug.cgi?id=72366
29212 Reviewed by Filip Pizlo.
29214 Those methods are actually seldom used. Modify the few such places and
29215 remove DFGJITCompilerInlineMethods stuffs totally.
29217 * GNUmakefile.list.am:
29218 * JavaScriptCore.xcodeproj/project.pbxproj:
29219 * dfg/DFGJITCompiler.h:
29220 (JSC::DFG::JITCompiler::addressOfDoubleConstant):
29221 * dfg/DFGJITCompilerInlineMethods.h: Removed.
29222 * dfg/DFGSpeculativeJIT.cpp:
29223 * dfg/DFGSpeculativeJIT.h:
29224 (JSC::DFG::SpeculativeJIT::silentFillFPR):
29225 * dfg/DFGSpeculativeJIT32_64.cpp:
29226 (JSC::DFG::SpeculativeJIT::fillJSValue):
29227 (JSC::DFG::SpeculativeJIT::cachedGetMethod):
29229 2011-11-14 Filip Pizlo <fpizlo@apple.com>
29231 DFG::SpeculativeJIT and DFG::JITCodeGenerator should be combined
29232 https://bugs.webkit.org/show_bug.cgi?id=72348
29234 Reviewed by Gavin Barraclough.
29236 Moved all of JITCodeGenerator into SpeculativeJIT.
29239 * GNUmakefile.list.am:
29240 * JavaScriptCore.xcodeproj/project.pbxproj:
29242 * dfg/DFGJITCodeGenerator.cpp: Removed.
29243 * dfg/DFGJITCodeGenerator.h: Removed.
29244 * dfg/DFGJITCodeGenerator32_64.cpp: Removed.
29245 * dfg/DFGJITCodeGenerator64.cpp: Removed.
29246 * dfg/DFGJITCompiler.cpp:
29247 * dfg/DFGRepatch.cpp:
29248 (JSC::DFG::generateProtoChainAccessStub):
29249 (JSC::DFG::tryCacheGetByID):
29250 (JSC::DFG::tryCachePutByID):
29251 * dfg/DFGSpeculativeJIT.cpp:
29252 (JSC::DFG::SpeculativeJIT::clearGenerationInfo):
29253 (JSC::DFG::SpeculativeJIT::fillStorage):
29254 (JSC::DFG::SpeculativeJIT::useChildren):
29255 (JSC::DFG::SpeculativeJIT::isStrictInt32):
29256 (JSC::DFG::SpeculativeJIT::isKnownInteger):
29257 (JSC::DFG::SpeculativeJIT::isKnownNumeric):
29258 (JSC::DFG::SpeculativeJIT::isKnownCell):
29259 (JSC::DFG::SpeculativeJIT::isKnownNotCell):
29260 (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
29261 (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
29262 (JSC::DFG::SpeculativeJIT::isKnownBoolean):
29263 (JSC::DFG::SpeculativeJIT::writeBarrier):
29264 (JSC::DFG::SpeculativeJIT::markCellCard):
29265 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
29266 (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
29267 (JSC::DFG::dataFormatString):
29268 (JSC::DFG::SpeculativeJIT::dump):
29269 (JSC::DFG::SpeculativeJIT::checkConsistency):
29270 (JSC::DFG::GPRTemporary::GPRTemporary):
29271 (JSC::DFG::GPRTemporary::adopt):
29272 (JSC::DFG::FPRTemporary::FPRTemporary):
29273 * dfg/DFGSpeculativeJIT.h:
29274 (JSC::DFG::SpeculativeJIT::at):
29275 (JSC::DFG::SpeculativeJIT::lock):
29276 (JSC::DFG::SpeculativeJIT::unlock):
29277 (JSC::DFG::SpeculativeJIT::canReuse):
29278 (JSC::DFG::SpeculativeJIT::reuse):
29279 (JSC::DFG::SpeculativeJIT::allocate):
29280 (JSC::DFG::SpeculativeJIT::tryAllocate):
29281 (JSC::DFG::SpeculativeJIT::fprAllocate):
29282 (JSC::DFG::SpeculativeJIT::isFilled):
29283 (JSC::DFG::SpeculativeJIT::isFilledDouble):
29284 (JSC::DFG::SpeculativeJIT::use):
29285 (JSC::DFG::SpeculativeJIT::selectScratchGPR):
29286 (JSC::DFG::SpeculativeJIT::silentSpillGPR):
29287 (JSC::DFG::SpeculativeJIT::silentSpillFPR):
29288 (JSC::DFG::SpeculativeJIT::silentFillGPR):
29289 (JSC::DFG::SpeculativeJIT::silentFillFPR):
29290 (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):
29291 (JSC::DFG::SpeculativeJIT::silentFillAllRegisters):
29292 (JSC::DFG::SpeculativeJIT::boxDouble):
29293 (JSC::DFG::SpeculativeJIT::unboxDouble):
29294 (JSC::DFG::SpeculativeJIT::spill):
29295 (JSC::DFG::SpeculativeJIT::isConstant):
29296 (JSC::DFG::SpeculativeJIT::isJSConstant):
29297 (JSC::DFG::SpeculativeJIT::isInt32Constant):
29298 (JSC::DFG::SpeculativeJIT::isDoubleConstant):
29299 (JSC::DFG::SpeculativeJIT::isNumberConstant):
29300 (JSC::DFG::SpeculativeJIT::isBooleanConstant):
29301 (JSC::DFG::SpeculativeJIT::isFunctionConstant):
29302 (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
29303 (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
29304 (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
29305 (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
29306 (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
29307 (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
29308 (JSC::DFG::SpeculativeJIT::isNullConstant):
29309 (JSC::DFG::SpeculativeJIT::identifier):
29310 (JSC::DFG::SpeculativeJIT::flushRegisters):
29311 (JSC::DFG::SpeculativeJIT::isFlushed):
29312 (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImmPtr):
29313 (JSC::DFG::SpeculativeJIT::bitOp):
29314 (JSC::DFG::SpeculativeJIT::shiftOp):
29315 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
29316 (JSC::DFG::SpeculativeJIT::addressOfCallData):
29317 (JSC::DFG::SpeculativeJIT::tagOfCallData):
29318 (JSC::DFG::SpeculativeJIT::payloadOfCallData):
29319 (JSC::DFG::SpeculativeJIT::integerResult):
29320 (JSC::DFG::SpeculativeJIT::noResult):
29321 (JSC::DFG::SpeculativeJIT::cellResult):
29322 (JSC::DFG::SpeculativeJIT::booleanResult):
29323 (JSC::DFG::SpeculativeJIT::jsValueResult):
29324 (JSC::DFG::SpeculativeJIT::storageResult):
29325 (JSC::DFG::SpeculativeJIT::doubleResult):
29326 (JSC::DFG::SpeculativeJIT::initConstantInfo):
29327 (JSC::DFG::SpeculativeJIT::resetCallArguments):
29328 (JSC::DFG::SpeculativeJIT::addCallArgument):
29329 (JSC::DFG::SpeculativeJIT::setupArguments):
29330 (JSC::DFG::SpeculativeJIT::setupArgumentsExecState):
29331 (JSC::DFG::SpeculativeJIT::setupArgumentsWithExecState):
29332 (JSC::DFG::SpeculativeJIT::setupTwoStubArgs):
29333 (JSC::DFG::SpeculativeJIT::setupStubArguments):
29334 (JSC::DFG::SpeculativeJIT::callOperation):
29335 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
29336 (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
29337 (JSC::DFG::SpeculativeJIT::setupResults):
29338 (JSC::DFG::SpeculativeJIT::appendCallSetResult):
29339 (JSC::DFG::SpeculativeJIT::addBranch):
29340 (JSC::DFG::SpeculativeJIT::linkBranches):
29341 (JSC::DFG::SpeculativeJIT::block):
29342 (JSC::DFG::SpeculativeJIT::checkConsistency):
29343 (JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
29344 (JSC::DFG::IntegerOperand::IntegerOperand):
29345 (JSC::DFG::IntegerOperand::~IntegerOperand):
29346 (JSC::DFG::IntegerOperand::index):
29347 (JSC::DFG::IntegerOperand::format):
29348 (JSC::DFG::IntegerOperand::gpr):
29349 (JSC::DFG::IntegerOperand::use):
29350 (JSC::DFG::DoubleOperand::DoubleOperand):
29351 (JSC::DFG::DoubleOperand::~DoubleOperand):
29352 (JSC::DFG::DoubleOperand::index):
29353 (JSC::DFG::DoubleOperand::fpr):
29354 (JSC::DFG::DoubleOperand::use):
29355 (JSC::DFG::JSValueOperand::JSValueOperand):
29356 (JSC::DFG::JSValueOperand::~JSValueOperand):
29357 (JSC::DFG::JSValueOperand::index):
29358 (JSC::DFG::JSValueOperand::gpr):
29359 (JSC::DFG::JSValueOperand::jsValueRegs):
29360 (JSC::DFG::JSValueOperand::isDouble):
29361 (JSC::DFG::JSValueOperand::fill):
29362 (JSC::DFG::JSValueOperand::tagGPR):
29363 (JSC::DFG::JSValueOperand::payloadGPR):
29364 (JSC::DFG::JSValueOperand::fpr):
29365 (JSC::DFG::JSValueOperand::use):
29366 (JSC::DFG::StorageOperand::StorageOperand):
29367 (JSC::DFG::StorageOperand::~StorageOperand):
29368 (JSC::DFG::StorageOperand::index):
29369 (JSC::DFG::StorageOperand::gpr):
29370 (JSC::DFG::StorageOperand::use):
29371 (JSC::DFG::GPRTemporary::~GPRTemporary):
29372 (JSC::DFG::GPRTemporary::gpr):
29373 (JSC::DFG::FPRTemporary::~FPRTemporary):
29374 (JSC::DFG::FPRTemporary::fpr):
29375 (JSC::DFG::FPRTemporary::FPRTemporary):
29376 (JSC::DFG::GPRResult::GPRResult):
29377 (JSC::DFG::GPRResult2::GPRResult2):
29378 (JSC::DFG::FPRResult::FPRResult):
29379 (JSC::DFG::FPRResult::lockedResult):
29380 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
29381 * dfg/DFGSpeculativeJIT32_64.cpp:
29382 (JSC::DFG::SpeculativeJIT::fillInteger):
29383 (JSC::DFG::SpeculativeJIT::fillDouble):
29384 (JSC::DFG::SpeculativeJIT::fillJSValue):
29385 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
29386 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
29387 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
29388 (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
29389 (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
29390 (JSC::DFG::SpeculativeJIT::cachedGetById):
29391 (JSC::DFG::SpeculativeJIT::cachedPutById):
29392 (JSC::DFG::SpeculativeJIT::cachedGetMethod):
29393 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
29394 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
29395 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
29396 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
29397 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
29398 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
29399 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
29400 (JSC::DFG::SpeculativeJIT::emitCall):
29401 * dfg/DFGSpeculativeJIT64.cpp:
29402 (JSC::DFG::SpeculativeJIT::fillInteger):
29403 (JSC::DFG::SpeculativeJIT::fillDouble):
29404 (JSC::DFG::SpeculativeJIT::fillJSValue):
29405 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
29406 (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
29407 (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
29408 (JSC::DFG::SpeculativeJIT::nonSpeculativeKnownConstantArithOp):
29409 (JSC::DFG::SpeculativeJIT::nonSpeculativeBasicArithOp):
29410 (JSC::DFG::SpeculativeJIT::cachedGetById):
29411 (JSC::DFG::SpeculativeJIT::cachedPutById):
29412 (JSC::DFG::SpeculativeJIT::cachedGetMethod):
29413 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
29414 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
29415 (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
29416 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
29417 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
29418 (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
29419 (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
29420 (JSC::DFG::SpeculativeJIT::emitCall):
29421 * runtime/JSFunction.h:
29423 2011-11-14 Filip Pizlo <fpizlo@apple.com>
29425 Weak reference harvesters should run to fixpoint
29426 https://bugs.webkit.org/show_bug.cgi?id=72346
29428 Reviewed by Oliver Hunt.
29431 (JSC::Heap::markRoots):
29432 * heap/ListableHandler.h:
29433 (JSC::ListableHandler::next):
29434 (JSC::ListableHandler::List::head):
29435 (JSC::ListableHandler::List::removeNext):
29436 (JSC::ListableHandler::List::removeAll):
29437 * heap/MarkStack.cpp:
29438 (JSC::MarkStackThreadSharedData::reset):
29439 (JSC::SlotVisitor::harvestWeakReferences):
29440 * heap/MarkStack.h:
29441 (JSC::MarkStack::isEmpty):
29443 2011-11-14 Oliver Hunt <oliver@apple.com>
29445 Start migrating typed array impl types to WTF
29446 https://bugs.webkit.org/show_bug.cgi?id=72336
29448 Reviewed by Geoffrey Garen.
29450 Add typed array impls to WTF forwarding header.
29454 2011-11-14 Julien Chaffraix <jchaffraix@webkit.org>
29456 Add --css-grid-layout to build-webkit and the build systems
29457 https://bugs.webkit.org/show_bug.cgi?id=72320
29459 Reviewed by Ojan Vafai.
29461 * Configurations/FeatureDefines.xcconfig:
29463 2011-11-14 Geoffrey Garen <ggaren@apple.com>
29465 A little bit of arguments / activation cleanup
29466 https://bugs.webkit.org/show_bug.cgi?id=72339
29468 Reviewed by Gavin Barraclough.
29470 Renamed copyRegisters => tearOff to match bytecode and other terminology.
29472 Renamed setActivation => didTearOffActivation to indicate that this is a
29473 notification the object may choose to ignore. Moved "Should I ignore?"
29474 code into the arguments object to avoid duplication elsewhere.
29476 * interpreter/Interpreter.cpp:
29477 (JSC::Interpreter::unwindCallFrame):
29478 (JSC::Interpreter::privateExecute):
29479 (JSC::Interpreter::retrieveArguments):
29480 * jit/JITStubs.cpp:
29481 (JSC::DEFINE_STUB_FUNCTION):
29482 * runtime/Arguments.h:
29483 (JSC::Arguments::createAndTearOff):
29484 (JSC::Arguments::didTearOffActivation):
29485 (JSC::Arguments::finishCreationButDontTearOff):
29486 (JSC::Arguments::finishCreation):
29487 (JSC::Arguments::finishCreationAndTearOff):
29488 (JSC::Arguments::tearOff):
29490 * runtime/JSActivation.h:
29491 (JSC::JSActivation::tearOff): Moved Activation's code into its own header
29492 because that's where it belongs.
29494 2011-11-14 Gavin Barraclough <barraclough@apple.com>
29496 Should sign the jsc binary
29497 https://bugs.webkit.org/show_bug.cgi?id=72332
29499 Reviewed by David Kilzer.
29501 * Configurations/JSC.xcconfig:
29502 * entitlements.plist: Added.
29504 2011-11-14 Filip Pizlo <fpizlo@apple.com>
29506 DFG's inline references to objects should be tracked
29507 https://bugs.webkit.org/show_bug.cgi?id=72313
29509 Reviewed by Gavin Barraclough.
29511 Added a pinCell() method in the parser that currently creates a
29512 dummy constant in CodeBlock. Added calls to pinCell() wherever the
29513 DFG would inline a constant reference that the original code would
29514 not have referred to.
29516 * dfg/DFGByteCodeParser.cpp:
29517 (JSC::DFG::ByteCodeParser::getCellConstantIndex):
29518 (JSC::DFG::ByteCodeParser::pinCell):
29519 (JSC::DFG::ByteCodeParser::cellConstant):
29520 (JSC::DFG::ByteCodeParser::handleCall):
29521 (JSC::DFG::ByteCodeParser::handleInlining):
29522 (JSC::DFG::ByteCodeParser::parseBlock):
29524 2011-11-14 Filip Pizlo <fpizlo@apple.com>
29526 DFG put_by_id transition optimizations test the wrong structures
29527 https://bugs.webkit.org/show_bug.cgi?id=72324
29529 Reviewed by Gavin Barraclough.
29531 * dfg/DFGByteCodeParser.cpp:
29532 (JSC::DFG::ByteCodeParser::structureChainIsStillValid):
29533 (JSC::DFG::ByteCodeParser::parseBlock):
29534 * jit/JITPropertyAccess.cpp:
29535 (JSC::JIT::privateCompilePutByIdTransition):
29537 2011-11-14 Michael Saboff <msaboff@apple.com>
29539 Further changes and cleanup to JSString.h and cpp.
29541 Reviewed by Darin Adler.
29543 * runtime/JSString.cpp:
29544 (JSC::JSString::resolveRope): Change PassRefPtr to RefPtr. Eliminated exec in slow case calls.
29545 (JSC::JSString::resolveRopeSlowCase8): Darin and I agreed that this should have 8 in name.
29546 (JSC::JSString::resolveRopeSlowCase): Removed exec parameter.
29547 * runtime/JSString.h:
29549 2011-11-14 Adam Barth <abarth@webkit.org>
29551 DateMath.cpp should not depend on JavaScriptCore
29552 https://bugs.webkit.org/show_bug.cgi?id=71747
29554 Reviewed by Darin Adler.
29556 This patch moves the JSC-specific parts of DateMath into JSDateMath in
29557 JavaScriptCore. There shouldn't be any behavior change.
29560 * GNUmakefile.list.am:
29561 * JavaScriptCore.gypi:
29562 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
29563 * JavaScriptCore.xcodeproj/project.pbxproj:
29565 * runtime/DateConstructor.cpp:
29566 * runtime/DateConversion.cpp:
29567 * runtime/DateInstance.cpp:
29568 * runtime/DateInstanceCache.h:
29569 * runtime/DatePrototype.cpp:
29570 * runtime/InitializeThreading.cpp:
29571 * runtime/JSDateMath.cpp: Copied from Source/JavaScriptCore/wtf/DateMath.cpp.
29573 (JSC::msToSeconds):
29574 * runtime/JSDateMath.h: Copied from Source/JavaScriptCore/wtf/DateMath.h.
29575 * wtf/DateMath.cpp:
29578 (WTF::msToMinutes):
29580 (WTF::parseDateFromNullTerminatedCharacters):
29581 (WTF::makeRFC2822DateString):
29584 2011-11-14 Michael Saboff <msaboff@apple.com>
29586 Towards 8 bit strings - Add 8 bit handling to JSString Ropes
29587 https://bugs.webkit.org/show_bug.cgi?id=72317
29589 Added bit to track that a rope is made up of all 8 bit fibers.
29590 Created an 8 bit path (fast and slow cases) to handle 8 bit
29593 Reviewed by Oliver Hunt.
29595 * runtime/JSString.cpp:
29596 (JSC::JSString::resolveRope):
29597 (JSC::JSString::resolveRopeSlowCase8):
29598 (JSC::JSString::resolveRopeSlowCase16):
29599 * runtime/JSString.h:
29600 (JSC::RopeBuilder::finishCreation):
29601 (JSC::RopeBuilder::is8Bit):
29602 (JSC::jsSubstring8):
29604 2011-11-14 Geoffrey Garen <ggaren@apple.com>
29606 A little bit of function call cleanup
29607 https://bugs.webkit.org/show_bug.cgi?id=72314
29609 Reviewed by Oliver Hunt.
29611 * bytecompiler/BytecodeGenerator.cpp:
29612 (JSC::BytecodeGenerator::emitCall): Renamed callFrame to registerOffset
29613 because this value doesn't give you the offset of the callee's call frame.
29615 (JSC::BytecodeGenerator::emitReturn): Tightened to use equality instead
29616 of greater-than. Removed comment since its reasoning was wrong.
29618 (JSC::BytecodeGenerator::emitConstruct): Updated for rename mentioned above.
29620 (JSC::BytecodeGenerator::isArgumentNumber): Provided a more precise way
29621 to ask this question, giving the bytecode generator more freedom to change
29622 internal implementation details.
29624 * bytecompiler/BytecodeGenerator.h: Reduced default vector capacity because
29626 (JSC::CallArguments::registerOffset): Updated for rename mentioned above.
29628 * bytecompiler/NodesCodegen.cpp:
29629 (JSC::CallArguments::CallArguments):
29630 (JSC::CallArguments::newArgument): Factored out argument allocation into
29631 a helper function, so I can change it later.
29633 (JSC::CallFunctionCallDotNode::emitBytecode):
29634 (JSC::FunctionBodyNode::emitBytecode): Use helper function mentioned above.
29636 2011-11-14 Tony Chang <tony@chromium.org>
29638 Remove the CSS3_FLEXBOX compile time flag and enable on all ports
29639 https://bugs.webkit.org/show_bug.cgi?id=72196
29641 Reviewed by Ojan Vafai.
29643 * Configurations/FeatureDefines.xcconfig:
29645 2011-11-14 Mark Rowe <mrowe@apple.com>
29647 <rdar://problem/10424154> testRegExp should not be installed as part of JavaScriptCore
29649 testRegExp and testapi.js were being installed in the JavaScriptCore framework.
29650 As test-only tools they shouldn't be installed there by default, only when
29651 FORCE_TOOL_INSTALL is set to YES.
29653 This patch incorprorates a few related changes:
29654 1) Make the jsc and testRegExp targets be configured via .xcconfig files.
29655 2) Sets up testRegExp so that SKIP_INSTALL is YES by default, and only NO when
29656 FORCE_TOOL_INSTALL is YES.
29657 3) Switches the testapi target to using a script build phase to install testapi.js
29658 so that the installation will be skipped when SKIP_INSTALL is YES. I'm not sure
29659 why this isn't the built-in behavior when a Copy Files build phase has "Copy only
29660 when installing" checked, but it doesn't seem to be.
29661 4) Other random cleanup such as removing a bogus group that refers to files that do
29662 not exist, moving testRegExp.cpp in to the tests group, etc.
29664 Reviewed by Geoff Garen.
29666 * Configurations/JSC.xcconfig: Added.
29667 * Configurations/TestRegExp.xcconfig: Added.
29668 * JavaScriptCore.xcodeproj/project.pbxproj:
29670 2011-11-14 Michael Saboff <msaboff@apple.com>
29672 Towards 8 bit strings - Add 8 bit paths to StringImpl methods
29673 https://bugs.webkit.org/show_bug.cgi?id=72290
29675 Added 8 bit patchs to StringImpl to number and find methods.
29677 Reviewed by Oliver Hunt.
29679 * wtf/text/StringImpl.cpp:
29680 (WTF::StringImpl::toIntStrict):
29681 (WTF::StringImpl::toUIntStrict):
29682 (WTF::StringImpl::toInt64Strict):
29683 (WTF::StringImpl::toUInt64Strict):
29684 (WTF::StringImpl::toIntPtrStrict):
29685 (WTF::StringImpl::toInt):
29686 (WTF::StringImpl::toUInt):
29687 (WTF::StringImpl::toInt64):
29688 (WTF::StringImpl::toUInt64):
29689 (WTF::StringImpl::toIntPtr):
29690 (WTF::StringImpl::toDouble):
29691 (WTF::StringImpl::toFloat):
29692 (WTF::StringImpl::find):
29693 (WTF::StringImpl::reverseFind):
29694 * wtf/text/WTFString.cpp:
29695 (WTF::toIntegralType):
29696 (WTF::lengthOfCharactersAsInteger):
29697 (WTF::charactersToIntStrict):
29698 (WTF::charactersToUIntStrict):
29699 (WTF::charactersToInt64Strict):
29700 (WTF::charactersToUInt64Strict):
29701 (WTF::charactersToIntPtrStrict):
29702 (WTF::charactersToInt):
29703 (WTF::charactersToUInt):
29704 (WTF::charactersToInt64):
29705 (WTF::charactersToUInt64):
29706 (WTF::charactersToIntPtr):
29707 (WTF::toDoubleType):
29708 (WTF::charactersToDouble):
29709 (WTF::charactersToFloat):
29710 * wtf/text/WTFString.h:
29712 (WTF::reverseFind):
29714 2011-11-14 Vincent Scheib <scheib@chromium.org>
29716 Mouse Lock: Renaming to 'Pointer Lock': ENABLE Flags
29717 https://bugs.webkit.org/show_bug.cgi?id=72286
29719 Reviewed by Adam Barth.
29723 2011-11-14 Gavin Barraclough <barraclough@apple.com>
29725 https://bugs.webkit.org/show_bug.cgi?id=72280
29727 Rubber stamped by Geoff Garen.
29731 * JavaScriptCore.xcodeproj/project.pbxproj:
29732 * wtf/OSAllocatorPosix.cpp:
29733 (WTF::OSAllocator::reserveAndCommit):
29735 2011-11-14 Geoffrey Garen <ggaren@apple.com>
29737 32-bit Build fix: declare virtual register indices to be int rather than
29738 unsigned, since they can be positive or negative.
29740 For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
29741 state, since we'll never load and operate on the ReturnPC as a JS value.
29746 * jit/JITInlineMethods.h:
29747 (JSC::JIT::emitLoadTag):
29748 (JSC::JIT::emitLoadPayload):
29749 (JSC::JIT::emitLoad):
29750 (JSC::JIT::emitLoad2):
29751 (JSC::JIT::emitLoadDouble):
29752 (JSC::JIT::emitLoadInt32ToDouble):
29753 (JSC::JIT::emitStore):
29754 (JSC::JIT::emitStoreInt32):
29755 (JSC::JIT::emitStoreAndMapInt32):
29756 (JSC::JIT::emitStoreCell):
29757 (JSC::JIT::emitStoreBool):
29758 (JSC::JIT::emitStoreDouble):
29761 (JSC::JIT::isMapped):
29762 (JSC::JIT::getMappedPayload):
29763 (JSC::JIT::getMappedTag):
29764 (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
29766 2011-11-14 Michael Saboff <msaboff@apple.com>
29768 Remove unused m_data member from UStringSourceProvider
29769 https://bugs.webkit.org/show_bug.cgi?id=72289
29771 Removed unused m_data member from UStringSourceProvider.
29773 Reviewed by Oliver Hunt.
29775 * parser/SourceProvider.h:
29776 (JSC::UStringSourceProvider::UStringSourceProvider):
29778 2011-11-14 Michael Saboff <msaboff@apple.com>
29780 Towards 8 Bit Strings: Templatize YARR Parser
29781 https://bugs.webkit.org/show_bug.cgi?id=72288
29783 Changed Yarr::Parser to be a template based on character type.
29785 Reviewed by Oliver Hunt.
29787 * yarr/YarrParser.h:
29788 (JSC::Yarr::Parser::Parser):
29789 (JSC::Yarr::parse):
29791 2011-11-14 Geoffrey Garen <ggaren@apple.com>
29793 32-bit build fix: Removed unused declaration.
29795 * dfg/DFGJITCodeGenerator32_64.cpp:
29796 (JSC::DFG::JITCodeGenerator::emitCall):
29798 2011-11-12 Geoffrey Garen <ggaren@apple.com>
29800 Standardized the JS calling convention
29801 https://bugs.webkit.org/show_bug.cgi?id=72221
29803 Reviewed by Oliver Hunt.
29805 This patch standardizes the calling convention so that the caller always
29806 sets up the callee's CallFrame. Adjustments for call type, callee type,
29807 argument count, etc. now always take place after that initial setup.
29809 This is a step toward reversing the argument order, but also has these
29810 immediate benefits (measured on x64):
29812 (1) 1% benchmark speedup across the board.
29814 (2) 50% code size reduction in baseline JIT function calls.
29816 (3) 1.5x speedup for single-dispatch .apply forwarding.
29818 (4) 1.1x speedup for multi-dispatch .apply forwarding.
29820 This change affected the baseline JIT most, since the baseline JIT had
29821 lots of ad hoc calling conventions for different caller / callee types.
29823 * assembler/MacroAssemblerX86_64.h:
29824 (JSC::MacroAssemblerX86_64::branchPtr):
29825 (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
29826 a test, like other assemblers do. (I added some compares to 0, and didn't
29827 want them to be slow.)
29829 * bytecode/CodeBlock.cpp:
29830 (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
29831 op_call_varargs could share code generation with other forms of op_call.
29832 This is also a small optimization, since op_*varargs no longer have to
29833 pass arguments to each other through the register file.
29835 (JSC::CallLinkInfo::unlink):
29836 * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
29837 us to link functions called through .apply syntax. We need to distinguish
29838 CallVarargs from Call because CallVarargs changes its argument count
29839 on each inovcation, so we must always link to the argument count checking
29840 version of the callee.
29842 * bytecode/Opcode.h:
29843 * bytecompiler/BytecodeGenerator.cpp:
29844 (JSC::BytecodeGenerator::emitCallVarargs):
29845 * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
29847 * bytecompiler/NodesCodegen.cpp:
29848 (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
29849 some of this bytecode generation to remove redundant copies.
29851 * dfg/DFGJITCodeGenerator32_64.cpp:
29852 (JSC::DFG::JITCodeGenerator::emitCall):
29853 * dfg/DFGJITCodeGenerator64.cpp:
29854 (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
29855 DFG doesn't support this type, but its code needs to change slightly
29856 to accomodate a 3-state variable.
29858 Stopped passing the argument count in regT1 because this is non-standard.
29859 (The argument count goes in the CallFrame. This trades speed on the slow
29860 path for speed and code size on the fast path, and simplicity on all paths.
29861 A good trade, in my opinion.)
29863 * dfg/DFGJITCompiler.cpp:
29864 (JSC::DFG::JITCompiler::compileEntry):
29865 (JSC::DFG::JITCompiler::link):
29866 (JSC::DFG::JITCompiler::compile):
29867 (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
29868 setup more obvious when single-stepping. Also, updated for argument count
29869 not being in regT1.
29871 * dfg/DFGJITCompiler.h:
29872 (JSC::DFG::JITCompiler::addJSCall):
29873 (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
29876 * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
29877 doing anything else. Don't check for stack overflow because we have no callee
29878 registers, and our caller has already checked for its own registers.
29880 * dfg/DFGRepatch.cpp:
29881 (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
29882 count doesn't match -- we just need to link to the argument count checking
29885 * interpreter/CallFrameClosure.h:
29886 (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
29887 arguments from C++, we need to supply a full copy of the arguments prior
29888 to the subset copy that matches our callee's argument count. (That is what
29889 the standard calling convention would have produced in JS.) I would have
29890 split this into its own patch, but I couldn't find a way to get the JIT
29891 to fail a regression test in this area without my patch applied.
29893 * interpreter/Interpreter.cpp: Let the true code bomb begin!
29895 (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
29896 and not eval()'s caller frame. We no longer leave the CallFrame pointing
29897 to eval()'s caller during a call to eval(), since that is not standard.
29899 (JSC::loadVarargs): Factored out a shared helper function for use by JIT
29900 and interpreter because half the code means one quarter the bugs -- in my
29901 programming, at least.
29903 (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
29905 (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
29906 putDirect, because it got in the way of my testing. (When putting a
29907 function, the cached base of a PutPropertySlot can be 0 to signify "do
29910 op_call_eval: Updated for new, standard eval calling convention.
29912 op_load_varargs: Merged op_load_varargs into op_call_varargs.
29914 op_call_varags: Updated for new, standard eval calling convention. Don't
29915 check for stack overflow because the loadVarargs helper function already
29918 * interpreter/Interpreter.h:
29919 (JSC::Interpreter::execute): Headers are fun and educational!
29921 * interpreter/RegisterFile.cpp:
29922 (JSC::RegisterFile::growSlowCase):
29923 * interpreter/RegisterFile.h:
29924 (JSC::RegisterFile::grow): Factored out the slow case into a slow
29925 case because it was cramping the style of my fast case.
29928 (JSC::JIT::privateCompile): Moved initialization of
29929 RegisterFile::CodeBlock to make it more obvious when debugging. Removed
29930 assumption that argument count is in regT1, as above. Removed call to
29931 restoreArgumentReference() because the JITStubCall abstraction does this for us.
29933 (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
29936 * jit/JITCall32_64.cpp:
29937 (JSC::JIT::emitSlow_op_call):
29938 (JSC::JIT::emitSlow_op_call_eval):
29939 (JSC::JIT::emitSlow_op_call_varargs):
29940 (JSC::JIT::emitSlow_op_construct):
29941 (JSC::JIT::emit_op_call_eval):
29942 (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
29943 Don't count call_eval when accounting for linkable function calls because
29944 eval doesn't link. (Its fast path is to perform the eval.)
29946 (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
29947 to our new calling convention. The key to this optimization is the
29948 observation that, in a function that declares no arguments, if any
29949 arguments are passed, they all end up right behind 'this'.
29951 (JSC::JIT::compileCallEval):
29952 (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
29954 (JSC::JIT::compileOpCall):
29955 (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
29956 this is the whole point of my patch. The caller now unconditionally moves
29957 the CallFrame forward and fills in the data it knows before taking any
29958 branches to deal with weird caller/callee pairs.
29960 This also means that there is almost no slow path for calls -- it all
29961 gets folded into the shared virtual call stub. The only things remaining
29962 in the slow path are the rare case counter and a call to the stub.
29964 * jit/JITOpcodes32_64.cpp:
29965 (JSC::JIT::privateCompileCTIMachineTrampolines):
29966 (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
29967 different registers or in memory, based on our new standard calling
29970 Added a shared path for calling out to CTI helper functions for non-JS
29973 * jit/JITPropertyAccess32_64.cpp:
29974 (JSC::JIT::emit_op_method_check): method_check emits its own code and
29975 the following get_by_id's code, so it needs to add both when informing
29976 result chaining of its result. This is important because the standard
29977 calling convention can now take advantage of this chaining.
29980 (JSC::JIT::compileLoadVarargs):
29981 (JSC::JIT::compileCallEval):
29982 (JSC::JIT::compileCallEvalSlowCase):
29983 (JSC::JIT::compileOpCall):
29984 (JSC::JIT::compileOpCallSlowCase):
29985 * jit/JITOpcodes.cpp:
29986 (JSC::JIT::privateCompileCTIMachineTrampolines):
29987 (JSC::JIT::emit_op_call_eval):
29988 (JSC::JIT::emit_op_call_varargs):
29989 (JSC::JIT::emitSlow_op_call):
29990 (JSC::JIT::emitSlow_op_call_eval):
29991 (JSC::JIT::emitSlow_op_call_varargs):
29992 (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
29993 second time, now with 64 bits.
29995 * jit/JITStubs.cpp:
29996 (JSC::throwExceptionFromOpCall):
29997 (JSC::jitCompileFor):
29998 (JSC::arityCheckFor):
29999 (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
30000 Exceptions thrown in the middle of a function call now use a shared helper
30001 function (throwExceptionFromOpCall). This function understands that the
30002 CallFrame currently points to the callEE, and the exception must be
30003 thrown by the callER. (The old calling convention would often still have
30004 the CallFrame pointing at the callER at the point of an exception. That
30005 is not the way of our new, standard calling convention.)
30007 (JSC::op_call_eval): Finish standard CallFrame setup before calling
30008 our eval helper function, which now depends on that setup.
30010 * runtime/Arguments.h:
30011 (JSC::Arguments::length): Renamed numProvidedArguments() to length()
30012 because that's what other objects call it, and the difference made our
30013 new loadVarargs helper function hard to read.
30015 * runtime/Executable.cpp:
30016 (JSC::FunctionExecutable::compileForCallInternal):
30017 (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
30020 * runtime/FunctionPrototype.cpp:
30021 (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
30022 the .apply call_varargs optimization fails. (This bug appears on layout
30023 tests when you disable the optimization.)
30025 2011-11-11 Jer Noble <jer.noble@apple.com>
30027 Implement MediaController.
30028 https://bugs.webkit.org/show_bug.cgi?id=71408
30030 Reviewed by Eric Carlson.
30032 Change the definition of WTF_USE_COREAUDIO to exclude Windows completely, as
30033 CoreAudioClock.h is not available there.
30037 2011-11-14 Patrick Gansterer <paroga@webkit.org>
30039 [WIN] Remove dependency on pthread from FastMalloc
30040 https://bugs.webkit.org/show_bug.cgi?id=72098
30042 Reviewed by Adam Roben.
30044 All pthread calls are already ported to native Windows calls.
30045 Use the native version for all OS(WINDOWS) to remove the
30046 runtime dependency on the pthread dll.
30048 * wtf/FastMalloc.cpp:
30050 2011-11-14 Simon Hausmann <simon.hausmann@nokia.com>
30052 [Qt] Replace use of QApplication with QGuiApplication.
30054 Reviewed by Tor Arne Vestbø.
30056 * wtf/qt/compat/qguiapplication.h:
30057 (QGuiApplication::styleHints): Introduce styleHints wrapper hack.
30059 2011-11-14 Carlos Garcia Campos <cgarcia@igalia.com>
30061 Unreviewed. Fix make distcheck build.
30063 * GNUmakefile.list.am: Add missing files.
30065 2011-11-11 Yury Semikhatsky <yurys@chromium.org>
30067 Web Inspector: function remote objetct should provide access to function position in the script
30068 https://bugs.webkit.org/show_bug.cgi?id=71808
30070 Exposed accessor for function source code.
30072 Reviewed by Pavel Feldman.
30074 * JavaScriptCore.exp:
30075 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
30076 * runtime/JSFunction.cpp:
30077 (JSC::JSFunction::sourceCode):
30078 * runtime/JSFunction.h:
30080 2011-11-13 Yuqiang Xian <yuqiang.xian@intel.com>
30082 Fix silent spilling/filling GPRs in DFG 32_64
30083 https://bugs.webkit.org/show_bug.cgi?id=72201
30085 Reviewed by Gavin Barraclough.
30087 Current silentSpillGPR/silentFillGPR may not work as expected for some
30088 cases in 32_64. If there's a JSValue which was retained by two GPRs,
30089 we may end up failing to spill/fill some GPRs or redundantly
30090 spilling/filling some GPRs. For example, if we tend to exclude "eax"
30091 from spilling while a JSValue is retained by both "eax" and "edx",
30092 then "edx" won't be spilled as well (wrong). And if another JSValue is
30093 retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
30094 twice. The similar problem applies to silentFillGPR.
30095 The fix is to make silentSpillGPR/silentFillGPR more straightforward,
30096 i.e., spilling/filling based on the GPR instead of the virtual
30097 register. FPR spilling/filling is also modified accordingly to make it
30098 consistent with GPR spilling/filling.
30100 * dfg/DFGJITCodeGenerator.h:
30101 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
30102 (JSC::DFG::JITCodeGenerator::silentSpillFPR):
30103 (JSC::DFG::JITCodeGenerator::silentFillGPR):
30104 (JSC::DFG::JITCodeGenerator::silentFillFPR):
30105 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
30106 (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
30108 2011-11-12 Laszlo Gombos <laszlo.1.gombos@nokia.com>
30110 [Qt][Symbian] Remove support for WINSCW compiler
30111 https://bugs.webkit.org/show_bug.cgi?id=70178
30113 Reviewed by Chang Shu.
30115 * API/JSStringRef.h:
30116 * create_hash_table: Revert r45553.
30117 * runtime/JSGlobalData.cpp: Revert r45553.
30118 * runtime/LiteralParser.cpp: Remove WINSCW comment.
30119 (JSC::LiteralParser::Lexer::lexString):
30120 * runtime/Lookup.h: Revert r45553.
30121 * runtime/Structure.h: Revert r48461.
30123 * wtf/Assertions.h: Revert r52337.
30125 * wtf/ListRefPtr.h: Revert r48988.
30126 (WTF::ListRefPtr::~ListRefPtr):
30127 * wtf/OwnArrayPtr.h: Revert r45911.
30128 (WTF::OwnArrayPtr::operator UnspecifiedBoolType):
30129 * wtf/PassOwnArrayPtr.h:
30130 (WTF::PassOwnArrayPtr::operator UnspecifiedBoolType):
30131 * wtf/PassRefPtr.h:
30132 * wtf/StaticConstructors.h:
30133 * wtf/unicode/qt4/UnicodeQt4.h:
30135 2011-11-12 Patrick Gansterer <paroga@webkit.org>
30137 Unreviewed. Add ENABLE(DFG_JIT) around DFGCorrectableJumpPoint code.
30139 * dfg/DFGCorrectableJumpPoint.cpp:
30140 * dfg/DFGCorrectableJumpPoint.h:
30142 2011-11-12 Patrick Gansterer <paroga@webkit.org>
30144 [CMake] Move list of DFG source files into correct file
30145 https://bugs.webkit.org/show_bug.cgi?id=72212
30147 Reviewed by Daniel Bates.
30149 The DFG files are platform independent. So move them from
30150 the EFL specific file into the general CMakeLists.txt.
30153 * PlatformEfl.cmake:
30155 2011-11-12 Patrick Gansterer <paroga@webkit.org>
30157 Fix "unused variable" warning in JSLock
30158 https://bugs.webkit.org/show_bug.cgi?id=72213
30160 Reviewed by Anders Carlsson.
30162 Use ASSERT_UNUSED() instead of ASSERT() to make sure
30163 that the variable is also used in the release build.
30165 * runtime/JSLock.cpp:
30166 (JSC::JSLock::lock):
30167 (JSC::JSLock::unlock):
30169 2011-11-11 Gavin Barraclough <barraclough@apple.com>
30171 Update iOS compiler version.
30173 Reviewed by David Kilzer.
30175 * Configurations/CompilerVersion.xcconfig:
30176 - Update compiler version.
30178 2011-11-11 Gavin Barraclough <barraclough@apple.com>
30180 Update iOS port's configuration setting, particularly in Platform.h
30181 https://bugs.webkit.org/show_bug.cgi?id=72187
30183 Reviewed by David Kilzer.
30185 * interpreter/Interpreter.h:
30186 - Lower the reentry depth.
30187 * runtime/DatePrototype.cpp:
30188 - iOS also uses CF.
30189 * wtf/FastMalloc.cpp:
30190 (WTF::TCMalloc_PageHeap::IncrementalScavenge):
30191 - Update fastmalloc configuration for iOS.
30192 * wtf/OSAllocatorPosix.cpp:
30193 (WTF::OSAllocator::reserveAndCommit):
30196 - Update platform configuration for iOS.
30198 2011-11-11 David Kilzer <ddkilzer@apple.com>
30200 Only define BUILDING_ON_* and TARGETING_* macros when building for Mac OS X
30201 <http://webkit.org/b/72175>
30203 Reviewed by Joseph Pecoraro.
30205 * wtf/Platform.h: Move the definition of the BUILDING_ON_* and
30206 TARGETING_* macros to where the WTF_OS_MAC_OS_X macro is defined
30207 so that they're only defined on Mac OS X builds. Also include
30208 Availability.h, which is needed on iOS builds.
30210 2011-11-11 Darin Adler <darin@apple.com>
30212 Remove all releaseRef implementations except for RetainPtr
30213 https://bugs.webkit.org/show_bug.cgi?id=71423
30215 Reviewed by Julien Chaffraix.
30217 * API/JSRetainPtr.h: Removed releaseRef.
30218 * wtf/PassRefPtr.h: Removed releaseRef.
30220 2011-11-11 Darin Adler <darin@apple.com>
30222 * JavaScriptCore.xcodeproj/project.pbxproj: Let a newer Xcode update this file.
30223 If an older Xcode downgrades this file and we have a risk of some kind of
30224 oscillating commit situation, please contact me so I know not to do this again.
30226 2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
30228 Add jsCast to replace static_cast
30229 https://bugs.webkit.org/show_bug.cgi?id=72071
30231 Reviewed by Geoffrey Garen.
30233 Added new jsCast and changed all of the static_cast sites in functions that
30234 are in the MethodTable to use jsCast instead.
30236 * API/JSCallbackFunction.cpp:
30237 (JSC::JSCallbackFunction::toStringCallback):
30238 (JSC::JSCallbackFunction::valueOfCallback):
30239 * API/JSCallbackObject.h:
30240 (JSC::JSCallbackObject::visitChildren):
30241 * API/JSCallbackObjectFunctions.h:
30242 (JSC::::className):
30243 (JSC::::getOwnPropertySlot):
30244 (JSC::::getOwnPropertyDescriptor):
30246 (JSC::::deleteProperty):
30247 (JSC::::deletePropertyByIndex):
30248 (JSC::::getConstructData):
30249 (JSC::::hasInstance):
30250 (JSC::::getCallData):
30251 (JSC::::getOwnPropertyNames):
30252 * debugger/DebuggerActivation.cpp:
30253 (JSC::DebuggerActivation::visitChildren):
30254 (JSC::DebuggerActivation::className):
30255 (JSC::DebuggerActivation::getOwnPropertySlot):
30256 (JSC::DebuggerActivation::put):
30257 (JSC::DebuggerActivation::putWithAttributes):
30258 (JSC::DebuggerActivation::deleteProperty):
30259 (JSC::DebuggerActivation::getOwnPropertyNames):
30260 (JSC::DebuggerActivation::getOwnPropertyDescriptor):
30261 (JSC::DebuggerActivation::defineGetter):
30262 (JSC::DebuggerActivation::defineSetter):
30263 * runtime/Arguments.cpp:
30264 (JSC::Arguments::visitChildren):
30265 (JSC::Arguments::getOwnPropertySlotByIndex):
30266 (JSC::Arguments::getOwnPropertySlot):
30267 (JSC::Arguments::getOwnPropertyDescriptor):
30268 (JSC::Arguments::getOwnPropertyNames):
30269 (JSC::Arguments::putByIndex):
30270 (JSC::Arguments::put):
30271 (JSC::Arguments::deletePropertyByIndex):
30272 (JSC::Arguments::deleteProperty):
30273 * runtime/ArrayConstructor.cpp:
30274 (JSC::ArrayConstructor::getOwnPropertySlot):
30275 (JSC::ArrayConstructor::getOwnPropertyDescriptor):
30276 * runtime/ArrayPrototype.cpp:
30277 (JSC::ArrayPrototype::getOwnPropertySlot):
30278 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
30279 * runtime/BooleanPrototype.cpp:
30280 (JSC::BooleanPrototype::getOwnPropertySlot):
30281 (JSC::BooleanPrototype::getOwnPropertyDescriptor):
30282 * runtime/DateConstructor.cpp:
30283 (JSC::DateConstructor::getOwnPropertySlot):
30284 (JSC::DateConstructor::getOwnPropertyDescriptor):
30285 * runtime/DatePrototype.cpp:
30286 (JSC::DatePrototype::getOwnPropertySlot):
30287 (JSC::DatePrototype::getOwnPropertyDescriptor):
30288 * runtime/ErrorPrototype.cpp:
30289 (JSC::ErrorPrototype::getOwnPropertySlot):
30290 (JSC::ErrorPrototype::getOwnPropertyDescriptor):
30291 * runtime/Executable.cpp:
30292 (JSC::ExecutableBase::clearCode):
30293 (JSC::EvalExecutable::visitChildren):
30294 (JSC::ProgramExecutable::visitChildren):
30295 (JSC::FunctionExecutable::visitChildren):
30296 * runtime/GetterSetter.cpp:
30297 (JSC::GetterSetter::visitChildren):
30298 * runtime/JSActivation.cpp:
30299 (JSC::JSActivation::visitChildren):
30300 (JSC::JSActivation::getOwnPropertyNames):
30301 (JSC::JSActivation::getOwnPropertySlot):
30302 (JSC::JSActivation::put):
30303 (JSC::JSActivation::putWithAttributes):
30304 * runtime/JSArray.cpp:
30305 (JSC::JSArray::getOwnPropertySlotByIndex):
30306 (JSC::JSArray::getOwnPropertySlot):
30307 (JSC::JSArray::getOwnPropertyDescriptor):
30308 (JSC::JSArray::put):
30309 (JSC::JSArray::putByIndex):
30310 (JSC::JSArray::deleteProperty):
30311 (JSC::JSArray::deletePropertyByIndex):
30312 (JSC::JSArray::getOwnPropertyNames):
30313 (JSC::JSArray::visitChildren):
30314 * runtime/JSBoundFunction.cpp:
30315 (JSC::JSBoundFunction::hasInstance):
30316 (JSC::JSBoundFunction::visitChildren):
30317 * runtime/JSByteArray.cpp:
30318 (JSC::JSByteArray::getOwnPropertySlot):
30319 (JSC::JSByteArray::getOwnPropertyDescriptor):
30320 (JSC::JSByteArray::getOwnPropertySlotByIndex):
30321 (JSC::JSByteArray::put):
30322 (JSC::JSByteArray::putByIndex):
30323 (JSC::JSByteArray::getOwnPropertyNames):
30324 * runtime/JSCell.h:
30325 (JSC::JSCell::visitChildren):
30327 * runtime/JSFunction.cpp:
30328 (JSC::JSFunction::visitChildren):
30329 (JSC::JSFunction::getCallData):
30330 (JSC::JSFunction::getOwnPropertySlot):
30331 (JSC::JSFunction::getOwnPropertyDescriptor):
30332 (JSC::JSFunction::getOwnPropertyNames):
30333 (JSC::JSFunction::put):
30334 (JSC::JSFunction::deleteProperty):
30335 (JSC::JSFunction::getConstructData):
30336 * runtime/JSGlobalData.cpp:
30337 (JSC::StackPreservingRecompiler::operator()):
30338 * runtime/JSGlobalObject.cpp:
30339 (JSC::JSGlobalObject::put):
30340 (JSC::JSGlobalObject::putWithAttributes):
30341 (JSC::JSGlobalObject::defineGetter):
30342 (JSC::JSGlobalObject::defineSetter):
30343 (JSC::JSGlobalObject::visitChildren):
30344 (JSC::JSGlobalObject::getOwnPropertySlot):
30345 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
30346 (JSC::JSGlobalObject::clearRareData):
30347 * runtime/JSGlobalThis.cpp:
30348 (JSC::JSGlobalThis::visitChildren):
30349 * runtime/JSONObject.cpp:
30350 (JSC::JSONObject::getOwnPropertySlot):
30351 (JSC::JSONObject::getOwnPropertyDescriptor):
30352 * runtime/JSObject.cpp:
30353 (JSC::JSObject::finalize):
30354 (JSC::JSObject::visitChildren):
30355 (JSC::JSObject::getOwnPropertySlotByIndex):
30356 (JSC::JSObject::put):
30357 (JSC::JSObject::putByIndex):
30358 (JSC::JSObject::deleteProperty):
30359 (JSC::JSObject::deletePropertyByIndex):
30360 * runtime/JSObject.h:
30361 (JSC::JSObject::getOwnPropertySlot):
30362 * runtime/JSPropertyNameIterator.cpp:
30363 (JSC::JSPropertyNameIterator::visitChildren):
30364 * runtime/JSStaticScopeObject.cpp:
30365 (JSC::JSStaticScopeObject::visitChildren):
30366 (JSC::JSStaticScopeObject::put):
30367 (JSC::JSStaticScopeObject::putWithAttributes):
30368 (JSC::JSStaticScopeObject::getOwnPropertySlot):
30369 * runtime/JSString.cpp:
30370 (JSC::JSString::visitChildren):
30371 (JSC::JSString::toThisObject):
30372 (JSC::JSString::getOwnPropertySlot):
30373 (JSC::JSString::getOwnPropertySlotByIndex):
30374 * runtime/JSVariableObject.cpp:
30375 (JSC::JSVariableObject::deleteProperty):
30376 (JSC::JSVariableObject::getOwnPropertyNames):
30377 * runtime/JSWrapperObject.cpp:
30378 (JSC::JSWrapperObject::visitChildren):
30379 * runtime/MathObject.cpp:
30380 (JSC::MathObject::getOwnPropertySlot):
30381 (JSC::MathObject::getOwnPropertyDescriptor):
30382 * runtime/NativeErrorConstructor.cpp:
30383 (JSC::NativeErrorConstructor::visitChildren):
30384 * runtime/NumberConstructor.cpp:
30385 (JSC::NumberConstructor::getOwnPropertySlot):
30386 (JSC::NumberConstructor::getOwnPropertyDescriptor):
30387 * runtime/NumberPrototype.cpp:
30388 (JSC::NumberPrototype::getOwnPropertySlot):
30389 (JSC::NumberPrototype::getOwnPropertyDescriptor):
30390 * runtime/ObjectConstructor.cpp:
30391 (JSC::ObjectConstructor::getOwnPropertySlot):
30392 (JSC::ObjectConstructor::getOwnPropertyDescriptor):
30393 * runtime/ObjectPrototype.cpp:
30394 (JSC::ObjectPrototype::put):
30395 (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
30396 (JSC::ObjectPrototype::getOwnPropertySlot):
30397 (JSC::ObjectPrototype::getOwnPropertyDescriptor):
30398 * runtime/RegExpConstructor.cpp:
30399 (JSC::RegExpConstructor::getOwnPropertySlot):
30400 (JSC::RegExpConstructor::getOwnPropertyDescriptor):
30401 (JSC::RegExpConstructor::put):
30402 * runtime/RegExpMatchesArray.h:
30403 (JSC::RegExpMatchesArray::getOwnPropertySlot):
30404 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
30405 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
30406 (JSC::RegExpMatchesArray::put):
30407 (JSC::RegExpMatchesArray::putByIndex):
30408 (JSC::RegExpMatchesArray::deleteProperty):
30409 (JSC::RegExpMatchesArray::deletePropertyByIndex):
30410 (JSC::RegExpMatchesArray::getOwnPropertyNames):
30411 * runtime/RegExpObject.cpp:
30412 (JSC::RegExpObject::visitChildren):
30413 (JSC::RegExpObject::getOwnPropertySlot):
30414 (JSC::RegExpObject::getOwnPropertyDescriptor):
30415 (JSC::RegExpObject::put):
30416 * runtime/RegExpPrototype.cpp:
30417 (JSC::RegExpPrototype::getOwnPropertySlot):
30418 (JSC::RegExpPrototype::getOwnPropertyDescriptor):
30419 * runtime/ScopeChain.cpp:
30420 (JSC::ScopeChainNode::visitChildren):
30421 * runtime/StringConstructor.cpp:
30422 (JSC::StringConstructor::getOwnPropertySlot):
30423 (JSC::StringConstructor::getOwnPropertyDescriptor):
30424 * runtime/StringObject.cpp:
30425 (JSC::StringObject::getOwnPropertySlot):
30426 (JSC::StringObject::getOwnPropertySlotByIndex):
30427 (JSC::StringObject::getOwnPropertyDescriptor):
30428 (JSC::StringObject::deleteProperty):
30429 (JSC::StringObject::getOwnPropertyNames):
30430 * runtime/StringPrototype.cpp:
30431 (JSC::StringPrototype::getOwnPropertySlot):
30432 (JSC::StringPrototype::getOwnPropertyDescriptor):
30433 * runtime/Structure.cpp:
30434 (JSC::Structure::visitChildren):
30435 * runtime/StructureChain.cpp:
30436 (JSC::StructureChain::visitChildren):
30438 2011-11-11 Gavin Barraclough <barraclough@apple.com>
30440 Enable DFG JIT for ARMv7/iOS.
30442 Rubber stamped by Oliver Hunt.
30445 - enable DFG JIT for ARMv7/iOS.
30447 2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
30449 De-virtualize supportsProfiling, supportsRichSourceInfo, shouldInterruptScript in JSGlobalObject
30450 https://bugs.webkit.org/show_bug.cgi?id=72035
30452 Reviewed by Geoffrey Garen.
30454 De-virtualized the methods through the use of a new method table just for JSGlobalObject and subclasses.
30456 * JavaScriptCore.exp:
30457 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
30458 * bytecompiler/BytecodeGenerator.cpp: Changed call sites to use the new GlobalObjectMethodTable.
30459 (JSC::BytecodeGenerator::BytecodeGenerator):
30460 * interpreter/Interpreter.cpp: Ditto.
30461 (JSC::Interpreter::execute):
30462 * runtime/JSGlobalObject.cpp: Added a static const GlobalObjectMethodTable with the correct function pointers.
30463 * runtime/JSGlobalObject.h: Added a field in JSGlobalObject to keep track of the current method table.
30464 (JSC::JSGlobalObject::JSGlobalObject):
30465 (JSC::JSGlobalObject::globalObjectMethodTable): The new struct to contain the function pointers.
30466 (JSC::JSGlobalObject::supportsProfiling): Made static to put in the method table.
30467 (JSC::JSGlobalObject::supportsRichSourceInfo): Ditto.
30468 (JSC::JSGlobalObject::shouldInterruptScript): Ditto.
30469 * runtime/TimeoutChecker.cpp: Changed call sites to use the new GlobalObjectMethodTable for lookup.
30470 (JSC::TimeoutChecker::didTimeOut):
30472 2011-11-11 Mark Hahnenberg <mhahnenberg@apple.com>
30474 De-virtualize JSGlobalObject::allowsAccessFrom
30475 https://bugs.webkit.org/show_bug.cgi?id=71969
30477 Reviewed by Darin Adler.
30479 * runtime/JSGlobalObject.h: Removed allowsAccessFrom from JSGlobalObject since it is exclusive to
30480 JSDOMWindowBase and WebScriptObject.
30482 2011-11-11 Sheriff Bot <webkit.review.bot@gmail.com>
30484 Unreviewed, rolling out r99950.
30485 http://trac.webkit.org/changeset/99950
30486 https://bugs.webkit.org/show_bug.cgi?id=72117
30488 "Landed wrong patch by mistake" (Requested by yurys on
30491 * JavaScriptCore.exp:
30492 * runtime/JSFunction.cpp:
30493 * runtime/JSFunction.h:
30495 2011-11-11 Patrick Gansterer <paroga@webkit.org>
30497 Unreviewed. Build fix for !ENABLE(JIT) after r99898.
30499 * bytecode/CodeBlock.cpp:
30500 (JSC::CodeBlock::CodeBlock):
30502 2011-11-10 Dan Bernstein <mitz@apple.com>
30504 Disabling assertions breaks the debug build
30505 https://bugs.webkit.org/show_bug.cgi?id=72091
30507 Reviewed by Geoff Garen.
30509 * dfg/DFGNode.h: Made hasIdentifier() available when assertions are
30510 disabled. It is used in Graph::dump().
30511 * runtime/JSObject.cpp:
30512 (JSC::JSObject::visitChildren): Update m_isCheckingForDefaultMarkViolation
30513 only if assertions are enabled.
30515 (WTF::::checkIndexValidity): Changed ASSERT to ASSERT_UNUSED.
30516 * wtf/ThreadRestrictionVerifier.h:
30517 (WTF::ThreadRestrictionVerifier::setShared): Guarded the definition of
30518 a local variable that is only used in an assertion.
30520 2011-11-10 Filip Pizlo <fpizlo@apple.com>
30522 JSString forgets to clear m_fibers when resolving ropes
30523 https://bugs.webkit.org/show_bug.cgi?id=72089
30525 Reviewed by Geoff Garen.
30527 * runtime/JSString.cpp:
30528 (JSC::JSString::resolveRopeSlowCase):
30530 2011-11-09 Filip Pizlo <fpizlo@apple.com>
30532 DFG byte array support sometimes clamps values incorrectly
30533 https://bugs.webkit.org/show_bug.cgi?id=71975
30535 Reviewed by Oliver Hunt.
30537 * dfg/DFGSpeculativeJIT.cpp:
30538 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
30540 2011-11-10 Filip Pizlo <fpizlo@apple.com>
30542 ValueProfile/PredictedType contains dead code, and doesn't recognize functions
30543 https://bugs.webkit.org/show_bug.cgi?id=72065
30545 Reviewed by Gavin Barraclough and Geoff Garen.
30547 Added PredictFunction support, and did some cleaning up along the way.
30548 ValueProfile no longer has statistics machinery, because we never used
30549 it. Rearranged some bits in PredictedType to more easily make room for
30550 one more object type. Changed some debug code to use more consistent
30551 conventions (ByteArray becomes Bytearray so that if we ever have a
30552 "Byte" prediction we don't get confused between a prediction that is
30553 the union of Byte and Array and a prediction that indicates precisely
30556 * bytecode/PredictedType.cpp:
30557 (JSC::predictionToString):
30558 (JSC::predictionFromClassInfo):
30559 * bytecode/PredictedType.h:
30560 (JSC::isFunctionPrediction):
30561 * bytecode/ValueProfile.cpp:
30562 * bytecode/ValueProfile.h:
30563 (JSC::ValueProfile::dump):
30564 * dfg/DFGAbstractState.cpp:
30565 (JSC::DFG::AbstractState::execute):
30566 * dfg/DFGPropagator.cpp:
30567 (JSC::DFG::Propagator::propagateNodePredictions):
30569 2011-11-10 David Kilzer <ddkilzer@apple.com>
30571 <http://webkit.org/b/72049> Specify testapi.js install path using JAVASCRIPTCORE_FRAMEWORKS_DIR
30573 Reviewed by Joseph Pecoraro.
30575 * JavaScriptCore.xcodeproj/project.pbxproj: The testapi.js
30576 script should use JAVASCRIPTCORE_FRAMEWORKS_DIR in its dstPath
30577 for installation. Also removed "Versions/A/" from the path
30578 since this is unneeded due the default symlinks present in the
30581 2011-11-10 Gavin Barraclough <barraclough@apple.com>
30583 Add ARMv7 support to the DFG JIT
30584 https://bugs.webkit.org/show_bug.cgi?id=72061
30586 Reviewed by Geoff Garen.
30588 * dfg/DFGAssemblyHelpers.h:
30589 (JSC::DFG::AssemblyHelpers::preserveReturnAddressAfterCall):
30590 (JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):
30591 (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
30592 (JSC::DFG::AssemblyHelpers::boxDouble):
30593 (JSC::DFG::AssemblyHelpers::unboxDouble):
30594 - Add CPU(ARM) copies of these functions.
30595 * dfg/DFGJITCodeGenerator.h:
30596 (JSC::DFG::JITCodeGenerator::spill):
30597 - Fix matching of '}' re #if blocks, makes some tools happy.
30598 (JSC::DFG::JITCodeGenerator::setupArguments):
30599 (JSC::DFG::JITCodeGenerator::setupArgumentsWithExecState):
30600 (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheckSetResult):
30601 (JSC::DFG::JITCodeGenerator::appendCallSetResult):
30602 - Add CPU(ARM) / 4 argument register copies of these functions.
30603 * dfg/DFGJITCodeGenerator32_64.cpp:
30604 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
30605 - Should use callOperation to plant a call to a DFG_OPERATION.
30606 (JSC::DFG::JITCodeGenerator::cachedGetById):
30607 (JSC::DFG::JITCodeGenerator::cachedPutById):
30608 - These methods need to plant a relinkable jump; we currently do so
30609 using beginUninterruptedSequence() / endUninterruptedSequence().
30610 * dfg/DFGJITCodeGenerator64.cpp:
30611 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
30612 - Should use callOperation to plant a call to a DFG_OPERATION.
30613 * dfg/DFGJITCompiler.cpp:
30614 (JSC::DFG::JITCompiler::linkOSRExits):
30615 - This method needs to plant a relinkable jump; we currently do so
30616 using beginUninterruptedSequence() / endUninterruptedSequence().
30617 (JSC::DFG::JITCompiler::compileBody):
30618 - Add abstraction to retrieve the pc after a call.
30619 * dfg/DFGOSRExitCompiler.cpp:
30620 - Fix a bug - CodeLocationLabel needs a data address rather than an
30621 executable one, but can just take a MacroAssemblerCodePtr instead!
30622 * dfg/DFGOperations.cpp:
30623 * dfg/DFGSpeculativeJIT.cpp:
30624 (JSC::DFG::compileClampDoubleToByte):
30625 - Add FIXME comment to come back to! - bug#72054.
30626 * dfg/DFGSpeculativeJIT.h:
30627 (JSC::DFG::SpeculativeJIT::speculationCheck):
30628 - Add missing method (ooops, required by bug#72047)
30629 * dfg/DFGSpeculativeJIT32_64.cpp:
30630 - Need to wrap fmod on ARMv7.
30633 2011-11-10 Filip Pizlo <fpizlo@apple.com>
30635 DFG should not reparse code that was just parsed
30636 https://bugs.webkit.org/show_bug.cgi?id=71977
30638 Reviewed by Geoff Garen.
30640 The instruction stream of a code block is now kept around until
30641 the next GC. When doing either an optimizing compilation of an
30642 executable, or inlining of an executable, we now try to find the
30643 already preexisting bytecode. If we find it, we don't have to parse.
30644 If we don't find it, we parse as before. Inlining takes the extra
30645 step of caching code blocks, so if the same executable gets inlined
30646 multiple times into the same caller, then we parse it at most once
30647 even if prior to inlining that executable did not have any code
30648 blocks with an instruction stream.
30650 Also fixed a silly bug where the strict mode for various operations
30651 was being determined by looking at the machine code block rather
30654 To enable the delete-on-next-GC policy, I introduced the notion
30655 of an ultra weak finalizer, which anyone can register during
30656 tracing. This is thread-safe (for parallel GC) and
30657 stop-the-world-safe (so calls to free() are postponed until the
30658 world is resumed). This required reusing some facilities previously
30659 created for WeakReferenceHarvester, so I created a common utility
30660 class. I also retweaked the handling of WeakReferenceHarvesters,
30661 since they should be executed during stop-the-world since in the
30662 future we may want to allow them to call drain().
30664 2% win on SunSpider. 2% win on V8, when run in my harness. Neutral
30667 * JavaScriptCore.xcodeproj/project.pbxproj:
30668 * bytecode/CodeBlock.cpp:
30669 (JSC::CodeBlock::CodeBlock):
30670 (JSC::CodeBlock::visitAggregate):
30671 (JSC::CodeBlock::copyPostParseDataFrom):
30672 (JSC::CodeBlock::copyPostParseDataFromAlternative):
30673 (JSC::CodeBlock::finalizeUnconditionally):
30674 * bytecode/CodeBlock.h:
30675 (JSC::CodeBlock::canProduceCopyWithBytecode):
30676 (JSC::CodeBlock::discardBytecodeLater):
30677 (JSC::CodeBlock::handleBytecodeDiscardingOpportunity):
30678 (JSC::GlobalCodeBlock::GlobalCodeBlock):
30679 (JSC::ProgramCodeBlock::ProgramCodeBlock):
30680 (JSC::EvalCodeBlock::EvalCodeBlock):
30681 (JSC::FunctionCodeBlock::FunctionCodeBlock):
30682 (JSC::BytecodeDestructionBlocker::BytecodeDestructionBlocker):
30683 (JSC::BytecodeDestructionBlocker::~BytecodeDestructionBlocker):
30684 * dfg/DFGAssemblyHelpers.h:
30685 (JSC::DFG::AssemblyHelpers::strictModeFor):
30686 * dfg/DFGByteCodeCache.h: Added.
30687 (JSC::DFG::CodeBlockKey::CodeBlockKey):
30688 (JSC::DFG::CodeBlockKey::operator==):
30689 (JSC::DFG::CodeBlockKey::hash):
30690 (JSC::DFG::CodeBlockKey::executable):
30691 (JSC::DFG::CodeBlockKey::kind):
30692 (JSC::DFG::CodeBlockKey::isHashTableDeletedValue):
30693 (JSC::DFG::CodeBlockKeyHash::hash):
30694 (JSC::DFG::CodeBlockKeyHash::equal):
30695 (JSC::DFG::ByteCodeCache::ByteCodeCache):
30696 (JSC::DFG::ByteCodeCache::~ByteCodeCache):
30697 (JSC::DFG::ByteCodeCache::get):
30698 * dfg/DFGByteCodeParser.cpp:
30699 (JSC::DFG::ByteCodeParser::handleInlining):
30700 * dfg/DFGJITCodeGenerator32_64.cpp:
30701 (JSC::DFG::JITCodeGenerator::cachedPutById):
30702 * dfg/DFGJITCodeGenerator64.cpp:
30703 (JSC::DFG::JITCodeGenerator::cachedPutById):
30704 * dfg/DFGSpeculativeJIT64.cpp:
30705 (JSC::DFG::SpeculativeJIT::compile):
30707 (JSC::Heap::finalizeUnconditionally):
30708 (JSC::Heap::markRoots):
30709 (JSC::Heap::collect):
30711 * heap/ListableHandler.h: Added.
30712 (JSC::ListableHandler::ListableHandler):
30713 (JSC::ListableHandler::~ListableHandler):
30714 (JSC::ListableHandler::List::List):
30715 (JSC::ListableHandler::List::addNotThreadSafe):
30716 (JSC::ListableHandler::List::addThreadSafe):
30717 (JSC::ListableHandler::List::hasNext):
30718 (JSC::ListableHandler::List::removeNext):
30719 * heap/MarkStack.cpp:
30720 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
30721 (JSC::SlotVisitor::harvestWeakReferences):
30722 (JSC::SlotVisitor::finalizeUnconditionally):
30723 * heap/MarkStack.h:
30724 (JSC::MarkStack::addWeakReferenceHarvester):
30725 (JSC::MarkStack::addUnconditionalFinalizer):
30726 * heap/SlotVisitor.h:
30727 * heap/UnconditionalFinalizer.h: Added.
30728 (JSC::UnconditionalFinalizer::~UnconditionalFinalizer):
30729 * heap/WeakReferenceHarvester.h:
30730 (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
30731 (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
30732 * runtime/Executable.cpp:
30733 (JSC::EvalExecutable::compileInternal):
30734 (JSC::ProgramExecutable::compileInternal):
30735 (JSC::FunctionExecutable::baselineCodeBlockFor):
30736 (JSC::FunctionExecutable::codeBlockWithBytecodeFor):
30737 (JSC::FunctionExecutable::produceCodeBlockFor):
30738 (JSC::FunctionExecutable::compileForCallInternal):
30739 (JSC::FunctionExecutable::compileForConstructInternal):
30740 * runtime/Executable.h:
30741 (JSC::FunctionExecutable::profiledCodeBlockFor):
30743 2011-11-10 Gavin Barraclough <barraclough@apple.com>
30745 Add ARMv7 register info for the DFG JIT
30746 https://bugs.webkit.org/show_bug.cgi?id=72050
30748 Reviewed by Geoff Garen.
30750 * dfg/DFGFPRInfo.h:
30751 (JSC::DFG::FPRInfo::toRegister):
30752 (JSC::DFG::FPRInfo::toIndex):
30753 (JSC::DFG::FPRInfo::debugName):
30754 * dfg/DFGGPRInfo.h:
30755 (JSC::DFG::GPRInfo::toRegister):
30756 (JSC::DFG::GPRInfo::toIndex):
30757 (JSC::DFG::GPRInfo::debugName):
30759 2011-11-10 Gavin Barraclough <barraclough@apple.com>
30761 #ifdef CPU(X86) specific div/mod code in DFGSpeculativeJIT32_64
30762 https://bugs.webkit.org/show_bug.cgi?id=72047
30764 Reviewed by Geoff Garen.
30766 We currently don't attempt to abstract divide through the macro assembler,
30767 due to these instructions commonly having specific requirements. This means
30768 there is architecture specific code in the JIT - #ifdef it, and provide a
30769 common implementation.
30771 * dfg/DFGSpeculativeJIT32_64.cpp:
30772 (JSC::DFG::fmodAsDFGOperation):
30773 (JSC::DFG::SpeculativeJIT::compile):
30775 2011-11-10 Gavin Barraclough <barraclough@apple.com>
30777 Add ENABLE_VALUE_PROFILER support for ARMv7
30778 https://bugs.webkit.org/show_bug.cgi?id=72043
30780 Reviewed by Geoff Garen.
30782 This requires us to make a bucketCounterRegister available; to do so we'll need to spill more registers on entry to JIT code.
30784 * jit/JITArithmetic32_64.cpp:
30785 (JSC::JIT::emitSlow_op_mod):
30786 - cleanup location of UNUSED_PARAM
30787 * jit/JITStubs.cpp:
30788 (JSC::ctiTrampoline):
30789 (JSC::ctiVMThrowTrampoline):
30790 (JSC::ctiOpThrowNotCaught):
30791 (JSC::JITThunks::JITThunks):
30793 - Update JITStackFrame structure & asm code to spill more registers.
30794 * jit/JSInterfaceJIT.h:
30795 - Assign a bucketCounterRegister.
30797 2011-11-10 Gavin Barraclough <barraclough@apple.com>
30799 Fix sampling counters on ARMv7, move add64 functionality to macro assembler
30800 https://bugs.webkit.org/show_bug.cgi?id=72040
30802 Reviewed by Geoff Garen.
30804 The ability to add an integer to a uint64_t in memory is poorly copied in
30805 multiple places & ifdef'ed on architecture, addWithCarry32 is also a badly
30806 designed interface since add32 is not required to set flags (we have no
30807 concept of flags in the macro assembler interface).
30809 * assembler/MacroAssemblerARMv7.h:
30810 (JSC::MacroAssemblerARMv7::add64):
30811 * assembler/MacroAssemblerX86.h:
30812 (JSC::MacroAssemblerX86::add64):
30813 * assembler/MacroAssemblerX86_64.h:
30814 (JSC::MacroAssemblerX86_64::add64):
30815 * dfg/DFGAssemblyHelpers.cpp:
30816 * dfg/DFGAssemblyHelpers.h:
30817 (JSC::DFG::AssemblyHelpers::emitCount):
30818 * dfg/DFGJITCodeGenerator.cpp:
30819 (JSC::DFG::JITCodeGenerator::writeBarrier):
30821 * jit/JITInlineMethods.h:
30822 (JSC::JIT::emitCount):
30824 011-11-10 Ryuan Choi <ryuan.choi@samsung.com>
30826 [CMAKE] Refactoring CMakeLists${PORT}.txt to Platform${PORT}.cmake
30827 https://bugs.webkit.org/show_bug.cgi?id=56705
30829 Reviewed by Adam Roben.
30832 * PlatformEfl.cmake: Renamed from Source/JavaScriptCore/CMakeListsEfl.txt.
30833 * PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/CMakeListsWinCE.txt.
30834 * shell/CMakeLists.txt:
30835 * shell/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsEfl.txt.
30836 * shell/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/shell/CMakeListsWinCE.txt.
30837 * wtf/CMakeLists.txt:
30838 * wtf/PlatformEfl.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsEfl.txt.
30839 * wtf/PlatformWinCE.cmake: Renamed from Source/JavaScriptCore/wtf/CMakeListsWinCE.txt.
30841 2011-11-10 Carlos Garcia Campos <cgarcia@igalia.com>
30843 Unreviewed. Fix make distcheck build.
30845 * GNUmakefile.list.am: Add missing files.
30847 2011-11-09 Michael Saboff <msaboff@apple.com>
30849 Towards 8 Bit Strings: Templatize JSC::LiteralParser class by character type
30850 https://bugs.webkit.org/show_bug.cgi?id=71862
30852 Changed LiteralParser to be templatized of character type.
30854 Moved five enums out of class definition to work around a clang compiler defect.
30856 Added lexIdentifier templated method to break out character specific versions.
30857 Added static setParserTokenString templated method to handle setting approriately
30858 sized string pointer.
30860 To keep code in LiteralParser.cpp and keep LiteralParser.h small, the two
30861 flavors of LiteralParser are explicitly instantiated at the end of
30864 Reviewed by Oliver Hunt.
30866 * API/JSValueRef.cpp:
30867 (JSValueMakeFromJSONString):
30868 * JavaScriptCore.exp:
30869 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
30870 * interpreter/Interpreter.cpp:
30871 (JSC::Interpreter::callEval):
30872 (JSC::Interpreter::execute):
30873 * runtime/JSGlobalObjectFunctions.cpp:
30874 (JSC::globalFuncEval):
30875 * runtime/JSONObject.cpp:
30876 (JSC::JSONProtoFuncParse):
30877 * runtime/LiteralParser.cpp:
30878 (JSC::isJSONWhiteSpace):
30879 (JSC::::tryJSONPParse):
30880 (JSC::::makeIdentifier):
30881 (JSC::::Lexer::lex):
30882 (JSC::::Lexer::lexIdentifier):
30883 (JSC::::Lexer::next):
30886 (JSC::isSafeStringCharacter):
30887 (JSC::::Lexer::lexString):
30888 (JSC::::Lexer::lexNumber):
30890 * runtime/LiteralParser.h:
30891 (JSC::LiteralParser::LiteralParser):
30892 (JSC::LiteralParser::getErrorMessage):
30893 (JSC::LiteralParser::tryLiteralParse):
30894 (JSC::LiteralParser::Lexer::Lexer):
30895 (JSC::LiteralParser::Lexer::currentToken):
30896 (JSC::LiteralParser::Lexer::getErrorMessage):
30897 * runtime/UString.h:
30900 * wtf/text/StringBuilder.cpp:
30901 (WTF::StringBuilder::append):
30902 * wtf/text/StringBuilder.h:
30903 (WTF::StringBuilder::append):
30905 2011-11-09 Filip Pizlo <fpizlo@apple.com>
30907 Multiple CodeBlock should be able to share the same instruction
30908 stream without copying
30909 https://bugs.webkit.org/show_bug.cgi?id=71978
30911 Reviewed by Oliver Hunt.
30913 This refactors CodeBlock::m_instructions to be a Vector boxed in a
30914 ref-counted object, but otherwise does not take advantage of this.
30916 This is performance neutral.
30918 * bytecode/CodeBlock.cpp:
30919 (JSC::CodeBlock::printStructure):
30920 (JSC::CodeBlock::printStructures):
30921 (JSC::CodeBlock::dump):
30922 (JSC::CodeBlock::CodeBlock):
30923 (JSC::CodeBlock::visitAggregate):
30924 (JSC::CodeBlock::shrinkToFit):
30925 * bytecode/CodeBlock.h:
30926 (JSC::CodeBlock::hasInstructions):
30927 (JSC::CodeBlock::numberOfInstructions):
30928 (JSC::CodeBlock::instructions):
30932 2011-11-09 Gavin Barraclough <barraclough@apple.com>
30934 Renovate ARMv7 assembler/macro-assembler
30935 https://bugs.webkit.org/show_bug.cgi?id=71982
30937 Reviewed by Geoff Garen.
30940 * add support for strb (byte stores)
30941 * rename the VMOV_CtoS opcodes (there are currently backwards!)
30942 * add support for adc (add with carry)
30943 * add support for vsqrt, vabs
30944 * add support for vmov (between FPRs, and to/from GPR pairs).
30945 * remove '_F64' postfixes from instructions (these aren't helpful, functions can already be distinguished by their signatures).
30946 * rename vcvt_F64_S32 to vcvt_signedToFloatingPoint, the prior postfix was unhelpful in failing to distinguish the types (S32 indicates a single precision register, but the type could be float, int32, or uint32).
30947 * rename vcvtr_S32_F64 to vcvt_floatingPointToSigned, as for previous, also vcvtr was the incorrect name for the operation (the emitted instruction truncates).
30949 MacroAssemblerARMv7:
30950 * add 3-operand versions of and32, lshift32, or32, rshift32, urshift32, sub32, xor32,
30951 * add store8, and store32 imm to base-index.
30952 * fix load32WithCompactAddressOffsetPatch to work for all gprs (the fix is a little kludgy but functional; to do better we'll have to also fix the repatching code).
30953 * Update supportsFloating* flags (all features now supported).
30954 * add moveDouble, storeDouble to absolute address, addDouble to absolute address
30955 * add 3-operand double operations.
30956 * implement sqrtDouble/absDouble
30957 * add branchTruncateDoubleToInt32, implement truncateDoubleToInt32
30958 * move should do nothing if src == dest
30959 * branchTest8-on-memory can be implemented in terms of branchTest32-on-register (branchTest8-on-register has been removed).
30960 * add 3-operand branchAdd32, branchSub32, also branchAdd32 absolute address.
30962 2011-11-09 Gavin Barraclough <barraclough@apple.com>
30964 https://bugs.webkit.org/show_bug.cgi?id=71873
30966 Reviewed by Geoff Garen.
30968 Incrementally re-landing these changes, trying to determine what went wrong.
30969 (The whole patch failed tests on the build bot but worked locally.
30971 * dfg/DFGByteCodeParser.cpp:
30972 (JSC::DFG::ByteCodeParser::handleIntrinsic):
30974 2011-11-09 Filip Pizlo <fpizlo@apple.com>
30976 DFG OSR exit code should be lazily generated
30977 https://bugs.webkit.org/show_bug.cgi?id=71744
30979 Reviewed by Gavin Barraclough.
30981 The OSR exit code is now generated the first time it is executed,
30982 rather than right after speculative compilation. Because most OSR
30983 exits are never taken, this should greatly reduce both code size
30984 and compilation time.
30986 This is a 1% win on SunSpider, and a 1% win on V8 when running in
30987 my harness. No change in V8 in V8's harness (due to the long runs,
30988 so compile time is not an issue) and no change in Kraken (again,
30989 long runs of small code so compile time has no measurable effect).
30991 * CMakeListsEfl.txt:
30992 * GNUmakefile.list.am:
30993 * JavaScriptCore.xcodeproj/project.pbxproj:
30995 * assembler/AbstractMacroAssembler.h:
30996 * assembler/MacroAssemblerX86.h:
30997 (JSC::MacroAssemblerX86::jump):
30998 * assembler/MacroAssemblerX86_64.h:
30999 (JSC::MacroAssemblerX86_64::jump):
31000 * assembler/X86Assembler.h:
31001 (JSC::X86Assembler::jmp_m):
31002 * bytecode/CodeBlock.h:
31003 (JSC::CodeBlock::createDFGDataIfNecessary):
31004 (JSC::CodeBlock::appendDFGOSREntryData):
31005 (JSC::CodeBlock::numberOfDFGOSREntries):
31006 (JSC::CodeBlock::dfgOSREntryData):
31007 (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
31008 (JSC::CodeBlock::appendOSRExit):
31009 (JSC::CodeBlock::appendSpeculationRecovery):
31010 (JSC::CodeBlock::numberOfOSRExits):
31011 (JSC::CodeBlock::numberOfSpeculationRecoveries):
31012 (JSC::CodeBlock::osrExit):
31013 (JSC::CodeBlock::speculationRecovery):
31014 * dfg/DFGAssemblyHelpers.h:
31015 (JSC::DFG::AssemblyHelpers::debugCall):
31016 * dfg/DFGCorrectableJumpPoint.cpp: Added.
31017 (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
31018 * dfg/DFGCorrectableJumpPoint.h: Added.
31019 (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
31020 (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
31021 (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
31022 (JSC::DFG::CorrectableJumpPoint::correctLateJump):
31023 (JSC::DFG::CorrectableJumpPoint::initialJump):
31024 (JSC::DFG::CorrectableJumpPoint::lateJump):
31025 (JSC::DFG::CorrectableJumpPoint::correctJump):
31026 (JSC::DFG::CorrectableJumpPoint::getJump):
31027 * dfg/DFGJITCompiler.cpp:
31028 (JSC::DFG::JITCompiler::linkOSRExits):
31029 (JSC::DFG::JITCompiler::compileBody):
31030 (JSC::DFG::JITCompiler::link):
31031 * dfg/DFGJITCompiler.h:
31032 * dfg/DFGOSRExit.cpp: Added.
31033 (JSC::DFG::OSRExit::OSRExit):
31034 (JSC::DFG::OSRExit::dump):
31035 * dfg/DFGOSRExit.h:
31036 * dfg/DFGOSRExitCompiler.cpp: Added.
31037 * dfg/DFGOSRExitCompiler.h:
31038 * dfg/DFGOSRExitCompiler32_64.cpp:
31039 (JSC::DFG::OSRExitCompiler::compileExit):
31040 * dfg/DFGOSRExitCompiler64.cpp:
31041 (JSC::DFG::OSRExitCompiler::compileExit):
31042 * dfg/DFGOperations.cpp:
31043 * dfg/DFGSpeculativeJIT.cpp:
31044 * dfg/DFGSpeculativeJIT.h:
31045 (JSC::DFG::SpeculativeJIT::speculationCheck):
31046 * dfg/DFGThunks.cpp: Added.
31047 (JSC::DFG::osrExitGenerationThunkGenerator):
31048 * dfg/DFGThunks.h: Added.
31050 (JSC::JITCode::dataAddressAtOffset):
31051 * runtime/JSGlobalData.h:
31053 2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
31055 Fixing build breakage
31057 Unreviewed build fix
31059 * JavaScriptCore.exp:
31060 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
31062 2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
31064 De-virtualize JSVariableObject::isDynamicScope
31065 https://bugs.webkit.org/show_bug.cgi?id=71933
31067 Reviewed by Geoffrey Garen.
31069 * runtime/JSActivation.cpp:
31070 * runtime/JSActivation.h: Inlined and de-virtualized isDynamicScope
31071 (JSC::JSActivation::isDynamicScope):
31072 * runtime/JSGlobalObject.cpp:
31073 * runtime/JSGlobalObject.h: Inlined and de-virtualized isDynamicScope
31074 (JSC::JSGlobalObject::isDynamicScope):
31075 * runtime/JSStaticScopeObject.cpp:
31076 * runtime/JSStaticScopeObject.h: Inlined and de-virtualized isDynamicScope
31077 (JSC::JSStaticScopeObject::createStructure): Changed createStructure to use new JSType
31078 (JSC::JSStaticScopeObject::isDynamicScope):
31079 * runtime/JSType.h: Added new type for JSStaticScopeObject
31080 * runtime/JSVariableObject.cpp: De-virtualized and added an implementation that checks the
31081 object's type and calls the corresponding implementation.
31082 (JSC::JSVariableObject::isDynamicScope):
31083 * runtime/JSVariableObject.h:
31085 2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
31087 De-virtualize JSGlobalObject::hasOwnPropertyForWrite
31088 https://bugs.webkit.org/show_bug.cgi?id=71934
31090 Reviewed by Geoffrey Garen.
31092 * runtime/JSGlobalObject.h: Removed the virtual-ness of hasOwnPropertyForWrite since nobody overrides it.
31094 2011-11-09 Gavin Barraclough <barraclough@apple.com>
31096 https://bugs.webkit.org/show_bug.cgi?id=71873
31098 Reviewed by Geoff Garen.
31100 Incrementally re-landing these changes, trying to determine what went wrong.
31101 (The whole patch failed tests on the build bot but worked locally.
31103 * assembler/MacroAssemblerARM.h:
31104 (JSC::MacroAssemblerARM::absDouble):
31105 * assembler/MacroAssemblerARMv7.h:
31106 * assembler/MacroAssemblerMIPS.h:
31107 (JSC::MacroAssemblerMIPS::absDouble):
31108 * assembler/MacroAssemblerSH4.h:
31109 (JSC::MacroAssemblerSH4::absDouble):
31110 * assembler/MacroAssemblerX86.h:
31111 (JSC::MacroAssemblerX86::absDouble):
31112 * assembler/MacroAssemblerX86Common.h:
31113 * assembler/MacroAssemblerX86_64.h:
31114 (JSC::MacroAssemblerX86_64::absDouble):
31115 * dfg/DFGSpeculativeJIT32_64.cpp:
31116 (JSC::DFG::SpeculativeJIT::compile):
31117 * dfg/DFGSpeculativeJIT64.cpp:
31118 (JSC::DFG::SpeculativeJIT::compile):
31119 * jit/ThunkGenerators.cpp:
31120 (JSC::absThunkGenerator):
31122 2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
31124 De-virtualize JSObject::getOwnPropertyDescriptor
31125 https://bugs.webkit.org/show_bug.cgi?id=71523
31127 Reviewed by Sam Weinig.
31129 Added getOwnPropertyDescriptor to the MethodTable, changed all of the
31130 virtual versions of getOwnPropertyDescriptor to static ones, and
31131 changed all of the call sites to the corresponding lookup in the MethodTable.
31133 * API/JSCallbackObject.h:
31134 * API/JSCallbackObjectFunctions.h:
31135 (JSC::::getOwnPropertyDescriptor):
31136 * JavaScriptCore.exp:
31137 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
31138 * debugger/DebuggerActivation.cpp:
31139 (JSC::DebuggerActivation::getOwnPropertyDescriptor):
31140 * debugger/DebuggerActivation.h:
31141 * runtime/Arguments.cpp:
31142 (JSC::Arguments::getOwnPropertyDescriptor):
31143 * runtime/Arguments.h:
31144 * runtime/ArrayConstructor.cpp:
31145 (JSC::ArrayConstructor::getOwnPropertyDescriptor):
31146 * runtime/ArrayConstructor.h:
31147 * runtime/ArrayPrototype.cpp:
31148 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
31149 * runtime/ArrayPrototype.h:
31150 * runtime/BooleanPrototype.cpp:
31151 (JSC::BooleanPrototype::getOwnPropertyDescriptor):
31152 * runtime/BooleanPrototype.h:
31153 * runtime/ClassInfo.h:
31154 * runtime/DateConstructor.cpp:
31155 (JSC::DateConstructor::getOwnPropertyDescriptor):
31156 * runtime/DateConstructor.h:
31157 * runtime/DatePrototype.cpp:
31158 (JSC::DatePrototype::getOwnPropertyDescriptor):
31159 * runtime/DatePrototype.h:
31160 * runtime/ErrorPrototype.cpp:
31161 (JSC::ErrorPrototype::getOwnPropertyDescriptor):
31162 * runtime/ErrorPrototype.h:
31163 * runtime/JSArray.cpp:
31164 (JSC::JSArray::getOwnPropertyDescriptor):
31165 * runtime/JSArray.h:
31166 * runtime/JSByteArray.cpp:
31167 (JSC::JSByteArray::getOwnPropertyDescriptor):
31168 * runtime/JSByteArray.h:
31169 * runtime/JSCell.cpp:
31170 (JSC::JSCell::getOwnPropertyDescriptor):
31171 * runtime/JSCell.h:
31172 * runtime/JSFunction.cpp:
31173 (JSC::JSFunction::getOwnPropertyDescriptor):
31174 * runtime/JSFunction.h:
31175 * runtime/JSGlobalObject.cpp:
31176 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
31177 * runtime/JSGlobalObject.h:
31178 * runtime/JSNotAnObject.cpp:
31179 (JSC::JSNotAnObject::getOwnPropertyDescriptor):
31180 * runtime/JSNotAnObject.h:
31181 * runtime/JSONObject.cpp:
31182 (JSC::JSONObject::getOwnPropertyDescriptor):
31183 * runtime/JSONObject.h:
31184 * runtime/JSObject.cpp:
31185 (JSC::JSObject::vtableAnchor):
31186 (JSC::JSObject::propertyIsEnumerable):
31187 (JSC::JSObject::getOwnPropertyDescriptor):
31188 (JSC::JSObject::getPropertyDescriptor):
31189 (JSC::JSObject::defineOwnProperty):
31190 * runtime/JSObject.h:
31191 * runtime/JSString.cpp: Removed getOwnPropertyDescriptor, since this seems to be a relic from a
31192 bygone era when getOwnPropertyDescriptor was rooted in JSCell rather than JSObject. There were
31193 no call sites for this version of getOwnPropertyDescriptor in the entire project.
31194 * runtime/JSString.h:
31195 * runtime/Lookup.h:
31196 (JSC::getStaticPropertyDescriptor):
31197 (JSC::getStaticFunctionDescriptor):
31198 (JSC::getStaticValueDescriptor):
31199 * runtime/MathObject.cpp:
31200 (JSC::MathObject::getOwnPropertyDescriptor):
31201 * runtime/MathObject.h:
31202 * runtime/NumberConstructor.cpp:
31203 (JSC::NumberConstructor::getOwnPropertyDescriptor):
31204 * runtime/NumberConstructor.h:
31205 * runtime/NumberPrototype.cpp:
31206 (JSC::NumberPrototype::getOwnPropertyDescriptor):
31207 * runtime/NumberPrototype.h:
31208 * runtime/ObjectConstructor.cpp:
31209 (JSC::ObjectConstructor::getOwnPropertyDescriptor):
31210 (JSC::objectConstructorGetOwnPropertyDescriptor):
31211 * runtime/ObjectConstructor.h:
31212 * runtime/ObjectPrototype.cpp:
31213 (JSC::ObjectPrototype::getOwnPropertyDescriptor):
31214 * runtime/ObjectPrototype.h:
31215 * runtime/RegExpConstructor.cpp:
31216 (JSC::RegExpConstructor::getOwnPropertyDescriptor):
31217 * runtime/RegExpConstructor.h:
31218 * runtime/RegExpMatchesArray.h:
31219 (JSC::RegExpMatchesArray::getOwnPropertyDescriptor):
31220 * runtime/RegExpObject.cpp:
31221 (JSC::RegExpObject::getOwnPropertyDescriptor):
31222 * runtime/RegExpObject.h:
31223 * runtime/RegExpPrototype.cpp:
31224 (JSC::RegExpPrototype::getOwnPropertyDescriptor):
31225 * runtime/RegExpPrototype.h:
31226 * runtime/StringConstructor.cpp:
31227 (JSC::StringConstructor::getOwnPropertyDescriptor):
31228 * runtime/StringConstructor.h:
31229 * runtime/StringObject.cpp:
31230 (JSC::StringObject::vtableAnchor): Added to prevent a weak vtable.
31231 (JSC::StringObject::getOwnPropertyDescriptor):
31232 * runtime/StringObject.h:
31233 * runtime/StringPrototype.cpp:
31234 (JSC::StringPrototype::getOwnPropertyDescriptor):
31235 * runtime/StringPrototype.h:
31237 2011-11-09 Gavin Barraclough <barraclough@apple.com>
31239 https://bugs.webkit.org/show_bug.cgi?id=71873
31241 Reviewed by Geoff Garen.
31243 Incrementally re-landing these changes, trying to determine what went wrong.
31244 (The whole patch failed tests on the build bot but worked locally.
31246 * assembler/MacroAssemblerARM.h:
31247 (JSC::MacroAssemblerARM::supportsFloatingPoint):
31248 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
31249 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
31250 (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
31251 * assembler/MacroAssemblerARMv7.h:
31252 (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
31253 (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
31254 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
31255 (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
31256 * assembler/MacroAssemblerMIPS.h:
31257 (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
31258 (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
31259 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
31260 (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
31261 * assembler/MacroAssemblerSH4.h:
31262 (JSC::MacroAssemblerSH4::supportsFloatingPoint):
31263 (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
31264 (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
31265 (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
31266 * assembler/MacroAssemblerX86.h:
31267 (JSC::MacroAssemblerX86::supportsFloatingPoint):
31268 (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
31269 (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
31270 (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
31271 * assembler/MacroAssemblerX86_64.h:
31272 (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
31273 (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
31274 (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
31275 (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
31276 * jit/ThunkGenerators.cpp:
31277 (JSC::absThunkGenerator):
31279 2011-11-08 Darin Adler <darin@apple.com>
31281 Add code path in HashTable for emptyValueIsZero that does not require copying the empty value
31282 https://bugs.webkit.org/show_bug.cgi?id=71875
31284 Reviewed by Anders Carlsson.
31286 This is a step along the path of making OwnPtr work as HashMap value types.
31288 * wtf/Alignment.h: Moved the AlignedBufferChar and AlignedBuffer types from Vector.h here.
31289 Also fixed include style. To include other WTF headers inside WTF, we use "" includes.
31290 I did not change the code to fix style checker complaints.
31292 * wtf/HashTable.h: Added includes as needed and fixed include style.
31293 (WTF::doubleHash): Removed the uneeeded and inappropriate "static" in this function, which
31294 gave it internal linkage for no good reason.
31295 (WTF::HashTable::checkKey): Made this use AlignedBuffer for the deleted value check to avoid
31296 construction/destruction problems instead of doing the trick where we construct and destroy
31297 an empty value twice. It's cleaner and simpler and avoids copying the empty value.
31298 (WTF::HashTable::initializeBucket): Specialized initializeBucket to use memset when the
31299 empty value is zero rather than copying an empty value.
31301 * wtf/Vector.h: Moved the AlignedBufferChar and AlignedBuffer types into Alignment.h.
31303 2011-11-09 Gabor Rapcsanyi <rgabor@webkit.org>
31305 Buildfix for 32bit debug mode.
31307 Reviewed by Csaba Osztrogonác.
31309 * dfg/DFGAbstractState.cpp:
31310 (JSC::DFG::AbstractState::dump):
31311 * dfg/DFGGraph.cpp:
31312 (JSC::DFG::Graph::dump):
31314 2011-11-09 Andy Wingo <wingo@igalia.com>
31316 Enable the DFG JIT on X86-64 Linux platforms
31317 https://bugs.webkit.org/show_bug.cgi?id=71373
31319 Reviewed by Csaba Osztrogonác.
31321 * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
31322 x86-64 GNU/Linux platform.
31323 * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
31325 2011-11-09 Csaba Osztrogonác <ossy@webkit.org>
31327 Enable the DFG JIT on x86-64 Linux platforms
31328 https://bugs.webkit.org/show_bug.cgi?id=71373
31330 Enable DFG JIT by default on X86 Linux and Mac platforms
31331 https://bugs.webkit.org/show_bug.cgi?id=71686
31333 Buildfix for stricter compilers: -Werror=unused-but-set-variable
31335 Reviewed by Zoltan Herczeg.
31337 * dfg/DFGSpeculativeJIT.cpp:
31338 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
31339 * dfg/DFGSpeculativeJIT32_64.cpp:
31340 (JSC::DFG::SpeculativeJIT::compile):
31341 * dfg/DFGSpeculativeJIT64.cpp:
31342 (JSC::DFG::SpeculativeJIT::compile):
31344 2011-11-09 Sheriff Bot <webkit.review.bot@gmail.com>
31346 Unreviewed, rolling out r99678.
31347 http://trac.webkit.org/changeset/99678
31348 https://bugs.webkit.org/show_bug.cgi?id=71882
31350 broke the build with -Werror=unused-but-set-variable
31351 (Requested by tronical_ on #webkit).
31353 * CMakeListsEfl.txt:
31356 2011-11-09 Andy Wingo <wingo@igalia.com>
31358 Enable the DFG JIT on X86-64 Linux platforms
31359 https://bugs.webkit.org/show_bug.cgi?id=71373
31361 Reviewed by Filip Pizlo.
31363 * wtf/Platform.h (ENABLE_DFG_JIT): Enable the DFG JIT on the
31364 x86-64 GNU/Linux platform.
31365 * CMakeListsEfl.txt: Add JSValue64 implementations to EFL build.
31367 2011-11-09 Mark Hahnenberg <mhahnenberg@apple.com>
31369 De-virtualize JSObject::defineOwnProperty
31370 https://bugs.webkit.org/show_bug.cgi?id=71429
31372 Reviewed by Geoffrey Garen.
31374 Added defineOwnProperty to the MethodTable, changed all the virtual
31375 implementations of defineOwnProperty to static ones, and replaced
31376 all call sites with corresponding lookups in the MethodTable.
31378 * JavaScriptCore.exp:
31379 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
31380 * runtime/Arguments.cpp:
31381 (JSC::Arguments::createStrictModeCallerIfNecessary):
31382 (JSC::Arguments::createStrictModeCalleeIfNecessary):
31383 * runtime/ClassInfo.h:
31384 * runtime/JSCell.cpp:
31385 (JSC::JSCell::defineOwnProperty):
31386 * runtime/JSCell.h:
31387 * runtime/JSObject.cpp:
31388 (JSC::JSObject::defineOwnProperty):
31389 * runtime/JSObject.h:
31390 * runtime/ObjectConstructor.cpp:
31391 (JSC::objectConstructorDefineProperty):
31392 (JSC::defineProperties):
31394 2011-11-09 Simon Hausmann <simon.hausmann@nokia.com>
31396 [Qt] Build system cleanup
31397 https://bugs.webkit.org/show_bug.cgi?id=71815
31399 Reviewed by Kenneth Rohde Christiansen.
31401 * wtf/wtf.pri: Moved the glib dependency to javascriptcore.prf.
31403 2011-11-08 Simon Hausmann <simon.hausmann@nokia.com>
31405 [Qt] Replace use of QApplication with QGuiApplication
31406 https://bugs.webkit.org/show_bug.cgi?id=71794
31408 Reviewed by Andreas Kling.
31410 Add compat headers for use when building with Qt 4: QGuiApplication
31411 is typedef'ed to QApplication.
31413 * wtf/qt/compat/QGuiApplication: Added.
31414 * wtf/qt/compat/qguiapplication.h: Added.
31416 2011-11-08 Sheriff Bot <webkit.review.bot@gmail.com>
31418 Unreviewed, rolling out r99647.
31419 http://trac.webkit.org/changeset/99647
31420 https://bugs.webkit.org/show_bug.cgi?id=71876
31422 It broke jsc and layout tests on all bot (Requested by
31423 Ossy_night on #webkit).
31425 * assembler/MacroAssemblerARM.h:
31426 (JSC::MacroAssemblerARM::supportsFloatingPoint):
31427 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
31428 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
31429 (JSC::MacroAssemblerARM::supportsDoubleBitops):
31430 (JSC::MacroAssemblerARM::andnotDouble):
31431 * assembler/MacroAssemblerARMv7.h:
31432 (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
31433 (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
31434 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
31435 (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
31436 * assembler/MacroAssemblerMIPS.h:
31437 (JSC::MacroAssemblerMIPS::andnotDouble):
31438 (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
31439 (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
31440 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
31441 (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
31442 * assembler/MacroAssemblerSH4.h:
31443 (JSC::MacroAssemblerSH4::supportsFloatingPoint):
31444 (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
31445 (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
31446 (JSC::MacroAssemblerSH4::supportsDoubleBitops):
31447 (JSC::MacroAssemblerSH4::andnotDouble):
31448 * assembler/MacroAssemblerX86.h:
31449 (JSC::MacroAssemblerX86::MacroAssemblerX86):
31450 (JSC::MacroAssemblerX86::supportsFloatingPoint):
31451 (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
31452 (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
31453 (JSC::MacroAssemblerX86::supportsDoubleBitops):
31454 * assembler/MacroAssemblerX86Common.h:
31455 (JSC::MacroAssemblerX86Common::andnotDouble):
31456 * assembler/MacroAssemblerX86_64.h:
31457 (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
31458 (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
31459 (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
31460 (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
31461 * assembler/X86Assembler.h:
31462 * dfg/DFGByteCodeParser.cpp:
31463 (JSC::DFG::ByteCodeParser::handleIntrinsic):
31464 * dfg/DFGSpeculativeJIT32_64.cpp:
31465 (JSC::DFG::SpeculativeJIT::compile):
31466 * dfg/DFGSpeculativeJIT64.cpp:
31467 (JSC::DFG::SpeculativeJIT::compile):
31468 * jit/ThunkGenerators.cpp:
31469 (JSC::absThunkGenerator):
31470 * runtime/JSGlobalData.cpp:
31472 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31474 Better abstract 'abs' operation through the MacroAssembler.
31475 https://bugs.webkit.org/show_bug.cgi?id=71873
31477 Reviewed by Geoff Garen.
31479 Currently the x86 specific instruction sequence to perform a double abs
31480 is duplicated throughout the JITs / thunk generators.
31482 * assembler/MacroAssemblerARM.h:
31483 (JSC::MacroAssemblerARM::supportsFloatingPoint):
31484 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
31485 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
31486 (JSC::MacroAssemblerARM::supportsFloatingPointAbs):
31487 (JSC::MacroAssemblerARM::absDouble):
31488 - Renamed supportsFloatingPointAbs, make these methods static so that
31489 we can check the JIT's capabilites before we begin compilation.
31490 * assembler/MacroAssemblerARMv7.h:
31491 (JSC::MacroAssemblerARMv7::supportsFloatingPoint):
31492 (JSC::MacroAssemblerARMv7::supportsFloatingPointTruncate):
31493 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
31494 (JSC::MacroAssemblerARMv7::supportsFloatingPointAbs):
31495 - Renamed supportsFloatingPointAbs, make these methods static so that
31496 we can check the JIT's capabilites before we begin compilation.
31497 * assembler/MacroAssemblerMIPS.h:
31498 (JSC::MacroAssemblerMIPS::absDouble):
31499 (JSC::MacroAssemblerMIPS::supportsFloatingPoint):
31500 (JSC::MacroAssemblerMIPS::supportsFloatingPointTruncate):
31501 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
31502 (JSC::MacroAssemblerMIPS::supportsFloatingPointAbs):
31503 - Renamed supportsFloatingPointAbs, make these methods static so that
31504 we can check the JIT's capabilites before we begin compilation.
31505 * assembler/MacroAssemblerSH4.h:
31506 (JSC::MacroAssemblerSH4::supportsFloatingPoint):
31507 (JSC::MacroAssemblerSH4::supportsFloatingPointTruncate):
31508 (JSC::MacroAssemblerSH4::supportsFloatingPointSqrt):
31509 (JSC::MacroAssemblerSH4::supportsFloatingPointAbs):
31510 (JSC::MacroAssemblerSH4::absDouble):
31511 - Renamed supportsFloatingPointAbs, make these methods static so that
31512 we can check the JIT's capabilites before we begin compilation.
31513 * assembler/MacroAssemblerX86.h:
31514 (JSC::MacroAssemblerX86::absDouble):
31515 (JSC::MacroAssemblerX86::supportsFloatingPoint):
31516 (JSC::MacroAssemblerX86::supportsFloatingPointTruncate):
31517 (JSC::MacroAssemblerX86::supportsFloatingPointSqrt):
31518 (JSC::MacroAssemblerX86::supportsFloatingPointAbs):
31519 - Made supports* methods static so that we can check the JIT's
31520 capabilites before we begin compilation. Added absDouble.
31521 * assembler/MacroAssemblerX86Common.h:
31522 - Removed andnotDouble, added s_maskSignBit.
31523 * assembler/MacroAssemblerX86_64.h:
31524 (JSC::MacroAssemblerX86_64::absDouble):
31525 (JSC::MacroAssemblerX86_64::supportsFloatingPoint):
31526 (JSC::MacroAssemblerX86_64::supportsFloatingPointTruncate):
31527 (JSC::MacroAssemblerX86_64::supportsFloatingPointSqrt):
31528 (JSC::MacroAssemblerX86_64::supportsFloatingPointAbs):
31529 - Made supports* methods static so that we can check the JIT's
31530 capabilites before we begin compilation. Added absDouble.
31531 * assembler/X86Assembler.h:
31532 (JSC::X86Assembler::andpd_rr):
31533 (JSC::X86Assembler::andpd_mr):
31534 - Added support for andpd instruction.
31535 * dfg/DFGByteCodeParser.cpp:
31536 (JSC::DFG::ByteCodeParser::handleIntrinsic):
31537 - Added checks for supportsFloatingPointAbs, supportsFloatingPointSqrt.
31538 * dfg/DFGSpeculativeJIT32_64.cpp:
31539 (JSC::DFG::SpeculativeJIT::compile):
31540 - Switched to use doubleAbs, we can now also reuse the operand register for the result.
31541 * dfg/DFGSpeculativeJIT64.cpp:
31542 (JSC::DFG::SpeculativeJIT::compile):
31543 - Switched to use doubleAbs, we can now also reuse the operand register for the result.
31544 * jit/ThunkGenerators.cpp:
31545 - Switched to use doubleAbs.
31546 (JSC::absThunkGenerator):
31547 * runtime/JSGlobalData.cpp:
31548 - Declared MacroAssemblerX86Common::s_maskSignBit here.
31549 This is a little ugly, but it doesn't seem worth adding a whole extra .cpp
31550 to the compile for just one constant.
31552 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31554 Move duplicates of SYMBOL_STRING* macros to the single location
31555 https://bugs.webkit.org/show_bug.cgi?id=71456
31557 Reviewed by Sam Weinig.
31559 * JavaScriptCore.xcodeproj/project.pbxproj:
31560 * dfg/DFGOperations.cpp:
31561 * jit/JITStubs.cpp:
31562 * wtf/InlineASM.h: Added.
31563 - Moved asm related macros.
31565 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31567 Move code to handle 8bit regs from X86Assembler to MacroAssembler
31568 https://bugs.webkit.org/show_bug.cgi?id=71867
31570 Reviewed by Oliver Hunt.
31572 This code is fine, but is in the wrong place really. X86 assembler should
31573 basically just format up exactly the instruction you request - not expand
31574 out to a set of instructions (that is what the macro assembler layer is
31575 for!). For other 8-bit ops, on X86 we don't guard against clients accessing
31578 * assembler/MacroAssemblerX86Common.h:
31579 (JSC::MacroAssemblerX86Common::store8):
31580 * assembler/X86Assembler.h:
31581 (JSC::X86Assembler::movb_rm):
31584 2011-11-08 Filip Pizlo <fpizlo@apple.com>
31586 Unreviewed build fix for GTK.
31588 * GNUmakefile.list.am:
31590 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31594 * assembler/X86Assembler.h:
31596 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31598 Errrk, failed to commit this in last change.
31600 * assembler/X86Assembler.h:
31602 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31604 Remove an unused method.
31606 Rubber stamped by Geoff Garen.
31608 * assembler/AbstractMacroAssembler.h:
31609 * assembler/AssemblerBuffer.h:
31610 - removed rewindToLabel.
31612 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31614 Fix OSR entry points to calculate offsets correctly WRT to branch compaction.
31615 https://bugs.webkit.org/show_bug.cgi?id=71864
31617 Reviewed by Filip Pizlo.
31619 * assembler/LinkBuffer.h:
31620 (JSC::LinkBuffer::offsetOf):
31621 - We use this to return the offsets into the code of the entry points.
31622 * dfg/DFGJITCompiler.cpp:
31623 (JSC::DFG::JITCompiler::compileEntry):
31624 (JSC::DFG::JITCompiler::compileBody):
31625 (JSC::DFG::JITCompiler::compile):
31626 (JSC::DFG::JITCompiler::compileFunction):
31627 - Move the construction of the speculative JIT outside of
31628 compileBody, such that it is still available to link the
31629 OSR entry points at the point we are linking.
31630 * dfg/DFGJITCompiler.h:
31631 (JSC::DFG::JITCompiler::noticeOSREntry):
31632 - Pass the label of the block & linkbuffer into noticeOSREntry.
31633 * dfg/DFGSpeculativeJIT.cpp:
31634 (JSC::DFG::SpeculativeJIT::compile):
31635 (JSC::DFG::SpeculativeJIT::linkOSREntries):
31636 - Moved call to noticeOSREntry until we we linking.
31637 * dfg/DFGSpeculativeJIT.h:
31639 (JSC::JIT::privateCompileMainPass):
31640 (JSC::JIT::privateCompileSlowCases):
31641 (JSC::JIT::privateCompile):
31642 - Moved calculation of entries until we we linking.
31644 - Removed some members.
31646 2011-11-08 Filip Pizlo <fpizlo@apple.com>
31648 DFG OSR exit code should be generated by a separate compiler, not
31649 related to DFG::JITCompiler
31650 https://bugs.webkit.org/show_bug.cgi?id=71787
31652 Reviewed by Gavin Barraclough.
31654 Moves the exitSpeculativeWithOSR() method from JITCompiler to
31655 OSRExitCompiler::compileExit().
31657 * CMakeListsEfl.txt:
31658 * JavaScriptCore.xcodeproj/project.pbxproj:
31660 * dfg/DFGJITCompiler.cpp:
31661 (JSC::DFG::JITCompiler::linkOSRExits):
31662 * dfg/DFGJITCompiler32_64.cpp: Removed.
31663 * dfg/DFGOSRExitCompiler.h: Added.
31664 (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
31665 * dfg/DFGOSRExitCompiler32_64.cpp: Added.
31666 (JSC::DFG::OSRExitCompiler::compileExit):
31667 * dfg/DFGOSRExitCompiler64.cpp: Added.
31668 (JSC::DFG::OSRExitCompiler::compileExit):
31669 * runtime/JSValue.h:
31671 2011-11-08 Filip Pizlo <fpizlo@apple.com>
31673 Basic DFG definitions should be moved out of DFGNode.h
31674 https://bugs.webkit.org/show_bug.cgi?id=71861
31676 Rubber-stamped by Gavin Barraclough.
31678 * JavaScriptCore.xcodeproj/project.pbxproj:
31679 * dfg/DFGCommon.h: Added.
31680 (JSC::DFG::NodeIndexTraits::defaultValue):
31682 * dfg/DFGOSRExit.h:
31683 * dfg/DFGRegisterBank.h:
31685 2011-11-08 Michael Saboff <msaboff@apple.com>
31687 Towards 8 Bit Strings: Templatize JSC::Parser class by Lexer type
31688 https://bugs.webkit.org/show_bug.cgi?id=71761
31690 Templatized Parser based on Lexer<T>. Moved two enums,
31691 SourceElementsMode and FunctionRequirements out of Parser definition
31692 to work around a clang compiler defect.
31694 Cleaned up SourceCode data() to return StringImpl* and eliminated
31695 the recently added stringData() virtual method.
31697 To keep code in Parser.cpp and keep Parser.h small, the two flavors
31698 of Parser are explicitly instantiated at the end of Parser.cpp.
31700 Reviewed by Gavin Barraclough.
31702 * interpreter/Interpreter.cpp:
31703 (JSC::appendSourceToError):
31704 * parser/Lexer.cpp:
31706 (JSC::::sourceCode):
31707 * parser/Parser.cpp:
31710 (JSC::::parseInner):
31711 (JSC::::didFinishParsing):
31712 (JSC::::allowAutomaticSemicolon):
31713 (JSC::::parseSourceElements):
31714 (JSC::::parseVarDeclaration):
31715 (JSC::::parseConstDeclaration):
31716 (JSC::::parseDoWhileStatement):
31717 (JSC::::parseWhileStatement):
31718 (JSC::::parseVarDeclarationList):
31719 (JSC::::parseConstDeclarationList):
31720 (JSC::::parseForStatement):
31721 (JSC::::parseBreakStatement):
31722 (JSC::::parseContinueStatement):
31723 (JSC::::parseReturnStatement):
31724 (JSC::::parseThrowStatement):
31725 (JSC::::parseWithStatement):
31726 (JSC::::parseSwitchStatement):
31727 (JSC::::parseSwitchClauses):
31728 (JSC::::parseSwitchDefaultClause):
31729 (JSC::::parseTryStatement):
31730 (JSC::::parseDebuggerStatement):
31731 (JSC::::parseBlockStatement):
31732 (JSC::::parseStatement):
31733 (JSC::::parseFormalParameters):
31734 (JSC::::parseFunctionBody):
31735 (JSC::::parseFunctionInfo):
31736 (JSC::::parseFunctionDeclaration):
31737 (JSC::::parseExpressionOrLabelStatement):
31738 (JSC::::parseExpressionStatement):
31739 (JSC::::parseIfStatement):
31740 (JSC::::parseExpression):
31741 (JSC::::parseAssignmentExpression):
31742 (JSC::::parseConditionalExpression):
31743 (JSC::::isBinaryOperator):
31744 (JSC::::parseBinaryExpression):
31745 (JSC::::parseProperty):
31746 (JSC::::parseObjectLiteral):
31747 (JSC::::parseStrictObjectLiteral):
31748 (JSC::::parseArrayLiteral):
31749 (JSC::::parsePrimaryExpression):
31750 (JSC::::parseArguments):
31751 (JSC::::parseMemberExpression):
31752 (JSC::::parseUnaryExpression):
31756 * parser/SourceCode.h:
31757 (JSC::SourceCode::data):
31758 (JSC::SourceCode::subExpression):
31759 * parser/SourceProvider.h:
31760 (JSC::UStringSourceProvider::data):
31762 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31764 Fix PropertyAccessRecords in DFG JIT to take account of branch compaction.
31765 https://bugs.webkit.org/show_bug.cgi?id=71855
31767 Reviewed by Filip Pizlo.
31769 The DFG JIT presently calculates a set of offsets early, before branches have been compacted.
31770 This won't work on ARMv7.
31772 * assembler/AbstractMacroAssembler.h:
31773 (JSC::AbstractMacroAssembler::differenceBetweenCodePtr):
31774 * assembler/LinkBuffer.h:
31775 (JSC::LinkBuffer::locationOf):
31776 * dfg/DFGJITCodeGenerator32_64.cpp:
31777 (JSC::DFG::JITCodeGenerator::cachedGetById):
31778 (JSC::DFG::JITCodeGenerator::cachedPutById):
31779 * dfg/DFGJITCodeGenerator64.cpp:
31780 (JSC::DFG::JITCodeGenerator::cachedGetById):
31781 (JSC::DFG::JITCodeGenerator::cachedPutById):
31782 * dfg/DFGJITCompiler.cpp:
31783 (JSC::DFG::JITCompiler::link):
31784 * dfg/DFGJITCompiler.h:
31785 (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
31786 (JSC::DFG::JITCompiler::addPropertyAccess):
31788 2011-11-08 Gavin Barraclough <barraclough@apple.com>
31790 DFG JIT calculation of OSR entry points is not THUMB2 safe
31791 https://bugs.webkit.org/show_bug.cgi?id=71852
31793 Reviewed by Oliver Hunt.
31795 Executable addresses are tagged with a low bit set to distinguish
31796 between THUMB2 and traditional ARM.
31798 * dfg/DFGJITCompiler.cpp:
31799 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
31800 * dfg/DFGJITCompiler32_64.cpp:
31801 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
31802 * dfg/DFGOSREntry.cpp:
31803 (JSC::DFG::prepareOSREntry):
31805 (JSC::JITCode::executableAddressAtOffset):
31806 (JSC::JITCode::start):
31807 (JSC::JITCode::size):
31809 2011-11-08 Michael Saboff <msaboff@apple.com>
31811 JSC::Parser::Parser leaks Lexer member
31812 https://bugs.webkit.org/show_bug.cgi?id=71847
31814 Changed m_lexer member of Parser to be OwnPtr to fix a memory leak.
31816 Reviewed by Oliver Hunt.
31818 * parser/Parser.cpp:
31819 (JSC::Parser::Parser):
31820 (JSC::Parser::parseFunctionBody):
31823 2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
31825 Enable DFG JIT by default on X86 Linux and Mac platforms
31826 https://bugs.webkit.org/show_bug.cgi?id=71686
31828 Reviewed by Filip Pizlo.
31830 We can get 9% on SunSpider, 89% on Kraken and 37% on V8, on Linux X86.
31834 2011-11-08 Yuqiang Xian <yuqiang.xian@intel.com>
31836 DFG 32_64 - update make lists for efl, gtk, and Qt ports with DFG change r99519
31837 https://bugs.webkit.org/show_bug.cgi?id=71768
31839 Reviewed by Geoffrey Garen.
31841 Also includes a fix to make the newly introduced AssemblyHelpers
31842 friend of JSValue as we need the Tag definitions.
31844 * CMakeListsEfl.txt:
31845 * GNUmakefile.list.am:
31847 * runtime/JSValue.h:
31849 2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
31851 Fix gcc 4.4 compilation warnings in DFG 32_64
31852 https://bugs.webkit.org/show_bug.cgi?id=71762
31854 Reviewed by Filip Pizlo.
31856 * dfg/DFGJITCodeGenerator.h:
31857 (JSC::DFG::JITCodeGenerator::registersMatched):
31859 2011-11-07 Filip Pizlo <fpizlo@apple.com>
31861 DFG code base should allow for classes not related to DFG::JITCompiler
31863 https://bugs.webkit.org/show_bug.cgi?id=71746
31865 Reviewed by Gavin Barraclough.
31867 * JavaScriptCore.xcodeproj/project.pbxproj:
31868 * dfg/DFGAssemblyHelpers.cpp: Added.
31869 (JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
31870 (JSC::DFG::AssemblyHelpers::emitCount):
31871 (JSC::DFG::AssemblyHelpers::setSamplingFlag):
31872 (JSC::DFG::AssemblyHelpers::clearSamplingFlag):
31873 (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
31874 (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
31875 (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
31876 (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
31877 (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
31878 * dfg/DFGAssemblyHelpers.h: Added.
31879 * dfg/DFGJITCompiler.cpp:
31880 * dfg/DFGJITCompiler.h:
31881 (JSC::DFG::JITCompiler::JITCompiler):
31882 (JSC::DFG::JITCompiler::graph):
31883 * dfg/DFGJITCompiler32_64.cpp:
31884 * dfg/DFGOSRExit.h: Added.
31885 (JSC::DFG::SpeculationRecovery::SpeculationRecovery):
31886 (JSC::DFG::SpeculationRecovery::type):
31887 (JSC::DFG::SpeculationRecovery::dest):
31888 (JSC::DFG::SpeculationRecovery::src):
31889 (JSC::DFG::OSRExit::numberOfRecoveries):
31890 (JSC::DFG::OSRExit::valueRecovery):
31891 (JSC::DFG::OSRExit::isArgument):
31892 (JSC::DFG::OSRExit::isVariable):
31893 (JSC::DFG::OSRExit::argumentForIndex):
31894 (JSC::DFG::OSRExit::variableForIndex):
31895 (JSC::DFG::OSRExit::operandForArgument):
31896 (JSC::DFG::OSRExit::operandForIndex):
31897 * dfg/DFGSpeculativeJIT.h:
31899 2011-11-07 Filip Pizlo <fpizlo@apple.com>
31901 Switch back to 1+1 value profiling buckets, since it didn't help on arewefastyet,
31902 but it appears to help on other benchmarks.
31904 Rubber stamped by Oliver Hunt.
31906 * bytecode/ValueProfile.h:
31908 2011-11-07 Ariya Hidayat <ariya@sencha.com>
31910 "use strict" can not contain escape sequences or line continuation
31911 https://bugs.webkit.org/show_bug.cgi?id=71532
31913 Reviewed by Darin Adler.
31915 Store the actual literal length (before the escapes and line
31916 continuation are encoded) while parsing the directive and use it
31917 for the directive comparison.
31919 * parser/Parser.cpp:
31920 (JSC::Parser::parseSourceElements):
31921 (JSC::Parser::parseStatement):
31924 2011-11-06 Filip Pizlo <fpizlo@apple.com>
31926 DFG operationCreateThis slow path may get the wrong callee in case of inlining
31927 https://bugs.webkit.org/show_bug.cgi?id=71647
31929 Reviewed by Oliver Hunt.
31931 No new tests because I only saw this manifest itself when I had other bugs
31932 leading to spurious slow path executions.
31934 * dfg/DFGJITCodeGenerator.h:
31935 (JSC::DFG::callOperation):
31936 * dfg/DFGOperations.cpp:
31937 * dfg/DFGOperations.h:
31938 * dfg/DFGSpeculativeJIT32_64.cpp:
31939 (JSC::DFG::SpeculativeJIT::compile):
31940 * dfg/DFGSpeculativeJIT64.cpp:
31941 (JSC::DFG::SpeculativeJIT::compile):
31943 2011-11-07 Mark Hahnenberg <mhahnenberg@apple.com>
31945 De-virtualize JSObject::putWithAttributes
31946 https://bugs.webkit.org/show_bug.cgi?id=71716
31948 Reviewed by Darin Adler.
31950 Added putWithAttributes to the MethodTable, changed all the virtual
31951 implementations of putWithAttributes to static ones, and replaced
31952 all call sites with corresponding lookups in the MethodTable.
31954 * API/JSObjectRef.cpp:
31955 (JSObjectSetProperty):
31956 * JavaScriptCore.exp:
31957 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
31958 * debugger/DebuggerActivation.cpp:
31959 (JSC::DebuggerActivation::putWithAttributes):
31960 * debugger/DebuggerActivation.h:
31961 * interpreter/Interpreter.cpp:
31962 (JSC::Interpreter::execute):
31963 * runtime/ClassInfo.h:
31964 * runtime/JSActivation.cpp:
31965 (JSC::JSActivation::putWithAttributes):
31966 * runtime/JSActivation.h:
31967 * runtime/JSCell.cpp:
31968 (JSC::JSCell::putWithAttributes):
31969 * runtime/JSCell.h:
31970 * runtime/JSGlobalObject.cpp:
31971 (JSC::JSGlobalObject::putWithAttributes):
31972 * runtime/JSGlobalObject.h:
31973 * runtime/JSObject.cpp:
31974 (JSC::JSObject::putWithAttributes):
31975 (JSC::putDescriptor):
31976 * runtime/JSObject.h:
31977 * runtime/JSStaticScopeObject.cpp:
31978 (JSC::JSStaticScopeObject::putWithAttributes):
31979 * runtime/JSStaticScopeObject.h:
31980 * runtime/JSVariableObject.cpp:
31981 (JSC::JSVariableObject::putWithAttributes):
31982 * runtime/JSVariableObject.h:
31984 2011-11-07 Dmitry Lomov <dslomov@google.com>
31986 Unreviewed. Release build fix.
31988 * parser/Lexer.cpp:
31989 (JSC::assertCharIsIn8BitRange):
31991 2011-11-07 Filip Pizlo <fpizlo@apple.com>
31993 Switch the value profiler back to 8 buckets, because we suspect that while this
31994 is more expensive it's also more stable.
31996 Rubber stamped by Geoff Garen.
31998 * bytecode/ValueProfile.h:
32000 2011-11-07 Andrew Wason <rectalogic@rectalogic.com>
32002 Uninitialized Heap member var
32003 https://bugs.webkit.org/show_bug.cgi?id=71722
32005 Reviewed by Filip Pizlo.
32008 (JSC::Heap::Heap): Initialize m_blockFreeingThreadShouldQuit
32010 2011-11-07 Yuqiang Xian <yuqiang.xian@intel.com>
32012 DFG 32_64 - registers cannot be reused arbitrarily if speculation failures are possible
32013 https://bugs.webkit.org/show_bug.cgi?id=71684
32015 Reviewed by Filip Pizlo.
32017 Currently in DFG JIT, we try to reuse the physical register of an
32018 operand for temporary usage if the current use of the operand is the
32019 last use. But sometimes this can be wrong, for example if there are
32020 possible speculation failures and we need to fallback to baseline JIT,
32021 the value of the operand which is supposed to be hold in the physical
32022 register can be modified by register reusing. The fixes the last
32023 inspector failures in layout test on Mac 32-bit if switching on DFG.
32025 * dfg/DFGSpeculativeJIT32_64.cpp:
32026 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
32027 (JSC::DFG::SpeculativeJIT::compile):
32029 2011-11-07 Ryosuke Niwa <rniwa@webkit.org>
32031 REGRESSION(r99436): Broke Snow Leopard debug build
32032 https://bugs.webkit.org/show_bug.cgi?id=71713
32034 Reviewed by Darin Adler.
32036 Put the assertion in a template and use template specialization
32037 to avoid warning when instantiated with UChar or LChar.
32039 In the long term, we should have traits for unsigned integral types
32040 and use that to specialize template instead of specializing it for UChar and LChar.
32042 * parser/Lexer.cpp:
32043 (JSC::assertCharIsIn8BitRange):
32046 2011-11-07 ChangSeok Oh <shivamidow@gmail.com>
32048 [EFL] Support requestAnimationFrame API
32049 https://bugs.webkit.org/show_bug.cgi?id=67112
32051 Reviewed by Andreas Kling.
32053 Let EFL port use REQUEST_ANIMATION_FRAME_TIMER.
32057 2011-11-07 Michael Saboff <msaboff@apple.com>
32059 Towards 8 Bit Strings: Templatize JSC::Lexer class by character type
32060 https://bugs.webkit.org/show_bug.cgi?id=71331
32062 Change the Lexer class to be a template class based on the character
32063 type of the source. In the process updated the parseIdentifier()
32064 and parseString() methods to create 8 bit strings where possible.
32065 Also added some helper methods for accumulating temporary string
32066 data in the 8 and 16 bit vectors.
32068 Changed the SourceProvider::data() virtual method to return a
32069 StringImpl* instead of a UChar*.
32071 Updated the KeywordLookup generator to create code to match keywords
32072 for both 8 and 16 bit source strings.
32074 Due to a compiler bug (<rdar://problem/10194295>) moved enum
32075 definition outside of Lexer class declaration. Remove second enum
32078 Reviewed by Darin Adler.
32080 * KeywordLookupGenerator.py:
32081 * interpreter/Interpreter.cpp:
32082 (JSC::Interpreter::callEval):
32083 * parser/Lexer.cpp:
32086 (JSC::::getInvalidCharMessage):
32087 (JSC::::currentCharacter):
32089 (JSC::::internalShift):
32092 (JSC::::getUnicodeCharacter):
32093 (JSC::::shiftLineTerminator):
32094 (JSC::::lastTokenWasRestrKeyword):
32099 (JSC::::parseIdentifier):
32100 (JSC::::parseIdentifierSlowCase):
32101 (JSC::::parseString):
32102 (JSC::::parseStringSlowCase):
32104 (JSC::::parseOctal):
32105 (JSC::::parseDecimal):
32106 (JSC::::parseNumberAfterDecimalPoint):
32107 (JSC::::parseNumberAfterExponentIndicator):
32108 (JSC::::parseMultilineComment):
32109 (JSC::::nextTokenIsColon):
32111 (JSC::::scanRegExp):
32112 (JSC::::skipRegExp):
32114 (JSC::::sourceCode):
32116 (JSC::Lexer::append16):
32117 (JSC::Lexer::currentOffset):
32118 (JSC::Lexer::setOffsetFromCharOffset):
32119 (JSC::::isWhiteSpace):
32120 (JSC::::isLineTerminator):
32121 (JSC::::convertHex):
32122 (JSC::::convertUnicode):
32123 (JSC::::makeIdentifier):
32124 (JSC::::setCodeStart):
32125 (JSC::::makeIdentifierLCharFromUChar):
32126 (JSC::::lexExpectIdentifier):
32127 * parser/Parser.cpp:
32128 (JSC::Parser::Parser):
32129 (JSC::Parser::parseProperty):
32130 (JSC::Parser::parseMemberExpression):
32132 (JSC::Parser::next):
32133 (JSC::Parser::nextExpectIdentifier):
32134 * parser/ParserArena.h:
32135 (JSC::IdentifierArena::makeIdentifier):
32136 (JSC::IdentifierArena::makeIdentifierLCharFromUChar):
32137 * parser/SourceCode.h:
32138 (JSC::SourceCode::subExpression):
32139 * parser/SourceProvider.h:
32140 (JSC::UStringSourceProvider::stringData):
32141 * parser/SourceProviderCache.h:
32142 * parser/SyntaxChecker.h:
32143 * runtime/FunctionPrototype.cpp:
32144 (JSC::insertSemicolonIfNeeded):
32145 * runtime/Identifier.cpp:
32146 (JSC::IdentifierTable::add):
32147 (JSC::IdentifierLCharFromUCharTranslator::hash):
32148 (JSC::IdentifierLCharFromUCharTranslator::equal):
32149 (JSC::IdentifierLCharFromUCharTranslator::translate):
32150 (JSC::Identifier::add8):
32151 * runtime/Identifier.h:
32152 (JSC::Identifier::Identifier):
32153 (JSC::Identifier::createLCharFromUChar):
32154 (JSC::Identifier::canUseSingleCharacterString):
32155 (JSC::IdentifierCharBufferTranslator::hash):
32156 (JSC::IdentifierCharBufferTranslator::equal):
32157 (JSC::IdentifierCharBufferTranslator::translate):
32158 (JSC::Identifier::add):
32159 (JSC::Identifier::equal):
32160 (JSC::IdentifierTable::add):
32161 * runtime/JSGlobalObjectFunctions.cpp:
32163 (JSC::parseIntOverflow):
32164 (JSC::globalFuncUnescape):
32165 * runtime/JSGlobalObjectFunctions.h:
32166 (JSC::parseIntOverflow):
32167 * runtime/LiteralParser.cpp:
32168 (JSC::LiteralParser::tryJSONPParse):
32169 (JSC::LiteralParser::Lexer::lexString):
32170 * wtf/text/StringImpl.h:
32172 2011-11-07 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
32174 [Qt] Put the jsc binary in 'bin' instead of leaving it deep in the build tree
32176 Allows us to not package up the whole Source/JavaScriptCore directory for the
32179 Reviewed-by Simon Hausmann.
32183 2011-11-06 Filip Pizlo <fpizlo@apple.com>
32185 REGRESSION(r99374): GTK+ build of the jsc binary doesn't like the call
32186 to initializeMainThread, and crashes
32187 https://bugs.webkit.org/show_bug.cgi?id=71643
32189 Reviewed by Sam Weinig.
32194 2011-11-06 Sam Weinig <sam@webkit.org>
32196 Add space missing from some class declarations
32197 https://bugs.webkit.org/show_bug.cgi?id=71632
32199 Reviewed by Anders Carlsson.
32201 * assembler/AssemblerBufferWithConstantPool.h:
32202 * bytecode/CodeBlock.h:
32203 * dfg/DFGVariableAccessData.h:
32204 * heap/VTableSpectrum.h:
32205 * jit/ExecutableAllocator.cpp:
32206 * jit/ExecutableAllocatorFixedVMPool.cpp:
32207 * wtf/MetaAllocatorHandle.h:
32210 2011-11-06 Sam Weinig <sam@webkit.org>
32212 Allow use of FINAL in JavaScriptCore
32213 https://bugs.webkit.org/show_bug.cgi?id=71630
32215 Reviewed by Anders Carlsson.
32217 * Configurations/Base.xcconfig:
32218 Don't warn about C++11 extensions used in C++98 mode.
32220 2011-11-05 Filip Pizlo <fpizlo@apple.com>
32222 Value profiling should just use two buckets
32223 https://bugs.webkit.org/show_bug.cgi?id=71619
32225 Reviewed by Gavin Barraclough.
32227 Added one more configuration options (like Heuristics::minimumOptimizationDelay),
32228 improved debugging in JIT optimization support, changed the number of buckets
32229 in the value profile from 9 to 2, and wrote a more optimal value profiling path
32230 in the old JIT to take advantage of this. It's still possible to play around with
32231 larger numbers of buckets, and we should probably keep this for a little while
32232 until we convince ourselves that using just two buckets is the right call.
32234 * bytecode/CodeBlock.cpp:
32235 (JSC::CodeBlock::shouldOptimizeNow):
32236 * bytecode/ValueProfile.h:
32237 * jit/JITInlineMethods.h:
32238 (JSC::JIT::emitValueProfilingSite):
32239 * jit/JITStubs.cpp:
32240 (JSC::DEFINE_STUB_FUNCTION):
32241 * runtime/Heuristics.cpp:
32242 (JSC::Heuristics::initializeHeuristics):
32243 * runtime/Heuristics.h:
32245 2011-11-03 Filip Pizlo <fpizlo@apple.com>
32247 JSC should be able to sample itself in a more flexible way than just sampling flags
32248 https://bugs.webkit.org/show_bug.cgi?id=71522
32250 Reviewed by Gavin Barraclough.
32252 Added a construct that looks like SamplingRegion samplingRegion("name").
32254 * JavaScriptCore.exp:
32255 * JavaScriptCore.xcodeproj/project.pbxproj:
32256 * bytecode/SamplingTool.cpp:
32257 (JSC::SamplingRegion::Locker::Locker):
32258 (JSC::SamplingRegion::Locker::~Locker):
32259 (JSC::SamplingRegion::sample):
32260 (JSC::SamplingRegion::dump):
32261 (JSC::SamplingRegion::dumpInternal):
32262 (JSC::SamplingThread::threadStartFunc):
32263 * bytecode/SamplingTool.h:
32264 (JSC::SamplingRegion::SamplingRegion):
32265 (JSC::SamplingRegion::~SamplingRegion):
32266 (JSC::SamplingRegion::exchangeCurrent):
32267 * bytecompiler/BytecodeGenerator.cpp:
32268 (JSC::BytecodeGenerator::generate):
32269 * dfg/DFGDriver.cpp:
32270 (JSC::DFG::compile):
32272 (JSC::Heap::markRoots):
32273 (JSC::Heap::collect):
32274 * heap/VTableSpectrum.cpp:
32275 (JSC::VTableSpectrum::countVPtr):
32276 (JSC::VTableSpectrum::dump):
32277 * heap/VTableSpectrum.h:
32283 * runtime/Executable.cpp:
32284 (JSC::EvalExecutable::compileInternal):
32285 (JSC::ProgramExecutable::compileInternal):
32286 (JSC::FunctionExecutable::compileForCallInternal):
32287 (JSC::FunctionExecutable::compileForConstructInternal):
32289 (WTF::weakCompareAndSwap):
32291 * wtf/Spectrum.h: Added.
32292 (WTF::Spectrum::Spectrum):
32293 (WTF::Spectrum::add):
32294 (WTF::Spectrum::get):
32295 (WTF::Spectrum::begin):
32296 (WTF::Spectrum::end):
32297 (WTF::Spectrum::KeyAndCount::KeyAndCount):
32298 (WTF::Spectrum::KeyAndCount::operator<):
32299 (WTF::Spectrum::buildList):
32302 2011-11-05 Sam Weinig <sam@webkit.org>
32306 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32308 2011-11-04 Sam Weinig <sam@webkit.org>
32310 Reduce the number of putWithAttributes
32311 https://bugs.webkit.org/show_bug.cgi?id=71597
32313 Reviewed by Adam Roben.
32315 * JavaScriptCore.exp:
32316 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32317 Remove exports of removed functions.
32319 * runtime/JSActivation.cpp:
32320 (JSC::JSActivation::putWithAttributes):
32321 Calling the overload without the extra parameters does the same thing.
32323 * runtime/JSObject.cpp:
32324 (JSC::JSObject::putWithAttributes):
32325 * runtime/JSObject.h:
32326 Remove four unused JSObject::putWithAttributes overloads and make one of the remaining
32327 two overloads not virtual, since no one overrides it.
32329 2011-11-04 Pratik Solanki <psolanki@apple.com>
32331 sqrtDouble and andnotDouble should be declared noreturn
32332 https://bugs.webkit.org/show_bug.cgi?id=71592
32334 Reviewed by Sam Weinig.
32336 * assembler/MacroAssemblerARMv7.h:
32338 2011-11-04 Mark Hahnenberg <mhahnenberg@apple.com>
32340 De-virtualize JSObject::hasInstance
32341 https://bugs.webkit.org/show_bug.cgi?id=71430
32343 Reviewed by Darin Adler.
32345 Added hasInstance to the MethodTable, changed all the virtual
32346 implementations of hasInstance to static ones, and replaced
32347 all call sites with corresponding lookups in the MethodTable.
32349 * API/JSCallbackObject.h:
32350 * API/JSCallbackObjectFunctions.h:
32351 (JSC::::hasInstance):
32352 * API/JSValueRef.cpp:
32353 (JSValueIsInstanceOfConstructor):
32354 * JavaScriptCore.exp:
32355 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32356 * interpreter/Interpreter.cpp:
32357 (JSC::Interpreter::privateExecute):
32358 * jit/JITStubs.cpp:
32359 (JSC::DEFINE_STUB_FUNCTION):
32360 * runtime/ClassInfo.h:
32361 * runtime/JSBoundFunction.cpp:
32362 (JSC::JSBoundFunction::hasInstance):
32363 * runtime/JSBoundFunction.h:
32364 * runtime/JSCell.cpp:
32365 (JSC::JSCell::hasInstance):
32366 * runtime/JSCell.h:
32367 * runtime/JSObject.cpp:
32368 (JSC::JSObject::hasInstance):
32369 * runtime/JSObject.h:
32371 2011-11-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
32373 [Qt] Refactor and clean up the qmake build system
32375 The qmake build system has accumulated a bit of cruft and redundancy
32376 over time. There's also a fairly tight coupling between how to build
32377 the various targets, and _what_ to build, making it harder to add new
32378 rules or sources. This patch aims to elevate these issues somewhat.
32380 This is a short-list of the changes:
32382 * The rules for how to build targets are now mostly contained as
32383 prf-files in Tools/qmake/mkspecs/features. Using mkspecs also
32384 allows us to do pre- and post-processing of each project file,
32385 which helps to clean up the actual project files.
32387 * Derived sources are no longer generated as a separate make-step
32388 but is part of each target's project file as a subdir. Makefile
32389 rules are used to ensure that we run make on the derived sources
32390 before running qmake on the actual target makefile. This makes
32391 it easier to keep a proper dependency between derived sources
32394 * We use GNU make and the compiler to generate dependencies on
32395 UNIX-based systems running Qt 5. This allows us to lessen the
32396 need to run qmake, which should reduce compile time.
32398 * WebKit2 is now build by default if building with Qt 5. It can
32399 be disabled by passing --no-webkit2 to build-webkit.
32401 The result of these changes are hopefully a cleaner and easier
32402 build system to modify, and faster build times due to no longer
32403 running qmake on every single build. It's also a first step
32404 towards possibly generating the list of sources using another
32407 https://bugs.webkit.org/show_bug.cgi?id=71222
32409 Reviewed by Simon Hausmann.
32411 * DerivedSources.pri: Added.
32412 * DerivedSources.pro: Removed.
32413 * JavaScriptCore.pro:
32414 * Target.pri: Copied from Source/JavaScriptCore/JavaScriptCore.pro.
32415 * headers.pri: Removed.
32420 2011-11-04 Yuqiang Xian <yuqiang.xian@intel.com>
32422 More code clean-up in DFG 32_64
32423 https://bugs.webkit.org/show_bug.cgi?id=71540
32425 Remove unnecessary code duplications, and fix compilation warnings.
32427 Reviewed by Gavin Barraclough.
32429 * dfg/DFGJITCompiler.cpp:
32430 (JSC::DFG::JITCompiler::emitCount):
32431 (JSC::DFG::JITCompiler::setSamplingFlag):
32432 (JSC::DFG::JITCompiler::clearSamplingFlag):
32433 (JSC::DFG::JITCompiler::jitAssertIsCell):
32434 * dfg/DFGJITCompiler32_64.cpp:
32435 * dfg/DFGSpeculativeJIT32_64.cpp:
32436 (JSC::DFG::SpeculativeJIT::compile):
32438 2011-11-04 Csaba Osztrogonác <ossy@webkit.org>
32440 De-virtualize JSObject::hasInstance
32441 https://bugs.webkit.org/show_bug.cgi?id=71430
32443 Unreviewed rolling out r99238, because it made a test crash on all platform.
32445 * API/JSCallbackObject.h:
32446 * API/JSCallbackObjectFunctions.h:
32447 (JSC::::hasInstance):
32448 * API/JSValueRef.cpp:
32449 (JSValueIsInstanceOfConstructor):
32450 * JavaScriptCore.exp:
32451 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32452 * interpreter/Interpreter.cpp:
32453 (JSC::Interpreter::privateExecute):
32454 * jit/JITStubs.cpp:
32455 (JSC::DEFINE_STUB_FUNCTION):
32456 * runtime/ClassInfo.h:
32457 * runtime/JSBoundFunction.cpp:
32458 (JSC::JSBoundFunction::hasInstance):
32459 * runtime/JSBoundFunction.h:
32460 * runtime/JSCell.cpp:
32461 * runtime/JSCell.h:
32462 * runtime/JSObject.cpp:
32463 (JSC::JSObject::hasInstance):
32464 * runtime/JSObject.h:
32466 2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
32468 De-virtualize JSObject::getPropertyNames
32469 https://bugs.webkit.org/show_bug.cgi?id=71306
32471 Reviewed by Darin Adler.
32473 Added getPropertyNames to the MethodTable, changed all the virtual
32474 implementations of getPropertyNames to static ones, and replaced
32475 all call sites with corresponding lookups in the MethodTable.
32477 * API/JSObjectRef.cpp:
32478 (JSObjectCopyPropertyNames):
32479 * JavaScriptCore.exp:
32480 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32481 * debugger/DebuggerActivation.cpp:
32482 (JSC::DebuggerActivation::getOwnPropertyNames):
32483 * runtime/ClassInfo.h:
32484 * runtime/JSCell.cpp:
32485 (JSC::JSCell::getPropertyNames):
32486 * runtime/JSCell.h:
32487 * runtime/JSObject.cpp:
32488 (JSC::JSObject::getPropertyNames):
32489 (JSC::JSObject::getOwnPropertyNames):
32490 * runtime/JSObject.h:
32491 * runtime/JSPropertyNameIterator.cpp:
32492 (JSC::JSPropertyNameIterator::create):
32493 * runtime/ScopeChain.cpp:
32494 (JSC::ScopeChainNode::print):
32495 * runtime/Structure.cpp:
32496 (JSC::Structure::getPropertyNamesFromStructure):
32497 * runtime/Structure.h:
32499 2011-11-03 Darin Adler <darin@apple.com>
32501 Change remaining callers of releaseRef to call leakRef
32502 https://bugs.webkit.org/show_bug.cgi?id=71422
32504 * wtf/text/AtomicString.cpp:
32505 (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
32507 2011-11-02 Darin Adler <darin@apple.com>
32509 Change remaining callers of releaseRef to call leakRef
32510 https://bugs.webkit.org/show_bug.cgi?id=71422
32512 * wtf/text/AtomicString.cpp:
32513 (WTF::HashAndUTF8CharactersTranslator::translate): Use leakRef.
32515 2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
32517 De-virtualize JSObject::hasInstance
32518 https://bugs.webkit.org/show_bug.cgi?id=71430
32520 Reviewed by Darin Adler.
32522 Added hasInstance to the MethodTable, changed all the virtual
32523 implementations of hasInstance to static ones, and replaced
32524 all call sites with corresponding lookups in the MethodTable.
32526 * API/JSCallbackObject.h:
32527 * API/JSCallbackObjectFunctions.h:
32528 (JSC::::hasInstance):
32529 * API/JSValueRef.cpp:
32530 (JSValueIsInstanceOfConstructor):
32531 * JavaScriptCore.exp:
32532 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32533 * interpreter/Interpreter.cpp:
32534 (JSC::Interpreter::privateExecute):
32535 * jit/JITStubs.cpp:
32536 (JSC::DEFINE_STUB_FUNCTION):
32537 * runtime/ClassInfo.h:
32538 * runtime/JSBoundFunction.cpp:
32539 (JSC::JSBoundFunction::hasInstance):
32540 * runtime/JSBoundFunction.h:
32541 * runtime/JSCell.cpp:
32542 (JSC::JSCell::hasInstance):
32543 * runtime/JSCell.h:
32544 * runtime/JSObject.cpp:
32545 (JSC::JSObject::hasInstance):
32546 * runtime/JSObject.h:
32548 2011-11-03 Filip Pizlo <fpizlo@apple.com>
32550 JIT-specific code should be able to refer to register types even on JIT-disabled builds
32551 https://bugs.webkit.org/show_bug.cgi?id=71498
32553 Reviewed by Gavin Barraclough.
32555 * assembler/MacroAssembler.h:
32556 (MacroAssembler::MacroAssembler):
32558 2011-11-03 Mark Hahnenberg <mhahnenberg@apple.com>
32560 De-virtualize JSObject::className
32561 https://bugs.webkit.org/show_bug.cgi?id=71428
32563 Reviewed by Sam Weinig.
32565 Added className to the MethodTable, changed all the virtual
32566 implementations of className to static ones, and replaced
32567 all call sites with corresponding lookups in the MethodTable.
32569 * API/JSCallbackObject.h:
32570 * API/JSCallbackObjectFunctions.h:
32571 (JSC::::className):
32572 * JavaScriptCore.exp:
32573 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32574 * debugger/DebuggerActivation.cpp:
32575 (JSC::DebuggerActivation::className):
32576 * debugger/DebuggerActivation.h:
32578 (GlobalObject::createStructure):
32579 * profiler/Profiler.cpp:
32580 (JSC::Profiler::createCallIdentifier):
32581 * runtime/ClassInfo.h:
32582 * runtime/JSCell.cpp:
32583 (JSC::JSCell::className):
32584 * runtime/JSCell.h:
32585 * runtime/JSObject.cpp:
32586 (JSC::JSObject::className):
32587 * runtime/JSObject.h:
32588 * runtime/ObjectPrototype.cpp:
32589 (JSC::objectProtoFuncToString):
32591 (GlobalObject::createStructure):
32593 2011-11-02 Jer Noble <jer.noble@apple.com>
32595 Add Clock class and platform-specific implementations.
32596 https://bugs.webkit.org/show_bug.cgi?id=71341
32598 Reviewed by Sam Weinig.
32600 Add WTF_USE_COREAUDIO macro for use by PlatformClockCA.
32604 2011-11-03 Pavel Feldman <pfeldman@chromium.org>
32606 Not reviewed: fixing win build. step2.
32608 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32610 2011-11-03 Pavel Feldman <pfeldman@chromium.org>
32612 Not reviewed: fix windows build, step1
32614 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32616 2011-11-03 Pavel Feldman <pfeldman@google.com>
32618 Web Inspector: preserve script location for inline handlers.
32619 https://bugs.webkit.org/show_bug.cgi?id=71367
32621 Makes SourceCode factories receive TextPosition instead of the line number;
32622 Stores consistent position values in SourceCode and SourceProvider;
32624 Reviewed by Yury Semikhatsky.
32627 (JSEvaluateScript):
32628 (JSCheckScriptSyntax):
32629 * API/JSObjectRef.cpp:
32630 (JSObjectMakeFunction):
32631 * parser/SourceCode.h:
32633 * parser/SourceProvider.h:
32634 (JSC::SourceProvider::SourceProvider):
32635 (JSC::SourceProvider::startPosition):
32636 (JSC::UStringSourceProvider::create):
32637 (JSC::UStringSourceProvider::UStringSourceProvider):
32638 * runtime/FunctionConstructor.cpp:
32639 (JSC::constructFunction):
32640 (JSC::constructFunctionSkippingEvalEnabledCheck):
32641 * runtime/FunctionConstructor.h:
32643 2011-11-03 Kentaro Hara <haraken@chromium.org>
32645 Fixed wrong implementation of doubleValue % 2^{64}.
32646 https://bugs.webkit.org/show_bug.cgi?id=67980
32648 Reviewed by Hajime Morita.
32650 fast/events/constructors/progress-event-constructor.html was failing
32651 because of the wrong implementation of conversion from an ECMAScript value
32652 to an IDL unsigned long long value (Spec: http://www.w3.org/TR/WebIDL/#es-unsigned-long-long).
32653 In particular, the calculation of doubleValue % 2^{64} was wrong.
32654 This patch implemented it correctly in doubleToInteger() in wtf/MathExtras.h.
32656 * wtf/MathExtras.h:
32657 (doubleToInteger): Implemented the spec correctly.
32659 2011-11-03 Sheriff Bot <webkit.review.bot@gmail.com>
32661 Unreviewed, rolling out r99089.
32662 http://trac.webkit.org/changeset/99089
32663 https://bugs.webkit.org/show_bug.cgi?id=71448
32665 @plt postfix for math functions cause crash on Linux 32 (the
32666 symbol is defined but it points to NULL) (Requested by
32667 zherczeg on #webkit).
32669 * dfg/DFGOperations.cpp:
32670 * jit/JITStubs.cpp:
32671 * jit/ThunkGenerators.cpp:
32673 2011-11-02 Filip Pizlo <fpizlo@apple.com>
32675 DFG inlining breaks function.arguments[something] if the argument being
32676 retrieved was subjected to DFG's unboxing optimizations
32677 https://bugs.webkit.org/show_bug.cgi?id=71436
32679 Reviewed by Oliver Hunt.
32681 This makes inlined arguments retrieval use some of the same machinery as
32682 OSR to determine where from, and how, to retrieve a value that the DFG
32683 might have somehow squirreled away while the old JIT would put it in its
32684 obvious location, using an obvious format.
32686 To that end, previously DFG-internal notions such as DataFormat,
32687 VirtualRegister, and ValueRecovery are now in bytecode/ since they are
32688 stored as part of InlineCallFrames.
32690 * bytecode/CodeOrigin.h:
32691 * dfg/DFGAbstractState.cpp:
32692 (JSC::DFG::AbstractState::execute):
32693 * dfg/DFGByteCodeParser.cpp:
32694 (JSC::DFG::ByteCodeParser::handleInlining):
32695 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
32696 * dfg/DFGJITCompiler.cpp:
32697 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
32698 * dfg/DFGJITCompiler32_64.cpp:
32699 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
32701 * dfg/DFGPropagator.cpp:
32702 (JSC::DFG::Propagator::propagateNodePredictions):
32703 * dfg/DFGSpeculativeJIT.cpp:
32704 (JSC::DFG::SpeculativeJIT::compile):
32705 * dfg/DFGSpeculativeJIT64.cpp:
32706 (JSC::DFG::SpeculativeJIT::compile):
32707 * interpreter/CallFrame.cpp:
32708 (JSC::CallFrame::trueCallerFrame):
32709 * interpreter/CallFrame.h:
32710 (JSC::ExecState::inlineCallFrame):
32711 * interpreter/Register.h:
32712 (JSC::Register::asInlineCallFrame):
32713 (JSC::Register::unboxedInt32):
32714 (JSC::Register::unboxedBoolean):
32715 (JSC::Register::unboxedCell):
32716 * runtime/Arguments.h:
32717 (JSC::Arguments::finishCreationAndCopyRegisters):
32719 2011-11-02 Filip Pizlo <fpizlo@apple.com>
32721 ValueRecovery should be moved out of the DFG JIT
32722 https://bugs.webkit.org/show_bug.cgi?id=71439
32724 Reviewed by Oliver Hunt.
32726 * JavaScriptCore.xcodeproj/project.pbxproj:
32727 * bytecode/DataFormat.h: Added.
32728 (JSC::dataFormatToString):
32729 (JSC::needDataFormatConversion):
32731 (JSC::isJSInteger):
32734 (JSC::isJSBoolean):
32735 * bytecode/ValueRecovery.h: Added.
32736 (JSC::ValueRecovery::ValueRecovery):
32737 (JSC::ValueRecovery::alreadyInRegisterFile):
32738 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
32739 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
32740 (JSC::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
32741 (JSC::ValueRecovery::inGPR):
32742 (JSC::ValueRecovery::inPair):
32743 (JSC::ValueRecovery::inFPR):
32744 (JSC::ValueRecovery::displacedInRegisterFile):
32745 (JSC::ValueRecovery::constant):
32746 (JSC::ValueRecovery::technique):
32747 (JSC::ValueRecovery::isInRegisters):
32748 (JSC::ValueRecovery::gpr):
32749 (JSC::ValueRecovery::tagGPR):
32750 (JSC::ValueRecovery::payloadGPR):
32751 (JSC::ValueRecovery::fpr):
32752 (JSC::ValueRecovery::virtualRegister):
32753 (JSC::ValueRecovery::dump):
32754 * bytecode/VirtualRegister.h: Added.
32755 * dfg/DFGGenerationInfo.h:
32756 (JSC::DFG::GenerationInfo::isJSFormat):
32757 * dfg/DFGSpeculativeJIT.cpp:
32758 (JSC::DFG::ValueSource::dump):
32759 * dfg/DFGSpeculativeJIT.h:
32760 * dfg/DFGVariableAccessData.h:
32762 2011-11-02 Sam Weinig <sam@webkit.org>
32764 Object.getOwnPropertyDescriptor() does not retrieve the getter/setter from a property on the window that has been overridden with a getter/setter
32765 https://bugs.webkit.org/show_bug.cgi?id=71333
32767 Reviewed by Gavin Barraclough.
32769 Tested by fast/dom/getter-on-window-object2.html
32771 * runtime/PropertyDescriptor.cpp:
32772 (JSC::PropertyDescriptor::setDescriptor):
32773 The attributes returned from Structure::get do not include Getter or Setter, so
32774 instead check if the value is a GetterSetter like we do elsewhere. If it is, update
32775 the descriptor's attributes accordingly.
32777 2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
32779 FunctionPtr should accept FASTCALL functions on X86
32780 https://bugs.webkit.org/show_bug.cgi?id=71434
32782 Reviewed by Filip Pizlo.
32784 On X86 we sometimes use FASTCALL convention functions, for example the
32785 cti functions, and we may need the pointers to such functions, e.g.,
32786 in current DFG register file check and arity check, though long term
32787 we may avoid such usage of cti calls in DFG.
32789 * assembler/MacroAssemblerCodeRef.h:
32790 (JSC::FunctionPtr::FunctionPtr):
32792 2011-11-02 Filip Pizlo <fpizlo@apple.com>
32794 Inlined uses of the global object should use the right global object
32795 https://bugs.webkit.org/show_bug.cgi?id=71427
32797 Reviewed by Oliver Hunt.
32799 * dfg/DFGJITCompiler.h:
32800 (JSC::DFG::JITCompiler::globalObjectFor):
32801 * dfg/DFGSpeculativeJIT64.cpp:
32802 (JSC::DFG::SpeculativeJIT::compile):
32804 2011-11-02 Yuqiang Xian <yuqiang.xian@intel.com>
32806 Remove some unnecessary loads/stores in DFG JIT 32_64
32807 https://bugs.webkit.org/show_bug.cgi?id=71090
32809 Reviewed by Filip Pizlo.
32811 In fillSpeculateCell and OSR exit, some unnecessary loads/stores can
32814 * dfg/DFGJITCompiler32_64.cpp:
32815 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
32816 * dfg/DFGSpeculativeJIT32_64.cpp:
32817 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
32819 2011-11-02 Adam Klein <adamk@chromium.org>
32821 Replace usage of StringImpl with String where possible in CharacterData and Text
32822 https://bugs.webkit.org/show_bug.cgi?id=71383
32824 Reviewed by Darin Adler.
32826 * wtf/text/WTFString.h:
32827 (WTF::String::containsOnlyWhitespace): Added new method.
32829 2011-11-02 Mark Hahnenberg <mhahnenberg@apple.com>
32831 De-virtualize JSObject::getOwnPropertyNames
32832 https://bugs.webkit.org/show_bug.cgi?id=71307
32834 Reviewed by Darin Adler.
32836 Added getOwnPropertyNames to the MethodTable, changed all the virtual
32837 implementations of getOwnPropertyNames to static ones, and replaced
32838 all call sites with corresponding lookups in the MethodTable.
32840 * API/JSCallbackObject.h:
32841 * API/JSCallbackObjectFunctions.h:
32842 (JSC::::getOwnPropertyNames):
32843 * JavaScriptCore.exp:
32844 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32845 * debugger/DebuggerActivation.cpp:
32846 (JSC::DebuggerActivation::getOwnPropertyNames):
32847 * debugger/DebuggerActivation.h:
32848 * runtime/Arguments.cpp:
32849 (JSC::Arguments::getOwnPropertyNames):
32850 * runtime/Arguments.h:
32851 * runtime/ClassInfo.h:
32852 * runtime/JSActivation.cpp:
32853 (JSC::JSActivation::getOwnPropertyNames):
32854 * runtime/JSActivation.h:
32855 * runtime/JSArray.cpp:
32856 (JSC::JSArray::getOwnPropertyNames):
32857 * runtime/JSArray.h:
32858 * runtime/JSByteArray.cpp:
32859 (JSC::JSByteArray::getOwnPropertyNames):
32860 * runtime/JSByteArray.h:
32861 * runtime/JSCell.cpp:
32862 (JSC::JSCell::getOwnPropertyNames):
32863 * runtime/JSCell.h:
32864 * runtime/JSFunction.cpp:
32865 (JSC::JSFunction::getOwnPropertyNames):
32866 * runtime/JSFunction.h:
32867 * runtime/JSNotAnObject.cpp:
32868 (JSC::JSNotAnObject::getOwnPropertyNames):
32869 * runtime/JSNotAnObject.h:
32870 * runtime/JSONObject.cpp:
32871 (JSC::Stringifier::Holder::appendNextProperty):
32872 (JSC::Walker::walk):
32873 * runtime/JSObject.cpp:
32874 (JSC::JSObject::getPropertyNames):
32875 (JSC::JSObject::getOwnPropertyNames):
32876 * runtime/JSObject.h:
32877 * runtime/JSVariableObject.cpp:
32878 (JSC::JSVariableObject::~JSVariableObject):
32879 (JSC::JSVariableObject::getOwnPropertyNames):
32880 * runtime/JSVariableObject.h:
32881 * runtime/ObjectConstructor.cpp:
32882 (JSC::objectConstructorGetOwnPropertyNames):
32883 (JSC::objectConstructorKeys):
32884 (JSC::defineProperties):
32885 * runtime/RegExpMatchesArray.h:
32886 (JSC::RegExpMatchesArray::getOwnPropertyNames):
32887 * runtime/StringObject.cpp:
32888 (JSC::StringObject::getOwnPropertyNames):
32889 * runtime/StringObject.h:
32890 * runtime/Structure.h:
32892 2011-11-02 Dean Jackson <dino@apple.com>
32894 Add ENABLE_CSS_SHADERS flag
32895 https://bugs.webkit.org/show_bug.cgi?id=71394
32897 Reviewed by Sam Weinig.
32899 * Configurations/FeatureDefines.xcconfig:
32901 2011-11-02 Alexey Shabalin <a.shabalin@gmail.com>
32903 TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
32904 https://bugs.webkit.org/show_bug.cgi?id=70610
32906 Reviewed by Martin Robinson.
32908 Properly annotate ASM on BSD and Linux x86 systems.
32910 * dfg/DFGOperations.cpp: Add annotation for X86.
32911 * jit/JITStubs.cpp: Ditto.
32912 * jit/ThunkGenerators.cpp: Ditto.
32914 2011-11-02 Xianzhu Wang <wangxianzhu@chromium.org>
32916 Missing Force8BitConstructor in 8-bit version of StringImpl::reallocate()
32917 https://bugs.webkit.org/show_bug.cgi?id=71347
32919 Reviewed by Geoffrey Garen.
32921 * wtf/text/StringImpl.cpp:
32922 (WTF::StringImpl::reallocate):
32924 2011-11-01 Darin Adler <darin@apple.com>
32926 Cut down on malloc/free a bit in the parser arena
32927 https://bugs.webkit.org/show_bug.cgi?id=71343
32929 Reviewed by Oliver Hunt.
32931 * parser/ParserArena.cpp:
32932 (JSC::ParserArena::deallocateObjects): Call the destructors of
32933 the deletable objects before freeing the pools. Don't call
32934 fastFree on the deletable objects any more.
32936 * parser/ParserArena.h:
32937 (JSC::ParserArena::allocateDeletable): Use allocateFreeable
32938 instead of fastMalloc here.
32940 2011-11-01 Sam Weinig <sam@webkit.org>
32942 Implement __lookupGetter__/__lookupSetter__ in terms of getPropertyDescriptor
32943 https://bugs.webkit.org/show_bug.cgi?id=71336
32945 Reviewed by Darin Adler.
32947 * debugger/DebuggerActivation.cpp:
32948 * debugger/DebuggerActivation.h:
32949 Remove overrides of lookupGetter/lookupSetter, which are no longer needed
32950 due to implementing getPropertyDescriptor.
32952 * runtime/JSObject.cpp:
32953 (JSC::JSObject::lookupGetter):
32954 (JSC::JSObject::lookupSetter):
32955 * runtime/JSObject.h:
32956 De-virtualize lookupGetter/lookupSetter, and implement them in terms of
32957 getPropertyDescriptor.
32959 2011-11-01 Mark Hahnenberg <mhahnenberg@apple.com>
32961 De-virtualize JSObject::defineSetter
32962 https://bugs.webkit.org/show_bug.cgi?id=71303
32964 Reviewed by Darin Adler.
32966 Added defineSetter to the MethodTable, changed all the virtual
32967 implementations of defineSetter to static ones, and replaced
32968 all call sites with corresponding lookups in the MethodTable.
32970 * JavaScriptCore.exp:
32971 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
32972 * debugger/DebuggerActivation.cpp:
32973 (JSC::DebuggerActivation::defineSetter):
32974 * debugger/DebuggerActivation.h:
32975 * interpreter/Interpreter.cpp:
32976 (JSC::Interpreter::privateExecute):
32977 * jit/JITStubs.cpp:
32978 (JSC::DEFINE_STUB_FUNCTION):
32979 * runtime/ClassInfo.h:
32980 * runtime/JSCell.cpp:
32981 (JSC::JSCell::defineSetter):
32982 * runtime/JSCell.h:
32983 * runtime/JSGlobalObject.cpp:
32984 (JSC::JSGlobalObject::defineSetter):
32985 * runtime/JSGlobalObject.h:
32986 * runtime/JSObject.cpp:
32987 (JSC::JSObject::defineSetter):
32988 (JSC::putDescriptor):
32989 * runtime/JSObject.h:
32990 * runtime/ObjectPrototype.cpp:
32991 (JSC::objectProtoFuncDefineSetter):
32993 2011-11-01 Filip Pizlo <fpizlo@apple.com>
32995 DFG inlining breaks function.arguments
32996 https://bugs.webkit.org/show_bug.cgi?id=71329
32998 Reviewed by Oliver Hunt.
33000 The DFG was forgetting to store code origin mappings for inlined
33001 call sites. Some of the fast-path optimizations for
33002 CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
33005 I also took the opportunity to decrease code duplication between
33006 DFG64 and DFG32_64, because I didn't feel like writing the same
33009 * bytecode/CodeBlock.h:
33010 (JSC::ExecState::isInlineCallFrame):
33011 * dfg/DFGJITCompiler.cpp:
33012 (JSC::DFG::JITCompiler::compileEntry):
33013 (JSC::DFG::JITCompiler::compileBody):
33014 (JSC::DFG::JITCompiler::link):
33015 (JSC::DFG::JITCompiler::compile):
33016 (JSC::DFG::JITCompiler::compileFunction):
33017 * dfg/DFGJITCompiler32_64.cpp:
33019 * interpreter/CallFrame.cpp:
33020 (JSC::CallFrame::trueCallerFrame):
33021 * interpreter/CallFrame.h:
33022 * runtime/Arguments.h:
33023 (JSC::Arguments::getArgumentsData):
33025 2011-11-01 Xianzhu Wang <wangxianzhu@chromium.org>
33027 StringImpl::reallocate() should have a 8-bit version
33028 https://bugs.webkit.org/show_bug.cgi?id=71210
33030 Reviewed by Geoffrey Garen.
33032 * wtf/text/StringImpl.cpp:
33033 (WTF::StringImpl::reallocate):
33034 * wtf/text/StringImpl.h:
33036 2011-10-31 Filip Pizlo <fpizlo@apple.com>
33038 The GC should be parallel
33039 https://bugs.webkit.org/show_bug.cgi?id=70995
33041 Reviewed by Geoff Garen.
33043 Added parallel tracing to the GC. This works by having local mark
33044 stacks per thread, and a global shared one. Threads sometimes
33045 donate cells from the mark stack to the global one if the heuristics
33046 tell them that it's affordable to do so. Threads that have depleted
33047 their local mark stacks try to steal some from the shared one.
33049 Marking is now done using an atomic weak relaxed CAS (compare-and-swap).
33051 This is a 23% speed-up on V8-splay when I use 4 marking threads,
33052 leading to a 3.5% speed-up on V8.
33054 It also appears that this reduces GC pause times on real websites by
33057 * JavaScriptCore.exp:
33058 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
33061 (JSC::Heap::~Heap):
33062 (JSC::Heap::markRoots):
33064 * heap/MarkStack.cpp:
33065 (JSC::MarkStackSegmentAllocator::MarkStackSegmentAllocator):
33066 (JSC::MarkStackSegmentAllocator::~MarkStackSegmentAllocator):
33067 (JSC::MarkStackSegmentAllocator::allocate):
33068 (JSC::MarkStackSegmentAllocator::release):
33069 (JSC::MarkStackSegmentAllocator::shrinkReserve):
33070 (JSC::MarkStackArray::MarkStackArray):
33071 (JSC::MarkStackArray::~MarkStackArray):
33072 (JSC::MarkStackArray::expand):
33073 (JSC::MarkStackArray::refill):
33074 (JSC::MarkStackArray::donateSomeCellsTo):
33075 (JSC::MarkStackArray::stealSomeCellsFrom):
33076 (JSC::MarkStackThreadSharedData::markingThreadMain):
33077 (JSC::MarkStackThreadSharedData::markingThreadStartFunc):
33078 (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
33079 (JSC::MarkStackThreadSharedData::~MarkStackThreadSharedData):
33080 (JSC::MarkStackThreadSharedData::reset):
33081 (JSC::MarkStack::reset):
33082 (JSC::SlotVisitor::donateSlow):
33083 (JSC::SlotVisitor::drain):
33084 (JSC::SlotVisitor::drainFromShared):
33085 (JSC::MarkStack::mergeOpaqueRoots):
33086 (JSC::SlotVisitor::harvestWeakReferences):
33087 * heap/MarkStack.h:
33088 (JSC::MarkStackSegment::data):
33089 (JSC::MarkStackSegment::capacityFromSize):
33090 (JSC::MarkStackSegment::sizeFromCapacity):
33091 (JSC::MarkStackArray::postIncTop):
33092 (JSC::MarkStackArray::preDecTop):
33093 (JSC::MarkStackArray::setTopForFullSegment):
33094 (JSC::MarkStackArray::setTopForEmptySegment):
33095 (JSC::MarkStackArray::top):
33096 (JSC::MarkStackArray::validatePrevious):
33097 (JSC::MarkStack::addWeakReferenceHarvester):
33098 (JSC::MarkStack::mergeOpaqueRootsIfNecessary):
33099 (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
33100 (JSC::MarkStack::MarkStack):
33101 (JSC::MarkStack::addOpaqueRoot):
33102 (JSC::MarkStack::containsOpaqueRoot):
33103 (JSC::MarkStack::opaqueRootCount):
33104 (JSC::MarkStackArray::append):
33105 (JSC::MarkStackArray::canRemoveLast):
33106 (JSC::MarkStackArray::removeLast):
33107 (JSC::MarkStackArray::isEmpty):
33108 (JSC::MarkStackArray::canDonateSomeCells):
33109 (JSC::MarkStackArray::size):
33110 (JSC::ParallelModeEnabler::ParallelModeEnabler):
33111 (JSC::ParallelModeEnabler::~ParallelModeEnabler):
33112 * heap/MarkedBlock.h:
33113 (JSC::MarkedBlock::testAndSetMarked):
33114 * heap/SlotVisitor.h:
33115 (JSC::SlotVisitor::donate):
33116 (JSC::SlotVisitor::donateAndDrain):
33117 (JSC::SlotVisitor::donateKnownParallel):
33118 (JSC::SlotVisitor::SlotVisitor):
33119 * heap/WeakReferenceHarvester.h:
33120 * runtime/Heuristics.cpp:
33121 (JSC::Heuristics::initializeHeuristics):
33122 * runtime/Heuristics.h:
33124 (WTF::weakCompareAndSwap):
33129 (WTF::::testAndSet):
33130 (WTF::::testAndClear):
33131 (WTF::::concurrentTestAndSet):
33132 (WTF::::concurrentTestAndClear):
33135 (WTF::::nextPossiblyUnset):
33136 (WTF::::findRunOfZeros):
33140 * wtf/MainThread.h:
33141 (WTF::isMainThreadOrGCThread):
33143 * wtf/ThreadSpecific.h:
33145 * wtf/mac/MainThreadMac.mm:
33146 (WTF::initializeGCThreads):
33147 (WTF::initializeMainThreadPlatform):
33148 (WTF::initializeMainThreadToProcessMainThreadPlatform):
33149 (WTF::registerGCThread):
33150 (WTF::isMainThreadOrGCThread):
33152 2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
33154 De-virtualize JSObject::defaultValue
33155 https://bugs.webkit.org/show_bug.cgi?id=71146
33157 Reviewed by Sam Weinig.
33159 Added defaultValue to the MethodTable. Replaced all virtual versions of
33160 defaultValue with static versions. Replaced all call sites with lookups in the
33163 * JavaScriptCore.exp:
33164 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
33165 * runtime/ClassInfo.h:
33166 * runtime/ExceptionHelpers.cpp:
33167 (JSC::InterruptedExecutionError::defaultValue):
33168 (JSC::TerminatedExecutionError::defaultValue):
33169 * runtime/ExceptionHelpers.h:
33170 * runtime/JSCell.cpp:
33171 (JSC::JSCell::defaultValue):
33172 * runtime/JSCell.h:
33173 * runtime/JSNotAnObject.cpp:
33174 (JSC::JSNotAnObject::defaultValue):
33175 * runtime/JSNotAnObject.h:
33176 * runtime/JSObject.cpp:
33177 (JSC::JSObject::getPrimitiveNumber):
33178 (JSC::JSObject::defaultValue):
33179 * runtime/JSObject.h:
33180 (JSC::JSObject::toPrimitive):
33182 2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
33184 Interpreter build fix
33186 Unreviewed build fix
33188 * interpreter/Interpreter.cpp:
33189 (JSC::Interpreter::privateExecute):
33190 * runtime/Executable.cpp:
33191 (JSC::FunctionExecutable::compileForCallInternal):
33192 (JSC::FunctionExecutable::compileForConstructInternal):
33194 2011-10-31 Filip Pizlo <fpizlo@apple.com>
33196 DFG OSR exits should add to value profiles
33197 https://bugs.webkit.org/show_bug.cgi?id=71202
33199 Reviewed by Oliver Hunt.
33201 Value profiles now have an extra special slot not used by the old JIT's
33202 profiling, which is reserved for OSR exits.
33204 The DFG's OSR exit code now knows which register, node index, and value
33205 profiling site was responsible for the (possibly flawed) information that
33206 led to the OSR failure. This is somewhat opportunistic and imperfect;
33207 if there's a lot of control flow between the value profiling site and the
33208 OSR failure point, then this mechanism simply gives up. It also gives up
33209 if the OSR failure is caused by either known deficiencies in the DFG
33210 (like that we always assume that the index in a strict charCodeAt access
33211 is within bounds) or where the OSR failure would be catalogues and
33212 profiled through other means (like slow case counters).
33214 This patch also adds the notion of a JSValueRegs, which is either a
33215 single register in JSVALUE64 or a pair in JSVALUE32_64. We should
33216 probably move the 32_64 DFG towards using this, since it often makes it
33217 easier to share code between 64 and 32_64.
33219 Also fixed a number of pathologies that this uncovered. op_method_check
33220 didn't have a value profiling site on the slow path. GetById should not
33221 always force OSR exit if it never executed in the old JIT; we may be
33222 able to infer its type if it's a array or string length get. Finally,
33223 these changes benefit from a slight tweak to optimization delay
33224 heuristics (profile fullness is now 0.35 instead of 0.25).
33226 3.8% speed-up on Kraken, mostly due to ~35% on both stanford-crypto-aes
33227 and imaging-darkroom.
33229 * bytecode/ValueProfile.cpp:
33230 (JSC::ValueProfile::computeStatistics):
33231 (JSC::ValueProfile::computeUpdatedPrediction):
33232 * bytecode/ValueProfile.h:
33233 (JSC::ValueProfile::ValueProfile):
33234 (JSC::ValueProfile::specFailBucket):
33235 (JSC::ValueProfile::numberOfSamples):
33236 (JSC::ValueProfile::isLive):
33237 (JSC::ValueProfile::numberOfInt32s):
33238 (JSC::ValueProfile::numberOfDoubles):
33239 (JSC::ValueProfile::numberOfCells):
33240 (JSC::ValueProfile::numberOfObjects):
33241 (JSC::ValueProfile::numberOfFinalObjects):
33242 (JSC::ValueProfile::numberOfStrings):
33243 (JSC::ValueProfile::numberOfArrays):
33244 (JSC::ValueProfile::numberOfBooleans):
33245 (JSC::ValueProfile::dump):
33246 * dfg/DFGAbstractState.cpp:
33247 (JSC::DFG::AbstractState::execute):
33248 * dfg/DFGByteCodeParser.cpp:
33249 (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
33250 (JSC::DFG::ByteCodeParser::getPrediction):
33251 (JSC::DFG::ByteCodeParser::parseBlock):
33252 * dfg/DFGGPRInfo.h:
33253 (JSC::DFG::JSValueRegs::JSValueRegs):
33254 (JSC::DFG::JSValueRegs::operator!):
33255 (JSC::DFG::JSValueRegs::gpr):
33256 (JSC::DFG::JSValueSource::JSValueSource):
33257 (JSC::DFG::JSValueSource::unboxedCell):
33258 (JSC::DFG::JSValueSource::operator!):
33259 (JSC::DFG::JSValueSource::isAddress):
33260 (JSC::DFG::JSValueSource::offset):
33261 (JSC::DFG::JSValueSource::base):
33262 (JSC::DFG::JSValueSource::gpr):
33263 (JSC::DFG::JSValueSource::asAddress):
33264 (JSC::DFG::JSValueSource::notAddress):
33265 (JSC::DFG::JSValueRegs::tagGPR):
33266 (JSC::DFG::JSValueRegs::payloadGPR):
33267 (JSC::DFG::JSValueSource::tagGPR):
33268 (JSC::DFG::JSValueSource::payloadGPR):
33269 (JSC::DFG::JSValueSource::hasKnownTag):
33270 (JSC::DFG::JSValueSource::tag):
33271 * dfg/DFGGenerationInfo.h:
33272 (JSC::DFG::GenerationInfo::jsValueRegs):
33274 (JSC::DFG::Graph::valueProfileFor):
33275 * dfg/DFGJITCodeGenerator.h:
33276 (JSC::JSValueOperand::jsValueRegs):
33277 * dfg/DFGJITCompiler.cpp:
33278 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
33279 * dfg/DFGJITCompiler.h:
33280 (JSC::DFG::JITCompiler::valueProfileFor):
33281 * dfg/DFGJITCompiler32_64.cpp:
33282 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
33283 * dfg/DFGPropagator.cpp:
33284 (JSC::DFG::Propagator::propagateNodePredictions):
33285 * dfg/DFGSpeculativeJIT.cpp:
33286 (JSC::DFG::OSRExit::OSRExit):
33287 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
33288 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
33289 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
33290 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
33291 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
33292 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
33293 * dfg/DFGSpeculativeJIT.h:
33294 (JSC::DFG::SpeculativeJIT::speculationCheck):
33295 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
33296 * dfg/DFGSpeculativeJIT32_64.cpp:
33297 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
33298 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
33299 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
33300 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
33301 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
33302 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
33303 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
33304 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
33305 (JSC::DFG::SpeculativeJIT::compile):
33306 * dfg/DFGSpeculativeJIT64.cpp:
33307 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
33308 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
33309 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
33310 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
33311 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
33312 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
33313 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
33314 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
33315 (JSC::DFG::SpeculativeJIT::emitBranch):
33316 (JSC::DFG::SpeculativeJIT::compile):
33317 * jit/JITPropertyAccess.cpp:
33318 (JSC::JIT::emitSlow_op_method_check):
33319 * jit/JITPropertyAccess32_64.cpp:
33320 (JSC::JIT::emitSlow_op_method_check):
33321 * runtime/Heuristics.cpp:
33322 (JSC::Heuristics::initializeHeuristics):
33323 * runtime/JSValue.h:
33325 2011-10-31 Sam Weinig <sam@webkit.org>
33327 Remove need for virtual JSObject::unwrappedObject
33328 https://bugs.webkit.org/show_bug.cgi?id=71034
33330 Reviewed by Geoffrey Garen.
33332 * JavaScriptCore.exp:
33336 * GNUmakefile.list.am:
33337 * JavaScriptCore.exp:
33338 * JavaScriptCore.gypi:
33339 * JavaScriptCore.pro:
33340 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
33341 * JavaScriptCore.xcodeproj/project.pbxproj:
33342 Add JSGlobalThis.cpp.
33344 * runtime/JSGlobalThis.cpp: Added.
33345 (JSC::JSGlobalThis::visitChildren):
33346 (JSC::JSGlobalThis::unwrappedObject):
33347 * runtime/JSGlobalThis.h:
33348 (JSC::JSGlobalThis::createStructure):
33349 Move underlying object from JSDOMWindowShell down to JSGlobalThis
33350 and corresponding visitChildren method.
33352 * runtime/JSObject.cpp:
33353 (JSC::JSObject::unwrappedObject):
33354 Change unwrappedObject from virtual, to just needing an if check.
33356 * runtime/JSObject.h:
33357 (JSC::JSObject::isGlobalThis):
33358 * runtime/JSType.h:
33359 Add isGlobalThis predicate and type.
33361 2011-10-31 Xianzhu Wang <wangxianzhu@chromium.org>
33363 WTF::StringImpl::create(const char*, unsigned) calls itself
33364 https://bugs.webkit.org/show_bug.cgi?id=71206
33366 The original implementation just calls itself, causing infinite recursion.
33367 Cast the first parameter to const LChar* to fix that.
33369 Reviewed by Ryosuke Niwa.
33371 * wtf/text/StringImpl.h:
33372 (WTF::StringImpl::create):
33374 2011-10-31 Andy Wingo <wingo@igalia.com>
33376 Fix DFG JIT compilation on Linux targets.
33377 https://bugs.webkit.org/show_bug.cgi?id=70904
33379 Reviewed by Darin Adler.
33381 * jit/JITStubs.cpp (SYMBOL_STRING_RELOCATION): Simplify this
33384 * dfg/DFGOperations.cpp (SYMBOL_STRING_RELOCATION): Copy the
33385 simplified definition from jit/JITStubs.cpp.
33386 (FUNCTION_WRAPPER_WITH_RETURN_ADDRESS, getHostCallReturnValue):
33387 Use the macro to access trampoline targets through the PLT on PIC
33388 systems, instead of introducing a text relocation. Otherwise, the
33389 library fails to link.
33391 2011-10-31 Mark Hahnenberg <mhahnenberg@apple.com>
33393 De-virtualize JSObject::defineGetter
33394 https://bugs.webkit.org/show_bug.cgi?id=71134
33396 Reviewed by Darin Adler.
33398 Added defineGetter to the MethodTable. Replaced all virtual versions of defineGetter
33399 with static versions. Replaced all call sites with lookups in the MethodTable.
33401 * JavaScriptCore.exp:
33402 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
33403 * debugger/DebuggerActivation.cpp:
33404 (JSC::DebuggerActivation::defineGetter):
33405 * debugger/DebuggerActivation.h:
33406 * interpreter/Interpreter.cpp:
33407 (JSC::Interpreter::privateExecute):
33408 * jit/JITStubs.cpp:
33409 (JSC::DEFINE_STUB_FUNCTION):
33410 * runtime/ClassInfo.h:
33411 * runtime/JSCell.cpp:
33412 (JSC::JSCell::defineGetter):
33413 * runtime/JSCell.h:
33414 * runtime/JSGlobalObject.cpp:
33415 (JSC::JSGlobalObject::defineGetter):
33416 * runtime/JSGlobalObject.h:
33417 * runtime/JSObject.cpp:
33418 (JSC::JSObject::defineGetter):
33419 (JSC::putDescriptor):
33420 * runtime/JSObject.h:
33421 * runtime/ObjectPrototype.cpp:
33422 (JSC::objectProtoFuncDefineGetter):
33424 2011-10-31 Michael Saboff <msaboff@apple.com>
33426 Towards 8-bit Strings: Move Lexer and Parser Objects out of JSGlobalData
33427 https://bugs.webkit.org/show_bug.cgi?id=71138
33429 Restructure and movement of Lexer and Parser code.
33430 Moved Lexer and Parser objects out of JSGlobalData.
33431 Added a new ParserTokens class and instance to JSGlobalData that
33432 have JavaScript token related definitions.
33433 Replaced JSGlobalData arguments to Node classes with lineNumber,
33434 as that was the only use of the JSGlobalData.
33435 Combined JSParser and Parser classes into one class,
33436 eliminating JSParser.h and .cpp.
33437 Various supporting #include changes.
33439 These mostly mechanical changes are done in preparation to
33440 making the Lexer and Parser template classes.
33442 Reviewed by Darin Adler.
33445 * GNUmakefile.list.am:
33446 * JavaScriptCore.gypi:
33447 * JavaScriptCore.pro:
33448 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
33449 * JavaScriptCore.xcodeproj/project.pbxproj:
33450 * bytecompiler/NodesCodegen.cpp:
33451 (JSC::ArrayNode::toArgumentList):
33452 (JSC::ApplyFunctionCallDotNode::emitBytecode):
33453 * parser/ASTBuilder.h:
33454 (JSC::ASTBuilder::ASTBuilder):
33455 (JSC::ASTBuilder::createSourceElements):
33456 (JSC::ASTBuilder::createCommaExpr):
33457 (JSC::ASTBuilder::createLogicalNot):
33458 (JSC::ASTBuilder::createUnaryPlus):
33459 (JSC::ASTBuilder::createVoid):
33460 (JSC::ASTBuilder::thisExpr):
33461 (JSC::ASTBuilder::createResolve):
33462 (JSC::ASTBuilder::createObjectLiteral):
33463 (JSC::ASTBuilder::createArray):
33464 (JSC::ASTBuilder::createNumberExpr):
33465 (JSC::ASTBuilder::createString):
33466 (JSC::ASTBuilder::createBoolean):
33467 (JSC::ASTBuilder::createNull):
33468 (JSC::ASTBuilder::createBracketAccess):
33469 (JSC::ASTBuilder::createDotAccess):
33470 (JSC::ASTBuilder::createRegExp):
33471 (JSC::ASTBuilder::createNewExpr):
33472 (JSC::ASTBuilder::createConditionalExpr):
33473 (JSC::ASTBuilder::createAssignResolve):
33474 (JSC::ASTBuilder::createFunctionExpr):
33475 (JSC::ASTBuilder::createFunctionBody):
33476 (JSC::ASTBuilder::createGetterOrSetterProperty):
33477 (JSC::ASTBuilder::createArguments):
33478 (JSC::ASTBuilder::createArgumentsList):
33479 (JSC::ASTBuilder::createPropertyList):
33480 (JSC::ASTBuilder::createElementList):
33481 (JSC::ASTBuilder::createFormalParameterList):
33482 (JSC::ASTBuilder::createClause):
33483 (JSC::ASTBuilder::createClauseList):
33484 (JSC::ASTBuilder::createFuncDeclStatement):
33485 (JSC::ASTBuilder::createBlockStatement):
33486 (JSC::ASTBuilder::createExprStatement):
33487 (JSC::ASTBuilder::createIfStatement):
33488 (JSC::ASTBuilder::createForLoop):
33489 (JSC::ASTBuilder::createForInLoop):
33490 (JSC::ASTBuilder::createEmptyStatement):
33491 (JSC::ASTBuilder::createVarStatement):
33492 (JSC::ASTBuilder::createReturnStatement):
33493 (JSC::ASTBuilder::createBreakStatement):
33494 (JSC::ASTBuilder::createContinueStatement):
33495 (JSC::ASTBuilder::createTryStatement):
33496 (JSC::ASTBuilder::createSwitchStatement):
33497 (JSC::ASTBuilder::createWhileStatement):
33498 (JSC::ASTBuilder::createDoWhileStatement):
33499 (JSC::ASTBuilder::createLabelStatement):
33500 (JSC::ASTBuilder::createWithStatement):
33501 (JSC::ASTBuilder::createThrowStatement):
33502 (JSC::ASTBuilder::createDebugger):
33503 (JSC::ASTBuilder::createConstStatement):
33504 (JSC::ASTBuilder::appendConstDecl):
33505 (JSC::ASTBuilder::combineCommaNodes):
33506 (JSC::ASTBuilder::appendBinaryOperation):
33507 (JSC::ASTBuilder::createAssignment):
33508 (JSC::ASTBuilder::createNumber):
33509 (JSC::ASTBuilder::makeTypeOfNode):
33510 (JSC::ASTBuilder::makeDeleteNode):
33511 (JSC::ASTBuilder::makeNegateNode):
33512 (JSC::ASTBuilder::makeBitwiseNotNode):
33513 (JSC::ASTBuilder::makeMultNode):
33514 (JSC::ASTBuilder::makeDivNode):
33515 (JSC::ASTBuilder::makeModNode):
33516 (JSC::ASTBuilder::makeAddNode):
33517 (JSC::ASTBuilder::makeSubNode):
33518 (JSC::ASTBuilder::makeLeftShiftNode):
33519 (JSC::ASTBuilder::makeRightShiftNode):
33520 (JSC::ASTBuilder::makeURightShiftNode):
33521 (JSC::ASTBuilder::makeBitOrNode):
33522 (JSC::ASTBuilder::makeBitAndNode):
33523 (JSC::ASTBuilder::makeBitXOrNode):
33524 (JSC::ASTBuilder::makeFunctionCallNode):
33525 (JSC::ASTBuilder::makeBinaryNode):
33526 (JSC::ASTBuilder::makeAssignNode):
33527 (JSC::ASTBuilder::makePrefixNode):
33528 (JSC::ASTBuilder::makePostfixNode):
33529 * parser/JSParser.cpp: Removed.
33530 * parser/JSParser.h: Removed.
33531 * parser/Lexer.cpp:
33532 (JSC::Keywords::Keywords):
33533 (JSC::Lexer::Lexer):
33534 (JSC::Lexer::~Lexer):
33535 (JSC::Lexer::setCode):
33536 (JSC::Lexer::parseIdentifier):
33538 (JSC::Keywords::isKeyword):
33539 (JSC::Keywords::getKeyword):
33540 (JSC::Keywords::~Keywords):
33541 (JSC::Lexer::setIsReparsing):
33542 (JSC::Lexer::isReparsing):
33543 (JSC::Lexer::lineNumber):
33544 (JSC::Lexer::setLastLineNumber):
33545 (JSC::Lexer::lastLineNumber):
33546 (JSC::Lexer::prevTerminator):
33547 (JSC::Lexer::sawError):
33548 (JSC::Lexer::getErrorMessage):
33549 (JSC::Lexer::currentOffset):
33550 (JSC::Lexer::setOffset):
33551 (JSC::Lexer::setLineNumber):
33552 (JSC::Lexer::sourceProvider):
33553 (JSC::Lexer::isWhiteSpace):
33554 (JSC::Lexer::isLineTerminator):
33555 (JSC::Lexer::convertHex):
33556 (JSC::Lexer::convertUnicode):
33557 (JSC::Lexer::makeIdentifier):
33558 (JSC::Lexer::lexExpectIdentifier):
33559 * parser/NodeConstructors.h:
33560 (JSC::ParserArenaFreeable::operator new):
33561 (JSC::ParserArenaDeletable::operator new):
33562 (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
33564 (JSC::ExpressionNode::ExpressionNode):
33565 (JSC::StatementNode::StatementNode):
33566 (JSC::NullNode::NullNode):
33567 (JSC::BooleanNode::BooleanNode):
33568 (JSC::NumberNode::NumberNode):
33569 (JSC::StringNode::StringNode):
33570 (JSC::RegExpNode::RegExpNode):
33571 (JSC::ThisNode::ThisNode):
33572 (JSC::ResolveNode::ResolveNode):
33573 (JSC::ElementNode::ElementNode):
33574 (JSC::ArrayNode::ArrayNode):
33575 (JSC::PropertyNode::PropertyNode):
33576 (JSC::PropertyListNode::PropertyListNode):
33577 (JSC::ObjectLiteralNode::ObjectLiteralNode):
33578 (JSC::BracketAccessorNode::BracketAccessorNode):
33579 (JSC::DotAccessorNode::DotAccessorNode):
33580 (JSC::ArgumentListNode::ArgumentListNode):
33581 (JSC::ArgumentsNode::ArgumentsNode):
33582 (JSC::NewExprNode::NewExprNode):
33583 (JSC::EvalFunctionCallNode::EvalFunctionCallNode):
33584 (JSC::FunctionCallValueNode::FunctionCallValueNode):
33585 (JSC::FunctionCallResolveNode::FunctionCallResolveNode):
33586 (JSC::FunctionCallBracketNode::FunctionCallBracketNode):
33587 (JSC::FunctionCallDotNode::FunctionCallDotNode):
33588 (JSC::CallFunctionCallDotNode::CallFunctionCallDotNode):
33589 (JSC::ApplyFunctionCallDotNode::ApplyFunctionCallDotNode):
33590 (JSC::PrePostResolveNode::PrePostResolveNode):
33591 (JSC::PostfixResolveNode::PostfixResolveNode):
33592 (JSC::PostfixBracketNode::PostfixBracketNode):
33593 (JSC::PostfixDotNode::PostfixDotNode):
33594 (JSC::PostfixErrorNode::PostfixErrorNode):
33595 (JSC::DeleteResolveNode::DeleteResolveNode):
33596 (JSC::DeleteBracketNode::DeleteBracketNode):
33597 (JSC::DeleteDotNode::DeleteDotNode):
33598 (JSC::DeleteValueNode::DeleteValueNode):
33599 (JSC::VoidNode::VoidNode):
33600 (JSC::TypeOfResolveNode::TypeOfResolveNode):
33601 (JSC::TypeOfValueNode::TypeOfValueNode):
33602 (JSC::PrefixResolveNode::PrefixResolveNode):
33603 (JSC::PrefixBracketNode::PrefixBracketNode):
33604 (JSC::PrefixDotNode::PrefixDotNode):
33605 (JSC::PrefixErrorNode::PrefixErrorNode):
33606 (JSC::UnaryOpNode::UnaryOpNode):
33607 (JSC::UnaryPlusNode::UnaryPlusNode):
33608 (JSC::NegateNode::NegateNode):
33609 (JSC::BitwiseNotNode::BitwiseNotNode):
33610 (JSC::LogicalNotNode::LogicalNotNode):
33611 (JSC::BinaryOpNode::BinaryOpNode):
33612 (JSC::MultNode::MultNode):
33613 (JSC::DivNode::DivNode):
33614 (JSC::ModNode::ModNode):
33615 (JSC::AddNode::AddNode):
33616 (JSC::SubNode::SubNode):
33617 (JSC::LeftShiftNode::LeftShiftNode):
33618 (JSC::RightShiftNode::RightShiftNode):
33619 (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
33620 (JSC::LessNode::LessNode):
33621 (JSC::GreaterNode::GreaterNode):
33622 (JSC::LessEqNode::LessEqNode):
33623 (JSC::GreaterEqNode::GreaterEqNode):
33624 (JSC::ThrowableBinaryOpNode::ThrowableBinaryOpNode):
33625 (JSC::InstanceOfNode::InstanceOfNode):
33626 (JSC::InNode::InNode):
33627 (JSC::EqualNode::EqualNode):
33628 (JSC::NotEqualNode::NotEqualNode):
33629 (JSC::StrictEqualNode::StrictEqualNode):
33630 (JSC::NotStrictEqualNode::NotStrictEqualNode):
33631 (JSC::BitAndNode::BitAndNode):
33632 (JSC::BitOrNode::BitOrNode):
33633 (JSC::BitXOrNode::BitXOrNode):
33634 (JSC::LogicalOpNode::LogicalOpNode):
33635 (JSC::ConditionalNode::ConditionalNode):
33636 (JSC::ReadModifyResolveNode::ReadModifyResolveNode):
33637 (JSC::AssignResolveNode::AssignResolveNode):
33638 (JSC::ReadModifyBracketNode::ReadModifyBracketNode):
33639 (JSC::AssignBracketNode::AssignBracketNode):
33640 (JSC::AssignDotNode::AssignDotNode):
33641 (JSC::ReadModifyDotNode::ReadModifyDotNode):
33642 (JSC::AssignErrorNode::AssignErrorNode):
33643 (JSC::CommaNode::CommaNode):
33644 (JSC::ConstStatementNode::ConstStatementNode):
33645 (JSC::SourceElements::SourceElements):
33646 (JSC::EmptyStatementNode::EmptyStatementNode):
33647 (JSC::DebuggerStatementNode::DebuggerStatementNode):
33648 (JSC::ExprStatementNode::ExprStatementNode):
33649 (JSC::VarStatementNode::VarStatementNode):
33650 (JSC::IfNode::IfNode):
33651 (JSC::IfElseNode::IfElseNode):
33652 (JSC::DoWhileNode::DoWhileNode):
33653 (JSC::WhileNode::WhileNode):
33654 (JSC::ForNode::ForNode):
33655 (JSC::ContinueNode::ContinueNode):
33656 (JSC::BreakNode::BreakNode):
33657 (JSC::ReturnNode::ReturnNode):
33658 (JSC::WithNode::WithNode):
33659 (JSC::LabelNode::LabelNode):
33660 (JSC::ThrowNode::ThrowNode):
33661 (JSC::TryNode::TryNode):
33662 (JSC::ParameterNode::ParameterNode):
33663 (JSC::FuncExprNode::FuncExprNode):
33664 (JSC::FuncDeclNode::FuncDeclNode):
33665 (JSC::CaseClauseNode::CaseClauseNode):
33666 (JSC::ClauseListNode::ClauseListNode):
33667 (JSC::CaseBlockNode::CaseBlockNode):
33668 (JSC::SwitchNode::SwitchNode):
33669 (JSC::ConstDeclNode::ConstDeclNode):
33670 (JSC::BlockNode::BlockNode):
33671 (JSC::ForInNode::ForInNode):
33672 * parser/NodeInfo.h:
33673 * parser/Nodes.cpp:
33674 (JSC::StatementNode::setLoc):
33675 (JSC::ScopeNode::ScopeNode):
33676 (JSC::ProgramNode::ProgramNode):
33677 (JSC::ProgramNode::create):
33678 (JSC::EvalNode::EvalNode):
33679 (JSC::EvalNode::create):
33680 (JSC::FunctionBodyNode::FunctionBodyNode):
33681 (JSC::FunctionBodyNode::create):
33683 (JSC::Node::lineNo):
33684 * parser/Parser.cpp:
33685 (JSC::Parser::Parser):
33686 (JSC::Parser::~Parser):
33687 (JSC::Parser::parseInner):
33688 (JSC::Parser::allowAutomaticSemicolon):
33689 (JSC::Parser::parseSourceElements):
33690 (JSC::Parser::parseVarDeclaration):
33691 (JSC::Parser::parseConstDeclaration):
33692 (JSC::Parser::parseDoWhileStatement):
33693 (JSC::Parser::parseWhileStatement):
33694 (JSC::Parser::parseVarDeclarationList):
33695 (JSC::Parser::parseConstDeclarationList):
33696 (JSC::Parser::parseForStatement):
33697 (JSC::Parser::parseBreakStatement):
33698 (JSC::Parser::parseContinueStatement):
33699 (JSC::Parser::parseReturnStatement):
33700 (JSC::Parser::parseThrowStatement):
33701 (JSC::Parser::parseWithStatement):
33702 (JSC::Parser::parseSwitchStatement):
33703 (JSC::Parser::parseSwitchClauses):
33704 (JSC::Parser::parseSwitchDefaultClause):
33705 (JSC::Parser::parseTryStatement):
33706 (JSC::Parser::parseDebuggerStatement):
33707 (JSC::Parser::parseBlockStatement):
33708 (JSC::Parser::parseStatement):
33709 (JSC::Parser::parseFormalParameters):
33710 (JSC::Parser::parseFunctionBody):
33711 (JSC::Parser::parseFunctionInfo):
33712 (JSC::Parser::parseFunctionDeclaration):
33713 (JSC::LabelInfo::LabelInfo):
33714 (JSC::Parser::parseExpressionOrLabelStatement):
33715 (JSC::Parser::parseExpressionStatement):
33716 (JSC::Parser::parseIfStatement):
33717 (JSC::Parser::parseExpression):
33718 (JSC::Parser::parseAssignmentExpression):
33719 (JSC::Parser::parseConditionalExpression):
33721 (JSC::Parser::isBinaryOperator):
33722 (JSC::Parser::parseBinaryExpression):
33723 (JSC::Parser::parseProperty):
33724 (JSC::Parser::parseObjectLiteral):
33725 (JSC::Parser::parseStrictObjectLiteral):
33726 (JSC::Parser::parseArrayLiteral):
33727 (JSC::Parser::parsePrimaryExpression):
33728 (JSC::Parser::parseArguments):
33729 (JSC::Parser::parseMemberExpression):
33730 (JSC::Parser::parseUnaryExpression):
33734 (JSC::DepthManager::DepthManager):
33735 (JSC::DepthManager::~DepthManager):
33736 (JSC::ScopeLabelInfo::ScopeLabelInfo):
33737 (JSC::Scope::Scope):
33738 (JSC::Scope::startSwitch):
33739 (JSC::Scope::endSwitch):
33740 (JSC::Scope::startLoop):
33741 (JSC::Scope::endLoop):
33742 (JSC::Scope::inLoop):
33743 (JSC::Scope::breakIsValid):
33744 (JSC::Scope::continueIsValid):
33745 (JSC::Scope::pushLabel):
33746 (JSC::Scope::popLabel):
33747 (JSC::Scope::getLabel):
33748 (JSC::Scope::setIsFunction):
33749 (JSC::Scope::isFunction):
33750 (JSC::Scope::isFunctionBoundary):
33751 (JSC::Scope::declareVariable):
33752 (JSC::Scope::declareWrite):
33753 (JSC::Scope::preventNewDecls):
33754 (JSC::Scope::allowsNewDecls):
33755 (JSC::Scope::declareParameter):
33756 (JSC::Scope::useVariable):
33757 (JSC::Scope::setNeedsFullActivation):
33758 (JSC::Scope::collectFreeVariables):
33759 (JSC::Scope::getUncapturedWrittenVariables):
33760 (JSC::Scope::getCapturedVariables):
33761 (JSC::Scope::setStrictMode):
33762 (JSC::Scope::strictMode):
33763 (JSC::Scope::isValidStrictMode):
33764 (JSC::Scope::shadowsArguments):
33765 (JSC::Scope::copyCapturedVariablesToVector):
33766 (JSC::Scope::saveFunctionInfo):
33767 (JSC::Scope::restoreFunctionInfo):
33768 (JSC::ScopeRef::ScopeRef):
33769 (JSC::ScopeRef::operator->):
33770 (JSC::ScopeRef::index):
33771 (JSC::ScopeRef::hasContainingScope):
33772 (JSC::ScopeRef::containingScope):
33773 (JSC::Parser::AllowInOverride::AllowInOverride):
33774 (JSC::Parser::AllowInOverride::~AllowInOverride):
33775 (JSC::Parser::AutoPopScopeRef::AutoPopScopeRef):
33776 (JSC::Parser::AutoPopScopeRef::~AutoPopScopeRef):
33777 (JSC::Parser::AutoPopScopeRef::setPopped):
33778 (JSC::Parser::currentScope):
33779 (JSC::Parser::pushScope):
33780 (JSC::Parser::popScopeInternal):
33781 (JSC::Parser::popScope):
33782 (JSC::Parser::declareVariable):
33783 (JSC::Parser::declareWrite):
33784 (JSC::Parser::findCachedFunctionInfo):
33785 (JSC::Parser::isFunctionBodyNode):
33786 (JSC::Parser::next):
33787 (JSC::Parser::nextExpectIdentifier):
33788 (JSC::Parser::nextTokenIsColon):
33789 (JSC::Parser::consume):
33790 (JSC::Parser::getToken):
33791 (JSC::Parser::match):
33792 (JSC::Parser::tokenStart):
33793 (JSC::Parser::tokenLine):
33794 (JSC::Parser::tokenEnd):
33795 (JSC::Parser::getTokenName):
33796 (JSC::Parser::updateErrorMessageSpecialCase):
33797 (JSC::Parser::updateErrorMessage):
33798 (JSC::Parser::updateErrorWithNameAndMessage):
33799 (JSC::Parser::startLoop):
33800 (JSC::Parser::endLoop):
33801 (JSC::Parser::startSwitch):
33802 (JSC::Parser::endSwitch):
33803 (JSC::Parser::setStrictMode):
33804 (JSC::Parser::strictMode):
33805 (JSC::Parser::isValidStrictMode):
33806 (JSC::Parser::declareParameter):
33807 (JSC::Parser::breakIsValid):
33808 (JSC::Parser::continueIsValid):
33809 (JSC::Parser::pushLabel):
33810 (JSC::Parser::popLabel):
33811 (JSC::Parser::getLabel):
33812 (JSC::Parser::autoSemiColon):
33813 (JSC::Parser::canRecurse):
33814 (JSC::Parser::lastTokenEnd):
33815 (JSC::Parser::DepthManager::DepthManager):
33816 (JSC::Parser::DepthManager::~DepthManager):
33817 (JSC::Parser::parse):
33819 * parser/ParserTokens.h: Added.
33820 (JSC::JSTokenInfo::JSTokenInfo):
33821 * parser/SourceCode.h:
33822 (JSC::SourceCode::subExpression):
33823 * parser/SourceProviderCacheItem.h:
33824 * parser/SyntaxChecker.h:
33825 (JSC::SyntaxChecker::SyntaxChecker):
33826 (JSC::SyntaxChecker::makeFunctionCallNode):
33827 (JSC::SyntaxChecker::createCommaExpr):
33828 (JSC::SyntaxChecker::makeAssignNode):
33829 (JSC::SyntaxChecker::makePrefixNode):
33830 (JSC::SyntaxChecker::makePostfixNode):
33831 (JSC::SyntaxChecker::makeTypeOfNode):
33832 (JSC::SyntaxChecker::makeDeleteNode):
33833 (JSC::SyntaxChecker::makeNegateNode):
33834 (JSC::SyntaxChecker::makeBitwiseNotNode):
33835 (JSC::SyntaxChecker::createLogicalNot):
33836 (JSC::SyntaxChecker::createUnaryPlus):
33837 (JSC::SyntaxChecker::createVoid):
33838 (JSC::SyntaxChecker::thisExpr):
33839 (JSC::SyntaxChecker::createResolve):
33840 (JSC::SyntaxChecker::createObjectLiteral):
33841 (JSC::SyntaxChecker::createArray):
33842 (JSC::SyntaxChecker::createNumberExpr):
33843 (JSC::SyntaxChecker::createString):
33844 (JSC::SyntaxChecker::createBoolean):
33845 (JSC::SyntaxChecker::createNull):
33846 (JSC::SyntaxChecker::createBracketAccess):
33847 (JSC::SyntaxChecker::createDotAccess):
33848 (JSC::SyntaxChecker::createRegExp):
33849 (JSC::SyntaxChecker::createNewExpr):
33850 (JSC::SyntaxChecker::createConditionalExpr):
33851 (JSC::SyntaxChecker::createAssignResolve):
33852 (JSC::SyntaxChecker::createFunctionExpr):
33853 (JSC::SyntaxChecker::createFunctionBody):
33854 (JSC::SyntaxChecker::createArguments):
33855 (JSC::SyntaxChecker::createArgumentsList):
33856 (JSC::SyntaxChecker::createProperty):
33857 (JSC::SyntaxChecker::createPropertyList):
33858 (JSC::SyntaxChecker::createFuncDeclStatement):
33859 (JSC::SyntaxChecker::createBlockStatement):
33860 (JSC::SyntaxChecker::createExprStatement):
33861 (JSC::SyntaxChecker::createIfStatement):
33862 (JSC::SyntaxChecker::createForLoop):
33863 (JSC::SyntaxChecker::createForInLoop):
33864 (JSC::SyntaxChecker::createEmptyStatement):
33865 (JSC::SyntaxChecker::createVarStatement):
33866 (JSC::SyntaxChecker::createReturnStatement):
33867 (JSC::SyntaxChecker::createBreakStatement):
33868 (JSC::SyntaxChecker::createContinueStatement):
33869 (JSC::SyntaxChecker::createTryStatement):
33870 (JSC::SyntaxChecker::createSwitchStatement):
33871 (JSC::SyntaxChecker::createWhileStatement):
33872 (JSC::SyntaxChecker::createWithStatement):
33873 (JSC::SyntaxChecker::createDoWhileStatement):
33874 (JSC::SyntaxChecker::createLabelStatement):
33875 (JSC::SyntaxChecker::createThrowStatement):
33876 (JSC::SyntaxChecker::createDebugger):
33877 (JSC::SyntaxChecker::createConstStatement):
33878 (JSC::SyntaxChecker::appendConstDecl):
33879 (JSC::SyntaxChecker::createGetterOrSetterProperty):
33880 (JSC::SyntaxChecker::combineCommaNodes):
33881 (JSC::SyntaxChecker::operatorStackPop):
33882 * runtime/Executable.cpp:
33883 (JSC::EvalExecutable::compileInternal):
33884 (JSC::ProgramExecutable::checkSyntax):
33885 (JSC::ProgramExecutable::compileInternal):
33886 (JSC::FunctionExecutable::produceCodeBlockFor):
33887 (JSC::FunctionExecutable::fromGlobalCode):
33888 * runtime/JSGlobalData.cpp:
33889 (JSC::JSGlobalData::JSGlobalData):
33890 (JSC::JSGlobalData::~JSGlobalData):
33891 * runtime/JSGlobalData.h:
33892 * runtime/LiteralParser.cpp:
33893 (JSC::LiteralParser::tryJSONPParse):
33895 2011-10-31 Filip Pizlo <fpizlo@apple.com>
33897 REGRESSION (r97118): Reproducible crash in JSCell::toPrimitive when adding
33898 https://bugs.webkit.org/show_bug.cgi?id=71227
33900 Reviewed by Oliver Hunt.
33902 No new tests, since while I can see exactly where the DFG went wrong on the
33903 site in question from looking at the generated machine code, and while I can
33904 certainly believe that such a scenario would happen, I cannot visualize how
33905 to make it happen reproducibly. It requires an odd combination of double
33906 values getting spilled and then refilled, but then reboxed at just the right
33907 time so that the spilled value is an unboxed double while the in-register
33908 value is a boxed double.
33910 * dfg/DFGJITCodeGenerator.h:
33911 (JSC::DFG::JITCodeGenerator::silentFillGPR):
33913 2011-10-30 Filip Pizlo <fpizlo@apple.com>
33915 JSParser::parsePrimaryExpression should have an overflow check
33916 https://bugs.webkit.org/show_bug.cgi?id=71197
33918 Reviewed by Geoff Garen.
33920 * parser/JSParser.cpp:
33921 (JSC::JSParser::parsePrimaryExpression):
33923 2011-10-30 Filip Pizlo <fpizlo@apple.com>
33925 DFG ValueAdd(string, int) should not fail speculation
33926 https://bugs.webkit.org/show_bug.cgi?id=71195
33928 Reviewed by Geoff Garen.
33933 (JSC::DFG::Node::shouldNotSpeculateInteger):
33934 (JSC::DFG::Node::shouldSpeculateInteger):
33936 2011-10-30 Filip Pizlo <fpizlo@apple.com>
33938 The DFG inliner should not flush the callee
33939 https://bugs.webkit.org/show_bug.cgi?id=71191
33941 Reviewed by Oliver Hunt.
33943 0.6% speed-up on V8.
33945 * bytecode/CodeBlock.cpp:
33946 (JSC::CodeBlock::visitAggregate):
33947 * bytecode/CodeOrigin.h:
33948 * dfg/DFGByteCodeParser.cpp:
33949 (JSC::DFG::ByteCodeParser::flush):
33950 (JSC::DFG::ByteCodeParser::handleInlining):
33951 (JSC::DFG::ByteCodeParser::parseBlock):
33952 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
33953 (JSC::DFG::ByteCodeParser::parse):
33954 * dfg/DFGJITCompiler.cpp:
33955 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
33956 * dfg/DFGJITCompiler32_64.cpp:
33957 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
33958 * interpreter/CallFrame.cpp:
33959 (JSC::CallFrame::trueCallerFrameSlow):
33961 2011-10-28 Mark Hahnenberg <mhahnenberg@apple.com>
33963 De-virtualize isGlobalObject, isVariableObject, isActivationObject, and isErrorInstance in JSObject
33964 https://bugs.webkit.org/show_bug.cgi?id=70968
33966 Reviewed by Geoffrey Garen.
33968 * API/JSCallbackObject.cpp: Added two specializations for createStructure that use different JSTypes in their
33969 TypeInfo. Had to also create a specialization for JSNonFinalObject, even JSGlobalObject was the only that
33970 needed it because Windows wouldn't build without it.
33971 (JSC::::createStructure):
33972 * API/JSCallbackObject.h:
33973 * JavaScriptCore.exp:
33974 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
33975 * runtime/ErrorInstance.h: Removed virtual function and changed JSType provided to TypeInfo in createStructure.
33976 (JSC::ErrorInstance::createStructure):
33977 * runtime/ErrorPrototype.h: Ditto
33978 (JSC::ErrorPrototype::createStructure):
33979 * runtime/JSActivation.h: Ditto
33980 (JSC::JSActivation::createStructure):
33981 * runtime/JSGlobalObject.h: Ditto
33982 (JSC::JSGlobalObject::createStructure):
33983 * runtime/JSObject.h: De-virtualized functions. They now check the JSType of the object for the corresponding type.
33984 (JSC::JSObject::isGlobalObject):
33985 (JSC::JSObject::isVariableObject):
33986 (JSC::JSObject::isActivationObject):
33987 (JSC::JSObject::isErrorInstance):
33988 * runtime/JSType.h: Added new types for GlobalObject, VariableObject, ActivationObject, and ErrorInstance.
33989 * runtime/JSVariableObject.cpp: Removed virtual function.
33990 * runtime/JSVariableObject.h: Changed JSType provided to TypeInfo in createStructure.
33991 (JSC::JSVariableObject::createStructure):
33993 2011-10-28 Pavel Feldman <pfeldman@google.com>
33995 Reset line numbers for scripts generated with document.write.
33996 https://bugs.webkit.org/show_bug.cgi?id=71099
33998 Reviewed by Yury Semikhatsky.
34000 * wtf/text/TextPosition.h:
34001 (WTF::OrdinalNumber::OrdinalNumber):
34003 2011-10-27 Daniel Bates <dbates@rim.com>
34005 CMake: Add support to optionally install the built JavaScript shell
34006 https://bugs.webkit.org/show_bug.cgi?id=71062
34008 Reviewed by Antonio Gomes.
34010 Generate an installation rule for installing the JavaScript shell in
34011 /bin (with respect to the prefix path) when SHOULD_INSTALL_JS_SHELL
34014 * shell/CMakeLists.txt:
34016 2011-10-27 Kentaro Hara <haraken@chromium.org>
34018 Generate WebKitCSSMatrix constructor for JSC by [Constructor] IDL
34019 https://bugs.webkit.org/show_bug.cgi?id=70215
34021 Reviewed by Adam Barth.
34023 Added a method that judges if a given JSValue is empty.
34025 Tests: transforms/svg-vs-css.xhtml
34026 transforms/cssmatrix-2d-interface.xhtml
34027 transforms/cssmatrix-3d-interface.xhtml
34029 * runtime/JSValue.h:
34030 * runtime/JSValueInlineMethods.h:
34031 (JSC::JSValue::isEmpty):
34033 2011-10-27 Michael Saboff <msaboff@apple.com>
34035 ENH: Add 8 bit string support to JSC JIT
34036 https://bugs.webkit.org/show_bug.cgi?id=71073
34038 Changed the JIT String character access generation to create code
34039 to check the character size and load8() or load16() as approriate.
34041 Reviewed by Gavin Barraclough.
34043 * assembler/MacroAssemblerX86Common.h:
34044 (JSC::MacroAssemblerX86Common::load8):
34045 * assembler/X86Assembler.h:
34046 (JSC::X86Assembler::movzbl_mr):
34047 * dfg/DFGSpeculativeJIT.cpp:
34048 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
34049 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
34050 * jit/JITInlineMethods.h:
34051 (JSC::JIT::emitLoadCharacterString):
34052 * jit/JITPropertyAccess.cpp:
34053 (JSC::JIT::stringGetByValStubGenerator):
34054 * jit/JITPropertyAccess32_64.cpp:
34055 (JSC::JIT::stringGetByValStubGenerator):
34056 * jit/JSInterfaceJIT.h:
34057 (JSC::ThunkHelpers::stringImplFlagsOffset):
34058 (JSC::ThunkHelpers::stringImpl8BitFlag):
34059 * jit/ThunkGenerators.cpp:
34060 (JSC::stringCharLoad):
34062 2011-10-27 Filip Pizlo <fpizlo@apple.com>
34064 If the bytecode generator emits code after the return in the first basic block,
34065 DFG's inliner crashes
34066 https://bugs.webkit.org/show_bug.cgi?id=71071
34068 Reviewed by Gavin Barraclough.
34070 Removed some cruft dealing with parsing failures due to unsupported functionality
34071 (that's never reached anymore due to it being caught in DFGCapabilities). This
34072 allowed me to repurpose the bool return from parseBlock() to mean: true if we
34073 should continue to parse, or false if we've already parsed all live code.
34075 * dfg/DFGByteCodeParser.cpp:
34076 (JSC::DFG::ByteCodeParser::ByteCodeParser):
34077 (JSC::DFG::ByteCodeParser::parseBlock):
34078 (JSC::DFG::ByteCodeParser::parseCodeBlock):
34080 2011-10-27 Joseph Pecoraro <pecoraro@apple.com>
34082 Reviewed by David Kilzer.
34084 Make FeatureDefines Identical Across OS X Projects
34085 https://bugs.webkit.org/show_bug.cgi?id=71051
34087 * Configurations/FeatureDefines.xcconfig:
34089 2011-10-27 Filip Pizlo <fpizlo@apple.com>
34091 Crash in JSC::Structure::materializePropertyMap when viewing Garden-O-Matic
34092 https://bugs.webkit.org/show_bug.cgi?id=71045
34094 Reviewed by Geoff Garen.
34096 Make sure that if a structure is pinned, it also has a property map.
34098 * runtime/Structure.cpp:
34099 (JSC::Structure::changePrototypeTransition):
34100 (JSC::Structure::despecifyFunctionTransition):
34101 (JSC::Structure::getterSetterTransition):
34102 (JSC::Structure::toDictionaryTransition):
34103 (JSC::Structure::preventExtensionsTransition):
34104 (JSC::Structure::addPropertyWithoutTransition):
34105 (JSC::Structure::removePropertyWithoutTransition):
34106 (JSC::Structure::pin):
34107 (JSC::Structure::copyPropertyTableForPinning):
34108 * runtime/Structure.h:
34109 (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
34111 2011-10-27 Michael Saboff <msaboff@apple.com>
34113 32bit build failure after r98624
34114 https://bugs.webkit.org/show_bug.cgi?id=71064
34116 Disambiguated operator overload with unsigned index (0u).
34118 Reviewed by Sam Weinig.
34120 * runtime/UString.h:
34123 2011-10-27 Gustavo Noronha Silva <gns@gnome.org>
34125 Fix building on GNU/kFreeBSD
34126 https://bugs.webkit.org/show_bug.cgi?id=71005
34128 Reviewed by Darin Adler.
34133 2011-10-27 Michael Saboff <msaboff@apple.com>
34135 Investigate storing strings in 8-bit buffers when possible
34136 https://bugs.webkit.org/show_bug.cgi?id=66161
34138 Investigate storing strings in 8-bit buffers when possible
34139 https://bugs.webkit.org/show_bug.cgi?id=66161
34141 Added support for 8 bit string data in StringImpl. Changed
34142 (UChar*) m_data to m_data16. Added char* m_data8 as a union
34143 with m_data16. Added UChar* m_copyData16 to the other union
34144 to store a 16 bit copy of an 8 bit string when needed.
34145 Added characters8() and characters16() accessor methods
34146 that assume the caller has checked the underlying string type
34147 via the new is8Bit() method. The characters() method will
34148 return a UChar* of the string, materializing a 16 bit copy if the
34149 string is an 8 bit string. Added two flags, one for 8 bit buffer
34150 and a second for a 16 bit copy for an 8 bit string.
34152 Fixed method name typo (StringHasher::defaultCoverter()).
34154 Over time the goal is to eliminate calls to characters() and
34155 us the character8() and characters16() accessors.
34157 This patch does not include changes that actually create 8 bit
34158 strings. This is the first of at least 8 patches. Subsequent
34159 patches will be submitted for JIT changes, making the JSC lexer,
34160 parser and literal parser, JavaScript string changes and
34161 then changes in webcore to take advantage of the 8 bit strings.
34163 This change is performance neutral for SunSpider and V8 when
34164 run from the command line with "jsc".
34166 Reviewed by Geoffrey Garen.
34168 * JavaScriptCore.exp:
34169 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
34170 * interpreter/Interpreter.cpp:
34171 (JSC::Interpreter::callEval):
34172 * parser/SourceProvider.h:
34173 (JSC::UStringSourceProvider::data):
34174 (JSC::UStringSourceProvider::UStringSourceProvider):
34175 * runtime/Identifier.cpp:
34176 (JSC::IdentifierCStringTranslator::hash):
34177 (JSC::IdentifierCStringTranslator::equal):
34178 (JSC::IdentifierCStringTranslator::translate):
34179 (JSC::Identifier::add):
34180 (JSC::Identifier::toUInt32):
34181 * runtime/Identifier.h:
34182 (JSC::Identifier::equal):
34185 * runtime/JSString.cpp:
34186 (JSC::JSString::resolveRope):
34187 (JSC::JSString::resolveRopeSlowCase):
34188 * runtime/RegExp.cpp:
34189 (JSC::RegExp::match):
34190 * runtime/StringPrototype.cpp:
34191 (JSC::jsSpliceSubstringsWithSeparators):
34192 * runtime/UString.cpp:
34193 (JSC::UString::UString):
34194 (JSC::equalSlowCase):
34195 (JSC::UString::utf8):
34196 * runtime/UString.h:
34197 (JSC::UString::characters):
34198 (JSC::UString::characters8):
34199 (JSC::UString::characters16):
34200 (JSC::UString::is8Bit):
34201 (JSC::UString::operator[]):
34202 (JSC::UString::find):
34204 * wtf/StringHasher.h:
34205 (WTF::StringHasher::computeHash):
34206 (WTF::StringHasher::defaultConverter):
34207 * wtf/text/AtomicString.cpp:
34208 (WTF::CStringTranslator::hash):
34209 (WTF::CStringTranslator::equal):
34210 (WTF::CStringTranslator::translate):
34211 (WTF::AtomicString::add):
34212 * wtf/text/AtomicString.h:
34213 (WTF::AtomicString::AtomicString):
34214 (WTF::AtomicString::contains):
34215 (WTF::AtomicString::find):
34216 (WTF::AtomicString::add):
34219 (WTF::equalIgnoringCase):
34220 * wtf/text/StringConcatenate.h:
34221 * wtf/text/StringHash.h:
34222 (WTF::StringHash::equal):
34223 (WTF::CaseFoldingHash::hash):
34224 * wtf/text/StringImpl.cpp:
34225 (WTF::StringImpl::~StringImpl):
34226 (WTF::StringImpl::createUninitialized):
34227 (WTF::StringImpl::create):
34228 (WTF::StringImpl::getData16SlowCase):
34229 (WTF::StringImpl::containsOnlyWhitespace):
34230 (WTF::StringImpl::substring):
34231 (WTF::StringImpl::characterStartingAt):
34232 (WTF::StringImpl::lower):
34233 (WTF::StringImpl::upper):
34234 (WTF::StringImpl::fill):
34235 (WTF::StringImpl::foldCase):
34236 (WTF::StringImpl::stripMatchedCharacters):
34237 (WTF::StringImpl::removeCharacters):
34238 (WTF::StringImpl::simplifyMatchedCharactersToSpace):
34239 (WTF::StringImpl::toIntStrict):
34240 (WTF::StringImpl::toUIntStrict):
34241 (WTF::StringImpl::toInt64Strict):
34242 (WTF::StringImpl::toUInt64Strict):
34243 (WTF::StringImpl::toIntPtrStrict):
34244 (WTF::StringImpl::toInt):
34245 (WTF::StringImpl::toUInt):
34246 (WTF::StringImpl::toInt64):
34247 (WTF::StringImpl::toUInt64):
34248 (WTF::StringImpl::toIntPtr):
34249 (WTF::StringImpl::toDouble):
34250 (WTF::StringImpl::toFloat):
34252 (WTF::equalIgnoringCase):
34253 (WTF::StringImpl::find):
34254 (WTF::StringImpl::findIgnoringCase):
34255 (WTF::StringImpl::reverseFind):
34256 (WTF::StringImpl::replace):
34257 (WTF::StringImpl::defaultWritingDirection):
34258 (WTF::StringImpl::adopt):
34259 (WTF::StringImpl::createWithTerminatingNullCharacter):
34260 * wtf/text/StringImpl.h:
34261 (WTF::StringImpl::StringImpl):
34262 (WTF::StringImpl::create):
34263 (WTF::StringImpl::create8):
34264 (WTF::StringImpl::tryCreateUninitialized):
34265 (WTF::StringImpl::flagsOffset):
34266 (WTF::StringImpl::flagIs8Bit):
34267 (WTF::StringImpl::dataOffset):
34268 (WTF::StringImpl::is8Bit):
34269 (WTF::StringImpl::characters8):
34270 (WTF::StringImpl::characters16):
34271 (WTF::StringImpl::characters):
34272 (WTF::StringImpl::has16BitShadow):
34273 (WTF::StringImpl::setHash):
34274 (WTF::StringImpl::hash):
34275 (WTF::StringImpl::copyChars):
34276 (WTF::StringImpl::operator[]):
34277 (WTF::StringImpl::find):
34278 (WTF::StringImpl::findIgnoringCase):
34280 (WTF::equalIgnoringCase):
34281 (WTF::StringImpl::isolatedCopy):
34282 * wtf/text/WTFString.cpp:
34283 (WTF::String::String):
34284 (WTF::String::append):
34285 (WTF::String::format):
34286 (WTF::String::fromUTF8):
34287 (WTF::String::fromUTF8WithLatin1Fallback):
34288 * wtf/text/WTFString.h:
34289 (WTF::String::find):
34290 (WTF::String::findIgnoringCase):
34291 (WTF::String::contains):
34292 (WTF::String::append):
34293 (WTF::String::fromUTF8):
34294 (WTF::String::fromUTF8WithLatin1Fallback):
34297 (WTF::equalIgnoringCase):
34298 * wtf/unicode/Unicode.h:
34299 * yarr/YarrJIT.cpp:
34300 (JSC::Yarr::execute):
34302 (JSC::Yarr::YarrCodeBlock::execute):
34303 * yarr/YarrParser.h:
34304 (JSC::Yarr::Parser::Parser):
34306 2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
34308 Fixing windows build
34310 Unreviewed build fix
34312 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
34314 2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
34316 Add ability to check for presence of static members at compile time
34317 https://bugs.webkit.org/show_bug.cgi?id=70986
34319 Reviewed by Geoffrey Garen.
34321 Added new CREATE_MEMBER_CHECKER macro to instantiate the template and the
34322 HAS_MEMBER_NAMED macro to use that template to check if the specified class
34323 does indeed have a method with that name. This mechanism is not currently
34324 used anywhere, but will be in the future when adding virtual methods from
34325 JSObject to the MethodTable.
34327 * runtime/ClassInfo.h:
34329 2011-10-27 Mark Hahnenberg <mhahnenberg@apple.com>
34331 De-virtualize JSCell::toThisObject
34332 https://bugs.webkit.org/show_bug.cgi?id=70958
34334 Reviewed by Geoffrey Garen.
34336 Converted all instances of toThisObject to static functions,
34337 added toThisObject to the MethodTable, and replaced all call sites
34338 with a corresponding lookup in the MethodTable.
34340 * API/JSContextRef.cpp:
34341 * JavaScriptCore.exp:
34342 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
34343 * runtime/ClassInfo.h:
34344 * runtime/JSActivation.cpp:
34345 (JSC::JSActivation::toThisObject):
34346 * runtime/JSActivation.h:
34347 * runtime/JSCell.cpp:
34348 (JSC::JSCell::toThisObject):
34349 * runtime/JSCell.h:
34350 * runtime/JSObject.cpp:
34351 (JSC::JSObject::put):
34352 (JSC::JSObject::toThisObject):
34353 * runtime/JSObject.h:
34354 (JSC::JSValue::toThisObject):
34355 * runtime/JSStaticScopeObject.cpp:
34356 (JSC::JSStaticScopeObject::toThisObject):
34357 * runtime/JSStaticScopeObject.h:
34358 * runtime/JSString.cpp:
34359 (JSC::JSString::toThisObject):
34360 * runtime/JSString.h:
34361 * runtime/StrictEvalActivation.cpp:
34362 (JSC::StrictEvalActivation::toThisObject):
34363 * runtime/StrictEvalActivation.h:
34365 2011-10-27 Yuqiang Xian <yuqiang.xian@intel.com>
34367 Fix a small bug in callOperation after r98431
34368 https://bugs.webkit.org/show_bug.cgi?id=70984
34370 Reviewed by Geoffrey Garen.
34372 TrustedImmPtr is not expecting "int" type parameters.
34374 * dfg/DFGJITCodeGenerator.h:
34375 (JSC::DFG::callOperation):
34377 2011-10-26 Oliver Hunt <oliver@apple.com>
34379 Restore structure-clearing behaviour of allocateCell<>
34380 https://bugs.webkit.org/show_bug.cgi?id=70976
34382 Reviewed by Geoffrey Garen.
34384 This restores the logic that allows the markstack to filter
34385 live objects that have not yet been initialised.
34387 * runtime/JSCell.h:
34388 (JSC::JSCell::clearStructure):
34389 Validation-safe method to clear a cell's structure.
34390 (JSC::allocateCell):
34391 Call the above method.
34392 * runtime/Structure.h:
34393 (JSC::MarkStack::internalAppend):
34394 Don't visit cells that haven't been initialised.
34396 2011-10-26 Filip Pizlo <fpizlo@apple.com>
34398 REGRESSION (r97030): Cannot log in to progressive.com
34399 https://bugs.webkit.org/show_bug.cgi?id=70094
34401 Reviewed by Oliver Hunt.
34403 * dfg/DFGByteCodeParser.cpp:
34404 (JSC::DFG::ByteCodeParser::handleCall):
34406 2011-10-26 Mark Hahnenberg <mhahnenberg@apple.com>
34408 Remove getOwnPropertySlotVirtual
34409 https://bugs.webkit.org/show_bug.cgi?id=70741
34411 Reviewed by Geoffrey Garen.
34413 Removed all declarations and definitions of getOwnPropertySlotVirtual.
34414 Also replaced all call sites to getOwnPropertyVirtualVirtual with a
34415 corresponding lookup in the MethodTable.
34417 * API/JSCallbackObject.h:
34418 * API/JSCallbackObjectFunctions.h:
34419 (JSC::::getOwnPropertyDescriptor):
34420 * JavaScriptCore.exp:
34421 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
34422 * debugger/DebuggerActivation.cpp:
34423 (JSC::DebuggerActivation::getOwnPropertySlot):
34424 * debugger/DebuggerActivation.h:
34425 * runtime/Arguments.cpp:
34426 * runtime/Arguments.h:
34427 * runtime/ArrayConstructor.cpp:
34428 * runtime/ArrayConstructor.h:
34429 * runtime/ArrayPrototype.cpp:
34430 * runtime/ArrayPrototype.h:
34431 * runtime/BooleanPrototype.cpp:
34432 * runtime/BooleanPrototype.h:
34433 * runtime/DateConstructor.cpp:
34434 * runtime/DateConstructor.h:
34435 * runtime/DatePrototype.cpp:
34436 * runtime/DatePrototype.h:
34437 (JSC::DatePrototype::create):
34438 * runtime/ErrorPrototype.cpp:
34439 * runtime/ErrorPrototype.h:
34440 * runtime/JSActivation.cpp:
34441 * runtime/JSActivation.h:
34442 * runtime/JSArray.cpp:
34443 (JSC::JSArray::getOwnPropertySlotByIndex):
34444 * runtime/JSArray.h:
34445 * runtime/JSByteArray.cpp:
34446 * runtime/JSByteArray.h:
34447 * runtime/JSCell.cpp:
34448 * runtime/JSCell.h:
34449 * runtime/JSFunction.cpp:
34450 (JSC::JSFunction::getOwnPropertyDescriptor):
34451 (JSC::JSFunction::getOwnPropertyNames):
34452 (JSC::JSFunction::put):
34453 * runtime/JSFunction.h:
34454 * runtime/JSGlobalObject.cpp:
34455 * runtime/JSGlobalObject.h:
34456 * runtime/JSNotAnObject.cpp:
34457 * runtime/JSNotAnObject.h:
34458 * runtime/JSONObject.cpp:
34459 (JSC::Stringifier::Holder::appendNextProperty):
34460 (JSC::Walker::walk):
34461 * runtime/JSONObject.h:
34462 * runtime/JSObject.cpp:
34463 (JSC::JSObject::getOwnPropertySlotByIndex):
34464 (JSC::JSObject::hasOwnProperty):
34465 * runtime/JSObject.h:
34466 (JSC::JSCell::fastGetOwnPropertySlot):
34467 (JSC::JSObject::getPropertySlot):
34468 (JSC::JSValue::get):
34469 * runtime/JSStaticScopeObject.cpp:
34470 * runtime/JSStaticScopeObject.h:
34471 * runtime/JSString.cpp:
34472 (JSC::JSString::getOwnPropertySlot):
34473 * runtime/JSString.h:
34474 * runtime/MathObject.cpp:
34475 * runtime/MathObject.h:
34476 (JSC::MathObject::create):
34477 * runtime/NumberConstructor.cpp:
34478 * runtime/NumberConstructor.h:
34479 * runtime/NumberPrototype.cpp:
34480 * runtime/NumberPrototype.h:
34481 * runtime/ObjectConstructor.cpp:
34482 * runtime/ObjectConstructor.h:
34483 * runtime/ObjectPrototype.cpp:
34484 * runtime/ObjectPrototype.h:
34485 * runtime/RegExpConstructor.cpp:
34486 * runtime/RegExpConstructor.h:
34487 * runtime/RegExpMatchesArray.h:
34488 (JSC::RegExpMatchesArray::createStructure):
34489 * runtime/RegExpObject.cpp:
34490 * runtime/RegExpObject.h:
34491 * runtime/RegExpPrototype.cpp:
34492 * runtime/RegExpPrototype.h:
34493 * runtime/StringConstructor.cpp:
34494 * runtime/StringConstructor.h:
34495 * runtime/StringObject.cpp:
34496 * runtime/StringObject.h:
34497 * runtime/StringPrototype.cpp:
34498 * runtime/StringPrototype.h:
34500 2011-10-26 Alejandro G. Castro <alex@igalia.com>
34502 [GTK] [WK2] Add WebKit2 distcheck support
34503 https://bugs.webkit.org/show_bug.cgi?id=70933
34505 Reviewed by Martin Robinson.
34507 * GNUmakefile.list.am: Add MemoryStatistics.h to the sources list.
34509 2011-10-26 Michael Saboff <msaboff@apple.com>
34511 Increase StringImpl Flag Bits for 8 bit Strings
34512 https://bugs.webkit.org/show_bug.cgi?id=70937
34514 Increased the number of bits used for flags in StringImpl
34515 from 6 to 8 bits. This frees up 2 flag bits that will be
34516 used for 8-bit string support. Updated hash methods accordingly.
34517 Changed hash value masking from the low bits to the high
34520 Reviewed by Darin Adler.
34522 * create_hash_table:
34523 * wtf/StringHasher.h:
34524 (WTF::StringHasher::hash):
34525 * wtf/text/StringImpl.h:
34527 2011-10-26 Dan Bernstein <mitz@apple.com>
34531 Reverted r98488, which caused the scripts’ status messages to be included in the generated
34534 * create_hash_table:
34535 * create_jit_stubs:
34537 2011-10-26 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
34539 Don't print regular output to STDERR when generating hashtables and JIT stubs
34541 Reviewed by Simon Hausmann.
34543 * create_hash_table:
34544 * create_jit_stubs:
34546 2011-10-25 Gavin Barraclough <barraclough@apple.com>
34548 Split DFGJITCodeGenerator::callOperation methods
34549 https://bugs.webkit.org/show_bug.cgi?id=70870
34551 Reviewed by Filip Pizlo.
34553 The DFGJITCodeGenerator currently contains two sets of callOperation methods.
34554 One set works with the JSVALUE64 value representation and passes arguments in
34555 registers (suitable for use on x86-64), and one set works with the JSVALUE32_64
34556 value representation and passes arguments in memory (suitable for use on x86).
34557 By refactoring out the representation and calling convention specific aspects
34558 of the code we can also configure the DFG JIT to operator on platforms that use
34559 the JSVALUE32_64 value representation but pass arguments in registers.
34561 On platforms supported by the JIT, the payload precedes the tag of a value in
34562 argument/result ordering, as such, in order to make the setupResults method
34563 generally applicable to return the results of a function that are returned in
34564 two registers, the ordering of arguments to this function has been reversed -
34565 as is the ordering of augments passed to setupArguments methods, with respect
34566 to the ordering with which they are passed in to callOperation.
34567 This inconsistency will be resolved in a later change when we combine the pairs
34568 of arguments passed into callOperation, such that the function signatures can
34569 be made consistent across the two value representations (the callOperation
34570 methods will be passed a reference to a struct representing the JSValue
34571 temporary, this will consist of two gprs on 32_64 and one on 64).
34573 * dfg/DFGJITCodeGenerator.h:
34574 (JSC::DFG::resetCallArguments):
34575 (JSC::DFG::addCallArgument):
34576 - moved, removed tag,payload version of this method.
34577 (JSC::DFG::setupArguments):
34578 (JSC::DFG::setupArgumentsExecState):
34579 (JSC::DFG::setupArgumentsWithExecState):
34580 - Calling convention specific portion of callOperation refactored out into these methods.
34581 (JSC::DFG::callOperation):
34582 - updated these methods to use setupArguments* methods.
34583 (JSC::DFG::setupResults):
34584 - setupResults is now passed payload,tag.
34585 (JSC::DFG::appendCallWithExceptionCheckSetResult):
34586 - Added fpr versions of this function.
34587 (JSC::DFG::appendCallSetResult):
34588 - Added versions of this function without exception check.
34589 * dfg/DFGJITCodeGenerator32_64.cpp:
34590 (JSC::DFG::JITCodeGenerator::emitCall):
34591 - setupResults is now passed payload,tag.
34593 2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
34595 Remove deletePropertyVirtual
34596 https://bugs.webkit.org/show_bug.cgi?id=70738
34598 Reviewed by Geoffrey Garen.
34600 Removed all declarations and definitions of deletePropertyVirtual.
34601 Also replaced all call sites to deletePropertyVirtual with a
34602 corresponding lookup in the MethodTable.
34604 * API/JSCallbackObject.h:
34605 * API/JSCallbackObjectFunctions.h:
34606 (JSC::::deletePropertyByIndex):
34607 * API/JSObjectRef.cpp:
34608 (JSObjectDeleteProperty):
34609 * JavaScriptCore.exp:
34610 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
34611 * debugger/DebuggerActivation.cpp:
34612 (JSC::DebuggerActivation::deleteProperty):
34613 * debugger/DebuggerActivation.h:
34614 * interpreter/Interpreter.cpp:
34615 (JSC::Interpreter::privateExecute):
34616 * jit/JITStubs.cpp:
34617 (JSC::DEFINE_STUB_FUNCTION):
34618 * runtime/Arguments.cpp:
34619 * runtime/Arguments.h:
34620 * runtime/ArrayPrototype.cpp:
34621 (JSC::arrayProtoFuncPop):
34622 (JSC::arrayProtoFuncReverse):
34623 (JSC::arrayProtoFuncShift):
34624 (JSC::arrayProtoFuncSplice):
34625 (JSC::arrayProtoFuncUnShift):
34626 * runtime/JSActivation.cpp:
34627 * runtime/JSActivation.h:
34628 * runtime/JSArray.cpp:
34629 (JSC::JSArray::deleteProperty):
34630 (JSC::JSArray::deletePropertyByIndex):
34631 * runtime/JSArray.h:
34632 * runtime/JSCell.cpp:
34633 (JSC::JSCell::deleteProperty):
34634 (JSC::JSCell::deletePropertyByIndex):
34635 * runtime/JSCell.h:
34636 * runtime/JSFunction.cpp:
34637 * runtime/JSFunction.h:
34638 * runtime/JSNotAnObject.cpp:
34639 * runtime/JSNotAnObject.h:
34640 * runtime/JSONObject.cpp:
34641 (JSC::Walker::walk):
34642 * runtime/JSObject.cpp:
34643 (JSC::JSObject::deletePropertyByIndex):
34644 (JSC::JSObject::defineOwnProperty):
34645 * runtime/JSObject.h:
34646 * runtime/JSVariableObject.cpp:
34647 * runtime/JSVariableObject.h:
34648 * runtime/RegExpMatchesArray.h:
34649 * runtime/StrictEvalActivation.cpp:
34650 * runtime/StrictEvalActivation.h:
34651 * runtime/StringObject.cpp:
34652 * runtime/StringObject.h:
34654 2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
34657 https://bugs.webkit.org/show_bug.cgi?id=70740
34659 Reviewed by Geoffrey Garen.
34661 Removed all declarations and definitions of putVirtual.
34662 Also replaced all call sites to putVirtual with a
34663 corresponding lookup in the MethodTable.
34665 * API/JSCallbackObject.h:
34666 * API/JSCallbackObjectFunctions.h:
34667 * API/JSObjectRef.cpp:
34668 (JSObjectSetProperty):
34669 (JSObjectSetPropertyAtIndex):
34670 * JavaScriptCore.exp:
34671 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
34672 * debugger/DebuggerActivation.cpp:
34673 (JSC::DebuggerActivation::put):
34674 * debugger/DebuggerActivation.h:
34675 * dfg/DFGOperations.cpp:
34676 * interpreter/Interpreter.cpp:
34677 (JSC::Interpreter::execute):
34678 (JSC::Interpreter::privateExecute):
34680 (GlobalObject::finishCreation):
34681 * runtime/Arguments.cpp:
34682 * runtime/Arguments.h:
34683 * runtime/ArrayPrototype.cpp:
34684 (JSC::putProperty):
34685 (JSC::arrayProtoFuncConcat):
34686 (JSC::arrayProtoFuncPush):
34687 (JSC::arrayProtoFuncReverse):
34688 (JSC::arrayProtoFuncShift):
34689 (JSC::arrayProtoFuncSlice):
34690 (JSC::arrayProtoFuncSort):
34691 (JSC::arrayProtoFuncSplice):
34692 (JSC::arrayProtoFuncUnShift):
34693 (JSC::arrayProtoFuncFilter):
34694 (JSC::arrayProtoFuncMap):
34695 * runtime/JSActivation.cpp:
34696 * runtime/JSActivation.h:
34697 * runtime/JSArray.cpp:
34698 (JSC::JSArray::putSlowCase):
34699 (JSC::JSArray::push):
34700 (JSC::JSArray::shiftCount):
34701 (JSC::JSArray::unshiftCount):
34702 * runtime/JSArray.h:
34703 * runtime/JSByteArray.cpp:
34704 * runtime/JSByteArray.h:
34705 * runtime/JSCell.cpp:
34706 (JSC::JSCell::put):
34707 (JSC::JSCell::putByIndex):
34708 * runtime/JSCell.h:
34709 * runtime/JSFunction.cpp:
34710 * runtime/JSFunction.h:
34711 * runtime/JSGlobalObject.cpp:
34712 * runtime/JSGlobalObject.h:
34713 * runtime/JSNotAnObject.cpp:
34714 * runtime/JSNotAnObject.h:
34715 * runtime/JSONObject.cpp:
34716 (JSC::Walker::walk):
34717 * runtime/JSObject.cpp:
34718 (JSC::JSObject::putByIndex):
34719 (JSC::JSObject::defineOwnProperty):
34720 * runtime/JSObject.h:
34721 (JSC::JSValue::put):
34722 * runtime/JSStaticScopeObject.cpp:
34723 * runtime/JSStaticScopeObject.h:
34724 * runtime/ObjectPrototype.cpp:
34725 * runtime/ObjectPrototype.h:
34726 * runtime/RegExpConstructor.cpp:
34727 * runtime/RegExpConstructor.h:
34728 * runtime/RegExpMatchesArray.h:
34729 * runtime/RegExpObject.cpp:
34730 * runtime/RegExpObject.h:
34731 * runtime/StringObject.cpp:
34732 * runtime/StringObject.h:
34733 * runtime/StringPrototype.cpp:
34734 (JSC::stringProtoFuncSplit):
34736 2011-10-25 Gavin Barraclough <barraclough@apple.com>
34738 Separate out function linking & exception check data structures.
34739 https://bugs.webkit.org/show_bug.cgi?id=70858
34741 Reviewed by Oliver Hunt.
34743 This will make it easier to refactor the callOperation methods to spilt the value
34744 representation specific handling from the cpu/calling-convention implementation.
34746 * dfg/DFGJITCodeGenerator.h:
34747 (JSC::DFG::appendCallWithExceptionCheck):
34748 * dfg/DFGJITCodeGenerator32_64.cpp:
34749 (JSC::DFG::JITCodeGenerator::emitCall):
34750 * dfg/DFGJITCodeGenerator64.cpp:
34751 (JSC::DFG::JITCodeGenerator::emitCall):
34752 * dfg/DFGJITCompiler.cpp:
34753 (JSC::DFG::JITCompiler::compileBody):
34754 (JSC::DFG::JITCompiler::link):
34755 * dfg/DFGJITCompiler.h:
34756 (JSC::DFG::CallLinkRecord::CallLinkRecord):
34757 (JSC::DFG::CallExceptionRecord::CallExceptionRecord):
34758 (JSC::DFG::JITCompiler::JITCompiler):
34759 (JSC::DFG::JITCompiler::notifyCall):
34760 (JSC::DFG::JITCompiler::appendCall):
34761 (JSC::DFG::JITCompiler::addExceptionCheck):
34762 (JSC::DFG::JITCompiler::addFastExceptionCheck):
34763 * dfg/DFGJITCompiler32_64.cpp:
34764 (JSC::DFG::JITCompiler::compileBody):
34765 (JSC::DFG::JITCompiler::link):
34767 2011-10-25 Filip Pizlo <fpizlo@apple.com>
34769 Tiered compilation may introduce dangling pointers in constant buffers
34770 https://bugs.webkit.org/show_bug.cgi?id=70854
34772 Reviewed by Oliver Hunt.
34774 Tiered compilation now copies constant buffers, which fixes the regression in
34775 https://bugs.webkit.org/show_bug.cgi?id=70246. No new tests because this
34776 regression relies on a subtle interleaving of optimized compilation and garbage
34777 collection, and cannot be reproduced in a simple test.
34779 This also adds some new debug support, which was used to fix this bug and is
34780 likely to be useful in the future.
34782 * bytecode/CodeBlock.cpp:
34783 (JSC::CodeBlock::copyDataFrom):
34784 (JSC::CodeBlock::usesOpcode):
34785 * bytecode/CodeBlock.h:
34786 * dfg/DFGGraph.cpp:
34787 (JSC::DFG::Graph::dump):
34789 2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
34791 Fixing Windows build after r98367
34793 Unreviewed build fix
34795 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
34797 2011-10-25 Yuqiang Xian <yuqiang.xian@intel.com>
34799 Add missing DFG file entries to the make lists for GTK and Qt ports
34800 https://bugs.webkit.org/show_bug.cgi?id=70806
34802 Reviewed by Darin Adler.
34804 * GNUmakefile.list.am:
34805 * JavaScriptCore.pro:
34807 2011-10-25 Mark Hahnenberg <mhahnenberg@apple.com>
34809 Add getOwnPropertySlot to MethodTable
34810 https://bugs.webkit.org/show_bug.cgi?id=69807
34812 Reviewed by Oliver Hunt.
34814 * JavaScriptCore.exp:
34815 * runtime/ClassInfo.h: Added both versions of getOwnPropertySlot to the MethodTable.
34816 * runtime/JSCell.h: Changed getOwnPropertySlot to be protected so other classes can
34817 reference it in their MethodTables.
34819 2011-10-25 Oliver Hunt <oliver@apple.com>
34821 Need to support marking of multiple nested codeblocks when compiling
34822 https://bugs.webkit.org/show_bug.cgi?id=70832
34824 Reviewed by Gavin Barraclough.
34826 When inlining a function we end up with multiple codeblocks being
34827 compiled at the same time, so we need to support a list of live
34831 (JSC::Heap::markRoots):
34832 * runtime/JSGlobalData.cpp:
34833 (JSC::JSGlobalData::JSGlobalData):
34834 * runtime/JSGlobalData.h:
34835 (JSC::JSGlobalData::startedCompiling):
34836 (JSC::JSGlobalData::finishedCompiling):
34838 2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
34840 DFG JIT 32_64 - fillInteger should accept DataFormatJSInteger
34841 https://bugs.webkit.org/show_bug.cgi?id=70798
34843 Reviewed by Filip Pizlo.
34845 When filling an integer for a known integer node (not speculated), it
34846 should accept DataFormatJSInteger as well.
34848 * dfg/DFGJITCodeGenerator32_64.cpp:
34849 (JSC::DFG::JITCodeGenerator::fillInteger):
34851 2011-10-24 Geoffrey Garen <ggaren@apple.com>
34853 Build fix: removed some cases of threadsafeCopy() that I missed in
34856 * JavaScriptCore.order:
34858 2011-10-24 Geoffrey Garen <ggaren@apple.com>
34860 Removed SharedUChar and tightened language around its previous uses
34861 https://bugs.webkit.org/show_bug.cgi?id=70698
34863 Reviewed by David Levin.
34865 - Removed SharedUChar because most of its functionality has moved into
34866 other abstraction layers, and we want remaining clients to choose their
34867 abstractions explicitly instead of relying on StringImpl to provide this
34868 behavior implicitly, since we think they can sometimes make more efficient
34871 - Renamed "threadSafeCopy" and "crossThreadCopy" to "isolatedCopy" because
34872 the former names could give the impression that the resulting object was
34873 thread-safe, but actually it's just an isolated copy, which is not
34874 thread-safe by itself, but can be used to implement a thread-safe
34875 algorithm through isolation.
34877 * wtf/CrossThreadRefCounted.h: Removed.
34879 * JavaScriptCore.exp: Export!
34881 * wtf/text/StringImpl.cpp:
34882 (WTF::StringImpl::~StringImpl): Removed the stuff mentioned above.
34884 * wtf/text/StringImpl.h:
34885 (WTF::StringImpl::length): Ditto.
34887 (WTF::StringImpl::isolatedCopy): Inlined this, since it's now trivial.
34889 * wtf/text/WTFString.cpp:
34890 (WTF::String::isolatedCopy):
34891 * wtf/text/WTFString.h: Updated for StringImpl changes.
34893 * API/OpaqueJSString.h:
34894 * GNUmakefile.list.am:
34895 * JavaScriptCore.exp:
34896 * JavaScriptCore.gypi:
34897 * JavaScriptCore.order:
34898 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
34899 * JavaScriptCore.xcodeproj/project.pbxproj:
34900 * wtf/CMakeLists.txt:
34901 * wtf/OwnFastMallocPtr.h:
34902 * wtf/RefCounted.h:
34903 * wtf/SizeLimits.cpp:
34904 * wtf/ThreadSafeRefCounted.h:
34906 * yarr/YarrPattern.h: Updated these files to accomodate removal of
34907 CrossThreadRefCounted.h.
34909 2011-10-24 Oliver Hunt <oliver@apple.com>
34911 Crash in void JSC::validateCell<JSC::RegExp*>(JSC::RegExp*)
34912 https://bugs.webkit.org/show_bug.cgi?id=70689
34914 Reviewed by Filip Pizlo.
34916 While performing codegen we need to make the GlobalData explicitly
34917 aware of the codeblock being compiled, as compilation may trigger GC
34918 and CodeBlock holds GC values, but has not yet been assigned to its
34921 * bytecompiler/BytecodeGenerator.cpp:
34922 (JSC::BytecodeGenerator::BytecodeGenerator):
34923 (JSC::BytecodeGenerator::~BytecodeGenerator):
34924 * bytecompiler/BytecodeGenerator.h:
34925 * heap/AllocationSpace.cpp:
34926 (JSC::AllocationSpace::allocateSlowCase):
34928 (JSC::Heap::markRoots):
34929 * runtime/JSGlobalData.cpp:
34930 (JSC::JSGlobalData::JSGlobalData):
34931 * runtime/JSGlobalData.h:
34932 (JSC::JSGlobalData::startedCompiling):
34933 (JSC::JSGlobalData::finishedCompiling):
34935 2011-10-24 Filip Pizlo <fpizlo@apple.com>
34937 Object-or-other branch speculation may corrupt the state for OSR if the child of the
34938 branch is an integer
34939 https://bugs.webkit.org/show_bug.cgi?id=70777
34941 Reviewed by Oliver Hunt.
34943 * dfg/DFGSpeculativeJIT64.cpp:
34944 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
34946 2011-10-24 Filip Pizlo <fpizlo@apple.com>
34948 op_new_array_buffer is not inlined correctly
34949 https://bugs.webkit.org/show_bug.cgi?id=70770
34951 Reviewed by Oliver Hunt.
34953 Disabled inlining of op_new_array_buffer, for now.
34955 * dfg/DFGCapabilities.h:
34956 (JSC::DFG::canInlineOpcode):
34958 2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
34960 Add boolean speculations to DFG JIT 32_64
34961 https://bugs.webkit.org/show_bug.cgi?id=70706
34963 Reviewed by Filip Pizlo.
34965 Different from the boolean speculations in DFG 64, the boolean
34966 speculations in DFG 32_64 will use a 32bit GPR to hold the primitive
34967 boolean instead of a JSBoolean. This choice is not only for
34968 performance, but also to save a register as we're short of registers on
34970 To accomplish this we make use of DataFormatBoolean, allow a value to
34971 be represented as a primitive boolean and converted from/to a
34973 This patch also fixes SpillOrder in 32_64, which should be different
34974 from 64, and fixes needDataFormatConversion logic in 32_64.
34976 * assembler/MacroAssemblerX86Common.h:
34977 (JSC::MacroAssemblerX86Common::branchTest32):
34978 We don't expect byte test actually as it doesn't work for registers
34980 * dfg/DFGGenerationInfo.h:
34981 (JSC::DFG::needDataFormatConversion):
34982 (JSC::DFG::GenerationInfo::initBoolean):
34983 (JSC::DFG::GenerationInfo::gpr):
34984 (JSC::DFG::GenerationInfo::fillInteger):
34985 (JSC::DFG::GenerationInfo::fillBoolean):
34986 * dfg/DFGJITCodeGenerator.cpp:
34987 (JSC::DFG::JITCodeGenerator::checkConsistency):
34988 * dfg/DFGJITCodeGenerator.h:
34989 (JSC::DFG::JITCodeGenerator::use):
34990 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
34991 (JSC::DFG::JITCodeGenerator::silentFillGPR):
34992 (JSC::DFG::JITCodeGenerator::spill):
34993 (JSC::DFG::cellResult):
34994 (JSC::DFG::booleanResult):
34995 * dfg/DFGJITCodeGenerator32_64.cpp:
34996 (JSC::DFG::JITCodeGenerator::fillJSValue):
34997 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
34998 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
34999 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
35000 * dfg/DFGJITCompiler32_64.cpp:
35001 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
35002 * dfg/DFGSpeculativeJIT.cpp:
35003 (JSC::DFG::ValueSource::dump):
35004 (JSC::DFG::ValueRecovery::dump):
35005 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
35006 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
35007 * dfg/DFGSpeculativeJIT.h:
35008 (JSC::DFG::ValueSource::forPrediction):
35009 (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedBoolean):
35010 (JSC::DFG::ValueRecovery::inGPR):
35011 (JSC::DFG::ValueRecovery::gpr):
35012 * dfg/DFGSpeculativeJIT32_64.cpp:
35013 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
35014 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
35015 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
35016 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
35017 (JSC::DFG::SpeculativeJIT::compare):
35018 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
35019 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
35020 (JSC::DFG::SpeculativeJIT::emitBranch):
35021 (JSC::DFG::SpeculativeJIT::compile):
35023 2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
35025 Fixing Windows build
35027 Unreviewed build fix
35029 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
35031 2011-10-24 Yuqiang Xian <yuqiang.xian@intel.com>
35033 BitVector isInline check could fail
35034 https://bugs.webkit.org/show_bug.cgi?id=70691
35036 Reviewed by Geoffrey Garen.
35038 Current BitVector uses the highest bit of m_bitsOrPointer to indicate
35039 whether it's an inlined bit set or a pointer to an outOfLine bit set.
35040 This check may fail in case the pointer also has the highest bit set,
35041 which is surely possible on IA32 (Linux).
35042 In this case the check failure can result in unexpected behaviors,
35043 for example if the BitVector is incorrectly determined as having an
35044 inlined bit set, then setting a bit exceeding maxInlineBits will wrongly
35045 modify the memory adjacent to the BitVector object.
35046 This fix is to use the lowest bit of m_bitsOrPointer to indicate inline
35047 or outofline, based on the assumption that the pointer to OutOfLineBits
35048 should be 4 or 8 byte aligned.
35049 We could mark the lowest bit (bit 0) with 1 for inlined bit set,
35050 and bits 1~bitsInPointer are used for bit set/test.
35051 In this case we need do one bit more shift for bit set/test.
35053 * wtf/BitVector.cpp:
35054 (WTF::BitVector::resizeOutOfLine):
35056 (WTF::BitVector::quickGet):
35057 (WTF::BitVector::quickSet):
35058 (WTF::BitVector::quickClear):
35059 (WTF::BitVector::makeInlineBits):
35060 (WTF::BitVector::isInline):
35062 2011-10-24 Mark Hahnenberg <mhahnenberg@apple.com>
35064 Rename static getOwnPropertySlot to getOwnPropertySlotByIndex
35065 https://bugs.webkit.org/show_bug.cgi?id=70271
35067 Reviewed by Darin Adler.
35069 Renaming versions of getOwnPropertySlot that use an unsigned as the property
35070 name to "getOwnPropertySlotByIndex" in preparation for adding them to the
35071 MethodTable, which requires unique names for each method.
35073 * JavaScriptCore.exp:
35074 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
35075 * runtime/Arguments.cpp:
35076 (JSC::Arguments::getOwnPropertySlotVirtual):
35077 (JSC::Arguments::getOwnPropertySlotByIndex):
35078 * runtime/Arguments.h:
35079 * runtime/JSArray.cpp:
35080 (JSC::JSArray::getOwnPropertySlotVirtual):
35081 (JSC::JSArray::getOwnPropertySlotByIndex):
35082 (JSC::JSArray::getOwnPropertySlot):
35083 * runtime/JSArray.h:
35084 * runtime/JSByteArray.cpp:
35085 (JSC::JSByteArray::getOwnPropertySlotVirtual):
35086 (JSC::JSByteArray::getOwnPropertySlotByIndex):
35087 * runtime/JSByteArray.h:
35088 * runtime/JSCell.cpp:
35089 (JSC::JSCell::getOwnPropertySlotVirtual):
35090 (JSC::JSCell::getOwnPropertySlotByIndex):
35091 * runtime/JSCell.h:
35092 * runtime/JSNotAnObject.cpp:
35093 (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
35094 (JSC::JSNotAnObject::getOwnPropertySlotByIndex):
35095 * runtime/JSNotAnObject.h:
35096 * runtime/JSObject.cpp:
35097 (JSC::JSObject::getOwnPropertySlotVirtual):
35098 (JSC::JSObject::getOwnPropertySlotByIndex):
35099 * runtime/JSObject.h:
35100 * runtime/JSString.cpp:
35101 (JSC::JSString::getOwnPropertySlotVirtual):
35102 (JSC::JSString::getOwnPropertySlotByIndex):
35103 * runtime/JSString.h:
35104 * runtime/ObjectPrototype.cpp:
35105 (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
35106 (JSC::ObjectPrototype::getOwnPropertySlotByIndex):
35107 * runtime/ObjectPrototype.h:
35108 * runtime/RegExpMatchesArray.h:
35109 (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
35110 (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex):
35111 * runtime/StringObject.cpp:
35112 (JSC::StringObject::getOwnPropertySlotVirtual):
35113 (JSC::StringObject::getOwnPropertySlotByIndex):
35114 * runtime/StringObject.h:
35116 2011-10-24 Patrick Gansterer <paroga@webkit.org>
35118 Interpreter build fix after r98179.
35120 * bytecode/CodeBlock.h:
35121 Moved CodeBlock::baselineVersion() into ENABLE(JIT) block,
35122 since it is only used there.
35124 2011-10-23 Geoffrey Garen <ggaren@apple.com>
35126 Fixed a typo Darin spotted.
35128 * wtf/StringHasher.h:
35129 (WTF::StringHasher::hash): Expelliarmus!
35131 2011-10-23 Geoffrey Garen <ggaren@apple.com>
35133 Removed StringImpl::createStrippingNullCharacters
35134 https://bugs.webkit.org/show_bug.cgi?id=70700
35136 Reviewed by David Levin.
35140 * JavaScriptCore.exp:
35141 * wtf/text/StringImpl.cpp:
35142 * wtf/text/StringImpl.h:
35144 2011-10-22 Filip Pizlo <fpizlo@apple.com>
35146 DFG should inline constructors
35147 https://bugs.webkit.org/show_bug.cgi?id=70675
35149 Reviewed by Oliver Hunt.
35151 Adds support for inlining constructors. Also fixes two pathologies
35152 uncovered along the way: CheckMethod claimed that it never returned a
35153 result (causing CheckMethod -> SetLocal -> GetLocal sequences to
35154 result in the GetLocal doing OSR exit), and get_by_id parsing never
35155 checked if it was hot in slow path. Also fiddled with inlining
35156 heuristics; it appears that for now, the more inlining, the happier
35157 V8 is. Finally, a bug was uncovered where a silent spill of a boxed
35158 integer that had previously been spilled unboxed causes the silent
35159 fill to forget to unbox.
35161 This appears to be a 4% speed-up on V8 in their harness, or a 1%
35162 speed-up in my harness. The difference is due to warm-up: in my
35163 harness we see significant amounts of time spent in compilation, but
35164 in V8's harness compilation gets amortizes. Profiling indicates that
35165 we have the potential for a 5% win from basic optimizations like
35166 generating OSR exits lazily and holding onto bytecode longer.
35168 * dfg/DFGAbstractState.cpp:
35169 (JSC::DFG::AbstractState::execute):
35170 * dfg/DFGByteCodeParser.cpp:
35171 (JSC::DFG::ByteCodeParser::handleCall):
35172 (JSC::DFG::ByteCodeParser::handleInlining):
35173 (JSC::DFG::ByteCodeParser::handleMinMax):
35174 (JSC::DFG::ByteCodeParser::parseBlock):
35175 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
35176 (JSC::DFG::ByteCodeParser::parse):
35177 * dfg/DFGCapabilities.h:
35178 (JSC::DFG::mightInlineFunctionForConstruct):
35179 (JSC::DFG::canInlineOpcode):
35180 (JSC::DFG::mightInlineFunctionFor):
35181 (JSC::DFG::canInlineFunctionFor):
35182 * dfg/DFGJITCodeGenerator.h:
35183 (JSC::DFG::JITCodeGenerator::silentFillGPR):
35184 * runtime/Executable.h:
35186 (JSC::ExecutableBase::intrinsicFor):
35187 * runtime/Heuristics.cpp:
35188 (JSC::Heuristics::initializeHeuristics):
35189 * runtime/Heuristics.h:
35191 2011-10-23 Noel Gordon <noel.gordon@gmail.com>
35193 [chromium] Remove RopeImpl.{h,cpp} from the gyp projects
35194 https://bugs.webkit.org/show_bug.cgi?id=70703
35196 Reviewed by Kent Tamura.
35198 runtime/RopeImpl.{h,cpp} were removed in r97872, remove references
35199 to these files from the gyp project files.
35201 * JavaScriptCore.gypi:
35203 2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
35205 Add deleteProperty to the MethodTable
35206 https://bugs.webkit.org/show_bug.cgi?id=70162
35208 Reviewed by Sam Weinig.
35210 * JavaScriptCore.exp:
35211 * runtime/ClassInfo.h: Added both versions of deleteProperty to the MethodTable.
35212 * runtime/JSFunction.h: Changed JSFunction::deleteProperty to
35213 be protected rather than private for subclasses who don't provide their own
35216 2011-10-23 Mark Hahnenberg <mhahnenberg@apple.com>
35218 Remove getConstructDataVirtual
35219 https://bugs.webkit.org/show_bug.cgi?id=70638
35221 Reviewed by Darin Adler.
35223 Removed all declarations and definitions of getConstructDataVirtual.
35224 Also replaced all call sites to getConstructDataVirtual with a
35225 corresponding lookup in the MethodTable.
35227 * API/JSCallbackConstructor.cpp:
35228 * API/JSCallbackConstructor.h:
35229 * API/JSCallbackObject.h:
35230 * API/JSCallbackObjectFunctions.h:
35231 * API/JSObjectRef.cpp:
35232 (JSObjectIsConstructor):
35233 (JSObjectCallAsConstructor):
35234 * JavaScriptCore.exp:
35235 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
35236 * dfg/DFGOperations.cpp:
35237 * interpreter/Interpreter.cpp:
35238 (JSC::Interpreter::privateExecute):
35239 * jit/JITStubs.cpp:
35240 (JSC::DEFINE_STUB_FUNCTION):
35241 * runtime/ArrayConstructor.cpp:
35242 * runtime/ArrayConstructor.h:
35243 * runtime/BooleanConstructor.cpp:
35244 * runtime/BooleanConstructor.h:
35245 * runtime/DateConstructor.cpp:
35246 * runtime/DateConstructor.h:
35248 (JSC::StrictModeTypeErrorFunction::getConstructData):
35249 * runtime/ErrorConstructor.cpp:
35250 * runtime/ErrorConstructor.h:
35251 * runtime/FunctionConstructor.cpp:
35252 * runtime/FunctionConstructor.h:
35253 * runtime/JSCell.cpp:
35254 * runtime/JSCell.h:
35255 * runtime/JSFunction.cpp:
35256 * runtime/JSFunction.h:
35257 * runtime/JSObject.h:
35258 (JSC::getConstructData):
35259 * runtime/NativeErrorConstructor.cpp:
35260 * runtime/NativeErrorConstructor.h:
35261 * runtime/NumberConstructor.cpp:
35262 * runtime/NumberConstructor.h:
35263 * runtime/ObjectConstructor.cpp:
35264 * runtime/ObjectConstructor.h:
35265 * runtime/RegExpConstructor.cpp:
35266 * runtime/RegExpConstructor.h:
35267 * runtime/StringConstructor.cpp:
35268 * runtime/StringConstructor.h:
35270 2011-10-23 Geoffrey Garen <ggaren@apple.com>
35272 Try to fix the SL build.
35274 * dfg/DFGByteCodeParser.cpp:
35275 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Cast
35276 away int vs unisgned warning.
35278 2011-10-21 Geoffrey Garen <ggaren@apple.com>
35280 Separated string lifetime bits from character buffer state bits
35281 https://bugs.webkit.org/show_bug.cgi?id=70673
35283 Reviewed by Anders Carlsson.
35285 Moved the static/immortal bit into the bottom bit of the refcount, and
35286 moved all other bits into the high bits of the hash code.
35288 This is the first step toward a new Characters/PassString class, and it
35289 makes ref/deref slightly more efficient.
35291 * create_hash_table:
35292 * wtf/StringHasher.h:
35293 (WTF::StringHasher::hash): Tweaked the string hashing function to leave
35294 the top bits clear, so they can be used as flags.
35296 Fixed some small differences between the PERL copy of this function and
35297 the C++ copy of this function, which could have in theory caused subtle
35300 * wtf/text/StringImpl.cpp:
35301 (WTF::StringImpl::sharedBuffer):
35302 (WTF::StringImpl::createWithTerminatingNullCharacter):
35303 * wtf/text/StringImpl.h:
35304 (WTF::StringImpl::StringImpl):
35305 (WTF::StringImpl::cost): Renamed s_refCountFlagShouldReportedCost to
35306 s_didReportExtraCost, since the original name was both self-contradictory
35307 and used as a double-negative.
35309 (WTF::StringImpl::isIdentifier):
35310 (WTF::StringImpl::setIsIdentifier):
35311 (WTF::StringImpl::hasTerminatingNullCharacter):
35312 (WTF::StringImpl::isAtomic):
35313 (WTF::StringImpl::setIsAtomic):
35314 (WTF::StringImpl::setHash):
35315 (WTF::StringImpl::rawHash):
35316 (WTF::StringImpl::hasHash):
35317 (WTF::StringImpl::existingHash):
35318 (WTF::StringImpl::hash):
35319 (WTF::StringImpl::hasOneRef):
35320 (WTF::StringImpl::ref):
35321 (WTF::StringImpl::deref):
35322 (WTF::StringImpl::bufferOwnership):
35323 (WTF::StringImpl::isStatic): Moved the static/immortal bit into the bottom
35324 bit of the refcount. Now, all lifetime information lives in the refcount
35325 field. Moved the other bits into the hash code field.
35327 2011-10-21 Filip Pizlo <fpizlo@apple.com>
35329 DFG inlining sometimes fails to reset constant references
35330 https://bugs.webkit.org/show_bug.cgi?id=70668
35332 Reviewed by Anders Carlsson.
35334 Reset constant references when we need to (new block created) and not
35335 when we don't (change of inlining depth).
35337 * dfg/DFGByteCodeParser.cpp:
35338 (JSC::DFG::ByteCodeParser::handleInlining):
35339 (JSC::DFG::ByteCodeParser::prepareToParseBlock):
35340 (JSC::DFG::ByteCodeParser::parseBlock):
35341 (JSC::DFG::ByteCodeParser::parseCodeBlock):
35343 2011-10-21 Filip Pizlo <fpizlo@apple.com>
35345 DFG should have inlining
35346 https://bugs.webkit.org/show_bug.cgi?id=69996
35348 Reviewed by Oliver Hunt.
35350 Implements inlining that's hooked into the bytecode parser. Only
35351 works for calls, for now, though nothing fundamentally prevents us
35352 from inlining constructor calls. 2% overall speed-up on all
35353 benchmarks. 7% speed-up on V8 (around 34% and 27% on deltablue and
35354 richards respectively), neutral on Kraken and SunSpider.
35356 * bytecode/CodeBlock.cpp:
35357 (JSC::CodeBlock::visitAggregate):
35358 * bytecode/CodeBlock.h:
35359 (JSC::CodeBlock::baselineVersion):
35360 (JSC::CodeBlock::setInstructionCount):
35361 (JSC::CodeBlock::likelyToTakeSlowCase):
35362 (JSC::CodeBlock::couldTakeSlowCase):
35363 (JSC::CodeBlock::likelyToTakeSpecialFastCase):
35364 (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
35365 (JSC::CodeBlock::likelyToTakeAnySlowCase):
35366 * bytecode/CodeOrigin.h:
35367 (JSC::CodeOrigin::inlineDepthForCallFrame):
35368 (JSC::CodeOrigin::inlineDepth):
35369 (JSC::CodeOrigin::operator==):
35370 (JSC::CodeOrigin::inlineStack):
35371 * bytecompiler/BytecodeGenerator.cpp:
35372 (JSC::BytecodeGenerator::generate):
35373 * dfg/DFGAbstractState.cpp:
35374 (JSC::DFG::AbstractState::beginBasicBlock):
35375 (JSC::DFG::AbstractState::execute):
35376 (JSC::DFG::AbstractState::mergeStateAtTail):
35377 * dfg/DFGBasicBlock.h:
35378 (JSC::DFG::BasicBlock::BasicBlock):
35379 (JSC::DFG::BasicBlock::ensureLocals):
35380 (JSC::DFG::UnlinkedBlock::UnlinkedBlock):
35381 * dfg/DFGByteCodeParser.cpp:
35382 (JSC::DFG::ByteCodeParser::ByteCodeParser):
35383 (JSC::DFG::ByteCodeParser::getDirect):
35384 (JSC::DFG::ByteCodeParser::get):
35385 (JSC::DFG::ByteCodeParser::setDirect):
35386 (JSC::DFG::ByteCodeParser::set):
35387 (JSC::DFG::ByteCodeParser::getLocal):
35388 (JSC::DFG::ByteCodeParser::getArgument):
35389 (JSC::DFG::ByteCodeParser::flush):
35390 (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
35391 (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
35392 (JSC::DFG::ByteCodeParser::handleInlining):
35393 (JSC::DFG::ByteCodeParser::parseBlock):
35394 (JSC::DFG::ByteCodeParser::processPhiStack):
35395 (JSC::DFG::ByteCodeParser::linkBlock):
35396 (JSC::DFG::ByteCodeParser::linkBlocks):
35397 (JSC::DFG::ByteCodeParser::handleSuccessor):
35398 (JSC::DFG::ByteCodeParser::determineReachability):
35399 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
35400 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
35401 (JSC::DFG::ByteCodeParser::parseCodeBlock):
35402 (JSC::DFG::ByteCodeParser::parse):
35403 * dfg/DFGCapabilities.cpp:
35404 (JSC::DFG::canHandleOpcodes):
35405 (JSC::DFG::canCompileOpcodes):
35406 (JSC::DFG::canInlineOpcodes):
35407 * dfg/DFGCapabilities.h:
35408 (JSC::DFG::mightCompileEval):
35409 (JSC::DFG::mightCompileProgram):
35410 (JSC::DFG::mightCompileFunctionForCall):
35411 (JSC::DFG::mightCompileFunctionForConstruct):
35412 (JSC::DFG::mightInlineFunctionForCall):
35413 (JSC::DFG::mightInlineFunctionForConstruct):
35414 (JSC::DFG::canInlineOpcode):
35415 (JSC::DFG::canInlineOpcodes):
35416 (JSC::DFG::canInlineFunctionForCall):
35417 (JSC::DFG::canInlineFunctionForConstruct):
35418 * dfg/DFGGraph.cpp:
35419 (JSC::DFG::printWhiteSpace):
35420 (JSC::DFG::Graph::dumpCodeOrigin):
35421 (JSC::DFG::Graph::dump):
35423 (JSC::DFG::GetBytecodeBeginForBlock::operator()):
35424 (JSC::DFG::Graph::blockIndexForBytecodeOffset):
35425 * dfg/DFGJITCompiler.cpp:
35426 (JSC::DFG::JITCompiler::decodedCodeMapFor):
35427 (JSC::DFG::JITCompiler::linkOSRExits):
35428 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
35429 * dfg/DFGJITCompiler.h:
35430 (JSC::DFG::JITCompiler::debugCall):
35431 (JSC::DFG::JITCompiler::baselineCodeBlockFor):
35432 * dfg/DFGJITCompiler32_64.cpp:
35433 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
35435 (JSC::DFG::Node::hasVariableAccessData):
35436 (JSC::DFG::Node::shouldGenerate):
35437 * dfg/DFGOperands.h:
35438 (JSC::DFG::Operands::ensureLocals):
35439 (JSC::DFG::Operands::setLocal):
35440 (JSC::DFG::Operands::getLocal):
35441 * dfg/DFGPropagator.cpp:
35442 (JSC::DFG::Propagator::propagateNodePredictions):
35443 * dfg/DFGSpeculativeJIT.cpp:
35444 (JSC::DFG::OSRExit::OSRExit):
35445 (JSC::DFG::SpeculativeJIT::compile):
35446 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
35447 * dfg/DFGSpeculativeJIT.h:
35448 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
35449 * dfg/DFGSpeculativeJIT32_64.cpp:
35450 (JSC::DFG::SpeculativeJIT::compile):
35451 * dfg/DFGSpeculativeJIT64.cpp:
35452 (JSC::DFG::SpeculativeJIT::compile):
35453 * interpreter/CallFrame.cpp:
35454 (JSC::CallFrame::trueCallerFrameSlow):
35456 (JSC::JIT::compileOpCallSlowCase):
35457 * jit/JITStubs.cpp:
35458 (JSC::DEFINE_STUB_FUNCTION):
35459 * runtime/Executable.cpp:
35460 (JSC::FunctionExecutable::baselineCodeBlockFor):
35461 (JSC::FunctionExecutable::produceCodeBlockFor):
35462 (JSC::FunctionExecutable::compileForCallInternal):
35463 (JSC::FunctionExecutable::compileForConstructInternal):
35464 * runtime/Executable.h:
35465 (JSC::FunctionExecutable::profiledCodeBlockFor):
35466 (JSC::FunctionExecutable::parameterCount):
35467 * runtime/Heuristics.cpp:
35468 (JSC::Heuristics::initializeHeuristics):
35469 * runtime/Heuristics.h:
35470 * runtime/JSFunction.h:
35472 2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
35474 Add put to the MethodTable
35475 https://bugs.webkit.org/show_bug.cgi?id=70439
35477 Reviewed by Oliver Hunt.
35479 * JavaScriptCore.exp:
35480 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
35481 * runtime/ClassInfo.h: Added put and putByIndex to the MethodTable.
35482 * runtime/JSFunction.h: Changed access modifier for put to protected since some
35483 subclasses of JSFunction need to reference it in their MethodTables.
35485 2011-10-21 Mark Hahnenberg <mhahnenberg@apple.com>
35487 Add finalizer to JSObject
35488 https://bugs.webkit.org/show_bug.cgi?id=70336
35490 Reviewed by Darin Adler.
35492 * heap/MarkedBlock.cpp:
35493 (JSC::MarkedBlock::callDestructor): Skip the call to the destructor
35494 if we're a JSFinalObject, since the finalizer takes care of things.
35495 * runtime/JSCell.h:
35496 (JSC::JSCell::~JSCell): Remove the GC validation due to a conflict with
35497 future changes and the fact that we no longer always call the destructor, making
35498 the information provided less useful.
35499 * runtime/JSObject.cpp:
35500 (JSC::JSObject::finalize): Add finalizer for JSObject.
35501 (JSC::JSObject::allocatePropertyStorage): The first time we need to allocate out-of-line
35502 property storage, we add a finalizer to ourself.
35503 * runtime/JSObject.h:
35505 2011-10-21 Simon Hausmann <simon.hausmann@nokia.com>
35507 Remove QtScript source code from WebKit.
35508 https://bugs.webkit.org/show_bug.cgi?id=64088
35510 Reviewed by Tor Arne Vestbø.
35512 Removed dead code that isn't developed anymore.
35514 * JavaScriptCore.gypi:
35515 * JavaScriptCore.pri:
35516 * qt/api/QtScript.pro: Removed.
35517 * qt/api/qscriptconverter_p.h: Removed.
35518 * qt/api/qscriptengine.cpp: Removed.
35519 * qt/api/qscriptengine.h: Removed.
35520 * qt/api/qscriptengine_p.cpp: Removed.
35521 * qt/api/qscriptengine_p.h: Removed.
35522 * qt/api/qscriptfunction.cpp: Removed.
35523 * qt/api/qscriptfunction_p.h: Removed.
35524 * qt/api/qscriptoriginalglobalobject_p.h: Removed.
35525 * qt/api/qscriptprogram.cpp: Removed.
35526 * qt/api/qscriptprogram.h: Removed.
35527 * qt/api/qscriptprogram_p.h: Removed.
35528 * qt/api/qscriptstring.cpp: Removed.
35529 * qt/api/qscriptstring.h: Removed.
35530 * qt/api/qscriptstring_p.h: Removed.
35531 * qt/api/qscriptsyntaxcheckresult.cpp: Removed.
35532 * qt/api/qscriptsyntaxcheckresult.h: Removed.
35533 * qt/api/qscriptsyntaxcheckresult_p.h: Removed.
35534 * qt/api/qscriptvalue.cpp: Removed.
35535 * qt/api/qscriptvalue.h: Removed.
35536 * qt/api/qscriptvalue_p.h: Removed.
35537 * qt/api/qscriptvalueiterator.cpp: Removed.
35538 * qt/api/qscriptvalueiterator.h: Removed.
35539 * qt/api/qscriptvalueiterator_p.h: Removed.
35540 * qt/api/qtscriptglobal.h: Removed.
35541 * qt/benchmarks/benchmarks.pri: Removed.
35542 * qt/benchmarks/benchmarks.pro: Removed.
35543 * qt/benchmarks/qscriptengine/qscriptengine.pro: Removed.
35544 * qt/benchmarks/qscriptengine/tst_qscriptengine.cpp: Removed.
35545 * qt/benchmarks/qscriptvalue/qscriptvalue.pro: Removed.
35546 * qt/benchmarks/qscriptvalue/tst_qscriptvalue.cpp: Removed.
35547 * qt/tests/qscriptengine/qscriptengine.pro: Removed.
35548 * qt/tests/qscriptengine/tst_qscriptengine.cpp: Removed.
35549 * qt/tests/qscriptstring/qscriptstring.pro: Removed.
35550 * qt/tests/qscriptstring/tst_qscriptstring.cpp: Removed.
35551 * qt/tests/qscriptvalue/qscriptvalue.pro: Removed.
35552 * qt/tests/qscriptvalue/tst_qscriptvalue.cpp: Removed.
35553 * qt/tests/qscriptvalue/tst_qscriptvalue.h: Removed.
35554 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_comparison.cpp: Removed.
35555 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_init.cpp: Removed.
35556 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_istype.cpp: Removed.
35557 * qt/tests/qscriptvalue/tst_qscriptvalue_generated_totype.cpp: Removed.
35558 * qt/tests/qscriptvalueiterator/qscriptvalueiterator.pro: Removed.
35559 * qt/tests/qscriptvalueiterator/tst_qscriptvalueiterator.cpp: Removed.
35560 * qt/tests/tests.pri: Removed.
35561 * qt/tests/tests.pro: Removed.
35563 2011-10-21 Zheng Liu <zheng.z.liu@intel.com>
35565 bytecompiler sometimes generates incorrect bytecode for put_by_id
35566 https://bugs.webkit.org/show_bug.cgi?id=70403
35568 Reviewed by Filip Pizlo.
35570 * bytecompiler/NodesCodegen.cpp:
35571 (JSC::AssignDotNode::emitBytecode):
35572 (JSC::AssignBracketNode::emitBytecode):
35574 2011-10-20 Filip Pizlo <fpizlo@apple.com>
35576 DFG should not try to predict argument types by looking at the values of
35577 argument registers at the time of compilation
35578 https://bugs.webkit.org/show_bug.cgi?id=70578
35580 Reviewed by Oliver Hunt.
35582 * bytecode/CodeBlock.cpp:
35583 * dfg/DFGDriver.cpp:
35584 (JSC::DFG::compile):
35585 (JSC::DFG::tryCompile):
35586 (JSC::DFG::tryCompileFunction):
35588 (JSC::DFG::tryCompileFunction):
35589 * dfg/DFGGraph.cpp:
35590 (JSC::DFG::Graph::predictArgumentTypes):
35592 * runtime/Executable.cpp:
35593 (JSC::FunctionExecutable::compileOptimizedForCall):
35594 (JSC::FunctionExecutable::compileOptimizedForConstruct):
35595 (JSC::FunctionExecutable::compileForCallInternal):
35596 (JSC::FunctionExecutable::compileForConstructInternal):
35597 * runtime/Executable.h:
35598 (JSC::FunctionExecutable::compileForCall):
35599 (JSC::FunctionExecutable::compileForConstruct):
35600 (JSC::FunctionExecutable::compileFor):
35601 (JSC::FunctionExecutable::compileOptimizedFor):
35603 2011-10-20 Filip Pizlo <fpizlo@apple.com>
35605 DFG call optimization handling will fail if the call had been unlinked due
35606 to the callee being optimized
35607 https://bugs.webkit.org/show_bug.cgi?id=70468
35609 Reviewed by Geoff Garen.
35611 If a call had ever been linked, we remember this fact as well as the function
35612 to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
35615 * bytecode/CodeBlock.cpp:
35616 (JSC::CodeBlock::visitAggregate):
35617 * bytecode/CodeBlock.h:
35618 * dfg/DFGByteCodeParser.cpp:
35619 (JSC::DFG::ByteCodeParser::parseBlock):
35620 * dfg/DFGRepatch.cpp:
35621 (JSC::DFG::dfgLinkFor):
35623 (JSC::JIT::linkFor):
35625 2011-10-20 Yuqiang Xian <yuqiang.xian@intel.com>
35627 DFG JIT 32_64 - Fix ByteArray speculation
35628 https://bugs.webkit.org/show_bug.cgi?id=70571
35630 Reviewed by Filip Pizlo.
35632 * dfg/DFGSpeculativeJIT.h:
35633 (JSC::DFG::ValueSource::forPrediction):
35634 * dfg/DFGSpeculativeJIT32_64.cpp:
35635 (JSC::DFG::SpeculativeJIT::compile):
35637 2011-10-20 Vincent Scheib <scheib@chromium.org>
35639 MouseLock compile and run time flags.
35640 https://bugs.webkit.org/show_bug.cgi?id=70530
35642 Reviewed by Darin Fisher.
35646 2011-10-20 Mark Hahnenberg <mhahnenberg@apple.com>
35648 Rename static deleteProperty to deletePropertyByIndex
35649 https://bugs.webkit.org/show_bug.cgi?id=70257
35651 Reviewed by Geoffrey Garen.
35653 Renaming versions of deleteProperty that use an unsigned as the property
35654 name to "deletePropertyByIndex" in preparation for adding them to the
35655 MethodTable, which requires unique names for each method.
35657 * API/JSCallbackObject.h:
35658 * API/JSCallbackObjectFunctions.h:
35659 (JSC::::deletePropertyVirtual):
35660 (JSC::::deletePropertyByIndex):
35661 * runtime/Arguments.cpp:
35662 (JSC::Arguments::deletePropertyVirtual):
35663 (JSC::Arguments::deletePropertyByIndex):
35664 * runtime/Arguments.h:
35665 * runtime/JSArray.cpp:
35666 (JSC::JSArray::deletePropertyVirtual):
35667 (JSC::JSArray::deletePropertyByIndex):
35668 * runtime/JSArray.h:
35669 * runtime/JSCell.cpp:
35670 (JSC::JSCell::deletePropertyVirtual):
35671 (JSC::JSCell::deletePropertyByIndex):
35672 * runtime/JSCell.h:
35673 * runtime/JSNotAnObject.cpp:
35674 (JSC::JSNotAnObject::deletePropertyVirtual):
35675 (JSC::JSNotAnObject::deletePropertyByIndex):
35676 * runtime/JSNotAnObject.h:
35677 * runtime/JSObject.cpp:
35678 (JSC::JSObject::deletePropertyVirtual):
35679 (JSC::JSObject::deletePropertyByIndex):
35680 * runtime/JSObject.h:
35681 * runtime/RegExpMatchesArray.h:
35682 (JSC::RegExpMatchesArray::deletePropertyVirtual):
35683 (JSC::RegExpMatchesArray::deletePropertyByIndex):
35685 2011-10-20 Filip Pizlo <fpizlo@apple.com>
35687 https://bugs.webkit.org/show_bug.cgi?id=70482
35688 DFG-related stubs in the old JIT should not be built if the DFG is disabled
35690 Reviewed by Zoltan Herczeg.
35692 Aiming for a slight code size/build time reduction if the DFG is not in
35693 play. This should also make further DFG development slightly easier since
35694 the bodies of these JIT stubs can now safely refer to things that are only
35695 declared when the DFG is enabled.
35697 * jit/JITStubs.cpp:
35700 2011-10-19 Filip Pizlo <fpizlo@apple.com>
35702 DFG ConvertThis emits slow code when the source node is known to be,
35703 but not predicted to be, a final object
35704 https://bugs.webkit.org/show_bug.cgi?id=70466
35706 Reviewed by Oliver Hunt.
35708 Added a new case in ConvertThis compilation.
35710 * dfg/DFGSpeculativeJIT32_64.cpp:
35711 (JSC::DFG::SpeculativeJIT::compile):
35712 * dfg/DFGSpeculativeJIT64.cpp:
35713 (JSC::DFG::SpeculativeJIT::compile):
35715 2011-10-19 Filip Pizlo <fpizlo@apple.com>
35717 Optimization triggers in the old JIT may sometimes fire repeatedly even
35718 though there is no optimization to be done
35719 https://bugs.webkit.org/show_bug.cgi?id=70467
35721 Reviewed by Oliver Hunt.
35723 If optimize_from_ret does nothing, it delays the next optimization trigger.
35724 This is performance-neutral.
35726 * jit/JITStubs.cpp:
35727 (JSC::DEFINE_STUB_FUNCTION):
35728 * runtime/Heuristics.cpp:
35729 (JSC::Heuristics::initializeHeuristics):
35731 2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
35733 DFG JIT 32_64 - remove unnecessary double unboxings in fillDouble/fillSpeculateDouble
35734 https://bugs.webkit.org/show_bug.cgi?id=70460
35736 Reviewed by Filip Pizlo.
35738 As pointed out by Gavin in bug #70418, when a value is already in memory
35739 we can avoid loading it to two GPRs at first and then unboxing them to a FPR.
35740 This gives 9% improvement on Kraken if without the change in bug #70418,
35741 and 1% if based on the code with bug #70418 change.
35742 Performance is neutral in V8 and SunSpider.
35744 * dfg/DFGJITCodeGenerator32_64.cpp:
35745 (JSC::DFG::JITCodeGenerator::fillDouble):
35746 * dfg/DFGSpeculativeJIT32_64.cpp:
35747 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
35749 2011-10-19 Gavin Barraclough <barraclough@apple.com>
35751 Poisoning of strict caller,arguments inappropriately poisoning "in"
35752 https://bugs.webkit.org/show_bug.cgi?id=63398
35754 Reviewed by Oliver Hunt.
35756 This fixes the problem by correctly implementing the spec -
35757 the error should actually be being thrown from a standard JS getter/setter.
35758 This implements spec correct behaviour for strict mode JS functions & bound
35759 functions, I'll follow up with a patch to do the same for arguments.
35761 * runtime/JSBoundFunction.cpp:
35762 (JSC::JSBoundFunction::finishCreation):
35763 - Add the poisoned caller/arguments properties.
35764 * runtime/JSBoundFunction.h:
35765 * runtime/JSFunction.cpp:
35766 (JSC::JSFunction::finishCreation):
35767 (JSC::JSFunction::getOwnPropertySlot):
35768 (JSC::JSFunction::getOwnPropertyDescriptor):
35769 (JSC::JSFunction::put):
35770 - If the caller/arguments are accessed on a strict mode function, lazily add the ThrowTypeError getter.
35771 * runtime/JSFunction.h:
35772 * runtime/JSGlobalObject.cpp:
35773 (JSC::JSGlobalObject::createThrowTypeError):
35774 (JSC::JSGlobalObject::visitChildren):
35775 * runtime/JSGlobalObject.h:
35776 (JSC::JSGlobalObject::throwTypeErrorGetterSetter):
35777 - Add a ThrowTypeError type, per ES5 13.2.3.
35778 * runtime/JSGlobalObjectFunctions.cpp:
35779 (JSC::globalFuncThrowTypeError):
35780 * runtime/JSGlobalObjectFunctions.h:
35781 - Implementation of ThrowTypeError.
35782 * runtime/JSObject.cpp:
35783 (JSC::JSObject::initializeGetterSetterProperty):
35784 * runtime/JSObject.h:
35785 - This function adds a new property (must not exist already) that is an initialized getter/setter.
35787 2011-10-19 Yuqiang Xian <yuqiang.xian@intel.com>
35789 DFG JIT 32_64 - improve double boxing/unboxing
35790 https://bugs.webkit.org/show_bug.cgi?id=70418
35792 Reviewed by Gavin Barraclough.
35794 Double boxing/unboxing in DFG JIT 32_64 is currently implemented inefficiently,
35795 which tries to exchange data through memory.
35796 On X86 some SSE instructions can help us on such operations with better performance.
35797 This improves 32-bit DFG performance by 29% on Kraken, 7% on SunSpider,
35798 and 2% on V8, tested on Linux X86 (Core i7 Nehalem).
35800 * assembler/MacroAssemblerX86Common.h:
35801 (JSC::MacroAssemblerX86Common::lshiftPacked):
35802 (JSC::MacroAssemblerX86Common::rshiftPacked):
35803 (JSC::MacroAssemblerX86Common::orPacked):
35804 (JSC::MacroAssemblerX86Common::moveInt32ToPacked):
35805 (JSC::MacroAssemblerX86Common::movePackedToInt32):
35806 * assembler/X86Assembler.h:
35807 (JSC::X86Assembler::movd_rr):
35808 (JSC::X86Assembler::psllq_i8r):
35809 (JSC::X86Assembler::psrlq_i8r):
35810 (JSC::X86Assembler::por_rr):
35811 * dfg/DFGJITCodeGenerator.h:
35812 (JSC::DFG::JITCodeGenerator::boxDouble):
35813 (JSC::DFG::JITCodeGenerator::unboxDouble):
35814 * dfg/DFGJITCodeGenerator32_64.cpp:
35815 (JSC::DFG::JITCodeGenerator::fillDouble):
35816 (JSC::DFG::JITCodeGenerator::fillJSValue):
35817 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
35818 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
35819 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
35820 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
35821 * dfg/DFGJITCompiler.h:
35822 (JSC::DFG::JITCompiler::boxDouble):
35823 (JSC::DFG::JITCompiler::unboxDouble):
35824 * dfg/DFGSpeculativeJIT32_64.cpp:
35825 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
35826 (JSC::DFG::SpeculativeJIT::convertToDouble):
35827 (JSC::DFG::SpeculativeJIT::compile):
35829 2011-10-19 Gyuyoung Kim <gyuyoung.kim@samsung.com>
35831 [EFL] Fix DSO linkage of wtf_efl.
35833 Unreviewed build fix.
35835 Need to add -ldl to jsc_efl (requested by dladdr).
35837 * wtf/CMakeListsEfl.txt:
35839 2011-10-19 Geoffrey Garen <ggaren@apple.com>
35841 Removed StringImplBase, fusing it into StringImpl
35842 https://bugs.webkit.org/show_bug.cgi?id=70443
35844 Reviewed by Gavin Barraclough.
35846 * GNUmakefile.list.am:
35847 * JavaScriptCore.gypi:
35848 * JavaScriptCore.order:
35849 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
35850 * JavaScriptCore.xcodeproj/project.pbxproj:
35851 * wtf/CMakeLists.txt:
35852 * wtf/text/StringImpl.h:
35853 (WTF::StringImpl::StringImpl):
35854 (WTF::StringImpl::ref):
35855 (WTF::StringImpl::length):
35856 * wtf/text/StringImplBase.h: Removed.
35857 * wtf/wtf.pri: Removed!
35859 2011-10-19 Mark Hahnenberg <mhahnenberg@apple.com>
35861 Add getConstructData to the MethodTable
35862 https://bugs.webkit.org/show_bug.cgi?id=70163
35864 Reviewed by Geoffrey Garen.
35866 Adding getConstructData to the MethodTable in order to be able to
35867 remove all calls to getConstructDataVirtual soon. Part of the process
35868 of de-virtualizing JSCell.
35870 * JavaScriptCore.exp:
35871 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
35872 * runtime/ClassInfo.h:
35874 2011-10-18 Oliver Hunt <oliver@apple.com>
35876 Support CanvasPixelArray in the DFG
35877 https://bugs.webkit.org/show_bug.cgi?id=70384
35879 Reviewed by Filip Pizlo.
35881 Add support for the old CanvasPixelArray optimisations to the
35882 DFG. This removes the regression seen in the DFG when using
35885 * assembler/MacroAssemblerX86Common.h:
35886 (JSC::MacroAssemblerX86Common::store8):
35887 (JSC::MacroAssemblerX86Common::truncateDoubleToInt32):
35888 * assembler/X86Assembler.h:
35889 (JSC::X86Assembler::movb_rm):
35890 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
35891 * bytecode/PredictedType.cpp:
35892 (JSC::predictionToString):
35893 (JSC::predictionFromClassInfo):
35894 * bytecode/PredictedType.h:
35895 (JSC::isByteArrayPrediction):
35896 * dfg/DFGAbstractState.cpp:
35897 (JSC::DFG::AbstractState::initialize):
35898 (JSC::DFG::AbstractState::execute):
35900 (JSC::DFG::Node::shouldSpeculateByteArray):
35901 * dfg/DFGPropagator.cpp:
35902 (JSC::DFG::Propagator::propagateNodePredictions):
35903 (JSC::DFG::Propagator::fixupNode):
35904 (JSC::DFG::Propagator::performNodeCSE):
35905 * dfg/DFGSpeculativeJIT.cpp:
35906 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
35907 (JSC::DFG::compileClampDoubleToByte):
35908 (JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
35909 (JSC::DFG::SpeculativeJIT::compileGetByValOnByteArray):
35910 * dfg/DFGSpeculativeJIT.h:
35911 * dfg/DFGSpeculativeJIT32_64.cpp:
35912 (JSC::DFG::SpeculativeJIT::compile):
35913 * dfg/DFGSpeculativeJIT64.cpp:
35914 (JSC::DFG::SpeculativeJIT::compile):
35915 * runtime/JSByteArray.h:
35916 (JSC::JSByteArray::offsetOfStorage):
35917 * wtf/ByteArray.cpp:
35919 (WTF::ByteArray::offsetOfSize):
35920 (WTF::ByteArray::offsetOfData):
35922 2011-10-18 Geoffrey Garen <ggaren@apple.com>
35924 Some rope cleanup following r97827
35925 https://bugs.webkit.org/show_bug.cgi?id=70398
35927 Reviewed by Oliver Hunt.
35929 9% speedup on date-format-xparb, neutral overall.
35931 - Removed RopeImpl*.
35932 - Removed JSString::m_fiberCount, since this can be deduced from other data.
35933 - Renamed a jsString() variant to jsStringFromArguments for clarity.
35936 * GNUmakefile.list.am:
35937 * JavaScriptCore.order:
35938 * JavaScriptCore.pro:
35939 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
35940 * JavaScriptCore.xcodeproj/project.pbxproj: Removed RopeImpl*.
35942 * dfg/DFGSpeculativeJIT.cpp:
35943 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
35944 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
35945 * jit/JITInlineMethods.h:
35946 (JSC::JIT::emitLoadCharacterString):
35947 * jit/JITPropertyAccess.cpp:
35948 (JSC::JIT::stringGetByValStubGenerator):
35949 * jit/JITPropertyAccess32_64.cpp:
35950 (JSC::JIT::stringGetByValStubGenerator):
35951 * jit/SpecializedThunkJIT.h:
35952 (JSC::SpecializedThunkJIT::loadJSStringArgument):
35953 * jit/ThunkGenerators.cpp:
35954 (JSC::stringCharLoad): Use a NULL m_value to signal rope-iness, instead
35955 of testing m_fiberCount, since m_fiberCount is gone now.
35957 * runtime/JSString.cpp:
35958 (JSC::JSString::RopeBuilder::expand):
35959 (JSC::JSString::visitChildren):
35960 (JSC::JSString::resolveRope):
35961 (JSC::JSString::resolveRopeSlowCase):
35962 (JSC::JSString::outOfMemory): Use a NULL fiber to indicate "last fiber
35963 in the vector" instead of testing m_fiberCount, since m_fiberCount is gone now.
35965 * runtime/JSString.h:
35966 (JSC::RopeBuilder::JSString):
35967 (JSC::RopeBuilder::finishCreation):
35968 (JSC::RopeBuilder::offsetOfLength):
35969 (JSC::RopeBuilder::isRope):
35970 (JSC::RopeBuilder::string): Removed m_fiberCount. Renamed
35971 jsString => jsStringFromArguments for clarity.
35973 * runtime/Operations.h:
35974 (JSC::jsStringFromArguments): Renamed.
35976 * runtime/RopeImpl.cpp: Removed.
35977 * runtime/RopeImpl.h: Removed.
35979 * runtime/SmallStrings.cpp:
35980 (JSC::SmallStrings::createEmptyString): Switched to StringImpl::empty,
35981 which is slightly faster.
35983 * runtime/StringPrototype.cpp:
35984 (JSC::stringProtoFuncConcat): Updated for rename.
35986 * wtf/text/StringImplBase.h:
35987 (WTF::StringImplBase::StringImplBase): Removed the concept of an invalid
35988 StringImpl, since this was only used by RopeImpl, which is now gone.
35990 2011-10-19 Rafael Antognolli <antognolli@profusion.mobi>
35992 [EFL] Fix DSO linkage of jsc_efl.
35993 https://bugs.webkit.org/show_bug.cgi?id=70412
35995 Unreviewed build fix.
35997 Need to add -ldl to jsc_efl (requested by dladdr).
35999 * shell/CMakeListsEfl.txt:
36001 2011-10-18 Geoffrey Garen <ggaren@apple.com>
36003 Rolled out last Windows build fix because it was wrong.
36005 2011-10-18 Geoffrey Garen <ggaren@apple.com>
36007 Rolled out last Windows build fix because it was wrong.
36009 2011-10-18 Geoffrey Garen <ggaren@apple.com>
36011 Try to fix part of the Windows build.
36015 2011-10-18 Geoffrey Garen <ggaren@apple.com>
36017 Switched ropes from malloc memory to GC memory
36018 https://bugs.webkit.org/show_bug.cgi?id=70364
36020 Reviewed by Gavin Barraclough.
36022 ~1% SunSpider speedup. Neutral elsewhere. Removes one cause for strings
36023 having C++ destructors.
36025 * heap/MarkStack.cpp:
36026 (JSC::visitChildren): Call the JSString visitChildren function now,
36027 since it's no longer a no-op.
36029 * runtime/JSString.cpp:
36030 (JSC::JSString::~JSString): Moved this destructor out of line because
36031 it's called virtually, so there's no value to inlining.
36033 (JSC::JSString::RopeBuilder::expand): Switched RopeBuilder to be a thin
36034 initializing wrapper around JSString. JSString now represents ropes
36035 directly, rather than relying on an underlying malloc object.
36037 (JSC::JSString::visitChildren): Visit our rope fibers, since they're GC
36040 (JSC::JSString::resolveRope):
36041 (JSC::JSString::resolveRopeSlowCase):
36042 (JSC::JSString::outOfMemory): Updated for operating on JSStrings instead
36045 (JSC::JSString::replaceCharacter): Removed optimizations for substringing
36046 ropes and replacing subsections of ropes. We want to reimplement versions
36047 of these optimizations in the future, but this patch already has good
36048 performance without them.
36050 * runtime/JSString.h:
36051 (JSC::RopeBuilder::JSString):
36052 (JSC::RopeBuilder::finishCreation):
36053 (JSC::RopeBuilder::createNull):
36054 (JSC::RopeBuilder::create):
36055 (JSC::RopeBuilder::createHasOtherOwner):
36056 (JSC::jsSingleCharacterString):
36057 (JSC::jsSingleCharacterSubstring):
36058 (JSC::jsNontrivialString):
36060 (JSC::jsSubstring):
36061 (JSC::jsOwnedString): Lots of mechanical changes here. The two important
36062 things are: (1) The fibers in JSString::m_fibers are JSStrings now, not
36063 malloc objects; (2) I simplified the JSString constructor interface to
36064 only accept PassRefPtr<StringImpl>, instead of variations on that like
36065 UString, reducing refcount churn.
36067 * runtime/JSValue.h:
36068 * runtime/JSValue.cpp:
36069 (JSC::JSValue::toPrimitiveString): Updated this function to return a
36070 JSString instead of a UString, since that's what clients want now.
36072 * runtime/Operations.cpp:
36073 (JSC::jsAddSlowCase):
36074 * runtime/Operations.h:
36076 * runtime/SmallStrings.cpp:
36077 (JSC::SmallStrings::createEmptyString): Updated for interface changes above.
36079 * runtime/StringConstructor.cpp:
36080 (JSC::constructWithStringConstructor):
36081 * runtime/StringObject.h:
36082 (JSC::StringObject::create): Don't create a new JSString if we already
36085 * runtime/StringPrototype.cpp:
36086 (JSC::stringProtoFuncConcat): Updated for interface changes above.
36088 2011-10-18 Gavin Barraclough <barraclough@apple.com>
36090 Errrk, fix partial commit of r97825!
36092 * runtime/DatePrototype.cpp:
36093 (JSC::dateProtoFuncToISOString):
36095 2011-10-18 Gavin Barraclough <barraclough@apple.com>
36097 Date.prototype.toISOString fails to throw exception
36098 https://bugs.webkit.org/show_bug.cgi?id=70394
36100 Reviewed by Sam Weinig.
36102 * runtime/DatePrototype.cpp:
36103 (JSC::dateProtoFuncToISOString):
36104 - Should throw a range error if the internal value is not finite.
36106 2011-10-18 Mark Hahnenberg <mhahnenberg@apple.com>
36108 Rename static put to putByIndex
36109 https://bugs.webkit.org/show_bug.cgi?id=70281
36111 Reviewed by Geoffrey Garen.
36113 Renaming versions of deleteProperty that use an unsigned as the property
36114 name to "deletePropertyByIndex" in preparation for adding them to the
36115 MethodTable, which requires unique names for each method.
36117 * dfg/DFGOperations.cpp:
36118 (JSC::DFG::putByVal):
36119 * jit/JITStubs.cpp:
36120 (JSC::DEFINE_STUB_FUNCTION):
36121 * runtime/Arguments.cpp:
36122 (JSC::Arguments::putVirtual):
36123 (JSC::Arguments::putByIndex):
36124 * runtime/Arguments.h:
36125 * runtime/ArrayPrototype.cpp:
36126 (JSC::arrayProtoFuncMap):
36127 * runtime/JSArray.cpp:
36128 (JSC::JSArray::put):
36129 (JSC::JSArray::putVirtual):
36130 (JSC::JSArray::putByIndex):
36131 * runtime/JSArray.h:
36132 * runtime/JSByteArray.cpp:
36133 (JSC::JSByteArray::putVirtual):
36134 (JSC::JSByteArray::putByIndex):
36135 * runtime/JSByteArray.h:
36136 * runtime/JSCell.cpp:
36137 (JSC::JSCell::putVirtual):
36138 (JSC::JSCell::putByIndex):
36139 * runtime/JSCell.h:
36140 * runtime/JSNotAnObject.cpp:
36141 (JSC::JSNotAnObject::putVirtual):
36142 (JSC::JSNotAnObject::putByIndex):
36143 * runtime/JSNotAnObject.h:
36144 * runtime/JSObject.cpp:
36145 (JSC::JSObject::putVirtual):
36146 (JSC::JSObject::putByIndex):
36147 * runtime/JSObject.h:
36148 * runtime/RegExpConstructor.cpp:
36149 (JSC::RegExpMatchesArray::fillArrayInstance):
36150 * runtime/RegExpMatchesArray.h:
36151 (JSC::RegExpMatchesArray::putVirtual):
36152 (JSC::RegExpMatchesArray::putByIndex):
36154 2011-10-18 Gavin Barraclough <barraclough@apple.com>
36156 Array.prototype methods missing exception checks
36157 https://bugs.webkit.org/show_bug.cgi?id=70360
36159 Reviewed by Geoff Garen.
36161 Missing exception checks after calls to the static getProperty helper,
36162 these may result in the wrong exception being thrown (or an ASSERT being hit,
36163 as is currently the case running test-262).
36165 No performance impact.
36167 * runtime/ArrayPrototype.cpp:
36168 (JSC::arrayProtoFuncConcat):
36169 (JSC::arrayProtoFuncReverse):
36170 (JSC::arrayProtoFuncShift):
36171 (JSC::arrayProtoFuncSlice):
36172 (JSC::arrayProtoFuncSplice):
36173 (JSC::arrayProtoFuncUnShift):
36174 (JSC::arrayProtoFuncReduce):
36175 (JSC::arrayProtoFuncReduceRight):
36176 (JSC::arrayProtoFuncIndexOf):
36177 (JSC::arrayProtoFuncLastIndexOf):
36179 2011-10-18 Adam Barth <abarth@webkit.org>
36181 Always enable ENABLE(XPATH)
36182 https://bugs.webkit.org/show_bug.cgi?id=70217
36184 Reviewed by Eric Seidel.
36186 * Configurations/FeatureDefines.xcconfig:
36188 2011-10-18 Gavin Barraclough <barraclough@apple.com>
36190 Indexed arguments on the Arguments object should be enumerable.
36191 https://bugs.webkit.org/show_bug.cgi?id=70302
36193 Reviewed by Sam Weinig.
36195 See ECMA-262 5.1 chapter 10.6 step 11b.
36196 This is visible through a number of means, including Object.keys, Object.getOwnPropertyDescriptor, and operator in.
36198 * runtime/Arguments.cpp:
36199 (JSC::Arguments::getOwnPropertyDescriptor):
36200 - The 'enumerable' property should be true for indexed arguments.
36201 (JSC::Arguments::getOwnPropertyNames):
36202 - Don't guard the adding of indexed properties with 'IncludeDontEnumProperties'.
36204 2011-10-18 Gustavo Noronha Silva <gns@gnome.org>
36208 * GNUmakefile.list.am: fix a typo and add a missing header to the
36211 2011-10-18 Balazs Kelemen <kbalazs@webkit.org>
36213 ParallelJobs: maximum number of threads should be determined dynamically
36214 https://bugs.webkit.org/show_bug.cgi?id=68540
36216 Reviewed by Zoltan Herczeg.
36218 Add logic to determine the number of cores and use this as
36219 the maximum number of threads. The implementation currently
36220 covers Linux, Darwin, Windows, AIX, Solaris, OpenBSD and NetBSD.
36221 The patch was tested on Linux, Mac and Windows which was enough to
36222 cover all code path. It should work on the rest accoring to the
36223 documentation of those OS's. The hard coded constant is still used
36224 on uncovered OS's which should be fixed in the future.
36226 * wtf/ParallelJobs.h: Removed the default value of the requestedJobNumber
36227 argument because clients should always fill it and the 0 default value
36228 was incorrect anyway.
36229 (WTF::ParallelJobs::ParallelJobs):
36230 * wtf/ParallelJobsGeneric.cpp:
36231 (WTF::ParallelEnvironment::determineMaxNumberOfParallelThreads):
36232 * wtf/ParallelJobsGeneric.h:
36233 (WTF::ParallelEnvironment::ParallelEnvironment):
36235 2011-10-17 Gavin Barraclough <barraclough@apple.com>
36237 Reverted r997709, this caused test failures.
36239 * jit/JITStubs.cpp:
36240 (JSC::DEFINE_STUB_FUNCTION):
36241 * runtime/JSObject.cpp:
36242 (JSC::JSObject::hasProperty):
36243 (JSC::JSObject::hasOwnProperty):
36245 2011-10-17 Ryosuke Niwa <rniwa@webkit.org>
36247 Rename deregister* to unregister*
36248 https://bugs.webkit.org/show_bug.cgi?id=70272
36250 Reviewed by Darin Adler.
36252 Renamed deregisterWeakMap to unregisterWeakMap.
36254 * runtime/JSGlobalObject.h:
36255 (JSC::JSGlobalObject::unregisterWeakMap):
36257 2011-10-17 Gavin Barraclough <barraclough@apple.com>
36259 Poisoning of strict caller/arguments inappropriately poisoning "in"
36260 https://bugs.webkit.org/show_bug.cgi?id=63398
36262 Reviewed by Sam Weinig.
36264 The problem here is that the has[Own]Property methods get the slot rather than
36265 the descriptor, and getting the slot may cause the property to be eagerly accessed.
36267 * jit/JITStubs.cpp:
36268 (JSC::DEFINE_STUB_FUNCTION):
36269 - We don't expect hasProperty to ever throw. If it does, it won't get caught
36270 (since it is after the exception check), so ASSERT to guard against this.
36271 * runtime/JSObject.cpp:
36272 (JSC::JSObject::hasProperty):
36273 (JSC::JSObject::hasOwnProperty):
36274 - These methods should not check for the presence of the descriptor; never get the value.
36276 2011-10-17 Gavin Barraclough <barraclough@apple.com>
36278 Exception ordering in String.prototype.replace
36279 https://bugs.webkit.org/show_bug.cgi?id=70290
36281 If pattern is not a regexp, it should be converted toString before the replacement value has it's toString conversion called.
36283 Reviewed by Oliver Hunt.
36285 * runtime/StringPrototype.cpp:
36286 (JSC::stringProtoFuncReplace):
36288 2011-10-17 Filip Pizlo <fpizlo@apple.com>
36290 DFG bytecode parser should understand inline stacks
36291 https://bugs.webkit.org/show_bug.cgi?id=70278
36293 Reviewed by Oliver Hunt.
36295 The DFG bytecode parser is now capable of parsing multiple code blocks at
36296 once. This remains turned off since not all inlining functionality is
36299 This required making a few changes elsewhere in the system. The bytecode
36300 parser now may do some of the same things that the bytecode generator does,
36301 like allocating constants and identifiers. Basic block linking relies on
36302 bytecode indices, which are only meaningful within the context of one basic
36303 block. This is fine, so long as linking is done eagerly whenever switching
36304 from one code block to another.
36306 * bytecode/CodeOrigin.h:
36307 (JSC::CodeOrigin::CodeOrigin):
36308 * bytecompiler/BytecodeGenerator.h:
36309 * dfg/DFGBasicBlock.h:
36310 * dfg/DFGByteCodeParser.cpp:
36311 (JSC::DFG::ByteCodeParser::ByteCodeParser):
36312 (JSC::DFG::ByteCodeParser::get):
36313 (JSC::DFG::ByteCodeParser::set):
36314 (JSC::DFG::ByteCodeParser::getThis):
36315 (JSC::DFG::ByteCodeParser::setThis):
36316 (JSC::DFG::ByteCodeParser::currentCodeOrigin):
36317 (JSC::DFG::ByteCodeParser::getPrediction):
36318 (JSC::DFG::ByteCodeParser::makeSafe):
36319 (JSC::DFG::ByteCodeParser::makeDivSafe):
36320 (JSC::DFG::ByteCodeParser::InlineStackEntry::executable):
36321 (JSC::DFG::ByteCodeParser::InlineStackEntry::~InlineStackEntry):
36322 (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
36323 (JSC::DFG::ByteCodeParser::parseBlock):
36324 (JSC::DFG::ByteCodeParser::linkBlock):
36325 (JSC::DFG::ByteCodeParser::linkBlocks):
36326 (JSC::DFG::ByteCodeParser::setupPredecessors):
36327 (JSC::DFG::ByteCodeParser::buildOperandMapsIfNecessary):
36328 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
36329 (JSC::DFG::ByteCodeParser::parseCodeBlock):
36330 (JSC::DFG::ByteCodeParser::parse):
36332 (JSC::DFG::GetBytecodeBeginForBlock::GetBytecodeBeginForBlock):
36333 (JSC::DFG::GetBytecodeBeginForBlock::operator()):
36334 (JSC::DFG::Graph::blockIndexForBytecodeOffset):
36336 * runtime/Identifier.h:
36337 (JSC::IdentifierMapIndexHashTraits::emptyValue):
36338 * runtime/JSValue.h:
36339 * wtf/StdLibExtras.h:
36340 (WTF::binarySearchWithFunctor):
36342 2011-10-17 Gavin Barraclough <barraclough@apple.com>
36344 Incorrect behavior from String match/search & undefined pattern
36345 https://bugs.webkit.org/show_bug.cgi?id=70286
36347 Reviewed by Sam weinig.
36349 * runtime/StringPrototype.cpp:
36350 (JSC::stringProtoFuncMatch):
36351 - In case of undefined, pattern is "".
36352 (JSC::stringProtoFuncSearch):
36353 - In case of undefined, pattern is "".
36355 2011-10-17 Gavin Barraclough <barraclough@apple.com>
36357 https://bugs.webkit.org/show_bug.cgi?id=70207
36358 After deleting __defineSetter__, it is absent but appears in name list
36360 Reviewed by Darin Adler.
36362 * runtime/JSObject.cpp:
36363 (JSC::JSObject::getOwnPropertyNames):
36364 - This should check whether static functions have been reified.
36366 2011-10-17 Geoffrey Garen <ggaren@apple.com>
36370 * JavaScriptCore.exp: Export!
36372 2011-10-17 Geoffrey Garen <ggaren@apple.com>
36376 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export!
36378 2011-10-17 Geoffrey Garen <ggaren@apple.com>
36382 * heap/HandleStack.cpp: Added a missing #include.
36384 2011-10-17 Geoffrey Garen <ggaren@apple.com>
36388 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed no
36389 longer existant symbol.
36391 * heap/MarkStack.cpp:
36392 (JSC::MarkStackArray::shrinkAllocation): Cast to the right type.
36394 2011-10-17 Geoffrey Garen <ggaren@apple.com>
36396 Simplified GC marking logic
36397 https://bugs.webkit.org/show_bug.cgi?id=70258
36399 Reviewed by Filip Pizlo.
36403 This is a first step toward GC allocating string backing stores, starting
36404 with ropes. It also enables future simplifications and optimizations.
36406 - Replaced some complex mark stack logic with a simple linear stack of
36409 - Replaced logic for short-circuiting marking based on JSType and/or
36410 Structure flags with special cases for object, array, and string.
36412 - Fiddled with inlining for better codegen.
36414 * JavaScriptCore.exp:
36415 * heap/HandleStack.cpp: Build!
36418 (JSC::Heap::Heap): Provide more vptrs to SlotVisitor, for use in marking.
36420 * heap/HeapRootVisitor.h: Removed unused functions that no longer build.
36422 * heap/MarkStack.cpp:
36423 (JSC::MarkStackArray::MarkStackArray):
36424 (JSC::MarkStackArray::~MarkStackArray):
36425 (JSC::MarkStackArray::expand):
36426 (JSC::MarkStackArray::shrinkAllocation):
36427 (JSC::MarkStack::reset):
36428 (JSC::visitChildren):
36429 (JSC::SlotVisitor::drain):
36430 * heap/MarkStack.h:
36431 (JSC::MarkStack::MarkStack):
36432 (JSC::MarkStack::~MarkStack):
36433 (JSC::MarkStackArray::append):
36434 (JSC::MarkStackArray::removeLast):
36435 (JSC::MarkStackArray::isEmpty):
36436 (JSC::MarkStack::append):
36437 (JSC::MarkStack::appendUnbarrieredPointer):
36438 (JSC::MarkStack::internalAppend): Replaced complex mark set logic with
36439 simple linear stack.
36441 * heap/SlotVisitor.h:
36442 (JSC::SlotVisitor::SlotVisitor): Updated for above changes.
36444 * runtime/JSArray.cpp:
36445 (JSC::JSArray::visitChildren):
36446 * runtime/JSArray.h:
36447 * runtime/JSObject.cpp:
36448 (JSC::JSObject::visitChildren):
36449 * runtime/JSObject.h: Don't inline visitChildren; it's too big.
36451 * runtime/Structure.h:
36452 (JSC::MarkStack::internalAppend): Nixed the short-circuit for CompoundType
36453 because it prevented strings from owning GC pointers.
36455 * runtime/WriteBarrier.h:
36456 (JSC::MarkStack::appendValues): No need to validate; internalAppend will
36459 2011-10-17 Adam Roben <aroben@apple.com>
36461 Windows build fix after r97536, part 3
36463 * runtime/JSAPIValueWrapper.h:
36464 * runtime/JSObject.h:
36465 Use JS_EXPORTDATA to export the s_info members.
36467 2011-10-17 Adam Roben <aroben@apple.com>
36469 Interpreter build fix after r97564
36471 * runtime/Executable.cpp:
36472 (JSC::FunctionExecutable::compileForCallInternal):
36473 (JSC::FunctionExecutable::compileForConstructInternal):
36474 Moved declaration of globalData variable into ENABLE(JIT) blocks, since it is only used
36477 2011-10-17 Adam Roben <aroben@apple.com>
36479 Windows build fix after r97536, part 2
36481 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Added back
36482 JSC::setUpStaticFunctionSlot with its new mangled name. SOrted the rest of the file while I
36485 2011-10-17 Adam Roben <aroben@apple.com>
36487 Windows build fix after r97536
36489 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed export of
36490 JSC::setUpStaticFunctionSlot, which no longer exists. Also removed incorrect exports of
36491 s_info members, which need to be exported via JS_EXPORTDATA instead.
36493 2011-10-17 Patrick Gansterer <paroga@webkit.org>
36495 Interpreter build fix after r97436, r97506, r97532 and r97537.
36497 * interpreter/Interpreter.cpp:
36498 (JSC::Interpreter::privateExecute):
36500 2011-10-16 Adam Barth <abarth@webkit.org>
36502 Always disable ENABLE(ON_FIRST_TEXTAREA_FOCUS_SELECT_ALL) and delete associated code
36503 https://bugs.webkit.org/show_bug.cgi?id=70216
36505 Reviewed by Eric Seidel.
36509 2011-10-16 Noel Gordon <noel.gordon@gmail.com>
36511 [chromium] Remove PageAllocatorSymbian.h, OSAllocatorSymbian.cpp, gtk/ThreadingGtk.cpp from gyp project files
36512 https://bugs.webkit.org/show_bug.cgi?id=70205
36514 Reviewed by James Robinson.
36516 wtf/PageAllocatorSymbian.h and wtf/OSAllocatorSymbian.cpp were removed in r97557.
36517 wtf/gtk/ThreadingGtk.cpp was removed in r97269.
36519 * JavaScriptCore.gypi:
36521 2011-10-16 Adam Barth <abarth@webkit.org>
36523 Always enable ENABLE(DOM_STORAGE)
36524 https://bugs.webkit.org/show_bug.cgi?id=70189
36526 Reviewed by Eric Seidel.
36528 * Configurations/FeatureDefines.xcconfig:
36530 2011-10-15 Dan Horák <dan@danny.cz>
36532 The s390 and s390x architectures both use 64-bit double type
36533 that conforms to the IEEE-754 standard.
36535 https://bugs.webkit.org/show_bug.cgi?id=69940
36537 Reviewed by Gavin Barraclough.
36539 * wtf/dtoa/utils.h:
36541 2011-10-14 Filip Pizlo <fpizlo@apple.com>
36543 FunctionExecutable should expose the ability to create unattached FunctionCodeBlocks
36544 https://bugs.webkit.org/show_bug.cgi?id=70157
36546 Reviewed by Geoff Garen.
36548 Added FunctionExecutable::produceCodeBlockFor() and rewired compileForCallInternal()
36549 and compileForConstructInternal() to use this method. This required more cleanly
36550 exposing some of CodeBlock's tiering functionality and moving the CompilationKind
36551 enum to Executable.h, as this was the easiest way to make it available to the
36552 declarations/definitions of CodeBlock, FunctionExecutable, and BytecodeGenerator.
36554 * bytecode/CodeBlock.cpp:
36555 (JSC::CodeBlock::copyDataFrom):
36556 (JSC::CodeBlock::copyDataFromAlternative):
36557 * bytecode/CodeBlock.h:
36558 (JSC::CodeBlock::setAlternative):
36559 * bytecompiler/BytecodeGenerator.h:
36560 * runtime/Executable.cpp:
36561 (JSC::EvalExecutable::compileInternal):
36562 (JSC::ProgramExecutable::compileInternal):
36563 (JSC::FunctionExecutable::produceCodeBlockFor):
36564 (JSC::FunctionExecutable::compileForCallInternal):
36565 (JSC::FunctionExecutable::compileForConstructInternal):
36566 * runtime/Executable.h:
36567 (JSC::FunctionExecutable::codeBlockFor):
36569 2011-10-15 Laszlo Gombos <laszlo.1.gombos@nokia.com>
36571 [Qt] [Symbian] Remove support for the Symbian platform for the QtWebKit port
36572 https://bugs.webkit.org/show_bug.cgi?id=69920
36574 Reviewed by Kenneth Rohde Christiansen.
36576 * JavaScriptCore.pri:
36577 * JavaScriptCore.pro:
36578 * heap/MarkStack.h:
36579 (JSC::::shrinkAllocation):
36580 * jit/ExecutableAllocator.cpp:
36581 * jit/ExecutableAllocator.h:
36582 (JSC::ExecutableAllocator::cacheFlush):
36583 * jit/JITStubs.cpp:
36585 * runtime/ArrayPrototype.cpp:
36586 (JSC::arrayProtoFuncToString):
36587 * runtime/DatePrototype.cpp:
36588 (JSC::formatLocaleDate):
36589 * runtime/StringPrototype.cpp:
36590 (JSC::stringProtoFuncLastIndexOf):
36591 * runtime/TimeoutChecker.cpp:
36593 * wtf/Assertions.cpp:
36594 * wtf/Assertions.h:
36596 * wtf/MathExtras.h:
36597 * wtf/OSAllocator.h:
36598 (WTF::OSAllocator::decommitAndRelease):
36599 * wtf/OSAllocatorSymbian.cpp: Removed.
36600 * wtf/OSRandomSource.cpp:
36601 (WTF::cryptographicallyRandomValuesFromOS):
36602 * wtf/PageAllocation.h:
36603 * wtf/PageAllocatorSymbian.h: Removed.
36604 * wtf/PageBlock.cpp:
36606 * wtf/StackBounds.cpp:
36609 2011-10-15 Yuqiang Xian <yuqiang.xian@intel.com>
36611 Trivial fix for a missing change in r97512
36612 https://bugs.webkit.org/show_bug.cgi?id=70166
36614 Reviewed by Gavin Barraclough.
36616 * dfg/DFGJITCompiler32_64.cpp:
36617 (JSC::DFG::JITCompiler::link):
36619 2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
36621 Rename getOwnPropertySlot to getOwnPropertySlotVirtual
36622 https://bugs.webkit.org/show_bug.cgi?id=69810
36624 Reviewed by Geoffrey Garen.
36626 Renamed the virtual version of getOwnPropertySlot to getOwnPropertySlotVirtual
36627 in preparation for when we add the static getOwnPropertySlot to the MethodTable
36630 Also added a few static getOwnPropertySlot functions where they had been overlooked
36631 before (especially in CodeGeneratorJS.pm).
36633 * API/JSCallbackObject.h:
36634 * API/JSCallbackObjectFunctions.h:
36635 (JSC::::getOwnPropertySlotVirtual):
36636 (JSC::::getOwnPropertySlot):
36637 (JSC::::getOwnPropertyDescriptor):
36638 (JSC::::staticFunctionGetter):
36639 * JavaScriptCore.exp:
36640 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
36641 * debugger/DebuggerActivation.cpp:
36642 (JSC::DebuggerActivation::getOwnPropertySlotVirtual):
36643 (JSC::DebuggerActivation::getOwnPropertySlot):
36644 * debugger/DebuggerActivation.h:
36645 * runtime/Arguments.cpp:
36646 (JSC::Arguments::getOwnPropertySlotVirtual):
36647 (JSC::Arguments::getOwnPropertySlot):
36648 * runtime/Arguments.h:
36649 * runtime/ArrayConstructor.cpp:
36650 (JSC::ArrayConstructor::getOwnPropertySlotVirtual):
36651 (JSC::ArrayConstructor::getOwnPropertySlot):
36652 * runtime/ArrayConstructor.h:
36653 * runtime/ArrayPrototype.cpp:
36654 (JSC::ArrayPrototype::getOwnPropertySlotVirtual):
36655 * runtime/ArrayPrototype.h:
36656 * runtime/BooleanPrototype.cpp:
36657 (JSC::BooleanPrototype::getOwnPropertySlotVirtual):
36658 * runtime/BooleanPrototype.h:
36659 * runtime/DateConstructor.cpp:
36660 (JSC::DateConstructor::getOwnPropertySlotVirtual):
36661 * runtime/DateConstructor.h:
36662 * runtime/DatePrototype.cpp:
36663 (JSC::DatePrototype::getOwnPropertySlotVirtual):
36664 * runtime/DatePrototype.h:
36665 * runtime/ErrorPrototype.cpp:
36666 (JSC::ErrorPrototype::getOwnPropertySlotVirtual):
36667 * runtime/ErrorPrototype.h:
36668 * runtime/JSActivation.cpp:
36669 (JSC::JSActivation::getOwnPropertySlotVirtual):
36670 * runtime/JSActivation.h:
36671 * runtime/JSArray.cpp:
36672 (JSC::JSArray::getOwnPropertySlotVirtual):
36673 (JSC::JSArray::getOwnPropertySlot):
36674 * runtime/JSArray.h:
36675 * runtime/JSBoundFunction.cpp:
36676 (JSC::JSBoundFunction::getOwnPropertySlotVirtual):
36677 * runtime/JSBoundFunction.h:
36678 * runtime/JSByteArray.cpp:
36679 (JSC::JSByteArray::getOwnPropertySlotVirtual):
36680 * runtime/JSByteArray.h:
36681 * runtime/JSCell.cpp:
36682 (JSC::JSCell::getOwnPropertySlotVirtual):
36683 * runtime/JSCell.h:
36684 * runtime/JSFunction.cpp:
36685 (JSC::JSFunction::getOwnPropertySlotVirtual):
36686 (JSC::JSFunction::getOwnPropertyDescriptor):
36687 (JSC::JSFunction::getOwnPropertyNames):
36688 (JSC::JSFunction::put):
36689 * runtime/JSFunction.h:
36690 * runtime/JSGlobalObject.cpp:
36691 (JSC::JSGlobalObject::getOwnPropertySlotVirtual):
36692 * runtime/JSGlobalObject.h:
36693 (JSC::JSGlobalObject::hasOwnPropertyForWrite):
36694 * runtime/JSNotAnObject.cpp:
36695 (JSC::JSNotAnObject::getOwnPropertySlotVirtual):
36696 * runtime/JSNotAnObject.h:
36697 * runtime/JSONObject.cpp:
36698 (JSC::Stringifier::Holder::appendNextProperty):
36699 (JSC::JSONObject::getOwnPropertySlotVirtual):
36700 (JSC::Walker::walk):
36701 * runtime/JSONObject.h:
36702 * runtime/JSObject.cpp:
36703 (JSC::JSObject::getOwnPropertySlotVirtual):
36704 (JSC::JSObject::getOwnPropertySlot):
36705 (JSC::JSObject::hasOwnProperty):
36706 * runtime/JSObject.h:
36707 (JSC::JSObject::getOwnPropertySlotVirtual):
36708 (JSC::JSCell::fastGetOwnPropertySlot):
36709 (JSC::JSObject::getPropertySlot):
36710 (JSC::JSValue::get):
36711 * runtime/JSStaticScopeObject.cpp:
36712 (JSC::JSStaticScopeObject::getOwnPropertySlotVirtual):
36713 * runtime/JSStaticScopeObject.h:
36714 * runtime/JSString.cpp:
36715 (JSC::JSString::getOwnPropertySlotVirtual):
36716 (JSC::JSString::getOwnPropertySlot):
36717 * runtime/JSString.h:
36718 * runtime/Lookup.h:
36719 (JSC::getStaticPropertySlot):
36720 (JSC::getStaticFunctionSlot):
36721 (JSC::getStaticValueSlot):
36722 * runtime/MathObject.cpp:
36723 (JSC::MathObject::getOwnPropertySlotVirtual):
36724 * runtime/MathObject.h:
36725 * runtime/NumberConstructor.cpp:
36726 (JSC::NumberConstructor::getOwnPropertySlotVirtual):
36727 * runtime/NumberConstructor.h:
36728 * runtime/NumberPrototype.cpp:
36729 (JSC::NumberPrototype::getOwnPropertySlotVirtual):
36730 * runtime/NumberPrototype.h:
36731 * runtime/ObjectConstructor.cpp:
36732 (JSC::ObjectConstructor::getOwnPropertySlotVirtual):
36733 * runtime/ObjectConstructor.h:
36734 * runtime/ObjectPrototype.cpp:
36735 (JSC::ObjectPrototype::getOwnPropertySlotVirtual):
36736 * runtime/ObjectPrototype.h:
36737 * runtime/RegExpConstructor.cpp:
36738 (JSC::RegExpConstructor::getOwnPropertySlotVirtual):
36739 * runtime/RegExpConstructor.h:
36740 * runtime/RegExpMatchesArray.h:
36741 (JSC::RegExpMatchesArray::getOwnPropertySlotVirtual):
36742 * runtime/RegExpObject.cpp:
36743 (JSC::RegExpObject::getOwnPropertySlotVirtual):
36744 * runtime/RegExpObject.h:
36745 * runtime/RegExpPrototype.cpp:
36746 (JSC::RegExpPrototype::getOwnPropertySlotVirtual):
36747 * runtime/RegExpPrototype.h:
36748 * runtime/StringConstructor.cpp:
36749 (JSC::StringConstructor::getOwnPropertySlotVirtual):
36750 * runtime/StringConstructor.h:
36751 * runtime/StringObject.cpp:
36752 (JSC::StringObject::getOwnPropertySlotVirtual):
36753 * runtime/StringObject.h:
36754 * runtime/StringPrototype.cpp:
36755 (JSC::StringPrototype::getOwnPropertySlotVirtual):
36756 * runtime/StringPrototype.h:
36758 2011-10-14 Gavin Barraclough <baraclough@apple.com>
36760 Most built-in properties are not deletable
36761 https://bugs.webkit.org/show_bug.cgi?id=61014
36763 Reviewed by Filip Pizlo.
36765 Our static hash tables don't allow for deleting properties.
36766 This is the cause of a bunch of expected failures in LayoutTests/sputnik.
36768 This fixes the problem by reifying all static functions immediately prior
36769 to the first deletion. Reification is tracked by a flag on the structure,
36770 so properties will no longer 'bounce-back' on later access.
36772 Theoretically there could probably also be an issue with custom accessor
36773 properties, but we probably do not really require any of these to be
36774 Configurable anyway. I'll follow up with a separate patch to address this.
36776 * runtime/ClassInfo.h:
36777 (JSC::ClassInfo::hasStaticProperties):
36778 - detects static property tables.
36779 * runtime/JSObject.cpp:
36780 (JSC::JSObject::deleteProperty):
36781 - call reifyStaticFunctions before deletion.
36782 (JSC::JSObject::reifyStaticFunctions):
36783 - If the class has static functions, set them up now.
36784 * runtime/JSObject.h:
36785 (JSC::JSObject::staticFunctionsReified):
36786 - returns true if static functions have been reified,
36787 and as such should no longer be added.
36788 * runtime/Lookup.cpp:
36789 (JSC::setUpStaticFunctionSlot):
36790 - If static functions have been reified do not add.
36791 * runtime/Lookup.h:
36792 (JSC::HashTable::ConstIterator::ConstIterator):
36793 (JSC::HashTable::ConstIterator::operator->):
36794 (JSC::HashTable::ConstIterator::operator*):
36795 (JSC::HashTable::ConstIterator::operator!=):
36796 (JSC::HashTable::ConstIterator::operator++):
36797 (JSC::HashTable::ConstIterator::skipInvalidKeys):
36798 (JSC::HashTable::begin):
36799 (JSC::HashTable::end):
36800 (JSC::getStaticPropertySlot):
36801 (JSC::getStaticPropertyDescriptor):
36802 (JSC::getStaticFunctionSlot):
36803 (JSC::getStaticFunctionDescriptor):
36804 - setUpStaticFunctionSlot may not add, returns a bool.
36806 - remove redundant branch.
36807 * runtime/Structure.cpp:
36808 (JSC::Structure::Structure):
36809 - initialize new flag in constructors.
36810 * runtime/Structure.h:
36811 (JSC::Structure::staticFunctionsReified):
36812 (JSC::Structure::setStaticFunctionsReified):
36815 2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
36817 Rename virtual put to putVirtual
36818 https://bugs.webkit.org/show_bug.cgi?id=69851
36820 Reviewed by Darin Adler.
36822 Renamed virtual versions of put to putVirtual in prepration for
36823 adding the static put to the MethodTable in ClassInfo since the
36824 compiler gets mad if the virtual and static versions have the same
36827 * API/JSCallbackObject.h:
36828 * API/JSCallbackObjectFunctions.h:
36829 (JSC::::putVirtual):
36830 * API/JSObjectRef.cpp:
36831 (JSObjectSetProperty):
36832 (JSObjectSetPropertyAtIndex):
36833 * JavaScriptCore.exp:
36834 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
36835 * debugger/DebuggerActivation.cpp:
36836 (JSC::DebuggerActivation::putVirtual):
36837 (JSC::DebuggerActivation::put):
36838 * debugger/DebuggerActivation.h:
36839 * dfg/DFGOperations.cpp:
36840 (JSC::DFG::putByVal):
36841 * interpreter/Interpreter.cpp:
36842 (JSC::Interpreter::execute):
36843 * jit/JITStubs.cpp:
36844 (JSC::DEFINE_STUB_FUNCTION):
36846 (GlobalObject::finishCreation):
36847 * runtime/Arguments.cpp:
36848 (JSC::Arguments::putVirtual):
36849 * runtime/Arguments.h:
36850 * runtime/ArrayPrototype.cpp:
36851 (JSC::putProperty):
36852 (JSC::arrayProtoFuncConcat):
36853 (JSC::arrayProtoFuncPush):
36854 (JSC::arrayProtoFuncReverse):
36855 (JSC::arrayProtoFuncShift):
36856 (JSC::arrayProtoFuncSlice):
36857 (JSC::arrayProtoFuncSort):
36858 (JSC::arrayProtoFuncSplice):
36859 (JSC::arrayProtoFuncUnShift):
36860 (JSC::arrayProtoFuncFilter):
36861 (JSC::arrayProtoFuncMap):
36862 * runtime/JSActivation.cpp:
36863 (JSC::JSActivation::putVirtual):
36864 * runtime/JSActivation.h:
36865 * runtime/JSArray.cpp:
36866 (JSC::JSArray::putVirtual):
36867 (JSC::JSArray::putSlowCase):
36868 (JSC::JSArray::push):
36869 (JSC::JSArray::shiftCount):
36870 (JSC::JSArray::unshiftCount):
36871 * runtime/JSArray.h:
36872 * runtime/JSByteArray.cpp:
36873 (JSC::JSByteArray::putVirtual):
36874 * runtime/JSByteArray.h:
36875 * runtime/JSCell.cpp:
36876 (JSC::JSCell::putVirtual):
36877 (JSC::JSCell::put):
36878 * runtime/JSCell.h:
36879 * runtime/JSFunction.cpp:
36880 (JSC::JSFunction::putVirtual):
36881 * runtime/JSFunction.h:
36882 * runtime/JSGlobalObject.cpp:
36883 (JSC::JSGlobalObject::putVirtual):
36884 (JSC::JSGlobalObject::putWithAttributes):
36885 * runtime/JSGlobalObject.h:
36886 * runtime/JSNotAnObject.cpp:
36887 (JSC::JSNotAnObject::putVirtual):
36888 * runtime/JSNotAnObject.h:
36889 * runtime/JSONObject.cpp:
36890 (JSC::Walker::walk):
36891 * runtime/JSObject.cpp:
36892 (JSC::JSObject::putVirtual):
36893 (JSC::JSObject::put):
36894 (JSC::JSObject::defineOwnProperty):
36895 * runtime/JSObject.h:
36896 (JSC::JSValue::put):
36897 * runtime/JSStaticScopeObject.cpp:
36898 (JSC::JSStaticScopeObject::putVirtual):
36899 * runtime/JSStaticScopeObject.h:
36900 * runtime/Lookup.h:
36902 * runtime/ObjectPrototype.cpp:
36903 (JSC::ObjectPrototype::putVirtual):
36904 * runtime/ObjectPrototype.h:
36905 * runtime/RegExpConstructor.cpp:
36906 (JSC::RegExpMatchesArray::fillArrayInstance):
36907 (JSC::RegExpConstructor::putVirtual):
36908 * runtime/RegExpConstructor.h:
36909 * runtime/RegExpMatchesArray.h:
36910 (JSC::RegExpMatchesArray::putVirtual):
36911 * runtime/RegExpObject.cpp:
36912 (JSC::RegExpObject::putVirtual):
36913 * runtime/RegExpObject.h:
36914 * runtime/StringObject.cpp:
36915 (JSC::StringObject::putVirtual):
36916 * runtime/StringObject.h:
36917 * runtime/StringPrototype.cpp:
36918 (JSC::stringProtoFuncSplit):
36920 2011-10-13 Filip Pizlo <fpizlo@apple.com>
36922 Reflective Arguments retrieval should be hardened for the
36923 possibility of inlining
36924 https://bugs.webkit.org/show_bug.cgi?id=70068
36926 Reviewed by Oliver Hunt.
36928 CodeBlock can now track, as part of its RareData, the virtual inline
36929 stack at callsites. CallFrame walking can now rematerialize "inline"
36930 CallFrames by combining the meta-data in CodeBlock with the information
36931 already in the JS stack. Arguments can now safely retrieve the
36932 arguments from inline CallFrames.
36934 The DFG already had the notion of a "CodeOrigin" in preparation for
36935 inlining. This notion will now be saved into the CodeBlock, if the DFG
36936 had done inlining. So, CodeOrigin has been moved to bytecode/ and has
36937 been changed to behave more like a struct since that is how it's
36940 * GNUmakefile.list.am:
36941 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
36942 * JavaScriptCore.xcodeproj/project.pbxproj:
36943 * bytecode/CodeBlock.h:
36944 (JSC::CodeBlock::inlineCallFrames):
36945 (JSC::CodeBlock::codeOrigins):
36946 (JSC::CodeBlock::hasCodeOrigins):
36947 (JSC::CodeBlock::codeOriginForReturn):
36948 * bytecode/CodeOrigin.h: Added.
36949 (JSC::CodeOrigin::CodeOrigin):
36950 (JSC::CodeOrigin::isSet):
36951 (JSC::getCallReturnOffsetForCodeOrigin):
36952 * dfg/DFGJITCompiler.cpp:
36953 (JSC::DFG::JITCompiler::link):
36955 * dfg/DFGSpeculativeJIT.cpp:
36956 (JSC::DFG::SpeculativeJIT::compile):
36957 * dfg/DFGSpeculativeJIT32_64.cpp:
36958 (JSC::DFG::SpeculativeJIT::compile):
36959 * dfg/DFGSpeculativeJIT64.cpp:
36960 (JSC::DFG::SpeculativeJIT::compile):
36961 * interpreter/CallFrame.cpp:
36962 (JSC::CallFrame::isInlineCallFrame):
36963 (JSC::CallFrame::trueCallerFrame):
36964 * interpreter/CallFrame.h:
36965 (JSC::ExecState::inlineCallFrame):
36966 (JSC::ExecState::setInlineCallFrame):
36967 (JSC::ExecState::isInlineCallFrame):
36968 (JSC::ExecState::trueCallerFrame):
36969 * interpreter/Interpreter.cpp:
36970 (JSC::Interpreter::findFunctionCallFrame):
36971 * interpreter/Register.h:
36972 (JSC::Register::operator=):
36973 (JSC::Register::inlineCallFrame):
36974 * runtime/Arguments.h:
36975 (JSC::Arguments::getArgumentsData):
36976 (JSC::Arguments::finishCreationButDontCopyRegisters):
36977 (JSC::Arguments::finishCreation):
36978 (JSC::Arguments::finishCreationAndCopyRegisters):
36979 * runtime/Executable.h:
36980 (JSC::FunctionExecutable::parameterCount):
36982 2011-10-14 Mark Hahnenberg <mhahnenberg@apple.com>
36984 Rename virtual deleteProperty to deletePropertyVirtual
36985 https://bugs.webkit.org/show_bug.cgi?id=69884
36987 Reviewed by Darin Adler.
36989 Renamed virtual versions of deleteProperty to deletePropertyVirtual in prepration for
36990 adding the static deleteProperty to the MethodTable in ClassInfo since the
36991 compiler gets mad if the virtual and static versions have the same name.
36993 * API/JSCallbackObject.h:
36994 * API/JSCallbackObjectFunctions.h:
36995 (JSC::::deletePropertyVirtual):
36996 (JSC::::deleteProperty):
36997 * API/JSObjectRef.cpp:
36998 (JSObjectDeleteProperty):
36999 * JavaScriptCore.exp:
37000 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
37001 * debugger/DebuggerActivation.cpp:
37002 (JSC::DebuggerActivation::deletePropertyVirtual):
37003 (JSC::DebuggerActivation::deleteProperty):
37004 * debugger/DebuggerActivation.h:
37005 * jit/JITStubs.cpp:
37006 (JSC::DEFINE_STUB_FUNCTION):
37007 * runtime/Arguments.cpp:
37008 (JSC::Arguments::deletePropertyVirtual):
37009 * runtime/Arguments.h:
37010 * runtime/ArrayPrototype.cpp:
37011 (JSC::arrayProtoFuncPop):
37012 (JSC::arrayProtoFuncReverse):
37013 (JSC::arrayProtoFuncShift):
37014 (JSC::arrayProtoFuncSplice):
37015 (JSC::arrayProtoFuncUnShift):
37016 * runtime/JSActivation.cpp:
37017 (JSC::JSActivation::deletePropertyVirtual):
37018 * runtime/JSActivation.h:
37019 * runtime/JSArray.cpp:
37020 (JSC::JSArray::deletePropertyVirtual):
37021 (JSC::JSArray::deleteProperty):
37022 * runtime/JSArray.h:
37023 * runtime/JSCell.cpp:
37024 (JSC::JSCell::deletePropertyVirtual):
37025 (JSC::JSCell::deleteProperty):
37026 * runtime/JSCell.h:
37027 * runtime/JSFunction.cpp:
37028 (JSC::JSFunction::deletePropertyVirtual):
37029 * runtime/JSFunction.h:
37030 * runtime/JSNotAnObject.cpp:
37031 (JSC::JSNotAnObject::deletePropertyVirtual):
37032 * runtime/JSNotAnObject.h:
37033 * runtime/JSONObject.cpp:
37034 (JSC::Walker::walk):
37035 * runtime/JSObject.cpp:
37036 (JSC::JSObject::deletePropertyVirtual):
37037 (JSC::JSObject::deleteProperty):
37038 (JSC::JSObject::defineOwnProperty):
37039 * runtime/JSObject.h:
37040 * runtime/JSVariableObject.cpp:
37041 (JSC::JSVariableObject::deletePropertyVirtual):
37042 * runtime/JSVariableObject.h:
37043 * runtime/RegExpMatchesArray.h:
37044 (JSC::RegExpMatchesArray::deletePropertyVirtual):
37045 * runtime/StrictEvalActivation.cpp:
37046 (JSC::StrictEvalActivation::deletePropertyVirtual):
37047 * runtime/StrictEvalActivation.h:
37048 * runtime/StringObject.cpp:
37049 (JSC::StringObject::deletePropertyVirtual):
37050 * runtime/StringObject.h:
37052 2011-10-14 Peter Beverloo <peter@chromium.org>
37054 [Chromium] Inherit settings from Chromium's envsetup.sh, address a NDK todo
37055 https://bugs.webkit.org/show_bug.cgi?id=70028
37057 Reviewed by Adam Barth.
37059 * JavaScriptCore.gyp/JavaScriptCore.gyp:
37061 2011-10-14 Yuqiang Xian <yuqiang.xian@intel.com>
37063 DFG JIT 32_64 - Performance fix for ResolveGlobal
37064 https://bugs.webkit.org/show_bug.cgi?id=70096
37066 Reviewed by Gavin Barraclough.
37068 Structure check of global object should be a pointer comparison
37069 instead of a tag and payload pair comparison. This fix improves
37070 SunSpider by 7% on Linux 32, with bitops-bitwise-and improved by 4.75X.
37071 Also two trivial fixes for successful 32-bit build are included.
37073 * dfg/DFGSpeculativeJIT.cpp:
37074 * dfg/DFGSpeculativeJIT32_64.cpp:
37075 (JSC::DFG::SpeculativeJIT::compile):
37077 2011-10-13 Filip Pizlo <fpizlo@apple.com>
37079 Speculation failures in ValueToInt32 are causing a 2x slow-down
37080 in Kraken/stanford-crypto-pbkdf2
37081 https://bugs.webkit.org/show_bug.cgi?id=70089
37083 Reviewed by Gavin Barraclough.
37085 If we can't truncate to Int32 using machine code, then don't fail
37086 speculation. Just call JSC::toInt32.
37088 * dfg/DFGJITCodeGenerator.h:
37089 (JSC::DFG::callOperation):
37090 * dfg/DFGOperations.h:
37091 * dfg/DFGSpeculativeJIT.cpp:
37092 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
37093 * dfg/DFGSpeculativeJIT64.cpp:
37094 (JSC::DFG::SpeculativeJIT::compile):
37096 2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
37098 Rename virtual getConstructData to getConstructDataVirtual
37099 https://bugs.webkit.org/show_bug.cgi?id=69872
37101 Reviewed by Geoffrey Garen.
37103 Renamed virtual getConstructData functions to getConstructDataVirtual to
37104 avoid conflicts when we add static getConstructData to the MethodTable.
37106 * API/JSCallbackConstructor.cpp:
37107 (JSC::JSCallbackConstructor::getConstructDataVirtual):
37108 * API/JSCallbackConstructor.h:
37109 * API/JSCallbackObject.h:
37110 * API/JSCallbackObjectFunctions.h:
37111 (JSC::::getConstructDataVirtual):
37112 * API/JSObjectRef.cpp:
37113 (JSObjectIsConstructor):
37114 (JSObjectCallAsConstructor):
37115 * JavaScriptCore.exp:
37116 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
37117 * dfg/DFGOperations.cpp:
37118 * jit/JITStubs.cpp:
37119 (JSC::DEFINE_STUB_FUNCTION):
37120 * runtime/ArrayConstructor.cpp:
37121 (JSC::ArrayConstructor::getConstructDataVirtual):
37122 * runtime/ArrayConstructor.h:
37123 * runtime/BooleanConstructor.cpp:
37124 (JSC::BooleanConstructor::getConstructDataVirtual):
37125 * runtime/BooleanConstructor.h:
37126 * runtime/DateConstructor.cpp:
37127 (JSC::DateConstructor::getConstructDataVirtual):
37128 * runtime/DateConstructor.h:
37130 (JSC::StrictModeTypeErrorFunction::getConstructDataVirtual):
37131 * runtime/ErrorConstructor.cpp:
37132 (JSC::ErrorConstructor::getConstructDataVirtual):
37133 * runtime/ErrorConstructor.h:
37134 * runtime/FunctionConstructor.cpp:
37135 (JSC::FunctionConstructor::getConstructDataVirtual):
37136 * runtime/FunctionConstructor.h:
37137 * runtime/JSCell.cpp:
37138 (JSC::JSCell::getConstructDataVirtual):
37139 * runtime/JSCell.h:
37140 (JSC::getConstructData):
37141 * runtime/JSFunction.cpp:
37142 (JSC::JSFunction::getConstructDataVirtual):
37143 * runtime/JSFunction.h:
37144 * runtime/NativeErrorConstructor.cpp:
37145 (JSC::NativeErrorConstructor::getConstructDataVirtual):
37146 * runtime/NativeErrorConstructor.h:
37147 * runtime/NumberConstructor.cpp:
37148 (JSC::NumberConstructor::getConstructDataVirtual):
37149 * runtime/NumberConstructor.h:
37150 * runtime/ObjectConstructor.cpp:
37151 (JSC::ObjectConstructor::getConstructDataVirtual):
37152 * runtime/ObjectConstructor.h:
37153 * runtime/RegExpConstructor.cpp:
37154 (JSC::RegExpConstructor::getConstructDataVirtual):
37155 * runtime/RegExpConstructor.h:
37156 * runtime/StringConstructor.cpp:
37157 (JSC::StringConstructor::getConstructDataVirtual):
37158 * runtime/StringConstructor.h:
37160 2011-10-13 Filip Pizlo <fpizlo@apple.com>
37162 Rubber stamped Stephanie Lewis.
37164 DFG_ENABLE() macro was always returning false.
37168 2011-10-13 Gavin Barraclough <baraclough@apple.com>
37170 Speculative build fix for !DFG builds.
37173 (JSC::JIT::privateCompile):
37175 2011-10-13 Oliver Hunt <oliver@apple.com>
37177 Fix performance of ValueToInt32 node when predicting double
37178 https://bugs.webkit.org/show_bug.cgi?id=70063
37180 Reviewed by Filip Pizlo.
37182 Currently we fail to inline double to int conversion when
37183 performing a ValueToInt32 operation on a value we predict
37186 * dfg/DFGAbstractState.cpp:
37187 (JSC::DFG::AbstractState::execute):
37188 Apply correct filter for the double prediction path
37189 * dfg/DFGJITCodeGenerator32_64.cpp:
37190 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
37191 * dfg/DFGJITCodeGenerator64.cpp:
37192 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
37193 Support double parameters even when value has been spilled.
37194 * dfg/DFGSpeculativeJIT.cpp:
37195 (JSC::DFG::SpeculativeJIT::compileValueToInt32):
37196 Moved old valueToInt32 code to this function, and added
37197 path for double prediction
37198 * dfg/DFGSpeculativeJIT.h:
37199 * dfg/DFGSpeculativeJIT32_64.cpp:
37200 (JSC::DFG::SpeculativeJIT::compile):
37201 * dfg/DFGSpeculativeJIT64.cpp:
37202 (JSC::DFG::SpeculativeJIT::compile):
37203 Made the two implementations of ValueToInt32 call a single
37204 shared compileValueToInt32 function.
37206 2011-10-13 Chris Marrin <cmarrin@apple.com>
37208 Sync requestAnimationFrame callback to CVDisplayLink on Mac
37209 https://bugs.webkit.org/show_bug.cgi?id=68911
37211 Reviewed by Simon Fraser.
37213 Add REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR for implementations
37214 that use the DisplayRefreshMonitor logic.
37218 2011-10-13 Gavin Barraclough <baraclough@apple.com>
37220 DFG JIT should not be using ENABLE macro to enable features
37221 https://bugs.webkit.org/show_bug.cgi?id=70060
37223 Reviewed by Oliver Hunt.
37225 The ENABLE macro is only intended to be used to detect features that are configured
37226 in Platform.h. Using its to detect settings defined in other headers is an error.
37228 The problem is that the ENABLE macro checks if the value is defined, so will silently
37229 return false if you fail to include the header defining the switch. This is not a problem
37230 if (1) the settings are defined in the same header that defines the macro that tests them,
37231 or (2) the header is included everywhere. In the case of ENABLE settings defined in
37232 Platform.h, both are true! To make this clear, add an explicit DFG_ENABLE macro.
37234 * bytecode/CodeBlock.cpp:
37235 * dfg/DFGByteCodeParser.cpp:
37236 (JSC::DFG::ByteCodeParser::getPrediction):
37237 (JSC::DFG::ByteCodeParser::makeSafe):
37238 * dfg/DFGCapabilities.h:
37239 (JSC::DFG::canCompileOpcode):
37240 * dfg/DFGGraph.cpp:
37241 (JSC::DFG::Graph::predictArgumentTypes):
37242 * dfg/DFGJITCodeGenerator.cpp:
37243 * dfg/DFGJITCodeGenerator.h:
37244 * dfg/DFGJITCompiler.cpp:
37245 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
37246 (JSC::DFG::JITCompiler::compileBody):
37247 (JSC::DFG::JITCompiler::link):
37248 * dfg/DFGJITCompiler.h:
37249 (JSC::DFG::JITCompiler::noticeOSREntry):
37250 * dfg/DFGJITCompiler32_64.cpp:
37251 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
37252 (JSC::DFG::JITCompiler::compileBody):
37253 (JSC::DFG::JITCompiler::link):
37255 * dfg/DFGOSREntry.cpp:
37256 (JSC::DFG::prepareOSREntry):
37257 * dfg/DFGOperations.cpp:
37258 * dfg/DFGOperations.h:
37259 * dfg/DFGPropagator.cpp:
37260 (JSC::DFG::Propagator::fixpoint):
37261 (JSC::DFG::Propagator::propagateArithNodeFlags):
37262 (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
37263 (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
37264 (JSC::DFG::Propagator::propagateNodePredictions):
37265 (JSC::DFG::Propagator::propagatePredictionsForward):
37266 (JSC::DFG::Propagator::propagatePredictionsBackward):
37267 (JSC::DFG::Propagator::propagatePredictions):
37268 (JSC::DFG::Propagator::toDouble):
37269 (JSC::DFG::Propagator::fixupNode):
37270 (JSC::DFG::Propagator::fixup):
37271 (JSC::DFG::Propagator::startIndexForChildren):
37272 (JSC::DFG::Propagator::endIndexForPureCSE):
37273 (JSC::DFG::Propagator::setReplacement):
37274 (JSC::DFG::Propagator::eliminate):
37275 (JSC::DFG::Propagator::performNodeCSE):
37276 (JSC::DFG::Propagator::localCSE):
37277 (JSC::DFG::Propagator::allocateVirtualRegisters):
37278 (JSC::DFG::Propagator::performBlockCFA):
37279 (JSC::DFG::Propagator::performForwardCFA):
37280 (JSC::DFG::Propagator::globalCFA):
37281 * dfg/DFGScoreBoard.h:
37282 * dfg/DFGSpeculativeJIT.cpp:
37283 (JSC::DFG::SpeculativeJIT::compile):
37284 * dfg/DFGSpeculativeJIT.h:
37285 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
37286 * dfg/DFGSpeculativeJIT32_64.cpp:
37287 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
37288 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
37289 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
37290 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
37291 (JSC::DFG::SpeculativeJIT::compile):
37292 * dfg/DFGSpeculativeJIT64.cpp:
37293 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
37294 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
37295 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
37296 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
37297 (JSC::DFG::SpeculativeJIT::compile):
37299 (JSC::JIT::privateCompile):
37301 2011-10-13 Gavin Barraclough <baraclough@apple.com>
37303 terminateSpeculativeExecution for fillSpeculateDouble with DataFormatCell
37305 Rubber stamped by Filip Pizlo
37307 This is breaking fast/canvas/canvas-composite-alpha.html on 32_64 DFG JIT.
37309 * dfg/DFGSpeculativeJIT32_64.cpp:
37310 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
37311 * dfg/DFGSpeculativeJIT64.cpp:
37312 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
37314 2011-10-13 Mark Hahnenberg <mhahnenberg@apple.com>
37316 De-virtualized JSCell::toNumber
37317 https://bugs.webkit.org/show_bug.cgi?id=69858
37319 Reviewed by Sam Weinig.
37322 Removed JSCallbackObject::toNumber because its no longer necessary since
37323 JSObject::toNumber now suffices since we implicitly add valueOf to an object's
37324 prototype whenever a convertToType callback is provided.
37325 * API/JSCallbackObject.h:
37326 * API/JSCallbackObjectFunctions.h:
37327 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
37329 De-virtualized JSCell::toNumber, JSObject::toNumber, and JSString::toNumber.
37330 * runtime/JSCell.cpp:
37331 (JSC::JSCell::toNumber):
37332 * runtime/JSCell.h:
37333 * runtime/JSObject.h:
37334 * runtime/JSString.h:
37336 Removed JSNotAnObject::toNumber because its result doesn't matter and it implements
37337 defaultValue, therefore JSObject::toNumber can cover its case.
37338 * runtime/JSNotAnObject.cpp:
37339 * runtime/JSNotAnObject.h:
37341 2011-10-13 Xianzhu Wang <wangxianzhu@chromium.org>
37343 Use realloc() to expand/shrink StringBuilder buffer
37344 https://bugs.webkit.org/show_bug.cgi?id=69913
37346 Reviewed by Darin Adler.
37348 * wtf/text/StringBuilder.cpp:
37349 (WTF::StringBuilder::reserveCapacity):
37350 (WTF::StringBuilder::reallocateBuffer):
37351 (WTF::StringBuilder::appendUninitialized):
37352 (WTF::StringBuilder::shrinkToFit):
37353 * wtf/text/StringBuilder.h:
37354 * wtf/text/StringImpl.cpp:
37355 (WTF::StringImpl::reallocate): Added to allow StringBuilder to reallocate the buffer.
37356 * wtf/text/StringImpl.h:
37358 2011-10-12 Filip Pizlo <fpizlo@apple.com>
37360 If an Arguments object is being used to copy the arguments, then
37362 https://bugs.webkit.org/show_bug.cgi?id=69995
37364 Reviewed by Sam Weinig.
37366 * interpreter/Interpreter.cpp:
37367 (JSC::Interpreter::retrieveArguments):
37368 * runtime/Arguments.h:
37369 (JSC::Arguments::createAndCopyRegisters):
37370 (JSC::Arguments::finishCreationButDontCopyRegisters):
37371 (JSC::Arguments::finishCreation):
37372 (JSC::Arguments::finishCreationAndCopyRegisters):
37374 2011-10-12 Filip Pizlo <fpizlo@apple.com>
37376 DFG CFA does not filter structures aggressively enough.
37377 https://bugs.webkit.org/show_bug.cgi?id=69989
37379 Reviewed by Oliver Hunt.
37381 * dfg/DFGAbstractValue.h:
37382 (JSC::DFG::AbstractValue::clear):
37383 (JSC::DFG::AbstractValue::makeTop):
37384 (JSC::DFG::AbstractValue::clobberStructures):
37385 (JSC::DFG::AbstractValue::set):
37386 (JSC::DFG::AbstractValue::merge):
37387 (JSC::DFG::AbstractValue::filter):
37388 (JSC::DFG::AbstractValue::checkConsistency):
37390 2011-10-12 Adam Barth <abarth@webkit.org>
37392 Remove ENABLE(XHTMLMP) and associated code
37393 https://bugs.webkit.org/show_bug.cgi?id=69729
37395 Reviewed by David Levin.
37397 * Configurations/FeatureDefines.xcconfig:
37399 2011-10-12 Gavin Barraclough <baraclough@apple.com>
37401 MacroAssemblerX86 8-bit register ops unsafe on CPU(X86)
37402 https://bugs.webkit.org/show_bug.cgi?id=69978
37404 Reviewed by Filip Pizlo.
37406 Certain ops are unsafe if the register passed is esp..edi (will instead test/set the ).
37408 compare32/test8/test32 Call setCC, which sets an 8-bit register - we can fix this by adding
37409 a couple of xchg instructions.
37411 branchTest8 with a register argument is also affected. In all cases this is currently used
37412 this is testing a value that is correct to 32 or more bits, so we can simply switch these
37413 to branchTest32 & remove the corresponding branchTest8 (this is desirable anyway, since the
37414 32-bit form is cheaper to implement on platforms that don't have an 8-bit compare instruction).
37416 This fixes the remaining fast/js failures with the DFG JIT 32_64.
37418 * assembler/MacroAssemblerARMv7.h
37419 - removed branchTest8.
37420 * assembler/MacroAssemblerX86Common.h:
37421 (JSC::MacroAssemblerX86Common::compare32):
37422 (JSC::MacroAssemblerX86Common::test8):
37423 (JSC::MacroAssemblerX86Common::test32):
37424 (JSC::MacroAssemblerX86Common::set32):
37425 - added set32 helper that is 'h' register safe.
37426 - removed branchTest8.
37427 * dfg/DFGJITCodeGenerator32_64.cpp:
37428 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
37429 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
37430 - switch uses of branchTest8 to branchTest32.
37431 * dfg/DFGJITCodeGenerator64.cpp:
37432 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
37433 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
37434 - switch uses of branchTest8 to branchTest32.
37435 * dfg/DFGSpeculativeJIT32_64.cpp:
37436 (JSC::DFG::SpeculativeJIT::emitBranch):
37437 - switch uses of branchTest8 to branchTest32.
37438 * dfg/DFGSpeculativeJIT64.cpp:
37439 (JSC::DFG::SpeculativeJIT::emitBranch):
37440 - switch uses of branchTest8 to branchTest32.
37442 2011-10-12 Gavin Barraclough <baraclough@apple.com>
37444 Errrk, revert accidental commit!
37448 2011-10-12 Gavin Barraclough <baraclough@apple.com>
37450 Unreviewed, re-land changes from #69890, #69903.
37452 These were reverted due to bug #69897, but #69903 fixed this problem.
37454 * dfg/DFGJITCodeGenerator.h:
37455 (JSC::DFG::JITCodeGenerator::silentFillGPR):
37457 2011-10-12 Filip Pizlo <fpizlo@apple.com>
37459 ValueProfile::computeUpdatedPrediction doesn't merge statistics correctly
37460 https://bugs.webkit.org/show_bug.cgi?id=69906
37462 Reviewed by Gavin Barraclough.
37464 It turns out that the simplest fix is to switch computeUpdatedPredictions()
37465 to using predictionFromValue() combined with mergePrediction(). Doing so
37466 allowed me to kill off weakBuckets and visitWeakReferences(). Hence this
37467 not only fixes a performance bug but kills off a lot of code that I never
37468 liked to begin with.
37470 This appears to be a 1% win on V8.
37472 * bytecode/CodeBlock.cpp:
37473 (JSC::CodeBlock::visitAggregate):
37474 * bytecode/CodeBlock.h:
37475 * bytecode/PredictedType.cpp:
37476 (JSC::predictionFromValue):
37477 * bytecode/ValueProfile.cpp:
37478 (JSC::ValueProfile::computeStatistics):
37479 (JSC::ValueProfile::computeUpdatedPrediction):
37480 * bytecode/ValueProfile.h:
37481 (JSC::ValueProfile::classInfo):
37482 (JSC::ValueProfile::numberOfSamples):
37483 (JSC::ValueProfile::isLive):
37484 (JSC::ValueProfile::dump):
37486 2011-10-12 Mark Hahnenberg <mhahnenberg@apple.com>
37488 De-virtualize JSCell::toString
37489 https://bugs.webkit.org/show_bug.cgi?id=69677
37491 Reviewed by Sam Weinig.
37493 Removed toString from JSCallbackObject, since it is no
37494 longer necessary since we now implicitly add toString and valueOf
37495 functions to object prototypes when a convertToType callback
37496 is provided, which is now the standard way to override toString
37497 and valueOf in the JSC C API.
37498 * API/JSCallbackObject.h:
37499 * API/JSCallbackObjectFunctions.h:
37500 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
37502 Removed toString from InterruptedExecutionError and
37503 TerminatedExecutionError and replaced it with defaultValue,
37504 which JSObject::toString calls. We'll probably have to de-virtualize
37505 defaultValue eventually, but we'll cross that bridge when we
37507 * runtime/ExceptionHelpers.cpp:
37508 (JSC::InterruptedExecutionError::defaultValue):
37509 (JSC::TerminatedExecutionError::defaultValue):
37510 * runtime/ExceptionHelpers.h:
37512 Removed toString from JSNotAnObject, since its return value doesn't
37513 actually matter and JSObject::toString can cover it.
37514 * runtime/JSNotAnObject.cpp:
37515 * runtime/JSNotAnObject.h:
37517 De-virtualized JSCell::toString, JSObject::toString and JSString::toString.
37518 Added handling of all cases for JSCell to JSCell::toString.
37519 * runtime/JSObject.h:
37520 * runtime/JSString.h:
37521 * runtime/JSCell.cpp:
37522 (JSC::JSCell::toString):
37523 * runtime/JSCell.h:
37525 2011-10-12 Oliver Hunt <oliver@apple.com>
37527 Global stringStructure caches its prototype chain, abandoning a web page
37528 https://bugs.webkit.org/show_bug.cgi?id=69952
37530 Reviewed by Filip Pizlo.
37532 When visiting a structure, we don't keep the prototype chain
37533 alive if we're not the structure for an object type.
37535 * runtime/Structure.cpp:
37536 (JSC::Structure::visitChildren):
37538 2011-10-12 Yuqiang Xian <yuqiang.xian@intel.com>
37540 DFG JIT 32_64 - Fix ArrayPop
37541 https://bugs.webkit.org/show_bug.cgi?id=69918
37543 Reviewed by Filip Pizlo.
37545 The storageLengthGPR is polluted by EmptyValueTag and later used to
37546 index the array, which results in abnormal behaviors in execution.
37547 This fix makes 32_64 DFG pass v8-deltablue and kraken
37548 crypto-sha256-iterative on Linux ia32.
37550 * assembler/MacroAssemblerX86Common.h:
37551 (JSC::MacroAssemblerX86Common::store32):
37552 * assembler/X86Assembler.h:
37553 (JSC::X86Assembler::movl_i32m):
37554 * dfg/DFGSpeculativeJIT32_64.cpp:
37555 (JSC::DFG::SpeculativeJIT::compile):
37557 2011-10-12 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
37559 Fix build with GLib 2.31
37560 https://bugs.webkit.org/show_bug.cgi?id=69840
37562 Reviewed by Martin Robinson.
37564 * GNUmakefile.list.am: removed ThreadingGtk.cpp.
37565 * wtf/ThreadingPrimitives.h: remove GTK+-specific definitions.
37566 * wtf/gobject/GOwnPtr.cpp: remove GCond and GMutex specializations.
37567 * wtf/gobject/GOwnPtr.h: ditto.
37568 * wtf/gobject/GTypedefs.h: remove GCond and GMutex forward declarations.
37569 * wtf/gtk/ThreadingGtk.cpp: Removed.
37571 2011-10-12 Filip Pizlo <fpizlo@apple.com>
37573 Layout tests crashing in DFG JIT code
37574 https://bugs.webkit.org/show_bug.cgi?id=69897
37576 Reviewed by Gavin Barraclough.
37578 Abstract value filtration didn't take into account cases where a structure
37579 set filter, combined with predicted type knowledge, could lead to a stronger
37580 filter for the structure abstract value.
37582 This bug would have been benign in release builds; it would have just meant
37583 that the analysis was less precise and some optimization opportunities would
37584 be missed. I have an ASSERT that is meant to catch such cases, and it was
37585 triggering sporadically in one of the LayoutTests.
37587 * dfg/DFGAbstractValue.h:
37588 (JSC::DFG::AbstractValue::filter):
37590 2011-10-11 Gavin Barraclough <baraclough@apple.com>
37592 Unreviewed, temporarily reverted r97216 due to bug #69897.
37594 * dfg/DFGJITCodeGenerator.h:
37595 (JSC::DFG::JITCodeGenerator::silentFillGPR):
37597 2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
37599 DFG 32_64 - fix silentFillGPR
37600 https://bugs.webkit.org/show_bug.cgi?id=69903
37602 Reviewed by Filip Pizlo.
37604 Fix a small bug in silentFillGPR,
37605 and add the newly introduced DFG file to CMakeListsEfl.
37607 * CMakeListsEfl.txt:
37608 * dfg/DFGJITCodeGenerator.h:
37609 (JSC::DFG::JITCodeGenerator::silentFillGPR):
37611 2011-10-08 Filip Pizlo <fpizlo@apple.com>
37613 DFG does not have flow-sensitive intraprocedural control flow analysis
37614 https://bugs.webkit.org/show_bug.cgi?id=69690
37616 Reviewed by Gavin Barraclough.
37618 Implemented a control flow analysis (CFA). It currently propagates type
37619 proofs only. For example, if all predecessors to a basic block have
37620 checks that variable X is a JSFinalObject with structure 0xabcdef, then
37621 this basic block will now know this fact and will know that it does not
37622 have to emit either JSFinalObject checks or any structure checks since
37623 the structure is precisely known. The CFA takes heap side-effects into
37624 account (though somewhat conservatively), so that if the object pointed
37625 to by variable X could have possibly undergone a structure transition
37626 then this is reflected: the analysis may simply say that X's structure
37629 This also propagates a wealth of other type information which is
37630 currently not being used. For example, we now know when a variable can
37631 only hold doubles. Even if a variable may hold other types at different
37632 points in its live range, we can still prove exactly when it will only
37635 There's a bunch of stuff that the CFA could do that it still does not
37636 do, like precise handling of PutStructure (i.e. structure transitions),
37637 precise handling of CheckFunction and CheckMethod, etc. So this is
37638 very much intended to be a starting point rather than an end unto
37641 This is a 1% win on V8 (mostly due to a 3% win on richards and deltablue)
37642 and a 1% win on Kraken (mostly due to a 6% win on imaging-desaturate).
37643 Neutral on SunSpider.
37645 * GNUmakefile.list.am:
37646 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
37647 * JavaScriptCore.xcodeproj/project.pbxproj:
37648 * bytecode/ActionablePrediction.h: Removed.
37649 * bytecode/PredictedType.cpp:
37650 (JSC::predictionToString):
37651 * bytecode/PredictedType.h:
37652 * dfg/DFGAbstractState.cpp: Added.
37653 (JSC::DFG::AbstractState::AbstractState):
37654 (JSC::DFG::AbstractState::~AbstractState):
37655 (JSC::DFG::AbstractState::beginBasicBlock):
37656 (JSC::DFG::AbstractState::initialize):
37657 (JSC::DFG::AbstractState::endBasicBlock):
37658 (JSC::DFG::AbstractState::reset):
37659 (JSC::DFG::AbstractState::execute):
37660 (JSC::DFG::AbstractState::clobberStructures):
37661 (JSC::DFG::AbstractState::mergeStateAtTail):
37662 (JSC::DFG::AbstractState::merge):
37663 (JSC::DFG::AbstractState::mergeToSuccessors):
37664 (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
37665 (JSC::DFG::AbstractState::dump):
37666 * dfg/DFGAbstractState.h: Added.
37667 (JSC::DFG::AbstractState::forNode):
37668 (JSC::DFG::AbstractState::isValid):
37669 * dfg/DFGAbstractValue.h: Added.
37670 (JSC::DFG::StructureAbstractValue::StructureAbstractValue):
37671 (JSC::DFG::StructureAbstractValue::clear):
37672 (JSC::DFG::StructureAbstractValue::makeTop):
37673 (JSC::DFG::StructureAbstractValue::top):
37674 (JSC::DFG::StructureAbstractValue::add):
37675 (JSC::DFG::StructureAbstractValue::addAll):
37676 (JSC::DFG::StructureAbstractValue::contains):
37677 (JSC::DFG::StructureAbstractValue::isSubsetOf):
37678 (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan):
37679 (JSC::DFG::StructureAbstractValue::isSupersetOf):
37680 (JSC::DFG::StructureAbstractValue::filter):
37681 (JSC::DFG::StructureAbstractValue::isClear):
37682 (JSC::DFG::StructureAbstractValue::isTop):
37683 (JSC::DFG::StructureAbstractValue::size):
37684 (JSC::DFG::StructureAbstractValue::at):
37685 (JSC::DFG::StructureAbstractValue::operator[]):
37686 (JSC::DFG::StructureAbstractValue::last):
37687 (JSC::DFG::StructureAbstractValue::predictionFromStructures):
37688 (JSC::DFG::StructureAbstractValue::operator==):
37689 (JSC::DFG::StructureAbstractValue::dump):
37690 (JSC::DFG::AbstractValue::AbstractValue):
37691 (JSC::DFG::AbstractValue::clear):
37692 (JSC::DFG::AbstractValue::isClear):
37693 (JSC::DFG::AbstractValue::makeTop):
37694 (JSC::DFG::AbstractValue::clobberStructures):
37695 (JSC::DFG::AbstractValue::isTop):
37696 (JSC::DFG::AbstractValue::top):
37697 (JSC::DFG::AbstractValue::set):
37698 (JSC::DFG::AbstractValue::operator==):
37699 (JSC::DFG::AbstractValue::merge):
37700 (JSC::DFG::AbstractValue::filter):
37701 (JSC::DFG::AbstractValue::validate):
37702 (JSC::DFG::AbstractValue::dump):
37703 * dfg/DFGBasicBlock.h: Added.
37704 (JSC::DFG::BasicBlock::BasicBlock):
37705 (JSC::DFG::BasicBlock::getBytecodeBegin):
37706 * dfg/DFGByteCodeParser.cpp:
37707 (JSC::DFG::ByteCodeParser::getLocal):
37708 (JSC::DFG::ByteCodeParser::setLocal):
37709 (JSC::DFG::ByteCodeParser::getArgument):
37710 (JSC::DFG::ByteCodeParser::setArgument):
37711 (JSC::DFG::ByteCodeParser::parseBlock):
37712 (JSC::DFG::ByteCodeParser::processPhiStack):
37713 (JSC::DFG::ByteCodeParser::setupPredecessors):
37714 * dfg/DFGGraph.cpp:
37715 (JSC::DFG::Graph::dump):
37717 * dfg/DFGJITCodeGenerator.h:
37719 * dfg/DFGJITCodeGenerator32_64.cpp:
37720 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
37721 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
37722 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
37723 * dfg/DFGJITCodeGenerator64.cpp:
37724 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
37725 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
37726 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
37727 * dfg/DFGJITCompiler.h:
37728 (JSC::DFG::JITCompiler::noticeOSREntry):
37730 (JSC::DFG::NodeIndexTraits::defaultValue):
37731 (JSC::DFG::Node::variableAccessData):
37732 (JSC::DFG::Node::takenBytecodeOffsetDuringParsing):
37733 (JSC::DFG::Node::notTakenBytecodeOffsetDuringParsing):
37734 (JSC::DFG::Node::setTakenBlockIndex):
37735 (JSC::DFG::Node::setNotTakenBlockIndex):
37736 (JSC::DFG::Node::takenBlockIndex):
37737 (JSC::DFG::Node::notTakenBlockIndex):
37738 * dfg/DFGOSREntry.cpp:
37739 (JSC::DFG::prepareOSREntry):
37740 * dfg/DFGOSREntry.h:
37741 * dfg/DFGOperands.h: Added.
37742 (JSC::DFG::operandIsArgument):
37743 (JSC::DFG::OperandValueTraits::defaultValue):
37744 (JSC::DFG::Operands::Operands):
37745 (JSC::DFG::Operands::numberOfArguments):
37746 (JSC::DFG::Operands::numberOfLocals):
37747 (JSC::DFG::Operands::argument):
37748 (JSC::DFG::Operands::local):
37749 (JSC::DFG::Operands::setLocal):
37750 (JSC::DFG::Operands::setArgumentFirstTime):
37751 (JSC::DFG::Operands::setLocalFirstTime):
37752 (JSC::DFG::Operands::operand):
37753 (JSC::DFG::Operands::setOperand):
37754 (JSC::DFG::Operands::clear):
37755 (JSC::DFG::dumpOperands):
37756 * dfg/DFGPropagator.cpp:
37757 (JSC::DFG::Propagator::fixpoint):
37758 (JSC::DFG::Propagator::propagateArithNodeFlags):
37759 (JSC::DFG::Propagator::propagateNodePredictions):
37760 (JSC::DFG::Propagator::propagatePredictions):
37761 (JSC::DFG::Propagator::performBlockCFA):
37762 (JSC::DFG::Propagator::performForwardCFA):
37763 (JSC::DFG::Propagator::globalCFA):
37764 * dfg/DFGSpeculativeJIT.cpp:
37765 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
37766 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
37767 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
37768 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
37769 (JSC::DFG::SpeculativeJIT::compile):
37770 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
37771 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
37772 * dfg/DFGSpeculativeJIT.h:
37773 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
37774 * dfg/DFGSpeculativeJIT32_64.cpp:
37775 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
37776 (JSC::DFG::SpeculativeJIT::compare):
37777 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
37778 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
37779 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
37780 (JSC::DFG::SpeculativeJIT::emitBranch):
37781 (JSC::DFG::SpeculativeJIT::compile):
37782 * dfg/DFGSpeculativeJIT64.cpp:
37783 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
37784 (JSC::DFG::SpeculativeJIT::compare):
37785 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
37786 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
37787 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
37788 (JSC::DFG::SpeculativeJIT::emitBranch):
37789 (JSC::DFG::SpeculativeJIT::compile):
37790 * dfg/DFGStructureSet.h:
37791 (JSC::DFG::StructureSet::clear):
37792 (JSC::DFG::StructureSet::predictionFromStructures):
37793 (JSC::DFG::StructureSet::operator==):
37794 (JSC::DFG::StructureSet::dump):
37795 * dfg/DFGVariableAccessData.h: Added.
37797 2011-10-11 Gavin Barraclough <baraclough@apple.com>
37799 DFG JIT 32_64 - Fix silentFillGPR for non-integer constants.
37800 https://bugs.webkit.org/show_bug.cgi?id=69890
37802 Reviewed by Oliver Hunt.
37804 Cell constants are currently hitting the valueOfInt32Constant case, there is no constant handling for JSValues.
37806 * dfg/DFGJITCodeGenerator.h:
37807 (JSC::DFG::JITCodeGenerator::silentFillGPR):
37809 2011-10-11 Ryosuke Niwa <rniwa@webkit.org>
37811 GTK build fix attempt after r97197.
37815 2011-10-11 Oliver Hunt <oliver@apple.com>
37817 Remove unintentional logging.
37821 2011-10-11 Oliver Hunt <oliver@apple.com>
37823 Tidy up card walking logic
37824 https://bugs.webkit.org/show_bug.cgi?id=69883
37826 Reviewed by Gavin Barraclough.
37828 Special case common cell sizes when walking a block's
37832 (JSC::::testAndClear):
37834 (JSC::GCTimer::GCCounter::GCCounter):
37835 (JSC::GCTimer::GCCounter::count):
37836 (JSC::GCTimer::GCCounter::~GCCounter):
37837 (JSC::Heap::markRoots):
37838 * heap/MarkStack.cpp:
37839 (JSC::MarkStack::reset):
37840 * heap/MarkStack.h:
37841 (JSC::MarkStack::visitCount):
37842 (JSC::MarkStack::MarkStack):
37843 (JSC::MarkStack::append):
37844 * heap/MarkedBlock.h:
37845 (JSC::MarkedBlock::gatherDirtyCellsWithSize):
37846 (JSC::MarkedBlock::gatherDirtyCells):
37847 * runtime/Structure.h:
37848 (JSC::MarkStack::internalAppend):
37850 2011-10-11 Filip Pizlo <fpizlo@apple.com>
37852 DFG virtual register allocator should be more aggressive in
37853 reusing temporary slots
37854 https://bugs.webkit.org/show_bug.cgi?id=69868
37856 Reviewed by Oliver Hunt.
37858 1.2% win on V8, neutral elsewhere. The win is probably because it
37859 increases precision of GC conservative scans.
37861 This required making the DFG::ScoreBoard operate over a bitvector
37862 of preserved variables, rather than just a preserved variable
37863 threshold. To do this, I improved the WTF::BitVector class to make
37864 it more user-friendly. It still retains all previous functionality.
37865 Also made changes to PackedIntVector to accomodate those changes.
37866 Finally, this adds more debugging to the virtual register allocator
37867 and to the OSR exit code, as this was necessary to track down bugs
37868 in an earlier version of this patch.
37870 * dfg/DFGByteCodeParser.cpp:
37871 (JSC::DFG::ByteCodeParser::ByteCodeParser):
37872 (JSC::DFG::ByteCodeParser::getLocal):
37874 * dfg/DFGJITCompiler.cpp:
37875 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
37876 * dfg/DFGPropagator.cpp:
37877 (JSC::DFG::Propagator::allocateVirtualRegisters):
37878 * dfg/DFGScoreBoard.h:
37879 (JSC::DFG::ScoreBoard::ScoreBoard):
37880 (JSC::DFG::ScoreBoard::~ScoreBoard):
37881 (JSC::DFG::ScoreBoard::allocate):
37882 (JSC::DFG::ScoreBoard::use):
37883 (JSC::DFG::ScoreBoard::highWatermark):
37884 (JSC::DFG::ScoreBoard::dump):
37885 (JSC::DFG::ScoreBoard::max):
37886 * dfg/DFGSpeculativeJIT.cpp:
37887 (JSC::DFG::ValueRecovery::dump):
37888 * wtf/BitVector.cpp:
37889 (WTF::BitVector::setSlow):
37890 (WTF::BitVector::resizeOutOfLine):
37891 (WTF::BitVector::dump):
37893 (WTF::BitVector::BitVector):
37894 (WTF::BitVector::operator=):
37895 (WTF::BitVector::quickGet):
37896 (WTF::BitVector::quickSet):
37897 (WTF::BitVector::quickClear):
37898 (WTF::BitVector::get):
37899 (WTF::BitVector::set):
37900 (WTF::BitVector::clear):
37901 * wtf/PackedIntVector.h:
37902 (WTF::PackedIntVector::get):
37903 (WTF::PackedIntVector::set):
37905 2011-10-11 Gavin Barraclough <baraclough@apple.com>
37907 DFG JIT 32_64 - Switch to cdecl calling convention.
37908 https://bugs.webkit.org/show_bug.cgi?id=69863
37910 Reviewed by Oliver Hunt.
37912 This makes it easier to keep the stack correctly aligned, which is required on OS X.
37914 * assembler/MacroAssemblerCodeRef.h:
37915 (JSC::FunctionPtr::FunctionPtr):
37916 - Provide default FunctionPtr constructors for CDECL functions on STDCALL platforms.
37917 * dfg/DFGJITCodeGenerator.h:
37918 (JSC::DFG::callOperation):
37919 - Switch calls to poke arguments rather than pushing them.
37920 (JSC::DFG::resetCallArguments):
37921 (JSC::DFG::addCallArgument):
37922 (JSC::DFG::addCallArgumentBoxed):
37923 - Helper functions to stack up call arguments on X86.
37924 * dfg/DFGJITCodeGenerator32_64.cpp:
37925 (JSC::DFG::JITCodeGenerator::emitCall):
37926 - Don't push, poke!
37927 * dfg/DFGJITCompiler32_64.cpp:
37928 (JSC::DFG::JITCompiler::compileBody):
37929 - Don't push, poke!
37930 * dfg/DFGOperations.cpp:
37931 - Switch ReturnAddress wrappers to push return address last, update asm trampolines.
37932 * dfg/DFGOperations.h:
37933 - switch DFG_OPERATION to assert CDECL on STDCALL platforms.
37934 * dfg/DFGSpeculativeJIT32_64.cpp:
37935 (JSC::DFG::fmodWithCDecl):
37936 (JSC::DFG::SpeculativeJIT::compile):
37937 - On STDCALL platforms wrap fmod, since DFG_OPERATION wrappers are CDECL.
37939 2011-10-11 Gavin Barraclough <baraclough@apple.com>
37941 Switch RegisterSizedBoolean/dfgConvertJSValueToInt32 return type to size_t
37942 https://bugs.webkit.org/show_bug.cgi?id=69821
37944 Reviewed by Filip Pizlo.
37946 Operations returning types Z (int32_t) and B (RegisterSizedBoolean - implemented as an
37947 intptr_t) are indistinguishable on 32-bit Linux, preventing the DFG JIT from building.
37949 dfgConvertJSValueToInt32 would be better returning a value known to be register sized, for
37950 JSVALUE64 (we currently zero-extend in JIT code, potentially introducing an unnecessary
37951 move), so by switching all associated operations to return a size_t we can fix the type
37952 problem on Linux & make it a small tweak that removes an unnecessary instruction.
37954 * dfg/DFGJITCodeGenerator.cpp:
37955 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
37956 - comparisons now return a size_t.
37957 * dfg/DFGJITCodeGenerator.h:
37958 (JSC::DFG::callOperation):
37959 - Removed Z_DFGOperation_EJ form.
37960 * dfg/DFGJITCodeGenerator32_64.cpp:
37961 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
37962 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
37963 - comparisons now return a size_t.
37964 * dfg/DFGJITCodeGenerator64.cpp:
37965 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
37966 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
37967 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
37968 - comparisons now return a size_t.
37969 * dfg/DFGOperations.cpp:
37970 * dfg/DFGOperations.h:
37971 - Change return types for comparison operations & dfgConvertJSValueToInt32 to size_t,
37972 Both need to return values zero extended to fill a register.
37973 * dfg/DFGSpeculativeJIT.cpp:
37974 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
37975 - comparisons now return a size_t.
37976 * dfg/DFGSpeculativeJIT.h:
37977 * dfg/DFGSpeculativeJIT32_64.cpp:
37978 (JSC::DFG::SpeculativeJIT::compare):
37979 - comparisons now return a size_t.
37980 * dfg/DFGSpeculativeJIT64.cpp:
37981 (JSC::DFG::SpeculativeJIT::compare):
37982 - comparisons now return a size_t.
37984 2011-10-11 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
37986 [Qt] Remove all references to QTDIR_build and standalone_package
37988 Qt is now modularized, which means we no longer import WebKit into
37989 the Qt source tree. Instead we use git submodules, and building
37990 QtWebKit as "part of Qt" is really building QtWebKit as from trunk.
37992 To decrease the number of buildsystem configurations we also remove
37993 the standalone_package code-path used when we were providing tarballs
37994 with the derived sources pre-generated.
37996 Reviewed by Simon Hausmann.
37998 * DerivedSources.pro:
37999 * JavaScriptCore.pri:
38000 * JavaScriptCore.pro:
38002 2011-10-11 Yuqiang Xian <yuqiang.xian@intel.com>
38004 Add missing copyright notice in DFG JIT files
38005 https://bugs.webkit.org/show_bug.cgi?id=69809
38007 Reviewed by Gavin Barraclough.
38009 * dfg/DFGJITCodeGenerator32_64.cpp:
38010 * dfg/DFGJITCompiler32_64.cpp:
38011 * dfg/DFGJITCompilerInlineMethods.h:
38012 * dfg/DFGSpeculativeJIT32_64.cpp:
38014 2011-10-10 Filip Pizlo <fpizlo@apple.com>
38016 DFG JSVALUE64 spill/fill code should not box integers and doubles
38017 https://bugs.webkit.org/show_bug.cgi?id=69782
38019 Reviewed by Oliver Hunt.
38021 Added the notion of DataFormatInteger and DataFormatDouble to the spillFormat.
38022 This required changing all of the places that spill registers (both silently
38023 and not) and filling registers (both silently and on demand). It also required
38024 changing OSR exit to recognize that a spilled value (DisplacedInRegisterFile)
38025 may have the wrong format for the old JIT (unboxed int or double).
38027 This is a slight win on Kraken (0.25%) and neutral elsewhere.
38029 * dfg/DFGGenerationInfo.h:
38030 (JSC::DFG::GenerationInfo::spill):
38031 * dfg/DFGJITCodeGenerator.h:
38032 (JSC::DFG::JITCodeGenerator::silentFillFPR):
38033 (JSC::DFG::JITCodeGenerator::spill):
38034 * dfg/DFGJITCodeGenerator64.cpp:
38035 (JSC::DFG::JITCodeGenerator::fillInteger):
38036 (JSC::DFG::JITCodeGenerator::fillDouble):
38037 (JSC::DFG::JITCodeGenerator::fillJSValue):
38038 * dfg/DFGJITCompiler.cpp:
38039 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
38040 * dfg/DFGSpeculativeJIT.cpp:
38041 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
38042 * dfg/DFGSpeculativeJIT.h:
38043 (JSC::DFG::ValueRecovery::displacedInRegisterFile):
38044 (JSC::DFG::ValueRecovery::virtualRegister):
38045 * dfg/DFGSpeculativeJIT64.cpp:
38046 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
38047 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
38048 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
38049 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
38051 2011-10-10 Gavin Barraclough <baraclough@apple.com>
38053 DFG JIT switch dfgConvert methods to use callOperation
38054 https://bugs.webkit.org/show_bug.cgi?id=69806
38056 Reviewed by Filip Pizlo.
38058 * dfg/DFGJITCodeGenerator.h:
38059 (JSC::DFG::callOperation):
38060 * dfg/DFGJITCodeGenerator32_64.cpp:
38061 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
38062 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
38063 * dfg/DFGJITCodeGenerator64.cpp:
38064 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
38065 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
38066 * dfg/DFGOperations.h:
38068 2011-10-10 Gavin Barraclough <baraclough@apple.com>
38070 Remove some unused methods from the DFG JIT.
38072 Rubber stamped by Oliver Hunt
38074 Thee methods were only used by the non-speculative JIT, and can be removed.
38076 * dfg/DFGJITCodeGenerator.h:
38077 * dfg/DFGJITCodeGenerator32_64.cpp:
38078 * dfg/DFGJITCodeGenerator64.cpp:
38081 nonSpeculativeArithSub
38082 nonSpeculativeArithMod
38083 nonSpeculativeCheckHasInstance
38084 nonSpeculativeInstanceOf
38085 * dfg/DFGOperations.cpp:
38086 * dfg/DFGOperations.h:
38089 operationInstanceOf
38090 operationThrowHasInstanceError
38092 2011-10-10 Gavin Barraclough <baraclough@apple.com>
38094 Switch most calls in DFGJITCodeGenerator to use callOperation.
38095 https://bugs.webkit.org/show_bug.cgi?id=69802
38097 Reviewed by Oliver Hunt.
38099 Compares, add, mod are the easy cases.
38101 * dfg/DFGJITCodeGenerator.h:
38102 (JSC::DFG::callOperation):
38103 * dfg/DFGJITCodeGenerator32_64.cpp:
38104 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
38105 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
38106 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
38107 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
38108 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
38109 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
38110 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
38111 * dfg/DFGJITCodeGenerator64.cpp:
38112 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
38113 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
38114 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
38115 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
38116 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
38117 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
38118 * dfg/DFGOperations.cpp:
38119 * dfg/DFGOperations.h:
38121 2011-10-10 Gavin Barraclough <baraclough@apple.com>
38123 DFG: Switch GetById / PutById to use callOperation
38124 https://bugs.webkit.org/show_bug.cgi?id=69795
38126 Reviewed by Oliver Hunt.
38128 Also make the take base as a cell, so 32_64 doesn't have to set up the cell tag.
38130 * dfg/DFGJITCodeGenerator.h:
38131 (JSC::DFG::callOperation):
38132 * dfg/DFGJITCodeGenerator32_64.cpp:
38133 (JSC::DFG::JITCodeGenerator::cachedGetById):
38134 (JSC::DFG::JITCodeGenerator::cachedPutById):
38135 * dfg/DFGJITCodeGenerator64.cpp:
38136 (JSC::DFG::JITCodeGenerator::cachedGetById):
38137 (JSC::DFG::JITCodeGenerator::cachedPutById):
38138 * dfg/DFGOperations.cpp:
38139 * dfg/DFGOperations.h:
38140 * dfg/DFGRepatch.cpp:
38141 (JSC::DFG::appropriatePutByIdFunction):
38143 2011-10-10 Filip Pizlo <fpizlo@apple.com>
38145 REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
38146 https://bugs.webkit.org/show_bug.cgi?id=69412
38148 Reviewed by Oliver Hunt.
38150 * dfg/DFGSpeculativeJIT32_64.cpp:
38151 (JSC::DFG::SpeculativeJIT::compile):
38152 * dfg/DFGSpeculativeJIT64.cpp:
38153 (JSC::DFG::SpeculativeJIT::compile):
38155 (JSC::JIT::privateCompile):
38158 2011-10-10 Mark Hahnenberg <mhahnenberg@apple.com>
38160 Remove getCallDataVirtual methods
38161 https://bugs.webkit.org/show_bug.cgi?id=69186
38163 Reviewed by Geoffrey Garen.
38165 Removed all getCallDataVirtual methods and replaced their call sites
38166 with an explicit lookup in the MethodTable.
38168 * API/JSCallbackFunction.cpp:
38169 * API/JSCallbackFunction.h:
38170 * API/JSCallbackObject.h:
38171 * API/JSCallbackObjectFunctions.h:
38172 * API/JSObjectRef.cpp:
38173 (JSObjectIsFunction):
38174 (JSObjectCallAsFunction):
38175 * JavaScriptCore.exp:
38176 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
38177 * interpreter/Interpreter.cpp:
38178 (JSC::Interpreter::privateExecute):
38179 * jit/JITStubs.cpp:
38180 (JSC::DEFINE_STUB_FUNCTION):
38181 * runtime/ArrayConstructor.cpp:
38182 * runtime/ArrayConstructor.h:
38183 * runtime/BooleanConstructor.cpp:
38184 * runtime/BooleanConstructor.h:
38185 * runtime/DateConstructor.cpp:
38186 * runtime/DateConstructor.h:
38188 Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
38189 the class definition in JSGlobalObject.cpp.
38190 * runtime/Error.cpp:
38191 (JSC::createTypeErrorFunction):
38193 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
38194 (JSC::StrictModeTypeErrorFunction::create):
38195 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
38196 (JSC::StrictModeTypeErrorFunction::getConstructData):
38197 (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
38198 (JSC::StrictModeTypeErrorFunction::getCallData):
38199 (JSC::StrictModeTypeErrorFunction::createStructure):
38200 * runtime/ErrorConstructor.cpp:
38201 * runtime/ErrorConstructor.h:
38202 * runtime/FunctionConstructor.cpp:
38203 * runtime/FunctionConstructor.h:
38204 * runtime/FunctionPrototype.cpp:
38205 * runtime/FunctionPrototype.h:
38207 To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
38208 to declare their own ClassInfo if they don't override getCallData, provided
38209 an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
38210 functionality as of the pure virtual method InternalFunction used to have.
38211 Also made this new implementation protected rather than private for the same reason.
38212 Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
38213 object is being created provides their own implementation of getCallData. This
38214 just makes execution fail earlier in a place where the source of the error is
38215 easy to trace. These ASSERTs are better than putting a null in the MethodTable because
38216 they appear much more intentional to anybody who fails to provide their own
38217 implementation or who tries to explicitly call InternalFunction::getCallData.
38218 * runtime/InternalFunction.cpp:
38219 (JSC::InternalFunction::finishCreation):
38220 (JSC::InternalFunction::getCallData):
38221 * runtime/InternalFunction.h:
38222 * runtime/JSCell.cpp:
38223 * runtime/JSCell.h:
38224 * runtime/JSFunction.cpp:
38225 * runtime/JSFunction.h:
38227 Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
38228 it to be reused rather than creating a new Structure every time we instantiate it.
38229 * runtime/JSGlobalObject.cpp:
38230 (JSC::JSGlobalObject::reset):
38231 (JSC::JSGlobalObject::visitChildren):
38232 * runtime/JSGlobalObject.h:
38233 (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
38234 * runtime/JSONObject.cpp:
38235 (JSC::Stringifier::Stringifier):
38236 (JSC::Stringifier::toJSON):
38237 (JSC::Stringifier::appendStringifiedValue):
38238 * runtime/JSObject.cpp:
38239 (JSC::JSObject::put):
38240 * runtime/JSObject.h:
38241 (JSC::getCallData):
38242 * runtime/NativeErrorConstructor.cpp:
38243 * runtime/NativeErrorConstructor.h:
38244 * runtime/NumberConstructor.cpp:
38245 * runtime/NumberConstructor.h:
38246 * runtime/ObjectConstructor.cpp:
38247 * runtime/ObjectConstructor.h:
38248 * runtime/Operations.cpp:
38249 (JSC::jsTypeStringForValue):
38250 (JSC::jsIsObjectType):
38251 (JSC::jsIsFunctionType):
38252 * runtime/PropertySlot.cpp:
38253 (JSC::PropertySlot::functionGetter):
38254 * runtime/RegExpConstructor.cpp:
38255 * runtime/RegExpConstructor.h:
38256 * runtime/StringConstructor.cpp:
38257 * runtime/StringConstructor.h:
38258 * runtime/Structure.h:
38260 2011-10-10 Gavin Barraclough <barraclough@apple.com>
38262 Switch last calls from DFGSpeculativeJIT to use callOperation.
38263 https://bugs.webkit.org/show_bug.cgi?id=69780
38265 Reviewed by Oliver Hunt.
38267 Also, rename type in operations for booleans from Z to B, since Z is the mathematical symbol for integers.
38269 * dfg/DFGJITCodeGenerator.cpp:
38270 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
38271 * dfg/DFGJITCodeGenerator.h:
38272 (JSC::DFG::callOperation):
38273 * dfg/DFGJITCodeGenerator32_64.cpp:
38274 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
38275 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
38276 * dfg/DFGJITCodeGenerator64.cpp:
38277 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
38278 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
38279 * dfg/DFGOperations.h:
38280 * dfg/DFGSpeculativeJIT.cpp:
38281 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
38282 * dfg/DFGSpeculativeJIT.h:
38283 * dfg/DFGSpeculativeJIT32_64.cpp:
38284 (JSC::DFG::SpeculativeJIT::compare):
38285 (JSC::DFG::SpeculativeJIT::compile):
38286 * dfg/DFGSpeculativeJIT64.cpp:
38287 (JSC::DFG::SpeculativeJIT::compare):
38288 (JSC::DFG::SpeculativeJIT::compile):
38291 2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
38293 JSVALUE32_64 DFG JIT - bug fix for V8 benchmark cases "crypto" and "raytrace"
38294 https://bugs.webkit.org/show_bug.cgi?id=69748
38296 Reviewed by Filip Pizlo.
38298 * dfg/DFGJITCodeGenerator32_64.cpp:
38299 (JSC::DFG::JITCodeGenerator::cachedGetMethod):
38300 * dfg/DFGSpeculativeJIT32_64.cpp:
38301 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
38303 2011-10-10 Adam Roben <aroben@apple.com>
38307 * wtf/MainThread.h: Pull in Platform.h since this file uses PLATFORM() macros.
38309 2011-10-10 Yuqiang Xian <yuqiang.xian@intel.com>
38311 JSVALUE32_64 DFG JIT - Bug fix for BranchNull
38312 https://bugs.webkit.org/show_bug.cgi?id=69743
38314 Reviewed by Darin Adler.
38316 This fixes the error in access-binary-trees. All SunSpider cases passed.
38318 * dfg/DFGJITCodeGenerator32_64.cpp:
38319 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
38321 2011-10-07 Gavin Barraclough <barraclough@apple.com>
38323 DFG JIT: callOperation should return the Call.
38324 https://bugs.webkit.org/show_bug.cgi?id=69682
38326 Reviewed by Oliver Hunt.
38328 * dfg/DFGJITCodeGenerator.h:
38329 (JSC::DFG::callOperation):
38330 (JSC::DFG::appendCallWithExceptionCheckSetResult):
38331 * dfg/DFGJITCompiler.h:
38332 (JSC::DFG::JITCompiler::appendCall):
38335 2011-10-10 Sheriff Bot <webkit.review.bot@gmail.com>
38337 Unreviewed, rolling out r97045.
38338 http://trac.webkit.org/changeset/97045
38339 https://bugs.webkit.org/show_bug.cgi?id=69746
38341 makes apple bots very crashy :( (Requested by kling on
38346 2011-10-10 Andreas Kling <kling@webkit.org>
38348 Shrink BorderValue.
38349 https://bugs.webkit.org/show_bug.cgi?id=69521
38351 Reviewed by Antti Koivisto.
38353 * config.h: Touch to force full rebuild.
38355 2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
38357 Improve Null or Undefined test in 32_64 DFG
38358 https://bugs.webkit.org/show_bug.cgi?id=69734
38360 Reviewed by Darin Adler.
38362 Currently Null or Undefined value test in 32_64 DFG will check
38363 Null and Undefined tag separately and introduce one more branch.
38364 It can be improved in the way how the baseline JIT is doing - by
38365 relying on the fact that "UndefinedTag + 1 == NullTag and NullTag & 1".
38367 * dfg/DFGJITCodeGenerator32_64.cpp:
38368 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
38369 * dfg/DFGSpeculativeJIT32_64.cpp:
38370 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
38371 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
38373 2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
38375 JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
38376 https://bugs.webkit.org/show_bug.cgi?id=69721
38378 Reviewed by Darin Adler.
38380 * dfg/DFGSpeculativeJIT32_64.cpp:
38381 (JSC::DFG::SpeculativeJIT::compile):
38383 2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
38385 Remove unused callOperation code of DFG JIT on X86
38386 https://bugs.webkit.org/show_bug.cgi?id=69722
38388 Reviewed by Filip Pizlo.
38390 * dfg/DFGJITCodeGenerator.h:
38391 (JSC::DFG::callOperation):
38393 2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
38395 JSVALUE32_64 DFG JIT - fillJSValue with a pair of GPRs should not set the registerFormat to be DataFormatJSDouble
38396 https://bugs.webkit.org/show_bug.cgi?id=69720
38398 Reviewed by Filip Pizlo.
38400 In JSVALUE32_64 DFG, DataFormatJSDouble is assumed to be represented by
38401 a FPR and will be used for further optimizations, though we currently
38402 don't fully utilize it. For now when filling a JS value which was
38403 spilled as a JSDouble with a pair of GPRs, we'll set the registerFormat
38404 to DataFormatJS to avoid compilation errors.
38406 * dfg/DFGJITCodeGenerator32_64.cpp:
38407 (JSC::DFG::JITCodeGenerator::fillJSValue):
38409 2011-10-09 Filip Pizlo <fpizlo@apple.com>
38411 DFG should not always speculate that a ByVal access has an integer index
38412 https://bugs.webkit.org/show_bug.cgi?id=69716
38414 Reviewed by Oliver Hunt.
38416 1% win on SunSpider, neutral elsewhere.
38418 * dfg/DFGJITCodeGenerator.h:
38419 (JSC::DFG::callOperation):
38421 * dfg/DFGOperations.cpp:
38422 * dfg/DFGOperations.h:
38423 * dfg/DFGPropagator.cpp:
38424 (JSC::DFG::Propagator::byValHasIntBase):
38425 (JSC::DFG::Propagator::clobbersWorld):
38426 (JSC::DFG::Propagator::getMethodLoadElimination):
38427 (JSC::DFG::Propagator::checkStructureLoadElimination):
38428 (JSC::DFG::Propagator::getByOffsetLoadElimination):
38429 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
38430 (JSC::DFG::Propagator::performNodeCSE):
38431 * dfg/DFGSpeculativeJIT32_64.cpp:
38432 (JSC::DFG::SpeculativeJIT::compile):
38433 * dfg/DFGSpeculativeJIT64.cpp:
38434 (JSC::DFG::SpeculativeJIT::compile):
38436 2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
38438 Fix value profiling in 32_64 JIT
38439 https://bugs.webkit.org/show_bug.cgi?id=69717
38441 Reviewed by Filip Pizlo.
38443 Current value profiling for 32_64 JIT is broken and cannot record
38444 correct predicated types, which results in many speculation failures
38445 in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
38447 With this fix 32_64 DFG JIT can demonstrate real performance gains.
38449 * bytecode/ValueProfile.cpp:
38450 (JSC::ValueProfile::computeStatistics):
38451 * bytecode/ValueProfile.h:
38452 (JSC::ValueProfile::classInfo):
38453 (JSC::ValueProfile::numberOfSamples):
38454 (JSC::ValueProfile::isLive):
38455 (JSC::ValueProfile::numberOfInt32s):
38456 (JSC::ValueProfile::numberOfDoubles):
38457 (JSC::ValueProfile::numberOfBooleans):
38458 (JSC::ValueProfile::dump):
38459 Empty value check should be performed on decoded JSValue,
38460 as for 32_64 empty value is not identical to encoded 0.
38462 (JSC::JIT::privateCompile):
38463 * jit/JITInlineMethods.h:
38464 (JSC::JIT::emitValueProfilingSite):
38465 * jit/JITStubCall.h:
38466 (JSC::JITStubCall::callWithValueProfiling):
38467 Record the right profiling result for 32_64.
38469 2011-10-09 Yuqiang Xian <yuqiang.xian@intel.com>
38471 Remove 32 bit restrictions in DFG JIT
38472 https://bugs.webkit.org/show_bug.cgi?id=69711
38474 Reviewed by Filip Pizlo.
38476 op_call/op_construct support was disabled for 32 bit DFG JIT because
38477 there was regression in javascriptcore tests. Now the bugs are fixed
38478 and there should be no regression. This makes 32 bit DFG have the same
38479 capability as 64 bit DFG, and improves the coverage.
38481 * dfg/DFGCapabilities.h:
38482 (JSC::DFG::canCompileOpcode):
38484 2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
38486 Add static version of JSCell::getConstructData
38487 https://bugs.webkit.org/show_bug.cgi?id=69673
38489 Reviewed by Geoffrey Garen.
38491 Added static version of getConstructData to all classes that
38492 override it and changed the virtual versions to call the static
38493 versions. This is the first step in de-virtualizing JSCell::getConstructData.
38495 * API/JSCallbackConstructor.cpp:
38496 (JSC::JSCallbackConstructor::getConstructData):
38497 * API/JSCallbackConstructor.h:
38498 * API/JSCallbackObject.h:
38499 * API/JSCallbackObjectFunctions.h:
38500 (JSC::::getConstructData):
38501 * runtime/ArrayConstructor.cpp:
38502 (JSC::ArrayConstructor::getConstructData):
38503 * runtime/ArrayConstructor.h:
38504 * runtime/BooleanConstructor.cpp:
38505 (JSC::BooleanConstructor::getConstructData):
38506 * runtime/BooleanConstructor.h:
38507 * runtime/DateConstructor.cpp:
38508 (JSC::DateConstructor::getConstructData):
38509 * runtime/DateConstructor.h:
38510 * runtime/ErrorConstructor.cpp:
38511 (JSC::ErrorConstructor::getConstructData):
38512 * runtime/ErrorConstructor.h:
38513 * runtime/FunctionConstructor.cpp:
38514 (JSC::FunctionConstructor::getConstructData):
38515 * runtime/FunctionConstructor.h:
38516 * runtime/JSCell.cpp:
38517 (JSC::JSCell::getConstructData):
38518 * runtime/JSCell.h:
38519 * runtime/JSFunction.cpp:
38520 (JSC::JSFunction::getConstructData):
38521 * runtime/JSFunction.h:
38522 * runtime/NativeErrorConstructor.cpp:
38523 (JSC::NativeErrorConstructor::getConstructData):
38524 * runtime/NativeErrorConstructor.h:
38525 * runtime/NumberConstructor.cpp:
38526 (JSC::NumberConstructor::getConstructData):
38527 * runtime/NumberConstructor.h:
38528 * runtime/ObjectConstructor.cpp:
38529 (JSC::ObjectConstructor::getConstructData):
38530 * runtime/ObjectConstructor.h:
38531 * runtime/RegExpConstructor.cpp:
38532 (JSC::RegExpConstructor::getConstructData):
38533 * runtime/RegExpConstructor.h:
38534 * runtime/StringConstructor.cpp:
38535 (JSC::StringConstructor::getConstructData):
38536 * runtime/StringConstructor.h:
38538 2011-10-08 Mark Hahnenberg <mhahnenberg@apple.com>
38540 Add static version of JSCell::getOwnPropertySlot
38541 https://bugs.webkit.org/show_bug.cgi?id=69593
38543 Reviewed by Geoffrey Garen.
38545 Added static version of getOwnPropertySlot to every class that overrides
38546 JSCell::getOwnPropertySlot. The virtual versions now call the static versions.
38547 This is the first step in de-virtualizing JSCell::getOwnPropertySlot.
38549 * JavaScriptCore.exp:
38550 * debugger/DebuggerActivation.cpp:
38551 (JSC::DebuggerActivation::getOwnPropertySlot):
38552 * debugger/DebuggerActivation.h:
38553 * runtime/Arguments.cpp:
38554 (JSC::Arguments::getOwnPropertySlot):
38555 * runtime/Arguments.h:
38556 * runtime/ArrayConstructor.h:
38557 * runtime/ArrayPrototype.cpp:
38558 (JSC::ArrayPrototype::getOwnPropertySlot):
38559 * runtime/ArrayPrototype.h:
38560 * runtime/BooleanPrototype.cpp:
38561 (JSC::BooleanPrototype::getOwnPropertySlot):
38562 * runtime/BooleanPrototype.h:
38563 * runtime/DateConstructor.cpp:
38564 (JSC::DateConstructor::getOwnPropertySlot):
38565 * runtime/DateConstructor.h:
38566 * runtime/DatePrototype.cpp:
38567 (JSC::DatePrototype::getOwnPropertySlot):
38568 * runtime/DatePrototype.h:
38569 * runtime/ErrorPrototype.cpp:
38570 (JSC::ErrorPrototype::getOwnPropertySlot):
38571 * runtime/ErrorPrototype.h:
38572 * runtime/JSActivation.cpp:
38573 (JSC::JSActivation::getOwnPropertySlot):
38574 * runtime/JSActivation.h:
38575 * runtime/JSArray.cpp:
38576 (JSC::JSArray::getOwnPropertySlot):
38577 * runtime/JSArray.h:
38578 * runtime/JSBoundFunction.cpp:
38579 (JSC::JSBoundFunction::getOwnPropertySlot):
38580 * runtime/JSBoundFunction.h:
38581 * runtime/JSByteArray.cpp:
38582 (JSC::JSByteArray::getOwnPropertySlot):
38583 * runtime/JSByteArray.h:
38584 * runtime/JSCell.cpp:
38585 (JSC::JSCell::getOwnPropertySlot):
38586 * runtime/JSCell.h:
38587 * runtime/JSFunction.cpp:
38588 (JSC::JSFunction::getOwnPropertySlot):
38589 * runtime/JSFunction.h:
38590 * runtime/JSGlobalObject.cpp:
38591 (JSC::JSGlobalObject::getOwnPropertySlot):
38592 * runtime/JSGlobalObject.h:
38593 * runtime/JSNotAnObject.cpp:
38594 (JSC::JSNotAnObject::getOwnPropertySlot):
38595 * runtime/JSNotAnObject.h:
38596 * runtime/JSONObject.cpp:
38597 (JSC::JSONObject::getOwnPropertySlot):
38598 * runtime/JSONObject.h:
38599 * runtime/JSObject.cpp:
38600 (JSC::JSObject::getOwnPropertySlot):
38601 * runtime/JSObject.h:
38602 (JSC::JSObject::getOwnPropertySlot):
38603 * runtime/JSStaticScopeObject.cpp:
38604 (JSC::JSStaticScopeObject::getOwnPropertySlot):
38605 * runtime/JSStaticScopeObject.h:
38606 * runtime/JSString.cpp:
38607 (JSC::JSString::getOwnPropertySlot):
38608 * runtime/JSString.h:
38609 * runtime/MathObject.cpp:
38610 (JSC::MathObject::getOwnPropertySlot):
38611 * runtime/MathObject.h:
38612 * runtime/NumberConstructor.cpp:
38613 (JSC::NumberConstructor::getOwnPropertySlot):
38614 * runtime/NumberConstructor.h:
38615 * runtime/NumberPrototype.cpp:
38616 (JSC::NumberPrototype::getOwnPropertySlot):
38617 * runtime/NumberPrototype.h:
38618 * runtime/ObjectConstructor.cpp:
38619 (JSC::ObjectConstructor::getOwnPropertySlot):
38620 * runtime/ObjectConstructor.h:
38621 * runtime/ObjectPrototype.cpp:
38622 (JSC::ObjectPrototype::getOwnPropertySlot):
38623 * runtime/ObjectPrototype.h:
38624 * runtime/RegExpConstructor.cpp:
38625 (JSC::RegExpConstructor::getOwnPropertySlot):
38626 * runtime/RegExpConstructor.h:
38627 * runtime/RegExpMatchesArray.h:
38628 (JSC::RegExpMatchesArray::getOwnPropertySlot):
38629 * runtime/RegExpObject.cpp:
38630 (JSC::RegExpObject::getOwnPropertySlot):
38631 * runtime/RegExpObject.h:
38632 * runtime/RegExpPrototype.cpp:
38633 (JSC::RegExpPrototype::getOwnPropertySlot):
38634 * runtime/RegExpPrototype.h:
38635 * runtime/StringConstructor.cpp:
38636 (JSC::StringConstructor::getOwnPropertySlot):
38637 * runtime/StringConstructor.h:
38638 * runtime/StringObject.cpp:
38639 (JSC::StringObject::getOwnPropertySlot):
38640 * runtime/StringObject.h:
38641 * runtime/StringPrototype.cpp:
38642 (JSC::StringPrototype::getOwnPropertySlot):
38643 * runtime/StringPrototype.h:
38645 2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
38647 JSVALUE32_64 DFG JIT - GetLocal should produce a cell result for Array predictions
38648 https://bugs.webkit.org/show_bug.cgi?id=69699
38650 Reviewed by Filip Pizlo.
38652 It should match SetLocal where only payload is stored for array predictions.
38654 * dfg/DFGSpeculativeJIT32_64.cpp:
38655 (JSC::DFG::SpeculativeJIT::compile):
38657 2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
38659 JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot
38660 https://bugs.webkit.org/show_bug.cgi?id=69702
38662 Reviewed by Filip Pizlo.
38664 There are some errors in generating code for Branch and LogicalNot,
38665 when the operand is predicted as ObjectOrOther.
38667 * dfg/DFGSpeculativeJIT32_64.cpp:
38668 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
38669 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
38671 2011-10-08 Sheriff Bot <webkit.review.bot@gmail.com>
38673 Unreviewed, rolling out r96996.
38674 http://trac.webkit.org/changeset/96996
38675 https://bugs.webkit.org/show_bug.cgi?id=69697
38677 It broke all tests on the Qt bot (Requested by Ossy_night on
38680 * API/JSCallbackFunction.cpp:
38681 (JSC::JSCallbackFunction::getCallDataVirtual):
38682 * API/JSCallbackFunction.h:
38683 * API/JSCallbackObject.h:
38684 * API/JSCallbackObjectFunctions.h:
38685 (JSC::::getCallDataVirtual):
38686 * API/JSObjectRef.cpp:
38687 (JSObjectIsFunction):
38688 (JSObjectCallAsFunction):
38689 * JavaScriptCore.exp:
38690 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
38691 * interpreter/Interpreter.cpp:
38692 (JSC::Interpreter::privateExecute):
38693 * jit/JITStubs.cpp:
38694 (JSC::DEFINE_STUB_FUNCTION):
38695 * runtime/ArrayConstructor.cpp:
38696 (JSC::ArrayConstructor::getCallDataVirtual):
38697 * runtime/ArrayConstructor.h:
38698 * runtime/BooleanConstructor.cpp:
38699 (JSC::BooleanConstructor::getCallDataVirtual):
38700 * runtime/BooleanConstructor.h:
38701 * runtime/DateConstructor.cpp:
38702 (JSC::DateConstructor::getCallDataVirtual):
38703 * runtime/DateConstructor.h:
38704 * runtime/Error.cpp:
38705 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
38706 (JSC::StrictModeTypeErrorFunction::create):
38707 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
38708 (JSC::StrictModeTypeErrorFunction::getConstructData):
38709 (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
38710 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
38711 (JSC::StrictModeTypeErrorFunction::getCallData):
38712 (JSC::StrictModeTypeErrorFunction::createStructure):
38713 (JSC::createTypeErrorFunction):
38715 * runtime/ErrorConstructor.cpp:
38716 (JSC::ErrorConstructor::getCallDataVirtual):
38717 * runtime/ErrorConstructor.h:
38718 * runtime/FunctionConstructor.cpp:
38719 (JSC::FunctionConstructor::getCallDataVirtual):
38720 * runtime/FunctionConstructor.h:
38721 * runtime/FunctionPrototype.cpp:
38722 (JSC::FunctionPrototype::getCallDataVirtual):
38723 * runtime/FunctionPrototype.h:
38724 * runtime/InternalFunction.cpp:
38725 (JSC::InternalFunction::finishCreation):
38726 * runtime/InternalFunction.h:
38727 * runtime/JSCell.cpp:
38728 (JSC::JSCell::getCallDataVirtual):
38729 * runtime/JSCell.h:
38730 (JSC::getCallData):
38731 * runtime/JSFunction.cpp:
38732 (JSC::JSFunction::getCallDataVirtual):
38733 * runtime/JSFunction.h:
38734 * runtime/JSGlobalObject.cpp:
38735 (JSC::JSGlobalObject::reset):
38736 (JSC::JSGlobalObject::visitChildren):
38737 * runtime/JSGlobalObject.h:
38738 * runtime/JSONObject.cpp:
38739 (JSC::Stringifier::Stringifier):
38740 (JSC::Stringifier::toJSON):
38741 (JSC::Stringifier::appendStringifiedValue):
38742 * runtime/JSObject.cpp:
38743 (JSC::JSObject::put):
38744 * runtime/JSObject.h:
38745 * runtime/NativeErrorConstructor.cpp:
38746 (JSC::NativeErrorConstructor::getCallDataVirtual):
38747 * runtime/NativeErrorConstructor.h:
38748 * runtime/NumberConstructor.cpp:
38749 (JSC::NumberConstructor::getCallDataVirtual):
38750 * runtime/NumberConstructor.h:
38751 * runtime/ObjectConstructor.cpp:
38752 (JSC::ObjectConstructor::getCallDataVirtual):
38753 * runtime/ObjectConstructor.h:
38754 * runtime/Operations.cpp:
38755 (JSC::jsTypeStringForValue):
38756 (JSC::jsIsObjectType):
38757 (JSC::jsIsFunctionType):
38758 * runtime/PropertySlot.cpp:
38759 (JSC::PropertySlot::functionGetter):
38760 * runtime/RegExpConstructor.cpp:
38761 (JSC::RegExpConstructor::getCallDataVirtual):
38762 * runtime/RegExpConstructor.h:
38763 * runtime/StringConstructor.cpp:
38764 (JSC::StringConstructor::getCallDataVirtual):
38765 * runtime/StringConstructor.h:
38766 * runtime/Structure.h:
38768 2011-10-08 Yuqiang Xian <yuqiang.xian@intel.com>
38770 DFG JIT - only Array predictions can result in unboxed cells in register file
38771 https://bugs.webkit.org/show_bug.cgi?id=69695
38773 Reviewed by Filip Pizlo.
38775 In current DFG JIT, only array predictions can result in unboxed cells
38776 in register file, not for the other cell predictions.
38778 * dfg/DFGSpeculativeJIT.h:
38779 (JSC::DFG::ValueSource::forPrediction):
38781 2011-10-07 Yuqiang Xian <yuqiang.xian@intel.com>
38783 bug fixes for ArrayPush and ArrayPop in 32_64 DFG JIT
38784 https://bugs.webkit.org/show_bug.cgi?id=69696
38786 Reviewed by Filip Pizlo.
38788 On 32-bit, we should use TimesEight (8) instead of ScalePtr (4)
38789 to compute the address of a JS array element.
38791 * dfg/DFGSpeculativeJIT32_64.cpp:
38792 (JSC::DFG::SpeculativeJIT::compile):
38794 2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
38796 Add static version of JSCell::deleteProperty
38797 https://bugs.webkit.org/show_bug.cgi?id=69659
38799 Reviewed by Geoffrey Garen.
38801 Added static version of both versions of put to all classes that
38802 override them and changed the virtual versions to call the static
38803 versions. This is the first step in de-virtualizing JSCell::deleteProperty.
38805 * API/JSCallbackObject.h:
38806 * API/JSCallbackObjectFunctions.h:
38807 (JSC::::deleteProperty):
38808 * debugger/DebuggerActivation.cpp:
38809 (JSC::DebuggerActivation::deleteProperty):
38810 * debugger/DebuggerActivation.h:
38811 * runtime/Arguments.cpp:
38812 (JSC::Arguments::deleteProperty):
38813 * runtime/Arguments.h:
38814 * runtime/JSActivation.cpp:
38815 (JSC::JSActivation::deleteProperty):
38816 * runtime/JSActivation.h:
38817 * runtime/JSArray.cpp:
38818 (JSC::JSArray::deleteProperty):
38819 * runtime/JSArray.h:
38820 * runtime/JSCell.cpp:
38821 (JSC::JSCell::deleteProperty):
38822 * runtime/JSCell.h:
38823 * runtime/JSFunction.cpp:
38824 (JSC::JSFunction::deleteProperty):
38825 * runtime/JSFunction.h:
38826 * runtime/JSNotAnObject.cpp:
38827 (JSC::JSNotAnObject::deleteProperty):
38828 * runtime/JSNotAnObject.h:
38829 * runtime/JSObject.cpp:
38830 (JSC::JSObject::deleteProperty):
38831 * runtime/JSObject.h:
38832 * runtime/JSVariableObject.cpp:
38833 (JSC::JSVariableObject::deleteProperty):
38834 * runtime/JSVariableObject.h:
38835 * runtime/RegExpMatchesArray.h:
38836 (JSC::RegExpMatchesArray::deleteProperty):
38837 * runtime/StrictEvalActivation.cpp:
38838 (JSC::StrictEvalActivation::deleteProperty):
38839 * runtime/StrictEvalActivation.h:
38840 * runtime/StringObject.cpp:
38841 (JSC::StringObject::deleteProperty):
38842 * runtime/StringObject.h:
38844 2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
38846 Remove getCallDataVirtual methods
38847 https://bugs.webkit.org/show_bug.cgi?id=69186
38849 Reviewed by Geoffrey Garen.
38851 Removed all getCallDataVirtual methods and replaced their call sites
38852 with an explicit lookup in the MethodTable.
38854 * API/JSCallbackFunction.cpp:
38855 * API/JSCallbackFunction.h:
38856 * API/JSCallbackObject.h:
38857 * API/JSCallbackObjectFunctions.h:
38858 * API/JSObjectRef.cpp:
38859 (JSObjectIsFunction):
38860 (JSObjectCallAsFunction):
38861 * JavaScriptCore.exp:
38862 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
38863 * interpreter/Interpreter.cpp:
38864 (JSC::Interpreter::privateExecute):
38865 * jit/JITStubs.cpp:
38866 (JSC::DEFINE_STUB_FUNCTION):
38867 * runtime/ArrayConstructor.cpp:
38868 * runtime/ArrayConstructor.h:
38869 * runtime/BooleanConstructor.cpp:
38870 * runtime/BooleanConstructor.h:
38871 * runtime/DateConstructor.cpp:
38872 * runtime/DateConstructor.h:
38873 * runtime/Error.cpp:
38874 (JSC::createTypeErrorFunction):
38876 Moved StrictModeTypeErrorFunction to Error.h in order to be able to include
38877 the class definition in JSGlobalObject.cpp.
38879 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
38880 (JSC::StrictModeTypeErrorFunction::create):
38881 (JSC::StrictModeTypeErrorFunction::constructThrowTypeError):
38882 (JSC::StrictModeTypeErrorFunction::getConstructData):
38883 (JSC::StrictModeTypeErrorFunction::callThrowTypeError):
38884 (JSC::StrictModeTypeErrorFunction::getCallData):
38885 (JSC::StrictModeTypeErrorFunction::createStructure):
38886 * runtime/ErrorConstructor.cpp:
38887 * runtime/ErrorConstructor.h:
38888 * runtime/FunctionConstructor.cpp:
38889 * runtime/FunctionConstructor.h:
38890 * runtime/FunctionPrototype.cpp:
38891 * runtime/FunctionPrototype.h:
38893 To allow subclasses of InternalFunction (e.g. QtRuntimeMethod) to not have
38894 to declare their own ClassInfo if they don't override getCallData, provided
38895 an implementation that calls ASSERT_NOT_REACHED if called, providing roughly the same
38896 functionality as of the pure virtual method InternalFunction used to have.
38897 Also made this new implementation protected rather than private for the same reason.
38898 Also added an ASSERT in InternalFunction::finishCreation to make sure that whatever
38899 object is being created provides their own implementation of getCallData. This
38900 just makes execution fail earlier in a place where the source of the error is
38901 easy to trace. These ASSERTs are better than putting a null in the MethodTable because
38902 they appear much more intentional to anybody who fails to provide their own
38903 implementation or who tries to explicitly call InternalFunction::getCallData.
38904 * runtime/InternalFunction.cpp:
38905 (JSC::InternalFunction::finishCreation):
38906 (JSC::InternalFunction::getCallData):
38907 * runtime/InternalFunction.h:
38908 * runtime/JSCell.cpp:
38909 * runtime/JSCell.h:
38910 * runtime/JSFunction.cpp:
38911 * runtime/JSFunction.h:
38913 Added a global structure to JSGlobalObject for StrictModeTypeErrorFunction to enable
38914 it to be reused rather than creating a new Structure every time we instantiate it.
38915 * runtime/JSGlobalObject.cpp:
38916 (JSC::JSGlobalObject::reset):
38917 (JSC::JSGlobalObject::visitChildren):
38918 * runtime/JSGlobalObject.h:
38919 (JSC::JSGlobalObject::strictModeTypeErrorFunctionStructure):
38920 * runtime/JSONObject.cpp:
38921 (JSC::Stringifier::Stringifier):
38922 (JSC::Stringifier::toJSON):
38923 (JSC::Stringifier::appendStringifiedValue):
38924 * runtime/JSObject.cpp:
38925 (JSC::JSObject::put):
38926 * runtime/JSObject.h:
38927 (JSC::getCallData):
38928 * runtime/NativeErrorConstructor.cpp:
38929 * runtime/NativeErrorConstructor.h:
38930 * runtime/NumberConstructor.cpp:
38931 * runtime/NumberConstructor.h:
38932 * runtime/ObjectConstructor.cpp:
38933 * runtime/ObjectConstructor.h:
38934 * runtime/Operations.cpp:
38935 (JSC::jsTypeStringForValue):
38936 (JSC::jsIsObjectType):
38937 (JSC::jsIsFunctionType):
38938 * runtime/PropertySlot.cpp:
38939 (JSC::PropertySlot::functionGetter):
38940 * runtime/RegExpConstructor.cpp:
38941 * runtime/RegExpConstructor.h:
38942 * runtime/StringConstructor.cpp:
38943 * runtime/StringConstructor.h:
38944 * runtime/Structure.h:
38946 2011-10-07 Oliver Hunt <oliver@apple.com>
38948 Add missing break statement.
38950 Reviewed by Gavin Barraclough.
38952 * dfg/DFGPropagator.cpp:
38953 (JSC::DFG::Propagator::propagateNodePredictions):
38955 2011-10-07 Oliver Hunt <oliver@apple.com>
38957 Support some string intrinsics in the DFG JIT
38958 https://bugs.webkit.org/show_bug.cgi?id=69678
38960 Reviewed by Gavin Barraclough.
38962 Add support for charAt and charCodeAt intrinsics in the DFG.
38964 * create_hash_table:
38965 * dfg/DFGByteCodeParser.cpp:
38966 (JSC::DFG::ByteCodeParser::handleIntrinsic):
38967 * dfg/DFGIntrinsic.h:
38969 * dfg/DFGPropagator.cpp:
38970 (JSC::DFG::Propagator::propagateNodePredictions):
38971 (JSC::DFG::Propagator::performNodeCSE):
38972 * dfg/DFGSpeculativeJIT.cpp:
38973 (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
38974 * dfg/DFGSpeculativeJIT.h:
38975 * dfg/DFGSpeculativeJIT32_64.cpp:
38976 (JSC::DFG::SpeculativeJIT::compile):
38977 * dfg/DFGSpeculativeJIT64.cpp:
38978 (JSC::DFG::SpeculativeJIT::compile):
38980 2011-10-07 Mark Hahnenberg <mhahnenberg@apple.com>
38982 Add static version of JSCell::put
38983 https://bugs.webkit.org/show_bug.cgi?id=69382
38985 Reviewed by Geoffrey Garen.
38987 Added static version of both versions of put to all classes that
38988 override them and changed the virtual versions to call the static
38991 * API/JSCallbackObject.h:
38992 * API/JSCallbackObjectFunctions.h:
38994 * JavaScriptCore.exp:
38995 * debugger/DebuggerActivation.cpp:
38996 (JSC::DebuggerActivation::put):
38997 * debugger/DebuggerActivation.h:
38998 * runtime/Arguments.cpp:
38999 (JSC::Arguments::put):
39000 * runtime/Arguments.h:
39001 * runtime/JSActivation.cpp:
39002 (JSC::JSActivation::put):
39003 * runtime/JSActivation.h:
39004 * runtime/JSArray.cpp:
39005 (JSC::JSArray::put):
39006 * runtime/JSArray.h:
39007 * runtime/JSByteArray.cpp:
39008 (JSC::JSByteArray::put):
39009 * runtime/JSByteArray.h:
39010 * runtime/JSCell.cpp:
39011 (JSC::JSCell::put):
39012 * runtime/JSCell.h:
39013 * runtime/JSFunction.cpp:
39014 (JSC::JSFunction::put):
39015 * runtime/JSFunction.h:
39016 * runtime/JSGlobalObject.cpp:
39017 (JSC::JSGlobalObject::put):
39018 * runtime/JSGlobalObject.h:
39019 * runtime/JSNotAnObject.cpp:
39020 (JSC::JSNotAnObject::put):
39021 * runtime/JSNotAnObject.h:
39022 * runtime/JSObject.cpp:
39023 (JSC::JSObject::put):
39024 * runtime/JSObject.h:
39025 * runtime/JSStaticScopeObject.cpp:
39026 (JSC::JSStaticScopeObject::put):
39027 * runtime/JSStaticScopeObject.h:
39028 * runtime/ObjectPrototype.cpp:
39029 (JSC::ObjectPrototype::put):
39030 * runtime/ObjectPrototype.h:
39031 * runtime/RegExpConstructor.cpp:
39032 (JSC::RegExpConstructor::put):
39033 * runtime/RegExpConstructor.h:
39034 * runtime/RegExpMatchesArray.h:
39035 (JSC::RegExpMatchesArray::put):
39036 * runtime/RegExpObject.cpp:
39037 (JSC::RegExpObject::put):
39038 * runtime/RegExpObject.h:
39039 * runtime/StringObject.cpp:
39040 (JSC::StringObject::put):
39041 * runtime/StringObject.h:
39043 2011-10-07 Gavin Barraclough <barraclough@apple.com>
39045 Refactor DFG to make for use of callOperation
39046 https://bugs.webkit.org/show_bug.cgi?id=69672
39048 Reviewed by Oliver Hunt.
39050 * dfg/DFGJITCodeGenerator.h:
39051 (JSC::DFG::callOperation):
39052 - Added new callOperation calls, don't ASSERT flushed (use helpers for unexpected calls, too).
39053 * dfg/DFGOperations.cpp:
39054 * dfg/DFGOperations.h:
39055 - Switch operationNewObject/operationCreateThis to return Cells,
39056 - Added C_DFGOperation_E/C_DFGOperation_EC/J_DFGOperation_EA/J_DFGOperation_EJA call types.
39057 * dfg/DFGSpeculativeJIT32_64.cpp:
39058 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
39059 (JSC::DFG::SpeculativeJIT::emitBranch):
39060 (JSC::DFG::SpeculativeJIT::compile):
39061 - Replace code plating calls to operations to with calls to callOperation.
39062 * dfg/DFGSpeculativeJIT64.cpp:
39063 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
39064 (JSC::DFG::SpeculativeJIT::emitBranch):
39065 (JSC::DFG::SpeculativeJIT::compile):
39066 - Replace code plating calls to operations to with calls to callOperation.
39068 2011-10-07 Oliver Hunt <oliver@apple.com>
39070 Support string indexing in the DFG
39071 https://bugs.webkit.org/show_bug.cgi?id=69671
39073 Reviewed by Gavin Barraclough.
39075 Emit code to support inline indexing of strings
39077 * dfg/DFGSpeculativeJIT.cpp:
39078 (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
39079 Shared code to perform string indexing.
39080 * dfg/DFGSpeculativeJIT.h:
39081 * dfg/DFGSpeculativeJIT32_64.cpp:
39082 (JSC::DFG::SpeculativeJIT::compile):
39083 * dfg/DFGSpeculativeJIT64.cpp:
39084 (JSC::DFG::SpeculativeJIT::compile):
39085 Use compileGetByValOnString if we predict that the base object
39086 is a string in GetByVal.
39087 * runtime/JSString.h:
39088 (JSC::JSString::offsetOfFiberCount):
39089 (JSC::JSString::offsetOfValue):
39091 2011-10-07 Filip Pizlo <fpizlo@apple.com>
39093 DFG ConvertThis speculation logic is wrong
39094 https://bugs.webkit.org/show_bug.cgi?id=69663
39096 Reviewed by Oliver Hunt.
39098 * dfg/DFGPropagator.cpp:
39099 (JSC::DFG::Propagator::fixupNode):
39100 * dfg/DFGSpeculativeJIT32_64.cpp:
39101 (JSC::DFG::SpeculativeJIT::compile):
39102 * dfg/DFGSpeculativeJIT64.cpp:
39103 (JSC::DFG::SpeculativeJIT::compile):
39105 2011-10-07 Oliver Hunt <oliver@apple.com>
39107 Verify that our call speculation is valid.
39109 Reviewed by Filip Pizlo.
39111 Before specialising an intrinsic we need to verify that
39112 we our speculation is correct.
39114 * dfg/DFGByteCodeParser.cpp:
39115 (JSC::DFG::ByteCodeParser::parseBlock):
39117 2011-10-07 Brent Fulgham <bfulgham@webkit.org>
39119 [WinCairo] Unreviewed build correction for the build bot.
39121 * JavaScriptCore.vcproj/JavaScriptCore.sln: Add the missing
39122 Release_Cairo_CFLite and Debug_Cairo_CFLite targets so that
39123 build-jsc can find the target it needs to run the JSC tests.
39125 2011-10-07 Oliver Hunt <oliver@apple.com>
39129 * jit/JITCall32_64.cpp:
39130 (JSC::JIT::compileOpCall):
39132 2011-10-07 Oliver Hunt <oliver@apple.com>
39134 Support direct calls to intrinsic functions
39135 https://bugs.webkit.org/show_bug.cgi?id=69646
39137 Reviewed by Gavin Barraclough.
39139 Add support for optimising non-method_check calls
39140 to intrinsic functions (eg. when Math.abs, etc are
39141 cached in local variables).
39143 * bytecode/CodeBlock.h:
39144 (JSC::getCallLinkInfoBytecodeIndex):
39145 Support searching CallLinkInfos by bytecode index
39146 * dfg/DFGByteCodeParser.cpp:
39147 (JSC::DFG::ByteCodeParser::parseBlock):
39148 Add support for linked calls in addition to method_check
39149 when searching for intrinsics
39151 (JSC::DFG::Node::hasFunctionCheckData):
39152 (JSC::DFG::Node::function):
39153 Add ability to store a JSFunction* in a node - this is safe
39154 as the function will be marked by the codeblock we're compiling
39155 * dfg/DFGPropagator.cpp:
39156 (JSC::DFG::Propagator::propagateNodePredictions):
39157 (JSC::DFG::Propagator::checkFunctionElimination):
39158 (JSC::DFG::Propagator::performNodeCSE):
39159 Add support for new CheckFunction node, and implement CSE pass.
39160 * dfg/DFGSpeculativeJIT32_64.cpp:
39161 (JSC::DFG::SpeculativeJIT::compile):
39162 * dfg/DFGSpeculativeJIT64.cpp:
39163 (JSC::DFG::SpeculativeJIT::compile):
39164 Rather trivial implementation of CheckFunction
39166 (JSC::JIT::privateCompile):
39169 (JSC::JIT::compileOpCall):
39170 * jit/JITCall32_64.cpp:
39171 (JSC::JIT::compileOpCall):
39172 Need to propagate bytecode index for calls now.
39174 2011-10-07 Dominic Cooney <dominicc@chromium.org>
39176 [JSC] Disable ThreadRestrictionVerifier for JIT ExecutableMemoryHandles
39177 https://bugs.webkit.org/show_bug.cgi?id=69599
39179 Reviewed by Sam Weinig.
39181 DFG JIT manipulates MetaAllocatorHandles across threads, eg in
39182 allocating JITCode buffers on a background thread to execute a
39183 proxy autoconfiguration PAC file but garbage collecting it in
39184 response to allocation on the main thread. Disabling
39185 ThreadRestrictionVerification until there is a verification scheme
39186 that understands this handoff.
39188 * wtf/MetaAllocator.cpp:
39189 (WTF::MetaAllocator::allocate):
39191 2011-10-06 Filip Pizlo <fpizlo@apple.com>
39193 DFG should not always speculate that ConvertThis is operating on an object
39194 https://bugs.webkit.org/show_bug.cgi?id=69570
39196 Reviewed by Oliver Hunt.
39198 Mostly neutral, but with a slight regression in Kraken since it increases
39199 coverage in DFG and thus reveals some performance pathologies (which I
39200 prefer to think of as performance opportunities, in a good way).
39202 * bytecode/PredictedType.cpp:
39203 (JSC::predictionToString):
39204 * bytecode/PredictedType.h:
39205 (JSC::isOtherPrediction):
39206 (JSC::mergePredictions):
39207 * dfg/DFGPropagator.cpp:
39208 (JSC::DFG::Propagator::propagateNodePredictions):
39209 * dfg/DFGSpeculativeJIT32_64.cpp:
39210 (JSC::DFG::SpeculativeJIT::compile):
39211 * dfg/DFGSpeculativeJIT64.cpp:
39212 (JSC::DFG::SpeculativeJIT::compile):
39214 2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
39218 Unreviewed build fix. Weird runtime failures on Windows due to
39219 linking issues caused by the ClassInfo struct in JSByteArray not
39220 being declared with JS_EXPORTDATA.
39222 * runtime/JSByteArray.h:
39224 2011-10-06 Filip Pizlo <fpizlo@apple.com>
39226 Structure does not reset m_previous when pinning the property map
39227 https://bugs.webkit.org/show_bug.cgi?id=69583
39229 Reviewed by Gavin Barraclough.
39231 This is an 0.6% performance improvement in V8, and 0.2% overall.
39233 * runtime/Structure.cpp:
39234 (JSC::Structure::changePrototypeTransition):
39235 (JSC::Structure::despecifyFunctionTransition):
39236 (JSC::Structure::getterSetterTransition):
39237 (JSC::Structure::toDictionaryTransition):
39238 (JSC::Structure::preventExtensionsTransition):
39239 (JSC::Structure::addPropertyWithoutTransition):
39240 (JSC::Structure::removePropertyWithoutTransition):
39241 (JSC::Structure::pin):
39242 * runtime/Structure.h:
39244 2011-10-06 Anders Carlsson <andersca@apple.com>
39246 When building with clang, enable -Wglobal-constructors and -Wexit-time-destructors
39247 https://bugs.webkit.org/show_bug.cgi?id=69586
39249 Reviewed by Darin Adler.
39251 * Configurations/Base.xcconfig:
39252 Add -Wglobal-constructors and -Wexit-time-destructors when building with clang.
39254 * JavaScriptCore.xcodeproj/project.pbxproj:
39255 When building with clang, we don't need to run the check-for-global-initializers and
39256 check-for-exit-time-destructors anymore.
39260 Move interpreterName into runInteractive.
39262 * wtf/StdLibExtras.h:
39263 When building with clang, disable the -Wglobal-constructors and -Wexit-time-destructors
39264 warnings around the variable declaration.
39266 2011-10-06 Anders Carlsson <andersca@apple.com>
39268 Add DEFINE_DEBUG_ONLY_GLOBAL for globals that should be defined in debug builds
39269 https://bugs.webkit.org/show_bug.cgi?id=69584
39271 Reviewed by Darin Adler.
39273 Add DEFINE_DEBUG_ONLY_GLOBAL macro.
39275 * wtf/StdLibExtras.h:
39277 2011-10-06 Oliver Hunt <oliver@apple.com>
39279 Write barrier shouldn't allocate temporaries inside control flow
39280 https://bugs.webkit.org/show_bug.cgi?id=69582
39282 Reviewed by Gavin Barraclough.
39284 Reorder the code to avoid spill-related badness.
39286 * dfg/DFGJITCodeGenerator.cpp:
39287 (JSC::DFG::JITCodeGenerator::writeBarrier):
39289 2011-10-06 Filip Pizlo <fpizlo@apple.com>
39291 DFG::shouldSpeculate methods are too complicated
39292 https://bugs.webkit.org/show_bug.cgi?id=69560
39294 Reviewed by Geoffrey Garen.
39296 Moved shouldSpeculate methods to DFG::Node, and cleaned them up to
39297 just use node predictions.
39299 By itself this would have meant that SpeculativeJIT code would have
39300 had to say things like m_jit.graph()[nodeIndex].shouldSpeculateXYZ().
39301 So this adds an at(NodeIndex) method to JITCodeGenerator. I replaced
39302 all uses of the m_jit.graph()[nodeIndex] idiom with at(nodeIndex).
39304 This is an 0.4% progression overall that shows up in all benchmarks,
39305 for reasons unknown.
39307 * dfg/DFGJITCodeGenerator.h:
39308 (JSC::DFG::JITCodeGenerator::at):
39309 (JSC::DFG::JITCodeGenerator::canReuse):
39310 (JSC::DFG::JITCodeGenerator::isFilled):
39311 (JSC::DFG::JITCodeGenerator::isFilledDouble):
39312 (JSC::DFG::JITCodeGenerator::use):
39313 (JSC::DFG::JITCodeGenerator::silentSpillFPR):
39314 (JSC::DFG::JITCodeGenerator::silentFillGPR):
39315 (JSC::DFG::JITCodeGenerator::silentFillFPR):
39316 (JSC::DFG::detectPeepHoleBranch):
39317 (JSC::DFG::integerResult):
39318 (JSC::DFG::noResult):
39319 (JSC::DFG::cellResult):
39320 (JSC::DFG::jsValueResult):
39321 (JSC::DFG::storageResult):
39322 (JSC::DFG::doubleResult):
39323 (JSC::DFG::initConstantInfo):
39324 (JSC::DFG::appendCallWithExceptionCheck):
39325 * dfg/DFGJITCodeGenerator32_64.cpp:
39326 (JSC::DFG::JITCodeGenerator::fillInteger):
39327 (JSC::DFG::JITCodeGenerator::fillDouble):
39328 (JSC::DFG::JITCodeGenerator::fillJSValue):
39329 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
39330 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
39331 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
39332 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
39333 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
39334 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
39335 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
39336 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
39337 (JSC::DFG::JITCodeGenerator::emitCall):
39338 * dfg/DFGJITCodeGenerator64.cpp:
39339 (JSC::DFG::JITCodeGenerator::fillInteger):
39340 (JSC::DFG::JITCodeGenerator::fillDouble):
39341 (JSC::DFG::JITCodeGenerator::fillJSValue):
39342 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
39343 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
39344 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
39345 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
39346 (JSC::DFG::JITCodeGenerator::emitCall):
39348 (JSC::DFG::Node::shouldSpeculateInteger):
39349 (JSC::DFG::Node::shouldSpeculateDouble):
39350 (JSC::DFG::Node::shouldSpeculateNumber):
39351 (JSC::DFG::Node::shouldNotSpeculateInteger):
39352 (JSC::DFG::Node::shouldSpeculateFinalObject):
39353 (JSC::DFG::Node::shouldSpeculateFinalObjectOrOther):
39354 (JSC::DFG::Node::shouldSpeculateArray):
39355 (JSC::DFG::Node::shouldSpeculateArrayOrOther):
39356 (JSC::DFG::Node::shouldSpeculateObject):
39357 (JSC::DFG::Node::shouldSpeculateCell):
39358 (JSC::DFG::Node::canSpeculateInteger):
39359 * dfg/DFGSpeculativeJIT.cpp:
39360 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
39361 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
39362 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
39363 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
39364 (JSC::DFG::SpeculativeJIT::compile):
39365 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
39366 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
39367 * dfg/DFGSpeculativeJIT.h:
39368 (JSC::DFG::SpeculativeJIT::isInteger):
39369 (JSC::DFG::SpeculativeJIT::isKnownArray):
39370 (JSC::DFG::SpeculativeJIT::isKnownString):
39371 * dfg/DFGSpeculativeJIT32_64.cpp:
39372 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
39373 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
39374 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
39375 (JSC::DFG::SpeculativeJIT::convertToDouble):
39376 (JSC::DFG::SpeculativeJIT::compare):
39377 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
39378 (JSC::DFG::SpeculativeJIT::emitBranch):
39379 (JSC::DFG::SpeculativeJIT::compile):
39380 * dfg/DFGSpeculativeJIT64.cpp:
39381 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
39382 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
39383 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
39384 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
39385 (JSC::DFG::SpeculativeJIT::compare):
39386 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
39387 (JSC::DFG::SpeculativeJIT::emitBranch):
39388 (JSC::DFG::SpeculativeJIT::compile):
39390 2011-10-06 Gavin Peters <gavinp@chromium.org>
39392 REGRESSION (r96595): First frame in assertion backtraces is no longer labeled "1"
39393 https://bugs.webkit.org/show_bug.cgi?id=69556
39395 Reviewed by Adam Roben.
39397 * wtf/Assertions.cpp:
39399 2011-10-06 Filip Pizlo <fpizlo@apple.com>
39401 DFG implementation of UInt32ToNumber is missing a break statement
39402 https://bugs.webkit.org/show_bug.cgi?id=69552
39404 Reviewed by Oliver Hunt.
39406 * dfg/DFGSpeculativeJIT32_64.cpp:
39407 (JSC::DFG::SpeculativeJIT::compile):
39408 * dfg/DFGSpeculativeJIT64.cpp:
39409 (JSC::DFG::SpeculativeJIT::compile):
39411 2011-10-06 Gavin Barraclough <barraclough@apple.com>
39413 Unreviewed build fix for DFG JIT 32_64 release builds.
39415 * dfg/DFGJITCompiler.cpp:
39416 * dfg/DFGJITCompiler.h:
39417 * dfg/DFGJITCompiler32_64.cpp:
39418 - Remove three unused methods.
39420 2011-10-06 Gavin Barraclough <barraclough@apple.com>
39422 DFG JIT 32_64 should check type of values being filled by fillSpeculateInt
39423 https://bugs.webkit.org/show_bug.cgi?id=69549
39425 Reviewed by Oliver Hunt.
39427 This breaks sunspider/3d-cube.
39429 * dfg/DFGSpeculativeJIT32_64.cpp:
39430 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
39431 - Speculation check on the tag.
39433 2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
39435 Snow Leopard build fix
39437 Unreviewed build fix
39439 * JavaScriptCore.exp:
39441 2011-10-05 Gavin Barraclough <barraclough@apple.com>
39443 Add explicit JSGlobalThis type.
39444 https://bugs.webkit.org/show_bug.cgi?id=69478
39446 Reviewed by Darin Adler.
39448 JSC supports a split global object, as used by WebCore for the Window. As a stage
39449 of making this visible to JSC, make it so that if the global this value is not the
39450 global object itself, it must be a subclass of JSGlobalThis.
39452 * API/JSCallbackObjectFunctions.h:
39453 (JSC::::finishCreation):
39454 - Don't pass the thisValue to JSGlobalObject::finishCreation.
39455 * JavaScriptCore.xcodeproj/project.pbxproj:
39456 - Added JSGlobalThis.h
39458 (GlobalObject::finishCreation):
39459 - Don't pass the thisValue to JSGlobalObject::finishCreation.
39460 * runtime/JSGlobalObject.h:
39461 (JSC::JSGlobalObject::create):
39462 (JSC::JSGlobalObject::finishCreation):
39463 - finishCreation takes a JSGlobalThis, or thisValue is implicit.
39464 * runtime/JSGlobalThis.h: Added.
39465 (JSC::JSGlobalThis::create):
39466 (JSC::JSGlobalThis::JSGlobalThis):
39467 (JSC::JSGlobalThis::finishCreation):
39468 - Thin wrapper on JSNonFinalObject to allow type checking.
39470 (GlobalObject::finishCreation):
39471 - Don't pass the thisValue to JSGlobalObject::finishCreation.
39473 2011-10-06 Mark Hahnenberg <mhahnenberg@apple.com>
39475 JSC objects need to know their own cell size at runtime.
39476 https://bugs.webkit.org/show_bug.cgi?id=69390
39478 Reviewed by Geoffrey Garen.
39480 Added the cellSize field to ClassInfo and the static calculation of
39481 size of each class to the CREATE_METHOD_TABLE macro, which will be
39482 renamed in a followup patch to make its name match its broader use.
39484 Also added a few ClassInfo structs so that each object that is allocated has its
39487 * JavaScriptCore.exp:
39488 * runtime/ClassInfo.h:
39490 Changed JSByteArray s_defaultInfo to s_info so that the template will get the
39491 correct ClassInfo struct from it when it's allocated.
39492 * runtime/JSByteArray.cpp:
39493 * runtime/JSByteArray.h:
39494 * runtime/JSCell.h:
39495 (JSC::allocateCell):
39496 * runtime/JSNotAnObject.cpp:
39497 * runtime/JSNotAnObject.h:
39498 * runtime/JSObject.cpp:
39499 * runtime/JSObject.h:
39500 (JSC::JSCell::cellSize):
39501 * runtime/JSStaticScopeObject.cpp:
39502 * runtime/JSStaticScopeObject.h:
39503 * runtime/StrictEvalActivation.cpp:
39504 * runtime/StrictEvalActivation.h:
39506 2011-10-06 Gavin Peters <gavinp@chromium.org>
39508 export new stack dumping method
39509 https://bugs.webkit.org/show_bug.cgi?id=69018
39511 The original landing of bug 69018 didn't export WTFGetBacktrace, so that when bug 69453 landed, the first use
39512 of this function, many builds broke. So here we add the exports, so that the function is usable.
39514 Reviewed by Adam Roben.
39516 * JavaScriptCore.exp:
39517 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
39519 2011-10-06 Csaba Osztrogonác <ossy@webkit.org>
39521 REGRESSION(r96347): Build is broken with MSVC compiler if !PLATFORM(WINDOWS)
39522 https://bugs.webkit.org/show_bug.cgi?id=69413
39524 Reviewed by Darin Adler.
39526 * assembler/MacroAssemblerCodeRef.h: Define STDCALL for MSVC in a proper way.
39528 2011-10-05 Filip Pizlo <fpizlo@apple.com>
39530 SpeculativeJIT::isKnownString() is wrong
39531 https://bugs.webkit.org/show_bug.cgi?id=69501
39533 Reviewed by Oliver Hunt.
39535 Removed the wrong case (GetLocal predicted String) and added a case that
39538 * dfg/DFGSpeculativeJIT.h:
39539 (JSC::DFG::SpeculativeJIT::isKnownString):
39541 2011-10-05 Ryosuke Niwa <rniwa@webkit.org>
39543 Windows build fix attempt after r96760.
39545 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
39547 2011-10-05 Chris Rogers <crogers@google.com>
39549 Define a log2f() function for Windows in wtf/MathExtras.h
39550 https://bugs.webkit.org/show_bug.cgi?id=69491
39552 Reviewed by Darin Adler.
39554 * wtf/MathExtras.h:
39557 2011-10-05 Jer Noble <jer.noble@apple.com>
39559 Enable WEB_AUDIO by default in the WebKit/mac port.
39560 https://bugs.webkit.org/show_bug.cgi?id=68587
39562 Reviewed by Simon Fraser.
39564 * Configurations/FeatureDefines.xcconfig:
39567 2011-10-05 Filip Pizlo <fpizlo@apple.com>
39569 Assertion hit in JSC::DFG::SpeculativeJIT::compile on SL bots
39570 https://bugs.webkit.org/show_bug.cgi?id=69346
39572 Reviewed by Oliver Hunt.
39574 Removed the assertion, since it was completely wrong for op_post_inc.
39575 Short of having specialized PostInc nodes in the DFG, there is no
39576 robust way of asserting what this assertion was trying to assert while
39577 also supporting op_post_inc.
39579 * dfg/DFGByteCodeParser.cpp:
39580 (JSC::DFG::ByteCodeParser::parseBlock):
39581 * dfg/DFGSpeculativeJIT64.cpp:
39582 (JSC::DFG::SpeculativeJIT::compile):
39583 * dfg/DFGSpeculativeJIT32_64.cpp:
39584 (JSC::DFG::SpeculativeJIT::compile):
39586 2011-10-05 Geoffrey Garen <ggaren@apple.com>
39588 Added a simpler mechanism for registering one-off finalizers
39589 https://bugs.webkit.org/show_bug.cgi?id=69466
39591 Reviewed by Oliver Hunt.
39594 (JSC::Heap::addFinalizer):
39595 (JSC::Heap::FinalizerOwner::finalize):
39596 * heap/Heap.h: New function for adding an arbitrary finalizer for an
39597 arbitrary cell without declaring any special classes or Handles yourself.
39599 * JavaScriptCore.exp: Fix build.
39601 * runtime/Executable.cpp:
39602 (JSC::ExecutableBase::clearCode):
39603 (JSC::ExecutableBase::clearCodeVirtual):
39604 (JSC::EvalExecutable::clearCodeVirtual):
39605 (JSC::ProgramExecutable::clearCodeVirtual):
39606 (JSC::FunctionExecutable::discardCode):
39607 (JSC::FunctionExecutable::clearCodeVirtual):
39608 * runtime/Executable.h:
39609 (JSC::ExecutableBase::finishCreation): Use the new mechanism for eager
39610 finalization of executables.
39612 * runtime/JSGlobalObject.cpp:
39613 (JSC::JSGlobalObject::clearRareData):
39614 * runtime/JSGlobalObject.h:
39615 (JSC::JSGlobalObject::createRareDataIfNeeded):
39616 (JSC::JSGlobalObject::registerWeakMap): Use the new mechanism for eager
39617 finalization of weak maps.
39619 2011-10-05 Adam Roben <aroben@apple.com>
39621 Ensure RetainPtr::hashTableDeletedValue returns a pointer, not a pointer to a pointer
39623 RetainPtr's behavior of allowing the template parameter to be either a pointer type or a
39624 pointed-to type confused us when we implemented hashTableDeletedValue.
39626 Fixes <http://webkit.org/b/69414> <rdar://problem/10236833> Using RetainPtr as the key type
39627 in HashMap/HashSet fails to compile
39629 Reviewed by John Sullivan.
39632 (WTF::RetainPtr::hashTableDeletedValue): Changed to use the PtrType typedef rather than T*,
39633 since T might itself be a pointer.
39635 (WTF::PtrHash<RetainPtr<P> >): Updated this to use PtrType everywhere, even though T* didn't
39636 seem to be causing a problem.
39638 2011-10-05 Oliver Hunt <oliver@apple.com>
39640 Remove last vestiges of anonymous storage.
39642 Reviewed by Gavin Barraclough.
39644 One anonymous storage function escaped my prior purge of
39645 this feature, this patch removes it.
39647 * runtime/JSGlobalObject.h:
39648 (JSC::JSGlobalObject::finishCreation):
39649 * runtime/JSObject.h:
39651 2011-10-04 Filip Pizlo <fpizlo@apple.com>
39653 DFG should be capable of a broader range of speculations on branch and not
39654 https://bugs.webkit.org/show_bug.cgi?id=69322
39656 Reviewed by Oliver Hunt.
39658 * bytecode/PredictedType.h:
39659 (JSC::isFinalObjectOrOtherPrediction):
39660 (JSC::isArrayOrOtherPrediction):
39661 * dfg/DFGJITCodeGenerator.cpp:
39662 * dfg/DFGJITCodeGenerator.h:
39663 (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
39664 * dfg/DFGJITCodeGenerator32_64.cpp:
39665 (JSC::DFG::JITCodeGenerator::fillDouble):
39666 (JSC::DFG::JITCodeGenerator::fillJSValue):
39667 * dfg/DFGJITCodeGenerator64.cpp:
39668 (JSC::DFG::JITCodeGenerator::fillDouble):
39669 (JSC::DFG::JITCodeGenerator::fillJSValue):
39670 * dfg/DFGOperations.cpp:
39671 * dfg/DFGSpeculativeJIT.h:
39672 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObjectOrOther):
39673 (JSC::DFG::SpeculativeJIT::shouldSpeculateArrayOrOther):
39674 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
39675 * dfg/DFGSpeculativeJIT32_64.cpp:
39676 (JSC::DFG::SpeculativeJIT::emitBranch):
39677 * dfg/DFGSpeculativeJIT64.cpp:
39678 (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
39679 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
39680 (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
39681 (JSC::DFG::SpeculativeJIT::emitBranch):
39683 2011-10-05 Sheriff Bot <webkit.review.bot@gmail.com>
39685 Unreviewed, rolling out r96733.
39686 http://trac.webkit.org/changeset/96733
39687 https://bugs.webkit.org/show_bug.cgi?id=69454
39689 Broke GCC for some reason (Requested by andersca on #webkit).
39691 * wtf/ListHashSet.h:
39692 (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
39693 (WTF::ListHashSetReverseIterator::get):
39694 (WTF::ListHashSetReverseIterator::operator*):
39695 (WTF::ListHashSetReverseIterator::operator->):
39696 (WTF::ListHashSetReverseIterator::operator++):
39697 (WTF::ListHashSetReverseIterator::operator--):
39698 (WTF::ListHashSetReverseIterator::operator==):
39699 (WTF::ListHashSetReverseIterator::operator!=):
39700 (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
39701 (WTF::ListHashSetReverseIterator::node):
39702 (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
39703 (WTF::ListHashSetConstReverseIterator::get):
39704 (WTF::ListHashSetConstReverseIterator::operator*):
39705 (WTF::ListHashSetConstReverseIterator::operator->):
39706 (WTF::ListHashSetConstReverseIterator::operator++):
39707 (WTF::ListHashSetConstReverseIterator::operator--):
39708 (WTF::ListHashSetConstReverseIterator::operator==):
39709 (WTF::ListHashSetConstReverseIterator::operator!=):
39710 (WTF::ListHashSetConstReverseIterator::node):
39713 (WTF::::makeReverseIterator):
39714 (WTF::::makeConstReverseIterator):
39716 2011-10-04 Oliver Hunt <oliver@apple.com>
39718 Add rudimentary filtering to write barriers
39719 https://bugs.webkit.org/show_bug.cgi?id=69392
39721 Reviewed by Filip Pizlo.
39723 Add approximate filtering for write barriers based on the
39724 target's mark bit. Also add some macros to support dumping
39727 * dfg/DFGJITCodeGenerator.cpp:
39728 (JSC::DFG::JITCodeGenerator::markCellCard):
39730 (JSC::GCTimer::GCTimerScope::GCTimerScope):
39731 (JSC::GCTimer::GCTimerScope::~GCTimerScope):
39732 (JSC::Heap::markRoots):
39733 (JSC::Heap::collect):
39734 Add phase timing information.
39735 * heap/MarkedBlock.h:
39736 (JSC::MarkedBlock::offsetOfMarks):
39737 (JSC::MarkedBlock::gatherDirtyCells):
39738 * jit/JITPropertyAccess.cpp:
39739 (JSC::JIT::emitWriteBarrier):
39741 2011-10-05 Anders Carlsson <andersca@apple.com>
39743 Use std::reverse_iterator for ListHashSet reverse iterators
39744 https://bugs.webkit.org/show_bug.cgi?id=69446
39746 Reviewed by Darin Adler.
39748 * wtf/ListHashSet.h:
39749 Use the std::reverse_iterator iterator adaptor for the ListHashSet reverse iterators
39750 and get rid of the ListHashSetReverseIterator and ListHashSetConstReverseIterator classes.
39752 2011-10-04 Gavin Barraclough <barraclough@apple.com>
39754 Make Object.prototype getter/setter methods match ES5 behaviour
39755 https://bugs.webkit.org/show_bug.cgi?id=69393
39757 Reviewed by Sam Weinig.
39759 The rest of Object.prototype no longer substitute Null/Undefined with the global object,
39760 this is old ES3 behaviour. Remove it here too.
39762 * runtime/ObjectPrototype.cpp:
39763 (JSC::objectProtoFuncDefineGetter):
39764 (JSC::objectProtoFuncDefineSetter):
39765 (JSC::objectProtoFuncLookupGetter):
39766 (JSC::objectProtoFuncLookupSetter):
39768 2011-10-05 Patrick Gansterer <paroga@webkit.org>
39770 Get rid of posixThread in MachineStackMarker::Thread
39771 https://bugs.webkit.org/show_bug.cgi?id=54836
39773 Reviewed by Oliver Hunt.
39775 * heap/MachineStackMarker.cpp:
39776 (JSC::MachineThreads::Thread::Thread):
39777 (JSC::getCurrentPlatformThread):
39778 (JSC::equalThread):
39779 (JSC::MachineThreads::addCurrentThread):
39780 (JSC::MachineThreads::removeCurrentThread):
39781 (JSC::MachineThreads::gatherConservativeRoots):
39783 2011-10-04 Geoffrey Garen <ggaren@apple.com>
39785 Removed JSValue::toJSNumber
39786 https://bugs.webkit.org/show_bug.cgi?id=69399
39790 toJSNumber() used to provide an implicit fast path for immediate numbers,
39791 but those fast paths are all explicit now, so it's just cruft.
39793 * interpreter/Interpreter.cpp:
39794 (JSC::Interpreter::privateExecute):
39795 * jit/JITStubs.cpp:
39796 (JSC::DEFINE_STUB_FUNCTION):
39797 * runtime/JSValue.h:
39798 * runtime/JSValueInlineMethods.h:
39800 2011-10-05 Gavin Peters <gavinp@chromium.org>
39802 REGRESSION (r96595): WTFReportBacktrace listed as the top frame in all assertion backtraces
39803 https://bugs.webkit.org/show_bug.cgi?id=69424
39805 Skip an extra frame in WTFReportBacktrace. As well, I now don't count skipped frames in maxFrames,
39806 so I've updated maxFrames to 31, as with one skipped frame the previous value was effectively
39807 31 reported frames.
39809 Reviewed by Adam Roben.
39811 * wtf/Assertions.cpp:
39812 * wtf/Assertions.h:
39814 2011-10-05 Patrick Gansterer <paroga@webkit.org>
39816 Unreviewed WinCE build fix for r96595.
39818 * wtf/Assertions.cpp:
39819 RtlCaptureStackBackTrace() isn't available on WinCE.
39821 2011-10-04 Kent Tamura <tkent@chromium.org>
39823 Introduce feature flags for incomplete input types
39824 https://bugs.webkit.org/show_bug.cgi?id=68971
39826 Reviewed by Hajime Morita.
39828 * Configurations/FeatureDefines.xcconfig:
39829 Add ENABLE_INPUT_TYPE_* flags. They are enabled only for iOS.
39831 2011-10-04 Geoffrey Garen <ggaren@apple.com>
39835 * jit/JITStubs.cpp:
39836 (JSC::DEFINE_STUB_FUNCTION): Use an explicit cast when shortening.
39838 2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
39840 Add static ClassInfo structs to classes that override JSCell::getCallData
39841 https://bugs.webkit.org/show_bug.cgi?id=69311
39843 Reviewed by Darin Adler.
39845 Added ClassInfo structs to each class that defined its own getCallData
39846 function but did not already have its own ClassInfo struct. This is a
39847 necessary addition for when we switch over to looking up getCallData from
39848 the MethodTable in ClassInfo rather than doing the virtual call (which we
39849 are removing). These new ClassInfo structs are public because we often
39850 use these structs in other areas of the code to uniquely identify JSC classes and
39851 to enforce runtime invariants based on those class identities using ASSERTs.
39852 Also added new createStructure methods to those classes that didn't have
39853 them so that the new ClassInfo structs would be used when creating the Structures
39856 * runtime/BooleanConstructor.cpp:
39857 * runtime/BooleanConstructor.h:
39858 (JSC::BooleanConstructor::createStructure):
39860 getCallData was not marked as static in StrictModeTypeErrorFunction.
39861 * runtime/Error.cpp:
39862 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
39863 (JSC::StrictModeTypeErrorFunction::getCallData):
39864 (JSC::StrictModeTypeErrorFunction::createStructure):
39865 * runtime/ErrorConstructor.cpp:
39866 * runtime/ErrorConstructor.h:
39867 (JSC::ErrorConstructor::createStructure):
39868 * runtime/FunctionConstructor.cpp:
39869 * runtime/FunctionConstructor.h:
39870 (JSC::FunctionConstructor::createStructure):
39871 * runtime/FunctionPrototype.cpp:
39872 * runtime/FunctionPrototype.h:
39874 2011-10-03 Geoffrey Garen <ggaren@apple.com>
39876 Some JSValue cleanup
39877 https://bugs.webkit.org/show_bug.cgi?id=69320
39879 Reviewed by Darin Adler.
39881 No measurable performance change.
39883 Removed some JSValue::get* functions. get* used to be an optimization
39884 when every value operation was a virtual function call: get* would combine
39885 two virtual calls into one. Now, with non-virtual, inlined functions, get*
39886 isn't faster, and may be slightly slower.
39888 Merged getBoolean(bool&) and getBoolean() into asBoolean().
39890 Merged uncheckedGetNumber(), getJSNumber() and getNumber() into
39893 * runtime/JSValue.h:
39894 * runtime/JSValueInlineMethods.h:
39895 (JSC::JSValue::asNumber):
39896 (JSC::JSValue::asBoolean): As promised!
39898 * runtime/NumberPrototype.cpp:
39899 (JSC::toThisNumber):
39900 (JSC::numberProtoFuncToExponential):
39901 (JSC::numberProtoFuncToFixed):
39902 (JSC::numberProtoFuncToPrecision):
39903 (JSC::numberProtoFuncToString):
39904 (JSC::numberProtoFuncToLocaleString):
39905 (JSC::numberProtoFuncValueOf): Removed a bunch of uses of getJSNumber()
39906 by switching to toThisNumber().
39908 * API/JSCallbackObjectFunctions.h:
39911 (JSC::DFG::Graph::valueOfNumberConstant):
39912 (JSC::DFG::Graph::valueOfBooleanConstant):
39913 * dfg/DFGOperations.cpp:
39914 (JSC::DFG::putByVal):
39915 * interpreter/Interpreter.cpp:
39916 (JSC::Interpreter::privateExecute):
39917 * jit/JITStubs.cpp:
39918 (JSC::DEFINE_STUB_FUNCTION):
39919 * runtime/DateInstance.h:
39920 (JSC::DateInstance::internalNumber):
39921 * runtime/FunctionPrototype.cpp:
39922 (JSC::functionProtoFuncBind):
39923 * runtime/JSArray.cpp:
39924 (JSC::compareNumbersForQSort): Replaced getNumber() => isNumber() / asNumber().
39925 getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
39927 * runtime/JSCell.cpp:
39928 * runtime/JSCell.h: Nixed getJSNumber().
39930 * runtime/JSGlobalObjectFunctions.cpp:
39931 (JSC::globalFuncParseInt):
39932 * runtime/JSONObject.cpp:
39934 (JSC::Stringifier::Stringifier):
39935 (JSC::Stringifier::appendStringifiedValue):
39936 * runtime/NumberObject.cpp:
39937 * runtime/NumberObject.h:
39938 (JSC::NumberObject::createStructure):
39939 * runtime/Operations.h:
39940 (JSC::JSValue::equalSlowCaseInline):
39941 (JSC::JSValue::strictEqual):
39944 (JSC::jsAdd): Replaced getNumber() => isNumber() / asNumber().
39945 getBoolean() => isBoolean() / asBoolean(), uncheckedGetNumber() => asNumber().
39947 2011-10-04 Scott Graham <scottmg@chromium.org>
39949 Add GAMEPAD feature flag
39950 https://bugs.webkit.org/show_bug.cgi?id=66859
39952 Reviewed by Darin Fisher.
39954 * Configurations/FeatureDefines.xcconfig:
39956 2011-10-03 Filip Pizlo <fpizlo@apple.com>
39958 JITCodeGenerator should no longer have code that tries too hard
39959 to be both speculative and non-speculative
39960 https://bugs.webkit.org/show_bug.cgi?id=69321
39962 Reviewed by Gavin Barraclough.
39964 Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
39965 This required moving emitBranch() to SpeculativeJIT, since it was
39966 the main user of that field and method. Other than trvial clean-ups
39967 in emitBranch(), the code is unchanged (and still has some disparity
39968 between 64 and 32_64, and still lacks some obvious optimizations).
39970 * dfg/DFGJITCodeGenerator.cpp:
39971 * dfg/DFGJITCodeGenerator.h:
39972 (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
39973 * dfg/DFGJITCodeGenerator32_64.cpp:
39974 (JSC::DFG::JITCodeGenerator::fillDouble):
39975 (JSC::DFG::JITCodeGenerator::fillJSValue):
39976 * dfg/DFGJITCodeGenerator64.cpp:
39977 (JSC::DFG::JITCodeGenerator::fillDouble):
39978 (JSC::DFG::JITCodeGenerator::fillJSValue):
39979 * dfg/DFGSpeculativeJIT.h:
39980 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
39981 * dfg/DFGSpeculativeJIT32_64.cpp:
39982 (JSC::DFG::SpeculativeJIT::emitBranch):
39983 * dfg/DFGSpeculativeJIT64.cpp:
39984 (JSC::DFG::SpeculativeJIT::emitBranch):
39986 2011-10-04 David Hyatt <hyatt@apple.com>
39988 https://bugs.webkit.org/show_bug.cgi?id=69372
39990 [CSS3 Regions] Make sure overflow:visible lets content spill out of regions.
39992 Add support for reverse iteration to ListHashSet to support being able to walk them
39995 Reviewed by Anders Carlsson.
39997 * wtf/ListHashSet.h:
39998 (WTF::ListHashSetReverseIterator::ListHashSetReverseIterator):
39999 (WTF::ListHashSetReverseIterator::get):
40000 (WTF::ListHashSetReverseIterator::operator*):
40001 (WTF::ListHashSetReverseIterator::operator->):
40002 (WTF::ListHashSetReverseIterator::operator++):
40003 (WTF::ListHashSetReverseIterator::operator--):
40004 (WTF::ListHashSetReverseIterator::operator==):
40005 (WTF::ListHashSetReverseIterator::operator!=):
40006 (WTF::ListHashSetReverseIterator::operator const_reverse_iterator):
40007 (WTF::ListHashSetReverseIterator::node):
40008 (WTF::ListHashSetConstReverseIterator::ListHashSetConstReverseIterator):
40009 (WTF::ListHashSetConstReverseIterator::get):
40010 (WTF::ListHashSetConstReverseIterator::operator*):
40011 (WTF::ListHashSetConstReverseIterator::operator->):
40012 (WTF::ListHashSetConstReverseIterator::operator++):
40013 (WTF::ListHashSetConstReverseIterator::operator--):
40014 (WTF::ListHashSetConstReverseIterator::operator==):
40015 (WTF::ListHashSetConstReverseIterator::operator!=):
40016 (WTF::ListHashSetConstReverseIterator::node):
40019 (WTF::::makeReverseIterator):
40020 (WTF::::makeConstReverseIterator):
40021 (WTF::::makeConstIterator):
40023 2011-10-04 Gavin Peters <gavinp@chromium.org>
40025 fix gtk breakage caused by changeset 96595
40026 https://bugs.webkit.org/show_bug.cgi?id=69371
40028 ews did not catch build breakage in the gtk WebKitPluginProcess target; this patch removes
40029 the pretty printer on gtk, which should fix the build on that platform.
40031 Reviewed by NOBODY, this is a build fix.
40033 * wtf/Assertions.cpp:
40035 2011-10-04 Sheriff Bot <webkit.review.bot@gmail.com>
40037 Unreviewed, rolling out r96630.
40038 http://trac.webkit.org/changeset/96630
40039 https://bugs.webkit.org/show_bug.cgi?id=69368
40041 Caused assertion failures in validateCell (Requested by
40042 mhahnenberg on #webkit).
40044 * runtime/BooleanConstructor.cpp:
40045 * runtime/BooleanConstructor.h:
40046 * runtime/Error.cpp:
40047 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
40048 (JSC::StrictModeTypeErrorFunction::getCallData):
40049 * runtime/ErrorConstructor.cpp:
40050 * runtime/ErrorConstructor.h:
40051 * runtime/FunctionConstructor.cpp:
40052 * runtime/FunctionConstructor.h:
40053 * runtime/FunctionPrototype.cpp:
40054 * runtime/FunctionPrototype.h:
40056 2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
40058 Add static ClassInfo structs to classes that override JSCell::getCallData
40059 https://bugs.webkit.org/show_bug.cgi?id=69311
40061 Reviewed by Darin Adler.
40063 Added ClassInfo structs to each class that defined its own getCallData
40064 function but did not already have its own ClassInfo struct. This is a
40065 necessary addition for when we switch over to looking up getCallData from
40066 the MethodTable in ClassInfo rather than doing the virtual call (which we
40067 are removing). These new ClassInfo structs are public because we often
40068 use these structs in other areas of the code to uniquely identify JSC classes and
40069 to enforce runtime invariants based on those class identities using ASSERTs.
40071 * runtime/BooleanConstructor.cpp:
40072 * runtime/BooleanConstructor.h:
40074 getCallData was not marked as static is StrictModeTypeErrorFunction.
40075 * runtime/Error.cpp:
40076 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
40077 (JSC::StrictModeTypeErrorFunction::getCallData):
40078 * runtime/ErrorConstructor.cpp:
40079 * runtime/ErrorConstructor.h:
40080 * runtime/FunctionConstructor.cpp:
40081 * runtime/FunctionConstructor.h:
40082 * runtime/FunctionPrototype.cpp:
40083 * runtime/FunctionPrototype.h:
40085 2011-10-04 Ryosuke Niwa <rniwa@webkit.org>
40087 Leopard build fix after r96613.
40091 2011-10-04 Mark Hahnenberg <mhahnenberg@apple.com>
40093 Implicitly add toString and valueOf to prototype when convertToType callback is provided
40094 https://bugs.webkit.org/show_bug.cgi?id=69156
40096 Reviewed by Geoffrey Garen.
40098 Added callbacks for toString and valueOf which are implicitly added to a client object's
40099 prototype if they provide a convertToType callback when declaring their class through
40102 * API/JSCallbackFunction.cpp:
40103 (JSC::JSCallbackFunction::toStringCallback):
40104 (JSC::JSCallbackFunction::valueOfCallback):
40105 * API/JSCallbackFunction.h:
40106 * API/JSClassRef.cpp:
40107 (OpaqueJSClass::prototype):
40108 * API/tests/testapi.js:
40110 2011-10-03 Jon Lee <jonlee@apple.com>
40112 Extend DOM WheelEvent to differentiate between physical and logical scroll directions
40113 https://bugs.webkit.org/show_bug.cgi?id=68959
40114 <rdar://problem/10036688>
40116 Reviewed by Sam Weinig.
40118 * wtf/Platform.h: Added HAVE_INVERTED_WHEEL_EVENTS for Lion and later.
40120 2011-10-04 Csaba Osztrogonác <ossy@webkit.org>
40122 MinGW warning fix after r96286.
40124 Avoid redefining STDCALL, because STDCALL is also defined in mingw32/include/windef.h:
40125 #define __stdcall __attribute__((stdcall))
40126 #define STDCALL __stdcall
40128 Reviewed by Tor Arne Vestbø.
40130 * assembler/MacroAssemblerCodeRef.h:
40132 2011-10-04 Gavin Peters <gavinp@chromium.org>
40134 add more stack dumping methods
40135 https://bugs.webkit.org/show_bug.cgi?id=69018
40137 In addition to WTFReportBacktrace, this adds the cross-platform WTFGetBacktrace, which lets
40138 WebKit programmatically retrieve the current stack. This is useful if you need to add more
40139 reporting to field crash report uploads, if you're tracking down an irreproducable bug,
40142 Reviewed by Darin Adler.
40144 * wtf/Assertions.cpp:
40145 * wtf/Assertions.h:
40147 2011-10-03 Filip Pizlo <fpizlo@apple.com>
40149 DFG should inline Array.push and Array.pop
40150 https://bugs.webkit.org/show_bug.cgi?id=69314
40152 Reviewed by Geoff Garen.
40156 * dfg/DFGSpeculativeJIT32_64.cpp:
40157 (JSC::DFG::SpeculativeJIT::compile):
40159 2011-10-03 Filip Pizlo <fpizlo@apple.com>
40161 DFG should inline Array.push and Array.pop
40162 https://bugs.webkit.org/show_bug.cgi?id=69314
40164 Reviewed by Oliver Hunt.
40166 1% speed-up in V8 due to 6% speed-up in V8-deltablue.
40168 * assembler/MacroAssemblerX86_64.h:
40169 (JSC::MacroAssemblerX86_64::storePtr):
40170 * create_hash_table:
40171 * dfg/DFGByteCodeParser.cpp:
40172 (JSC::DFG::ByteCodeParser::handleIntrinsic):
40173 (JSC::DFG::ByteCodeParser::parseBlock):
40174 * dfg/DFGGraph.cpp:
40175 (JSC::DFG::Graph::dump):
40176 * dfg/DFGIntrinsic.h:
40178 (JSC::DFG::Node::hasHeapPrediction):
40179 * dfg/DFGOperations.cpp:
40180 * dfg/DFGOperations.h:
40181 * dfg/DFGPropagator.cpp:
40182 (JSC::DFG::Propagator::propagateNodePredictions):
40183 (JSC::DFG::Propagator::getByValLoadElimination):
40184 (JSC::DFG::Propagator::getMethodLoadElimination):
40185 * dfg/DFGSpeculativeJIT32_64.cpp:
40186 (JSC::DFG::SpeculativeJIT::compile):
40187 * dfg/DFGSpeculativeJIT64.cpp:
40188 (JSC::DFG::SpeculativeJIT::compile):
40190 2011-10-03 Filip Pizlo <fpizlo@apple.com>
40192 JSC ASSERT Opening the Web Inspector
40193 https://bugs.webkit.org/show_bug.cgi?id=69293
40195 Reviewed by Oliver Hunt.
40197 If a polymorphic access structure list has a duplicated structure, then
40200 * dfg/DFGByteCodeParser.cpp:
40201 (JSC::DFG::ByteCodeParser::parseBlock):
40203 2011-10-03 Gavin Barraclough <barraclough@apple.com>
40205 On X86, switch bucketCount into a register, timeoutCheck into memory
40206 https://bugs.webkit.org/show_bug.cgi?id=69299
40208 Reviewed by Geoff Garen.
40210 We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
40211 it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
40212 but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
40213 function too frequently (regressing performance). This patch has no perf impact on sunspider.
40215 * JavaScriptCore.xcodeproj/project.pbxproj:
40216 * assembler/MacroAssemblerX86.h:
40217 (JSC::MacroAssemblerX86::branchAdd32):
40218 (JSC::MacroAssemblerX86::branchSub32):
40219 - Added branchSub32 with AbsoluteAddress.
40221 (JSC::JIT::emitTimeoutCheck):
40222 - Keep timeout count in memory on X86.
40223 * jit/JITInlineMethods.h:
40224 (JSC::JIT::emitValueProfilingSite):
40225 - remove X86 specific code, switch bucket count back into a register.
40226 * jit/JITStubs.cpp:
40227 - Stop initializing esi (it is no longer the timeoutCheck!)
40228 * jit/JSInterfaceJIT.h:
40229 - change definition of esi to be the bucketCountRegister.
40230 * runtime/JSGlobalData.cpp:
40231 (JSC::JSGlobalData::JSGlobalData):
40232 * runtime/JSGlobalData.h:
40233 - Add timeoutCount as a property to global data (the counter should be per-thread).
40235 2011-10-03 Filip Pizlo <fpizlo@apple.com>
40237 DFG backends don't have access to per-node predictions from the propagator
40238 https://bugs.webkit.org/show_bug.cgi?id=69291
40240 Reviewed by Oliver Hunt.
40242 Nodes now have two notion of predictions: the heap prediction, which is
40243 what came directly from value profiling, and the propagator's predictions,
40244 which arise out of abstract interpretation. Every node has a propagator
40245 prediction, but not every node has a heap prediction; and there is no
40246 guarantee that a node that has both will keep them consistent as the
40247 propagator may have additional information available to it.
40249 This is performance neutral.
40251 * dfg/DFGGraph.cpp:
40252 (JSC::DFG::Graph::dump):
40254 * dfg/DFGJITCompiler.h:
40255 (JSC::DFG::JITCompiler::getPrediction):
40257 (JSC::DFG::Node::Node):
40258 (JSC::DFG::Node::hasHeapPrediction):
40259 (JSC::DFG::Node::getHeapPrediction):
40260 (JSC::DFG::Node::predictHeap):
40261 (JSC::DFG::Node::prediction):
40262 (JSC::DFG::Node::predict):
40263 * dfg/DFGPropagator.cpp:
40264 (JSC::DFG::Propagator::Propagator):
40265 (JSC::DFG::Propagator::setPrediction):
40266 (JSC::DFG::Propagator::mergePrediction):
40267 (JSC::DFG::Propagator::propagateNodePredictions):
40268 (JSC::DFG::Propagator::fixupNode):
40269 (JSC::DFG::Propagator::isPredictedNumerical):
40270 (JSC::DFG::Propagator::logicalNotIsPure):
40271 (JSC::DFG::Propagator::setReplacement):
40273 2011-10-03 Jer Noble <jer.noble@apple.com>
40275 Unreviewed, rolling out r96526.
40276 http://trac.webkit.org/changeset/96526
40277 https://bugs.webkit.org/show_bug.cgi?id=68587
40279 WEB_AUDIO has numerous 64->32 bit casting warnings, causing
40280 build breakages where -Wall is enabled.
40282 * Configurations/FeatureDefines.xcconfig:
40285 2011-10-03 Gavin Barraclough <barraclough@apple.com>
40287 Unreviewed build fix for DFG JIT 32_64.
40289 * dfg/DFGJITCompiler32_64.cpp:
40290 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
40291 * dfg/DFGSpeculativeJIT32_64.cpp:
40292 (JSC::DFG::SpeculativeJIT::compile):
40294 2011-10-02 Filip Pizlo <fpizlo@apple.com>
40296 DFG should speculate more aggressively on obvious cases on
40297 polymorphic get_by_id
40298 https://bugs.webkit.org/show_bug.cgi?id=69235
40300 Reviewed by Oliver Hunt.
40302 This implements trivial polymorphic get_by_id. It also fixes
40303 problems in the CSE for CheckStructure in the put_by_id
40306 Doing this required knowing whether a polymorphic get_by_id stub
40307 was doing a direct access rather than a call of some kind.
40309 Slight speed-up on Kraken and SunSpider. 0.5% speed-up in the
40310 scaled mean of all benchmarks.
40312 * GNUmakefile.list.am:
40313 * JavaScriptCore.xcodeproj/project.pbxproj:
40314 * bytecode/Instruction.h:
40315 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
40316 (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
40317 * dfg/DFGByteCodeParser.cpp:
40318 (JSC::DFG::ByteCodeParser::cellConstant):
40319 (JSC::DFG::ByteCodeParser::parseBlock):
40320 * dfg/DFGGraph.cpp:
40321 (JSC::DFG::Graph::dump):
40323 (JSC::DFG::Graph::addStructureSet):
40324 (JSC::DFG::Graph::addStructureTransitionData):
40326 (JSC::DFG::StructureTransitionData::StructureTransitionData):
40327 (JSC::DFG::Node::hasStructureTransitionData):
40328 (JSC::DFG::Node::structureTransitionData):
40329 (JSC::DFG::Node::hasStructureSet):
40330 (JSC::DFG::Node::structureSet):
40331 * dfg/DFGPropagator.cpp:
40332 (JSC::DFG::Propagator::checkStructureLoadElimination):
40333 (JSC::DFG::Propagator::performNodeCSE):
40334 * dfg/DFGRepatch.cpp:
40335 (JSC::DFG::tryBuildGetByIDList):
40336 (JSC::DFG::tryBuildGetByIDProtoList):
40337 * dfg/DFGSpeculativeJIT32_64.cpp:
40338 (JSC::DFG::SpeculativeJIT::compile):
40339 * dfg/DFGSpeculativeJIT64.cpp:
40340 (JSC::DFG::SpeculativeJIT::compile):
40341 * dfg/DFGStructureSet.h: Added.
40342 (JSC::DFG::StructureSet::StructureSet):
40343 (JSC::DFG::StructureSet::add):
40344 (JSC::DFG::StructureSet::addAll):
40345 (JSC::DFG::StructureSet::remove):
40346 (JSC::DFG::StructureSet::contains):
40347 (JSC::DFG::StructureSet::isSubsetOf):
40348 (JSC::DFG::StructureSet::isSupersetOf):
40349 (JSC::DFG::StructureSet::size):
40350 (JSC::DFG::StructureSet::at):
40351 (JSC::DFG::StructureSet::operator[]):
40352 (JSC::DFG::StructureSet::last):
40353 * jit/JITPropertyAccess.cpp:
40354 (JSC::JIT::privateCompileGetByIdSelfList):
40355 (JSC::JIT::privateCompileGetByIdProtoList):
40356 (JSC::JIT::privateCompileGetByIdChainList):
40357 * jit/JITPropertyAccess32_64.cpp:
40358 (JSC::JIT::privateCompileGetByIdSelfList):
40359 (JSC::JIT::privateCompileGetByIdProtoList):
40360 (JSC::JIT::privateCompileGetByIdChainList):
40361 * jit/JITStubs.cpp:
40362 (JSC::DEFINE_STUB_FUNCTION):
40363 (JSC::getPolymorphicAccessStructureListSlot):
40365 2011-10-03 Jer Noble <jer.noble@apple.com>
40367 Enable WEB_AUDIO by default in the WebKit/mac port.
40368 https://bugs.webkit.org/show_bug.cgi?id=68587
40370 Reviewed by Simon Fraser.
40372 * Configurations/FeatureDefines.xcconfig:
40375 2011-10-03 Carlos Garcia Campos <cgarcia@igalia.com>
40377 [GTK] Fix make distcheck build
40378 https://bugs.webkit.org/show_bug.cgi?id=69243
40380 Reviewed by Martin Robinson.
40382 * GNUmakefile.list.am:
40384 2011-10-03 Pierre Rossi <pierre.rossi@gmail.com>
40386 [Qt] Build fix: Qt::escape is deprecated in Qt5
40387 https://bugs.webkit.org/show_bug.cgi?id=69162
40389 Use QString::toHtmlEscaped in the Qt5 case.
40391 Reviewed by Andreas Kling.
40393 * JavaScriptCore.pri:
40394 * wtf/qt/UtilsQt.h: Added.
40398 2011-10-03 Balazs Kelemen <kbalazs@webkit.org>
40400 libdispatch based ParallelJobs is not enough parallel
40401 https://bugs.webkit.org/show_bug.cgi?id=66378
40403 Reviewed by Zoltan Herczeg.
40405 Use the appropriate libdispatch API for our use case.
40406 Throw away the hard coded limit of parallel threads
40407 and use dispatch_apply with the default priority normal
40408 queue istead of using our own custom serial queue (which
40409 was a misuse of the API). Enabling PARALLEL_JOBS is now
40410 a 60% win (2.63x as fast) on the methanol benchmark
40411 (https://gitorious.org/methanol) with an SVG centric test set
40412 while the old implementation was almost identical (less than 5% win).
40414 * wtf/ParallelJobsLibdispatch.h:
40415 (WTF::ParallelEnvironment::ParallelEnvironment):
40416 (WTF::ParallelEnvironment::execute):
40418 2011-10-02 Zoltan Herczeg <zherczeg@webkit.org>
40420 [Qt]REGRESSION(r95912): It made sputnik tests flakey
40421 https://bugs.webkit.org/show_bug.cgi?id=68990
40423 Reviewed by Geoffrey Garen.
40425 Changing signed char to int in r96354 solved the
40426 problem. However transitionCount still returns
40427 with a signed char and should be changed to int.
40429 * runtime/Structure.h:
40430 (JSC::Structure::transitionCount):
40432 2011-10-02 Filip Pizlo <fpizlo@apple.com>
40434 DFG misses some obvious opportunities for common subexpression elimination
40435 https://bugs.webkit.org/show_bug.cgi?id=69233
40437 Reviewed by Oliver Hunt.
40439 0.7% speed-up on SunSpider.
40441 * dfg/DFGPropagator.cpp:
40442 (JSC::DFG::Propagator::getByValLoadElimination):
40443 (JSC::DFG::Propagator::getMethodLoadElimination):
40444 (JSC::DFG::Propagator::checkStructureLoadElimination):
40445 (JSC::DFG::Propagator::getByOffsetLoadElimination):
40446 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
40447 (JSC::DFG::Propagator::performNodeCSE):
40449 2011-10-02 Gavin Barraclough <barraclough@apple.com>
40451 Bug 67455 - Different regular expression result
40453 Reviewed by Darin Adler.
40455 Fix a regression introduced in r72140. A return was added to the backtracking loop for
40456 backtrackParentheses with QuantifierNonGreedy, so it always returns after one iteration.
40457 This is incorrect. The additional return should only trigger to force an early return if
40458 an error has occured.
40460 * yarr/YarrInterpreter.cpp:
40461 (JSC::Yarr::Interpreter::matchParentheses):
40462 - Simplify some nested if else logic.
40463 (JSC::Yarr::Interpreter::backtrackParentheses):
40464 - Simplify some nested if else logic.
40465 - Only return early from backtrackParentheses on success/error, not on failure.
40467 2011-10-01 Geoffrey Garen <ggaren@apple.com>
40469 Removed redundant helper functions for allocating Strong handles
40470 https://bugs.webkit.org/show_bug.cgi?id=69218
40472 Reviewed by Sam Weinig.
40475 (JSC::Heap::handleHeap):
40476 * runtime/JSGlobalData.h: Removed these helper functions, since they
40477 just created indirection.
40479 * heap/StrongInlines.h: Added. Broke out a header for inline functions
40480 to resolve circular dependencies created by inlining. I'm told this is
40481 the future for JavaScriptCore.
40483 * GNUmakefile.list.am:
40484 * JavaScriptCore.gypi:
40485 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
40486 * JavaScriptCore.xcodeproj/project.pbxproj: Go forth and build.
40488 * API/JSCallbackObjectFunctions.h:
40490 * runtime/WeakGCMap.h:
40491 (JSC::WeakGCMap::add):
40492 (JSC::WeakGCMap::set):
40493 * runtime/StructureTransitionTable.h:
40494 (JSC::StructureTransitionTable::setSingleTransition):
40502 (JSC::Weak::set): Allocate handles directly instead of going through a
40503 chain of forwarding functions.
40505 * bytecompiler/BytecodeGenerator.cpp:
40506 * runtime/JSGlobalData.cpp:
40507 * runtime/LiteralParser.cpp:
40508 * runtime/RegExpCache.cpp: Updated for header changes.
40510 2011-09-30 Filip Pizlo <fpizlo@apple.com>
40512 All of JSC's heuristics should be in one place for easier tuning
40513 https://bugs.webkit.org/show_bug.cgi?id=69201
40515 Reviewed by Oliver Hunt.
40517 This makes it possible to change tiered compilation heuristics in
40518 one place (Heuristics.cpp) without recompiling the whole project.
40520 It also makes it possible to enable setting heuristics using
40521 environment variables. This is off by default. When turned on, it
40522 makes tuning the system much easier.
40525 * GNUmakefile.list.am:
40526 * JavaScriptCore.pro:
40527 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
40528 * JavaScriptCore.xcodeproj/project.pbxproj:
40529 * bytecode/CodeBlock.cpp:
40530 (JSC::CodeBlock::shouldOptimizeNow):
40531 * bytecode/CodeBlock.h:
40532 * dfg/DFGJITCompiler.cpp:
40533 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
40535 (JSC::JIT::emitOptimizationCheck):
40536 * runtime/Heuristics.cpp: Added.
40537 (JSC::Heuristics::parse):
40538 (JSC::Heuristics::setHeuristic):
40539 (JSC::Heuristics::initializeHeuristics):
40540 * runtime/Heuristics.h: Added.
40541 * runtime/InitializeThreading.cpp:
40542 (JSC::initializeThreadingOnce):
40544 2011-10-01 Oliver Hunt <oliver@apple.com>
40546 Support string length in the DFG
40547 https://bugs.webkit.org/show_bug.cgi?id=69215
40549 Reviewed by Geoff Garen.
40551 Adds a GetStringLength node to the DFG so that we can support
40552 string.length inline.
40555 * dfg/DFGPropagator.cpp:
40556 (JSC::DFG::Propagator::propagateNodePredictions):
40557 (JSC::DFG::Propagator::fixupNode):
40558 (JSC::DFG::Propagator::performNodeCSE):
40559 * dfg/DFGSpeculativeJIT.h:
40560 (JSC::DFG::SpeculativeJIT::isKnownString):
40561 * dfg/DFGSpeculativeJIT32_64.cpp:
40562 (JSC::DFG::SpeculativeJIT::compile):
40563 * dfg/DFGSpeculativeJIT64.cpp:
40564 (JSC::DFG::SpeculativeJIT::compile):
40565 * runtime/JSString.h:
40566 (JSC::JSString::offsetOfLength):
40568 2011-10-01 Yuqiang Xian <yuqiang.xian@intel.com>
40570 JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT
40571 https://bugs.webkit.org/show_bug.cgi?id=69205
40573 Reviewed by Gavin Barraclough.
40575 If there are unboxed integers and cells in register file (e.g. by SetLocal),
40576 they must be reboxed before exiting from the speculative DFG JIT execution.
40577 This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new
40578 ValueRecoveryTechnique (AlreadyInRegisterFileAsCell).
40580 * dfg/DFGJITCompiler32_64.cpp:
40581 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
40582 * dfg/DFGSpeculativeJIT.cpp:
40583 (JSC::DFG::ValueSource::dump):
40584 (JSC::DFG::ValueRecovery::dump):
40585 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
40586 * dfg/DFGSpeculativeJIT.h:
40587 (JSC::DFG::ValueSource::forPrediction):
40588 (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell):
40590 2011-10-01 Sheriff Bot <webkit.review.bot@gmail.com>
40592 Unreviewed, rolling out r96421.
40593 http://trac.webkit.org/changeset/96421
40594 https://bugs.webkit.org/show_bug.cgi?id=69206
40596 It broke Qt-WK2 build (Requested by ossy on #webkit).
40598 * JavaScriptCore.pri:
40599 * wtf/qt/UtilsQt.h: Removed.
40602 2011-09-30 Daniel Bates <dbates@webkit.org>
40604 Attempt to fix the Apple Windows and WinCairo Debug builds after
40605 <http://trac.webkit.org/changeset/96446> (https://bugs.webkit.org/show_bug.cgi?id=69203).
40607 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Remove the symbol
40608 ?toStrictThisObject@JSObject@JSC@@UBE?AVJSValue@2@PAVExecState@2@@Z since the
40609 corresponding function, JSValue::toStrictThisObject(), was removed.
40611 2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
40613 DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
40614 https://bugs.webkit.org/show_bug.cgi?id=69126
40616 Reviewed by Gavin Barraclough.
40618 The setupResults routine has the bug of reversing the source and destination.
40619 Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
40621 * dfg/DFGJITCodeGenerator.h:
40622 (JSC::DFG::setupTwoStubArgs):
40623 (JSC::DFG::setupResults):
40624 * dfg/DFGJITCodeGenerator32_64.cpp:
40625 (JSC::DFG::JITCodeGenerator::fillJSValue):
40626 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
40627 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
40629 2011-09-30 Gavin Barraclough <barraclough@apple.com>
40631 Remove toStrictThisObject, toThisString, toThisJSString
40632 https://bugs.webkit.org/show_bug.cgi?id=69203
40634 Rubber stamped by Sam Weinig
40636 These are no longer used.
40638 * JavaScriptCore.exp:
40639 * runtime/JSActivation.cpp:
40640 * runtime/JSActivation.h:
40641 * runtime/JSObject.cpp:
40642 * runtime/JSObject.h:
40643 * runtime/JSStaticScopeObject.cpp:
40644 * runtime/JSStaticScopeObject.h:
40645 * runtime/JSValue.h:
40646 * runtime/StrictEvalActivation.cpp:
40647 * runtime/StrictEvalActivation.h:
40649 2011-09-30 Filip Pizlo <fpizlo@apple.com>
40651 DFG does not speculate aggressively enough on put_by_id
40652 https://bugs.webkit.org/show_bug.cgi?id=69114
40654 Reviewed by Oliver Hunt.
40656 This adds new nodes along with optimizations for those nodes:
40658 GetPropertyStorage: CheckStructure used to do both the structure
40659 check and retrieve the storage pointer. Now CheckStructure just
40660 checks the structure, and GetPropertyStorage retrieves the
40663 PutStructure: Changes the structure, and has the expected store
40664 to load optimization with CheckStructure.
40666 PutByOffset: Directly sets the value. Has store to load
40667 optimization with GetByOffset.
40669 * dfg/DFGByteCodeParser.cpp:
40670 (JSC::DFG::ByteCodeParser::cellConstant):
40671 (JSC::DFG::ByteCodeParser::parseBlock):
40672 * dfg/DFGGraph.cpp:
40673 (JSC::DFG::Graph::dump):
40674 * dfg/DFGJITCodeGenerator.cpp:
40675 (JSC::DFG::JITCodeGenerator::writeBarrier):
40676 * dfg/DFGJITCodeGenerator.h:
40678 (JSC::DFG::Node::hasStructure):
40679 (JSC::DFG::Node::hasStorageAccessData):
40680 * dfg/DFGPropagator.cpp:
40681 (JSC::DFG::Propagator::propagateNodePredictions):
40682 (JSC::DFG::Propagator::impureCSE):
40683 (JSC::DFG::Propagator::checkStructureLoadElimination):
40684 (JSC::DFG::Propagator::getByOffsetLoadElimination):
40685 (JSC::DFG::Propagator::getPropertyStorageLoadElimination):
40686 (JSC::DFG::Propagator::eliminate):
40687 (JSC::DFG::Propagator::performNodeCSE):
40688 * dfg/DFGSpeculativeJIT32_64.cpp:
40689 (JSC::DFG::SpeculativeJIT::compile):
40690 * dfg/DFGSpeculativeJIT64.cpp:
40691 (JSC::DFG::SpeculativeJIT::compile):
40693 2011-09-30 Gavin Barraclough <barraclough@apple.com>
40695 StringRecursionChecker should not work in terms of EncodedJSValue
40696 https://bugs.webkit.org/show_bug.cgi?id=69188
40698 Reviewed by Oliver Hunt.
40700 0 is not the empty value on 32_64.
40701 Code that casts literals to EncodedJSValues may be unsafe if we change our internal representation.
40703 * runtime/ArrayPrototype.cpp:
40704 (JSC::arrayProtoFuncToString):
40705 (JSC::arrayProtoFuncToLocaleString):
40706 (JSC::arrayProtoFuncJoin):
40707 * runtime/ErrorPrototype.cpp:
40708 (JSC::errorProtoFuncToString):
40709 * runtime/RegExpPrototype.cpp:
40710 (JSC::regExpProtoFuncToString):
40711 * runtime/StringRecursionChecker.cpp:
40712 (JSC::StringRecursionChecker::throwStackOverflowError):
40713 (JSC::StringRecursionChecker::emptyString):
40714 * runtime/StringRecursionChecker.h:
40715 (JSC::StringRecursionChecker::performCheck):
40716 (JSC::StringRecursionChecker::earlyReturnValue):
40718 2011-09-30 Gavin Barraclough <barraclough@apple.com>
40720 DFG JIT, Branch on integer can always be a 32-bit compare.
40721 https://bugs.webkit.org/show_bug.cgi?id=69174
40723 Reviewed by Sam Weinig.
40725 if (shouldSpeculateInteger(node.child1()) && !isStrictInt32(node.child1())),
40726 the JSVALUE64 JIT will currently compare all 64bits in the register, but in
40727 these cases the DataFormat is always a JS boxed integer. In these cases we
40728 can just compare the low 32bits anyway - no need to check the tag.
40729 This allows the code to be unified with the JSVALUE32_64 JIT.
40731 * dfg/DFGSpeculativeJIT32_64.cpp:
40732 (JSC::DFG::SpeculativeJIT::compile):
40733 * dfg/DFGSpeculativeJIT64.cpp:
40734 (JSC::DFG::SpeculativeJIT::compile):
40736 2011-09-30 Oliver Hunt <oliver@apple.com>
40738 Need a sensible GGC policy
40740 Reviewed by Geoff Garen.
40742 This replaces the existing random collection policy
40743 with a deterministic policy based on nursery size.
40745 * heap/AllocationSpace.cpp:
40746 (JSC::AllocationSpace::allocateSlowCase):
40749 (JSC::Heap::markRoots):
40750 (JSC::Heap::collect):
40752 * heap/MarkedSpace.cpp:
40753 (JSC::MarkedSpace::MarkedSpace):
40754 (JSC::MarkedSpace::resetAllocator):
40755 * heap/MarkedSpace.h:
40756 (JSC::MarkedSpace::nurseryWaterMark):
40757 (JSC::MarkedSpace::allocate):
40759 2011-09-30 Filip Pizlo <fpizlo@apple.com>
40761 DFG 32-bit support for op_call and op_construct causes
40762 run-javascriptcore-tests to fail
40763 https://bugs.webkit.org/show_bug.cgi?id=69171
40765 Reviewed by Gavin Barraclough.
40767 This fixes one obvious bug that was causing test failures (no
40768 support for dummy slow case for op_add in 32_64), and disables
40769 op_call and op_construct by default.
40771 * dfg/DFGCapabilities.h:
40772 (JSC::DFG::canCompileOpcode):
40773 * jit/JITArithmetic32_64.cpp:
40774 (JSC::JIT::emit_op_add):
40775 (JSC::JIT::emitSlow_op_add):
40777 2011-09-30 Geoffrey Garen <ggaren@apple.com>
40779 Crash due to out of bounds read/write in MarkedSpace
40780 https://bugs.webkit.org/show_bug.cgi?id=69148
40782 This was a case of being surprised by a poorly aritulcated cell size limit,
40783 plus an incorrect ASSERT guarding the cell size limit.
40785 Reviewed by Oliver Hunt.
40787 * heap/MarkedSpace.h:
40788 (JSC::MarkedSpace::sizeClassFor): Changed heap size ranges to be inclusive,
40789 since it makes the ranges easier to understand.
40791 Bumped up the max cell size to support the use case in this bug. Since the
40792 atomSize is much bigger than it used to be, there isn't much accounting
40793 cost to handling more size classes.
40795 Switched to FixedArray, to help catch SizeClass indexing bugs in the future.
40797 * heap/MarkedSpace.cpp:
40798 (JSC::MarkedSpace::MarkedSpace):
40799 (JSC::MarkedSpace::resetAllocator):
40800 (JSC::MarkedSpace::canonicalizeCellLivenessData): Updated for size ranges
40803 2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
40805 [Qt] Build fix: Qt::escape is deprecated in Qt5
40806 https://bugs.webkit.org/show_bug.cgi?id=69162
40808 Use QString::toHtmlEscaped in the Qt5 case.
40810 Reviewed by Andreas Kling.
40812 * JavaScriptCore.pri:
40813 * wtf/qt/UtilsQt.h: Added.
40817 2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
40819 Fix bug in getHostCallReturnValue of DFG JIT on X86
40820 https://bugs.webkit.org/show_bug.cgi?id=69133
40822 Reviewed by Gavin Barraclough.
40824 We need to insert the additional argument in the stack slot before
40825 return address instead of simply pushing it afterwards.
40826 Also getHostCallReturnValue* should be attributed as stdcall
40827 to make the stack cleaned up by the callee.
40829 * dfg/DFGOperations.cpp:
40831 2011-09-30 Pierre Rossi <pierre.rossi@gmail.com>
40833 [Qt] wtf header files are unknown to Qt Creator
40834 https://bugs.webkit.org/show_bug.cgi?id=69158
40836 Adding the HEADERS variable in wtf.pri so that
40837 the header files can be accessed easily.
40839 Reviewed by Andreas Kling.
40843 2011-09-30 Gavin Barraclough <barraclough@apple.com>
40845 Merge some more of DFGSpeculativeJIT 32_64/64
40846 https://bugs.webkit.org/show_bug.cgi?id=69164
40848 Reviewed by Oliver Hunt.
40850 * dfg/DFGJITCodeGenerator.h:
40851 * dfg/DFGJITCodeGenerator32_64.cpp:
40852 * dfg/DFGJITCodeGenerator64.cpp:
40853 * dfg/DFGSpeculativeJIT.cpp:
40854 (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
40855 * dfg/DFGSpeculativeJIT.h:
40856 * dfg/DFGSpeculativeJIT32_64.cpp:
40857 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
40858 (JSC::DFG::SpeculativeJIT::compare):
40859 (JSC::DFG::SpeculativeJIT::compileValueAdd):
40860 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
40861 (JSC::DFG::SpeculativeJIT::compile):
40862 * dfg/DFGSpeculativeJIT64.cpp:
40863 (JSC::DFG::SpeculativeJIT::compare):
40864 (JSC::DFG::SpeculativeJIT::compileValueAdd):
40865 (JSC::DFG::SpeculativeJIT::compileLogicalNot):
40866 (JSC::DFG::SpeculativeJIT::compile):
40868 2011-09-30 Mark Hahnenberg <mhahnenberg@apple.com>
40870 Add getCallData to MethodTable in ClassInfo
40871 https://bugs.webkit.org/show_bug.cgi?id=69024
40873 Reviewed by Sam Weinig.
40875 * JavaScriptCore.exp:
40876 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
40878 Added the getCallData to the MethodTable in the ClassInfo struct.
40879 * runtime/ClassInfo.h:
40881 2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
40883 Add op_call/op_constructor support to JSVALUE32_64 DFG JIT
40884 https://bugs.webkit.org/show_bug.cgi?id=69120
40886 Reviewed by Gavin Barraclough.
40888 Improve the coverage of JSVALUE32_64 DFG JIT.
40890 * dfg/DFGByteCodeParser.cpp:
40891 (JSC::DFG::ByteCodeParser::parseBlock):
40892 * dfg/DFGCapabilities.h:
40893 (JSC::DFG::canCompileOpcode):
40894 * dfg/DFGJITCodeGenerator.h:
40895 (JSC::DFG::tagOfCallData):
40896 (JSC::DFG::payloadOfCallData):
40897 * dfg/DFGJITCodeGenerator32_64.cpp:
40898 (JSC::DFG::JITCodeGenerator::emitCall):
40900 2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
40902 DFG JIT - register not unlocked after usage in ArithDiv
40903 https://bugs.webkit.org/show_bug.cgi?id=69122
40905 Reviewed by Geoffrey Garen.
40907 Some allocated register is not unlocked after the usage in ArithDiv.
40908 Also there's a typo in "ENBALE_DFG_CONSISTENTCY_CHECK".
40911 * dfg/DFGSpeculativeJIT32_64.cpp:
40912 (JSC::DFG::SpeculativeJIT::compile):
40913 * dfg/DFGSpeculativeJIT64.cpp:
40914 (JSC::DFG::SpeculativeJIT::compile):
40916 2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
40918 De-virtualize JSCell::toObject
40919 https://bugs.webkit.org/show_bug.cgi?id=68937
40921 Reviewed by Darin Adler.
40923 * JavaScriptCore.exp:
40924 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
40926 De-virtualized JSCell::toObject and changed its implementation to manually check the
40927 cases for JSString and JSObject rather than leaving it up to the virtual method call.
40928 * runtime/JSCell.cpp:
40929 (JSC::JSCell::toObject):
40930 * runtime/JSCell.h:
40932 Removed JSNotAnObject::toObject because the case for JSObject works for it.
40933 Also removed JSObject::toObject because it was essentially the identity function,
40934 which is not necessary since toObject is no longer virtual.
40935 * runtime/JSNotAnObject.cpp:
40936 * runtime/JSNotAnObject.h:
40937 * runtime/JSObject.cpp:
40938 * runtime/JSObject.h:
40940 De-virtualized JSObject::toObject and JSString::toObject.
40941 * runtime/JSString.h:
40943 2011-09-29 Gavin Barraclough <barraclough@apple.com>
40945 Start refactoring DFGSpeculativeJIT
40946 https://bugs.webkit.org/show_bug.cgi?id=69112
40948 Reviewed by Oliver Hunt.
40950 Again, move JSVALUE64 code into a DFJSpeculativeJIT64.cpp
40952 * JavaScriptCore.xcodeproj/project.pbxproj:
40953 * dfg/DFGSpeculativeJIT.cpp:
40954 (JSC::DFG::ValueSource::dump):
40955 (JSC::DFG::ValueRecovery::dump):
40956 (JSC::DFG::OSRExit::OSRExit):
40957 (JSC::DFG::OSRExit::dump):
40958 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
40959 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
40960 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
40961 (JSC::DFG::SpeculativeJIT::compile):
40962 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
40963 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
40964 * dfg/DFGSpeculativeJIT.h:
40965 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
40966 * dfg/DFGSpeculativeJIT32_64.cpp:
40967 (JSC::DFG::SpeculativeJIT::compare):
40968 * dfg/DFGSpeculativeJIT64.cpp: Copied from Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp.
40969 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
40970 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
40971 (JSC::DFG::SpeculativeJIT::compile):
40973 2011-09-29 Gavin Barraclough <barraclough@apple.com>
40975 Refactor out trivially duplicated code in DFGJITCodeGenerator.
40976 https://bugs.webkit.org/show_bug.cgi?id=69109
40978 Reviewed by Oliver Hunt.
40980 Some code is trivially redundant between DFGJITCodeGenerator.cpp & DFGJITCodeGenerator32_64.cpp
40982 Basically move a JSVALUE64 specific code into a new DFGJITCodeGenerator64.cpp, leave common code
40983 in DFGJITCodeGenerator.cpp, and remove copies from DFGJITCodeGenerator32_64.cpp.
40985 For some function differences are trivial & make more sense to ifdef individually, and some
40986 Operand methods make more sense left in DFGJITCodeGenerator.cpp alongside similar constructors.
40988 * JavaScriptCore.xcodeproj/project.pbxproj:
40989 * dfg/DFGJITCodeGenerator.cpp:
40990 (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
40991 (JSC::DFG::JITCodeGenerator::isKnownBoolean):
40992 (JSC::DFG::JITCodeGenerator::writeBarrier):
40993 (JSC::DFG::JITCodeGenerator::dump):
40994 (JSC::DFG::JITCodeGenerator::checkConsistency):
40995 (JSC::DFG::GPRTemporary::GPRTemporary):
40996 (JSC::DFG::FPRTemporary::FPRTemporary):
40997 * dfg/DFGJITCodeGenerator32_64.cpp:
40998 * dfg/DFGJITCodeGenerator64.cpp: Copied from Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp.
40999 * dfg/DFGJITCompiler.h:
41000 (JSC::DFG::JITCompiler::branchIfNotCell):
41001 * dfg/DFGJITCompilerInlineMethods.h:
41003 2011-09-28 Filip Pizlo <fpizlo@apple.com>
41005 DFG JIT should infer which uses of a variable are not aliased
41006 https://bugs.webkit.org/show_bug.cgi?id=68593
41008 Reviewed by Oliver Hunt.
41010 This separates how a variable is stored (i.e. its virtual register)
41011 from how it's predicted. Each variable now takes a
41012 VariableAccessData as its operand, instead of the virtual register.
41013 The VariableAccessData stores the operand and the prediction. If
41014 multiple uses of a variable are aliased, their VariableAccessDatas
41017 This also adds tracking of which argument values are used. It
41018 correctly observes that an argument value is not used, if the
41019 argument is assigned to inside the function before being used.
41021 This also adds tracking of which variables are live at the head of
41022 a basic block, and separates that from a variable being live at the
41025 Finally, this communicates to both OSR entry and OSR exit code how
41026 a variable is predicted at a particular point in the code, rather
41027 than just communicating how it was predicted in the entire code
41028 block (since with this patch there is no longer the notion of a
41029 variable having just one prediction for a code block).
41031 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
41032 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
41033 * JavaScriptCore.xcodeproj/project.pbxproj:
41034 * bytecode/ActionablePrediction.h: Added.
41035 (JSC::actionablePredictionFromPredictedType):
41036 (JSC::valueObeysPrediction):
41037 (JSC::actionablePredictionToString):
41038 (JSC::ActionablePredictions::ActionablePredictions):
41039 (JSC::ActionablePredictions::setArgument):
41040 (JSC::ActionablePredictions::argument):
41041 (JSC::ActionablePredictions::setVariable):
41042 (JSC::ActionablePredictions::variable):
41043 (JSC::ActionablePredictions::argumentUpperBound):
41044 (JSC::ActionablePredictions::variableUpperBound):
41045 (JSC::ActionablePredictions::pack):
41046 (JSC::ActionablePredictions::packVector):
41047 * bytecode/CodeBlock.h:
41048 * bytecode/PredictionTracker.h:
41049 * dfg/DFGByteCodeParser.cpp:
41050 (JSC::DFG::ByteCodeParser::newVariableAccessData):
41051 (JSC::DFG::ByteCodeParser::getLocal):
41052 (JSC::DFG::ByteCodeParser::setLocal):
41053 (JSC::DFG::ByteCodeParser::getArgument):
41054 (JSC::DFG::ByteCodeParser::setArgument):
41055 (JSC::DFG::ByteCodeParser::parseBlock):
41056 (JSC::DFG::ByteCodeParser::processPhiStack):
41057 (JSC::DFG::ByteCodeParser::parse):
41058 * dfg/DFGDriver.cpp:
41059 (JSC::DFG::compile):
41060 * dfg/DFGGraph.cpp:
41061 (JSC::DFG::Graph::nameOfVariableAccessData):
41062 (JSC::DFG::Graph::dump):
41063 (JSC::DFG::Graph::predictArgumentTypes):
41065 (JSC::DFG::operandIsArgument):
41066 (JSC::DFG::VariableRecord::setFirstTime):
41067 (JSC::DFG::BasicBlock::BasicBlock):
41068 (JSC::DFG::Graph::predict):
41069 (JSC::DFG::Graph::getPrediction):
41070 * dfg/DFGJITCompiler.h:
41071 (JSC::DFG::JITCompiler::noticeOSREntry):
41073 (JSC::DFG::Node::hasVariableAccessData):
41074 (JSC::DFG::Node::hasLocal):
41075 (JSC::DFG::Node::variableAccessData):
41076 (JSC::DFG::Node::local):
41077 * dfg/DFGOSREntry.cpp:
41078 (JSC::DFG::prepareOSREntry):
41079 * dfg/DFGOSREntry.h:
41080 * dfg/DFGPropagator.cpp:
41081 (JSC::DFG::Propagator::propagateNodePredictions):
41082 * dfg/DFGSpeculativeJIT.cpp:
41083 (JSC::DFG::ValueSource::dump):
41084 (JSC::DFG::OSRExit::OSRExit):
41085 (JSC::DFG::SpeculativeJIT::compile):
41086 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
41087 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
41088 * dfg/DFGSpeculativeJIT.h:
41089 (JSC::DFG::ValueSource::ValueSource):
41090 (JSC::DFG::ValueSource::forPrediction):
41091 (JSC::DFG::ValueSource::isSet):
41092 (JSC::DFG::ValueSource::kind):
41093 (JSC::DFG::ValueSource::nodeIndex):
41094 (JSC::DFG::ValueSource::nodeIndexFromKind):
41095 (JSC::DFG::ValueSource::kindFromNodeIndex):
41096 (JSC::DFG::SpeculativeJIT::isKnownArray):
41097 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
41098 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
41099 * dfg/DFGSpeculativeJIT32_64.cpp:
41100 (JSC::DFG::OSRExit::OSRExit):
41101 (JSC::DFG::SpeculativeJIT::compile):
41102 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
41103 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
41104 * wtf/PackedIntVector.h: Added.
41105 (WTF::PackedIntVector::PackedIntVector):
41106 (WTF::PackedIntVector::operator=):
41107 (WTF::PackedIntVector::size):
41108 (WTF::PackedIntVector::ensureSize):
41109 (WTF::PackedIntVector::resize):
41110 (WTF::PackedIntVector::clearAll):
41111 (WTF::PackedIntVector::get):
41112 (WTF::PackedIntVector::set):
41113 (WTF::PackedIntVector::mask):
41115 * wtf/UnionFind.h: Added.
41116 (WTF::UnionFind::UnionFind):
41117 (WTF::UnionFind::find):
41118 (WTF::UnionFind::unify):
41120 2011-09-29 Oliver Hunt <oliver@apple.com>
41124 * heap/AllocationSpace.h:
41126 2011-09-29 Oliver Hunt <oliver@apple.com>
41128 Add logic to collect dirty objects as roots
41129 https://bugs.webkit.org/show_bug.cgi?id=69100
41131 Reviewed by Geoff Garen.
41133 This gives us the ability to walk all the MarkedBlocks in an
41134 AllocationSpace and collect the dirty objects, and then use
41137 I also rearranged the order of these instructions because it
41138 makes them smaller on some platforms with some card sizes.
41140 * dfg/DFGJITCodeGenerator.cpp:
41141 (JSC::DFG::JITCodeGenerator::markCellCard):
41142 * dfg/DFGJITCodeGenerator32_64.cpp:
41143 (JSC::DFG::JITCodeGenerator::markCellCard):
41144 * heap/AllocationSpace.cpp:
41145 Tidy up the write barrier logic a bit.
41146 (JSC::MarkedBlock::gatherDirtyObjects):
41147 (JSC::TakeIfDirty::returnValue):
41148 (JSC::TakeIfDirty::TakeIfDirty):
41149 (JSC::TakeIfDirty::operator()):
41150 (JSC::AllocationSpace::gatherDirtyObjects):
41151 * heap/AllocationSpace.h:
41153 (JSC::::isCardMarked):
41154 (JSC::::clearCard):
41156 (JSC::Heap::markRoots):
41158 (JSC::Heap::writeBarrier):
41159 * heap/MarkStack.cpp:
41160 (JSC::SlotVisitor::visitChildren):
41161 * heap/MarkedBlock.h:
41162 (JSC::MarkedBlock::setDirtyObject):
41163 (JSC::MarkedBlock::addressOfCardFor):
41164 * heap/SlotVisitor.h:
41165 * jit/JITPropertyAccess.cpp:
41166 (JSC::JIT::emitWriteBarrier):
41167 Tidy the write barrier a bit.
41169 2011-09-29 Gavin Barraclough <barraclough@apple.com>
41171 Unreviewed windows build fix.
41173 * assembler/MacroAssemblerCodeRef.h:
41174 * dfg/DFGOperations.h:
41176 2011-09-29 Filip Pizlo <fpizlo@apple.com>
41178 Structure transitions involving many (> 64) properties sometimes cause structure corruption
41179 https://bugs.webkit.org/show_bug.cgi?id=69102
41181 Reviewed by Darin Adler.
41183 Made m_offset an int instead of a signed char. Changed the code to ensure that transitions
41184 don't lead to the dictionary kind being forgotten.
41186 * runtime/Structure.cpp:
41187 (JSC::Structure::Structure):
41188 * runtime/Structure.h:
41190 2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
41192 DFG operation calls should be stdcall in Linux JSVALUE32_64 DFG JIT
41193 https://bugs.webkit.org/show_bug.cgi?id=69058
41195 Reviewed by Gavin Barraclough.
41197 Also Fixed the stdcall FunctionPtr constructors to make them compiled correctly on Linux
41199 * assembler/MacroAssemblerCodeRef.h:
41200 (JSC::FunctionPtr::FunctionPtr):
41202 2011-09-29 Mark Hahnenberg <mhahnenberg@apple.com>
41204 De-virtualize JSCell::visitChildrenVirtual and remove all other visitChildrenVirtual methods
41205 https://bugs.webkit.org/show_bug.cgi?id=68839
41207 Reviewed by Geoffrey Garen.
41209 Removed the remaining visitChildrenVirtual methods. This patch completes the process of
41210 de-virtualizing visitChildren.
41212 * API/JSCallbackObject.h:
41213 * JavaScriptCore.exp:
41214 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
41215 * debugger/DebuggerActivation.cpp:
41216 * debugger/DebuggerActivation.h:
41217 * runtime/Arguments.cpp:
41218 * runtime/Arguments.h:
41219 * runtime/Executable.cpp:
41220 * runtime/Executable.h:
41221 * runtime/GetterSetter.cpp:
41222 * runtime/GetterSetter.h:
41223 * runtime/JSActivation.cpp:
41224 * runtime/JSActivation.h:
41225 * runtime/JSArray.cpp:
41226 * runtime/JSArray.h:
41227 * runtime/JSFunction.cpp:
41228 * runtime/JSFunction.h:
41229 * runtime/JSGlobalObject.cpp:
41230 * runtime/JSGlobalObject.h:
41231 * runtime/JSObject.cpp:
41232 * runtime/JSPropertyNameIterator.cpp:
41233 * runtime/JSPropertyNameIterator.h:
41234 * runtime/JSStaticScopeObject.cpp:
41235 * runtime/JSStaticScopeObject.h:
41236 * runtime/JSValue.h:
41237 * runtime/NativeErrorConstructor.cpp:
41238 * runtime/NativeErrorConstructor.h:
41239 * runtime/RegExpObject.cpp:
41240 * runtime/RegExpObject.h:
41241 * runtime/Structure.cpp:
41242 * runtime/Structure.h:
41243 * runtime/StructureChain.cpp:
41244 * runtime/StructureChain.h:
41246 Inlined the method table access and call to the visitChildren function (the only call sites
41247 to visitChildren are here).
41248 * heap/MarkStack.cpp:
41249 (JSC::SlotVisitor::visitChildren):
41251 Changed the field name for the visitChildren function pointer to visitChildren (from
41252 visitChildrenFunctionPtr) to make call sites less verbose.
41253 * runtime/ClassInfo.h:
41255 Discovered JSBoundFunction doesn't have its own ClassInfo (it used JSFunction's ClassInfo) but
41256 overrides visitChildren, so it needs to have its own ClassInfo.
41257 * runtime/JSBoundFunction.cpp:
41258 * runtime/JSBoundFunction.h:
41260 Had to move className up to make sure that the virtual destructor in JSObject wasn't
41261 the first non-inline virtual method in JSObject (as per the comment in the file).
41262 Also moved JSCell::visitChildrenVirtual into JSObject.h in order for it be inline-able
41263 to mitigate the cost of an extra method call.
41265 Also added a convenience accessor function methodTable() to JSCell to return the MethodTable to make
41266 call sites more concise. Implementation is inline in JSObject.h.
41267 * runtime/JSObject.h:
41268 (JSC::JSCell::methodTable):
41269 * runtime/JSCell.h:
41271 Added an out of line virtual destructor to JSWrapperObject and ScopeChainNode to
41272 appease the vtable gods. It refused to compile if there were no virtual methods in
41273 both of these classes due to the presence of a weak vtable pointer.
41274 * runtime/JSWrapperObject.cpp:
41275 (JSC::JSWrapperObject::~JSWrapperObject):
41276 * runtime/JSWrapperObject.h:
41277 * runtime/ScopeChain.cpp:
41278 (JSC::ScopeChainNode::~ScopeChainNode):
41279 * runtime/ScopeChain.h:
41281 2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
41283 Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
41284 https://bugs.webkit.org/show_bug.cgi?id=69075
41286 Reviewed by Gavin Barraclough.
41288 * dfg/DFGSpeculativeJIT32_64.cpp:
41289 (JSC::DFG::SpeculativeJIT::compile):
41291 2011-09-29 Yuqiang Xian <yuqiang.xian@intel.com>
41293 JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
41294 https://bugs.webkit.org/show_bug.cgi?id=69054
41296 Reviewed by Gavin Barraclough.
41298 size_t is equal to uint32_t on most 32-bit platforms, except for Mac OS.
41302 2011-09-28 Filip Pizlo <fpizlo@apple.com>
41304 DFG checkArgumentTypes fails to check boolean predictions
41305 https://bugs.webkit.org/show_bug.cgi?id=69059
41307 Reviewed by Gavin Barraclough.
41309 * dfg/DFGSpeculativeJIT.cpp:
41310 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
41311 * dfg/DFGSpeculativeJIT32_64.cpp:
41312 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
41314 2011-09-28 Gavin Barraclough <barraclough@apple.com>
41316 Build fix pt 2 for r96286.
41318 * assembler/MacroAssemblerCodeRef.h:
41320 2011-09-28 Ryosuke Niwa <rniwa@webkit.org>
41322 Build fix attempt for r96286.
41324 * assembler/MacroAssemblerCodeRef.h:
41326 2011-09-28 Gavin Barraclough <barraclough@apple.com>
41328 DFG JIT Operations on 32_64 should use stdcall calling convention.
41329 https://bugs.webkit.org/show_bug.cgi?id=69046
41331 Reviewed by Sam Weinig.
41333 All calls out are expecting stdcall conventions, but the default on OS X are cdecl.
41334 Leave D_DFGOperation_DD calls as the one exception, since we want to be able to link
41335 directly to std library functions like fmod - leave these calls obeying the default
41336 platform calling convention.
41338 * assembler/MacroAssemblerCodeRef.h:
41339 (JSC::FunctionPtr::FunctionPtr):
41340 - Add implicit constructors for std calls.
41341 * dfg/DFGJITCodeGenerator.h:
41342 (JSC::DFG::callOperation):
41343 - Make this work non-Mac platforms.
41344 * dfg/DFGOperations.cpp:
41345 (JSC::DFG::operationPutByValInternal):
41346 * dfg/DFGOperations.h:
41347 - Mark all operations as stdcalls.
41349 2011-09-28 Filip Pizlo <fpizlo@apple.com>
41351 DFG JIT falls back on numerical comparisons when it does not
41352 recognize a prediction
41353 https://bugs.webkit.org/show_bug.cgi?id=68977
41355 Reviewed by Geoffrey Garen.
41357 This fixes both the way comparison implementations are selected. It
41358 also fixes a bug where comparisons other than equality (like < or >)
41359 on objects are compiled as if the comparison was equality.
41361 * dfg/DFGSpeculativeJIT.cpp:
41362 (JSC::DFG::SpeculativeJIT::compare):
41364 2011-09-28 Gavin Barraclough <barraclough@apple.com>
41366 Implement callOperation(D_DFGOperation_DD) for DFG JIT 32_64
41367 https://bugs.webkit.org/show_bug.cgi?id=69026
41369 Reviewed by Sam Weinig.
41371 * assembler/X86Assembler.h:
41372 (JSC::X86Assembler::fstpl):
41373 * dfg/DFGJITCodeGenerator.h:
41374 (JSC::DFG::callOperation):
41376 2011-09-28 Gavin Barraclough <barraclough@apple.com>
41378 Merge bug#68580, bug#68932 for DFG JIT with JSVALUE32_64
41379 https://bugs.webkit.org/show_bug.cgi?id=69017
41381 Reviewed by Oliver Hunt.
41383 * dfg/DFGJITCodeGenerator.h:
41384 (JSC::DFG::callOperation):
41385 * dfg/DFGOperations.cpp:
41386 * dfg/DFGSpeculativeJIT.cpp:
41387 (JSC::DFG::SpeculativeJIT::compile):
41388 * dfg/DFGSpeculativeJIT32_64.cpp:
41389 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
41390 (JSC::DFG::SpeculativeJIT::compile):
41392 2011-09-28 Gavin Barraclough <barraclough@apple.com>
41394 https://bugs.webkit.org/show_bug.cgi?id=64679
41395 Fix bugs in Array.prototype this handling.
41397 Reviewed by Oliver Hunt.
41399 * runtime/ArrayPrototype.cpp:
41400 (JSC::arrayProtoFuncJoin):
41401 (JSC::arrayProtoFuncConcat):
41402 (JSC::arrayProtoFuncPop):
41403 (JSC::arrayProtoFuncPush):
41404 (JSC::arrayProtoFuncReverse):
41405 (JSC::arrayProtoFuncShift):
41406 (JSC::arrayProtoFuncSlice):
41407 (JSC::arrayProtoFuncSort):
41408 (JSC::arrayProtoFuncSplice):
41409 (JSC::arrayProtoFuncUnShift):
41410 (JSC::arrayProtoFuncFilter):
41411 (JSC::arrayProtoFuncMap):
41412 (JSC::arrayProtoFuncEvery):
41413 (JSC::arrayProtoFuncForEach):
41414 (JSC::arrayProtoFuncSome):
41415 (JSC::arrayProtoFuncReduce):
41416 (JSC::arrayProtoFuncReduceRight):
41417 (JSC::arrayProtoFuncIndexOf):
41418 (JSC::arrayProtoFuncLastIndexOf):
41419 - These methods should throw if this value is undefined.
41421 2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
41423 Value profiling in baseline JIT for JSVALUE32_64
41424 https://bugs.webkit.org/show_bug.cgi?id=68750
41426 Reviewed by Geoff Garen.
41428 * jit/JITArithmetic32_64.cpp:
41429 (JSC::JIT::emit_op_mul):
41430 (JSC::JIT::emit_op_div):
41431 * jit/JITCall32_64.cpp:
41432 (JSC::JIT::emit_op_call_put_result):
41433 * jit/JITOpcodes32_64.cpp:
41434 (JSC::JIT::emit_op_resolve):
41435 (JSC::JIT::emit_op_resolve_base):
41436 (JSC::JIT::emit_op_resolve_skip):
41437 (JSC::JIT::emit_op_resolve_global):
41438 (JSC::JIT::emitSlow_op_resolve_global):
41439 (JSC::JIT::emit_op_resolve_with_base):
41440 (JSC::JIT::emit_op_resolve_with_this):
41441 * jit/JITPropertyAccess32_64.cpp:
41442 (JSC::JIT::emit_op_method_check):
41443 (JSC::JIT::emit_op_get_by_val):
41444 (JSC::JIT::emitSlow_op_get_by_val):
41445 (JSC::JIT::emit_op_get_by_id):
41446 (JSC::JIT::emitSlow_op_get_by_id):
41447 (JSC::JIT::emit_op_get_scoped_var):
41448 (JSC::JIT::emit_op_get_global_var):
41449 * jit/JITStubCall.h:
41450 (JSC::JITStubCall::callWithValueProfiling):
41452 2011-09-28 Yuqiang Xian <yuqiang.xian@intel.com>
41454 Wrong integer checks in JSVALUE32_64 DFG JIT
41455 https://bugs.webkit.org/show_bug.cgi?id=68985
41457 Reviewed by Geoffrey Garen.
41459 * dfg/DFGJITCodeGenerator32_64.cpp:
41460 (JSC::DFG::JITCodeGenerator::fillDouble):
41461 * dfg/DFGSpeculativeJIT32_64.cpp:
41462 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
41464 2011-09-28 Adam Barth <abarth@webkit.org>
41466 Remove empty directories.
41468 * wtf/brew: Removed.
41469 * wtf/unicode/brew: Removed.
41471 2011-09-27 Filip Pizlo <fpizlo@apple.com>
41473 DFG JIT cannot compile op_new_object, op_new_array,
41474 op_new_array_buffer, or op_new_regexp
41475 https://bugs.webkit.org/show_bug.cgi?id=68580
41477 Reviewed by Oliver Hunt.
41479 This implements all four opcodes, but has op_new_regexp turns off
41480 by default because it unveils some bad speculation logic when
41481 compiling string-validate-input.
41483 With op_new_regexp turned off, this is a 5% win on Kraken and a
41484 0.7% speed-up on V8. Neutral on SunSpider.
41486 * dfg/DFGByteCodeParser.cpp:
41487 (JSC::DFG::ByteCodeParser::parseBlock):
41488 * dfg/DFGCapabilities.h:
41489 (JSC::DFG::canCompileOpcode):
41490 * dfg/DFGJITCodeGenerator.h:
41491 (JSC::DFG::callOperation):
41493 (JSC::DFG::Node::hasConstantBuffer):
41494 (JSC::DFG::Node::startConstant):
41495 (JSC::DFG::Node::numConstants):
41496 (JSC::DFG::Node::hasRegexpIndex):
41497 (JSC::DFG::Node::regexpIndex):
41498 * dfg/DFGOperations.cpp:
41499 * dfg/DFGOperations.h:
41500 * dfg/DFGPropagator.cpp:
41501 (JSC::DFG::Propagator::propagateNodePredictions):
41502 * dfg/DFGSpeculativeJIT.cpp:
41503 (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
41504 (JSC::DFG::SpeculativeJIT::compile):
41505 * dfg/DFGSpeculativeJIT.h:
41506 (JSC::DFG::SpeculativeJIT::isKnownArray):
41508 2011-09-27 Filip Pizlo <fpizlo@apple.com>
41510 DFG JIT should speculate more aggressively on reads of array.length
41511 https://bugs.webkit.org/show_bug.cgi?id=68932
41513 Reviewed by Oliver Hunt.
41515 This is a 2% speed-up on Kraken, neutral elsewhere.
41518 * dfg/DFGPropagator.cpp:
41519 (JSC::DFG::Propagator::propagateNodePredictions):
41520 (JSC::DFG::Propagator::fixupNode):
41521 (JSC::DFG::Propagator::performNodeCSE):
41522 * dfg/DFGSpeculativeJIT.cpp:
41523 (JSC::DFG::SpeculativeJIT::compile):
41525 2011-09-27 Gavin Barraclough <barraclough@apple.com>
41527 DFG JIT - merge changes between 95905 - 96175
41528 https://bugs.webkit.org/show_bug.cgi?id=68963
41530 Reviewed by Sam Weinig.
41532 Merge missing changes from bug#68677, bug#68784, bug#68785.
41534 * dfg/DFGJITCompiler32_64.cpp:
41535 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
41536 (JSC::DFG::JITCompiler::compileEntry):
41537 (JSC::DFG::JITCompiler::compileBody):
41538 * dfg/DFGSpeculativeJIT32_64.cpp:
41539 (JSC::DFG::SpeculativeJIT::compile):
41541 2011-09-27 Gavin Barraclough <barraclough@apple.com>
41543 Get JSVALUE32_64 DFG JIT building on OS X.
41544 https://bugs.webkit.org/show_bug.cgi?id=68961
41546 Reviewed by Geoff Garen.
41548 * Merge bug #68763 (DFG JIT should not eagerly initialize integer tags in the register file).
41549 * Forward-declare functions in DFGOperations.cpp
41550 * UNUSED_PARAM for unused arguments
41551 * NO_RETURN for unimplemented function that ASSERT_NOT_REACHED
41552 * Fix argument types handled by OpInfo constructor.
41553 * Use SYMBOL_STRING instead of STRINGIZE for asm symbols.
41554 * Add files to Xcode project.
41556 2011-09-27 Yuqiang Xian <yuqiang.xian@intel.com>
41558 Bug fixes for GetById, PutById, and GetByOffset in JSVALUE32_64 DFG JIT
41559 https://bugs.webkit.org/show_bug.cgi?id=68755
41561 Reviewed by Gavin Barraclough.
41563 We need to load/store and repatch both tag and payload of a property
41564 for GetById/PutById. Also reorder the loads of tag and payload for
41565 GetByOffset as the result tag GPR could reuse the storage GPR.
41567 * bytecode/StructureStubInfo.h:
41568 * dfg/DFGJITCodeGenerator32_64.cpp:
41569 (JSC::DFG::JITCodeGenerator::cachedGetById):
41570 (JSC::DFG::JITCodeGenerator::cachedPutById):
41571 * dfg/DFGJITCompiler.h:
41572 (JSC::DFG::JITCompiler::addPropertyAccess):
41573 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
41574 * dfg/DFGJITCompiler32_64.cpp:
41575 (JSC::DFG::JITCompiler::link):
41576 * dfg/DFGRepatch.cpp:
41577 (JSC::DFG::dfgRepatchByIdSelfAccess):
41578 * dfg/DFGSpeculativeJIT32_64.cpp:
41579 (JSC::DFG::SpeculativeJIT::compile):
41581 2011-09-24 Gavin Barraclough <barraclough@apple.com>
41583 Macro assembler branch8 & 16 methods vary in treatment of upper bits
41584 https://bugs.webkit.org/show_bug.cgi?id=68301
41586 Reviewed by Sam Weinig.
41588 Fix for branch16 - remove it!
41589 No performance impact.
41591 * assembler/MacroAssembler.h:
41592 * assembler/MacroAssemblerARM.h:
41593 * assembler/MacroAssemblerARMv7.h:
41594 * assembler/MacroAssemblerMIPS.h:
41595 * assembler/MacroAssemblerSH4.h:
41596 * assembler/MacroAssemblerX86Common.h:
41597 * yarr/YarrJIT.cpp:
41598 (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
41599 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
41600 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
41601 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
41602 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
41604 2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
41606 Add static version of JSCell::getCallData
41607 https://bugs.webkit.org/show_bug.cgi?id=68741
41609 Reviewed by Darin Adler.
41611 In this patch we just extract the bodies of the virtual getCallData methods
41612 throughout the JSCell inheritance hierarchy out into static methods, which are
41613 now called from the virtual methods. This is an intermediate step in trying to
41614 move the virtual-ness of getCallData into our own method table stored in
41615 ClassInfo. We need to convert the methods to static methods because static methods
41616 can be represented as function pointers rather than pointers to member functions, and
41617 function pointers are smaller and faster to call than pointers to member functions.
41619 * API/JSCallbackFunction.cpp:
41620 (JSC::JSCallbackFunction::getCallDataVirtual):
41621 (JSC::JSCallbackFunction::getCallData):
41622 * API/JSCallbackFunction.h:
41623 * API/JSCallbackObject.h:
41624 * API/JSCallbackObjectFunctions.h:
41625 (JSC::::getCallDataVirtual):
41626 (JSC::::getCallData):
41627 * API/JSObjectRef.cpp:
41628 (JSObjectIsFunction):
41629 (JSObjectCallAsFunction):
41630 * JavaScriptCore.exp:
41631 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
41632 * interpreter/Interpreter.cpp:
41633 (JSC::Interpreter::privateExecute):
41634 * jit/JITStubs.cpp:
41635 (JSC::DEFINE_STUB_FUNCTION):
41636 * runtime/ArrayConstructor.cpp:
41637 (JSC::ArrayConstructor::getCallDataVirtual):
41638 (JSC::ArrayConstructor::getCallData):
41639 * runtime/ArrayConstructor.h:
41640 * runtime/BooleanConstructor.cpp:
41641 (JSC::BooleanConstructor::getCallDataVirtual):
41642 (JSC::BooleanConstructor::getCallData):
41643 * runtime/BooleanConstructor.h:
41644 * runtime/DateConstructor.cpp:
41645 (JSC::DateConstructor::getCallDataVirtual):
41646 (JSC::DateConstructor::getCallData):
41647 * runtime/DateConstructor.h:
41648 * runtime/Error.cpp:
41649 (JSC::StrictModeTypeErrorFunction::getCallDataVirtual):
41650 (JSC::StrictModeTypeErrorFunction::getCallData):
41651 * runtime/ErrorConstructor.cpp:
41652 (JSC::ErrorConstructor::getCallDataVirtual):
41653 (JSC::ErrorConstructor::getCallData):
41654 * runtime/ErrorConstructor.h:
41655 * runtime/FunctionConstructor.cpp:
41656 (JSC::FunctionConstructor::getCallDataVirtual):
41657 (JSC::FunctionConstructor::getCallData):
41658 * runtime/FunctionConstructor.h:
41659 * runtime/FunctionPrototype.cpp:
41660 (JSC::FunctionPrototype::getCallDataVirtual):
41661 (JSC::FunctionPrototype::getCallData):
41662 * runtime/FunctionPrototype.h:
41663 * runtime/InternalFunction.h:
41664 * runtime/JSCell.cpp:
41665 (JSC::JSCell::getCallDataVirtual):
41666 (JSC::JSCell::getCallData):
41667 * runtime/JSCell.h:
41668 (JSC::getCallData):
41669 * runtime/JSFunction.cpp:
41670 (JSC::JSFunction::getCallDataVirtual):
41671 (JSC::JSFunction::getCallData):
41672 * runtime/JSFunction.h:
41673 * runtime/JSONObject.cpp:
41674 (JSC::Stringifier::Stringifier):
41675 (JSC::Stringifier::toJSON):
41676 (JSC::Stringifier::appendStringifiedValue):
41677 * runtime/JSObject.cpp:
41678 (JSC::JSObject::put):
41679 * runtime/NativeErrorConstructor.cpp:
41680 (JSC::NativeErrorConstructor::getCallDataVirtual):
41681 (JSC::NativeErrorConstructor::getCallData):
41682 * runtime/NativeErrorConstructor.h:
41683 * runtime/NumberConstructor.cpp:
41684 (JSC::NumberConstructor::getCallDataVirtual):
41685 (JSC::NumberConstructor::getCallData):
41686 * runtime/NumberConstructor.h:
41687 * runtime/ObjectConstructor.cpp:
41688 (JSC::ObjectConstructor::getCallDataVirtual):
41689 (JSC::ObjectConstructor::getCallData):
41690 * runtime/ObjectConstructor.h:
41691 * runtime/Operations.cpp:
41692 (JSC::jsTypeStringForValue):
41693 (JSC::jsIsObjectType):
41694 (JSC::jsIsFunctionType):
41695 * runtime/PropertySlot.cpp:
41696 (JSC::PropertySlot::functionGetter):
41697 * runtime/RegExpConstructor.cpp:
41698 (JSC::RegExpConstructor::getCallDataVirtual):
41699 (JSC::RegExpConstructor::getCallData):
41700 * runtime/RegExpConstructor.h:
41701 * runtime/StringConstructor.cpp:
41702 (JSC::StringConstructor::getCallDataVirtual):
41703 (JSC::StringConstructor::getCallData):
41704 * runtime/StringConstructor.h:
41706 2011-09-27 Tim Horton <timothy_horton@apple.com>
41708 Rapidly refreshing a feMorphology[erode] with r=0 can sometimes cause display corruption
41709 https://bugs.webkit.org/show_bug.cgi?id=68816
41710 <rdar://problem/10186468>
41712 Reviewed by Simon Fraser.
41714 Add ByteArray::clear, which zeros the memory in the ByteArray.
41717 (WTF::ByteArray::clear): Added.
41719 2011-09-27 Sheriff Bot <webkit.review.bot@gmail.com>
41721 Unreviewed, rolling out r96131.
41722 http://trac.webkit.org/changeset/96131
41723 https://bugs.webkit.org/show_bug.cgi?id=68927
41725 It made 18+ tests crash on all platform (Requested by
41726 Ossy_night on #webkit).
41728 * JavaScriptCore.exp:
41729 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
41730 * interpreter/Interpreter.cpp:
41731 (JSC::Interpreter::throwException):
41732 * interpreter/Interpreter.h:
41734 (GlobalObject::finishCreation):
41736 (JSC::Parser::parse):
41737 * runtime/CommonIdentifiers.h:
41738 * runtime/Error.cpp:
41739 (JSC::addErrorInfo):
41742 2011-09-27 Mark Hahnenberg <mhahnenberg@apple.com>
41744 De-virtualize JSCell::getPrimitiveNumber
41745 https://bugs.webkit.org/show_bug.cgi?id=68851
41747 Reviewed by Darin Adler.
41749 * JavaScriptCore.exp:
41750 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
41752 Changed JSCell::getPrimitiveNumber to manually handle the dispatch for
41753 JSCells (JSObject and JSString in this case).
41754 * runtime/JSCell.cpp:
41755 (JSC::JSCell::getPrimitiveNumber):
41756 * runtime/JSCell.h:
41758 Removed JSNotAnObject::getPrimitiveNumber since its return value doesn't
41759 matter and it already implements defaultValue, so JSObject::getPrimitiveNumber
41760 can cover the case for JSNotAnObject.
41761 * runtime/JSNotAnObject.cpp:
41762 * runtime/JSNotAnObject.h:
41764 De-virtualized JSObject::getPrimitiveNumber and JSString::getPrimitiveNumber
41765 and changed them to be const. Also made JSString::getPrimitiveNumber public
41766 because it needs to be called from JSCell::getPrimitiveNumber and also since it's
41767 no longer virtual, we want people who have a more specific pointer (JSString*
41768 instead of JSCell*) to not have to pay the cost of a virtual method call.
41769 * runtime/JSObject.cpp:
41770 (JSC::JSObject::getPrimitiveNumber):
41771 * runtime/JSObject.h:
41772 * runtime/JSString.cpp:
41773 (JSC::JSString::getPrimitiveNumber):
41774 * runtime/JSString.h:
41776 2011-09-27 Juan Carlos Montemayor Elosua <j.mont@me.com>
41778 Implement Error.stack
41779 https://bugs.webkit.org/show_bug.cgi?id=66994
41781 Reviewed by Oliver Hunt.
41783 This patch utilizes topCallFrame to create a stack trace when
41784 an error is thrown. Users will also be able to use the stack()
41785 command in jsc to get arrays with stack trace information.
41787 * JavaScriptCore.exp:
41788 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
41789 * interpreter/Interpreter.cpp:
41790 (JSC::getCallerLine):
41791 (JSC::getSourceURLFromCallFrame):
41792 (JSC::getStackFrameCodeType):
41793 (JSC::Interpreter::getStackTrace):
41794 (JSC::Interpreter::throwException):
41795 * interpreter/Interpreter.h:
41796 (JSC::StackFrame::toString):
41798 (GlobalObject::finishCreation):
41799 (functionJSCStack):
41801 (JSC::Parser::parse):
41802 * runtime/CommonIdentifiers.h:
41803 * runtime/Error.cpp:
41804 (JSC::addErrorInfo):
41807 2011-09-27 Carlos Garcia Campos <cgarcia@igalia.com>
41809 [GTK] Reorganize header files
41810 https://bugs.webkit.org/show_bug.cgi?id=65616
41812 Reviewed by Martin Robinson.
41814 Install header files under $libwebkitgtkincludedir/JavaScriptCore.
41816 * GNUmakefile.am: Use $libwebkitgtkincludedir.
41817 * javascriptcoregtk.pc.in: Use webkitgtk-<api-version> as include dir.
41819 2011-09-26 Geoffrey Garen <ggaren@apple.com>
41821 REGRESSION (r95912): Conservative marking doesn't filter out pointers to
41822 MarkedBlock metadata
41823 https://bugs.webkit.org/show_bug.cgi?id=68860
41825 Reviewed by Oliver Hunt.
41827 Bencher says no performance change, maybe a 7% speedup on kraken-imaging-darkroom.
41829 * heap/MarkedBlock.h:
41830 (JSC::MarkedBlock::isAtomAligned): Renamed atomMask to atomAlignment mask
41831 because the mask doesn't produce the actual atom number.
41833 (JSC::MarkedBlock::isLiveCell): Testing just for alignment isn't good
41834 enough; we also need to test that a pointer is beyond the metadata section
41835 of a MarkedBlock, to avoid treating random metadata as a JSCell.
41837 2011-09-26 Mark Hahnenberg <mhahnenberg@apple.com>
41839 Make JSCell::toBoolean non-virtual
41840 https://bugs.webkit.org/show_bug.cgi?id=67727
41842 Reviewed by Geoffrey Garen.
41844 JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
41845 before it was simply virtual and would crash if its implementation was called).
41846 Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
41847 explicitly covers all cases of toBoolean, so having a virtual implementation of
41848 JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
41850 * JavaScriptCore.exp:
41851 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
41852 * runtime/JSCell.cpp:
41853 * runtime/JSCell.h:
41854 * runtime/JSNotAnObject.cpp:
41855 * runtime/JSNotAnObject.h:
41856 * runtime/JSObject.h:
41857 * runtime/JSString.h:
41858 (JSC::JSCell::toBoolean):
41859 (JSC::JSValue::toBoolean):
41861 2011-09-26 Chris Marrin <cmarrin@apple.com>
41863 Enable requestAnimationFrame on Windows
41864 https://bugs.webkit.org/show_bug.cgi?id=68397
41866 Reviewed by Simon Fraser.
41868 Enabled REQUEST_ANIMATION_FRAME_TIMER for Windows
41872 2011-09-26 Noel Gordon <noel.gordon@gmail.com>
41874 [Chromium] Remove DFGAliasTracker.h references from gyp project files
41875 https://bugs.webkit.org/show_bug.cgi?id=68787
41877 Reviewed by Geoffrey Garen.
41879 DFG/DFGAliasTracker.h was removed in r95389. Cleanup (remove) references
41880 to that file from the gyp project files.
41882 * JavaScriptCore.gypi:
41884 2011-09-26 Zoltan Herczeg <zherczeg@webkit.org>
41886 [Qt]REGRESSION(r95865): It made 4 tests crash
41887 https://bugs.webkit.org/show_bug.cgi?id=68780
41889 Reviewed by Oliver Hunt.
41891 emitJumpSlowCaseIfNotJSCell(...) cannot be moved
41892 away since the next load depends on it.
41894 * jit/JITPropertyAccess32_64.cpp:
41895 (JSC::JIT::emit_op_put_by_val):
41897 2011-09-25 Mark Hahnenberg <mhahnenberg@apple.com>
41899 Add custom vtable struct to ClassInfo struct
41900 https://bugs.webkit.org/show_bug.cgi?id=68567
41902 Reviewed by Oliver Hunt.
41904 Declared/defined the MethodTable struct and added it to the ClassInfo struct.
41905 Also defined the CREATE_METHOD_TABLE macro to generate these method tables
41906 succinctly where they need to be defined.
41908 Also added to it the first function to use this macro, visitChildren.
41910 This is part of the process of getting rid of all C++ virtual methods in JSCell.
41911 Eventually all virtual functions in JSCell that can't easily be converted to
41912 non-virtual functions will be put into this custom vtable structure.
41913 * runtime/ClassInfo.h:
41915 Added the CREATE_METHOD_TABLE macro call as the last argument to each of the
41916 ClassInfo structs declared in these classes. This saves us from having to visit
41917 each s_info definition in the future when we add more methods to the MethodTable.
41918 * API/JSCallbackConstructor.cpp:
41919 * API/JSCallbackFunction.cpp:
41920 * API/JSCallbackObject.cpp:
41921 * JavaScriptCore.exp:
41922 * runtime/Arguments.cpp:
41923 * runtime/ArrayConstructor.cpp:
41924 * runtime/ArrayPrototype.cpp:
41925 * runtime/BooleanObject.cpp:
41926 * runtime/BooleanPrototype.cpp:
41927 * runtime/DateConstructor.cpp:
41928 * runtime/DateInstance.cpp:
41929 * runtime/DatePrototype.cpp:
41930 * runtime/ErrorInstance.cpp:
41931 * runtime/ErrorPrototype.cpp:
41932 * runtime/ExceptionHelpers.cpp:
41933 * runtime/Executable.cpp:
41934 * runtime/GetterSetter.cpp:
41935 * runtime/InternalFunction.cpp:
41936 * runtime/JSAPIValueWrapper.cpp:
41937 * runtime/JSActivation.cpp:
41938 * runtime/JSArray.cpp:
41939 * runtime/JSByteArray.cpp:
41940 * runtime/JSFunction.cpp:
41941 * runtime/JSGlobalObject.cpp:
41942 * runtime/JSONObject.cpp:
41943 * runtime/JSObject.cpp:
41944 * runtime/JSPropertyNameIterator.cpp:
41945 * runtime/JSString.cpp:
41946 * runtime/MathObject.cpp:
41947 * runtime/NativeErrorConstructor.cpp:
41948 * runtime/NumberConstructor.cpp:
41949 * runtime/NumberObject.cpp:
41950 * runtime/NumberPrototype.cpp:
41951 * runtime/ObjectConstructor.cpp:
41952 * runtime/ObjectPrototype.cpp:
41953 * runtime/RegExp.cpp:
41954 * runtime/RegExpConstructor.cpp:
41955 * runtime/RegExpObject.cpp:
41956 * runtime/RegExpPrototype.cpp:
41957 * runtime/ScopeChain.cpp:
41958 * runtime/StringConstructor.cpp:
41959 * runtime/StringObject.cpp:
41960 * runtime/StringPrototype.cpp:
41961 * runtime/Structure.cpp:
41962 * runtime/StructureChain.cpp:
41964 Had to make visitChildren and visitChildrenVirtual protected instead of private
41965 because some of the subclasses of JSWrapperObject need access to JSWrapperObject's
41966 visitChildren function pointer in their vtable since they don't provide their own
41967 implementation. Same for RegExpObject.
41968 * runtime/JSWrapperObject.h:
41969 * runtime/RegExpObject.h:
41971 2011-09-25 Adam Barth <abarth@webkit.org>
41973 Finish removing PLATFORM(BREWMP) by removing associated code
41974 https://bugs.webkit.org/show_bug.cgi?id=68779
41976 Reviewed by Sam Weinig.
41978 * JavaScriptCore.gyp/JavaScriptCore.gyp:
41979 * JavaScriptCore.gypi:
41980 * gyp/JavaScriptCore.gyp:
41982 * wtf/FastMalloc.cpp:
41983 (WTF::fastMallocSize):
41985 * wtf/brew: Removed.
41986 * wtf/brew/MainThreadBrew.cpp: Removed.
41987 * wtf/brew/OwnPtrBrew.cpp: Removed.
41988 * wtf/brew/RefPtrBrew.h: Removed.
41989 * wtf/brew/ShellBrew.h: Removed.
41990 * wtf/brew/StringBrew.cpp: Removed.
41991 * wtf/brew/SystemMallocBrew.h: Removed.
41992 * wtf/unicode/brew: Removed.
41993 * wtf/unicode/brew/UnicodeBrew.cpp: Removed.
41994 * wtf/unicode/brew/UnicodeBrew.h: Removed.
41996 2011-09-25 Filip Pizlo <fpizlo@apple.com>
41998 DFG JIT does not count speculation successes correctly
41999 https://bugs.webkit.org/show_bug.cgi?id=68785
42001 Reviewed by Geoffrey Garen.
42003 * dfg/DFGJITCompiler.cpp:
42004 (JSC::DFG::JITCompiler::compileEntry):
42005 (JSC::DFG::JITCompiler::compileBody):
42006 * dfg/DFGOperations.cpp:
42008 2011-09-25 Filip Pizlo <fpizlo@apple.com>
42010 DFG support for op_resolve_global is not enabled
42011 https://bugs.webkit.org/show_bug.cgi?id=68786
42013 Reviewed by Geoffrey Garen.
42015 * dfg/DFGCapabilities.h:
42016 (JSC::DFG::canCompileOpcode):
42018 2011-09-25 Filip Pizlo <fpizlo@apple.com>
42020 DFG static prediction code is no longer needed and should be removed
42021 https://bugs.webkit.org/show_bug.cgi?id=68784
42023 Reviewed by Oliver Hunt.
42025 This gets rid of static prediction code, and ensures that we do not
42026 try to compile code where dynamic predictions are not available.
42027 This is accomplished by immediately performing an OSR exit wherever
42028 a value is retrieved for which no predictions exist.
42030 This also adds value profiling for this on functions used for calls.
42032 The heuristics for deciding when to optimize code are also tweaked,
42033 since it is now profitable to optimize sooner. This may need to be
42034 tweaked further, but this patch only makes minimal changes.
42036 This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
42037 overall win on Kraken. It's neutral elsewhere.
42039 * bytecode/CodeBlock.cpp:
42040 (JSC::CodeBlock::shouldOptimizeNow):
42041 (JSC::CodeBlock::dumpValueProfiles):
42042 * bytecode/CodeBlock.h:
42043 * bytecode/PredictedType.cpp:
42044 (JSC::predictionToString):
42045 * bytecode/PredictedType.h:
42046 (JSC::isCellPrediction):
42047 (JSC::isObjectPrediction):
42048 (JSC::isFinalObjectPrediction):
42049 (JSC::isStringPrediction):
42050 (JSC::isArrayPrediction):
42051 (JSC::isInt32Prediction):
42052 (JSC::isDoublePrediction):
42053 (JSC::isNumberPrediction):
42054 (JSC::isBooleanPrediction):
42055 (JSC::mergePredictions):
42056 * bytecode/PredictionTracker.h:
42057 (JSC::PredictionTracker::predictArgument):
42058 (JSC::PredictionTracker::predict):
42059 (JSC::PredictionTracker::predictGlobalVar):
42060 * bytecode/ValueProfile.cpp:
42061 (JSC::ValueProfile::computeUpdatedPrediction):
42062 * dfg/DFGByteCodeParser.cpp:
42063 (JSC::DFG::ByteCodeParser::set):
42064 (JSC::DFG::ByteCodeParser::addCall):
42065 (JSC::DFG::ByteCodeParser::getPrediction):
42066 (JSC::DFG::ByteCodeParser::parseBlock):
42067 * dfg/DFGGraph.cpp:
42068 (JSC::DFG::Graph::predictArgumentTypes):
42070 (JSC::DFG::Graph::predict):
42071 (JSC::DFG::Graph::predictGlobalVar):
42072 (JSC::DFG::Graph::getMethodCheckPrediction):
42073 (JSC::DFG::Graph::getJSConstantPrediction):
42074 (JSC::DFG::Graph::getPrediction):
42075 * dfg/DFGJITCodeGenerator.cpp:
42076 (JSC::DFG::JITCodeGenerator::writeBarrier):
42077 (JSC::DFG::JITCodeGenerator::emitBranch):
42078 * dfg/DFGJITCompiler.h:
42079 (JSC::DFG::JITCompiler::getPrediction):
42081 (JSC::DFG::Node::valueOfJSConstantNode):
42082 (JSC::DFG::Node::isInt32Constant):
42083 (JSC::DFG::Node::isDoubleConstant):
42084 (JSC::DFG::Node::isNumberConstant):
42085 (JSC::DFG::Node::isBooleanConstant):
42086 (JSC::DFG::Node::predict):
42087 * dfg/DFGPropagator.cpp:
42088 (JSC::DFG::Propagator::Propagator):
42089 (JSC::DFG::Propagator::propagateNodePredictions):
42090 (JSC::DFG::Propagator::fixupNode):
42091 (JSC::DFG::Propagator::isPredictedNumerical):
42092 (JSC::DFG::Propagator::logicalNotIsPure):
42093 * dfg/DFGSpeculativeJIT.cpp:
42094 (JSC::DFG::SpeculativeJIT::compile):
42095 * dfg/DFGSpeculativeJIT.h:
42096 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
42097 (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
42098 (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
42099 (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
42100 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
42101 (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
42102 (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
42103 (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
42105 (JSC::JIT::privateCompile):
42107 2011-09-25 Filip Pizlo <fpizlo@apple.com>
42109 DFG JIT Construct opcode takes a this argument even though it's
42111 https://bugs.webkit.org/show_bug.cgi?id=68782
42113 Reviewed by Oliver Hunt.
42115 This is performance-neutral, mostly. It's a slight speed-up on
42118 * dfg/DFGByteCodeParser.cpp:
42119 (JSC::DFG::ByteCodeParser::addCall):
42120 * dfg/DFGJITCodeGenerator.cpp:
42121 (JSC::DFG::JITCodeGenerator::emitCall):
42123 2011-09-25 Filip Pizlo <fpizlo@apple.com>
42125 DFG tracking of the value in cachedResultRegister does not handle
42127 https://bugs.webkit.org/show_bug.cgi?id=68781
42129 Reviewed by Oliver Hunt.
42131 This takes the simplest approach: it makes the old JIT dumber rather
42132 than making the DFG JIT smarter. This is performance-neutral.
42135 (JSC::JIT::canBeOptimized):
42136 * jit/JITOpcodes.cpp:
42137 (JSC::JIT::emit_op_mov):
42139 2011-09-25 Adam Barth <abarth@webkit.org>
42141 Remove PLATFORM(HAIKU) and associated code
42142 https://bugs.webkit.org/show_bug.cgi?id=68774
42144 Reviewed by Sam Weinig.
42146 * JavaScriptCore.gyp/JavaScriptCore.gyp:
42147 * JavaScriptCore.gypi:
42148 * gyp/JavaScriptCore.gyp:
42149 * heap/MachineStackMarker.cpp:
42150 * wtf/PageAllocation.h:
42152 * wtf/StackBounds.cpp:
42153 * wtf/haiku: Removed.
42154 * wtf/haiku/MainThreadHaiku.cpp: Removed.
42155 * wtf/haiku/StringHaiku.cpp: Removed.
42156 * wtf/text/WTFString.h:
42158 2011-09-24 Adam Barth <abarth@webkit.org>
42160 Always enable ENABLE(OFFLINE_WEB_APPLICATIONS)
42161 https://bugs.webkit.org/show_bug.cgi?id=68767
42163 Reviewed by Eric Seidel.
42165 * Configurations/FeatureDefines.xcconfig:
42167 2011-09-24 Filip Pizlo <fpizlo@apple.com>
42169 JIT implementation of put_by_val increments m_length instead of setting
42171 https://bugs.webkit.org/show_bug.cgi?id=68766
42173 Reviewed by Geoffrey Garen.
42175 * jit/JITPropertyAccess.cpp:
42176 (JSC::JIT::emit_op_put_by_val):
42178 2011-09-24 Geoffrey Garen <ggaren@apple.com>
42182 * heap/ConservativeRoots.cpp: Our system of #includes, it is chaos.
42184 2011-09-24 Filip Pizlo <fpizlo@apple.com>
42186 The DFG should not attempt to guess types in the absence of value
42188 https://bugs.webkit.org/show_bug.cgi?id=68677
42190 Reviewed by Oliver Hunt.
42192 This adds the ForceOSRExit node, which is ignored by the propagator
42193 and virtual register allocator (and hence ensuring that liveness analysis
42194 works correctly), but forces terminateSpeculativeExecution() in the
42195 back-end. This appears to be a slight speed-up on benchmark averages,
42196 with ~5% swings on individual benchmarks, in both directions. But it's
42197 never a regression on any average, and appears to be a ~1% progression
42198 in the SunSpider average.
42200 This also adds a bit better debugging support in the old JIT and in DFG,
42201 as this was necessary to debug the much more frequent OSR transitions
42202 that occur with this change.
42204 * dfg/DFGByteCodeParser.cpp:
42205 (JSC::DFG::ByteCodeParser::addCall):
42206 (JSC::DFG::ByteCodeParser::getStrongPrediction):
42207 (JSC::DFG::ByteCodeParser::parseBlock):
42208 * dfg/DFGJITCompiler.cpp:
42209 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
42211 * dfg/DFGPropagator.cpp:
42212 (JSC::DFG::Propagator::propagateNodePredictions):
42213 * dfg/DFGSpeculativeJIT.cpp:
42214 (JSC::DFG::SpeculativeJIT::compile):
42216 (JSC::JIT::privateCompileMainPass):
42217 (JSC::JIT::privateCompileSlowCases):
42218 (JSC::JIT::privateCompile):
42221 2011-09-24 Geoffrey Garen <ggaren@apple.com>
42223 Some Windows build fixage.
42225 * heap/MarkedBlock.cpp:
42226 (JSC::MarkedBlock::sweep):
42227 * heap/MarkedBlock.h:
42228 (JSC::MarkedBlock::isLive): Show the compiler that all control paths
42229 return a value. There, there, compiler. Everything's going to be OK.
42231 * runtime/JSCell.h:
42232 (JSC::JSCell::setVPtr): Oops! Unrename this function.
42234 2011-09-24 Geoffrey Garen <ggaren@apple.com>
42236 Allocate new objects unmarked
42237 https://bugs.webkit.org/show_bug.cgi?id=68764
42239 Reviewed by Oliver Hunt.
42241 This is a pre-requisite to using the mark bit to determine object age.
42243 ~2% v8 speedup, mostly due to a 12% v8-splay speedup.
42245 * heap/MarkedBlock.h:
42246 (JSC::MarkedBlock::isLive):
42247 (JSC::MarkedBlock::isLiveCell): These two functions are the reason for
42248 this patch. They can now determine object liveness without relying on
42249 newly allocated objects having their mark bits set. Each MarkedBlock
42250 now has a state variable that tells us how to determine whether its
42251 cells are live. (This new state variable supercedes the old one about
42252 destructor state. The rest of this patch is just refactoring to support
42253 the invariants of this new state variable without introducing a
42254 performance regression.)
42256 (JSC::MarkedBlock::didConsumeFreeList): New function for updating interal
42257 state when a block becomes fully allocated.
42259 (JSC::MarkedBlock::clearMarks): Folded a state change to 'Marked' into
42260 this function because, logically, clearing all mark bits is the first
42261 step in saying "mark bits now exactly reflect object liveness".
42263 (JSC::MarkedBlock::markCountIsZero): Renamed from isEmpty() to clarify
42264 that this function only tells you about the mark bits, so it's only
42265 meaningful if you've put the mark bits into a meaningful state before
42268 (JSC::MarkedBlock::forEachCell): Changed to use isLive() helper function
42269 instead of testing mark bits, since mark bits are not always the right
42270 way to find out if an object is live anymore. (New objects are live, but
42273 * heap/MarkedBlock.cpp:
42274 (JSC::MarkedBlock::recycle):
42275 (JSC::MarkedBlock::MarkedBlock): Folded all initialization -- even
42276 initialization when recycling an old block -- into the MarkedBlock
42277 constructor, for simplicity.
42279 (JSC::MarkedBlock::callDestructor): Inlined for speed. Always check for
42280 a zapped cell before running a destructor, and always zap after
42281 running a destructor. This does not seem to be expensive, and the
42282 alternative just creates a too-confusing matrix of possible cell states
42283 ((zombie undestructed cell + zombie destructed cell + zapped destructed
42284 cell) * 5! permutations for progressing through block states = "Oh my!").
42286 (JSC::MarkedBlock::specializedSweep):
42287 (JSC::MarkedBlock::sweep): Maintained and expanded a pre-existing
42288 optimization to use template specialization to constant fold lots of
42289 branches and elide certain operations entirely during a sweep. Merged
42290 four or five functions that were logically about sweeping into this one
42291 function pair, so there's only one way to do things now, it's
42292 automatically correct, and it's always fast.
42294 (JSC::MarkedBlock::zapFreeList): Renamed this function to be more explicit
42295 about exactly what it does, and to honor the new block state system.
42297 * heap/AllocationSpace.cpp:
42298 (JSC::AllocationSpace::allocateBlock): Updated for rename.
42300 (JSC::AllocationSpace::freeBlocks): Updated for changed interface.
42302 (JSC::TakeIfUnmarked::TakeIfUnmarked):
42303 (JSC::TakeIfUnmarked::operator()):
42304 (JSC::TakeIfUnmarked::returnValue): Just like isEmpty() above, renamed
42305 to clarify that this functor only tests the mark bits, so it's only
42306 valid if you've put the mark bits into a meaningful state before
42309 (JSC::AllocationSpace::shrink): Updated for rename.
42311 * heap/AllocationSpace.h:
42312 (JSC::AllocationSpace::canonicalizeCellLivenessData): Renamed to be a
42313 little more specific about what we're making canonical.
42315 (JSC::AllocationSpace::forEachCell): Updated for rename.
42317 (JSC::AllocationSpace::forEachBlock): No need to canonicalize cell
42318 liveness data before iterating blocks -- clients that want iterated
42319 blocks to have valid cell lieveness data should make this call for
42320 themselves. (And not all clients want it.)
42322 * heap/ConservativeRoots.cpp:
42323 (JSC::ConservativeRoots::genericAddPointer): Updated for rename. Removed
42327 (JSC::CountFunctor::ClearMarks::operator()): Removed call to notify...()
42328 because clearMarks() now does that implicitly.
42330 (JSC::Heap::destroy): Make sure to canonicalize before tear-down, since
42331 tear-down tests cell liveness when running destructors.
42333 (JSC::Heap::markRoots):
42334 (JSC::Heap::collect): Moved weak reference harvesting out of markRoots()
42335 and into collect, since it strictly depends on root marking, and does
42336 not contribute to root marking.
42338 (JSC::Heap::canonicalizeCellLivenessData): Renamed to be a little more
42339 specific about what we're making canonical.
42342 (JSC::Heap::forEachProtectedCell): No need to canonicalize cell liveness
42343 data before iterating protected cells, since we know they're all live,
42344 and don't need to test for it.
42347 (JSC::::set): Can't make the same ASSERT we used to because we just don't
42348 have the mark bits for it anymore. Perhaps we can bring this ASSERT back
42349 in a weaker form in the future.
42351 * heap/MarkedSpace.cpp:
42352 (JSC::MarkedSpace::addBlock):
42353 (JSC::MarkedSpace::removeBlock): Updated for interface change.
42354 (JSC::MarkedSpace::canonicalizeCellLivenessData): Renamed to be a little more
42355 specific about what we're making canonical.
42357 * heap/MarkedSpace.h:
42358 (JSC::MarkedSpace::allocate):
42359 (JSC::MarkedSpace::SizeClass::SizeClass):
42360 (JSC::MarkedSpace::SizeClass::resetAllocator):
42361 (JSC::MarkedSpace::SizeClass::zapFreeList): Simplified this allocator
42362 functionality a bit. We now track only one block -- "currentBlock" --
42363 and rely on its internal state to know whether it has more cells to
42367 (JSC::Weak::set): Can't make the same ASSERT we used to because we just don't
42368 have the mark bits for it anymore. Perhaps we can bring this ASSERT back
42369 in a weaker form in the future.
42371 * runtime/JSCell.h:
42372 (JSC::JSCell::vptr):
42373 (JSC::JSCell::zap):
42374 (JSC::JSCell::isZapped):
42375 (JSC::isZapped): Made zapping a property of JSCell, for a little abstraction.
42376 In the future, exactly how a JSCell zaps itself will change, as the
42377 internal representation of JSCell changes.
42379 2011-09-24 Filip Pizlo <fpizlo@apple.com>
42381 DFG JIT should not eagerly initialize integer tags in the register file
42382 https://bugs.webkit.org/show_bug.cgi?id=68763
42384 Reviewed by Oliver Hunt.
42386 * dfg/DFGJITCompiler.cpp:
42387 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
42388 * dfg/DFGSpeculativeJIT.cpp:
42389 (JSC::DFG::ValueRecovery::dump):
42390 (JSC::DFG::OSRExit::OSRExit):
42391 (JSC::DFG::SpeculativeJIT::compile):
42392 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
42393 * dfg/DFGSpeculativeJIT.h:
42394 (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedInt32):
42395 (JSC::DFG::OSRExit::operandForArgument):
42396 (JSC::DFG::OSRExit::operandForIndex):
42397 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
42399 2011-09-23 Yuqiang Xian <yuqiang.xian@intel.com>
42401 Add JSVALUE32_64 support to DFG JIT
42402 https://bugs.webkit.org/show_bug.cgi?id=67460
42404 Reviewed by Gavin Barraclough.
42406 This is the initial attempt to add JSVALUE32_64 support to DFG JIT.
42407 It's tested on IA32 Linux EFL port currently. It still cannot run
42408 all the test cases and benchmarks so should be turned off now.
42410 The major work includes:
42411 1) dealing with JSVALUE32_64 data format in DFG JIT;
42412 2) bindings between 64-bit JS Value and 32-bit registers;
42413 3) handling of function calls. Currently for DFG operation function
42414 calls we follow the X86 cdecl calling convention on Linux, and the
42415 implementation is in a naive way by pushing the arguments into stack
42418 The known issues include:
42419 1) some code duplicates unnecessarily, especially in Speculative JIT
42420 code generation, where most of the operations on SpeculataInteger /
42421 SpeculateDouble should be identical to the JSVALUE64 code. Refactoring
42422 is needed in the future;
42423 2) lack of op_call and op_construct support, comparing to current
42425 3) currently integer speculations assume to be StrictInt32;
42426 4) lack of JSBoolean speculations;
42427 5) boxing and unboxing doubles could be improved;
42428 6) DFG X86 register description is different with the baseline JIT,
42429 the timeoutCheckRegister is used for general purpose usage;
42430 7) calls to runtime functions with primitive double parameters (e.g.
42431 fmod) don't work. Support needs to be added to the assembler to
42432 implement the mechanism of passing double parameters for X86 cdecl
42435 And there should be many other hidden bugs which should be exposed and
42436 resolved in later debugging process.
42438 * CMakeListsEfl.txt:
42439 * assembler/MacroAssemblerX86.h:
42440 (JSC::MacroAssemblerX86::loadDouble):
42441 (JSC::MacroAssemblerX86::storeDouble):
42442 * assembler/X86Assembler.h:
42443 (JSC::X86Assembler::movsd_rm):
42444 * bytecode/StructureStubInfo.h:
42445 * dfg/DFGByteCodeParser.cpp:
42446 (JSC::DFG::ByteCodeParser::parseBlock):
42447 * dfg/DFGCapabilities.h:
42448 (JSC::DFG::canCompileOpcode):
42449 * dfg/DFGFPRInfo.h:
42450 (JSC::DFG::FPRInfo::debugName):
42451 * dfg/DFGGPRInfo.h:
42452 (JSC::DFG::GPRInfo::toRegister):
42453 (JSC::DFG::GPRInfo::toIndex):
42454 (JSC::DFG::GPRInfo::debugName):
42455 * dfg/DFGGenerationInfo.h:
42456 (JSC::DFG::needDataFormatConversion):
42457 (JSC::DFG::GenerationInfo::initJSValue):
42458 (JSC::DFG::GenerationInfo::initDouble):
42459 (JSC::DFG::GenerationInfo::gpr):
42460 (JSC::DFG::GenerationInfo::tagGPR):
42461 (JSC::DFG::GenerationInfo::payloadGPR):
42462 (JSC::DFG::GenerationInfo::fpr):
42463 (JSC::DFG::GenerationInfo::fillJSValue):
42464 (JSC::DFG::GenerationInfo::fillCell):
42465 (JSC::DFG::GenerationInfo::fillDouble):
42466 * dfg/DFGJITCodeGenerator.cpp:
42467 * dfg/DFGJITCodeGenerator.h:
42468 (JSC::DFG::JITCodeGenerator::allocate):
42469 (JSC::DFG::JITCodeGenerator::use):
42470 (JSC::DFG::JITCodeGenerator::registersMatched):
42471 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
42472 (JSC::DFG::JITCodeGenerator::silentFillGPR):
42473 (JSC::DFG::JITCodeGenerator::silentFillFPR):
42474 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
42475 (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
42476 (JSC::DFG::JITCodeGenerator::boxDouble):
42477 (JSC::DFG::JITCodeGenerator::unboxDouble):
42478 (JSC::DFG::JITCodeGenerator::spill):
42479 (JSC::DFG::addressOfDoubleConstant):
42480 (JSC::DFG::integerResult):
42481 (JSC::DFG::jsValueResult):
42482 (JSC::DFG::setupResults):
42483 (JSC::DFG::callOperation):
42484 (JSC::JSValueOperand::JSValueOperand):
42485 (JSC::JSValueOperand::~JSValueOperand):
42486 (JSC::JSValueOperand::isDouble):
42487 (JSC::JSValueOperand::fill):
42488 (JSC::JSValueOperand::tagGPR):
42489 (JSC::JSValueOperand::payloadGPR):
42490 (JSC::JSValueOperand::fpr):
42491 (JSC::GPRTemporary::~GPRTemporary):
42492 (JSC::GPRTemporary::gpr):
42493 (JSC::GPRResult2::GPRResult2):
42494 * dfg/DFGJITCodeGenerator32_64.cpp: Added.
42495 (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
42496 (JSC::DFG::JITCodeGenerator::fillInteger):
42497 (JSC::DFG::JITCodeGenerator::fillDouble):
42498 (JSC::DFG::JITCodeGenerator::fillJSValue):
42499 (JSC::DFG::JITCodeGenerator::fillStorage):
42500 (JSC::DFG::JITCodeGenerator::useChildren):
42501 (JSC::DFG::JITCodeGenerator::isStrictInt32):
42502 (JSC::DFG::JITCodeGenerator::isKnownInteger):
42503 (JSC::DFG::JITCodeGenerator::isKnownNumeric):
42504 (JSC::DFG::JITCodeGenerator::isKnownCell):
42505 (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
42506 (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
42507 (JSC::DFG::JITCodeGenerator::isKnownBoolean):
42508 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
42509 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
42510 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
42511 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
42512 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
42513 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
42514 (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
42515 (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
42516 (JSC::DFG::JITCodeGenerator::cachedGetById):
42517 (JSC::DFG::JITCodeGenerator::writeBarrier):
42518 (JSC::DFG::JITCodeGenerator::cachedPutById):
42519 (JSC::DFG::JITCodeGenerator::cachedGetMethod):
42520 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
42521 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
42522 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
42523 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
42524 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
42525 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
42526 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
42527 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
42528 (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
42529 (JSC::DFG::JITCodeGenerator::emitBranch):
42530 (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
42531 (JSC::DFG::JITCodeGenerator::emitCall):
42532 (JSC::DFG::JITCodeGenerator::speculationCheck):
42533 (JSC::DFG::dataFormatString):
42534 (JSC::DFG::JITCodeGenerator::dump):
42535 (JSC::DFG::JITCodeGenerator::checkConsistency):
42536 (JSC::DFG::GPRTemporary::GPRTemporary):
42537 (JSC::DFG::FPRTemporary::FPRTemporary):
42538 * dfg/DFGJITCompiler.cpp:
42539 * dfg/DFGJITCompiler.h:
42540 (JSC::DFG::JITCompiler::tagForGlobalVar):
42541 (JSC::DFG::JITCompiler::payloadForGlobalVar):
42542 (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
42543 (JSC::DFG::JITCompiler::addressOfDoubleConstant):
42544 (JSC::DFG::JITCompiler::boxDouble):
42545 (JSC::DFG::JITCompiler::unboxDouble):
42546 (JSC::DFG::JITCompiler::addPropertyAccess):
42547 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
42548 * dfg/DFGJITCompiler32_64.cpp: Added.
42549 (JSC::DFG::JITCompiler::fillNumericToDouble):
42550 (JSC::DFG::JITCompiler::fillInt32ToInteger):
42551 (JSC::DFG::JITCompiler::fillToJS):
42552 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
42553 (JSC::DFG::JITCompiler::linkOSRExits):
42554 (JSC::DFG::JITCompiler::compileEntry):
42555 (JSC::DFG::JITCompiler::compileBody):
42556 (JSC::DFG::JITCompiler::link):
42557 (JSC::DFG::JITCompiler::compile):
42558 (JSC::DFG::JITCompiler::compileFunction):
42559 (JSC::DFG::JITCompiler::jitAssertIsInt32):
42560 (JSC::DFG::JITCompiler::jitAssertIsJSInt32):
42561 (JSC::DFG::JITCompiler::jitAssertIsJSNumber):
42562 (JSC::DFG::JITCompiler::jitAssertIsJSDouble):
42563 (JSC::DFG::JITCompiler::jitAssertIsCell):
42564 (JSC::DFG::JITCompiler::emitCount):
42565 (JSC::DFG::JITCompiler::setSamplingFlag):
42566 (JSC::DFG::JITCompiler::clearSamplingFlag):
42567 * dfg/DFGJITCompilerInlineMethods.h: Added.
42568 (JSC::DFG::JITCompiler::emitLoadTag):
42569 (JSC::DFG::JITCompiler::emitLoadPayload):
42570 (JSC::DFG::JITCompiler::emitLoad):
42571 (JSC::DFG::JITCompiler::emitLoad2):
42572 (JSC::DFG::JITCompiler::emitLoadDouble):
42573 (JSC::DFG::JITCompiler::emitLoadInt32ToDouble):
42574 (JSC::DFG::JITCompiler::emitStore):
42575 (JSC::DFG::JITCompiler::emitStoreInt32):
42576 (JSC::DFG::JITCompiler::emitStoreCell):
42577 (JSC::DFG::JITCompiler::emitStoreBool):
42578 (JSC::DFG::JITCompiler::emitStoreDouble):
42580 * dfg/DFGOperations.cpp:
42581 * dfg/DFGRepatch.cpp:
42582 (JSC::DFG::generateProtoChainAccessStub):
42583 (JSC::DFG::tryCacheGetByID):
42584 (JSC::DFG::tryBuildGetByIDList):
42585 (JSC::DFG::tryCachePutByID):
42586 * dfg/DFGSpeculativeJIT.cpp:
42587 * dfg/DFGSpeculativeJIT.h:
42588 (JSC::DFG::ValueRecovery::inGPR):
42589 (JSC::DFG::ValueRecovery::inPair):
42590 (JSC::DFG::ValueRecovery::tagGPR):
42591 (JSC::DFG::ValueRecovery::payloadGPR):
42592 * dfg/DFGSpeculativeJIT32_64.cpp: Added.
42593 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
42594 (JSC::DFG::ValueSource::dump):
42595 (JSC::DFG::ValueRecovery::dump):
42596 (JSC::DFG::OSRExit::OSRExit):
42597 (JSC::DFG::OSRExit::dump):
42598 (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
42599 (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
42600 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
42601 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
42602 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
42603 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
42604 (JSC::DFG::SpeculativeJIT::convertToDouble):
42605 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
42606 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
42607 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
42608 (JSC::DFG::SpeculativeJIT::compare):
42609 (JSC::DFG::SpeculativeJIT::compile):
42610 (JSC::DFG::SpeculativeJIT::compileMovHint):
42611 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
42612 (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
42613 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
42614 * runtime/JSValue.h:
42616 2011-09-23 Filip Pizlo <fpizlo@apple.com>
42618 wtf/BitVector.h has a variety of bugs which manifest when the
42619 vector grows beyond 63 bits
42620 https://bugs.webkit.org/show_bug.cgi?id=68746
42622 Reviewed by Oliver Hunt.
42624 Out-of-lined slow path code in BitVector so that not every user
42625 of CodeBlock ends up having to compile it. Fixed a variety of
42626 index computation and size computation bugs.
42628 I have not seen these issues manifest themselves, but they are
42629 blocking a patch that uses BitVector more aggressively.
42631 * GNUmakefile.list.am:
42632 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
42633 * JavaScriptCore.xcodeproj/project.pbxproj:
42634 * wtf/BitVector.cpp: Added.
42635 (BitVector::BitVector):
42636 (BitVector::operator=):
42637 (BitVector::resize):
42638 (BitVector::clearAll):
42639 (BitVector::OutOfLineBits::create):
42640 (BitVector::OutOfLineBits::destroy):
42641 (BitVector::resizeOutOfLine):
42643 (WTF::BitVector::ensureSize):
42644 (WTF::BitVector::get):
42645 (WTF::BitVector::set):
42646 (WTF::BitVector::clear):
42647 (WTF::BitVector::byteCount):
42648 (WTF::BitVector::OutOfLineBits::numWords):
42649 (WTF::BitVector::OutOfLineBits::bits):
42650 (WTF::BitVector::outOfLineBits):
42651 * wtf/CMakeLists.txt:
42654 2011-09-23 Adam Klein <adamk@chromium.org>
42656 Add ENABLE_MUTATION_OBSERVERS feature flag
42657 https://bugs.webkit.org/show_bug.cgi?id=68732
42659 Reviewed by Ojan Vafai.
42661 This flag will guard an implementation of the "Mutation Observers" proposed in
42662 http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1622.html
42664 * Configurations/FeatureDefines.xcconfig:
42666 2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
42668 De-virtualize JSCell::getJSNumber
42669 https://bugs.webkit.org/show_bug.cgi?id=68651
42671 Reviewed by Oliver Hunt.
42673 Added a new JSType to check whether or not something is a
42674 NumberObject (which includes NumberPrototype) in TypeInfo::isNumberObject because there's not
42675 currently a better way to determine whether something is indeed a NumberObject.
42676 Also de-virtualized JSCell::getJSNumber, having it check the TypeInfo
42677 for whether the object is a NumberObject or not. This patch is part of
42678 the larger process of de-virtualizing JSCell.
42680 * JavaScriptCore.exp:
42681 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
42682 * runtime/JSCell.cpp:
42683 (JSC::JSCell::getJSNumber):
42684 * runtime/JSCell.h:
42685 (JSC::JSValue::getJSNumber):
42686 * runtime/JSType.h:
42687 * runtime/JSTypeInfo.h:
42688 (JSC::TypeInfo::isNumberObject):
42689 * runtime/JSValue.h:
42690 * runtime/NumberObject.cpp:
42691 (JSC::NumberObject::getJSNumber):
42692 * runtime/NumberObject.h:
42693 (JSC::NumberObject::createStructure):
42694 * runtime/NumberPrototype.h:
42695 (JSC::NumberPrototype::createStructure):
42697 2011-09-23 Filip Pizlo <fpizlo@apple.com>
42699 Resolve opcodes should have value profiling.
42700 https://bugs.webkit.org/show_bug.cgi?id=68723
42702 Reviewed by Oliver Hunt.
42704 This adds value profiling to all forms of op_resolve in the
42705 old JIT, and patches that information into the DFG along with
42706 performing the appropriate type propagation.
42708 * dfg/DFGByteCodeParser.cpp:
42709 (JSC::DFG::ByteCodeParser::parseBlock):
42711 (JSC::DFG::Graph::predict):
42713 (JSC::DFG::Node::hasIdentifier):
42714 (JSC::DFG::Node::resolveGlobalDataIndex):
42715 (JSC::DFG::Node::hasPrediction):
42716 * dfg/DFGPropagator.cpp:
42717 (JSC::DFG::Propagator::propagateNodePredictions):
42718 * dfg/DFGSpeculativeJIT.cpp:
42719 (JSC::DFG::SpeculativeJIT::compile):
42720 * jit/JITOpcodes.cpp:
42721 (JSC::JIT::emit_op_resolve):
42722 (JSC::JIT::emit_op_resolve_base):
42723 (JSC::JIT::emit_op_resolve_skip):
42724 (JSC::JIT::emit_op_resolve_global):
42725 (JSC::JIT::emitSlow_op_resolve_global):
42726 (JSC::JIT::emit_op_resolve_with_base):
42727 (JSC::JIT::emit_op_resolve_with_this):
42728 (JSC::JIT::emitSlow_op_resolve_global_dynamic):
42729 * jit/JITStubCall.h:
42730 (JSC::JITStubCall::callWithValueProfiling):
42732 2011-09-23 Oliver Hunt <oliver@apple.com>
42736 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
42738 2011-09-23 Gavin Barraclough <barraclough@apple.com>
42740 Strict mode does not work in non-trivial nested functions.
42741 https://bugs.webkit.org/show_bug.cgi?id=68740
42743 Reviewed by Oliver Hunt.
42745 Function-info caching does not preserve all state that it should.
42747 * parser/JSParser.cpp:
42748 (JSC::JSParser::Scope::saveFunctionInfo):
42749 (JSC::JSParser::Scope::restoreFunctionInfo):
42750 (JSC::JSParser::parseFunctionInfo):
42751 * parser/SourceProviderCacheItem.h:
42753 2011-09-23 Filip Pizlo <fpizlo@apple.com>
42755 ValueToDouble handling in prediction propagation should be ASSERT_NOT_REACHED
42756 https://bugs.webkit.org/show_bug.cgi?id=68724
42758 Reviewed by Oliver Hunt.
42760 * dfg/DFGPropagator.cpp:
42761 (JSC::DFG::Propagator::propagateNodePredictions):
42763 2011-09-23 Oliver Hunt <oliver@apple.com>
42767 * JavaScriptCore.xcodeproj/project.pbxproj:
42769 2011-09-23 Filip Pizlo <fpizlo@apple.com>
42771 DFG implementation of PutScopedVar corrupts register allocation
42772 https://bugs.webkit.org/show_bug.cgi?id=68735
42774 Reviewed by Oliver Hunt.
42776 * dfg/DFGSpeculativeJIT.cpp:
42777 (JSC::DFG::SpeculativeJIT::compile):
42779 2011-09-23 Oliver Hunt <oliver@apple.com>
42781 Make write barriers actually do something when enabled
42782 https://bugs.webkit.org/show_bug.cgi?id=68717
42784 Reviewed by Geoffrey Garen.
42786 Add a basic card marking style write barrier to JSC (currently
42787 turned off). This requires two scratch registers in the JIT
42788 so there was some register re-arranging to satisfy that requirement.
42789 Happily this produced a minor perf bump in sunspider (~0.5%).
42791 Turning the barriers on causes an overall regression of around 1.5%
42793 * JavaScriptCore.exp:
42794 * JavaScriptCore.xcodeproj/project.pbxproj:
42795 * assembler/MacroAssemblerX86Common.h:
42796 (JSC::MacroAssemblerX86Common::store8):
42797 * assembler/X86Assembler.h:
42798 (JSC::X86Assembler::movb_i8m):
42799 * dfg/DFGJITCodeGenerator.cpp:
42800 (JSC::DFG::JITCodeGenerator::isKnownNotCell):
42801 (JSC::DFG::JITCodeGenerator::writeBarrier):
42802 (JSC::DFG::JITCodeGenerator::markCellCard):
42803 (JSC::DFG::JITCodeGenerator::cachedPutById):
42804 * dfg/DFGJITCodeGenerator.h:
42805 * dfg/DFGRepatch.cpp:
42806 (JSC::DFG::tryCachePutByID):
42807 * dfg/DFGSpeculativeJIT.cpp:
42808 (JSC::DFG::SpeculativeJIT::compile):
42809 * heap/CardSet.h: Added.
42810 (JSC::CardSet::CardSet):
42811 (JSC::::cardForAtom):
42812 (JSC::::cardMarkedForAtom):
42813 (JSC::::markCardForAtom):
42816 (JSC::Heap::addressOfCardFor):
42817 (JSC::Heap::writeBarrierFastCase):
42818 * heap/MarkedBlock.h:
42819 (JSC::MarkedBlock::setDirtyObject):
42820 (JSC::MarkedBlock::addressOfCardFor):
42821 (JSC::MarkedBlock::offsetOfCards):
42823 * jit/JITPropertyAccess.cpp:
42824 (JSC::JIT::emit_op_put_by_val):
42825 (JSC::JIT::emit_op_put_by_id):
42826 (JSC::JIT::privateCompilePutByIdTransition):
42827 (JSC::JIT::emit_op_put_scoped_var):
42828 (JSC::JIT::emit_op_put_global_var):
42829 (JSC::JIT::emitWriteBarrier):
42830 * jit/JITPropertyAccess32_64.cpp:
42831 (JSC::JIT::emit_op_put_by_val):
42832 (JSC::JIT::emit_op_put_by_id):
42833 (JSC::JIT::emitSlow_op_put_by_id):
42834 (JSC::JIT::privateCompilePutByIdTransition):
42835 (JSC::JIT::emit_op_put_scoped_var):
42836 (JSC::JIT::emit_op_put_global_var):
42838 2011-09-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
42840 https://bugs.webkit.org/show_bug.cgi?id=68077
42841 SH4 assemblers doesn't refer to executable memory handle.
42843 Reviewed by Gavin Barraclough.
42845 * assembler/MacroAssemblerSH4.h:
42846 (JSC::MacroAssemblerSH4::branch8):
42847 * assembler/SH4Assembler.h:
42848 (JSC::SH4Assembler::executableCopy):
42850 2011-09-23 Oliver Hunt <oliver@apple.com>
42852 PutScopedVar nodes should report that it has a var number
42853 https://bugs.webkit.org/show_bug.cgi?id=68721
42855 Reviewed by Anders Carlsson.
42857 Another assertion fix.
42860 (JSC::DFG::Node::hasVarNumber):
42862 2011-09-23 Oliver Hunt <oliver@apple.com>
42864 Add a bunch of unhandled node types to the propagator
42865 https://bugs.webkit.org/show_bug.cgi?id=68716
42867 Reviewed by Darin Adler.
42869 Remove the ASSERT_NOT_REACHED() default for debug builds in the
42870 prediction propagator, this way unhandled nodes will just cause
42871 compile time failures rather than failing at some point in the
42874 * dfg/DFGPropagator.cpp:
42875 (JSC::DFG::Propagator::propagateNodePredictions):
42877 2011-09-23 Mark Hahnenberg <mhahnenberg@apple.com>
42879 Add static version of JSCell::visitChildren
42880 https://bugs.webkit.org/show_bug.cgi?id=68404
42882 Reviewed by Darin Adler.
42884 In this patch we just extract the bodies of the virtual visitChildren methods
42885 throughout the JSCell inheritance hierarchy out into static methods, which are
42886 now called from the virtual methods. This is an intermediate step in trying to
42887 move the virtual-ness of visitChildren into our own custom vtable stored in
42888 ClassInfo. We need to convert the methods to static methods in order to be
42889 able to more easily store and refer to them in our custom vtable since normal
42890 member methods store some implicit information in their types, making it
42891 impossible to store them generically in ClassInfo.
42893 * API/JSCallbackObject.h:
42894 (JSC::JSCallbackObject::visitChildrenVirtual):
42895 (JSC::JSCallbackObject::visitChildren):
42896 * JavaScriptCore.exp:
42897 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
42898 * debugger/DebuggerActivation.cpp:
42899 (JSC::DebuggerActivation::visitChildrenVirtual):
42900 (JSC::DebuggerActivation::visitChildren):
42901 * debugger/DebuggerActivation.h:
42902 * heap/MarkStack.cpp:
42903 (JSC::SlotVisitor::visitChildren):
42904 (JSC::SlotVisitor::drain):
42905 * runtime/Arguments.cpp:
42906 (JSC::Arguments::visitChildrenVirtual):
42907 (JSC::Arguments::visitChildren):
42908 * runtime/Arguments.h:
42909 * runtime/Executable.cpp:
42910 (JSC::EvalExecutable::visitChildrenVirtual):
42911 (JSC::EvalExecutable::visitChildren):
42912 (JSC::ProgramExecutable::visitChildrenVirtual):
42913 (JSC::ProgramExecutable::visitChildren):
42914 (JSC::FunctionExecutable::visitChildrenVirtual):
42915 (JSC::FunctionExecutable::visitChildren):
42916 * runtime/Executable.h:
42917 * runtime/GetterSetter.cpp:
42918 (JSC::GetterSetter::visitChildrenVirtual):
42919 (JSC::GetterSetter::visitChildren):
42920 * runtime/GetterSetter.h:
42921 * runtime/JSActivation.cpp:
42922 (JSC::JSActivation::visitChildrenVirtual):
42923 (JSC::JSActivation::visitChildren):
42924 * runtime/JSActivation.h:
42925 * runtime/JSArray.cpp:
42926 (JSC::JSArray::visitChildrenVirtual):
42927 (JSC::JSArray::visitChildren):
42928 * runtime/JSArray.h:
42929 * runtime/JSBoundFunction.cpp:
42930 (JSC::JSBoundFunction::visitChildrenVirtual):
42931 (JSC::JSBoundFunction::visitChildren):
42932 * runtime/JSBoundFunction.h:
42933 * runtime/JSCell.h:
42934 (JSC::JSCell::visitChildrenVirtual):
42935 (JSC::JSCell::visitChildren):
42936 * runtime/JSFunction.cpp:
42937 (JSC::JSFunction::visitChildrenVirtual):
42938 (JSC::JSFunction::visitChildren):
42939 * runtime/JSFunction.h:
42940 * runtime/JSGlobalObject.cpp:
42941 (JSC::JSGlobalObject::visitChildrenVirtual):
42942 (JSC::JSGlobalObject::visitChildren):
42943 * runtime/JSGlobalObject.h:
42944 * runtime/JSObject.cpp:
42945 (JSC::JSObject::visitChildrenVirtual):
42946 (JSC::JSObject::visitChildren):
42947 * runtime/JSObject.h:
42948 (JSC::JSObject::visitChildrenDirect):
42949 * runtime/JSPropertyNameIterator.cpp:
42950 (JSC::JSPropertyNameIterator::visitChildrenVirtual):
42951 (JSC::JSPropertyNameIterator::visitChildren):
42952 * runtime/JSPropertyNameIterator.h:
42953 * runtime/JSStaticScopeObject.cpp:
42954 (JSC::JSStaticScopeObject::visitChildrenVirtual):
42955 (JSC::JSStaticScopeObject::visitChildren):
42956 * runtime/JSStaticScopeObject.h:
42957 * runtime/JSWrapperObject.cpp:
42958 (JSC::JSWrapperObject::visitChildrenVirtual):
42959 (JSC::JSWrapperObject::visitChildren):
42960 * runtime/JSWrapperObject.h:
42961 * runtime/NativeErrorConstructor.cpp:
42962 (JSC::NativeErrorConstructor::visitChildrenVirtual):
42963 (JSC::NativeErrorConstructor::visitChildren):
42964 * runtime/NativeErrorConstructor.h:
42965 * runtime/RegExpObject.cpp:
42966 (JSC::RegExpObject::visitChildrenVirtual):
42967 (JSC::RegExpObject::visitChildren):
42968 * runtime/RegExpObject.h:
42969 * runtime/ScopeChain.cpp:
42970 (JSC::ScopeChainNode::visitChildrenVirtual):
42971 (JSC::ScopeChainNode::visitChildren):
42972 * runtime/ScopeChain.h:
42973 * runtime/Structure.cpp:
42974 (JSC::Structure::visitChildrenVirtual):
42975 (JSC::Structure::visitChildren):
42976 * runtime/Structure.h:
42977 * runtime/StructureChain.cpp:
42978 (JSC::StructureChain::visitChildrenVirtual):
42979 (JSC::StructureChain::visitChildren):
42980 * runtime/StructureChain.h:
42982 2011-09-23 Oliver Hunt <oliver@apple.com>
42984 Node propagation doesn't handle PutScopedVar
42985 https://bugs.webkit.org/show_bug.cgi?id=68713
42987 Reviewed by Sam Weinig.
42989 This was causing assertion failures.
42991 * dfg/DFGPropagator.cpp:
42992 (JSC::DFG::Propagator::propagateNodePredictions):
42994 2011-09-23 Anders Carlsson <andersca@apple.com>
42996 Make sure to define OVERRIDE and FINAL for older builds of clang.
43000 2011-09-23 Gavin Barraclough <barraclough@apple.com>
43002 Implement op_resolve_global in the DFG JIT
43003 https://bugs.webkit.org/show_bug.cgi?id=68704
43005 Reviewed by Oliver Hunt.
43007 This is performance neutral, but increases coverage.
43009 * dfg/DFGByteCodeParser.cpp:
43010 (JSC::DFG::ByteCodeParser::ByteCodeParser):
43011 (JSC::DFG::ByteCodeParser::parseBlock):
43013 (JSC::DFG::Node::hasIdentifier):
43014 (JSC::DFG::Node::resolveInfoIndex):
43015 * dfg/DFGOperations.cpp:
43016 * dfg/DFGOperations.h:
43017 * dfg/DFGSpeculativeJIT.cpp:
43018 (JSC::DFG::SpeculativeJIT::compile):
43020 2011-09-23 Mark Rowe <mrowe@apple.com>
43022 Define BUILDING_ON_LION / TARGETING_LION when appropriate in Platform.h.
43026 2011-09-22 Anders Carlsson <andersca@apple.com>
43028 We should add support for OVERRIDE and FINAL annotations
43029 https://bugs.webkit.org/show_bug.cgi?id=68654
43031 Reviewed by David Hyatt.
43033 Add OVERRIDE and FINAL macros for compilers that support them.
43037 2011-09-22 Filip Pizlo <fpizlo@apple.com>
43039 GetScopedVar should have value profiling
43040 https://bugs.webkit.org/show_bug.cgi?id=68676
43042 Reviewed by Oliver Hunt.
43044 Added GetScopedVar value profiling and predictin propagation.
43045 Added GetScopeChain to CSE.
43047 * dfg/DFGByteCodeParser.cpp:
43048 (JSC::DFG::ByteCodeParser::parseBlock):
43050 (JSC::DFG::Graph::predict):
43052 (JSC::DFG::Node::hasPrediction):
43053 * dfg/DFGPropagator.cpp:
43054 (JSC::DFG::Propagator::propagateNodePredictions):
43055 (JSC::DFG::Propagator::getScopeChainLoadElimination):
43056 (JSC::DFG::Propagator::performNodeCSE):
43057 * jit/JITPropertyAccess.cpp:
43058 (JSC::JIT::emit_op_get_scoped_var):
43060 2011-09-22 Filip Pizlo <fpizlo@apple.com>
43062 PPC build fix, part 3.
43064 * runtime/Executable.cpp:
43065 (JSC::FunctionExecutable::compileForConstructInternal):
43067 2011-09-22 Filip Pizlo <fpizlo@apple.com>
43069 Another PPC build fix.
43071 * runtime/Executable.cpp:
43072 * runtime/Executable.h:
43074 2011-09-22 Dean Jackson <dino@apple.com>
43076 Add ENABLE_CSS_FILTERS
43077 https://bugs.webkit.org/show_bug.cgi?id=68652
43079 Reviewed by Simon Fraser.
43081 * Configurations/FeatureDefines.xcconfig:
43083 2011-09-22 Gavin Barraclough <barraclough@apple.com>
43085 Incorrect this value passed to callbacks.
43086 https://bugs.webkit.org/show_bug.cgi?id=68668
43088 Reviewed by Oliver Hunt.
43090 From Array/String prototype function. Should be undefined, but
43091 global object is passed instead (this is visible for strict callbacks).
43093 * runtime/ArrayPrototype.cpp:
43094 (JSC::arrayProtoFuncSort):
43095 (JSC::arrayProtoFuncFilter):
43096 (JSC::arrayProtoFuncMap):
43097 (JSC::arrayProtoFuncEvery):
43098 (JSC::arrayProtoFuncForEach):
43099 (JSC::arrayProtoFuncSome):
43100 * runtime/JSArray.cpp:
43101 (JSC::AVLTreeAbstractorForArrayCompare::compare_key_key):
43102 (JSC::JSArray::sort):
43103 * runtime/StringPrototype.cpp:
43104 (JSC::stringProtoFuncReplace):
43106 2011-09-22 Gavin Barraclough <barraclough@apple.com>
43108 Function.prototype.bind.length shoudl be 1.
43110 Rubber stamped by Olier Hunt.
43112 * runtime/FunctionPrototype.cpp:
43113 (JSC::FunctionPrototype::addFunctionProperties):
43115 2011-09-22 Filip Pizlo <fpizlo@apple.com>
43119 * bytecode/CodeBlock.h:
43121 2011-09-22 Gavin Barraclough <barraclough@apple.com>
43123 Windows build fix pt. 2
43125 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
43127 2011-09-22 Gavin Barraclough <barraclough@apple.com>
43129 Windows build fix pt. 1
43131 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
43133 2011-09-21 Filip Pizlo <fpizlo@apple.com>
43135 DFG JIT does not support to_primitive or strcat
43136 https://bugs.webkit.org/show_bug.cgi?id=68582
43138 Reviewed by Darin Adler.
43140 This adds functional support for to_primitive and strcat. It focuses
43141 on minimizing the amount of code emitted on to_primitive (if we know
43142 that it is a primitive or can speculate cheaply, then we omit the
43143 slow path) and on keeping the implementation of strcat simple while
43144 leveraging whatever optimizations we have already. In particular,
43145 unlike the Call and Construct nodes which require extending the size
43146 of the DFG's callee registers, StrCat takes advantage of the fact
43147 that no JS code can run while StrCat is in progress and uses a
43148 scratch buffer, rather than the register file, to store the list of
43149 values to concatenate. This was done mainly to keep the code simple,
43150 but there are probably other benefits to keeping call frame sizes
43151 down. Essentially, this patch ensures that the presence of an
43152 op_strcat does not mess up any other optimizations we might do while
43153 ensuring that if you do execute it, it'll work about as well as you'd
43156 When combined with the previous patch for integer division, this is a
43157 14% speed-up on Kraken. Without it, it would have been a 2% loss.
43159 * assembler/AbstractMacroAssembler.h:
43160 (JSC::AbstractMacroAssembler::TrustedImmPtr::TrustedImmPtr):
43161 * dfg/DFGByteCodeParser.cpp:
43162 (JSC::DFG::ByteCodeParser::parseBlock):
43163 * dfg/DFGCapabilities.h:
43164 (JSC::DFG::canCompileOpcode):
43165 * dfg/DFGJITCodeGenerator.h:
43166 (JSC::DFG::JITCodeGenerator::callOperation):
43167 * dfg/DFGJITCompiler.cpp:
43168 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
43170 * dfg/DFGOperations.cpp:
43171 * dfg/DFGOperations.h:
43172 * dfg/DFGPropagator.cpp:
43173 (JSC::DFG::Propagator::propagateNodePredictions):
43174 (JSC::DFG::Propagator::performNodeCSE):
43175 * dfg/DFGSpeculativeJIT.cpp:
43176 (JSC::DFG::SpeculativeJIT::compile):
43177 * runtime/JSGlobalData.cpp:
43178 (JSC::JSGlobalData::JSGlobalData):
43179 (JSC::JSGlobalData::~JSGlobalData):
43180 * runtime/JSGlobalData.h:
43181 (JSC::JSGlobalData::scratchBufferForSize):
43183 2011-09-22 Filip Pizlo <fpizlo@apple.com>
43185 DFG JIT should support integer division
43186 https://bugs.webkit.org/show_bug.cgi?id=68597
43188 Reviewed by Darin Adler.
43190 This adds support for ArithDiv speculating integer, and speculating
43191 that the result is integer (i.e. remainder = 0).
43193 This is a 4% win on Kraken and a 1% loss on V8.
43195 * bytecode/CodeBlock.h:
43196 * dfg/DFGByteCodeParser.cpp:
43197 (JSC::DFG::ByteCodeParser::makeDivSafe):
43198 (JSC::DFG::ByteCodeParser::parseBlock):
43200 (JSC::DFG::Node::hasArithNodeFlags):
43201 * dfg/DFGPropagator.cpp:
43202 (JSC::DFG::Propagator::propagateArithNodeFlags):
43203 (JSC::DFG::Propagator::propagateNodePredictions):
43204 (JSC::DFG::Propagator::fixupNode):
43205 * dfg/DFGSpeculativeJIT.cpp:
43206 (JSC::DFG::SpeculativeJIT::compile):
43207 * jit/JITArithmetic.cpp:
43208 (JSC::JIT::emit_op_div):
43210 2011-09-22 Oliver Hunt <oliver@apple.com>
43212 Implement put_scoped_var in the DFG jit
43213 https://bugs.webkit.org/show_bug.cgi?id=68653
43215 Reviewed by Gavin Barraclough.
43217 Naive implementation of put_scoped_var. Same story as the
43218 get_scoped_var implementation, although I've hoisted scope
43219 object acquisition into a separate dfg node. Ideally in the
43220 future we would reuse the resolved scope chain object, but
43223 * dfg/DFGByteCodeParser.cpp:
43224 (JSC::DFG::ByteCodeParser::parseBlock):
43225 * dfg/DFGCapabilities.h:
43226 (JSC::DFG::canCompileOpcode):
43228 (JSC::DFG::Node::hasScopeChainDepth):
43229 (JSC::DFG::Node::scopeChainDepth):
43230 * dfg/DFGPropagator.cpp:
43231 (JSC::DFG::Propagator::propagateNodePredictions):
43232 * dfg/DFGSpeculativeJIT.cpp:
43233 (JSC::DFG::SpeculativeJIT::compile):
43235 2011-09-22 Gavin Barraclough <barraclough@apple.com>
43237 Implement Function.prototype.bind
43238 https://bugs.webkit.org/show_bug.cgi?id=26382
43240 Reviewed by Sam Weinig.
43242 This patch provides a basic functional implementation
43243 for Function.bind. It should (hopefully!) be fully
43244 functionally correct, and the bound functions can be
43245 called to quickly (since they are a subclass of
43246 JSFunction, not InternalFunction), but we'll probably
43247 want to follow up with some optimization work to keep
43248 bound calls in JIT code.
43250 * JavaScriptCore.JSVALUE32_64only.exp:
43251 * JavaScriptCore.JSVALUE64only.exp:
43252 * JavaScriptCore.exp:
43253 * JavaScriptCore.xcodeproj/project.pbxproj:
43254 * jit/JITStubs.cpp:
43255 (JSC::JITThunks::hostFunctionStub):
43258 (GlobalObject::addFunction):
43259 * runtime/CommonIdentifiers.h:
43260 * runtime/ConstructData.h:
43261 * runtime/Executable.h:
43262 (JSC::NativeExecutable::NativeExecutable):
43263 * runtime/FunctionPrototype.cpp:
43264 (JSC::FunctionPrototype::addFunctionProperties):
43265 (JSC::functionProtoFuncBind):
43266 * runtime/FunctionPrototype.h:
43267 * runtime/JSBoundFunction.cpp: Added.
43268 (JSC::boundFunctionCall):
43269 (JSC::boundFunctionConstruct):
43270 (JSC::JSBoundFunction::create):
43271 (JSC::JSBoundFunction::hasInstance):
43272 (JSC::JSBoundFunction::getOwnPropertySlot):
43273 (JSC::JSBoundFunction::getOwnPropertyDescriptor):
43274 (JSC::JSBoundFunction::JSBoundFunction):
43275 (JSC::JSBoundFunction::finishCreation):
43276 * runtime/JSBoundFunction.h: Added.
43277 (JSC::JSBoundFunction::targetFunction):
43278 (JSC::JSBoundFunction::boundThis):
43279 (JSC::JSBoundFunction::boundArgs):
43280 (JSC::JSBoundFunction::createStructure):
43281 * runtime/JSFunction.cpp:
43282 (JSC::JSFunction::create):
43283 (JSC::JSFunction::finishCreation):
43284 (JSC::createDescriptorForThrowingProperty):
43285 (JSC::JSFunction::getOwnPropertySlot):
43286 * runtime/JSFunction.h:
43287 * runtime/JSGlobalData.cpp:
43288 (JSC::JSGlobalData::getHostFunction):
43289 * runtime/JSGlobalData.h:
43290 * runtime/JSGlobalObject.cpp:
43291 (JSC::JSGlobalObject::reset):
43292 (JSC::JSGlobalObject::visitChildren):
43293 * runtime/JSGlobalObject.h:
43294 (JSC::JSGlobalObject::boundFunctionStructure):
43295 * runtime/Lookup.cpp:
43296 (JSC::setUpStaticFunctionSlot):
43298 2011-09-22 Oliver Hunt <oliver@apple.com>
43300 Implement get_scoped_var in the DFG
43301 https://bugs.webkit.org/show_bug.cgi?id=68640
43303 Reviewed by Gavin Barraclough.
43305 Naive implementation of get_scoped_var in the DFG. Essentially this
43306 is the bare minimum required to get correct behaviour, so there's no
43307 load/store coalescing or type profiling involved, even though these
43308 would be wins. No impact on SunSpider or V8.
43310 * dfg/DFGByteCodeParser.cpp:
43311 (JSC::DFG::ByteCodeParser::parseBlock):
43312 * dfg/DFGCapabilities.h:
43313 (JSC::DFG::canCompileOpcode):
43315 (JSC::DFG::Node::hasVarNumber):
43316 (JSC::DFG::Node::hasScopeChainDepth):
43317 (JSC::DFG::Node::scopeChainDepth):
43318 * dfg/DFGPropagator.cpp:
43319 (JSC::DFG::Propagator::propagateNodePredictions):
43320 * dfg/DFGSpeculativeJIT.cpp:
43321 (JSC::DFG::SpeculativeJIT::compile):
43323 2011-09-22 Adam Roben <aroben@apple.com>
43325 Remove FindSafari from all our .sln files
43327 It isn't used anymore, so there's no point in building it.
43329 Part of <http://webkit.org/b/68628> Remove FindSafari
43331 Reviewed by Steve Falkenburg.
43333 * JavaScriptCore.vcproj/JavaScriptCore.sln:
43335 2011-09-22 Filip Pizlo <fpizlo@apple.com>
43337 32-bit call code clobbers the function cell tag
43338 https://bugs.webkit.org/show_bug.cgi?id=68606
43340 Reviewed by Csaba Osztrogonác.
43342 This is a minimalistic fix: it simply emits code to restore the
43343 cell tag on the slow path, if we know that we failed due to
43346 * jit/JITCall32_64.cpp:
43347 (JSC::JIT::compileOpCallVarargsSlowCase):
43348 (JSC::JIT::compileOpCallSlowCase):
43350 2011-09-21 Gavin Barraclough <barraclough@apple.com>
43352 Add missing addPtr->add32 mapping for X86.
43354 Rubber stamped by Sam Weinig.
43356 * assembler/MacroAssembler.h:
43357 (JSC::MacroAssembler::addPtr):
43359 2011-09-21 Gavin Barraclough <barraclough@apple.com>
43361 Add missing addDouble for AbsoluteAddress to X86
43363 Rubber stamped by Geoff Garen.
43365 * assembler/MacroAssemblerX86.h:
43366 (JSC::MacroAssemblerX86::addDouble):
43367 * assembler/X86Assembler.h:
43368 (JSC::X86Assembler::addsd_mr):
43369 (JSC::X86Assembler::cvtsi2sd_rr):
43370 (JSC::X86Assembler::cvtsi2sd_mr):
43372 2011-09-21 Gavin Barraclough <barraclough@apple.com>
43374 Build fix following fix for bug #68586.
43377 * jit/JITInlineMethods.h:
43379 2011-09-21 Filip Pizlo <fpizlo@apple.com>
43381 DFG JIT should be able to compile op_throw
43382 https://bugs.webkit.org/show_bug.cgi?id=68571
43384 Reviewed by Geoffrey Garen.
43386 This compiles op_throw in the simplest way possible: it's an OSR
43387 point back to the old JIT. This is a good step towards increasing
43388 coverage, particularly on Kraken, but it's neutral because the
43389 same functions that do throw also use some other unsupported
43392 * dfg/DFGByteCodeParser.cpp:
43393 (JSC::DFG::ByteCodeParser::parseBlock):
43394 * dfg/DFGCapabilities.h:
43395 (JSC::DFG::canCompileOpcode):
43397 * dfg/DFGPropagator.cpp:
43398 (JSC::DFG::Propagator::propagateNodePredictions):
43399 * dfg/DFGSpeculativeJIT.cpp:
43400 (JSC::DFG::SpeculativeJIT::compile):
43402 2011-09-21 Filip Pizlo <fpizlo@apple.com>
43404 DFG should support continuous optimization
43405 https://bugs.webkit.org/show_bug.cgi?id=68329
43407 Reviewed by Geoffrey Garen.
43409 This adds the ability to reoptimize a code block if speculation
43410 failures happen frequently. 6% speed-up on Kraken, 1% slow-down
43411 on V8, neutral on SunSpider.
43414 * GNUmakefile.list.am:
43415 * JavaScriptCore.pro:
43416 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
43417 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
43418 * JavaScriptCore.xcodeproj/project.pbxproj:
43419 * bytecode/CodeBlock.cpp:
43420 (JSC::CodeBlock::CodeBlock):
43421 (JSC::ProgramCodeBlock::jettison):
43422 (JSC::EvalCodeBlock::jettison):
43423 (JSC::FunctionCodeBlock::jettison):
43424 (JSC::CodeBlock::shouldOptimizeNow):
43425 (JSC::CodeBlock::dumpValueProfiles):
43426 * bytecode/CodeBlock.h:
43427 * dfg/DFGByteCodeParser.cpp:
43428 (JSC::DFG::ByteCodeParser::getStrongPrediction):
43429 * dfg/DFGJITCompiler.cpp:
43430 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
43431 (JSC::DFG::JITCompiler::compileEntry):
43432 (JSC::DFG::JITCompiler::compileBody):
43433 * dfg/DFGJITCompiler.h:
43434 (JSC::DFG::JITCompiler::noticeOSREntry):
43435 * dfg/DFGOSREntry.cpp:
43436 (JSC::DFG::prepareOSREntry):
43437 * dfg/DFGOSREntry.h:
43438 (JSC::DFG::getOSREntryDataBytecodeIndex):
43439 * dfg/DFGSpeculativeJIT.cpp:
43440 (JSC::DFG::SpeculativeJIT::compile):
43441 * heap/ConservativeRoots.cpp:
43442 (JSC::ConservativeRoots::ConservativeRoots):
43443 (JSC::ConservativeRoots::~ConservativeRoots):
43444 (JSC::DummyMarkHook::mark):
43445 (JSC::ConservativeRoots::genericAddPointer):
43446 (JSC::ConservativeRoots::genericAddSpan):
43447 (JSC::ConservativeRoots::add):
43448 * heap/ConservativeRoots.h:
43450 (JSC::Heap::addJettisonCodeBlock):
43451 (JSC::Heap::markRoots):
43453 * heap/JettisonedCodeBlocks.cpp: Added.
43454 (JSC::JettisonedCodeBlocks::JettisonedCodeBlocks):
43455 (JSC::JettisonedCodeBlocks::~JettisonedCodeBlocks):
43456 (JSC::JettisonedCodeBlocks::addCodeBlock):
43457 (JSC::JettisonedCodeBlocks::clearMarks):
43458 (JSC::JettisonedCodeBlocks::deleteUnmarkedCodeBlocks):
43459 (JSC::JettisonedCodeBlocks::traceCodeBlocks):
43460 * heap/JettisonedCodeBlocks.h: Added.
43461 (JSC::JettisonedCodeBlocks::mark):
43462 * interpreter/RegisterFile.cpp:
43463 (JSC::RegisterFile::gatherConservativeRoots):
43464 * interpreter/RegisterFile.h:
43465 * jit/JITStubs.cpp:
43466 (JSC::DEFINE_STUB_FUNCTION):
43467 * runtime/Executable.cpp:
43468 (JSC::jettisonCodeBlock):
43469 (JSC::EvalExecutable::jettisonOptimizedCode):
43470 (JSC::ProgramExecutable::jettisonOptimizedCode):
43471 (JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
43472 (JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
43473 * runtime/Executable.h:
43474 (JSC::FunctionExecutable::jettisonOptimizedCodeFor):
43475 * wtf/BitVector.h: Added.
43476 (WTF::BitVector::BitVector):
43477 (WTF::BitVector::~BitVector):
43478 (WTF::BitVector::operator=):
43479 (WTF::BitVector::size):
43480 (WTF::BitVector::ensureSize):
43481 (WTF::BitVector::resize):
43482 (WTF::BitVector::clearAll):
43483 (WTF::BitVector::get):
43484 (WTF::BitVector::set):
43485 (WTF::BitVector::clear):
43486 (WTF::BitVector::bitsInPointer):
43487 (WTF::BitVector::maxInlineBits):
43488 (WTF::BitVector::byteCount):
43489 (WTF::BitVector::makeInlineBits):
43490 (WTF::BitVector::OutOfLineBits::numBits):
43491 (WTF::BitVector::OutOfLineBits::numWords):
43492 (WTF::BitVector::OutOfLineBits::bits):
43493 (WTF::BitVector::OutOfLineBits::create):
43494 (WTF::BitVector::OutOfLineBits::destroy):
43495 (WTF::BitVector::OutOfLineBits::OutOfLineBits):
43496 (WTF::BitVector::isInline):
43497 (WTF::BitVector::outOfLineBits):
43498 (WTF::BitVector::resizeOutOfLine):
43499 (WTF::BitVector::bits):
43501 2011-09-21 Gavin Barraclough <barraclough@apple.com>
43503 Add X86 GPRInfo for DFG JIT.
43504 https://bugs.webkit.org/show_bug.cgi?id=68586
43506 Reviewed by Geoff Garen.
43508 * dfg/DFGGPRInfo.h:
43509 (JSC::DFG::GPRInfo::toRegister):
43510 (JSC::DFG::GPRInfo::toIndex):
43511 (JSC::DFG::GPRInfo::debugName):
43513 2011-09-21 Gavin Barraclough <barraclough@apple.com>
43515 Should support value profiling on CPU(X86)
43516 https://bugs.webkit.org/show_bug.cgi?id=68575
43518 Reviewed by Sam Weinig.
43520 Fix verbose profiling in ToT (SlowCaseProfile had been
43521 partially renamed to RareCaseProfile), add in-memory
43522 bucket counter for CPU(X86), move JIT::m_canBeOptimized
43523 out of the DFG_JIT ifdef.
43525 * bytecode/CodeBlock.cpp:
43526 (JSC::CodeBlock::resetRareCaseProfiles):
43527 (JSC::CodeBlock::dumpValueProfiles):
43528 * bytecode/CodeBlock.h:
43529 * dfg/DFGByteCodeParser.cpp:
43530 (JSC::DFG::ByteCodeParser::makeSafe):
43532 (JSC::JIT::privateCompileSlowCases):
43533 (JSC::JIT::privateCompile):
43535 * jit/JITInlineMethods.h:
43536 (JSC::JIT::emitValueProfilingSite):
43538 2011-09-21 Filip Pizlo <fpizlo@apple.com>
43540 DFG does not support compiling functions as constructors
43541 https://bugs.webkit.org/show_bug.cgi?id=68500
43543 Reviewed by Oliver Hunt.
43545 This adds support for compiling constructors to the DFG. It's a
43546 1% speed-up on V8, mostly due to a 6% speed-up on early-boyer.
43547 It's also a 13% win on access-binary-trees, but it's neutral in
43548 the SunSpider and Kraken averages.
43550 * dfg/DFGByteCodeParser.cpp:
43551 (JSC::DFG::ByteCodeParser::parseBlock):
43552 * dfg/DFGCapabilities.h:
43553 (JSC::DFG::mightCompileFunctionForConstruct):
43554 (JSC::DFG::canCompileOpcode):
43556 * dfg/DFGOperations.cpp:
43557 * dfg/DFGOperations.h:
43558 * dfg/DFGPropagator.cpp:
43559 (JSC::DFG::Propagator::propagateNodePredictions):
43560 (JSC::DFG::Propagator::performNodeCSE):
43561 * dfg/DFGSpeculativeJIT.cpp:
43562 (JSC::DFG::SpeculativeJIT::compile):
43563 * runtime/Executable.cpp:
43564 (JSC::FunctionExecutable::compileOptimizedForConstruct):
43565 (JSC::FunctionExecutable::compileForConstructInternal):
43566 * runtime/Executable.h:
43567 (JSC::FunctionExecutable::compileForConstruct):
43568 (JSC::FunctionExecutable::compileFor):
43569 (JSC::FunctionExecutable::compileOptimizedFor):
43571 2011-09-21 Gavin Barraclough <barraclough@apple.com>
43573 Replace jsFunctionVPtr compares with a type check on the Structure.
43574 https://bugs.webkit.org/show_bug.cgi?id=68557
43576 Reviewed by Oliver Hunt.
43578 This will permit calls to still optimize to subclasses of JSFunction
43579 that have the correct type (but a different C++ vptr).
43581 This patch stops passing the globalData into numerous functions.
43583 * dfg/DFGByteCodeParser.cpp:
43584 (JSC::DFG::ByteCodeParser::parseBlock):
43586 (JSC::DFG::Graph::isFunctionConstant):
43587 (JSC::DFG::Graph::valueOfFunctionConstant):
43588 * dfg/DFGJITCompiler.h:
43589 (JSC::DFG::JITCompiler::isFunctionConstant):
43590 (JSC::DFG::JITCompiler::valueOfFunctionConstant):
43591 * dfg/DFGOperations.cpp:
43592 * interpreter/Interpreter.cpp:
43593 (JSC::Interpreter::privateExecute):
43596 (JSC::JIT::compileOpCallVarargs):
43597 (JSC::JIT::compileOpCallSlowCase):
43598 * jit/JITCall32_64.cpp:
43599 (JSC::JIT::compileOpCallVarargs):
43600 (JSC::JIT::compileOpCallSlowCase):
43601 * jit/JITInlineMethods.h:
43602 (JSC::JIT::emitJumpIfNotType):
43603 * jit/JITStubs.cpp:
43604 (JSC::DEFINE_STUB_FUNCTION):
43605 * runtime/Executable.h:
43606 (JSC::isHostFunction):
43607 * runtime/JSFunction.h:
43608 (JSC::JSFunction::createStructure):
43609 * runtime/JSObject.cpp:
43610 (JSC::JSObject::put):
43611 (JSC::JSObject::putWithAttributes):
43612 * runtime/JSObject.h:
43613 (JSC::getJSFunction):
43614 (JSC::JSObject::putDirect):
43615 (JSC::JSObject::putDirectWithoutTransition):
43616 * runtime/JSType.h:
43618 2011-09-21 Geoffrey Garen <ggaren@apple.com>
43620 Removed WTFTHREADDATA_MULTITHREADED, making it always true
43621 https://bugs.webkit.org/show_bug.cgi?id=68549
43623 Reviewed by Darin Adler.
43625 Another part of making threads exist in WebKit.
43627 * wtf/WTFThreadData.cpp:
43628 * wtf/WTFThreadData.h:
43629 (WTF::wtfThreadData):
43631 2011-09-21 Dan Bernstein <mitz@apple.com>
43633 JavaScriptCore Part of: Prevent the WebKit frameworks from defining inappropriately-named Objective-C classes
43634 https://bugs.webkit.org/show_bug.cgi?id=68451
43636 Reviewed by Darin Adler.
43638 * JavaScriptCore.xcodeproj/project.pbxproj: Added a script build phase that invokes
43639 check-for-inappropriate-objc-class-names, allowing only class names prefixed with "JS".
43641 2011-09-20 Gavin Barraclough <barraclough@apple.com>
43643 MacroAssembler fixes.
43644 https://bugs.webkit.org/show_bug.cgi?id=68494
43646 Reviewed by Sam Weinig.
43648 Add X86-64's 3 operand or32 to other MacroAssembler, fix load32's [const] void* mismatch
43650 * assembler/MacroAssembler.h:
43651 (JSC::MacroAssembler::orPtr):
43652 (JSC::MacroAssembler::loadPtr):
43653 * assembler/MacroAssemblerARM.h:
43654 (JSC::MacroAssemblerARM::or32):
43655 * assembler/MacroAssemblerARMv7.h:
43656 (JSC::MacroAssemblerARMv7::or32):
43657 * assembler/MacroAssemblerMIPS.h:
43658 (JSC::MacroAssemblerMIPS::or32):
43659 * assembler/MacroAssemblerSH4.h:
43660 (JSC::MacroAssemblerSH4::or32):
43661 (JSC::MacroAssemblerSH4::load32):
43662 * assembler/MacroAssemblerX86.h:
43663 (JSC::MacroAssemblerX86::load32):
43664 * assembler/MacroAssemblerX86_64.h:
43665 (JSC::MacroAssemblerX86_64::load32):
43667 2011-09-20 Geoffrey Garen <ggaren@apple.com>
43671 Reviewed by Beth Dakin.
43673 * heap/MarkedBlock.cpp:
43674 (JSC::MarkedBlock::blessNewBlock): Removed blessNewBlockForSlowPath()
43675 because it was unused; renamed blessNewBlockForFastPath() to blessNewBlock()
43676 since there is only one now.
43678 * heap/MarkedBlock.h: Removed ownerSet-related stuff since it was unused.
43679 Updated mark bit overhead calculation. Deployed atomsPerBlock in one
43680 place where we were recalculating it.
43682 * heap/MarkedSpace.cpp:
43683 (JSC::MarkedSpace::addBlock): Updated for rename.
43685 2011-09-20 Filip Pizlo <fpizlo@apple.com>
43687 DFG JIT always speculates integer on modulo
43688 https://bugs.webkit.org/show_bug.cgi?id=68485
43690 Reviewed by Oliver Hunt.
43692 Added support for double modulo, which is a call to fmod().
43693 Also added support for recording the old JIT's statistics
43694 on op_mod and propagating them along the graph. Finally,
43695 fixed a goof in the ArithNodeFlags propagation logic that
43696 was made obvious when I started testing ArithMod.
43698 * dfg/DFGByteCodeParser.cpp:
43699 (JSC::DFG::ByteCodeParser::makeSafe):
43700 (JSC::DFG::ByteCodeParser::parseBlock):
43702 (JSC::DFG::Node::hasArithNodeFlags):
43703 * dfg/DFGPropagator.cpp:
43704 (JSC::DFG::Propagator::propagateArithNodeFlags):
43705 (JSC::DFG::Propagator::propagateNodePredictions):
43706 (JSC::DFG::Propagator::fixupNode):
43707 * dfg/DFGSpeculativeJIT.cpp:
43708 (JSC::DFG::SpeculativeJIT::compile):
43710 2011-09-20 ChangSeok Oh <shivamidow@gmail.com>
43712 [GTK] requestAnimationFrame support for gtk port
43713 https://bugs.webkit.org/show_bug.cgi?id=66280
43715 Reviewed by Martin Robinson.
43717 Let GTK port use REQUEST_ANIMATION_FRAME_TIMER.
43721 2011-09-20 Filip Pizlo <fpizlo@apple.com>
43723 DFG JIT performs too many negative zero checks, and too many
43725 https://bugs.webkit.org/show_bug.cgi?id=68430
43727 Reviewed by Oliver Hunt.
43729 This adds comprehensive support for deciding how to perform an
43730 arithmetic operations based on a combination of overflow profiling,
43731 negative zero profiling, value profiling, and a static analysis of
43732 how the results of these operations get used.
43734 This is a 72% speed-up on stanford-crypto-sha256-iterative, and a
43735 2.5% speed-up on the Kraken average, a 1.4% speed-up on the V8
43736 geomean, and neutral on SunSpider. It's also an 8.5% speed-up on
43737 V8-crypto, because apparenty everything we do speeds up crypto.
43739 * dfg/DFGByteCodeParser.cpp:
43740 (JSC::DFG::ByteCodeParser::toInt32):
43741 (JSC::DFG::ByteCodeParser::toNumber):
43742 (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
43743 (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
43744 (JSC::DFG::ByteCodeParser::weaklyPredictInt32):
43745 (JSC::DFG::ByteCodeParser::makeSafe):
43746 (JSC::DFG::ByteCodeParser::handleMinMax):
43747 (JSC::DFG::ByteCodeParser::handleIntrinsic):
43748 (JSC::DFG::ByteCodeParser::parseBlock):
43749 (JSC::DFG::ByteCodeParser::processPhiStack):
43750 (JSC::DFG::ByteCodeParser::parse):
43751 * dfg/DFGGraph.cpp:
43752 (JSC::DFG::Graph::dump):
43753 * dfg/DFGJITCodeGenerator.cpp:
43754 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
43756 (JSC::DFG::nodeUsedAsNumber):
43757 (JSC::DFG::nodeCanTruncateInteger):
43758 (JSC::DFG::nodeCanIgnoreNegativeZero):
43759 (JSC::DFG::nodeCanSpeculateInteger):
43760 (JSC::DFG::arithNodeFlagsAsString):
43761 (JSC::DFG::Node::Node):
43762 (JSC::DFG::Node::hasArithNodeFlags):
43763 (JSC::DFG::Node::rawArithNodeFlags):
43764 (JSC::DFG::Node::arithNodeFlags):
43765 (JSC::DFG::Node::arithNodeFlagsForCompare):
43766 (JSC::DFG::Node::setArithNodeFlag):
43767 (JSC::DFG::Node::mergeArithNodeFlags):
43768 * dfg/DFGPropagator.cpp:
43769 (JSC::DFG::Propagator::fixpoint):
43770 (JSC::DFG::Propagator::isNotNegZero):
43771 (JSC::DFG::Propagator::isNotZero):
43772 (JSC::DFG::Propagator::propagateArithNodeFlags):
43773 (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
43774 (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
43775 (JSC::DFG::Propagator::propagateNodePredictions):
43776 (JSC::DFG::Propagator::propagatePredictionsForward):
43777 (JSC::DFG::Propagator::propagatePredictionsBackward):
43778 (JSC::DFG::Propagator::toDouble):
43779 (JSC::DFG::Propagator::fixupNode):
43780 (JSC::DFG::Propagator::fixup):
43781 (JSC::DFG::Propagator::startIndexForChildren):
43782 (JSC::DFG::Propagator::endIndexForPureCSE):
43783 (JSC::DFG::Propagator::pureCSE):
43784 (JSC::DFG::Propagator::clobbersWorld):
43785 (JSC::DFG::Propagator::setReplacement):
43786 (JSC::DFG::Propagator::performNodeCSE):
43787 (JSC::DFG::Propagator::localCSE):
43788 * dfg/DFGSpeculativeJIT.cpp:
43789 (JSC::DFG::SpeculativeJIT::compile):
43790 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
43792 2011-09-19 Oliver Hunt <oliver@apple.com>
43794 Refactor Heap allocation logic into separate AllocationSpace class
43795 https://bugs.webkit.org/show_bug.cgi?id=68409
43797 Reviewed by Gavin Barraclough.
43799 This patch hoists direct manipulation of the MarkedSpace and related
43800 data out of Heap and into a separate class. This will allow us to
43801 have multiple allocation spaces in future, so easing the way towards
43802 having GC'd backing stores for objects.
43805 * GNUmakefile.list.am:
43806 * JavaScriptCore.exp:
43807 * JavaScriptCore.gypi:
43808 * JavaScriptCore.pro:
43809 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
43810 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
43811 * JavaScriptCore.xcodeproj/project.pbxproj:
43812 * debugger/Debugger.cpp:
43813 (JSC::Debugger::recompileAllJSFunctions):
43814 * heap/AllocationSpace.cpp: Added.
43815 (JSC::AllocationSpace::tryAllocate):
43816 (JSC::AllocationSpace::allocateSlowCase):
43817 (JSC::AllocationSpace::allocateBlock):
43818 (JSC::AllocationSpace::freeBlocks):
43819 (JSC::TakeIfEmpty::TakeIfEmpty):
43820 (JSC::TakeIfEmpty::operator()):
43821 (JSC::TakeIfEmpty::returnValue):
43822 (JSC::AllocationSpace::shrink):
43823 * heap/AllocationSpace.h: Added.
43824 (JSC::AllocationSpace::AllocationSpace):
43825 (JSC::AllocationSpace::blocks):
43826 (JSC::AllocationSpace::sizeClassFor):
43827 (JSC::AllocationSpace::setHighWaterMark):
43828 (JSC::AllocationSpace::highWaterMark):
43829 (JSC::AllocationSpace::canonicalizeBlocks):
43830 (JSC::AllocationSpace::resetAllocator):
43831 (JSC::AllocationSpace::forEachCell):
43832 (JSC::AllocationSpace::forEachBlock):
43833 (JSC::AllocationSpace::allocate):
43836 (JSC::Heap::reportExtraMemoryCostSlowCase):
43837 (JSC::Heap::getConservativeRegisterRoots):
43838 (JSC::Heap::markRoots):
43839 (JSC::Heap::clearMarks):
43840 (JSC::Heap::sweep):
43841 (JSC::Heap::objectCount):
43843 (JSC::Heap::capacity):
43844 (JSC::Heap::globalObjectCount):
43845 (JSC::Heap::objectTypeCounts):
43846 (JSC::Heap::collect):
43847 (JSC::Heap::canonicalizeBlocks):
43848 (JSC::Heap::resetAllocator):
43849 (JSC::Heap::freeBlocks):
43850 (JSC::Heap::shrink):
43852 (JSC::Heap::objectSpace):
43853 (JSC::Heap::sizeClassForObject):
43854 (JSC::Heap::allocate):
43855 * jit/JITInlineMethods.h:
43856 (JSC::JIT::emitAllocateBasicJSObject):
43857 * runtime/JSGlobalData.cpp:
43858 (JSC::JSGlobalData::recompileAllJSFunctions):
43859 (JSC::JSGlobalData::releaseExecutableMemory):
43861 2011-09-19 Geoffrey Garen <ggaren@apple.com>
43863 Removed BREWMP* platform #ifdefs
43864 https://bugs.webkit.org/show_bug.cgi?id=68425
43866 BREWMP* has no maintainer, and this is dead code.
43868 Reviewed by Darin Adler.
43870 * heap/MarkStack.h:
43871 (JSC::::shrinkAllocation):
43872 * jit/ExecutableAllocator.h:
43873 (JSC::ExecutableAllocator::cacheFlush):
43874 * runtime/TimeoutChecker.cpp:
43876 * wtf/Assertions.cpp:
43877 * wtf/Assertions.h:
43878 * wtf/CurrentTime.cpp:
43879 * wtf/DateMath.cpp:
43880 (WTF::calculateUTCOffset):
43881 * wtf/FastMalloc.cpp:
43884 (WTF::fastMallocSize):
43885 * wtf/FastMalloc.h:
43886 * wtf/MainThread.cpp:
43887 * wtf/MathExtras.h:
43888 * wtf/OwnPtrCommon.h:
43890 * wtf/RandomNumber.cpp:
43891 (WTF::randomNumber):
43892 * wtf/RandomNumberSeed.h:
43893 (WTF::initializeRandomNumberGenerator):
43894 * wtf/text/WTFString.h:
43895 * wtf/unicode/Unicode.h:
43897 2011-09-20 Adam Roben <aroben@apple.com>
43899 Windows build fix after r95523
43901 * wtf/CheckedArithmetic.h: Added stdint.h so we can have int64_t defined.
43903 2011-09-18 Filip Pizlo <fpizlo@apple.com>
43905 DFG JIT does not speculate aggressively enough on GetById
43906 https://bugs.webkit.org/show_bug.cgi?id=68320
43908 Reviewed by Oliver Hunt.
43910 This adds the ability to access properties directly, by offset.
43911 This optimization kicks in when at the time of DFG compilation,
43912 it appears that the given get_by_id is self-cached by the old JIT.
43913 Two new opcodes get introduced: CheckStructure and GetByOffset.
43914 CheckStructure performs a speculation check on the object's
43915 structure, and returns the storage pointer. GetByOffset performs
43916 a direct read of the field from the storage pointer. Both
43917 CheckStructure and GetByOffset can be CSE'd, so that we can
43918 eliminate redundant structure checks, and redundant reads of the
43921 This is a 4% speed-up on V8, a 2% slow-down on Kraken, and
43922 neutral on SunSpider.
43924 * bytecode/PredictedType.cpp:
43925 (JSC::predictionFromClassInfo):
43926 (JSC::predictionFromStructure):
43927 (JSC::predictionFromCell):
43928 * bytecode/PredictedType.h:
43929 * dfg/DFGByteCodeParser.cpp:
43930 (JSC::DFG::ByteCodeParser::parseBlock):
43931 * dfg/DFGGenerationInfo.h:
43932 (JSC::DFG::dataFormatToString):
43933 (JSC::DFG::needDataFormatConversion):
43934 (JSC::DFG::GenerationInfo::initStorage):
43935 (JSC::DFG::GenerationInfo::spill):
43936 (JSC::DFG::GenerationInfo::fillStorage):
43938 (JSC::DFG::Graph::predict):
43939 (JSC::DFG::Graph::getPrediction):
43940 * dfg/DFGJITCodeGenerator.cpp:
43941 (JSC::DFG::JITCodeGenerator::fillInteger):
43942 (JSC::DFG::JITCodeGenerator::fillDouble):
43943 (JSC::DFG::JITCodeGenerator::fillJSValue):
43944 (JSC::DFG::JITCodeGenerator::fillStorage):
43945 (JSC::DFG::GPRTemporary::GPRTemporary):
43946 * dfg/DFGJITCodeGenerator.h:
43947 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
43948 (JSC::DFG::JITCodeGenerator::silentFillGPR):
43949 (JSC::DFG::JITCodeGenerator::spill):
43950 (JSC::DFG::JITCodeGenerator::storageResult):
43951 (JSC::DFG::StorageOperand::StorageOperand):
43952 (JSC::DFG::StorageOperand::~StorageOperand):
43953 (JSC::DFG::StorageOperand::index):
43954 (JSC::DFG::StorageOperand::gpr):
43955 (JSC::DFG::StorageOperand::use):
43957 (JSC::DFG::OpInfo::OpInfo):
43958 (JSC::DFG::Node::Node):
43959 (JSC::DFG::Node::hasPrediction):
43960 (JSC::DFG::Node::hasStructure):
43961 (JSC::DFG::Node::structure):
43962 (JSC::DFG::Node::hasStorageAccessData):
43963 (JSC::DFG::Node::storageAccessDataIndex):
43964 * dfg/DFGPropagator.cpp:
43965 (JSC::DFG::Propagator::propagateNode):
43966 (JSC::DFG::Propagator::globalVarLoadElimination):
43967 (JSC::DFG::Propagator::getMethodLoadElimination):
43968 (JSC::DFG::Propagator::checkStructureLoadElimination):
43969 (JSC::DFG::Propagator::getByOffsetLoadElimination):
43970 (JSC::DFG::Propagator::performNodeCSE):
43971 * dfg/DFGSpeculativeJIT.cpp:
43972 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
43973 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
43974 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
43975 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
43976 (JSC::DFG::SpeculativeJIT::compile):
43977 * wtf/StdLibExtras.h:
43980 2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
43982 Remove toPrimitive from JSCell
43983 https://bugs.webkit.org/show_bug.cgi?id=67875
43985 Reviewed by Darin Adler.
43987 Part of the refactoring process to un-virtualize JSCell. We move
43988 all of the implicit functionality provided by the virtual toPrimitive method
43989 in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
43990 also de-virtualizing JSCell::toPrimitive.
43992 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
43993 * runtime/JSCell.cpp:
43994 (JSC::JSCell::toPrimitive):
43995 * runtime/JSCell.h:
43997 We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
43998 JSObject. This pushes the virtual method further down, enabling us to get rid
43999 of the virtual call in JSCell. Eventually we'll probably have to deal with this
44000 again, but we'll cross that bridge when we come to it.
44001 * runtime/JSNotAnObject.cpp:
44002 (JSC::JSNotAnObject::defaultValue):
44003 * runtime/JSNotAnObject.h:
44004 * runtime/JSObject.h:
44005 * runtime/JSString.h:
44007 2011-09-19 Geoffrey Garen <ggaren@apple.com>
44009 Removed ENABLE_LAZY_BLOCK_FREEING and related #ifdefs
44010 https://bugs.webkit.org/show_bug.cgi?id=68424
44012 As discussed on webkit-dev. All ports build with threads enabled in JSC now.
44014 This may break WinCE and other ports that have not built and tested with
44015 this configuration. I've filed bugs for port maintainers. It's time for
44016 WebKit to move forward.
44018 Reviewed by Mark Rowe.
44022 (JSC::Heap::~Heap):
44023 (JSC::Heap::destroy):
44024 (JSC::Heap::blockFreeingThreadMain):
44025 (JSC::Heap::allocateBlock):
44026 (JSC::Heap::freeBlocks):
44027 (JSC::Heap::releaseFreeBlocks):
44031 2011-09-19 Geoffrey Garen <ggaren@apple.com>
44033 Removed ENABLE_WTF_MULTIPLE_THREADS and related #ifdefs
44034 https://bugs.webkit.org/show_bug.cgi?id=68423
44036 As discussed on webkit-dev. All ports build with threads enabled in WTF now.
44038 This may break WinCE and other ports that have not built and tested with
44039 this configuration. I've filed bugs for port maintainers. It's time for
44040 WebKit to move forward.
44042 Reviewed by Mark Rowe.
44044 * wtf/CryptographicallyRandomNumber.cpp:
44045 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
44046 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
44047 * wtf/FastMalloc.cpp:
44049 * wtf/RandomNumber.cpp:
44050 (WTF::randomNumber):
44051 * wtf/RefCountedLeakCounter.cpp:
44052 (WTF::RefCountedLeakCounter::increment):
44053 (WTF::RefCountedLeakCounter::decrement):
44054 * wtf/ThreadingPthreads.cpp:
44055 (WTF::initializeThreading):
44056 * wtf/ThreadingWin.cpp:
44057 (WTF::initializeThreading):
44060 * wtf/gtk/ThreadingGtk.cpp:
44061 (WTF::initializeThreading):
44062 * wtf/qt/ThreadingQt.cpp:
44063 (WTF::initializeThreading):
44065 2011-09-19 Geoffrey Garen <ggaren@apple.com>
44067 Removed ENABLE_JSC_MULTIPLE_THREADS and related #ifdefs.
44068 https://bugs.webkit.org/show_bug.cgi?id=68422
44070 As discussed on webkit-dev. All ports build with threads enabled in JSC now.
44072 This may break WinCE and other ports that have not built and tested with
44073 this configuration. I've filed bugs for port maintainers. It's time for
44074 WebKit to move forward.
44076 Reviewed by Sam Weinig.
44079 (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock):
44080 * API/JSContextRef.cpp:
44081 * heap/MachineStackMarker.cpp:
44082 (JSC::MachineThreads::MachineThreads):
44083 (JSC::MachineThreads::~MachineThreads):
44084 (JSC::MachineThreads::gatherConservativeRoots):
44085 * heap/MachineStackMarker.h:
44086 * runtime/InitializeThreading.cpp:
44087 (JSC::initializeThreadingOnce):
44088 (JSC::initializeThreading):
44089 * runtime/JSGlobalData.cpp:
44090 (JSC::JSGlobalData::sharedInstance):
44091 * runtime/JSGlobalData.h:
44092 (JSC::JSGlobalData::makeUsableFromMultipleThreads):
44093 * runtime/JSLock.cpp:
44094 * runtime/Structure.cpp:
44097 2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
44099 Unreviewed, rolling out r95493 and r95496.
44100 http://trac.webkit.org/changeset/95493
44101 http://trac.webkit.org/changeset/95496
44102 https://bugs.webkit.org/show_bug.cgi?id=68418
44104 Broke Windows build (Requested by rniwa on #webkit).
44107 * GNUmakefile.list.am:
44108 * JavaScriptCore.exp:
44109 * JavaScriptCore.gypi:
44110 * JavaScriptCore.pro:
44111 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
44112 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
44113 * JavaScriptCore.xcodeproj/project.pbxproj:
44114 * debugger/Debugger.cpp:
44115 (JSC::Debugger::recompileAllJSFunctions):
44116 * heap/AllocationSpace.cpp: Removed.
44117 * heap/AllocationSpace.h: Removed.
44119 (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
44120 (JSC::CountFunctor::TakeIfEmpty::operator()):
44121 (JSC::CountFunctor::TakeIfEmpty::returnValue):
44123 (JSC::Heap::reportExtraMemoryCostSlowCase):
44124 (JSC::Heap::tryAllocate):
44125 (JSC::Heap::allocateSlowCase):
44126 (JSC::Heap::getConservativeRegisterRoots):
44127 (JSC::Heap::markRoots):
44128 (JSC::Heap::clearMarks):
44129 (JSC::Heap::sweep):
44130 (JSC::Heap::objectCount):
44132 (JSC::Heap::capacity):
44133 (JSC::Heap::globalObjectCount):
44134 (JSC::Heap::objectTypeCounts):
44135 (JSC::Heap::collect):
44136 (JSC::Heap::canonicalizeBlocks):
44137 (JSC::Heap::resetAllocator):
44138 (JSC::Heap::allocateBlock):
44139 (JSC::Heap::freeBlocks):
44140 (JSC::Heap::shrink):
44142 (JSC::Heap::markedSpace):
44143 (JSC::Heap::forEachCell):
44144 (JSC::Heap::forEachBlock):
44145 (JSC::Heap::sizeClassFor):
44146 (JSC::Heap::allocate):
44147 * jit/JITInlineMethods.h:
44148 (JSC::JIT::emitAllocateBasicJSObject):
44149 * runtime/JSGlobalData.cpp:
44150 (JSC::JSGlobalData::recompileAllJSFunctions):
44151 (JSC::JSGlobalData::releaseExecutableMemory):
44153 2011-09-19 Gavin Barraclough <barraclough@apple.com>
44155 Errrk, missed stylebot comments in last commit.
44157 * runtime/StringPrototype.cpp:
44158 (JSC::stringProtoFuncSplit):
44160 2011-09-19 Gavin Barraclough <barraclough@apple.com>
44162 String#split is buggy
44163 https://bugs.webkit.org/show_bug.cgi?id=68348
44165 Reviewed by Sam Weinig.
44167 * runtime/StringPrototype.cpp:
44168 (JSC::jsStringWithReuse):
44169 - added helper function to reuse original JSString value.
44170 (JSC::stringProtoFuncSplit):
44171 - Rewritten from the spec.
44172 * tests/mozilla/ecma/String/15.5.4.8-2.js:
44174 - This test is not ES5 compliant.
44176 2011-09-19 Geoffrey Garen <ggaren@apple.com>
44178 Removed lots of friend declarations from JSCell, so we can more
44179 effectively make use of private and protected.
44181 Reviewed by Sam Weinig.
44183 * runtime/JSCell.h: Removed MSVCBugWorkaround because it was a lot of
44184 confusion for not much safety.
44185 (JSC::JSCell::operator new): Made this public because it is used by a
44186 few clients, and not really dangerous.
44188 * runtime/JSObject.cpp:
44189 (JSC::JSObject::put):
44190 (JSC::JSObject::deleteProperty):
44191 (JSC::JSObject::defineGetter):
44192 (JSC::JSObject::defineSetter):
44193 (JSC::JSObject::getPropertySpecificValue):
44194 (JSC::JSObject::getOwnPropertyNames):
44195 (JSC::JSObject::seal):
44196 (JSC::JSObject::freeze):
44197 (JSC::JSObject::preventExtensions):
44198 (JSC::JSObject::removeDirect):
44199 (JSC::JSObject::createInheritorID):
44200 (JSC::JSObject::allocatePropertyStorage):
44201 (JSC::JSObject::getOwnPropertyDescriptor):
44202 * runtime/JSObject.h:
44203 (JSC::JSObject::getDirect):
44204 (JSC::JSObject::getDirectLocation):
44205 (JSC::JSObject::hasCustomProperties):
44206 (JSC::JSObject::hasGetterSetterProperties):
44207 (JSC::JSObject::isSealed):
44208 (JSC::JSObject::isFrozen):
44209 (JSC::JSObject::isExtensible):
44210 (JSC::JSObject::flattenDictionaryObject):
44211 (JSC::JSObject::finishCreation):
44212 (JSC::JSObject::prototype):
44213 (JSC::JSObject::setPrototype):
44214 (JSC::JSObject::inlineGetOwnPropertySlot):
44215 (JSC::JSCell::fastGetOwnProperty):
44216 (JSC::JSObject::putDirectInternal):
44217 (JSC::JSObject::putDirectWithoutTransition):
44218 (JSC::JSObject::transitionTo):
44219 (JSC::JSObject::visitChildrenDirect): Changed all use of m_structure to
44220 structure() / setStructure(), so we don't have to be a friend of JSCell.
44222 * runtime/Structure.h:
44223 (JSC::JSCell::setStructure): Added, to avoid direct access by JSObject
44224 to JSCell::m_structure.
44226 2011-09-19 Adam Barth <abarth@webkit.org>
44228 Always enable ENABLE(EVENTSOURCE)
44229 https://bugs.webkit.org/show_bug.cgi?id=68414
44231 Reviewed by Eric Seidel.
44233 * Configurations/FeatureDefines.xcconfig:
44235 2011-09-19 Eli Fidler <efidler@rim.com>
44237 Enable JSC_MULTIPLE_THREADS for OS(QNX).
44238 https://bugs.webkit.org/show_bug.cgi?id=68047
44240 Reviewed by Daniel Bates.
44242 SA_RESTART was required for SIGUSR2-based debugging, but is not
44243 present on QNX. This debugging doesn't seem critical to
44244 JSC_MULTIPLE_THREADS, so allow it to proceed.
44246 * heap/MachineStackMarker.cpp:
44247 (JSC::MachineThreads::Thread::Thread):
44248 (JSC::getPlatformThreadRegisters):
44249 (JSC::otherThreadStackPointer):
44250 (JSC::freePlatformThreadRegisters):
44251 * wtf/Platform.h: enable PTHREADS for OS(QNX)
44253 2011-09-19 Oliver Hunt <oliver@apple.com>
44257 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
44259 2011-09-19 Oliver Hunt <oliver@apple.com>
44261 Refactor Heap allocation logic into separate AllocationSpace class
44262 https://bugs.webkit.org/show_bug.cgi?id=68409
44264 Reviewed by Gavin Barraclough.
44266 This patch hoists direct manipulation of the MarkedSpace and related
44267 data out of Heap and into a separate class. This will allow us to
44268 have multiple allocation spaces in future, so easing the way towards
44269 having GC'd backing stores for objects.
44272 * GNUmakefile.list.am:
44273 * JavaScriptCore.exp:
44274 * JavaScriptCore.gypi:
44275 * JavaScriptCore.pro:
44276 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
44277 * JavaScriptCore.xcodeproj/project.pbxproj:
44278 * debugger/Debugger.cpp:
44279 (JSC::Debugger::recompileAllJSFunctions):
44280 * heap/AllocationSpace.cpp: Added.
44281 (JSC::AllocationSpace::tryAllocate):
44282 (JSC::AllocationSpace::allocateSlowCase):
44283 (JSC::AllocationSpace::allocateBlock):
44284 (JSC::AllocationSpace::freeBlocks):
44285 (JSC::TakeIfEmpty::TakeIfEmpty):
44286 (JSC::TakeIfEmpty::operator()):
44287 (JSC::TakeIfEmpty::returnValue):
44288 (JSC::AllocationSpace::shrink):
44289 * heap/AllocationSpace.h: Added.
44290 (JSC::AllocationSpace::AllocationSpace):
44291 (JSC::AllocationSpace::blocks):
44292 (JSC::AllocationSpace::sizeClassFor):
44293 (JSC::AllocationSpace::setHighWaterMark):
44294 (JSC::AllocationSpace::highWaterMark):
44295 (JSC::AllocationSpace::canonicalizeBlocks):
44296 (JSC::AllocationSpace::resetAllocator):
44297 (JSC::AllocationSpace::forEachCell):
44298 (JSC::AllocationSpace::forEachBlock):
44299 (JSC::AllocationSpace::allocate):
44302 (JSC::Heap::reportExtraMemoryCostSlowCase):
44303 (JSC::Heap::getConservativeRegisterRoots):
44304 (JSC::Heap::markRoots):
44305 (JSC::Heap::clearMarks):
44306 (JSC::Heap::sweep):
44307 (JSC::Heap::objectCount):
44309 (JSC::Heap::capacity):
44310 (JSC::Heap::globalObjectCount):
44311 (JSC::Heap::objectTypeCounts):
44312 (JSC::Heap::collect):
44313 (JSC::Heap::canonicalizeBlocks):
44314 (JSC::Heap::resetAllocator):
44315 (JSC::Heap::freeBlocks):
44316 (JSC::Heap::shrink):
44318 (JSC::Heap::objectSpace):
44319 (JSC::Heap::sizeClassForObject):
44320 (JSC::Heap::allocate):
44321 * jit/JITInlineMethods.h:
44322 (JSC::JIT::emitAllocateBasicJSObject):
44323 * runtime/JSGlobalData.cpp:
44324 (JSC::JSGlobalData::recompileAllJSFunctions):
44325 (JSC::JSGlobalData::releaseExecutableMemory):
44327 2011-09-19 Adam Roben <aroben@apple.com>
44329 Windows build fix after r95310
44331 * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added
44332 include\private\JavaScriptCore to the include path so DFGIntrinsic.h can be found.
44334 2011-09-19 Filip Pizlo <fpizlo@apple.com>
44336 DFG speculation failures should act as additional value profiles
44337 https://bugs.webkit.org/show_bug.cgi?id=68335
44339 Reviewed by Oliver Hunt.
44341 This adds slow-case counters to the old JIT. It also ensures that
44342 negative zero in multiply is handled carefully. The old JIT
44343 previously took slow path if the result of a multiply was zero,
44344 which, without any changes, would cause the DFG to think that
44345 every such multiply produced a double result.
44347 This also fixes a bug in the old JIT's handling of decrements. It
44348 would take the slow path if the result was zero, but not if it
44351 By itself, this would be a 1% slow-down on V8 and Kraken. But then
44352 I wrote optimizations in the DFG that take advantage of this new
44353 information. It's no longer the case that every multiply needs to
44354 do a check for negative zero; it only happens if the negative
44357 This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
44358 speed-up in V8. It's mostly neutral on Kraken. I can see an
44359 0.5% slow-down and it appears to be significant.
44361 * bytecode/CodeBlock.cpp:
44362 (JSC::CodeBlock::resetRareCaseProfiles):
44363 (JSC::CodeBlock::dumpValueProfiles):
44364 * bytecode/CodeBlock.h:
44365 * bytecode/ValueProfile.h:
44366 (JSC::RareCaseProfile::RareCaseProfile):
44367 (JSC::getRareCaseProfileBytecodeOffset):
44368 * dfg/DFGByteCodeParser.cpp:
44369 (JSC::DFG::ByteCodeParser::toInt32):
44370 (JSC::DFG::ByteCodeParser::makeSafe):
44371 (JSC::DFG::ByteCodeParser::parseBlock):
44372 * dfg/DFGJITCodeGenerator.cpp:
44373 (JSC::DFG::GPRTemporary::GPRTemporary):
44374 * dfg/DFGJITCodeGenerator.h:
44376 * dfg/DFGPropagator.cpp:
44377 (JSC::DFG::Propagator::propagateNode):
44378 (JSC::DFG::Propagator::fixupNode):
44379 (JSC::DFG::Propagator::clobbersWorld):
44380 (JSC::DFG::Propagator::performNodeCSE):
44381 * dfg/DFGSpeculativeJIT.cpp:
44382 (JSC::DFG::SpeculativeJIT::compile):
44383 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
44385 (JSC::JIT::privateCompileSlowCases):
44387 (JSC::JIT::linkDummySlowCase):
44388 * jit/JITArithmetic.cpp:
44389 (JSC::JIT::emit_op_post_dec):
44390 (JSC::JIT::emit_op_pre_dec):
44391 (JSC::JIT::compileBinaryArithOp):
44392 (JSC::JIT::emit_op_add):
44393 (JSC::JIT::emitSlow_op_add):
44394 * jit/JITInlineMethods.h:
44395 (JSC::JIT::addSlowCase):
44397 2011-09-19 Adam Roben <aroben@apple.com>
44399 Windows build fix after r94575
44401 * JavaScriptCore.vcproj/JavaScriptCore.sln: Relinearized project dependencies. testRegExp
44402 now builds just before FindSafari.
44404 2011-09-19 Sheriff Bot <webkit.review.bot@gmail.com>
44406 Unreviewed, rolling out r95466.
44407 http://trac.webkit.org/changeset/95466
44408 https://bugs.webkit.org/show_bug.cgi?id=68389
44410 Incorrect version of the patch. (Requested by mhahnenberg on
44413 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
44414 * runtime/JSCell.cpp:
44415 (JSC::JSCell::toPrimitive):
44416 * runtime/JSCell.h:
44417 (JSC::JSCell::JSValue::toPrimitive):
44418 * runtime/JSNotAnObject.cpp:
44419 (JSC::JSNotAnObject::toPrimitive):
44420 * runtime/JSNotAnObject.h:
44421 * runtime/JSObject.h:
44422 * runtime/JSString.h:
44424 2011-09-19 Mark Hahnenberg <mhahnenberg@apple.com>
44426 Remove toPrimitive from JSCell
44427 https://bugs.webkit.org/show_bug.cgi?id=67875
44429 Reviewed by Geoffrey Garen.
44431 Part of the refactoring process to un-virtualize JSCell. We move
44432 all of the implicit functionality provided by the virtual toPrimitive method
44433 in JSCell to be explicit in JSValue::toPrimitive and JSCell:toPrimitive while
44434 also de-virtualizing JSCell::toPrimitive.
44436 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
44437 * runtime/JSCell.cpp:
44438 (JSC::JSCell::toPrimitive):
44439 * runtime/JSCell.h:
44441 We replace JSNotAnObject::toPrimitive with defaultValue, which it overrides from
44442 JSObject. This pushes the virtual method further down, enabling us to get rid
44443 of the virtual call in JSCell. Eventually we'll probably have to deal with this
44444 again, but we'll cross that bridge when we come to it.
44445 * runtime/JSNotAnObject.cpp:
44446 (JSC::JSNotAnObject::defaultValue):
44447 * runtime/JSNotAnObject.h:
44448 * runtime/JSObject.h:
44449 * runtime/JSString.h:
44450 (JSC::JSValue::toPrimitive):
44452 2011-09-19 Oliver Hunt <oliver@apple.com>
44456 * jit/JITPropertyAccess32_64.cpp:
44457 (JSC::JIT::compileGetDirectOffset):
44459 2011-09-19 Oliver Hunt <oliver@apple.com>
44461 Rename NewSpace.{h,cpp} to MarkedSpace.{h,cpp}
44462 https://bugs.webkit.org/show_bug.cgi?id=68376
44464 Reviewed by Gavin Barraclough.
44466 Renamed the the MarkedSpace files to match new name, and
44467 updated the relevant references.
44470 * GNUmakefile.list.am:
44471 * JavaScriptCore.gypi:
44472 * JavaScriptCore.pro:
44473 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
44474 * JavaScriptCore.xcodeproj/project.pbxproj:
44476 * heap/MarkedSpace.cpp: Renamed from Source/JavaScriptCore/heap/NewSpace.cpp.
44477 (JSC::MarkedSpace::MarkedSpace):
44478 (JSC::MarkedSpace::addBlock):
44479 (JSC::MarkedSpace::removeBlock):
44480 (JSC::MarkedSpace::resetAllocator):
44481 (JSC::MarkedSpace::canonicalizeBlocks):
44482 * heap/MarkedSpace.h: Renamed from Source/JavaScriptCore/heap/NewSpace.h.
44483 (JSC::MarkedSpace::waterMark):
44484 (JSC::MarkedSpace::highWaterMark):
44485 (JSC::MarkedSpace::setHighWaterMark):
44486 (JSC::MarkedSpace::sizeClassFor):
44487 (JSC::MarkedSpace::allocate):
44488 (JSC::MarkedSpace::forEachBlock):
44489 (JSC::MarkedSpace::SizeClass::SizeClass):
44490 (JSC::MarkedSpace::SizeClass::resetAllocator):
44491 (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
44492 * runtime/JSCell.h:
44494 2011-09-19 Oliver Hunt <oliver@apple.com>
44496 Rename NewSpace to MarkedSpace
44497 https://bugs.webkit.org/show_bug.cgi?id=68375
44499 Reviewed by Gavin Barraclough.
44501 Rename NewSpace to a more accurate name, and update all uses.
44502 This patch doesn't rename the files themselves as that will
44503 just make the patch appear bigger than it is.
44505 * JavaScriptCore.exp:
44506 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
44508 (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
44509 (JSC::CountFunctor::TakeIfEmpty::operator()):
44511 (JSC::Heap::reportExtraMemoryCostSlowCase):
44512 (JSC::Heap::tryAllocate):
44513 (JSC::Heap::allocateSlowCase):
44514 (JSC::Heap::collect):
44515 (JSC::Heap::canonicalizeBlocks):
44516 (JSC::Heap::resetAllocator):
44517 (JSC::Heap::isValidAllocation):
44518 (JSC::Heap::shrink):
44520 (JSC::Heap::markedSpace):
44521 (JSC::Heap::sizeClassFor):
44522 (JSC::Heap::allocate):
44523 * heap/NewSpace.cpp:
44524 (JSC::MarkedSpace::MarkedSpace):
44525 (JSC::MarkedSpace::addBlock):
44526 (JSC::MarkedSpace::removeBlock):
44527 (JSC::MarkedSpace::resetAllocator):
44528 (JSC::MarkedSpace::canonicalizeBlocks):
44530 (JSC::MarkedSpace::waterMark):
44531 (JSC::MarkedSpace::highWaterMark):
44532 (JSC::MarkedSpace::setHighWaterMark):
44533 (JSC::MarkedSpace::sizeClassFor):
44534 (JSC::MarkedSpace::allocate):
44535 (JSC::MarkedSpace::forEachBlock):
44536 (JSC::MarkedSpace::SizeClass::SizeClass):
44537 (JSC::MarkedSpace::SizeClass::resetAllocator):
44538 (JSC::MarkedSpace::SizeClass::canonicalizeBlock):
44539 * jit/JITInlineMethods.h:
44540 (JSC::JIT::emitAllocateBasicJSObject):
44542 2011-09-19 Peter Rybin <peter.rybin@gmail.com>
44544 TextPosition refactoring: Merge ZeroBasedNumber and OneBasedNumber classes
44545 https://bugs.webkit.org/show_bug.cgi?id=63541
44547 Reviewed by Adam Barth.
44549 * parser/SourceProvider.h:
44550 (JSC::SourceProvider::startPosition):
44551 * wtf/text/TextPosition.h:
44552 (WTF::OrdinalNumber::fromZeroBasedInt):
44553 (WTF::OrdinalNumber::fromOneBasedInt):
44554 (WTF::OrdinalNumber::OrdinalNumber):
44555 (WTF::OrdinalNumber::zeroBasedInt):
44556 (WTF::OrdinalNumber::oneBasedInt):
44557 (WTF::OrdinalNumber::operator==):
44558 (WTF::OrdinalNumber::operator!=):
44559 (WTF::OrdinalNumber::first):
44560 (WTF::OrdinalNumber::beforeFirst):
44561 (WTF::TextPosition::TextPosition):
44562 (WTF::TextPosition::minimumPosition):
44563 (WTF::TextPosition::belowRangePosition):
44565 2011-09-19 Dan Bernstein <mitz@apple.com>
44567 JavaScriptCore part of [mac] WebKit contains Objective-C classes that are not prefixed with its standard prefixes
44568 https://bugs.webkit.org/show_bug.cgi?id=68323
44570 Reviewed by Sam Weinig.
44572 Renamed WTFMainThreadCaller to JSWTFMainThreadCaller.
44574 * wtf/mac/MainThreadMac.mm:
44575 (WTF::initializeMainThreadPlatform):
44576 (WTF::initializeMainThreadToProcessMainThreadPlatform):
44578 2011-09-19 Oliver Hunt <oliver@apple.com>
44580 Remove direct property slot pointers from the instruction stream
44581 https://bugs.webkit.org/show_bug.cgi?id=68373
44583 Reviewed by Gavin Barraclough.
44585 Use an indirect load to access prototype properties rather than directly
44586 storing the property address in the instruction stream. This should allow
44587 further optimisations in future, and also provides a 0.5% win to sunspider.
44589 * dfg/DFGRepatch.cpp:
44590 (JSC::DFG::generateProtoChainAccessStub):
44591 * jit/JITPropertyAccess.cpp:
44592 (JSC::JIT::compileGetDirectOffset):
44593 * jit/JITPropertyAccess32_64.cpp:
44594 (JSC::JIT::compileGetDirectOffset):
44595 * runtime/JSObject.h:
44596 (JSC::JSObject::addressOfPropertyStorage):
44598 2011-09-19 Oliver Hunt <oliver@apple.com>
44600 Remove bump allocator
44601 https://bugs.webkit.org/show_bug.cgi?id=68370
44603 Reviewed by Sam Weinig.
44605 Can't do anything with this allocator currently, and it's
44606 increasing the complexity of the GC code. Slight progression
44607 on SunSpider, slight regression (undoing the original progression)
44611 (JSC::Heap::collect):
44613 * heap/NewSpace.cpp:
44614 (JSC::NewSpace::NewSpace):
44616 (JSC::NewSpace::allocate):
44617 * runtime/JSObject.cpp:
44618 (JSC::JSObject::allocatePropertyStorage):
44619 * runtime/JSObject.h:
44620 (JSC::JSObject::~JSObject):
44621 (JSC::JSObject::visitChildrenDirect):
44622 * runtime/StorageBarrier.h:
44623 (JSC::StorageBarrier::set):
44625 2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
44627 [GTK] Fix distcheck build
44628 https://bugs.webkit.org/show_bug.cgi?id=68346
44630 Reviewed by Philippe Normand.
44632 * GNUmakefile.list.am:
44634 2011-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
44636 [GTK] Fix distcheck build
44637 https://bugs.webkit.org/show_bug.cgi?id=68241
44639 Reviewed by Martin Robinson.
44641 * GNUmakefile.list.am:
44643 2011-09-18 Dan Bernstein <mitz@apple.com>
44645 Removed ProfilerServer.
44647 Reviewed by Mark Rowe.
44649 * JavaScriptCore.gypi:
44650 * JavaScriptCore.xcodeproj/project.pbxproj:
44651 * profiler/ProfilerServer.h: Removed.
44652 * profiler/ProfilerServer.mm: Removed.
44653 * runtime/JSGlobalData.cpp:
44654 (JSC::JSGlobalData::JSGlobalData):
44657 2011-09-17 Filip Pizlo <fpizlo@apple.com>
44659 DFG JIT should inline Math.min, Math.max, and Math.sqrt
44660 https://bugs.webkit.org/show_bug.cgi?id=68318
44662 Reviewed by Gavin Barraclough.
44664 Adds Math.min, Math.max, and Math.sqrt intrinsics. Adds support for
44665 a function to have an intrinsic but not a thunk generator. This is
44666 a 7% speed-up on access-nbody, and neutral elsewhere, mainly because
44667 we're still not DFG compiling the bulk of the hot code in Kraken audio
44670 * create_hash_table:
44671 * dfg/DFGByteCodeParser.cpp:
44672 (JSC::DFG::ByteCodeParser::handleMinMax):
44673 (JSC::DFG::ByteCodeParser::handleIntrinsic):
44674 * dfg/DFGIntrinsic.h:
44676 * dfg/DFGPropagator.cpp:
44677 (JSC::DFG::Propagator::propagateNode):
44678 (JSC::DFG::Propagator::fixupNode):
44679 * dfg/DFGSpeculativeJIT.cpp:
44680 (JSC::DFG::SpeculativeJIT::compile):
44681 * jit/JITStubs.cpp:
44682 (JSC::JITThunks::hostFunctionStub):
44683 * runtime/Lookup.cpp:
44684 (JSC::setUpStaticFunctionSlot):
44686 2011-09-18 Nico Weber <thakis@chromium.org>
44688 Remove two files from JavaScriptCore.gypi that were removed in r95240
44689 https://bugs.webkit.org/show_bug.cgi?id=68327
44691 Unreviewed, build warning fix.
44693 * JavaScriptCore.gypi:
44695 2011-09-17 Oliver Hunt <oliver@apple.com>
44697 Remove special case handling of inline storage from the JIT
44698 https://bugs.webkit.org/show_bug.cgi?id=68319
44700 Reviewed by Gavin Barraclough.
44702 Simplify logic used for reading and writing to property storage
44703 by removing the special cases for inline storage. This has no
44706 * dfg/DFGRepatch.cpp:
44707 (JSC::DFG::generateProtoChainAccessStub):
44708 (JSC::DFG::tryBuildGetByIDList):
44710 * jit/JITPropertyAccess.cpp:
44711 (JSC::JIT::compilePutDirectOffset):
44712 (JSC::JIT::compileGetDirectOffset):
44713 (JSC::JIT::privateCompilePutByIdTransition):
44714 (JSC::JIT::privateCompileGetByIdSelfList):
44715 * jit/JITPropertyAccess32_64.cpp:
44716 (JSC::JIT::compilePutDirectOffset):
44717 (JSC::JIT::compileGetDirectOffset):
44718 (JSC::JIT::privateCompilePutByIdTransition):
44719 (JSC::JIT::privateCompileGetByIdSelfList):
44721 2011-09-17 Filip Pizlo <fpizlo@apple.com>
44723 DFG JIT does not have full block-local CSE
44724 https://bugs.webkit.org/show_bug.cgi?id=68316
44726 Reviewed by Oliver Hunt.
44728 This adds block-local CSE to the DFG. CSE runs in the propagator just after
44729 type propagation. It is part of the propagator itself because it needs to
44730 use the propagator's internal data structures to determine which operations
44731 may have side effects. Because it changes the live-ranges of nodes, the
44732 virtual register allocator had to be moved into the propagator so that it
44733 runs after CSE. To ensure that the back-end knows to keep the inputs to
44734 any eliminated node alive for OSR, a new node type, Phantom, was introduced.
44735 It is a no-op but prolonges the live-range of its inputs.
44737 This is an 80% speed-up on imaging-gaussian-blur, and a 10% speed-up on
44740 * JavaScriptCore.xcodeproj/project.pbxproj:
44741 * dfg/DFGAliasTracker.h: Removed.
44742 * dfg/DFGByteCodeParser.cpp:
44743 (JSC::DFG::ByteCodeParser::parseBlock):
44744 (JSC::DFG::ByteCodeParser::parse):
44745 * dfg/DFGGraph.cpp:
44746 (JSC::DFG::Graph::dump):
44748 (JSC::DFG::MethodCheckData::operator==):
44749 (JSC::DFG::MethodCheckData::operator!=):
44751 (JSC::DFG::Node::hasVirtualRegister):
44752 (JSC::DFG::Node::setRefCount):
44753 * dfg/DFGPropagator.cpp:
44754 (JSC::DFG::Propagator::Propagator):
44755 (JSC::DFG::Propagator::fixpoint):
44756 (JSC::DFG::Propagator::propagateNode):
44757 (JSC::DFG::Propagator::canonicalize):
44758 (JSC::DFG::Propagator::computeStartIndex):
44759 (JSC::DFG::Propagator::startIndex):
44760 (JSC::DFG::Propagator::pureCSE):
44761 (JSC::DFG::Propagator::globalVarLoadElimination):
44762 (JSC::DFG::Propagator::getByValLoadElimination):
44763 (JSC::DFG::Propagator::getMethodLoadElimination):
44764 (JSC::DFG::Propagator::performSubstitution):
44765 (JSC::DFG::Propagator::setReplacement):
44766 (JSC::DFG::Propagator::performNodeCSE):
44767 (JSC::DFG::Propagator::performBlockCSE):
44768 (JSC::DFG::Propagator::localCSE):
44769 (JSC::DFG::Propagator::allocateVirtualRegisters):
44770 (JSC::DFG::propagate):
44771 * dfg/DFGSpeculativeJIT.cpp:
44772 (JSC::DFG::SpeculativeJIT::compile):
44774 2011-09-16 Filip Pizlo <fpizlo@apple.com>
44776 method_check should repatch itself if it finds that the new structure(s)
44777 are the result of transitions from the old structure(s)
44778 https://bugs.webkit.org/show_bug.cgi?id=68294
44780 Reviewed by Gavin Barraclough.
44782 Previously a patched method_check would slow-path to get_by_id. Now it
44783 slow-paths to method_check_update, which attempts to correct the
44784 method_check due to structure transitions before bailing to get_by_id.
44786 This is a 1-2% speed-up on some benchmarks and is not a slow-down
44787 anywhere, leading to a 0.6% speed-up on the Kraken geomean.
44789 * jit/JITPropertyAccess.cpp:
44790 (JSC::JIT::patchMethodCallProto):
44791 * jit/JITStubs.cpp:
44792 (JSC::DEFINE_STUB_FUNCTION):
44794 * runtime/Structure.h:
44795 (JSC::Structure::transitivelyTransitionedFrom):
44797 2011-09-16 Ryosuke Niwa <rniwa@webkit.org>
44799 Touch Platform.h in the hope to fix SnowLeopard Intel Release (WebKit2 Tests).
44803 2011-09-16 Sam Weinig <sam@webkit.org>
44805 Rename APIValueWrapper type to APIValueWrapperType for consistency
44806 https://bugs.webkit.org/show_bug.cgi?id=68306
44808 Reviewed by Anders Carlsson.
44810 * runtime/JSAPIValueWrapper.h:
44811 (JSC::JSAPIValueWrapper::createStructure):
44814 * runtime/JSType.h:
44815 Update name and un-indent.
44817 * runtime/Structure.h:
44818 (JSC::JSCell::isAPIValueWrapper):
44821 2011-09-16 Sam Weinig <sam@webkit.org>
44823 Remove unused isStrictModeFunction function
44824 https://bugs.webkit.org/show_bug.cgi?id=68305
44826 Reviewed by Anders Carlsson.
44828 * runtime/JSObject.h:
44829 (JSC::JSObject::isStrictModeFunction):
44831 2011-09-16 Sam Weinig <sam@webkit.org>
44833 Cleanup JSTypeInfo a bit
44834 https://bugs.webkit.org/show_bug.cgi?id=68289
44836 Reviewed by Anders Carlsson.
44838 * dfg/DFGOperations.cpp:
44839 * jit/JITStubs.cpp:
44840 (JSC::DEFINE_STUB_FUNCTION):
44841 Replace direct access to flags() with predicate.
44843 * runtime/JSObject.h:
44844 (JSC::JSFinalObject::createStructure):
44845 Pass FinalObjectType instead of using special IsJSFinalObject.
44847 * runtime/JSTypeInfo.h:
44848 (JSC::TypeInfo::TypeInfo):
44849 Add additional assert that you should no object should OverridesHasInstance but not have ImplementsHasInstance set.
44851 (JSC::TypeInfo::isFinalObject):
44854 (JSC::TypeInfo::masqueradesAsUndefined):
44855 (JSC::TypeInfo::implementsHasInstance):
44856 (JSC::TypeInfo::isEnvironmentRecord):
44857 (JSC::TypeInfo::overridesHasInstance):
44858 (JSC::TypeInfo::implementsDefaultHasInstance):
44859 (JSC::TypeInfo::overridesGetOwnPropertySlot):
44860 (JSC::TypeInfo::overridesVisitChildren):
44861 (JSC::TypeInfo::overridesGetPropertyNames):
44862 (JSC::TypeInfo::prohibitsPropertyCaching):
44863 (JSC::TypeInfo::isSetOnFlags1):
44864 (JSC::TypeInfo::isSetOnFlags2):
44865 Replace direct bit twiddling with helper functions.
44867 * runtime/Structure.cpp:
44868 (JSC::Structure::Structure):
44869 Use new isFinalObject() predicate.
44871 2011-09-16 Gavin Barraclough <barraclough@apple.com>
44873 Unsigned bit shift fails under certain conditions in 32 bit builds
44874 https://bugs.webkit.org/show_bug.cgi?id=68166
44876 Reviewed by Geoff Garen.
44878 The major bug here is that the slow case (which handles shifts of
44879 doubles) doesn't check for negative results from an unsigned shift
44880 (which should be unsigned, and as such can't be represented by a
44881 signed integer immediate). The implementation is also flawed for
44882 shifts by negative shift amounts (treats as shift by zero).
44884 * jit/JITArithmetic32_64.cpp:
44885 (JSC::JIT::emitRightShift):
44886 (JSC::JIT::emitRightShiftSlowCase):
44888 2011-09-16 Geoffrey Garen <ggaren@apple.com>
44890 Removed undetectable style.filter.
44892 Reviewed by Sam Weinig.
44894 This feature was added in http://trac.webkit.org/changeset/15557 to
44895 support housingmaps.com. But housingmaps.com no longer needs this hack,
44896 we don't know of other websites that need it, and we don't know of
44897 any other browsers that have implemented this feature.
44899 * GNUmakefile.list.am:
44900 * JavaScriptCore.gypi:
44901 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
44902 * JavaScriptCore.xcodeproj/project.pbxproj:
44903 * runtime/JSTypeInfo.h:
44904 * runtime/StringObjectThatMasqueradesAsUndefined.h: Removed.
44906 2011-09-15 Sam Weinig <sam@webkit.org>
44908 Prepare JSTypes for more Object subtypes
44909 https://bugs.webkit.org/show_bug.cgi?id=68200
44911 Reviewed by Gavin Barraclough.
44913 * dfg/DFGJITCompiler.h:
44914 (JSC::DFG::JITCompiler::branchIfNotObject):
44915 * jit/JITInlineMethods.h:
44916 (JSC::JIT::emitJumpIfNotObject):
44917 * runtime/JSGlobalObject.h:
44918 (JSC::Structure::prototypeForLookup):
44919 * runtime/JSObject.h:
44920 (JSC::JSObject::finishCreation):
44921 * runtime/JSType.h:
44922 * runtime/JSTypeInfo.h:
44923 (JSC::TypeInfo::type):
44924 (JSC::TypeInfo::isObject):
44925 (JSC::TypeInfo::isFinal):
44926 (JSC::TypeInfo::prohibitsPropertyCaching):
44927 * runtime/NativeErrorConstructor.h:
44928 (JSC::NativeErrorConstructor::finishCreation):
44929 * runtime/Operations.cpp:
44930 (JSC::jsIsObjectType):
44931 * runtime/Structure.cpp:
44932 (JSC::Structure::addPropertyTransitionToExistingStructure):
44933 (JSC::Structure::addPropertyTransition):
44934 * runtime/Structure.h:
44935 (JSC::Structure::isObject):
44936 (JSC::JSCell::isObject):
44938 2011-09-16 Geoffrey Garen <ggaren@apple.com>
44940 Rolled back in r95201 with test failure fixed.
44942 I missed two cases of jumpSlowToHot in rshift -- these cases need to be
44943 sure to initialize regT1 to the int tag, since it will otherwise hold
44944 the top 32 bits of a double.
44947 * jit/JITArithmetic32_64.cpp:
44948 (JSC::JIT::emit_op_lshift):
44949 (JSC::JIT::emitRightShift):
44950 (JSC::JIT::emitRightShiftSlowCase):
44951 (JSC::JIT::emit_op_bitand):
44952 (JSC::JIT::emit_op_bitor):
44953 (JSC::JIT::emit_op_bitxor):
44954 (JSC::JIT::emit_op_bitnot):
44955 (JSC::JIT::emit_op_post_inc):
44956 (JSC::JIT::emit_op_post_dec):
44957 (JSC::JIT::emit_op_pre_inc):
44958 (JSC::JIT::emit_op_pre_dec):
44959 * jit/JITInlineMethods.h:
44960 (JSC::JIT::emitStoreAndMapInt32):
44962 2011-09-16 Filip Pizlo <fpizlo@apple.com>
44964 Unreviewed Windows build fix after 95318.
44966 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
44968 2011-09-16 Adam Roben <aroben@apple.com>
44970 Windows build fix after r95310
44972 * JavaScriptCore.vcproj/jsc/jscCommon.vsprops: Added include\private\JavaScriptCore to the
44973 include path so DFGIntrinsic.h can be found.
44975 2011-09-16 Gavin Barraclough <barraclough@apple.com>
44977 Rationalize JSObject::putDirect* methods
44978 https://bugs.webkit.org/show_bug.cgi?id=68274
44980 Reviewed by Sam Weinig.
44982 Delete the *Function variants. These are overall inefficient,
44983 in the way they get the name back from the function rather
44984 than just passing it in.
44986 * JavaScriptCore.exp:
44988 (GlobalObject::finishCreation):
44989 (GlobalObject::addFunction):
44990 * runtime/FunctionPrototype.cpp:
44991 (JSC::FunctionPrototype::addFunctionProperties):
44992 * runtime/JSGlobalObject.cpp:
44993 (JSC::JSGlobalObject::reset):
44994 * runtime/JSObject.cpp:
44995 (JSC::JSObject::put):
44996 (JSC::JSObject::putWithAttributes):
44997 (JSC::JSObject::defineGetter):
44998 (JSC::JSObject::defineSetter):
44999 * runtime/JSObject.h:
45000 (JSC::JSObject::putDirect):
45001 (JSC::JSObject::putDirectWithoutTransition):
45002 * runtime/Lookup.cpp:
45003 (JSC::setUpStaticFunctionSlot):
45004 * runtime/Lookup.h:
45007 2011-09-16 Filip Pizlo <fpizlo@apple.com>
45009 Unreviewed build fix for Windows.
45011 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
45013 2011-09-16 Filip Pizlo <fpizlo@apple.com>
45015 Unreviewed build fix for non-DFG builds.
45017 * runtime/Executable.h:
45018 (JSC::NativeExecutable::finishCreation):
45020 2011-09-16 Filip Pizlo <fpizlo@apple.com>
45022 DFG JIT should inline Math.abs
45023 https://bugs.webkit.org/show_bug.cgi?id=68227
45025 Reviewed by Oliver Hunt.
45027 This adds the ability to track intrinsic functions throughout the
45028 host function infrastructure, so that the DFG can easily query
45029 whether or not a call's target is intrinsic, and if so, which
45032 On top of this, it adds Math.abs intrinsics to DFG. Call(Math.abs)
45033 is transformed into ValueToNumber<-ArithAbs nodes. These nodes
45034 then get optimized using the usual tricks.
45036 Also had to make a completely unrelated change to
45037 DateInstanceCache.h in order to fix a preexisting alphabetical
45038 sorting problem in JSGlobalData.h
45040 This results in a big win in imaging-gaussian-blur: 61% faster
45041 than before. The net win on Kraken is around 13%.
45043 * JavaScriptCore.xcodeproj/project.pbxproj:
45044 * create_hash_table:
45045 * dfg/DFGByteCodeParser.cpp:
45046 (JSC::DFG::ByteCodeParser::parseBlock):
45048 (JSC::DFG::Graph::isFunctionConstant):
45049 (JSC::DFG::Graph::valueOfFunctionConstant):
45050 * dfg/DFGIntrinsic.h: Added.
45051 * dfg/DFGJITCodeGenerator.h:
45052 (JSC::DFG::JITCodeGenerator::isFunctionConstant):
45053 (JSC::DFG::JITCodeGenerator::valueOfFunctionConstant):
45054 * dfg/DFGJITCompiler.h:
45055 (JSC::DFG::JITCompiler::isFunctionConstant):
45056 (JSC::DFG::JITCompiler::valueOfFunctionConstant):
45058 * dfg/DFGPropagator.cpp:
45059 (JSC::DFG::Propagator::propagateNode):
45060 * dfg/DFGSpeculativeJIT.cpp:
45061 (JSC::DFG::SpeculativeJIT::compile):
45062 * jit/JITStubs.cpp:
45063 (JSC::JITThunks::hostFunctionStub):
45065 * runtime/DateInstanceCache.h:
45066 * runtime/Executable.cpp:
45067 (JSC::ExecutableBase::intrinsic):
45068 (JSC::NativeExecutable::intrinsic):
45069 * runtime/Executable.h:
45070 (JSC::NativeExecutable::create):
45071 (JSC::NativeExecutable::finishCreation):
45072 * runtime/JSGlobalData.cpp:
45073 (JSC::JSGlobalData::getHostFunction):
45074 * runtime/JSGlobalData.h:
45075 * runtime/Lookup.cpp:
45076 (JSC::HashTable::createTable):
45077 (JSC::setUpStaticFunctionSlot):
45078 * runtime/Lookup.h:
45079 (JSC::HashEntry::initialize):
45080 (JSC::HashEntry::intrinsic):
45082 2011-09-16 Filip Pizlo <fpizlo@apple.com>
45084 REGRESSION: Reproducible crash below SlotVisitor::harvestWeakReferences
45085 using Domino's online ordering
45086 https://bugs.webkit.org/show_bug.cgi?id=68220
45088 Reviewed by Oliver Hunt.
45090 Weak handle processing can result in new objects being marked, which
45091 results in new WeakReferencesHarvesters being added. But weak
45092 reference harvesters are only processed before weak handle processing,
45093 so there's the risk that a weak reference harvester will persist
45094 until the next collection, by which time it may have been deleted.
45097 (JSC::Heap::markRoots):
45099 2011-09-16 Csaba Osztrogonác <ossy@webkit.org>
45101 REGRESSION(r95201): It made two tests fail
45102 https://bugs.webkit.org/show_bug.cgi?id=68230
45104 Unreviewed rolling out r95201.
45107 * jit/JITArithmetic32_64.cpp:
45108 (JSC::JIT::emit_op_lshift):
45109 (JSC::JIT::emitRightShift):
45110 (JSC::JIT::emit_op_bitand):
45111 (JSC::JIT::emit_op_bitor):
45112 (JSC::JIT::emit_op_bitxor):
45113 (JSC::JIT::emit_op_bitnot):
45114 (JSC::JIT::emit_op_post_inc):
45115 (JSC::JIT::emit_op_post_dec):
45116 (JSC::JIT::emit_op_pre_inc):
45117 (JSC::JIT::emit_op_pre_dec):
45118 * jit/JITInlineMethods.h:
45120 2011-09-15 Filip Pizlo <fpizlo@apple.com>
45122 DFG JIT does not optimize method_check
45123 https://bugs.webkit.org/show_bug.cgi?id=68215
45125 Reviewed by Oliver Hunt.
45127 MethodCallLinkInfo and StructureStubInfo are now searchable by
45128 bytecodeIndex, so that DFG::ByteCodeParser can use that information
45129 to determine how to optimize GetMethod.
45131 A new node op has been added to DFG: CheckMethod. This is a variant
45132 of GetMethod that has been optimized for the case that GetMethod
45133 always takes the fast path. CheckMethod results in only a very
45134 small amount of code (two loads and two branches in the worst case,
45135 one load and one branch in the best case). CheckMethod behaves as
45136 if it were a constant.
45138 Introduced the notion that a DFG node that is not JSConstant
45139 behaves as a constant. CheckMethod uses this functionality.
45141 This is a 3% speed-up on Kraken, and a small speed-up on V8.
45142 Appears to be neutral on SunSpider.
45144 * bytecode/CodeBlock.h:
45145 (JSC::getStructureStubInfoBytecodeIndex):
45146 (JSC::getMethodCallLinkInfoBytecodeIndex):
45147 * bytecode/PredictedType.cpp:
45148 (JSC::predictionFromCell):
45149 (JSC::predictionFromValue):
45150 * bytecode/PredictedType.h:
45151 * bytecode/StructureStubInfo.h:
45152 * dfg/DFGAliasTracker.h:
45153 (JSC::DFG::AliasTracker::recordGetMethod):
45154 * dfg/DFGByteCodeParser.cpp:
45155 (JSC::DFG::ByteCodeParser::parseBlock):
45156 * dfg/DFGGraph.cpp:
45157 (JSC::DFG::Graph::dump):
45159 (JSC::DFG::Graph::getMethodCheckPrediction):
45160 (JSC::DFG::Graph::getPrediction):
45161 (JSC::DFG::Graph::isConstant):
45162 (JSC::DFG::Graph::isJSConstant):
45163 (JSC::DFG::Graph::valueOfJSConstant):
45164 (JSC::DFG::Graph::valueOfInt32Constant):
45165 (JSC::DFG::Graph::valueOfNumberConstant):
45166 (JSC::DFG::Graph::valueOfBooleanConstant):
45167 (JSC::DFG::Graph::valueOfJSConstantNode):
45168 * dfg/DFGJITCodeGenerator.cpp:
45169 (JSC::DFG::JITCodeGenerator::fillInteger):
45170 (JSC::DFG::JITCodeGenerator::fillDouble):
45171 (JSC::DFG::JITCodeGenerator::fillJSValue):
45172 (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
45173 (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
45174 * dfg/DFGJITCodeGenerator.h:
45175 (JSC::DFG::JITCodeGenerator::silentSpillFPR):
45176 (JSC::DFG::JITCodeGenerator::silentFillGPR):
45177 (JSC::DFG::JITCodeGenerator::silentFillFPR):
45178 * dfg/DFGJITCompiler.cpp:
45179 (JSC::DFG::JITCompiler::fillNumericToDouble):
45180 (JSC::DFG::JITCompiler::fillInt32ToInteger):
45181 (JSC::DFG::JITCompiler::fillToJS):
45183 (JSC::DFG::Node::hasConstant):
45184 (JSC::DFG::Node::hasIdentifier):
45185 (JSC::DFG::Node::hasMethodCheckData):
45186 (JSC::DFG::Node::methodCheckDataIndex):
45187 (JSC::DFG::Node::valueOfJSConstant):
45188 * dfg/DFGPropagator.cpp:
45189 (JSC::DFG::Propagator::propagateNode):
45190 * dfg/DFGSpeculativeJIT.cpp:
45191 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
45192 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
45193 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
45194 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
45195 (JSC::DFG::SpeculativeJIT::compile):
45197 (JSC::JIT::privateCompile):
45199 (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
45200 (JSC::MethodCallCompilationInfo::MethodCallCompilationInfo):
45201 * jit/JITPropertyAccess.cpp:
45202 (JSC::JIT::emit_op_method_check):
45203 (JSC::JIT::compileGetByIdHotPath):
45204 (JSC::JIT::emit_op_put_by_id):
45205 * jit/JITPropertyAccess32_64.cpp:
45206 (JSC::JIT::emit_op_method_check):
45207 (JSC::JIT::compileGetByIdHotPath):
45208 (JSC::JIT::emit_op_put_by_id):
45209 * runtime/JSCell.h:
45210 (JSC::JSCell::JSCell::structureAddress):
45212 2011-09-15 Adam Barth <abarth@webkit.org>
45214 Rename ENABLE(DATABASE) to ENABLE(SQL_DATABASE)
45215 https://bugs.webkit.org/show_bug.cgi?id=68205
45217 Reviewed by Eric Seidel.
45219 * Configurations/FeatureDefines.xcconfig:
45222 2011-09-15 Mark Hahnenberg <mhahnenberg@apple.com>
45224 Unzip initialization lists and constructors in JSCell hierarchy (7/7)
45225 https://bugs.webkit.org/show_bug.cgi?id=68122
45227 Reviewed by Geoffrey Garen.
45229 Completed the seventh and final level of the refactoring to add finishCreation()
45230 methods to all classes within the JSCell hierarchy with non-trivial
45231 constructor bodies.
45233 JSCallbackObject was missed in previous patches due to the fact that
45234 it's non-obvious (at least to my script) that it is in the JSCell hierarchy, so
45235 this is just a bit of retroactive cleanup.
45237 * API/JSCallbackObject.h:
45238 (JSC::JSCallbackObject::create):
45239 * API/JSCallbackObjectFunctions.h:
45240 (JSC::::JSCallbackObject):
45242 2011-09-15 Filip Pizlo <fpizlo@apple.com>
45244 The DFG non-speculative JIT is no longer used and should be removed.
45245 https://bugs.webkit.org/show_bug.cgi?id=68177
45247 Reviewed by Geoffrey Garen.
45249 This removes the non-speculative JIT and everything that relied on it,
45250 including the ability to turn on DFG but not tiered compilation the,
45251 ability to perform speculation failure into non-speculative JIT code,
45252 and the ability to statically terminate speculation.
45254 * GNUmakefile.list.am:
45255 * JavaScriptCore.pro:
45256 * JavaScriptCore.xcodeproj/project.pbxproj:
45257 * bytecode/CodeBlock.h:
45258 * bytecompiler/BytecodeGenerator.cpp:
45259 (JSC::BytecodeGenerator::emitLoopHint):
45260 * dfg/DFGByteCodeParser.cpp:
45261 (JSC::DFG::ByteCodeParser::ByteCodeParser):
45262 (JSC::DFG::ByteCodeParser::getStrongPrediction):
45263 (JSC::DFG::ByteCodeParser::parseBlock):
45264 * dfg/DFGDriver.cpp:
45265 (JSC::DFG::compile):
45266 * dfg/DFGGenerationInfo.h:
45267 * dfg/DFGGraph.cpp:
45268 (JSC::DFG::Graph::predictArgumentTypes):
45269 * dfg/DFGJITCodeGenerator.cpp:
45270 * dfg/DFGJITCompiler.cpp:
45271 (JSC::DFG::JITCompiler::linkOSRExits):
45272 (JSC::DFG::JITCompiler::compileBody):
45273 * dfg/DFGJITCompiler.h:
45275 * dfg/DFGNonSpeculativeJIT.cpp: Removed.
45276 * dfg/DFGNonSpeculativeJIT.h: Removed.
45277 * dfg/DFGOSREntry.cpp:
45278 (JSC::DFG::prepareOSREntry):
45279 * dfg/DFGPropagator.cpp:
45280 * dfg/DFGPropagator.h:
45281 * dfg/DFGSpeculativeJIT.cpp:
45282 (JSC::DFG::SpeculativeJIT::compile):
45283 * dfg/DFGSpeculativeJIT.h:
45284 (JSC::DFG::SpeculativeJIT::osrExits):
45285 (JSC::DFG::SpeculativeJIT::speculationRecovery):
45286 (JSC::DFG::SpeculativeJIT::speculationCheck):
45287 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
45289 (JSC::JIT::privateCompileMainPass):
45290 (JSC::JIT::privateCompile):
45293 (JSC::JITCode::bottomTierJIT):
45294 * runtime/JSGlobalData.cpp:
45295 (JSC::JSGlobalData::JSGlobalData):
45296 (JSC::JSGlobalData::~JSGlobalData):
45297 * runtime/JSGlobalData.h:
45300 2011-09-15 Eric Seidel <eric@webkit.org>
45302 Remove ENABLE(SVG_AS_IMAGE) since all major ports have it on by default
45303 https://bugs.webkit.org/show_bug.cgi?id=68182
45305 Reviewed by Adam Barth.
45307 * Configurations/FeatureDefines.xcconfig:
45309 2011-09-15 Filip Pizlo <fpizlo@apple.com>
45311 DFG speculative JIT sometimes asserts that a value is not a number
45312 even when it doesn't know anything about the number
45313 https://bugs.webkit.org/show_bug.cgi?id=68189
45315 Reviewed by Oliver Hunt.
45317 * dfg/DFGGenerationInfo.h:
45318 (JSC::DFG::GenerationInfo::isUnknownJS):
45319 * dfg/DFGJITCodeGenerator.cpp:
45320 (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
45322 2011-09-15 Filip Pizlo <fpizlo@apple.com>
45324 All of the functionality in the non-speculative JIT should be
45325 available to the speculative JIT via helper methods
45326 https://bugs.webkit.org/show_bug.cgi?id=68186
45328 Reviewed by Oliver Hunt.
45330 Stole all of the goodness from NonSpeculativeJIT and placed it
45331 in JITCodeGenerator. Left all of the badness (i.e. subtle code
45332 duplication with SpeculativeJIT, etc). This is in preparation
45333 for removing the NonSpeculativeJIT entirely, but having its
45334 goodness available for reuse in the SpeculativeJIT if necessary.
45336 * dfg/DFGJITCodeGenerator.cpp:
45337 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToNumber):
45338 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
45339 (JSC::DFG::JITCodeGenerator::nonSpeculativeUInt32ToNumber):
45340 (JSC::DFG::JITCodeGenerator::nonSpeculativeKnownConstantArithOp):
45341 (JSC::DFG::JITCodeGenerator::nonSpeculativeBasicArithOp):
45342 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithMod):
45343 (JSC::DFG::JITCodeGenerator::nonSpeculativeCheckHasInstance):
45344 (JSC::DFG::JITCodeGenerator::nonSpeculativeInstanceOf):
45345 * dfg/DFGJITCodeGenerator.h:
45346 (JSC::DFG::JITCodeGenerator::nonSpeculativeAdd):
45347 (JSC::DFG::JITCodeGenerator::nonSpeculativeArithSub):
45348 * dfg/DFGNonSpeculativeJIT.cpp:
45349 (JSC::DFG::NonSpeculativeJIT::compile):
45350 * dfg/DFGNonSpeculativeJIT.h:
45352 2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
45354 Unreviewed, rolling out r95167.
45355 http://trac.webkit.org/changeset/95167
45356 https://bugs.webkit.org/show_bug.cgi?id=68191
45358 Patch needs further work. (Requested by mhahnenberg on
45361 * JavaScriptCore.exp:
45362 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
45363 * runtime/JSCell.cpp:
45364 (JSC::JSCell::toBoolean):
45365 * runtime/JSCell.h:
45366 (JSC::JSCell::JSValue::toBoolean):
45367 * runtime/JSNotAnObject.cpp:
45368 (JSC::JSNotAnObject::toBoolean):
45369 * runtime/JSNotAnObject.h:
45370 * runtime/JSObject.h:
45371 * runtime/JSString.h:
45372 * runtime/StringObjectThatMasqueradesAsUndefined.h:
45373 (JSC::StringObjectThatMasqueradesAsUndefined::toBoolean):
45375 2011-09-15 Filip Pizlo <fpizlo@apple.com>
45377 Unreviewed build fix for platforms that expect a linkable symbol
45378 for primitive static const's.
45380 * bytecode/CodeBlock.h:
45382 (JSC::JIT::emitOptimizationCheck):
45384 2011-09-15 Filip Pizlo <fpizlo@apple.com>
45386 Unreviewed build fix for assertion on existence of alternative
45389 * dfg/DFGGraph.cpp:
45390 (JSC::DFG::Graph::predictArgumentTypes):
45392 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45394 Value profiles collect no information for global variables
45395 https://bugs.webkit.org/show_bug.cgi?id=68143
45397 Reviewed by Geoffrey Garen.
45399 17% speed-up on string-fasta. Neutral elsewhere.
45401 * dfg/DFGByteCodeParser.cpp:
45402 (JSC::DFG::ByteCodeParser::getStrongPrediction):
45403 (JSC::DFG::ByteCodeParser::stronglyPredict):
45404 (JSC::DFG::ByteCodeParser::parseBlock):
45405 * jit/JITPropertyAccess.cpp:
45406 (JSC::JIT::emit_op_get_global_var):
45408 2011-09-15 Eric Seidel <eric@webkit.org>
45410 Remove ENABLE_SVG_ANIMATION as all major ports have it on by default
45411 https://bugs.webkit.org/show_bug.cgi?id=68022
45413 Reviewed by Ryosuke Niwa.
45415 * Configurations/FeatureDefines.xcconfig:
45417 2011-09-15 Gavin Barraclough <barraclough@apple.com>
45419 Ooops, revert accidentally commited unreviewed changes.
45421 * jit/JITOpcodes32_64.cpp:
45422 (JSC::JIT::emit_op_jfalse):
45423 (JSC::JIT::emit_op_jtrue):
45424 * jit/JSInterfaceJIT.h:
45425 * runtime/JSValue.h:
45427 2011-09-15 Sheriff Bot <webkit.review.bot@gmail.com>
45429 Unreviewed, rolling out r95163.
45430 http://trac.webkit.org/changeset/95163
45431 https://bugs.webkit.org/show_bug.cgi?id=68180
45433 [Qt] The QT_GCC_X variables were removed in Qt5 by accident.
45434 (Requested by darktears on #webkit).
45436 * JavaScriptCore.pro:
45438 2011-09-15 Gavin Barraclough <barraclough@apple.com>
45440 Windows build fix p1.
45442 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
45443 * jit/JITOpcodes32_64.cpp:
45444 (JSC::JIT::emit_op_jfalse):
45445 (JSC::JIT::emit_op_jtrue):
45446 * jit/JSInterfaceJIT.h:
45447 * runtime/JSValue.h:
45449 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45451 Tiered compilation should be enabled by default on platforms
45452 that support the DFG JIT
45453 https://bugs.webkit.org/show_bug.cgi?id=68136
45455 Reviewed by Sam Weinig.
45457 Neutral on SunSpider, 4% speed-up on V8, and 19% speed-up on
45458 Kraken. Large progressions on some benchmarks, including
45459 3x on imaging-desaturate.
45463 2011-09-15 Gavin Barraclough <barraclough@apple.com>
45465 devirtualize preventExtensions
45466 https://bugs.webkit.org/show_bug.cgi?id=68176
45468 Reviewed by Oliver Hunt.
45470 This is virtual due to problems in JSFunction putting the prototype
45471 property, but we can fix this problem a different way, just setting
45472 the checkReadOnly flag to false in the put.
45474 * runtime/JSFunction.cpp:
45475 (JSC::JSFunction::getOwnPropertySlot):
45476 * runtime/JSFunction.h:
45477 * runtime/JSObject.h:
45479 2011-09-15 Geoffrey Garen <ggaren@apple.com>
45481 Value chaining for JSValue32_64 bitops.
45483 Reviewed by Sam Weinig.
45485 SunSpider says 2.3% faster, v8 ~1% faster (mostly due to crypto).
45488 * jit/JITInlineMethods.h:
45489 (JSC::JIT::emitStoreAndMapInt32): New int32 helper function for stores
45490 that can chain their results, which is the common case.
45492 * jit/JITArithmetic32_64.cpp:
45493 (JSC::JIT::emit_op_lshift):
45494 (JSC::JIT::emitRightShift):
45495 (JSC::JIT::emit_op_bitand):
45496 (JSC::JIT::emit_op_bitor):
45497 (JSC::JIT::emit_op_bitxor):
45498 (JSC::JIT::emit_op_bitnot):
45499 (JSC::JIT::emit_op_pre_inc):
45500 (JSC::JIT::emit_op_pre_dec): Deployed new function.
45501 (JSC::JIT::emit_op_post_inc):
45502 (JSC::JIT::emit_op_post_dec): Had to reorder these functions so they
45503 computed their result values last, to make them elligible for chaining.
45505 2011-09-15 Adam Roben <aroben@apple.com>
45507 Clang build fix after r95172
45509 * dfg/DFGSpeculativeJIT.h:
45510 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
45511 (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
45512 Added parentheses to make precendence clear.
45514 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45516 DFG does not speculate aggressively enough on comparisons
45517 https://bugs.webkit.org/show_bug.cgi?id=68138
45519 Reviewed by Oliver Hunt.
45521 This is a 75% speed-up on Kraken/ai-astar. It's a 1% win on
45522 V8 and an 8.5% win on Kraken. Neutral on SunSpider.
45524 * dfg/DFGSpeculativeJIT.cpp:
45525 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
45526 (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
45527 (JSC::DFG::SpeculativeJIT::compileObjectEquality):
45528 (JSC::DFG::SpeculativeJIT::compare):
45529 * dfg/DFGSpeculativeJIT.h:
45530 (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
45531 (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
45532 (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
45533 (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
45535 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45537 DFG JIT does not leverage integer speculations on branches
45538 https://bugs.webkit.org/show_bug.cgi?id=68140
45540 Reviewed by Oliver Hunt.
45542 * dfg/DFGJITCodeGenerator.cpp:
45543 (JSC::DFG::JITCodeGenerator::isStrictInt32):
45544 * dfg/DFGJITCodeGenerator.h:
45545 * dfg/DFGSpeculativeJIT.cpp:
45546 (JSC::DFG::SpeculativeJIT::compile):
45548 2011-09-14 Gavin Barraclough <barraclough@apple.com>
45550 [n]stricteq code is bogus in JSValue32_64 JIT
45551 https://bugs.webkit.org/show_bug.cgi?id=68141
45553 Reviewed by Sam Weinig.
45555 The code tries to check for both ints or cells, but this check also
45556 catches cases where values that are undefined, null, etc (probably
45557 was incorrectly assuming cell was the 2nd highest tag?).
45559 Also, there is no need not to handle int on the fast path.
45560 stricteq is just a case of comparing the payloads, if we:
45561 * handle cases of differing tags on a slow path
45562 * handle doubles a slow path
45563 * handle both-are-string on a slow path
45565 * jit/JITOpcodes32_64.cpp:
45566 (JSC::JIT::compileOpStrictEq):
45567 (JSC::JIT::emitSlow_op_stricteq):
45568 (JSC::JIT::emitSlow_op_nstricteq):
45570 2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
45572 Make JSCell::toBoolean non-virtual
45573 https://bugs.webkit.org/show_bug.cgi?id=67727
45575 Reviewed by Sam Weinig.
45577 JSCell::toBoolean now manually performs the toBoolean check for objects and strings (where
45578 before it was simply virtual and would crash if its implementation was called).
45579 Its descendants in JSObject and JSString have also been made non-virtual. JSCell now
45580 explicitly covers all cases of toBoolean, so having a virtual implementation of
45581 JSCell::toBoolean is no longer necessary. This is part of a larger process of un-virtualizing JSCell.
45583 * JavaScriptCore.exp:
45584 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
45585 * runtime/JSCell.cpp:
45586 * runtime/JSCell.h:
45587 * runtime/JSNotAnObject.cpp:
45588 * runtime/JSNotAnObject.h:
45589 * runtime/JSObject.h:
45590 * runtime/JSString.h:
45591 (JSC::JSCell::toBoolean):
45592 (JSC::JSValue::toBoolean):
45593 * runtime/StringObjectThatMasqueradesAsUndefined.h:
45595 2011-09-14 Alexis Menard <alexis.menard@openbossa.org>
45597 [Qt] Replace QT_GCC_X as they don't exist in Qt5 anymore.
45598 https://bugs.webkit.org/show_bug.cgi?id=68114
45600 Reviewed by Kenneth Rohde Christiansen.
45602 Use the new GCC_X variables defined in WebKit.pri to replace
45603 the usage of QT_GCC_X.
45605 * JavaScriptCore.pro:
45607 2011-09-14 Sheriff Bot <webkit.review.bot@gmail.com>
45609 Unreviewed, rolling out r95145.
45610 http://trac.webkit.org/changeset/95145
45611 https://bugs.webkit.org/show_bug.cgi?id=68139
45613 The GTK+ build is working now, so revert this trial build fix.
45614 (Requested by mrobinson on #webkit).
45616 * GNUmakefile.list.am:
45618 2011-09-14 Patrick Gansterer <paroga@webkit.org>
45620 Port MachineStackMarker to Windows ARM and MIPS
45621 https://bugs.webkit.org/show_bug.cgi?id=68068
45623 Reviewed by Geoffrey Garen.
45625 Use the correct memeber of the CONTEXT struct for the stackpointer for CPU(ARM) and CPU(MIPS).
45626 Only query CONTEXT_INTEGER and CONTEXT_CONTROL, since CONTEXT_SEGMENTS isn't defined for
45627 CPU(ARM) and CPU(MIPS) and the stackpointer is defined in the CONTEXT_CONTROL section for
45628 CPU(ARM), CPU(X86) and CPU(X86_64) and in the CONTEXT_INTEGER section for CPU(MIPS).
45630 * heap/MachineStackMarker.cpp:
45631 (JSC::getPlatformThreadRegisters):
45632 (JSC::otherThreadStackPointer):
45634 2011-09-12 Filip Pizlo <fpizlo@apple.com>
45636 DFG JIT always speculates that ValueAdd is a numeric addition
45637 https://bugs.webkit.org/show_bug.cgi?id=67956
45639 Reviewed by Geoffrey Garen.
45641 * dfg/DFGJITCodeGenerator.cpp:
45642 (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
45643 * dfg/DFGJITCodeGenerator.h:
45644 * dfg/DFGNonSpeculativeJIT.cpp:
45645 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
45646 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
45647 * dfg/DFGOperations.cpp:
45648 * dfg/DFGOperations.h:
45649 * dfg/DFGSpeculativeJIT.cpp:
45650 (JSC::DFG::SpeculativeJIT::compile):
45651 * dfg/DFGSpeculativeJIT.h:
45652 (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
45654 2011-09-14 Anders Carlsson <andersca@apple.com>
45656 Stop building BinarySemaphore to see if that's what's breaking the GTK+ build.
45658 * GNUmakefile.list.am:
45660 2011-09-14 Anders Carlsson <andersca@apple.com>
45662 This is getting old. Yet another build fix attempt.
45664 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
45666 2011-09-14 Anders Carlsson <andersca@apple.com>
45668 Yet another build fix attempt.
45670 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
45672 2011-09-14 Anders Carlsson <andersca@apple.com>
45674 How I "love" Visual Studio...
45676 Try to fix build again.
45678 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
45680 2011-09-14 Anders Carlsson <andersca@apple.com>
45682 Try to fix Windows build.
45684 * JavaScriptCore.vcproj/WTF/WTFCommon.vsprops:
45686 2011-09-14 Anders Carlsson <andersca@apple.com>
45688 Add BinarySemaphore class from WebKit2 to WTF
45689 https://bugs.webkit.org/show_bug.cgi?id=68132
45691 Reviewed by Sam Weinig.
45693 * GNUmakefile.list.am:
45694 * JavaScriptCore.gypi:
45695 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
45696 * JavaScriptCore.xcodeproj/project.pbxproj:
45697 * wtf/CMakeLists.txt:
45698 Update build systems.
45700 * wtf/threads: Added.
45701 * wtf/threads/BinarySemaphore.cpp: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.cpp.
45702 * wtf/threads/BinarySemaphore.h: Copied from Source/WebKit2/Platform/CoreIPC/BinarySemaphore.h.
45703 * wtf/threads/win: Added.
45704 * wtf/threads/win/BinarySemaphoreWin.cpp: Copied from Source/WebKit2/Platform/CoreIPC/win/BinarySemaphoreWin.cpp.
45706 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45708 Unreviewed build fix for Interpreter.
45710 * interpreter/Interpreter.cpp:
45711 (JSC::Interpreter::privateExecute):
45713 2011-09-14 Anders Carlsson <andersca@apple.com>
45715 Add wtf/threads and wtf/threads/win, so we can be sure that the EWS
45716 bots can correctly build the patch in https://bugs.webkit.org/show_bug.cgi?id=68132
45718 Rubber-stamped by Sam Weinig.
45720 * wtf/threads: Added.
45721 * wtf/threads/win: Added.
45723 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45725 DFG JIT should not speculate integer if the value is always going to be
45726 used as a double anyway
45727 https://bugs.webkit.org/show_bug.cgi?id=68127
45729 Reviewed by Oliver Hunt.
45731 Added a ValueToDouble node, which is a variant of ValueToNumber that
45732 hints that it will only be used as a double and never as an integer.
45733 Thus, it turns off integer speculation even if the value profiler
45734 told us that the value source is an int. The logic for converting a
45735 ValueToNumber into a ValueToDouble is found in Propagator.
45737 This appears to be a 22% speed-up in imaging-darkroom.
45740 * dfg/DFGNonSpeculativeJIT.cpp:
45741 (JSC::DFG::NonSpeculativeJIT::compile):
45742 * dfg/DFGPropagator.cpp:
45743 (JSC::DFG::Propagator::fixpoint):
45744 (JSC::DFG::Propagator::toDouble):
45745 (JSC::DFG::Propagator::fixupNode):
45746 (JSC::DFG::Propagator::fixup):
45747 * dfg/DFGSpeculativeJIT.cpp:
45748 (JSC::DFG::SpeculativeJIT::compile):
45749 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
45751 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45753 Tiered compilation heuristics do not account for value profile fullness
45754 https://bugs.webkit.org/show_bug.cgi?id=68116
45756 Reviewed by Oliver Hunt.
45758 Tiered compilation avoids invoking the DFG JIT if it finds that value
45759 profiles contain insufficient information. Instead, it produces a
45760 prediction from the current value profile, and then clears the value
45761 profile. This allows the value profile to heat up from scratch for
45762 some number of additional executions. The new profiles will then be
45763 merged with the previous prediction. Once the amount of information
45764 in predictions is enough according to heuristics in CodeBlock.cpp,
45765 DFG optimization is allowed to proceed.
45768 * GNUmakefile.list.am:
45769 * JavaScriptCore.pro:
45770 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
45771 * JavaScriptCore.xcodeproj/project.pbxproj:
45772 * bytecode/CodeBlock.cpp:
45773 (JSC::CodeBlock::CodeBlock):
45774 (JSC::CodeBlock::~CodeBlock):
45775 (JSC::CodeBlock::visitAggregate):
45776 (JSC::CodeBlock::visitWeakReferences):
45777 (JSC::CodeBlock::shouldOptimizeNow):
45778 (JSC::CodeBlock::dumpValueProfiles):
45779 * bytecode/CodeBlock.h:
45780 * bytecode/PredictedType.cpp:
45781 (JSC::predictionToString):
45782 * bytecode/PredictedType.h:
45783 * bytecode/ValueProfile.cpp: Added.
45784 (JSC::ValueProfile::computeStatistics):
45785 (JSC::ValueProfile::computeUpdatedPrediction):
45786 * bytecode/ValueProfile.h:
45787 (JSC::ValueProfile::ValueProfile):
45788 (JSC::ValueProfile::classInfo):
45789 (JSC::ValueProfile::numberOfSamples):
45790 (JSC::ValueProfile::totalNumberOfSamples):
45791 (JSC::ValueProfile::isLive):
45792 (JSC::ValueProfile::numberOfInt32s):
45793 (JSC::ValueProfile::numberOfDoubles):
45794 (JSC::ValueProfile::numberOfBooleans):
45795 (JSC::ValueProfile::dump):
45796 (JSC::getValueProfileBytecodeOffset):
45797 * dfg/DFGByteCodeParser.cpp:
45798 (JSC::DFG::ByteCodeParser::stronglyPredict):
45799 * dfg/DFGGraph.cpp:
45800 (JSC::DFG::Graph::predictArgumentTypes):
45801 * dfg/DFGJITCompiler.cpp:
45802 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
45803 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
45805 (JSC::JIT::emitOptimizationCheck):
45806 * jit/JITInlineMethods.h:
45807 (JSC::JIT::emitValueProfilingSite):
45808 * jit/JITStubs.cpp:
45809 (JSC::DEFINE_STUB_FUNCTION):
45811 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45813 DFG should not speculate that the child of LogicalNot is a boolean if
45814 predictions tell us otherwise
45815 https://bugs.webkit.org/show_bug.cgi?id=68118
45817 Reviewed by Geoffrey Garen.
45819 * dfg/DFGJITCodeGenerator.cpp:
45820 (JSC::DFG::JITCodeGenerator::nonSpeculativeLogicalNot):
45821 * dfg/DFGJITCodeGenerator.h:
45822 * dfg/DFGNonSpeculativeJIT.cpp:
45823 (JSC::DFG::NonSpeculativeJIT::compile):
45824 * dfg/DFGSpeculativeJIT.cpp:
45825 (JSC::DFG::SpeculativeJIT::compile):
45827 2011-09-14 Filip Pizlo <fpizlo@apple.com>
45829 Unreviewed build fix. Turn off tiered compilation.
45833 2011-09-13 Filip Pizlo <fpizlo@apple.com>
45835 Prediction tracking is not precise enough
45836 https://bugs.webkit.org/show_bug.cgi?id=67993
45838 Reviewed by Oliver Hunt.
45840 Added a richer set of type predictions, including JSFinalObject, JSString,
45841 object that is not a JSFinalObject or JSArray (ObjectOther), some object
45842 but we don't or care know what kind (SomeObject), definitely an object,
45843 cell that is not an object or JSString, an value that is none of the above
45844 (so either Undefined or Null). Made the propagator and value profiler work
45845 with the new types.
45847 Performance is neutral, because the DFG JIT does not take advantage of this
45850 In the process of writing predictionToString() (which is now considerably
45851 more complex) I decided to finally add a BoundsCheckedPointer, which
45852 should come in handy in other places, like at least the OSR scratch buffer
45853 and the CompactJITCodeMap. It's great for cases where you want to
45854 do pointer arithmetic, you want to have assertions about the
45855 pointer not going out of bounds, but you don't want to write those
45856 assertions yourself.
45858 This also required refactoring inherits(), since the ValueProfiler may
45859 want to do the equivalent of inherits() but given two ClassInfo's.
45861 * GNUmakefile.list.am:
45862 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
45863 * JavaScriptCore.xcodeproj/project.pbxproj:
45864 * bytecode/PredictedType.cpp: Added.
45865 (JSC::predictionToString):
45866 (JSC::makePrediction):
45867 (JSC::predictionFromValue):
45868 * bytecode/PredictedType.h:
45869 (JSC::isCellPrediction):
45870 (JSC::isObjectPrediction):
45871 (JSC::isFinalObjectPrediction):
45872 (JSC::isStringPrediction):
45873 (JSC::mergePredictions):
45874 * bytecode/ValueProfile.h:
45875 (JSC::ValueProfile::numberOfObjects):
45876 (JSC::ValueProfile::numberOfFinalObjects):
45877 (JSC::ValueProfile::numberOfStrings):
45878 (JSC::ValueProfile::probabilityOfObject):
45879 (JSC::ValueProfile::probabilityOfFinalObject):
45880 (JSC::ValueProfile::probabilityOfString):
45881 (JSC::ValueProfile::dump):
45882 (JSC::ValueProfile::Statistics::Statistics):
45883 (JSC::ValueProfile::computeStatistics):
45884 * dfg/DFGByteCodeParser.cpp:
45885 (JSC::DFG::ByteCodeParser::stronglyPredict):
45886 * dfg/DFGGraph.cpp:
45887 (JSC::DFG::Graph::dump):
45888 (JSC::DFG::Graph::predictArgumentTypes):
45890 (JSC::DFG::Node::predict):
45891 * dfg/DFGPropagator.cpp:
45892 (JSC::DFG::Propagator::propagateNode):
45893 * runtime/ClassInfo.h:
45894 (JSC::ClassInfo::isSubClassOf):
45895 * runtime/JSObject.h:
45896 (JSC::JSCell::inherits):
45897 * wtf/BoundsCheckedPointer.h: Added.
45898 (WTF::BoundsCheckedPointer::BoundsCheckedPointer):
45899 (WTF::BoundsCheckedPointer::operator=):
45900 (WTF::BoundsCheckedPointer::operator+=):
45901 (WTF::BoundsCheckedPointer::operator-=):
45902 (WTF::BoundsCheckedPointer::operator+):
45903 (WTF::BoundsCheckedPointer::operator-):
45904 (WTF::BoundsCheckedPointer::operator++):
45905 (WTF::BoundsCheckedPointer::operator--):
45906 (WTF::BoundsCheckedPointer::operator<):
45907 (WTF::BoundsCheckedPointer::operator<=):
45908 (WTF::BoundsCheckedPointer::operator>):
45909 (WTF::BoundsCheckedPointer::operator>=):
45910 (WTF::BoundsCheckedPointer::operator==):
45911 (WTF::BoundsCheckedPointer::operator!=):
45912 (WTF::BoundsCheckedPointer::operator!):
45913 (WTF::BoundsCheckedPointer::get):
45914 (WTF::BoundsCheckedPointer::operator*):
45915 (WTF::BoundsCheckedPointer::operator[]):
45916 (WTF::BoundsCheckedPointer::strcat):
45917 (WTF::BoundsCheckedPointer::validate):
45918 * wtf/CMakeLists.txt:
45920 2011-09-14 Csaba Osztrogonác <ossy@webkit.org>
45922 [Qt] Win32 builds with threads turned off
45923 https://bugs.webkit.org/show_bug.cgi?id=67864
45925 Reviewed by Geoffrey Garen.
45927 * JavaScriptCore.pri: Link pthread library on Windows platform.
45928 * wtf/Platform.h: Enable multiple threads.
45930 2011-09-14 Mark Hahnenberg <mhahnenberg@apple.com>
45932 Unzip initialization lists and constructors in JSCell hierarchy (6/7)
45933 https://bugs.webkit.org/show_bug.cgi?id=67692
45935 Reviewed by Geoffrey Garen.
45937 Completed the sixth level of the refactoring to add finishCreation()
45938 methods to all classes within the JSCell hierarchy with non-trivial
45939 constructor bodies.
45941 This primarily consists of pushing the calls to finishCreation() down
45942 into the constructors of the subclasses of the fifth level of the hierarchy
45943 as well as pulling the finishCreation() calls out into the class's corresponding
45944 create() method if it has one. Doing both simultaneously allows us to
45945 maintain the invariant that the finishCreation() method chain is called exactly
45946 once during the creation of an object, since calling it any other number of
45947 times (0, 2, or more) will cause an assertion failure.
45949 * API/JSCallbackFunction.cpp:
45950 (JSC::JSCallbackFunction::JSCallbackFunction):
45951 * API/JSCallbackFunction.h:
45952 (JSC::JSCallbackFunction::create):
45954 (GlobalObject::create):
45955 (GlobalObject::GlobalObject):
45956 * runtime/ArrayConstructor.cpp:
45957 (JSC::ArrayConstructor::ArrayConstructor):
45958 * runtime/ArrayConstructor.h:
45959 (JSC::ArrayConstructor::create):
45960 * runtime/BooleanConstructor.cpp:
45961 (JSC::BooleanConstructor::BooleanConstructor):
45962 * runtime/BooleanConstructor.h:
45963 (JSC::BooleanConstructor::create):
45964 * runtime/BooleanPrototype.cpp:
45965 (JSC::BooleanPrototype::BooleanPrototype):
45966 * runtime/BooleanPrototype.h:
45967 (JSC::BooleanPrototype::create):
45968 * runtime/DateConstructor.cpp:
45969 (JSC::DateConstructor::DateConstructor):
45970 * runtime/DateConstructor.h:
45971 (JSC::DateConstructor::create):
45972 * runtime/DatePrototype.cpp:
45973 (JSC::DatePrototype::DatePrototype):
45974 * runtime/DatePrototype.h:
45975 (JSC::DatePrototype::create):
45976 * runtime/Error.cpp:
45977 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
45978 (JSC::StrictModeTypeErrorFunction::create):
45979 * runtime/ErrorConstructor.cpp:
45980 (JSC::ErrorConstructor::ErrorConstructor):
45981 * runtime/ErrorConstructor.h:
45982 (JSC::ErrorConstructor::create):
45983 * runtime/FunctionConstructor.cpp:
45984 (JSC::FunctionConstructor::FunctionConstructor):
45985 * runtime/FunctionConstructor.h:
45986 (JSC::FunctionConstructor::create):
45987 * runtime/FunctionPrototype.cpp:
45988 (JSC::FunctionPrototype::FunctionPrototype):
45989 * runtime/FunctionPrototype.h:
45990 (JSC::FunctionPrototype::create):
45991 * runtime/NativeErrorConstructor.cpp:
45992 (JSC::NativeErrorConstructor::NativeErrorConstructor):
45993 * runtime/NativeErrorConstructor.h:
45994 (JSC::NativeErrorConstructor::create):
45995 * runtime/NativeErrorPrototype.cpp:
45996 (JSC::NativeErrorPrototype::NativeErrorPrototype):
45997 (JSC::NativeErrorPrototype::finishCreation):
45998 * runtime/NativeErrorPrototype.h:
45999 (JSC::NativeErrorPrototype::create):
46000 * runtime/NumberConstructor.cpp:
46001 (JSC::NumberConstructor::NumberConstructor):
46002 * runtime/NumberConstructor.h:
46003 (JSC::NumberConstructor::create):
46004 * runtime/NumberPrototype.cpp:
46005 (JSC::NumberPrototype::NumberPrototype):
46006 * runtime/NumberPrototype.h:
46007 (JSC::NumberPrototype::create):
46008 * runtime/ObjectConstructor.cpp:
46009 (JSC::ObjectConstructor::ObjectConstructor):
46010 * runtime/ObjectConstructor.h:
46011 (JSC::ObjectConstructor::create):
46012 * runtime/RegExpConstructor.cpp:
46013 (JSC::RegExpConstructor::RegExpConstructor):
46014 * runtime/RegExpConstructor.h:
46015 (JSC::RegExpConstructor::create):
46016 * runtime/RegExpPrototype.cpp:
46017 (JSC::RegExpPrototype::RegExpPrototype):
46018 * runtime/RegExpPrototype.h:
46019 (JSC::RegExpPrototype::create):
46020 * runtime/StringConstructor.cpp:
46021 (JSC::StringConstructor::StringConstructor):
46022 * runtime/StringConstructor.h:
46023 (JSC::StringConstructor::create):
46024 * runtime/StringObjectThatMasqueradesAsUndefined.h:
46025 (JSC::StringObjectThatMasqueradesAsUndefined::create):
46026 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
46027 * runtime/StringPrototype.cpp:
46028 (JSC::StringPrototype::StringPrototype):
46029 * runtime/StringPrototype.h:
46030 (JSC::StringPrototype::create):
46032 2011-09-13 Eric Seidel <eric@webkit.org>
46034 Remove ENABLE_SVG_USE as <use> is required by HTML5
46035 https://bugs.webkit.org/show_bug.cgi?id=68019
46037 Reviewed by Ryosuke Niwa.
46039 * Configurations/FeatureDefines.xcconfig:
46041 2011-09-14 Iain Merrick <husky@google.com>
46043 HashTraits.h should include template specialization for WTF::String
46044 https://bugs.webkit.org/show_bug.cgi?id=67851
46046 Ensure that the template specialization for HashTraits<String> is always
46047 picked up. (Previously it was possible to include HashSet and String but
46048 not the correct HashTraits, so you would get an inefficient template
46051 Reviewed by Darin Adler.
46053 * wtf/HashTraits.h:
46054 * wtf/text/StringHash.h:
46056 2011-09-13 Filip Pizlo <fpizlo@apple.com>
46058 SpeculativeJIT::shouldSpeculateInteger(NodeIndex, NodeIndex) should
46059 return false if either node can be double
46060 https://bugs.webkit.org/show_bug.cgi?id=67985
46062 Reviewed by Geoffrey Garen.
46064 This is a 17% speed-up on 3d-cube.
46066 This required allowing us to check if a constant is double but not
46067 integer, and making the shouldSpeculateInteger() check test for
46068 any hints of doubly-ness in its operands. This also required
46069 changing some terminology: previously "isDouble" often meant
46070 "isDouble or isInt32". Now "isDouble" means exactly what the name
46071 suggests, and "isNumber" means "isDouble or isInt32".
46073 * dfg/DFGByteCodeParser.cpp:
46074 (JSC::DFG::ByteCodeParser::toNumber):
46075 (JSC::DFG::ByteCodeParser::parseBlock):
46076 * dfg/DFGGenerationInfo.h:
46077 (JSC::DFG::isJSFormat):
46078 (JSC::DFG::isJSInteger):
46079 (JSC::DFG::isJSDouble):
46080 (JSC::DFG::isJSCell):
46081 (JSC::DFG::isJSBoolean):
46082 (JSC::DFG::GenerationInfo::isJSFormat):
46083 (JSC::DFG::GenerationInfo::isJSInteger):
46084 (JSC::DFG::GenerationInfo::isJSDouble):
46085 (JSC::DFG::GenerationInfo::isJSCell):
46086 (JSC::DFG::GenerationInfo::isJSBoolean):
46088 (JSC::DFG::Graph::isNumberConstant):
46089 (JSC::DFG::Graph::valueOfNumberConstant):
46090 * dfg/DFGJITCodeGenerator.cpp:
46091 (JSC::DFG::JITCodeGenerator::fillInteger):
46092 (JSC::DFG::JITCodeGenerator::fillDouble):
46093 (JSC::DFG::JITCodeGenerator::fillJSValue):
46094 (JSC::DFG::JITCodeGenerator::isKnownInteger):
46095 (JSC::DFG::JITCodeGenerator::isKnownNumeric):
46096 (JSC::DFG::JITCodeGenerator::isKnownCell):
46097 (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
46098 (JSC::DFG::JITCodeGenerator::isKnownBoolean):
46099 * dfg/DFGJITCodeGenerator.h:
46100 (JSC::DFG::JITCodeGenerator::silentFillFPR):
46101 (JSC::DFG::JITCodeGenerator::isNumberConstant):
46102 (JSC::DFG::JITCodeGenerator::valueOfNumberConstant):
46103 (JSC::DFG::JITCodeGenerator::initConstantInfo):
46104 * dfg/DFGJITCompiler.cpp:
46105 (JSC::DFG::JITCompiler::fillNumericToDouble):
46106 (JSC::DFG::JITCompiler::fillToJS):
46107 * dfg/DFGJITCompiler.h:
46108 (JSC::DFG::JITCompiler::isNumberConstant):
46109 (JSC::DFG::JITCompiler::valueOfNumberConstant):
46111 (JSC::DFG::Node::isDoubleConstant):
46112 (JSC::DFG::Node::isNumberConstant):
46113 (JSC::DFG::Node::valueOfNumberConstant):
46114 (JSC::DFG::Node::hasNumberResult):
46115 * dfg/DFGNonSpeculativeJIT.cpp:
46116 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
46117 (JSC::DFG::NonSpeculativeJIT::compile):
46118 * dfg/DFGSpeculativeJIT.cpp:
46119 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
46120 * dfg/DFGSpeculativeJIT.h:
46121 (JSC::DFG::SpeculativeJIT::isInteger):
46122 (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
46123 (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
46124 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
46126 2011-09-13 Anders Carlsson <andersca@apple.com>
46128 Disable C++ exceptions when building with clang
46129 https://bugs.webkit.org/show_bug.cgi?id=68031
46130 <rdar://problem/9556880>
46132 Reviewed by Mark Rowe.
46134 * Configurations/Base.xcconfig:
46136 2011-09-13 Eric Seidel <eric@webkit.org>
46138 Remove ENABLE_SVG_FOREIGN_OBJECT as it is a required part of HTML5
46139 https://bugs.webkit.org/show_bug.cgi?id=68018
46141 Reviewed by Ryosuke Niwa.
46143 * Configurations/FeatureDefines.xcconfig:
46145 2011-09-13 Sam Weinig <sam@webkit.org>
46147 Object.getPrototypeOf should use JSValue::get()
46148 https://bugs.webkit.org/show_bug.cgi?id=67973
46150 Reviewed by Darin Adler.
46152 * runtime/ObjectConstructor.cpp:
46153 (JSC::objectConstructorGetPrototypeOf):
46154 Pipe through JSValue::get() to allow overrides.
46156 2011-09-12 Filip Pizlo <fpizlo@apple.com>
46158 JavaScriptCore does not have baseline->speculative OSR
46159 https://bugs.webkit.org/show_bug.cgi?id=67920
46161 Reviewed by Oliver Hunt.
46163 This adds the ability to on-stack-replace (OSR) from code that is
46164 running hot in the old JIT to code compiled by the new JIT. This
46165 ensures that long-running loops benefit from DFG optimization.
46166 It also ensures that if code experiences a speculation failure
46167 in DFG code, it has an opportunity to reenter the DFG once every
46168 1,000 loop iterations or so.
46170 This results in a 2.88x speed-up on Kraken/imaging-desaturate,
46171 and is a pure win on the main three benchmark suites (SunSpider,
46172 V8, Kraken), when tiered compilation is enabled.
46174 * JavaScriptCore.xcodeproj/project.pbxproj:
46175 * bytecode/CodeBlock.cpp:
46176 (JSC::CodeBlock::dump):
46177 (JSC::CodeBlock::CodeBlock):
46178 (JSC::ProgramCodeBlock::compileOptimized):
46179 (JSC::EvalCodeBlock::compileOptimized):
46180 (JSC::FunctionCodeBlock::compileOptimized):
46181 * bytecode/CodeBlock.h:
46182 * bytecode/Opcode.h:
46183 * bytecode/PredictedType.h: Added.
46184 (JSC::isCellPrediction):
46185 (JSC::isArrayPrediction):
46186 (JSC::isInt32Prediction):
46187 (JSC::isDoublePrediction):
46188 (JSC::isNumberPrediction):
46189 (JSC::isBooleanPrediction):
46190 (JSC::isStrongPrediction):
46191 (JSC::predictionToString):
46192 (JSC::mergePredictions):
46193 (JSC::mergePrediction):
46194 (JSC::makePrediction):
46195 * bytecode/PredictionTracker.h: Added.
46196 (JSC::operandIsArgument):
46197 (JSC::PredictionSlot::PredictionSlot):
46198 (JSC::PredictionTracker::PredictionTracker):
46199 (JSC::PredictionTracker::initializeSimilarTo):
46200 (JSC::PredictionTracker::copyLocalsFrom):
46201 (JSC::PredictionTracker::numberOfArguments):
46202 (JSC::PredictionTracker::numberOfVariables):
46203 (JSC::PredictionTracker::argumentOffsetForOperand):
46204 (JSC::PredictionTracker::predictArgument):
46205 (JSC::PredictionTracker::predict):
46206 (JSC::PredictionTracker::predictGlobalVar):
46207 (JSC::PredictionTracker::getArgumentPrediction):
46208 (JSC::PredictionTracker::getPrediction):
46209 (JSC::PredictionTracker::getGlobalVarPrediction):
46210 * bytecompiler/BytecodeGenerator.cpp:
46211 (JSC::BytecodeGenerator::emitLoopHint):
46212 * bytecompiler/BytecodeGenerator.h:
46213 * bytecompiler/NodesCodegen.cpp:
46214 (JSC::DoWhileNode::emitBytecode):
46215 (JSC::WhileNode::emitBytecode):
46216 (JSC::ForNode::emitBytecode):
46217 (JSC::ForInNode::emitBytecode):
46218 * dfg/DFGByteCodeParser.cpp:
46219 (JSC::DFG::ByteCodeParser::parseBlock):
46220 * dfg/DFGCapabilities.h:
46221 (JSC::DFG::canCompileOpcode):
46222 * dfg/DFGDriver.cpp:
46223 (JSC::DFG::compile):
46224 * dfg/DFGGraph.cpp:
46225 (JSC::DFG::Graph::dump):
46227 (JSC::DFG::BasicBlock::BasicBlock):
46228 (JSC::DFG::Graph::predict):
46229 (JSC::DFG::Graph::getPrediction):
46230 * dfg/DFGJITCompiler.cpp:
46231 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
46232 (JSC::DFG::JITCompiler::compileEntry):
46233 (JSC::DFG::JITCompiler::compileBody):
46234 * dfg/DFGJITCompiler.h:
46235 (JSC::DFG::JITCompiler::noticeOSREntry):
46237 * dfg/DFGOSREntry.cpp: Added.
46238 (JSC::DFG::predictionIsValid):
46239 (JSC::DFG::prepareOSREntry):
46240 * dfg/DFGOSREntry.h: Added.
46241 (JSC::DFG::prepareOSREntry):
46242 * dfg/DFGPredictionTracker.h: Removed.
46243 * dfg/DFGPropagator.cpp:
46244 (JSC::DFG::Propagator::mergeUse):
46245 (JSC::DFG::Propagator::mergePrediction):
46246 * dfg/DFGSpeculativeJIT.cpp:
46247 (JSC::DFG::SpeculativeJIT::compile):
46248 * jit/CompactJITCodeMap.h:
46249 (JSC::CompactJITCodeMap::numberOfEntries):
46250 (JSC::CompactJITCodeMap::decode):
46251 (JSC::CompactJITCodeMap::Decoder::Decoder):
46252 (JSC::CompactJITCodeMap::Decoder::numberOfEntriesRemaining):
46253 (JSC::CompactJITCodeMap::Decoder::read):
46255 (JSC::JIT::emitOptimizationCheck):
46256 (JSC::JIT::emitTimeoutCheck):
46257 (JSC::JIT::privateCompileMainPass):
46259 (JSC::JIT::emit_op_loop_hint):
46260 * jit/JITStubs.cpp:
46261 (JSC::DEFINE_STUB_FUNCTION):
46262 * runtime/Executable.cpp:
46263 (JSC::EvalExecutable::compileInternal):
46264 (JSC::ProgramExecutable::compileInternal):
46265 (JSC::FunctionExecutable::compileForCallInternal):
46266 (JSC::FunctionExecutable::compileForConstructInternal):
46268 2011-09-12 Sam Weinig <sam@webkit.org>
46270 Don't allow setting __proto__ to be a getter or setter
46271 https://bugs.webkit.org/show_bug.cgi?id=67982
46273 Reviewed by Gavin Barraclough.
46275 * runtime/JSObject.cpp:
46276 (JSC::JSObject::defineGetter):
46277 (JSC::JSObject::defineSetter):
46278 Disallow setting a getter or setter on __proto__.
46280 2011-09-12 James Robinson <jamesr@chromium.org>
46282 Unreviewed build fix for chromium.
46284 Guard access to UString::latin1() with USE(JSC) since it is defined in JavaScriptCore/runtime/UString.cpp, which
46285 is currently only compiled in by ports that use JavaScriptCore. This code is currently unreachable in builds so
46286 no change in functionality.
46288 * yarr/YarrInterpreter.cpp:
46289 (JSC::Yarr::Interpreter::CharAccess::CharAccess):
46291 2011-09-09 Filip Pizlo <fpizlo@apple.com>
46293 JavaScriptCore does not have speculative->baseline OSR
46294 https://bugs.webkit.org/show_bug.cgi?id=67826
46296 Reviewed by Oliver Hunt.
46298 This adds the ability to bail out of DFG speculative JIT execution by
46299 performing an on-stack replacement (OSR) that results in the control
46300 flow going to the equivalent code generated by the old JIT.
46302 This required a number of new features, as well as taking advantage of
46303 some features that happened to already be present:
46305 We already had a policy of storing the bytecode index for which a DFG
46306 node was generated inside the DFG::Node class. This was previously
46307 called exceptionInfo. It's now renamed to codeOrigin to reflect that
46308 it's used for more than just excpetions. OSR uses this to figure out
46309 which bytecode index to use to look up the machine code location in
46310 the code generated by the old JIT that we should be jumping to.
46312 CodeBlock now stores a mapping between bytecode indices and machine
46313 code offsets for code generated by the old JIT. This is implemented
46314 by CompactJITCodeMap, which tries to compress this data a bit. The
46315 OSR compiler decodes this and uses it to find the machine code
46316 locations it should be jumping to.
46318 We already had a mechanism that emitted SetLocal nodes in the DFG graph
46319 that told us the time at which the old JIT would have stored something
46320 into its register file, and the DFG::Node that corresponds to the value
46321 that it would have stored. These SetLocal's were mostly dead-code-
46322 eliminated, but our DCE leaves the nodes intact except for making them
46323 have 0 as the ref count. This allows the OSR compiler to construct a
46324 mapping between the state as it would have been seen by the old JIT
46325 and the state as the DFG JIT sees it. The OSR compiler uses this to
46326 generate code that reshapes the call frame so that it is like what the
46327 old JIT would expect.
46329 Finally, when DFG_OSR is enabled (the default for TIERED_COMPILATION)
46330 we no longer emit the non-speculative path.
46332 * JavaScriptCore.xcodeproj/project.pbxproj:
46333 * bytecode/CodeBlock.h:
46334 * dfg/DFGByteCodeParser.cpp:
46335 (JSC::DFG::ByteCodeParser::currentCodeOrigin):
46336 (JSC::DFG::ByteCodeParser::addToGraph):
46337 * dfg/DFGGPRInfo.h:
46338 * dfg/DFGGenerationInfo.h:
46339 (JSC::DFG::GenerationInfo::alive):
46340 * dfg/DFGGraph.cpp:
46341 (JSC::DFG::Graph::dump):
46342 * dfg/DFGJITCodeGenerator.cpp:
46343 (JSC::DFG::JITCodeGenerator::emitCall):
46344 * dfg/DFGJITCodeGenerator.h:
46345 (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
46346 * dfg/DFGJITCompiler.cpp:
46347 (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
46348 (JSC::DFG::JITCompiler::linkOSRExits):
46349 (JSC::DFG::JITCompiler::compileBody):
46350 (JSC::DFG::JITCompiler::link):
46351 * dfg/DFGJITCompiler.h:
46352 (JSC::DFG::CallRecord::CallRecord):
46353 (JSC::DFG::JITCompiler::notifyCall):
46354 (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
46355 (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
46356 (JSC::DFG::JITCompiler::addJSCall):
46357 (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
46359 (JSC::DFG::CodeOrigin::CodeOrigin):
46360 (JSC::DFG::CodeOrigin::isSet):
46361 (JSC::DFG::CodeOrigin::bytecodeIndex):
46362 (JSC::DFG::Node::Node):
46363 (JSC::DFG::Node::child1Unchecked):
46364 * dfg/DFGNonSpeculativeJIT.cpp:
46365 (JSC::DFG::NonSpeculativeJIT::compile):
46366 * dfg/DFGSpeculativeJIT.cpp:
46367 (JSC::DFG::ValueSource::dump):
46368 (JSC::DFG::ValueRecovery::dump):
46369 (JSC::DFG::OSRExit::OSRExit):
46370 (JSC::DFG::SpeculativeJIT::compile):
46371 (JSC::DFG::SpeculativeJIT::compileMovHint):
46372 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
46373 * dfg/DFGSpeculativeJIT.h:
46374 (JSC::DFG::ValueSource::ValueSource):
46375 (JSC::DFG::ValueSource::isSet):
46376 (JSC::DFG::ValueSource::nodeIndex):
46377 (JSC::DFG::ValueRecovery::ValueRecovery):
46378 (JSC::DFG::ValueRecovery::alreadyInRegisterFile):
46379 (JSC::DFG::ValueRecovery::inGPR):
46380 (JSC::DFG::ValueRecovery::inFPR):
46381 (JSC::DFG::ValueRecovery::displacedInRegisterFile):
46382 (JSC::DFG::ValueRecovery::constant):
46383 (JSC::DFG::ValueRecovery::technique):
46384 (JSC::DFG::ValueRecovery::gpr):
46385 (JSC::DFG::ValueRecovery::fpr):
46386 (JSC::DFG::ValueRecovery::virtualRegister):
46387 (JSC::DFG::OSRExit::numberOfRecoveries):
46388 (JSC::DFG::OSRExit::valueRecovery):
46389 (JSC::DFG::OSRExit::isArgument):
46390 (JSC::DFG::OSRExit::argumentForIndex):
46391 (JSC::DFG::OSRExit::variableForIndex):
46392 (JSC::DFG::OSRExit::operandForIndex):
46393 (JSC::DFG::SpeculativeJIT::osrExits):
46394 (JSC::DFG::SpeculativeJIT::speculationCheck):
46395 (JSC::DFG::SpeculativeJIT::valueSourceForOperand):
46396 (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
46397 (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand):
46398 (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
46399 (JSC::DFG::SpeculationCheckIndexIterator::SpeculationCheckIndexIterator):
46400 (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
46401 * jit/CompactJITCodeMap.h: Added.
46402 (JSC::BytecodeAndMachineOffset::BytecodeAndMachineOffset):
46403 (JSC::BytecodeAndMachineOffset::getBytecodeIndex):
46404 (JSC::BytecodeAndMachineOffset::getMachineCodeOffset):
46405 (JSC::CompactJITCodeMap::~CompactJITCodeMap):
46406 (JSC::CompactJITCodeMap::decode):
46407 (JSC::CompactJITCodeMap::CompactJITCodeMap):
46408 (JSC::CompactJITCodeMap::at):
46409 (JSC::CompactJITCodeMap::decodeNumber):
46410 (JSC::CompactJITCodeMap::Encoder::Encoder):
46411 (JSC::CompactJITCodeMap::Encoder::~Encoder):
46412 (JSC::CompactJITCodeMap::Encoder::append):
46413 (JSC::CompactJITCodeMap::Encoder::finish):
46414 (JSC::CompactJITCodeMap::Encoder::appendByte):
46415 (JSC::CompactJITCodeMap::Encoder::encodeNumber):
46416 (JSC::CompactJITCodeMap::Encoder::ensureCapacityFor):
46418 (JSC::JIT::privateCompileMainPass):
46419 (JSC::JIT::privateCompile):
46421 * runtime/JSGlobalData.cpp:
46422 (JSC::JSGlobalData::JSGlobalData):
46423 (JSC::JSGlobalData::~JSGlobalData):
46424 * runtime/JSGlobalData.h:
46425 (JSC::JSGlobalData::osrScratchBufferForSize):
46426 * runtime/JSValue.cpp:
46427 (JSC::JSValue::description):
46429 2011-09-12 Geoffrey Garen <ggaren@apple.com>
46431 Re-enabled ENABLE(LAZY_BLOCK_FREEING).
46433 Reviewed by Stephanie Lewis.
46435 I accidentally disabled this in r94890, causing a big performance regression.
46439 2011-09-12 Michael Saboff <msaboff@apple.com>
46441 Broken Build for ARM - lshift32() needs TrustedImm32 arg
46442 https://bugs.webkit.org/show_bug.cgi?id=67965
46444 Change lshift32(16, ARMRegisters::S1); to lshift32(TrustedImm32(16), ARMRegisters::S1);
46446 Reviewed by Anders Carlsson.
46448 * assembler/MacroAssemblerARM.h:
46449 (JSC::MacroAssemblerARM::branch16):
46451 2011-09-12 Michael Saboff <msaboff@apple.com>
46453 Broken ARM build - missing semicolon in JavaScriptCore/assembler/MacroAssemblerARM.h
46454 https://bugs.webkit.org/show_bug.cgi?id=67961
46456 Added missing semicolon.
46458 Reviewed by Ryosuke Niwa.
46460 * assembler/MacroAssemblerARM.h:
46461 (JSC::MacroAssemblerARM::branch16):
46463 2011-09-12 Michael Saboff <msaboff@apple.com>
46465 Update RegExp and related classes to use 8 bit strings when available
46466 https://bugs.webkit.org/show_bug.cgi?id=67337
46468 Modified both the Yarr interpreter and JIT to handle 8 bit subject strings.
46469 The code paths are triggered by the UString::is8bit() method which currently
46470 returns false. Implemented JIT changes for all current architectures.
46471 Tested X86_64 and ARM v7.
46473 This includes some code that will likely change as we complete the
46474 8 bit string changes. This includes the way the raw buffer pointers
46475 are accessed as well as replacing the CharAccess class with a
46476 string interator returned from UString.
46478 Fixed build breakage in testRegExp.cpp due to globalObject construction
46481 Reviewed by Gavin Barraclough.
46483 * JavaScriptCore.exp:
46484 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
46486 (GlobalObject::finishCreation):
46487 (GlobalObject::GlobalObject):
46488 * assembler/ARMAssembler.cpp:
46489 (JSC::ARMAssembler::baseIndexTransfer32):
46490 * assembler/ARMAssembler.h:
46491 * assembler/ARMv7Assembler.h:
46492 (JSC::ARMv7Assembler::ubfx):
46493 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg40Imm3Reg4Imm20Imm5):
46494 * assembler/MacroAssemblerARM.h:
46495 (JSC::MacroAssemblerARM::load8):
46496 (JSC::MacroAssemblerARM::branch8):
46497 (JSC::MacroAssemblerARM::branch16):
46498 * assembler/MacroAssemblerARMv7.h:
46499 (JSC::MacroAssemblerARMv7::load8):
46500 (JSC::MacroAssemblerARMv7::branch16):
46501 (JSC::MacroAssemblerARMv7::branch8):
46502 * assembler/MacroAssemblerMIPS.h:
46503 (JSC::MacroAssemblerMIPS::load8):
46504 (JSC::MacroAssemblerMIPS::branch8):
46505 (JSC::MacroAssemblerMIPS::branch16):
46506 * assembler/MacroAssemblerSH4.h:
46507 (JSC::MacroAssemblerSH4::load8):
46508 (JSC::MacroAssemblerSH4::branch8):
46509 (JSC::MacroAssemblerSH4::branch16):
46510 * assembler/MacroAssemblerX86Common.h:
46511 (JSC::MacroAssemblerX86Common::load8):
46512 (JSC::MacroAssemblerX86Common::branch16):
46513 (JSC::MacroAssemblerX86Common::branch8):
46514 * assembler/SH4Assembler.h:
46515 (JSC::SH4Assembler::extub):
46516 (JSC::SH4Assembler::printInstr):
46517 * assembler/X86Assembler.h:
46518 (JSC::X86Assembler::cmpw_ir):
46519 (JSC::X86Assembler::movzbl_mr):
46520 * runtime/RegExp.cpp:
46521 (JSC::RegExp::compile):
46522 (JSC::RegExp::compileIfNecessary):
46523 (JSC::RegExp::match):
46524 (JSC::RegExp::matchCompareWithInterpreter):
46525 * runtime/RegExp.h:
46526 * runtime/UString.h:
46527 (JSC::UString::is8Bit):
46529 * yarr/YarrInterpreter.cpp:
46530 (JSC::Yarr::Interpreter::CharAccess::CharAccess):
46531 (JSC::Yarr::Interpreter::CharAccess::~CharAccess):
46532 (JSC::Yarr::Interpreter::CharAccess::operator[]):
46533 (JSC::Yarr::Interpreter::InputStream::InputStream):
46534 (JSC::Yarr::Interpreter::Interpreter):
46535 (JSC::Yarr::interpret):
46536 * yarr/YarrJIT.cpp:
46537 (JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
46538 (JSC::Yarr::YarrGenerator::readCharacter):
46539 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
46540 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
46541 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
46542 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
46543 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
46544 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
46545 (JSC::Yarr::YarrGenerator::YarrGenerator):
46546 (JSC::Yarr::YarrGenerator::compile):
46547 (JSC::Yarr::jitCompile):
46548 (JSC::Yarr::execute):
46550 (JSC::Yarr::YarrCodeBlock::has8BitCode):
46551 (JSC::Yarr::YarrCodeBlock::has16BitCode):
46552 (JSC::Yarr::YarrCodeBlock::set8BitCode):
46553 (JSC::Yarr::YarrCodeBlock::set16BitCode):
46554 (JSC::Yarr::YarrCodeBlock::execute):
46555 * yarr/YarrParser.h:
46556 (JSC::Yarr::Parser::Parser):
46558 2011-09-12 Andras Becsi <andras.becsi@nokia.com>
46560 [Qt] Build fails after r94920 with strict compiler
46561 https://bugs.webkit.org/show_bug.cgi?id=67928
46563 Reviewed by Csaba Osztrogonác.
46565 * wtf/RedBlackTree.h:
46566 (WTF::RedBlackTree::insert): Remove dead variables updateStart and newSubTreeRoot.
46568 2011-09-12 Patrick Gansterer <paroga@webkit.org>
46570 Unreviewed build fix after r94871.
46572 * runtime/InitializeThreading.cpp:
46573 (JSC::initializeThreadingOnce):
46574 * wtf/FastMalloc.cpp:
46575 * wtf/RefCountedLeakCounter.h:
46577 2011-09-11 Filip Pizlo <fpizlo@apple.com>
46579 DFGNode.h has macros that indicate the enabling of a feature, but
46580 they do not use the ENABLE() idiom.
46581 https://bugs.webkit.org/show_bug.cgi?id=67907
46583 Reviewed by Oliver Hunt.
46585 * dfg/DFGByteCodeParser.cpp:
46586 (JSC::DFG::ByteCodeParser::stronglyPredict):
46587 (JSC::DFG::ByteCodeParser::parse):
46588 * dfg/DFGGraph.cpp:
46589 (JSC::DFG::Graph::predictArgumentTypes):
46590 * dfg/DFGJITCodeGenerator.cpp:
46591 * dfg/DFGJITCodeGenerator.h:
46592 * dfg/DFGJITCompiler.cpp:
46593 (JSC::DFG::JITCompiler::fillInt32ToInteger):
46594 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
46595 (JSC::DFG::JITCompiler::compileBody):
46596 (JSC::DFG::JITCompiler::link):
46597 * dfg/DFGJITCompiler.h:
46599 * dfg/DFGNonSpeculativeJIT.cpp:
46600 (JSC::DFG::NonSpeculativeJIT::compile):
46601 * dfg/DFGOperations.cpp:
46602 * dfg/DFGOperations.h:
46603 * dfg/DFGPropagator.cpp:
46604 (JSC::DFG::Propagator::fixpoint):
46605 (JSC::DFG::Propagator::propagateNode):
46606 (JSC::DFG::Propagator::propagateForward):
46607 (JSC::DFG::Propagator::propagateBackward):
46608 (JSC::DFG::propagate):
46609 * dfg/DFGScoreBoard.h:
46610 * dfg/DFGSpeculativeJIT.cpp:
46611 (JSC::DFG::SpeculativeJIT::compile):
46612 * dfg/DFGSpeculativeJIT.h:
46613 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
46615 (JSC::JIT::privateCompile):
46617 2011-09-11 Fumitoshi Ukai <ukai@chromium.org>
46619 Unreviewed build fix for chromium/mac & clang.
46621 Fix the macro redefinition error by r94927, because chromium set
46622 ENABLE_JSC_MULTIPLE_THREADS=0 in WebKit/chromium/features.gypi and
46623 it is not PLATFORM(QT).
46624 ../../JavaScriptCore/wtf/Platform.h:512:9: error: 'ENABLE_JSC_MULTIPLE_THREADS' macro redefined [-Werror]
46625 #define ENABLE_JSC_MULTIPLE_THREADS 1
46626 <command line>:43:9: note: previous definition is here
46627 #define ENABLE_JSC_MULTIPLE_THREADS 0
46632 2011-09-11 Sam Weinig <sam@webkit.org>
46634 Remove JSCell::isPropertyNameIterator(), it is unused
46635 https://bugs.webkit.org/show_bug.cgi?id=67911
46637 Reviewed by Oliver Hunt.
46639 * runtime/JSCell.h:
46640 * runtime/JSPropertyNameIterator.h:
46642 2011-09-11 Sam Weinig <sam@webkit.org>
46644 De-virtualize JSCell::isAPIValueWrapper
46645 https://bugs.webkit.org/show_bug.cgi?id=67909
46647 Reviewed by Oliver Hunt.
46649 * runtime/JSAPIValueWrapper.h:
46650 (JSC::JSAPIValueWrapper::createStructure):
46651 Set the correct type on structure creation.
46653 * runtime/JSCell.h:
46654 Remove virtual keyword and default implementation.
46656 * runtime/JSType.h:
46657 Add type for APIValueWrapper. It must come after CompoundType since
46658 the APIValueWrapper has children in need of marking.
46660 * runtime/Structure.h:
46661 (JSC::JSCell::isAPIValueWrapper):
46662 Implement predicate using type info.
46664 2011-09-10 Sam Weinig <sam@webkit.org>
46666 De-virtualize JSCell::isGetterSetter, type information is available for it
46667 https://bugs.webkit.org/show_bug.cgi?id=67902
46669 Reviewed by Dan Bernstein.
46671 * runtime/GetterSetter.cpp:
46672 * runtime/GetterSetter.h:
46673 Remove override of isGetterSetter.
46675 * runtime/JSCell.cpp:
46676 * runtime/JSCell.h:
46677 De-virtualize and remove silly base implementation.
46679 * runtime/Structure.h:
46680 (JSC::JSCell::isGetterSetter):
46681 Use type info to determine getter-setter-hood.
46683 2011-09-09 Oliver Hunt <oliver@apple.com>
46685 Remove support for anonymous storage from jsobjects
46686 https://bugs.webkit.org/show_bug.cgi?id=67881
46688 Reviewed by Sam Weinig.
46690 Remove all use of anonymous slots, essentially a mechanical change
46693 * API/JSCallbackConstructor.h:
46694 (JSC::JSCallbackConstructor::createStructure):
46695 * API/JSCallbackFunction.h:
46696 (JSC::JSCallbackFunction::createStructure):
46697 * API/JSCallbackObject.h:
46698 (JSC::JSCallbackObject::createStructure):
46699 * JavaScriptCore.exp:
46700 * debugger/DebuggerActivation.h:
46701 (JSC::DebuggerActivation::createStructure):
46702 * heap/MarkStack.cpp:
46703 (JSC::MarkStack::validateValue):
46704 * heap/MarkStack.h:
46705 * runtime/Arguments.h:
46706 (JSC::Arguments::createStructure):
46707 * runtime/ArrayConstructor.h:
46708 (JSC::ArrayConstructor::createStructure):
46709 * runtime/ArrayPrototype.cpp:
46710 (JSC::ArrayPrototype::finishCreation):
46711 * runtime/ArrayPrototype.h:
46712 (JSC::ArrayPrototype::createStructure):
46713 * runtime/BooleanObject.h:
46714 (JSC::BooleanObject::createStructure):
46715 * runtime/BooleanPrototype.cpp:
46716 (JSC::BooleanPrototype::BooleanPrototype):
46717 * runtime/BooleanPrototype.h:
46718 (JSC::BooleanPrototype::createStructure):
46719 * runtime/DateConstructor.h:
46720 (JSC::DateConstructor::createStructure):
46721 * runtime/DateInstance.h:
46722 (JSC::DateInstance::createStructure):
46723 * runtime/DatePrototype.cpp:
46724 (JSC::DatePrototype::DatePrototype):
46725 * runtime/DatePrototype.h:
46726 (JSC::DatePrototype::createStructure):
46727 * runtime/ErrorInstance.h:
46728 (JSC::ErrorInstance::createStructure):
46729 * runtime/ErrorPrototype.cpp:
46730 (JSC::ErrorPrototype::finishCreation):
46731 * runtime/ErrorPrototype.h:
46732 (JSC::ErrorPrototype::createStructure):
46733 * runtime/ExceptionHelpers.h:
46734 (JSC::InterruptedExecutionError::createStructure):
46735 (JSC::TerminatedExecutionError::createStructure):
46736 * runtime/Executable.h:
46737 (JSC::ExecutableBase::createStructure):
46738 (JSC::NativeExecutable::createStructure):
46739 (JSC::EvalExecutable::createStructure):
46740 (JSC::ProgramExecutable::createStructure):
46741 (JSC::FunctionExecutable::createStructure):
46742 * runtime/FunctionPrototype.h:
46743 (JSC::FunctionPrototype::createStructure):
46744 * runtime/GetterSetter.h:
46745 (JSC::GetterSetter::createStructure):
46746 * runtime/InternalFunction.h:
46747 (JSC::InternalFunction::createStructure):
46748 * runtime/JSAPIValueWrapper.h:
46749 (JSC::JSAPIValueWrapper::createStructure):
46750 * runtime/JSActivation.h:
46751 (JSC::JSActivation::createStructure):
46752 * runtime/JSArray.h:
46753 (JSC::JSArray::createStructure):
46754 * runtime/JSByteArray.cpp:
46755 (JSC::JSByteArray::createStructure):
46756 * runtime/JSCell.h:
46757 * runtime/JSFunction.h:
46758 (JSC::JSFunction::createStructure):
46759 * runtime/JSGlobalObject.h:
46760 (JSC::JSGlobalObject::finishCreation):
46761 (JSC::JSGlobalObject::createStructure):
46762 * runtime/JSNotAnObject.h:
46763 (JSC::JSNotAnObject::createStructure):
46764 * runtime/JSONObject.h:
46765 (JSC::JSONObject::createStructure):
46766 * runtime/JSObject.h:
46767 (JSC::JSObject::createStructure):
46768 (JSC::JSNonFinalObject::createStructure):
46769 (JSC::JSFinalObject::createStructure):
46770 * runtime/JSPropertyNameIterator.cpp:
46771 (JSC::JSPropertyNameIterator::create):
46772 * runtime/JSPropertyNameIterator.h:
46773 (JSC::JSPropertyNameIterator::createStructure):
46774 * runtime/JSStaticScopeObject.h:
46775 (JSC::JSStaticScopeObject::createStructure):
46776 * runtime/JSString.h:
46777 (JSC::RopeBuilder::createStructure):
46778 * runtime/JSVariableObject.h:
46779 (JSC::JSVariableObject::createStructure):
46780 * runtime/JSWrapperObject.h:
46781 (JSC::JSWrapperObject::createStructure):
46782 * runtime/MathObject.h:
46783 (JSC::MathObject::createStructure):
46784 * runtime/NativeErrorConstructor.h:
46785 (JSC::NativeErrorConstructor::createStructure):
46786 * runtime/NumberConstructor.h:
46787 (JSC::NumberConstructor::createStructure):
46788 * runtime/NumberObject.h:
46789 (JSC::NumberObject::createStructure):
46790 * runtime/NumberPrototype.cpp:
46791 (JSC::NumberPrototype::NumberPrototype):
46792 * runtime/NumberPrototype.h:
46793 (JSC::NumberPrototype::createStructure):
46794 * runtime/ObjectConstructor.h:
46795 (JSC::ObjectConstructor::createStructure):
46796 * runtime/ObjectPrototype.cpp:
46797 (JSC::ObjectPrototype::finishCreation):
46798 * runtime/ObjectPrototype.h:
46799 (JSC::ObjectPrototype::createStructure):
46800 * runtime/RegExp.h:
46801 (JSC::RegExp::createStructure):
46802 * runtime/RegExpConstructor.h:
46803 (JSC::RegExpConstructor::createStructure):
46804 * runtime/RegExpObject.h:
46805 (JSC::RegExpObject::createStructure):
46806 * runtime/RegExpPrototype.h:
46807 (JSC::RegExpPrototype::createStructure):
46808 * runtime/ScopeChain.h:
46809 (JSC::ScopeChainNode::createStructure):
46810 * runtime/StrictEvalActivation.h:
46811 (JSC::StrictEvalActivation::createStructure):
46812 * runtime/StringConstructor.h:
46813 (JSC::StringConstructor::createStructure):
46814 * runtime/StringObject.h:
46815 (JSC::StringObject::createStructure):
46816 * runtime/StringObjectThatMasqueradesAsUndefined.h:
46817 (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
46818 * runtime/StringPrototype.cpp:
46819 (JSC::StringPrototype::StringPrototype):
46820 * runtime/StringPrototype.h:
46821 (JSC::StringPrototype::createStructure):
46822 * runtime/Structure.cpp:
46823 (JSC::Structure::Structure):
46824 (JSC::Structure::materializePropertyMap):
46825 (JSC::Structure::addPropertyTransitionToExistingStructure):
46826 (JSC::Structure::addPropertyTransition):
46827 (JSC::Structure::removePropertyTransition):
46828 (JSC::Structure::changePrototypeTransition):
46829 (JSC::Structure::despecifyFunctionTransition):
46830 (JSC::Structure::getterSetterTransition):
46831 (JSC::Structure::toDictionaryTransition):
46832 (JSC::Structure::preventExtensionsTransition):
46833 (JSC::Structure::flattenDictionaryStructure):
46834 (JSC::Structure::addPropertyWithoutTransition):
46835 (JSC::Structure::removePropertyWithoutTransition):
46836 (JSC::Structure::get):
46837 (JSC::Structure::putSpecificValue):
46838 (JSC::Structure::remove):
46839 (JSC::Structure::checkConsistency):
46840 * runtime/Structure.h:
46841 (JSC::Structure::create):
46842 (JSC::Structure::propertyStorageSize):
46843 (JSC::Structure::get):
46844 * runtime/StructureChain.h:
46845 (JSC::StructureChain::createStructure):
46847 2011-09-11 Jarred Nicholls <jarred@sencha.com>
46849 [Qt] Win32 build broken due to MachineStackMarker.cpp/.o failing to link against pthreads library
46850 https://bugs.webkit.org/show_bug.cgi?id=67864
46852 Qt Win32 is not pthread compatible and cannot participate in multithreaded JSC or it fails to build.
46854 Reviewed by Csaba Osztrogonác.
46858 2011-09-11 Filip Pizlo <fpizlo@apple.com>
46860 ARM and MIPS assemblers still refer to executable pools.
46861 https://bugs.webkit.org/show_bug.cgi?id=67903
46863 Reviewed by Csaba Osztrogonác.
46865 * assembler/ARMAssembler.cpp:
46866 (JSC::ARMAssembler::executableCopy):
46867 * assembler/ARMAssembler.h:
46868 * assembler/AssemblerBufferWithConstantPool.h:
46869 * assembler/MIPSAssembler.h:
46870 (JSC::MIPSAssembler::executableCopy):
46872 2011-09-08 Filip Pizlo <fpizlo@apple.com>
46874 The executable allocator makes it difficult to free individual
46875 chunks of executable memory
46876 https://bugs.webkit.org/show_bug.cgi?id=66363
46878 Reviewed by Oliver Hunt.
46880 Introduced a best-fit, balanced-tree based allocator. The allocator
46881 required a balanced tree that does not allocate memory and that
46882 permits the removal of individual nodes directly (as opposed to by
46883 key); neither AVLTree nor WebCore's PODRedBlackTree supported this.
46884 Changed all references to executable code to use a reference counted
46887 * GNUmakefile.list.am:
46888 * JavaScriptCore.exp:
46889 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
46890 * JavaScriptCore.xcodeproj/project.pbxproj:
46891 * assembler/AssemblerBuffer.h:
46892 (JSC::AssemblerBuffer::executableCopy):
46893 * assembler/LinkBuffer.h:
46894 (JSC::LinkBuffer::LinkBuffer):
46895 (JSC::LinkBuffer::finalizeCode):
46896 (JSC::LinkBuffer::linkCode):
46897 * assembler/MacroAssemblerCodeRef.h:
46898 (JSC::MacroAssemblerCodeRef::MacroAssemblerCodeRef):
46899 (JSC::MacroAssemblerCodeRef::createSelfManagedCodeRef):
46900 (JSC::MacroAssemblerCodeRef::executableMemory):
46901 (JSC::MacroAssemblerCodeRef::code):
46902 (JSC::MacroAssemblerCodeRef::size):
46903 (JSC::MacroAssemblerCodeRef::operator!):
46904 * assembler/X86Assembler.h:
46905 (JSC::X86Assembler::executableCopy):
46906 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
46907 * bytecode/CodeBlock.h:
46908 * bytecode/Instruction.h:
46909 * bytecode/StructureStubInfo.h:
46910 * dfg/DFGJITCompiler.cpp:
46911 (JSC::DFG::JITCompiler::compile):
46912 (JSC::DFG::JITCompiler::compileFunction):
46913 * dfg/DFGRepatch.cpp:
46914 (JSC::DFG::generateProtoChainAccessStub):
46915 (JSC::DFG::tryCacheGetByID):
46916 (JSC::DFG::tryBuildGetByIDList):
46917 (JSC::DFG::tryBuildGetByIDProtoList):
46918 (JSC::DFG::tryCachePutByID):
46919 * jit/ExecutableAllocator.cpp:
46920 (JSC::ExecutableAllocator::initializeAllocator):
46921 (JSC::ExecutableAllocator::ExecutableAllocator):
46922 (JSC::ExecutableAllocator::allocate):
46923 (JSC::ExecutableAllocator::committedByteCount):
46924 (JSC::ExecutableAllocator::dumpProfile):
46925 * jit/ExecutableAllocator.h:
46926 (JSC::ExecutableAllocator::dumpProfile):
46927 * jit/ExecutableAllocatorFixedVMPool.cpp:
46928 (JSC::ExecutableAllocator::initializeAllocator):
46929 (JSC::ExecutableAllocator::ExecutableAllocator):
46930 (JSC::ExecutableAllocator::isValid):
46931 (JSC::ExecutableAllocator::underMemoryPressure):
46932 (JSC::ExecutableAllocator::allocate):
46933 (JSC::ExecutableAllocator::committedByteCount):
46934 (JSC::ExecutableAllocator::dumpProfile):
46936 (JSC::JIT::privateCompile):
46938 (JSC::JIT::compileCTIMachineTrampolines):
46939 (JSC::JIT::compileCTINativeCall):
46941 (JSC::JITCode::operator !):
46942 (JSC::JITCode::addressForCall):
46943 (JSC::JITCode::offsetOf):
46944 (JSC::JITCode::execute):
46945 (JSC::JITCode::start):
46946 (JSC::JITCode::size):
46947 (JSC::JITCode::getExecutableMemory):
46948 (JSC::JITCode::HostFunction):
46949 (JSC::JITCode::JITCode):
46950 * jit/JITOpcodes.cpp:
46951 (JSC::JIT::privateCompileCTIMachineTrampolines):
46952 (JSC::JIT::privateCompileCTINativeCall):
46953 * jit/JITOpcodes32_64.cpp:
46954 (JSC::JIT::privateCompileCTIMachineTrampolines):
46955 (JSC::JIT::privateCompileCTINativeCall):
46956 * jit/JITPropertyAccess.cpp:
46957 (JSC::JIT::stringGetByValStubGenerator):
46958 (JSC::JIT::emitSlow_op_get_by_val):
46959 (JSC::JIT::privateCompilePutByIdTransition):
46960 (JSC::JIT::privateCompilePatchGetArrayLength):
46961 (JSC::JIT::privateCompileGetByIdProto):
46962 (JSC::JIT::privateCompileGetByIdSelfList):
46963 (JSC::JIT::privateCompileGetByIdProtoList):
46964 (JSC::JIT::privateCompileGetByIdChainList):
46965 (JSC::JIT::privateCompileGetByIdChain):
46966 * jit/JITPropertyAccess32_64.cpp:
46967 (JSC::JIT::stringGetByValStubGenerator):
46968 (JSC::JIT::emitSlow_op_get_by_val):
46969 (JSC::JIT::privateCompilePutByIdTransition):
46970 (JSC::JIT::privateCompilePatchGetArrayLength):
46971 (JSC::JIT::privateCompileGetByIdProto):
46972 (JSC::JIT::privateCompileGetByIdSelfList):
46973 (JSC::JIT::privateCompileGetByIdProtoList):
46974 (JSC::JIT::privateCompileGetByIdChainList):
46975 (JSC::JIT::privateCompileGetByIdChain):
46976 * jit/JITStubs.cpp:
46977 (JSC::JITThunks::JITThunks):
46978 (JSC::DEFINE_STUB_FUNCTION):
46979 (JSC::getPolymorphicAccessStructureListSlot):
46980 (JSC::JITThunks::ctiStub):
46981 (JSC::JITThunks::hostFunctionStub):
46983 * jit/SpecializedThunkJIT.h:
46984 (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
46985 (JSC::SpecializedThunkJIT::finalize):
46986 * jit/ThunkGenerators.cpp:
46987 (JSC::charCodeAtThunkGenerator):
46988 (JSC::charAtThunkGenerator):
46989 (JSC::fromCharCodeThunkGenerator):
46990 (JSC::sqrtThunkGenerator):
46991 (JSC::floorThunkGenerator):
46992 (JSC::ceilThunkGenerator):
46993 (JSC::roundThunkGenerator):
46994 (JSC::expThunkGenerator):
46995 (JSC::logThunkGenerator):
46996 (JSC::absThunkGenerator):
46997 (JSC::powThunkGenerator):
46998 * jit/ThunkGenerators.h:
46999 * runtime/Executable.h:
47000 (JSC::NativeExecutable::create):
47001 * runtime/InitializeThreading.cpp:
47002 (JSC::initializeThreadingOnce):
47003 * runtime/JSGlobalData.cpp:
47004 (JSC::JSGlobalData::JSGlobalData):
47005 (JSC::JSGlobalData::dumpSampleData):
47006 * runtime/JSGlobalData.h:
47007 (JSC::JSGlobalData::getCTIStub):
47008 * wtf/CMakeLists.txt:
47009 * wtf/MetaAllocator.cpp: Added.
47010 (WTF::MetaAllocatorHandle::MetaAllocatorHandle):
47011 (WTF::MetaAllocatorHandle::~MetaAllocatorHandle):
47012 (WTF::MetaAllocatorHandle::shrink):
47013 (WTF::MetaAllocator::MetaAllocator):
47014 (WTF::MetaAllocator::allocate):
47015 (WTF::MetaAllocator::currentStatistics):
47016 (WTF::MetaAllocator::findAndRemoveFreeSpace):
47017 (WTF::MetaAllocator::addFreeSpaceFromReleasedHandle):
47018 (WTF::MetaAllocator::addFreshFreeSpace):
47019 (WTF::MetaAllocator::debugFreeSpaceSize):
47020 (WTF::MetaAllocator::addFreeSpace):
47021 (WTF::MetaAllocator::incrementPageOccupancy):
47022 (WTF::MetaAllocator::decrementPageOccupancy):
47023 (WTF::MetaAllocator::roundUp):
47024 (WTF::MetaAllocator::allocFreeSpaceNode):
47025 (WTF::MetaAllocator::freeFreeSpaceNode):
47026 (WTF::MetaAllocator::dumpProfile):
47027 * wtf/MetaAllocator.h: Added.
47028 (WTF::MetaAllocator::bytesAllocated):
47029 (WTF::MetaAllocator::bytesReserved):
47030 (WTF::MetaAllocator::bytesCommitted):
47031 (WTF::MetaAllocator::dumpProfile):
47032 (WTF::MetaAllocator::~MetaAllocator):
47033 * wtf/MetaAllocatorHandle.h: Added.
47034 * wtf/RedBlackTree.h: Added.
47035 (WTF::RedBlackTree::Node::Node):
47036 (WTF::RedBlackTree::Node::successor):
47037 (WTF::RedBlackTree::Node::predecessor):
47038 (WTF::RedBlackTree::Node::reset):
47039 (WTF::RedBlackTree::Node::parent):
47040 (WTF::RedBlackTree::Node::setParent):
47041 (WTF::RedBlackTree::Node::left):
47042 (WTF::RedBlackTree::Node::setLeft):
47043 (WTF::RedBlackTree::Node::right):
47044 (WTF::RedBlackTree::Node::setRight):
47045 (WTF::RedBlackTree::Node::color):
47046 (WTF::RedBlackTree::Node::setColor):
47047 (WTF::RedBlackTree::RedBlackTree):
47048 (WTF::RedBlackTree::insert):
47049 (WTF::RedBlackTree::remove):
47050 (WTF::RedBlackTree::findExact):
47051 (WTF::RedBlackTree::findLeastGreaterThanOrEqual):
47052 (WTF::RedBlackTree::findGreatestLessThanOrEqual):
47053 (WTF::RedBlackTree::first):
47054 (WTF::RedBlackTree::last):
47055 (WTF::RedBlackTree::size):
47056 (WTF::RedBlackTree::isEmpty):
47057 (WTF::RedBlackTree::treeMinimum):
47058 (WTF::RedBlackTree::treeMaximum):
47059 (WTF::RedBlackTree::treeInsert):
47060 (WTF::RedBlackTree::leftRotate):
47061 (WTF::RedBlackTree::rightRotate):
47062 (WTF::RedBlackTree::removeFixup):
47064 * yarr/YarrJIT.cpp:
47065 (JSC::Yarr::YarrGenerator::compile):
47067 (JSC::Yarr::YarrCodeBlock::execute):
47068 (JSC::Yarr::YarrCodeBlock::getAddr):
47070 2011-09-10 Sam Weinig <sam@webkit.org>
47072 Remove JSC::isZombie() function, it did nothing and was called by no-one.
47073 https://bugs.webkit.org/show_bug.cgi?id=67901
47075 Reviewed by Andy Estes.
47077 * JavaScriptCore.exp:
47078 * runtime/JSCell.cpp:
47079 * runtime/JSValue.h:
47081 2011-09-10 Sam Weinig <sam@webkit.org>
47083 Add isInterruptedExecutionException and isTerminatedExecutionException predicates
47084 https://bugs.webkit.org/show_bug.cgi?id=67892
47086 Reviewed by Andy "First Time Reviewer" Estes.
47088 * JavaScriptCore.exp:
47091 * interpreter/Interpreter.cpp:
47092 (JSC::Interpreter::throwException):
47093 Use new predicates.
47095 * runtime/ExceptionHelpers.cpp:
47096 (JSC::createInterruptedExecutionException):
47097 (JSC::isInterruptedExecutionException):
47098 (JSC::createTerminatedExecutionException):
47099 (JSC::isTerminatedExecutionException):
47100 * runtime/ExceptionHelpers.h:
47101 (JSC::InterruptedExecutionError::InterruptedExecutionError):
47104 2011-09-10 Filip Pizlo <fpizlo@apple.com>
47106 DFG JIT completely undoes speculative compilation even in the case of
47107 a partial static speculation failure
47108 https://bugs.webkit.org/show_bug.cgi?id=67798
47110 Reviewed by Geoffrey Garen.
47112 This is a regression with static speculation, so it is turned off by
47113 default. But it is a necessary prerequisite for further work on
47114 dynamic speculation.
47116 * dfg/DFGJITCodeGenerator.cpp:
47117 (JSC::DFG::JITCodeGenerator::clearGenerationInfo):
47118 * dfg/DFGJITCodeGenerator.h:
47119 * dfg/DFGSpeculativeJIT.cpp:
47120 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
47121 (JSC::DFG::SpeculativeJIT::compile):
47122 * dfg/DFGSpeculativeJIT.h:
47123 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
47125 2011-09-09 Chris Marrin <cmarrin@apple.com>
47127 requestAnimationFrame doesn't throttle on Mac
47128 https://bugs.webkit.org/show_bug.cgi?id=67171
47130 Reviewed by Simon Fraser.
47132 Added WTF_USE_REQUEST_ANIMATION_FRAME_TIMER to allow any platform to run
47133 requestAnimationFrame callbacks on a Timer defined in ScriptedAnimationController.
47134 Currently only enabled for PLATFORM(MAC)
47138 2011-09-09 Geoffrey Garen <ggaren@apple.com>
47140 Reviewed by Dan Bernstein.
47142 Removed ENABLE(SINGLE_THREADED) support, since it is always false
47143 https://bugs.webkit.org/show_bug.cgi?id=67862
47145 Next step toward making the baseline platform assumption that threads exist.
47148 * JavaScriptCore.gypi:
47149 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Removed references to
47150 ThreadingNone.cpp, which was only compiled in single-threaded mode.
47153 * wtf/ThreadSpecific.h:
47155 * wtf/qt/ThreadingQt.cpp: Removed now-dead code.
47157 * wtf/ThreadingNone.cpp: Removed.
47159 2011-09-09 Mark Hahnenberg <mhahnenberg@apple.com>
47161 Unzip initialization lists and constructors in JSCell hierarchy (5/7)
47162 https://bugs.webkit.org/show_bug.cgi?id=67420
47164 Reviewed by Geoffrey Garen.
47166 Completed the fifth level of the refactoring to add finishCreation()
47167 methods to all classes within the JSCell hierarchy with non-trivial
47168 constructor bodies.
47170 This primarily consists of pushing the calls to finishCreation() down
47171 into the constructors of the subclasses of the second level of the hierarchy
47172 as well as pulling the finishCreation() calls out into the class's corresponding
47173 create() method if it has one. Doing both simultaneously allows us to
47174 maintain the invariant that the finishCreation() method chain is called exactly
47175 once during the creation of an object, since calling it any other number of
47176 times (0, 2, or more) will cause an assertion failure.
47178 * API/JSCallbackConstructor.cpp:
47179 (JSC::JSCallbackConstructor::JSCallbackConstructor):
47180 * API/JSCallbackConstructor.h:
47181 (JSC::JSCallbackConstructor::create):
47182 * API/JSCallbackFunction.cpp:
47183 (JSC::JSCallbackFunction::JSCallbackFunction):
47184 (JSC::JSCallbackFunction::finishCreation):
47185 * API/JSCallbackFunction.h:
47186 * API/JSCallbackObject.h:
47187 * API/JSCallbackObjectFunctions.h:
47188 (JSC::::JSCallbackObject):
47189 (JSC::::finishCreation):
47190 * JavaScriptCore.exp:
47191 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
47192 * debugger/DebuggerActivation.cpp:
47193 * debugger/DebuggerActivation.h:
47194 (JSC::DebuggerActivation::create):
47196 (GlobalObject::finishCreation):
47197 (GlobalObject::GlobalObject):
47198 * runtime/ArrayConstructor.cpp:
47199 (JSC::ArrayConstructor::ArrayConstructor):
47200 (JSC::ArrayConstructor::finishCreation):
47201 * runtime/ArrayConstructor.h:
47202 * runtime/ArrayPrototype.cpp:
47203 (JSC::ArrayPrototype::ArrayPrototype):
47204 * runtime/ArrayPrototype.h:
47205 (JSC::ArrayPrototype::create):
47206 * runtime/BooleanConstructor.cpp:
47207 (JSC::BooleanConstructor::BooleanConstructor):
47208 (JSC::BooleanConstructor::finishCreation):
47209 * runtime/BooleanConstructor.h:
47210 * runtime/BooleanObject.cpp:
47211 (JSC::BooleanObject::BooleanObject):
47212 * runtime/BooleanObject.h:
47213 (JSC::BooleanObject::create):
47214 * runtime/BooleanPrototype.cpp:
47215 (JSC::BooleanPrototype::BooleanPrototype):
47216 (JSC::BooleanPrototype::finishCreation):
47217 * runtime/BooleanPrototype.h:
47218 * runtime/DateConstructor.cpp:
47219 (JSC::DateConstructor::DateConstructor):
47220 (JSC::DateConstructor::finishCreation):
47221 * runtime/DateConstructor.h:
47222 * runtime/DateInstance.cpp:
47223 (JSC::DateInstance::DateInstance):
47224 * runtime/DateInstance.h:
47225 (JSC::DateInstance::create):
47226 * runtime/DatePrototype.cpp:
47227 (JSC::DatePrototype::DatePrototype):
47228 (JSC::DatePrototype::finishCreation):
47229 * runtime/DatePrototype.h:
47230 * runtime/Error.cpp:
47231 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
47232 * runtime/ErrorConstructor.cpp:
47233 (JSC::ErrorConstructor::ErrorConstructor):
47234 (JSC::ErrorConstructor::finishCreation):
47235 * runtime/ErrorConstructor.h:
47236 * runtime/ErrorPrototype.cpp:
47237 (JSC::ErrorPrototype::ErrorPrototype):
47238 * runtime/ErrorPrototype.h:
47239 (JSC::ErrorPrototype::create):
47240 * runtime/FunctionConstructor.cpp:
47241 (JSC::FunctionConstructor::FunctionConstructor):
47242 (JSC::FunctionConstructor::finishCreation):
47243 * runtime/FunctionConstructor.h:
47244 * runtime/FunctionPrototype.cpp:
47245 (JSC::FunctionPrototype::FunctionPrototype):
47246 (JSC::FunctionPrototype::finishCreation):
47247 * runtime/FunctionPrototype.h:
47248 * runtime/InternalFunction.cpp:
47249 (JSC::InternalFunction::InternalFunction):
47250 * runtime/InternalFunction.h:
47251 * runtime/JSActivation.cpp:
47252 (JSC::JSActivation::JSActivation):
47253 * runtime/JSActivation.h:
47254 (JSC::JSActivation::create):
47255 * runtime/JSGlobalObject.h:
47256 (JSC::JSGlobalObject::create):
47257 (JSC::JSGlobalObject::JSGlobalObject):
47258 * runtime/JSONObject.cpp:
47259 (JSC::JSONObject::JSONObject):
47260 * runtime/JSONObject.h:
47261 (JSC::JSONObject::create):
47262 * runtime/JSStaticScopeObject.h:
47263 (JSC::JSStaticScopeObject::create):
47264 (JSC::JSStaticScopeObject::JSStaticScopeObject):
47265 * runtime/JSString.cpp:
47266 (JSC::StringObject::create):
47267 * runtime/MathObject.cpp:
47268 (JSC::MathObject::MathObject):
47269 * runtime/MathObject.h:
47270 (JSC::MathObject::create):
47271 * runtime/NativeErrorConstructor.cpp:
47272 (JSC::NativeErrorConstructor::NativeErrorConstructor):
47273 * runtime/NativeErrorConstructor.h:
47274 (JSC::NativeErrorConstructor::finishCreation):
47275 * runtime/NativeErrorPrototype.cpp:
47276 (JSC::NativeErrorPrototype::NativeErrorPrototype):
47277 (JSC::NativeErrorPrototype::finishCreation):
47278 * runtime/NativeErrorPrototype.h:
47279 * runtime/NumberConstructor.cpp:
47280 (JSC::NumberConstructor::NumberConstructor):
47281 (JSC::NumberConstructor::finishCreation):
47282 * runtime/NumberConstructor.h:
47283 * runtime/NumberObject.cpp:
47284 (JSC::NumberObject::NumberObject):
47285 * runtime/NumberObject.h:
47286 (JSC::NumberObject::create):
47287 * runtime/NumberPrototype.cpp:
47288 (JSC::NumberPrototype::NumberPrototype):
47289 (JSC::NumberPrototype::finishCreation):
47290 * runtime/NumberPrototype.h:
47291 * runtime/ObjectConstructor.cpp:
47292 (JSC::ObjectConstructor::ObjectConstructor):
47293 (JSC::ObjectConstructor::finishCreation):
47294 * runtime/ObjectConstructor.h:
47295 * runtime/RegExpConstructor.cpp:
47296 (JSC::RegExpConstructor::RegExpConstructor):
47297 (JSC::RegExpConstructor::finishCreation):
47298 (JSC::RegExpMatchesArray::RegExpMatchesArray):
47299 * runtime/RegExpConstructor.h:
47300 * runtime/RegExpMatchesArray.h:
47301 (JSC::RegExpMatchesArray::create):
47302 * runtime/RegExpObject.cpp:
47303 (JSC::RegExpObject::RegExpObject):
47304 * runtime/RegExpObject.h:
47305 (JSC::RegExpObject::create):
47306 * runtime/RegExpPrototype.cpp:
47307 (JSC::RegExpPrototype::RegExpPrototype):
47308 * runtime/StringConstructor.cpp:
47309 (JSC::StringConstructor::StringConstructor):
47310 (JSC::StringConstructor::finishCreation):
47311 * runtime/StringConstructor.h:
47312 * runtime/StringObject.cpp:
47313 (JSC::StringObject::StringObject):
47314 * runtime/StringObject.h:
47315 (JSC::StringObject::create):
47316 * runtime/StringObjectThatMasqueradesAsUndefined.h:
47317 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
47318 * runtime/StringPrototype.cpp:
47319 (JSC::StringPrototype::StringPrototype):
47320 (JSC::StringPrototype::finishCreation):
47321 * runtime/StringPrototype.h:
47323 2011-09-09 Geoffrey Garen <ggaren@apple.com>
47325 Build fix: Guard against double-#define for something already #defined
47326 by the build system.
47330 2011-09-09 Geoffrey Garen <ggaren@apple.com>
47332 Reviewed by Dan Bernstein.
47334 Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS, or
47335 !ENABLE_WTF_MULTIPLE_THREADS
47336 https://bugs.webkit.org/show_bug.cgi?id=67860
47338 First step toward making the baseline platform assumption that threads
47339 exist: Never #define ENABLE_SINGLE_THREADED, !ENABLE_JSC_MULTIPLE_THREADS,
47340 or !ENABLE_WTF_MULTIPLE_THREADS.
47344 2011-09-09 Laszlo Gombos <laszlo.1.gombos@nokia.com>
47346 [Qt] Remove common.pri
47347 https://bugs.webkit.org/show_bug.cgi?id=67814
47349 Reviewed by Andreas Kling.
47351 * JavaScriptCore.pri:
47353 2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
47355 REGRESSION(r94811): Assertion failure in 2 worker tests
47356 https://bugs.webkit.org/show_bug.cgi?id=67829
47358 Reviewed by Sam Weinig.
47360 Fixing a couple tests that were broken due to the wrong values being
47361 set in the parent class pointers in the ClassInfo structs for
47362 TerminatedExecutionError and InterruptedExecutionError.
47364 * runtime/ExceptionHelpers.cpp:
47366 2011-09-08 Oliver Hunt <oliver@apple.com>
47368 Use bump allocator for initial property storage
47369 https://bugs.webkit.org/show_bug.cgi?id=67494
47371 Reviewed by Geoffrey Garen.
47373 Use a bump allocator for initial allocation of property storage,
47374 and promote to fastMalloc memory only if it survives a GC pass.
47376 Comes out as a 1% win on v8, and is a useful step on the way to
47377 GC allocation of all property storage.
47379 * JavaScriptCore.exp:
47380 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
47381 * JavaScriptCore.xcodeproj/project.pbxproj:
47383 (JSC::Heap::collect):
47385 (JSC::Heap::allocatePropertyStorage):
47386 (JSC::Heap::inPropertyStorageNursery):
47387 * heap/MarkedBlock.h:
47388 * heap/NewSpace.cpp:
47389 (JSC::NewSpace::NewSpace):
47391 (JSC::NewSpace::resetPropertyStorageNursery):
47392 (JSC::NewSpace::allocatePropertyStorage):
47393 (JSC::NewSpace::inPropertyStorageNursery):
47394 * jit/JITStubs.cpp:
47395 (JSC::DEFINE_STUB_FUNCTION):
47396 * runtime/JSObject.cpp:
47397 (JSC::JSObject::allocatePropertyStorage):
47398 * runtime/JSObject.h:
47399 (JSC::JSObject::isUsingInlineStorage):
47400 (JSC::JSObject::JSObject):
47401 (JSC::JSObject::propertyStorage):
47402 (JSC::JSObject::~JSObject):
47403 (JSC::JSObject::putDirectInternal):
47404 (JSC::JSObject::putDirectWithoutTransition):
47405 (JSC::JSObject::putDirectFunctionWithoutTransition):
47406 (JSC::JSObject::transitionTo):
47407 (JSC::JSObject::visitChildrenDirect):
47408 * runtime/StorageBarrier.h: Added.
47409 (JSC::StorageBarrier::StorageBarrier):
47410 (JSC::StorageBarrier::set):
47411 (JSC::StorageBarrier::operator->):
47412 (JSC::StorageBarrier::operator*):
47413 (JSC::StorageBarrier::operator[]):
47414 (JSC::StorageBarrier::get):
47416 2011-09-08 Sam Weinig <sam@webkit.org>
47418 Remove the Completion object from JSC, I have never liked it
47419 https://bugs.webkit.org/show_bug.cgi?id=67755
47421 Reviewed by Gavin Barraclough.
47423 - Removes the Completion object and replaces its use with out parameter exceptions.
47424 - Remove ComplType and virtual exceptionType() function on JSObject. Replace with
47425 ClassInfo for InterruptedExecutionError and TerminatedExecutionError.
47428 (JSEvaluateScript):
47429 (JSCheckScriptSyntax):
47430 * JavaScriptCore.exp:
47431 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
47432 * interpreter/Interpreter.cpp:
47433 (JSC::Interpreter::throwException):
47436 (functionCheckSyntax):
47439 * runtime/Completion.cpp:
47440 (JSC::checkSyntax):
47442 * runtime/Completion.h:
47443 * runtime/ExceptionHelpers.cpp:
47444 (JSC::InterruptedExecutionError::toString):
47445 (JSC::TerminatedExecutionError::toString):
47446 (JSC::createInterruptedExecutionException):
47447 * runtime/ExceptionHelpers.h:
47448 (JSC::InterruptedExecutionError::InterruptedExecutionError):
47449 (JSC::InterruptedExecutionError::create):
47450 (JSC::InterruptedExecutionError::createStructure):
47451 (JSC::TerminatedExecutionError::TerminatedExecutionError):
47452 (JSC::TerminatedExecutionError::create):
47453 (JSC::TerminatedExecutionError::createStructure):
47454 * runtime/JSGlobalData.cpp:
47455 (JSC::JSGlobalData::JSGlobalData):
47456 * runtime/JSObject.h:
47458 2011-09-08 Ryosuke Niwa <rniwa@webkit.org>
47462 * dfg/DFGCapabilities.cpp:
47464 2011-09-08 Filip Pizlo <fpizlo@apple.com>
47466 Value profling and execution count profiling is performed even for
47467 code that cannot be optimized
47468 https://bugs.webkit.org/show_bug.cgi?id=67694
47470 Reviewed by Gavin Barraclough.
47472 This is a 2% speed-up on V8 when tiered compilation is enabled.
47474 * JavaScriptCore.xcodeproj/project.pbxproj:
47475 * bytecode/CodeBlock.cpp:
47476 (JSC::ProgramCodeBlock::canCompileWithDFG):
47477 (JSC::EvalCodeBlock::canCompileWithDFG):
47478 (JSC::FunctionCodeBlock::canCompileWithDFG):
47479 * bytecode/CodeBlock.h:
47480 * dfg/DFGCapabilities.cpp: Added.
47481 (JSC::DFG::canCompileOpcodes):
47482 * dfg/DFGCapabilities.h: Added.
47483 (JSC::DFG::mightCompileEval):
47484 (JSC::DFG::mightCompileProgram):
47485 (JSC::DFG::mightCompileFunctionForCall):
47486 (JSC::DFG::mightCompileFunctionForConstruct):
47487 (JSC::DFG::canCompileOpcode):
47488 (JSC::DFG::canCompileEval):
47489 (JSC::DFG::canCompileProgram):
47490 (JSC::DFG::canCompileFunctionForCall):
47491 (JSC::DFG::canCompileFunctionForConstruct):
47493 (JSC::JIT::emitOptimizationCheck):
47494 (JSC::JIT::privateCompile):
47496 (JSC::JIT::shouldEmitProfiling):
47497 * jit/JITInlineMethods.h:
47498 (JSC::JIT::emitValueProfilingSite):
47500 2011-09-08 Filip Pizlo <fpizlo@apple.com>
47502 DFG speculative JIT does not initialize integer tags for PredictInt32 temporaries
47503 https://bugs.webkit.org/show_bug.cgi?id=67840
47505 Reviewed by Gavin Barraclough.
47507 * dfg/DFGSpeculativeJIT.cpp:
47508 (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
47510 2011-09-08 Thouraya ANDOLSI <thouraya.andolsi@st.com>
47512 https://bugs.webkit.org/show_bug.cgi?id=67771
47514 Fix sequenceGetByIdSlowCaseInstructionSpace, sequenceGetByIdSlowCaseConstantSpace
47515 and patchOffsetGetByIdSlowCaseCall
47516 and enables DOUBLE_CONVERSION_CORRECT_DOUBLE_OPERATIONS flag for SH4 platforms.
47518 Reviewed by Gavin Barraclough.
47521 * wtf/dtoa/utils.h:
47523 2011-09-08 Mark Hahnenberg <mhahnenberg@apple.com>
47525 Remove getUInt32 from JSCell
47526 https://bugs.webkit.org/show_bug.cgi?id=67691
47528 Reviewed by Oliver Hunt.
47530 We don't use JSCell::getUInt32 anymore, so it has been removed.
47532 * JavaScriptCore.exp:
47533 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
47534 * runtime/JSCell.cpp:
47535 * runtime/JSCell.h:
47537 2011-09-07 Filip Pizlo <fpizlo@apple.com>
47541 * bytecode/CodeBlock.cpp:
47542 (JSC::CodeBlock::~CodeBlock):
47544 2011-09-07 Oliver Hunt <oliver@apple.com>
47546 Release mode build fix.
47548 * API/JSCallbackObject.h:
47549 (JSC::JSCallbackObject::create):
47551 2011-09-06 Oliver Hunt <oliver@apple.com>
47553 Remove JSObjectWithGlobalObject
47554 https://bugs.webkit.org/show_bug.cgi?id=67689
47556 Reviewed by Geoff Garen.
47558 Remove JSObjectWithGlobalObject, and update code to stop using anonymous
47559 storage to access the global object that a JSObject comes from. Largely
47560 mechanical change to remove the use of anonymous storage and JSObjectWithGlobalObject.
47562 * API/JSCallbackConstructor.cpp:
47563 (JSC::JSCallbackConstructor::JSCallbackConstructor):
47564 (JSC::JSCallbackConstructor::finishCreation):
47565 * API/JSCallbackConstructor.h:
47566 * API/JSCallbackObject.cpp:
47567 * API/JSCallbackObject.h:
47568 (JSC::JSCallbackObject::create):
47569 * API/JSCallbackObjectFunctions.h:
47570 (JSC::::JSCallbackObject):
47571 (JSC::::finishCreation):
47572 (JSC::::staticFunctionGetter):
47573 * API/JSClassRef.cpp:
47574 (OpaqueJSClass::prototype):
47575 * API/JSObjectRef.cpp:
47577 (JSObjectGetPrivate):
47578 (JSObjectSetPrivate):
47579 (JSObjectGetPrivateProperty):
47580 (JSObjectSetPrivateProperty):
47581 (JSObjectDeletePrivateProperty):
47582 * API/JSValueRef.cpp:
47583 (JSValueIsObjectOfClass):
47584 * API/JSWeakObjectMapRefPrivate.cpp:
47585 * JavaScriptCore.exp:
47586 * JavaScriptCore.xcodeproj/project.pbxproj:
47587 * bytecode/CodeBlock.h:
47588 * dfg/DFGRepatch.cpp:
47589 (JSC::DFG::dfgRepatchGetMethodFast):
47590 (JSC::DFG::tryCacheGetMethod):
47592 * jit/JITInlineMethods.h:
47593 (JSC::JIT::emitAllocateJSFunction):
47594 * jit/JITPropertyAccess.cpp:
47595 (JSC::JIT::patchMethodCallProto):
47596 * jit/JITStubs.cpp:
47597 (JSC::DEFINE_STUB_FUNCTION):
47598 * runtime/DatePrototype.cpp:
47599 * runtime/InternalFunction.cpp:
47600 (JSC::InternalFunction::InternalFunction):
47601 (JSC::InternalFunction::finishCreation):
47602 * runtime/InternalFunction.h:
47603 * runtime/JSFunction.cpp:
47604 (JSC::JSFunction::JSFunction):
47605 (JSC::JSFunction::finishCreation):
47606 * runtime/JSFunction.h:
47607 (JSC::JSFunction::create):
47608 (JSC::JSFunction::createStructure):
47609 * runtime/JSGlobalObject.cpp:
47610 (JSC::JSGlobalObject::reset):
47611 * runtime/JSONObject.cpp:
47612 (JSC::JSONObject::JSONObject):
47613 (JSC::JSONObject::finishCreation):
47614 * runtime/JSONObject.h:
47615 * runtime/JSObject.h:
47616 (JSC::JSObject::globalObject):
47617 * runtime/JSObjectWithGlobalObject.cpp: Removed.
47618 * runtime/JSObjectWithGlobalObject.h: Removed.
47619 * runtime/JSValue.cpp:
47620 (JSC::JSValue::isValidCallee):
47621 * runtime/Lookup.cpp:
47622 (JSC::setUpStaticFunctionSlot):
47623 * runtime/Lookup.h:
47624 * runtime/MathObject.cpp:
47625 (JSC::MathObject::MathObject):
47626 (JSC::MathObject::finishCreation):
47627 * runtime/MathObject.h:
47628 * runtime/NumberPrototype.cpp:
47629 * runtime/RegExpObject.cpp:
47630 (JSC::RegExpObject::RegExpObject):
47631 (JSC::RegExpObject::finishCreation):
47632 * runtime/RegExpObject.h:
47633 * runtime/Structure.cpp:
47634 (JSC::Structure::Structure):
47635 * runtime/Structure.h:
47636 (JSC::Structure::create):
47637 (JSC::Structure::globalObject):
47639 2011-09-07 Gavin Barraclough <barraclough@apple.com>
47641 Refactor JIT checks for ObjectType into helper functions.
47643 Rubber stamped by Sam Weinig.
47645 * dfg/DFGJITCompiler.h:
47646 (JSC::DFG::JITCompiler::branchIfNotObject):
47647 * dfg/DFGNonSpeculativeJIT.cpp:
47648 (JSC::DFG::NonSpeculativeJIT::compile):
47649 * dfg/DFGSpeculativeJIT.cpp:
47650 (JSC::DFG::SpeculativeJIT::compile):
47652 * jit/JITCall32_64.cpp:
47653 (JSC::JIT::emit_op_ret_object_or_this):
47654 * jit/JITInlineMethods.h:
47655 (JSC::JIT::emitJumpIfNotObject):
47656 * jit/JITOpcodes.cpp:
47657 (JSC::JIT::emit_op_instanceof):
47658 (JSC::JIT::emit_op_ret_object_or_this):
47659 (JSC::JIT::emit_op_get_pnames):
47660 (JSC::JIT::emit_op_create_this):
47661 * jit/JITOpcodes32_64.cpp:
47662 (JSC::JIT::emit_op_instanceof):
47663 (JSC::JIT::emit_op_get_pnames):
47664 (JSC::JIT::emit_op_create_this):
47666 2011-09-07 Sheriff Bot <webkit.review.bot@gmail.com>
47668 Unreviewed, rolling out r94627 and r94632.
47669 http://trac.webkit.org/changeset/94627
47670 http://trac.webkit.org/changeset/94632
47671 https://bugs.webkit.org/show_bug.cgi?id=67698
47673 It broke tests on GTK and Qt (Requested by Ossy on #webkit).
47675 * API/JSCallbackConstructor.cpp:
47676 (JSC::JSCallbackConstructor::JSCallbackConstructor):
47677 * API/JSCallbackConstructor.h:
47678 (JSC::JSCallbackConstructor::create):
47679 * API/JSCallbackFunction.cpp:
47680 (JSC::JSCallbackFunction::JSCallbackFunction):
47681 * API/JSCallbackFunction.h:
47682 * JavaScriptCore.exp:
47683 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
47684 * debugger/DebuggerActivation.cpp:
47685 (JSC::DebuggerActivation::create):
47686 * debugger/DebuggerActivation.h:
47688 (GlobalObject::constructorBody):
47689 (GlobalObject::GlobalObject):
47690 * runtime/ArrayConstructor.cpp:
47691 (JSC::ArrayConstructor::ArrayConstructor):
47692 * runtime/ArrayConstructor.h:
47693 * runtime/ArrayPrototype.cpp:
47694 (JSC::ArrayPrototype::ArrayPrototype):
47695 * runtime/ArrayPrototype.h:
47696 (JSC::ArrayPrototype::create):
47697 * runtime/BooleanConstructor.cpp:
47698 (JSC::BooleanConstructor::BooleanConstructor):
47699 * runtime/BooleanConstructor.h:
47700 * runtime/BooleanObject.cpp:
47701 (JSC::BooleanObject::BooleanObject):
47702 * runtime/BooleanObject.h:
47703 (JSC::BooleanObject::create):
47704 * runtime/BooleanPrototype.cpp:
47705 (JSC::BooleanPrototype::BooleanPrototype):
47706 * runtime/BooleanPrototype.h:
47707 * runtime/DateConstructor.cpp:
47708 (JSC::DateConstructor::DateConstructor):
47709 * runtime/DateConstructor.h:
47710 * runtime/DateInstance.cpp:
47711 (JSC::DateInstance::DateInstance):
47712 * runtime/DateInstance.h:
47713 (JSC::DateInstance::create):
47714 * runtime/DatePrototype.cpp:
47715 (JSC::DatePrototype::DatePrototype):
47716 * runtime/DatePrototype.h:
47717 * runtime/Error.cpp:
47718 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
47719 * runtime/ErrorConstructor.cpp:
47720 (JSC::ErrorConstructor::ErrorConstructor):
47721 * runtime/ErrorConstructor.h:
47722 (JSC::ErrorConstructor::create):
47723 * runtime/ErrorPrototype.cpp:
47724 (JSC::ErrorPrototype::ErrorPrototype):
47725 * runtime/ErrorPrototype.h:
47726 (JSC::ErrorPrototype::create):
47727 * runtime/FunctionConstructor.cpp:
47728 (JSC::FunctionConstructor::FunctionConstructor):
47729 * runtime/FunctionConstructor.h:
47730 * runtime/FunctionPrototype.cpp:
47731 (JSC::FunctionPrototype::FunctionPrototype):
47732 * runtime/FunctionPrototype.h:
47733 * runtime/InternalFunction.cpp:
47734 (JSC::InternalFunction::InternalFunction):
47735 * runtime/InternalFunction.h:
47736 * runtime/JSActivation.cpp:
47737 (JSC::JSActivation::JSActivation):
47738 * runtime/JSActivation.h:
47739 (JSC::JSActivation::create):
47740 * runtime/JSGlobalObject.h:
47741 (JSC::JSGlobalObject::create):
47742 (JSC::JSGlobalObject::JSGlobalObject):
47743 * runtime/JSONObject.cpp:
47744 (JSC::JSONObject::JSONObject):
47745 * runtime/JSONObject.h:
47746 (JSC::JSONObject::create):
47747 * runtime/JSStaticScopeObject.h:
47748 (JSC::JSStaticScopeObject::create):
47749 (JSC::JSStaticScopeObject::JSStaticScopeObject):
47750 * runtime/JSString.cpp:
47751 (JSC::StringObject::create):
47752 * runtime/MathObject.cpp:
47753 (JSC::MathObject::MathObject):
47754 * runtime/MathObject.h:
47755 (JSC::MathObject::create):
47756 * runtime/NativeErrorConstructor.cpp:
47757 (JSC::NativeErrorConstructor::NativeErrorConstructor):
47758 * runtime/NativeErrorConstructor.h:
47759 (JSC::NativeErrorConstructor::constructorBody):
47760 * runtime/NativeErrorPrototype.cpp:
47761 (JSC::NativeErrorPrototype::NativeErrorPrototype):
47762 (JSC::NativeErrorPrototype::constructorBody):
47763 * runtime/NativeErrorPrototype.h:
47764 * runtime/NumberConstructor.cpp:
47765 (JSC::NumberConstructor::NumberConstructor):
47766 * runtime/NumberConstructor.h:
47767 * runtime/NumberObject.cpp:
47768 (JSC::NumberObject::NumberObject):
47769 * runtime/NumberObject.h:
47770 (JSC::NumberObject::create):
47771 * runtime/NumberPrototype.cpp:
47772 (JSC::NumberPrototype::NumberPrototype):
47773 * runtime/NumberPrototype.h:
47774 * runtime/ObjectConstructor.cpp:
47775 (JSC::ObjectConstructor::ObjectConstructor):
47776 * runtime/ObjectConstructor.h:
47777 * runtime/RegExpConstructor.cpp:
47778 (JSC::RegExpConstructor::RegExpConstructor):
47779 (JSC::RegExpMatchesArray::RegExpMatchesArray):
47780 * runtime/RegExpConstructor.h:
47781 * runtime/RegExpMatchesArray.h:
47782 (JSC::RegExpMatchesArray::create):
47783 * runtime/RegExpObject.cpp:
47784 (JSC::RegExpObject::RegExpObject):
47785 * runtime/RegExpObject.h:
47786 (JSC::RegExpObject::create):
47787 * runtime/RegExpPrototype.cpp:
47788 (JSC::RegExpPrototype::RegExpPrototype):
47789 * runtime/StringConstructor.cpp:
47790 (JSC::StringConstructor::StringConstructor):
47791 * runtime/StringConstructor.h:
47792 * runtime/StringObject.cpp:
47793 (JSC::StringObject::StringObject):
47794 * runtime/StringObject.h:
47795 (JSC::StringObject::create):
47796 * runtime/StringObjectThatMasqueradesAsUndefined.h:
47797 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
47798 * runtime/StringPrototype.cpp:
47799 (JSC::StringPrototype::StringPrototype):
47800 * runtime/StringPrototype.h:
47802 2011-09-06 Xianzhu Wang <wangxianzhu@chromium.org>
47804 Replace usages of Vector<UChar> with existing StringBuilder
47805 https://bugs.webkit.org/show_bug.cgi?id=67079
47807 Reviewed by Gavin Barraclough.
47809 This is part of work to support 8-bit string buffers.
47810 Adds StringBuilder::characters() because the original Vector<UChar>::data()
47812 Sets the minimum size of buffer to 16 to prevent possible performance
47813 regression. Further performance investigation should be done in
47814 https://bugs.webkit.org/show_bug.cgi?id=67084.
47817 * wtf/text/StringBuilder.cpp:
47818 (WTF::StringBuilder::appendUninitialized): Sets minimum buffer size to 16 bytes.
47819 * wtf/text/StringBuilder.h:
47820 (WTF::StringBuilder::operator[]):
47821 (WTF::StringBuilder::characters): Added.
47823 2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
47825 Fix broken snow leopard build
47826 https://bugs.webkit.org/show_bug.cgi?id=67693
47828 Reviewed by Daniel Bates.
47830 Removed unnecessary symbol export.
47832 * JavaScriptCore.exp:
47834 2011-09-06 Filip Pizlo <fpizlo@apple.com>
47836 DFG JIT does not optimize booleans
47837 https://bugs.webkit.org/show_bug.cgi?id=67670
47839 Reviewed by Gavin Barraclough.
47841 This adds boolean value profiling, boolean prediction in the DFG,
47842 boolean forward flow propagation in the DFGPropagator, boolean
47843 data format in DFG generation info, and comprehensive optimizations
47844 based on both boolean prediction and boolean generation info.
47845 This is brings the speed-up on v8-richards to 12%, and gives slight
47846 speed-ups elsewhere as well.
47848 Making this work right required navigating some subtleties in
47849 value profiling. Some functions get compiled with insufficient
47850 information because some important path of the function never
47851 executed. In these cases, we wish to fall back on static
47852 speculation. But to do so, we need to ensure that predictions that
47853 are inherent in the code (like that GetById almost certainly takes
47854 a cell operand) are reflected in predictions that we make in
47855 DFGPropagator. Thus, DFGPropagator now does both backward and
47856 forward flow, using a both forward and backward fixpoint.
47858 The backward flow in DFGPropagator is a separate static analysis,
47859 and needs to keep a set of backward flow abstract values for
47860 variables, arguments, and globals. To make this easy, this patch
47861 factors out DFGGraph's prediction tracking capability into
47862 DFGPredictionTracker, which now gets used by both DFGGraph (for
47863 forward flow predictions) and DFGPropagator (for backward flow
47864 predictions). Backward flow predictions eventually get merged
47865 into forward flow ones, but the two are not equivalent: a forward
47866 flow prediction is a superset of the backward flow prediction.
47868 Debugging these prediction issues required a better understanding
47869 of where we fail speculation, and what our value predictions look
47870 like. This patch also adds optional verbose speculation failure
47871 (so an informative printf fires whenever speculation failure occurs)
47872 and slight improvements to the verbosity in other places.
47874 * bytecode/ValueProfile.h:
47875 (JSC::ValueProfile::numberOfBooleans):
47876 (JSC::ValueProfile::probabilityOfBoolean):
47877 (JSC::ValueProfile::dump):
47878 (JSC::ValueProfile::computeStatistics):
47879 * dfg/DFGByteCodeParser.cpp:
47880 (JSC::DFG::ByteCodeParser::stronglyPredict):
47881 (JSC::DFG::ByteCodeParser::parseBlock):
47882 * dfg/DFGGenerationInfo.h:
47883 (JSC::DFG::dataFormatToString):
47884 (JSC::DFG::needDataFormatConversion):
47885 * dfg/DFGGraph.cpp:
47886 (JSC::DFG::Graph::dump):
47887 (JSC::DFG::Graph::predictArgumentTypes):
47889 (JSC::DFG::Graph::Graph):
47890 (JSC::DFG::Graph::predictions):
47891 (JSC::DFG::Graph::predict):
47892 (JSC::DFG::Graph::predictGlobalVar):
47893 (JSC::DFG::Graph::getPrediction):
47894 (JSC::DFG::Graph::getGlobalVarPrediction):
47895 (JSC::DFG::Graph::isBooleanConstant):
47896 (JSC::DFG::Graph::valueOfBooleanConstant):
47897 * dfg/DFGJITCodeGenerator.cpp:
47898 (JSC::DFG::JITCodeGenerator::fillInteger):
47899 (JSC::DFG::JITCodeGenerator::fillDouble):
47900 (JSC::DFG::JITCodeGenerator::fillJSValue):
47901 (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
47902 (JSC::DFG::JITCodeGenerator::isKnownBoolean):
47903 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
47904 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
47905 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
47906 (JSC::DFG::JITCodeGenerator::emitBranch):
47907 (JSC::DFG::JITCodeGenerator::speculationCheck):
47908 (JSC::DFG::GPRTemporary::GPRTemporary):
47909 * dfg/DFGJITCodeGenerator.h:
47910 (JSC::DFG::JITCodeGenerator::isBooleanConstant):
47911 (JSC::DFG::JITCodeGenerator::valueOfBooleanConstant):
47912 * dfg/DFGJITCompiler.cpp:
47913 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
47914 (JSC::DFG::JITCompiler::link):
47915 * dfg/DFGJITCompiler.h:
47916 (JSC::DFG::JITCompiler::debugCall):
47917 (JSC::DFG::JITCompiler::isBooleanConstant):
47918 (JSC::DFG::JITCompiler::valueOfBooleanConstant):
47920 (JSC::DFG::isBooleanPrediction):
47921 (JSC::DFG::predictionToString):
47922 (JSC::DFG::mergePredictions):
47923 (JSC::DFG::makePrediction):
47924 (JSC::DFG::Node::isBooleanConstant):
47925 (JSC::DFG::Node::valueOfBooleanConstant):
47926 (JSC::DFG::Node::hasBooleanResult):
47927 (JSC::DFG::Node::hasNumericResult):
47928 (JSC::DFG::Node::predict):
47929 * dfg/DFGOperations.cpp:
47930 * dfg/DFGOperations.h:
47931 * dfg/DFGPredictionTracker.h: Added.
47932 (JSC::DFG::operandIsArgument):
47933 (JSC::DFG::PredictionSlot::PredictionSlot):
47934 (JSC::DFG::PredictionTracker::PredictionTracker):
47935 (JSC::DFG::PredictionTracker::initializeSimilarTo):
47936 (JSC::DFG::PredictionTracker::numberOfArguments):
47937 (JSC::DFG::PredictionTracker::numberOfVariables):
47938 (JSC::DFG::PredictionTracker::argumentOffsetForOperand):
47939 (JSC::DFG::PredictionTracker::predictArgument):
47940 (JSC::DFG::PredictionTracker::predict):
47941 (JSC::DFG::PredictionTracker::predictGlobalVar):
47942 (JSC::DFG::PredictionTracker::getArgumentPrediction):
47943 (JSC::DFG::PredictionTracker::getPrediction):
47944 (JSC::DFG::PredictionTracker::getGlobalVarPrediction):
47945 * dfg/DFGPropagator.cpp:
47946 (JSC::DFG::Propagator::Propagator):
47947 (JSC::DFG::Propagator::fixpoint):
47948 (JSC::DFG::Propagator::setPrediction):
47949 (JSC::DFG::Propagator::mergeUse):
47950 (JSC::DFG::Propagator::mergePrediction):
47951 (JSC::DFG::Propagator::propagateNode):
47952 * dfg/DFGSpeculativeJIT.cpp:
47953 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
47954 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
47955 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
47956 (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
47957 (JSC::DFG::SpeculativeJIT::compare):
47958 (JSC::DFG::SpeculativeJIT::compile):
47959 * dfg/DFGSpeculativeJIT.h:
47960 (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
47961 (JSC::DFG::SpeculateBooleanOperand::~SpeculateBooleanOperand):
47962 (JSC::DFG::SpeculateBooleanOperand::index):
47963 (JSC::DFG::SpeculateBooleanOperand::gpr):
47964 (JSC::DFG::SpeculateBooleanOperand::use):
47965 * runtime/JSGlobalData.h:
47966 * runtime/JSValue.cpp:
47967 (JSC::JSValue::description):
47969 2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
47971 Unzip initialization lists and constructors in JSCell hierarchy (5/7)
47972 https://bugs.webkit.org/show_bug.cgi?id=67420
47974 Reviewed by Geoffrey Garen.
47976 Completed the fifth level of the refactoring to add finishCreation()
47977 methods to all classes within the JSCell hierarchy with non-trivial
47978 constructor bodies.
47980 This primarily consists of pushing the calls to finishCreation() down
47981 into the constructors of the subclasses of the second level of the hierarchy
47982 as well as pulling the finishCreation() calls out into the class's corresponding
47983 create() method if it has one. Doing both simultaneously allows us to
47984 maintain the invariant that the finishCreation() method chain is called exactly
47985 once during the creation of an object, since calling it any other number of
47986 times (0, 2, or more) will cause an assertion failure.
47988 * API/JSCallbackConstructor.cpp:
47989 (JSC::JSCallbackConstructor::JSCallbackConstructor):
47990 * API/JSCallbackConstructor.h:
47991 (JSC::JSCallbackConstructor::create):
47992 * API/JSCallbackFunction.cpp:
47993 (JSC::JSCallbackFunction::JSCallbackFunction):
47994 (JSC::JSCallbackFunction::finishCreation):
47995 * API/JSCallbackFunction.h:
47996 * JavaScriptCore.exp:
47997 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
47998 * debugger/DebuggerActivation.cpp:
47999 * debugger/DebuggerActivation.h:
48000 (JSC::DebuggerActivation::create):
48002 (GlobalObject::finishCreation):
48003 (GlobalObject::GlobalObject):
48004 * runtime/ArrayConstructor.cpp:
48005 (JSC::ArrayConstructor::ArrayConstructor):
48006 (JSC::ArrayConstructor::finishCreation):
48007 * runtime/ArrayConstructor.h:
48008 * runtime/ArrayPrototype.cpp:
48009 (JSC::ArrayPrototype::ArrayPrototype):
48010 * runtime/ArrayPrototype.h:
48011 (JSC::ArrayPrototype::create):
48012 * runtime/BooleanConstructor.cpp:
48013 (JSC::BooleanConstructor::BooleanConstructor):
48014 (JSC::BooleanConstructor::finishCreation):
48015 * runtime/BooleanConstructor.h:
48016 * runtime/BooleanObject.cpp:
48017 (JSC::BooleanObject::BooleanObject):
48018 * runtime/BooleanObject.h:
48019 (JSC::BooleanObject::create):
48020 * runtime/BooleanPrototype.cpp:
48021 (JSC::BooleanPrototype::BooleanPrototype):
48022 (JSC::BooleanPrototype::finishCreation):
48023 * runtime/BooleanPrototype.h:
48024 * runtime/DateConstructor.cpp:
48025 (JSC::DateConstructor::DateConstructor):
48026 (JSC::DateConstructor::finishCreation):
48027 * runtime/DateConstructor.h:
48028 * runtime/DateInstance.cpp:
48029 (JSC::DateInstance::DateInstance):
48030 * runtime/DateInstance.h:
48031 (JSC::DateInstance::create):
48032 * runtime/DatePrototype.cpp:
48033 (JSC::DatePrototype::DatePrototype):
48034 (JSC::DatePrototype::finishCreation):
48035 * runtime/DatePrototype.h:
48036 * runtime/Error.cpp:
48037 (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
48038 * runtime/ErrorConstructor.cpp:
48039 (JSC::ErrorConstructor::ErrorConstructor):
48040 (JSC::ErrorConstructor::finishCreation):
48041 * runtime/ErrorConstructor.h:
48042 * runtime/ErrorPrototype.cpp:
48043 (JSC::ErrorPrototype::ErrorPrototype):
48044 * runtime/ErrorPrototype.h:
48045 (JSC::ErrorPrototype::create):
48046 * runtime/FunctionConstructor.cpp:
48047 (JSC::FunctionConstructor::FunctionConstructor):
48048 (JSC::FunctionConstructor::finishCreation):
48049 * runtime/FunctionConstructor.h:
48050 * runtime/FunctionPrototype.cpp:
48051 (JSC::FunctionPrototype::FunctionPrototype):
48052 (JSC::FunctionPrototype::finishCreation):
48053 * runtime/FunctionPrototype.h:
48054 * runtime/InternalFunction.cpp:
48055 (JSC::InternalFunction::InternalFunction):
48056 * runtime/InternalFunction.h:
48057 * runtime/JSActivation.cpp:
48058 (JSC::JSActivation::JSActivation):
48059 * runtime/JSActivation.h:
48060 (JSC::JSActivation::create):
48061 * runtime/JSGlobalObject.h:
48062 (JSC::JSGlobalObject::create):
48063 (JSC::JSGlobalObject::JSGlobalObject):
48064 * runtime/JSONObject.cpp:
48065 (JSC::JSONObject::JSONObject):
48066 * runtime/JSONObject.h:
48067 (JSC::JSONObject::create):
48068 * runtime/JSStaticScopeObject.h:
48069 (JSC::JSStaticScopeObject::create):
48070 (JSC::JSStaticScopeObject::JSStaticScopeObject):
48071 * runtime/JSString.cpp:
48072 (JSC::StringObject::create):
48073 * runtime/MathObject.cpp:
48074 (JSC::MathObject::MathObject):
48075 * runtime/MathObject.h:
48076 (JSC::MathObject::create):
48077 * runtime/NativeErrorConstructor.cpp:
48078 (JSC::NativeErrorConstructor::NativeErrorConstructor):
48079 * runtime/NativeErrorConstructor.h:
48080 (JSC::NativeErrorConstructor::finishCreation):
48081 * runtime/NativeErrorPrototype.cpp:
48082 (JSC::NativeErrorPrototype::NativeErrorPrototype):
48083 (JSC::NativeErrorPrototype::finishCreation):
48084 * runtime/NativeErrorPrototype.h:
48085 * runtime/NumberConstructor.cpp:
48086 (JSC::NumberConstructor::NumberConstructor):
48087 (JSC::NumberConstructor::finishCreation):
48088 * runtime/NumberConstructor.h:
48089 * runtime/NumberObject.cpp:
48090 (JSC::NumberObject::NumberObject):
48091 * runtime/NumberObject.h:
48092 (JSC::NumberObject::create):
48093 * runtime/NumberPrototype.cpp:
48094 (JSC::NumberPrototype::NumberPrototype):
48095 (JSC::NumberPrototype::finishCreation):
48096 * runtime/NumberPrototype.h:
48097 * runtime/ObjectConstructor.cpp:
48098 (JSC::ObjectConstructor::ObjectConstructor):
48099 (JSC::ObjectConstructor::finishCreation):
48100 * runtime/ObjectConstructor.h:
48101 * runtime/RegExpConstructor.cpp:
48102 (JSC::RegExpConstructor::RegExpConstructor):
48103 (JSC::RegExpConstructor::finishCreation):
48104 (JSC::RegExpMatchesArray::RegExpMatchesArray):
48105 * runtime/RegExpConstructor.h:
48106 * runtime/RegExpMatchesArray.h:
48107 (JSC::RegExpMatchesArray::create):
48108 * runtime/RegExpObject.cpp:
48109 (JSC::RegExpObject::RegExpObject):
48110 * runtime/RegExpObject.h:
48111 (JSC::RegExpObject::create):
48112 * runtime/RegExpPrototype.cpp:
48113 (JSC::RegExpPrototype::RegExpPrototype):
48114 * runtime/StringConstructor.cpp:
48115 (JSC::StringConstructor::StringConstructor):
48116 (JSC::StringConstructor::finishCreation):
48117 * runtime/StringConstructor.h:
48118 * runtime/StringObject.cpp:
48119 (JSC::StringObject::StringObject):
48120 * runtime/StringObject.h:
48121 (JSC::StringObject::create):
48122 * runtime/StringObjectThatMasqueradesAsUndefined.h:
48123 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
48124 * runtime/StringPrototype.cpp:
48125 (JSC::StringPrototype::StringPrototype):
48126 (JSC::StringPrototype::finishCreation):
48127 * runtime/StringPrototype.h:
48129 2011-09-06 Filip Pizlo <fpizlo@apple.com>
48131 Accessibility tests crashing in BasicRawSentinelNode code
48132 https://bugs.webkit.org/show_bug.cgi?id=67682
48134 Reviewed by Geoffrey Garen.
48136 A CodeBlock should ensure that no other CodeBlocks have references to it after
48139 * bytecode/CodeBlock.cpp:
48140 (JSC::CodeBlock::~CodeBlock):
48142 2011-09-06 Yong Li <yoli@rim.com>
48144 https://bugs.webkit.org/show_bug.cgi?id=67486
48145 This reverts r65993 which gives wrong results for rshift
48146 in some corner cases (see the test).
48148 Reviewed by Gavin Barraclough.
48150 New test: fast/js/floating-point-truncate-rshift.html
48152 * assembler/ARMAssembler.h:
48153 * assembler/MacroAssemblerARM.h:
48154 (JSC::MacroAssemblerARM::supportsFloatingPointTruncate):
48155 (JSC::MacroAssemblerARM::branchTruncateDoubleToInt32):
48157 2011-09-06 Filip Pizlo <fpizlo@apple.com>
48159 Unreviewed build fix for r94559.
48161 Marked the relevant parameters as unused if !ENABLE(JIT), and surrounded
48162 new out-of-line JIT-specific method definitions with !ENABLE(JIT).
48164 * bytecode/CodeBlock.cpp:
48165 * runtime/Executable.cpp:
48166 (JSC::EvalExecutable::compileInternal):
48167 (JSC::ProgramExecutable::compileInternal):
48168 (JSC::FunctionExecutable::compileForCallInternal):
48170 2011-09-06 Mark Hahnenberg <mhahnenberg@apple.com>
48172 Fix broken PPC build due to new dtoa library
48173 https://bugs.webkit.org/show_bug.cgi?id=67654
48175 Reviewed by Dan Bernstein.
48177 Added condition for PPC in the new dtoa compatibility check so that
48178 building won't fail.
48180 * wtf/dtoa/utils.h:
48182 2011-09-05 Oliver Hunt <oliver@apple.com>
48184 An object's structure should reference the global object responsible for its creation
48185 https://bugs.webkit.org/show_bug.cgi?id=67624
48187 Reviewed by Gavin Barraclough.
48189 Add a reference to a GlobalObject to Structure, and update all calls to
48190 Structure::create() to pass the global object that is the origin for that
48191 structure. For objects where the appropriate global object isn't available
48192 at construction time (global object prototypes, etc), or objects that
48193 logically don't have a global object (strings, etc) we just pass null.
48195 This change is largely mechanical (passing a new globalObject parameter
48198 * API/JSCallbackConstructor.h:
48199 (JSC::JSCallbackConstructor::createStructure):
48200 * API/JSCallbackFunction.h:
48201 (JSC::JSCallbackFunction::createStructure):
48202 * API/JSCallbackObject.h:
48203 (JSC::JSCallbackObject::createStructure):
48204 * API/JSContextRef.cpp:
48205 * JavaScriptCore.exp:
48206 * debugger/DebuggerActivation.h:
48207 (JSC::DebuggerActivation::createStructure):
48208 * runtime/Arguments.h:
48209 (JSC::Arguments::createStructure):
48210 * runtime/ArrayConstructor.h:
48211 (JSC::ArrayConstructor::createStructure):
48212 * runtime/ArrayPrototype.h:
48213 (JSC::ArrayPrototype::createStructure):
48214 * runtime/BooleanObject.h:
48215 (JSC::BooleanObject::createStructure):
48216 * runtime/BooleanPrototype.h:
48217 (JSC::BooleanPrototype::createStructure):
48218 * runtime/DateConstructor.h:
48219 (JSC::DateConstructor::createStructure):
48220 * runtime/DateInstance.h:
48221 (JSC::DateInstance::createStructure):
48222 * runtime/DatePrototype.h:
48223 (JSC::DatePrototype::createStructure):
48224 * runtime/ErrorInstance.h:
48225 (JSC::ErrorInstance::createStructure):
48226 * runtime/ErrorPrototype.h:
48227 (JSC::ErrorPrototype::createStructure):
48228 * runtime/Executable.h:
48229 (JSC::ExecutableBase::createStructure):
48230 (JSC::NativeExecutable::createStructure):
48231 (JSC::EvalExecutable::createStructure):
48232 (JSC::ProgramExecutable::createStructure):
48233 (JSC::FunctionExecutable::createStructure):
48234 * runtime/FunctionPrototype.h:
48235 (JSC::FunctionPrototype::createStructure):
48236 * runtime/GetterSetter.h:
48237 (JSC::GetterSetter::createStructure):
48238 * runtime/InternalFunction.h:
48239 (JSC::InternalFunction::createStructure):
48240 * runtime/JSAPIValueWrapper.h:
48241 (JSC::JSAPIValueWrapper::createStructure):
48242 * runtime/JSActivation.h:
48243 (JSC::JSActivation::createStructure):
48244 * runtime/JSArray.h:
48245 (JSC::JSArray::createStructure):
48246 * runtime/JSByteArray.cpp:
48247 (JSC::JSByteArray::createStructure):
48248 * runtime/JSByteArray.h:
48249 * runtime/JSFunction.h:
48250 (JSC::JSFunction::createStructure):
48251 * runtime/JSGlobalData.cpp:
48252 (JSC::JSGlobalData::JSGlobalData):
48253 * runtime/JSGlobalObject.cpp:
48254 (JSC::JSGlobalObject::reset):
48255 * runtime/JSGlobalObject.h:
48256 (JSC::JSGlobalObject::finishCreation):
48257 (JSC::JSGlobalObject::createStructure):
48258 * runtime/JSNotAnObject.h:
48259 (JSC::JSNotAnObject::createStructure):
48260 * runtime/JSONObject.h:
48261 (JSC::JSONObject::createStructure):
48262 * runtime/JSObject.cpp:
48263 (JSC::JSObject::createInheritorID):
48264 * runtime/JSObject.h:
48265 (JSC::JSObject::createStructure):
48266 (JSC::JSNonFinalObject::createStructure):
48267 (JSC::JSFinalObject::createStructure):
48268 (JSC::createEmptyObjectStructure):
48269 * runtime/JSObjectWithGlobalObject.h:
48270 (JSC::JSObjectWithGlobalObject::createStructure):
48271 * runtime/JSPropertyNameIterator.h:
48272 (JSC::JSPropertyNameIterator::createStructure):
48273 * runtime/JSStaticScopeObject.h:
48274 (JSC::JSStaticScopeObject::createStructure):
48275 * runtime/JSString.h:
48276 (JSC::RopeBuilder::createStructure):
48277 * runtime/JSVariableObject.h:
48278 (JSC::JSVariableObject::createStructure):
48279 * runtime/JSWrapperObject.h:
48280 (JSC::JSWrapperObject::createStructure):
48281 * runtime/MathObject.h:
48282 (JSC::MathObject::createStructure):
48283 * runtime/NativeErrorConstructor.h:
48284 (JSC::NativeErrorConstructor::createStructure):
48285 (JSC::NativeErrorConstructor::constructorBody):
48286 * runtime/NumberConstructor.h:
48287 (JSC::NumberConstructor::createStructure):
48288 * runtime/NumberObject.h:
48289 (JSC::NumberObject::createStructure):
48290 * runtime/NumberPrototype.h:
48291 (JSC::NumberPrototype::createStructure):
48292 * runtime/ObjectConstructor.h:
48293 (JSC::ObjectConstructor::createStructure):
48294 * runtime/ObjectPrototype.h:
48295 (JSC::ObjectPrototype::createStructure):
48296 * runtime/RegExp.h:
48297 (JSC::RegExp::createStructure):
48298 * runtime/RegExpConstructor.h:
48299 (JSC::RegExpConstructor::createStructure):
48300 * runtime/RegExpObject.h:
48301 (JSC::RegExpObject::createStructure):
48302 * runtime/RegExpPrototype.h:
48303 (JSC::RegExpPrototype::createStructure):
48304 * runtime/ScopeChain.h:
48305 (JSC::ScopeChainNode::createStructure):
48306 * runtime/StrictEvalActivation.h:
48307 (JSC::StrictEvalActivation::createStructure):
48308 * runtime/StringConstructor.h:
48309 (JSC::StringConstructor::createStructure):
48310 * runtime/StringObject.h:
48311 (JSC::StringObject::createStructure):
48312 * runtime/StringObjectThatMasqueradesAsUndefined.h:
48313 (JSC::StringObjectThatMasqueradesAsUndefined::create):
48314 (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
48315 * runtime/StringPrototype.h:
48316 (JSC::StringPrototype::createStructure):
48317 * runtime/Structure.cpp:
48318 (JSC::Structure::Structure):
48319 (JSC::Structure::visitChildren):
48320 * runtime/Structure.h:
48321 (JSC::Structure::create):
48322 (JSC::Structure::globalObject):
48323 (JSC::Structure::setGlobalObject):
48324 * runtime/StructureChain.h:
48325 (JSC::StructureChain::createStructure):
48327 2011-09-06 Michael Saboff <msaboff@apple.com>
48329 Add windows changes for JSC:RegExp functional tests
48330 https://bugs.webkit.org/show_bug.cgi?id=67521
48332 Windows build changes for regular expression functional test.
48334 Rubber-stamped by Gavin Barraclough.
48336 * JavaScriptCore.vcproj/JavaScriptCore.sln:
48337 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
48338 * JavaScriptCore.vcproj/testRegExp: Added.
48339 * JavaScriptCore.vcproj/testRegExp/testRegExp.vcproj: Added.
48340 * JavaScriptCore.vcproj/testRegExp/testRegExpCommon.vsprops: Added.
48341 * JavaScriptCore.vcproj/testRegExp/testRegExpDebug.vsprops: Added.
48342 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugAll.vsprops: Added.
48343 * JavaScriptCore.vcproj/testRegExp/testRegExpDebugCairoCFLite.vsprops: Added.
48344 * JavaScriptCore.vcproj/testRegExp/testRegExpPostBuild.cmd: Added.
48345 * JavaScriptCore.vcproj/testRegExp/testRegExpPreBuild.cmd: Added.
48346 * JavaScriptCore.vcproj/testRegExp/testRegExpPreLink.cmd: Added.
48347 * JavaScriptCore.vcproj/testRegExp/testRegExpProduction.vsprops: Added.
48348 * JavaScriptCore.vcproj/testRegExp/testRegExpRelease.vsprops: Added.
48349 * JavaScriptCore.vcproj/testRegExp/testRegExpReleaseCairoCFLite.vsprops: Added.
48350 * JavaScriptCore.vcproj/testRegExp/testRegExpReleasePGO.vsprops: Added.
48352 2011-09-06 Filip Pizlo <fpizlo@apple.com>
48354 JavaScriptCore does not have tiered compilation
48355 https://bugs.webkit.org/show_bug.cgi?id=67176
48357 Reviewed by Gavin Barraclough.
48359 This adds the ability to have multiple CodeBlocks associated with
48360 a particular role in an Executable. These are stored in
48361 descending order of compiler tier. CodeBlocks are optimized when
48362 a counter (m_executeCounter) that is incremented in loops and
48363 epilogues becomes positive. Optimizing means that all calls to
48364 the old CodeBlock are unlinked.
48366 The DFG can now pull in predictions from ValueProfiles, and
48367 propagate them along the graph. To support the new phase while
48368 maintaing some level of abstraction, a DFGDriver was introduced
48369 that encapsulates how to run the DFG compiler.
48371 This is turned off by default because it's not yet a performance
48372 win on all benchmarks. It speeds up crypto and richards by
48373 10% and 6% respectively, but still does not do as good of a job
48374 as it could. Notably, the DFG backend has not changed, and
48375 is largely oblivious to the new information being made available
48378 When turned off (the default), this patch is performance neutral.
48382 * GNUmakefile.list.am:
48383 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
48384 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
48385 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
48386 * JavaScriptCore.xcodeproj/project.pbxproj:
48387 * assembler/MacroAssemblerX86.h:
48388 (JSC::MacroAssemblerX86::branchAdd32):
48389 * assembler/MacroAssemblerX86_64.h:
48390 (JSC::MacroAssemblerX86_64::branchAdd32):
48391 * bytecode/CodeBlock.cpp:
48392 (JSC::CodeBlock::CodeBlock):
48393 (JSC::CodeBlock::~CodeBlock):
48394 (JSC::CodeBlock::visitAggregate):
48395 (JSC::CallLinkInfo::unlink):
48396 (JSC::CodeBlock::unlinkCalls):
48397 (JSC::CodeBlock::unlinkIncomingCalls):
48398 (JSC::CodeBlock::clearEvalCache):
48399 (JSC::replaceExistingEntries):
48400 (JSC::CodeBlock::copyDataFromAlternative):
48401 (JSC::ProgramCodeBlock::replacement):
48402 (JSC::EvalCodeBlock::replacement):
48403 (JSC::FunctionCodeBlock::replacement):
48404 (JSC::ProgramCodeBlock::compileOptimized):
48405 (JSC::EvalCodeBlock::compileOptimized):
48406 (JSC::FunctionCodeBlock::compileOptimized):
48407 * bytecode/CodeBlock.h:
48408 (JSC::GlobalCodeBlock::GlobalCodeBlock):
48409 (JSC::ProgramCodeBlock::ProgramCodeBlock):
48410 (JSC::EvalCodeBlock::EvalCodeBlock):
48411 (JSC::FunctionCodeBlock::FunctionCodeBlock):
48412 * bytecode/ValueProfile.h:
48413 (JSC::ValueProfile::dump):
48414 (JSC::ValueProfile::computeStatistics):
48415 * bytecompiler/BytecodeGenerator.cpp:
48416 (JSC::BytecodeGenerator::BytecodeGenerator):
48417 * bytecompiler/BytecodeGenerator.h:
48418 * dfg/DFGByteCodeParser.cpp:
48419 (JSC::DFG::ByteCodeParser::ByteCodeParser):
48420 (JSC::DFG::ByteCodeParser::addCall):
48421 (JSC::DFG::ByteCodeParser::dynamicallyPredict):
48422 (JSC::DFG::ByteCodeParser::parseBlock):
48424 * dfg/DFGDriver.cpp: Added.
48425 (JSC::DFG::compile):
48426 (JSC::DFG::tryCompile):
48427 (JSC::DFG::tryCompileFunction):
48428 * dfg/DFGDriver.h: Added.
48429 (JSC::DFG::tryCompile):
48430 (JSC::DFG::tryCompileFunction):
48431 * dfg/DFGGraph.cpp:
48432 (JSC::DFG::Graph::dump):
48433 (JSC::DFG::Graph::predictArgumentTypes):
48435 (JSC::DFG::Graph::predict):
48436 (JSC::DFG::Graph::predictGlobalVar):
48437 (JSC::DFG::Graph::isConstant):
48438 (JSC::DFG::Graph::isJSConstant):
48439 (JSC::DFG::Graph::isInt32Constant):
48440 (JSC::DFG::Graph::isDoubleConstant):
48441 (JSC::DFG::Graph::valueOfJSConstant):
48442 (JSC::DFG::Graph::valueOfInt32Constant):
48443 (JSC::DFG::Graph::valueOfDoubleConstant):
48444 * dfg/DFGJITCompiler.cpp:
48445 (JSC::DFG::JITCompiler::link):
48446 * dfg/DFGJITCompiler.h:
48447 (JSC::DFG::JITCompiler::isConstant):
48448 (JSC::DFG::JITCompiler::isJSConstant):
48449 (JSC::DFG::JITCompiler::isInt32Constant):
48450 (JSC::DFG::JITCompiler::isDoubleConstant):
48451 (JSC::DFG::JITCompiler::valueOfJSConstant):
48452 (JSC::DFG::JITCompiler::valueOfInt32Constant):
48453 (JSC::DFG::JITCompiler::valueOfDoubleConstant):
48455 (JSC::DFG::isCellPrediction):
48456 (JSC::DFG::isNumberPrediction):
48457 (JSC::DFG::predictionToString):
48458 (JSC::DFG::mergePrediction):
48459 (JSC::DFG::makePrediction):
48460 (JSC::DFG::Node::valueOfJSConstant):
48461 (JSC::DFG::Node::isInt32Constant):
48462 (JSC::DFG::Node::isDoubleConstant):
48463 (JSC::DFG::Node::valueOfInt32Constant):
48464 (JSC::DFG::Node::valueOfDoubleConstant):
48465 (JSC::DFG::Node::predict):
48466 * dfg/DFGPropagation.cpp: Added.
48467 (JSC::DFG::Propagator::Propagator):
48468 (JSC::DFG::Propagator::fixpoint):
48469 (JSC::DFG::Propagator::setPrediction):
48470 (JSC::DFG::Propagator::mergePrediction):
48471 (JSC::DFG::Propagator::propagateNode):
48472 (JSC::DFG::Propagator::propagateForward):
48473 (JSC::DFG::Propagator::propagateBackward):
48474 (JSC::DFG::propagate):
48475 * dfg/DFGPropagation.h: Added.
48476 (JSC::DFG::propagate):
48477 * dfg/DFGRepatch.cpp:
48478 (JSC::DFG::dfgLinkFor):
48479 * heap/HandleHeap.h:
48480 (JSC::HandleHeap::Node::Node):
48482 (JSC::JIT::emitOptimizationCheck):
48483 (JSC::JIT::emitTimeoutCheck):
48484 (JSC::JIT::privateCompile):
48485 (JSC::JIT::linkFor):
48487 (JSC::JIT::emitOptimizationCheck):
48488 * jit/JITCall32_64.cpp:
48489 (JSC::JIT::emit_op_ret):
48490 (JSC::JIT::emit_op_ret_object_or_this):
48492 (JSC::JITCode::JITCode):
48493 (JSC::JITCode::bottomTierJIT):
48494 (JSC::JITCode::topTierJIT):
48495 (JSC::JITCode::nextTierJIT):
48496 * jit/JITOpcodes.cpp:
48497 (JSC::JIT::emit_op_ret):
48498 (JSC::JIT::emit_op_ret_object_or_this):
48499 * jit/JITStubs.cpp:
48500 (JSC::DEFINE_STUB_FUNCTION):
48502 * runtime/Executable.cpp:
48503 (JSC::EvalExecutable::compileOptimized):
48504 (JSC::EvalExecutable::compileInternal):
48505 (JSC::ProgramExecutable::compileOptimized):
48506 (JSC::ProgramExecutable::compileInternal):
48507 (JSC::FunctionExecutable::compileOptimizedForCall):
48508 (JSC::FunctionExecutable::compileOptimizedForConstruct):
48509 (JSC::FunctionExecutable::compileForCallInternal):
48510 (JSC::FunctionExecutable::compileForConstructInternal):
48511 * runtime/Executable.h:
48512 (JSC::EvalExecutable::compile):
48513 (JSC::ProgramExecutable::compile):
48514 (JSC::FunctionExecutable::compileForCall):
48515 (JSC::FunctionExecutable::compileForConstruct):
48516 (JSC::FunctionExecutable::compileOptimizedFor):
48518 * wtf/SentinelLinkedList.h:
48519 (WTF::BasicRawSentinelNode::BasicRawSentinelNode):
48520 (WTF::BasicRawSentinelNode::setPrev):
48521 (WTF::BasicRawSentinelNode::setNext):
48522 (WTF::BasicRawSentinelNode::prev):
48523 (WTF::BasicRawSentinelNode::next):
48524 (WTF::BasicRawSentinelNode::isOnList):
48526 (WTF::::SentinelLinkedList):
48531 2011-09-05 Sheriff Bot <webkit.review.bot@gmail.com>
48533 Unreviewed, rolling out r94445 and r94448.
48534 http://trac.webkit.org/changeset/94445
48535 http://trac.webkit.org/changeset/94448
48536 https://bugs.webkit.org/show_bug.cgi?id=67595
48538 It broke everything (Requested by ossy on #webkit).
48540 * JavaScriptCore.exp:
48541 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
48543 (JSC::Heap::collect):
48545 * heap/NewSpace.cpp:
48546 (JSC::NewSpace::NewSpace):
48548 * jit/JITStubs.cpp:
48549 (JSC::DEFINE_STUB_FUNCTION):
48550 * runtime/JSObject.cpp:
48551 (JSC::JSObject::allocatePropertyStorage):
48552 * runtime/JSObject.h:
48553 (JSC::JSObject::~JSObject):
48554 (JSC::JSObject::putDirectInternal):
48555 (JSC::JSObject::putDirectWithoutTransition):
48556 (JSC::JSObject::putDirectFunctionWithoutTransition):
48557 (JSC::JSObject::transitionTo):
48558 (JSC::JSObject::visitChildrenDirect):
48560 2011-09-05 Patrick Gansterer <paroga@webkit.org>
48562 Unreviewed build fix for r94452.
48564 Add config.h as the first header to the cc files as required by the coding style.
48565 Reuse macros from Assertions.h instead of adding addional #ifdefs.
48567 * wtf/dtoa/bignum-dtoa.cc:
48568 * wtf/dtoa/bignum.cc:
48569 * wtf/dtoa/cached-powers.cc:
48570 * wtf/dtoa/diy-fp.cc:
48571 * wtf/dtoa/double-conversion.cc:
48572 * wtf/dtoa/fast-dtoa.cc:
48573 * wtf/dtoa/fixed-dtoa.cc:
48574 * wtf/dtoa/strtod.cc:
48575 * wtf/dtoa/utils.h:
48577 2011-09-05 Andras Becsi <andras.becsi@nokia.com>
48579 [Qt][WK2] Fix the build
48581 Rubber-stamped by Csaba Osztrogonác.
48583 * wtf/dtoa/double-conversion.cc: Remove dead variable in file added in r94452.
48584 The variable fractional_part is only set but never used.
48586 2011-09-04 Mark Hahnenberg <mhahnenberg@apple.com>
48588 REGRESSION (r94452): 20 http/tests tests failing on Qt Linux Release
48589 https://bugs.webkit.org/show_bug.cgi?id=67562
48591 Reviewed by Darin Adler.
48593 Fixing the build (again which was broken by the dtoa patch. Needed
48594 to make sure WTF::double_conversion::initialize() is called for Qt
48595 as well as adding a check for WinCE in dtoa/utils.h
48597 * runtime/InitializeThreading.cpp:
48598 (JSC::initializeThreadingOnce):
48599 * wtf/dtoa/cached-powers.cc:
48600 * wtf/dtoa/utils.h:
48602 2011-09-03 Filip Pizlo <fpizlo@apple.com>
48604 ThunkGenerators does not convert positive double zero into integer zero
48605 https://bugs.webkit.org/show_bug.cgi?id=67553
48607 Reviewed by Gavin Barraclough.
48609 This is an 0.5% speed-up on V8 and neutral elsewhere.
48611 * jit/SpecializedThunkJIT.h:
48612 (JSC::SpecializedThunkJIT::returnDouble):
48614 2011-09-03 Kevin Ollivier <kevino@theolliviers.com>
48616 [wx] Unreviewed build fix. Add wtf/dtoa directory to build.
48620 2011-09-03 Filip Pizlo <fpizlo@apple.com>
48622 DFG variable predictions only work for local variables, not temporaries
48623 https://bugs.webkit.org/show_bug.cgi?id=67554
48625 Reviewed by Gavin Barraclough.
48627 This appears to be a slight speed-up in Kraken (0.3% but significant)
48628 and neutral elsewhere.
48631 (JSC::DFG::Graph::predict):
48633 2011-09-02 Filip Pizlo <fpizlo@apple.com>
48635 DFG JIT speculation failure does recovery of additions in reverse and
48637 https://bugs.webkit.org/show_bug.cgi?id=67551
48639 Reviewed by Sam Weinig.
48641 * dfg/DFGJITCompiler.cpp:
48642 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
48644 2011-09-02 Filip Pizlo <fpizlo@apple.com>
48646 ValueProfile does not make it safe to introspect cell values
48647 after garbage collection
48648 https://bugs.webkit.org/show_bug.cgi?id=67354
48650 Reviewed by Gavin Barraclough.
48652 ValueProfile buckets are now weak references, implemented using a
48653 light-weight weak reference mechanism that this patch also adds (the
48654 WeakReferenceHarvester). If a cell stored in a ValueProfile bucket
48655 is not marked, then the bucket is transformed into a Structure
48656 pointer. If the Structure is not marked either, then it is turned
48657 into a ClassInfo pointer.
48659 * JavaScriptCore.xcodeproj/project.pbxproj:
48660 * bytecode/CodeBlock.cpp:
48661 (JSC::CodeBlock::~CodeBlock):
48662 (JSC::CodeBlock::visitAggregate):
48663 (JSC::CodeBlock::visitWeakReferences):
48664 * bytecode/CodeBlock.h:
48665 * bytecode/ValueProfile.h:
48666 (JSC::ValueProfile::ValueProfile):
48667 (JSC::ValueProfile::classInfo):
48668 (JSC::ValueProfile::numberOfInt32s):
48669 (JSC::ValueProfile::numberOfDoubles):
48670 (JSC::ValueProfile::numberOfCells):
48671 (JSC::ValueProfile::numberOfArrays):
48672 (JSC::ValueProfile::probabilityOfArray):
48673 (JSC::ValueProfile::WeakBucket::WeakBucket):
48674 (JSC::ValueProfile::WeakBucket::operator!):
48675 (JSC::ValueProfile::WeakBucket::isEmpty):
48676 (JSC::ValueProfile::WeakBucket::isClassInfo):
48677 (JSC::ValueProfile::WeakBucket::isStructure):
48678 (JSC::ValueProfile::WeakBucket::asStructure):
48679 (JSC::ValueProfile::WeakBucket::asClassInfo):
48680 (JSC::ValueProfile::WeakBucket::getClassInfo):
48682 (JSC::Heap::harvestWeakReferences):
48683 (JSC::Heap::markRoots):
48685 * heap/MarkStack.cpp:
48686 (JSC::SlotVisitor::drain):
48687 (JSC::SlotVisitor::harvestWeakReferences):
48688 * heap/MarkStack.h:
48689 (JSC::MarkStack::addWeakReferenceHarvester):
48690 (JSC::MarkStack::MarkStack):
48691 (JSC::MarkStack::appendUnbarrieredPointer):
48692 * heap/SlotVisitor.h:
48693 * heap/WeakReferenceHarvester.h: Added.
48694 (JSC::WeakReferenceHarvester::WeakReferenceHarvester):
48695 (JSC::WeakReferenceHarvester::~WeakReferenceHarvester):
48697 2011-09-02 Michael Saboff <msaboff@apple.com>
48699 Replace local implementation of string equals() methods with UString versions
48700 https://bugs.webkit.org/show_bug.cgi?id=67342
48702 In preparation to allowing StringImpl to be backed by 8 bit
48703 characters when appropriate, we need to eliminate or change the
48704 usage of StringImpl::characters(). Change the uses of characters()
48705 that are used to implement redundant equals() methods.
48707 Reviewed by Gavin Barraclough.
48709 * runtime/Identifier.cpp:
48710 (JSC::Identifier::equal):
48711 * runtime/Identifier.h:
48712 (JSC::Identifier::equal):
48713 * wtf/text/AtomicString.cpp:
48714 (WTF::CStringTranslator::equal): Moved an optimized method to here.
48716 * wtf/text/StringImpl.cpp:
48718 * wtf/text/StringImpl.h:
48720 2011-09-02 Michael Saboff <msaboff@apple.com>
48722 Add JSC:RegExp functional tests
48723 https://bugs.webkit.org/show_bug.cgi?id=67339
48725 Added new test driver program (testRegExp) and corresponding data file
48726 along with build scripts changes.
48728 Reviewed by Gavin Barraclough.
48730 * JavaScriptCore.exp:
48731 * JavaScriptCore.xcodeproj/project.pbxproj:
48732 * testRegExp.cpp: Added.
48733 (Options::Options):
48734 (StopWatch::start):
48736 (StopWatch::getElapsedMS):
48737 (RegExpTest::RegExpTest):
48738 (GlobalObject::create):
48739 (GlobalObject::className):
48740 (GlobalObject::GlobalObject):
48742 (cleanupGlobalData):
48748 (printUsageStatement):
48751 * tests/regexp: Added.
48752 * tests/regexp/RegExpTest.data: Added.
48754 2011-09-02 Michael Saboff <msaboff@apple.com>
48756 Add JSC:RegExp functional test data generator
48757 https://bugs.webkit.org/show_bug.cgi?id=67519
48759 Add a data generator for regular expressions. To enable, change the
48760 #undef REGEXP_FUNC_TEST_DATA_GEN to #define. Then compile and use
48761 regular expressions. The resulting data will be in /tmp/RegExpTestsData.
48763 Reviewed by Gavin Barraclough.
48765 * runtime/RegExp.cpp:
48766 (JSC::regExpFlags):
48767 (JSC::RegExpFunctionalTestCollector::clearRegExp):
48768 (JSC::RegExpFunctionalTestCollector::get):
48769 (JSC::RegExpFunctionalTestCollector::outputOneTest):
48770 (JSC::RegExpFunctionalTestCollector::RegExpFunctionalTestCollector):
48771 (JSC::RegExpFunctionalTestCollector::~RegExpFunctionalTestCollector):
48772 (JSC::RegExpFunctionalTestCollector::outputEscapedUString):
48773 (JSC::RegExp::~RegExp):
48774 (JSC::RegExp::compile):
48775 (JSC::RegExp::match):
48776 (JSC::RegExp::matchCompareWithInterpreter):
48778 2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
48780 Fix the broken build due to dtoa patch
48781 https://bugs.webkit.org/show_bug.cgi?id=67534
48783 Reviewed by Oliver Hunt.
48787 * GNUmakefile.list.am:
48788 * wtf/dtoa/bignum.cc:
48789 * wtf/dtoa/fast-dtoa.cc:
48790 * wtf/dtoa/utils.h:
48792 2011-09-02 Oliver Hunt <oliver@apple.com>
48794 Remove OldSpace classes
48795 https://bugs.webkit.org/show_bug.cgi?id=67533
48797 Reviewed by Gavin Barraclough.
48799 Remove the unused OldSpace classes
48802 * GNUmakefile.list.am:
48803 * JavaScriptCore.gypi:
48804 * JavaScriptCore.pro:
48805 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
48806 * JavaScriptCore.xcodeproj/project.pbxproj:
48808 (JSC::Heap::writeBarrierSlowCase):
48809 * heap/MarkedBlock.h:
48810 * heap/OldSpace.cpp: Removed.
48811 * heap/OldSpace.h: Removed.
48813 2011-09-02 James Robinson <jamesr@chromium.org>
48815 Compile fix for mac build.
48817 * wtf/CheckedArithmetic.h:
48822 2011-08-30 Matthew Delaney <mdelaney@apple.com>
48824 Read out of bounds in sUnpremultiplyData_RGBA8888 / ImageBufferData::getData
48825 https://bugs.webkit.org/show_bug.cgi?id=65352
48827 Reviewed by Simon Fraser.
48829 New test: fast/canvas/canvas-getImageData-large-crash.html
48831 This patch prevents overflows from happening in getImageData, createImageData, and canvas creation
48832 calls that specify widths and heights that end up overflowing the ints that we store those values in
48833 as well as derived values such as area and maxX / maxY of the bounding rects involved. Overflow of integer
48834 arithmetic is detected via the use of the new Checked type that was introduced in r94207. The change to JSC
48835 is just to add a new helper method described below.
48837 * wtf/MathExtras.h:
48838 (isWithinIntRange): Reports if a float's value is within the range expressible by an int.
48840 2011-09-02 Mark Hahnenberg <mhahnenberg@apple.com>
48842 Incorporate newer, faster dtoa library
48843 https://bugs.webkit.org/show_bug.cgi?id=66346
48845 Reviewed by Oliver Hunt.
48847 Added new dtoa library at http://code.google.com/p/double-conversion/.
48848 Replaced old call to dtoa. The new library is much faster than the old one.
48849 We still use the old dtoa for some stuff in WebCore as well as the old strtod,
48850 but we can phase these out eventually as well.
48852 * GNUmakefile.list.am:
48853 * JavaScriptCore.exp:
48854 * JavaScriptCore.gypi:
48855 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
48856 * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
48857 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
48858 * JavaScriptCore.xcodeproj/project.pbxproj:
48859 * runtime/InitializeThreading.cpp:
48860 * runtime/NumberPrototype.cpp:
48861 (JSC::numberProtoFuncToExponential):
48862 (JSC::numberProtoFuncToFixed):
48863 (JSC::numberProtoFuncToPrecision):
48864 * runtime/UString.cpp:
48865 (JSC::UString::number):
48866 * wtf/CMakeLists.txt:
48867 * wtf/ThreadingPthreads.cpp:
48868 (WTF::initializeThreading):
48869 * wtf/ThreadingWin.cpp:
48870 (WTF::initializeThreading):
48874 * wtf/dtoa/COPYING: Added.
48875 * wtf/dtoa/LICENSE: Added.
48876 * wtf/dtoa/README: Added.
48877 * wtf/dtoa/bignum-dtoa.cc: Added.
48878 * wtf/dtoa/bignum-dtoa.h: Added.
48879 * wtf/dtoa/bignum.cc: Added.
48880 * wtf/dtoa/bignum.h: Added.
48881 (WTF::double_conversion::Bignum::Times10):
48882 (WTF::double_conversion::Bignum::Equal):
48883 (WTF::double_conversion::Bignum::LessEqual):
48884 (WTF::double_conversion::Bignum::Less):
48885 (WTF::double_conversion::Bignum::PlusEqual):
48886 (WTF::double_conversion::Bignum::PlusLessEqual):
48887 (WTF::double_conversion::Bignum::PlusLess):
48888 (WTF::double_conversion::Bignum::EnsureCapacity):
48889 (WTF::double_conversion::Bignum::BigitLength):
48890 * wtf/dtoa/cached-powers.cc: Added.
48891 * wtf/dtoa/cached-powers.h: Added.
48892 * wtf/dtoa/diy-fp.cc: Added.
48893 * wtf/dtoa/diy-fp.h: Added.
48894 (WTF::double_conversion::DiyFp::DiyFp):
48895 (WTF::double_conversion::DiyFp::Subtract):
48896 (WTF::double_conversion::DiyFp::Minus):
48897 (WTF::double_conversion::DiyFp::Times):
48898 (WTF::double_conversion::DiyFp::Normalize):
48899 (WTF::double_conversion::DiyFp::f):
48900 (WTF::double_conversion::DiyFp::e):
48901 (WTF::double_conversion::DiyFp::set_f):
48902 (WTF::double_conversion::DiyFp::set_e):
48903 * wtf/dtoa/double-conversion.cc: Added.
48904 * wtf/dtoa/double-conversion.h: Added.
48905 (WTF::double_conversion::DoubleToStringConverter::DoubleToStringConverter):
48906 (WTF::double_conversion::StringToDoubleConverter::StringToDoubleConverter):
48907 * wtf/dtoa/double.h: Added.
48908 (WTF::double_conversion::double_to_uint64):
48909 (WTF::double_conversion::uint64_to_double):
48910 (WTF::double_conversion::Double::Double):
48911 (WTF::double_conversion::Double::AsDiyFp):
48912 (WTF::double_conversion::Double::AsNormalizedDiyFp):
48913 (WTF::double_conversion::Double::AsUint64):
48914 (WTF::double_conversion::Double::NextDouble):
48915 (WTF::double_conversion::Double::Exponent):
48916 (WTF::double_conversion::Double::Significand):
48917 (WTF::double_conversion::Double::IsDenormal):
48918 (WTF::double_conversion::Double::IsSpecial):
48919 (WTF::double_conversion::Double::IsNan):
48920 (WTF::double_conversion::Double::IsInfinite):
48921 (WTF::double_conversion::Double::Sign):
48922 (WTF::double_conversion::Double::UpperBoundary):
48923 (WTF::double_conversion::Double::NormalizedBoundaries):
48924 (WTF::double_conversion::Double::value):
48925 (WTF::double_conversion::Double::SignificandSizeForOrderOfMagnitude):
48926 (WTF::double_conversion::Double::Infinity):
48927 (WTF::double_conversion::Double::NaN):
48928 (WTF::double_conversion::Double::DiyFpToUint64):
48929 * wtf/dtoa/fast-dtoa.cc: Added.
48930 * wtf/dtoa/fast-dtoa.h: Added.
48931 * wtf/dtoa/fixed-dtoa.cc: Added.
48932 * wtf/dtoa/fixed-dtoa.h: Added.
48933 * wtf/dtoa/strtod.cc: Added.
48934 * wtf/dtoa/strtod.h: Added.
48935 * wtf/dtoa/utils.h: Added.
48936 (WTF::double_conversion::Max):
48937 (WTF::double_conversion::Min):
48938 (WTF::double_conversion::StrLength):
48939 (WTF::double_conversion::Vector::Vector):
48940 (WTF::double_conversion::Vector::SubVector):
48941 (WTF::double_conversion::Vector::length):
48942 (WTF::double_conversion::Vector::is_empty):
48943 (WTF::double_conversion::Vector::start):
48944 (WTF::double_conversion::Vector::operator[]):
48945 (WTF::double_conversion::Vector::first):
48946 (WTF::double_conversion::Vector::last):
48947 (WTF::double_conversion::StringBuilder::StringBuilder):
48948 (WTF::double_conversion::StringBuilder::~StringBuilder):
48949 (WTF::double_conversion::StringBuilder::size):
48950 (WTF::double_conversion::StringBuilder::position):
48951 (WTF::double_conversion::StringBuilder::Reset):
48952 (WTF::double_conversion::StringBuilder::AddCharacter):
48953 (WTF::double_conversion::StringBuilder::AddString):
48954 (WTF::double_conversion::StringBuilder::AddSubstring):
48955 (WTF::double_conversion::StringBuilder::AddPadding):
48956 (WTF::double_conversion::StringBuilder::Finalize):
48957 (WTF::double_conversion::StringBuilder::is_finalized):
48958 (WTF::double_conversion::BitCast):
48961 2011-09-02 Filip Pizlo <fpizlo@apple.com>
48963 DFG graph has no way of distinguishing or reconciling between static
48964 and dynamic predictions
48965 https://bugs.webkit.org/show_bug.cgi?id=67343
48967 Reviewed by Gavin Barraclough.
48969 PredictedType now stores the source of the prediction. Merging predictions,
48970 which was previously done with a bitwise or, is now done via the
48971 mergePredictions (equivalent to |) and mergePrediction (equivalent to |=)
48972 functions, which correctly handle combinations of static and dynamic.
48974 This is performance-neutral, since all predictions are currently static and
48975 so the code has no visible effects.
48977 * dfg/DFGByteCodeParser.cpp:
48978 (JSC::DFG::ByteCodeParser::set):
48979 (JSC::DFG::ByteCodeParser::staticallyPredictArray):
48980 (JSC::DFG::ByteCodeParser::staticallyPredictInt32):
48981 (JSC::DFG::ByteCodeParser::parseBlock):
48983 (JSC::DFG::Graph::predict):
48984 (JSC::DFG::Graph::predictGlobalVar):
48986 (JSC::DFG::isArrayPrediction):
48987 (JSC::DFG::isInt32Prediction):
48988 (JSC::DFG::isDoublePrediction):
48989 (JSC::DFG::isDynamicPrediction):
48990 (JSC::DFG::mergePredictions):
48991 (JSC::DFG::mergePrediction):
48992 (JSC::DFG::makePrediction):
48993 (JSC::DFG::Node::predict):
48995 2011-09-02 Oliver Hunt <oliver@apple.com>
49000 (JSC::NewSpace::allocatePropertyStorage):
49001 (JSC::NewSpace::inPropertyStorageNursery):
49003 2011-09-02 Oliver Hunt <oliver@apple.com>
49005 Use bump allocator for initial property storage
49006 https://bugs.webkit.org/show_bug.cgi?id=67494
49008 Reviewed by Gavin Barraclough.
49010 Switch to a bump allocator for the initial out of line
49011 property storage. This gives us slightly faster allocation
49012 for short lived objects that need out of line storage at
49013 the cost of an additional memcpy when the object survives
49016 No performance impact.
49018 * JavaScriptCore.exp:
49020 (JSC::Heap::collect):
49022 (JSC::Heap::allocatePropertyStorage):
49023 (JSC::Heap::inPropertyStorageNursary):
49024 * heap/NewSpace.cpp:
49025 (JSC::NewSpace::NewSpace):
49027 (JSC::NewSpace::resetPropertyStorageNursary):
49028 (JSC::NewSpace::allocatePropertyStorage):
49029 (JSC::NewSpace::inPropertyStorageNursary):
49030 * jit/JITStubs.cpp:
49031 (JSC::DEFINE_STUB_FUNCTION):
49032 * runtime/JSObject.cpp:
49033 (JSC::JSObject::allocatePropertyStorage):
49034 * runtime/JSObject.h:
49035 (JSC::JSObject::~JSObject):
49036 (JSC::JSObject::putDirectInternal):
49037 (JSC::JSObject::putDirectWithoutTransition):
49038 (JSC::JSObject::putDirectFunctionWithoutTransition):
49039 (JSC::JSObject::transitionTo):
49040 (JSC::JSObject::visitChildrenDirect):
49042 2011-09-01 Mark Rowe <mrowe@apple.com>
49046 * JavaScriptCore.JSVALUE32_64only.exp:
49047 * JavaScriptCore.JSVALUE64only.exp:
49048 * JavaScriptCore.exp:
49050 2011-09-01 Mark Hahnenberg <mhahnenberg@apple.com>
49052 Unzip initialization lists and constructors in JSCell hierarchy (4/7)
49053 https://bugs.webkit.org/show_bug.cgi?id=67174
49055 Reviewed by Oliver Hunt.
49057 Completed the fourth level of the refactoring to add finishCreation()
49058 methods to all classes within the JSCell hierarchy with non-trivial
49059 constructor bodies.
49061 This primarily consists of pushing the calls to finishCreation() down
49062 into the constructors of the subclasses of the second level of the hierarchy
49063 as well as pulling the finishCreation() calls out into the class's corresponding
49064 create() method if it has one. Doing both simultaneously allows us to
49065 maintain the invariant that the finishCreation() method chain is called exactly
49066 once during the creation of an object, since calling it any other number of
49067 times (0, 2, or more) will cause an assertion failure.
49069 * API/JSCallbackConstructor.cpp:
49070 (JSC::JSCallbackConstructor::JSCallbackConstructor):
49071 (JSC::JSCallbackConstructor::finishCreation):
49072 * API/JSCallbackConstructor.h:
49073 * API/JSCallbackObject.h:
49074 (JSC::JSCallbackObject::create):
49075 * API/JSCallbackObjectFunctions.h:
49076 (JSC::::JSCallbackObject):
49077 (JSC::::finishCreation):
49078 * JavaScriptCore.JSVALUE64only.exp:
49079 * JavaScriptCore.exp:
49080 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
49081 * debugger/DebuggerActivation.cpp:
49082 (JSC::DebuggerActivation::DebuggerActivation):
49083 (JSC::DebuggerActivation::create):
49084 * debugger/DebuggerActivation.h:
49085 * runtime/Arguments.h:
49086 (JSC::Arguments::create):
49087 (JSC::Arguments::createNoParameters):
49088 (JSC::Arguments::Arguments):
49089 * runtime/ArrayPrototype.cpp:
49090 (JSC::ArrayPrototype::ArrayPrototype):
49091 (JSC::ArrayPrototype::finishCreation):
49092 * runtime/ArrayPrototype.h:
49093 * runtime/BooleanObject.cpp:
49094 (JSC::BooleanObject::BooleanObject):
49095 (JSC::BooleanObject::finishCreation):
49096 * runtime/BooleanObject.h:
49097 * runtime/DateInstance.cpp:
49098 (JSC::DateInstance::DateInstance):
49099 (JSC::DateInstance::finishCreation):
49100 * runtime/DateInstance.h:
49101 * runtime/ErrorInstance.cpp:
49102 (JSC::ErrorInstance::ErrorInstance):
49103 * runtime/ErrorInstance.h:
49104 (JSC::ErrorInstance::create):
49105 * runtime/ErrorPrototype.cpp:
49106 (JSC::ErrorPrototype::ErrorPrototype):
49107 (JSC::ErrorPrototype::finishCreation):
49108 * runtime/ErrorPrototype.h:
49109 * runtime/ExceptionHelpers.cpp:
49110 (JSC::InterruptedExecutionError::InterruptedExecutionError):
49111 (JSC::InterruptedExecutionError::create):
49112 (JSC::TerminatedExecutionError::TerminatedExecutionError):
49113 (JSC::TerminatedExecutionError::create):
49114 * runtime/Executable.cpp:
49115 (JSC::EvalExecutable::EvalExecutable):
49116 (JSC::ProgramExecutable::ProgramExecutable):
49117 (JSC::FunctionExecutable::FunctionExecutable):
49118 * runtime/Executable.h:
49119 (JSC::NativeExecutable::create):
49120 (JSC::NativeExecutable::NativeExecutable):
49121 (JSC::EvalExecutable::create):
49122 (JSC::ProgramExecutable::create):
49123 (JSC::FunctionExecutable::create):
49124 * runtime/InternalFunction.cpp:
49125 (JSC::InternalFunction::InternalFunction):
49126 (JSC::InternalFunction::finishCreation):
49127 * runtime/InternalFunction.h:
49128 * runtime/JSActivation.cpp:
49129 (JSC::JSActivation::JSActivation):
49130 (JSC::JSActivation::finishCreation):
49131 * runtime/JSActivation.h:
49132 * runtime/JSArray.cpp:
49133 (JSC::JSArray::JSArray):
49134 * runtime/JSArray.h:
49135 (JSC::JSArray::create):
49136 * runtime/JSByteArray.cpp:
49137 (JSC::JSByteArray::JSByteArray):
49138 * runtime/JSByteArray.h:
49139 (JSC::JSByteArray::create):
49140 * runtime/JSFunction.cpp:
49141 (JSC::JSFunction::JSFunction):
49142 (JSC::JSFunction::finishCreation):
49143 * runtime/JSFunction.h:
49144 (JSC::JSFunction::create):
49145 * runtime/JSGlobalObject.h:
49146 (JSC::JSGlobalObject::JSGlobalObject):
49147 (JSC::JSGlobalObject::finishCreation):
49148 * runtime/JSNotAnObject.h:
49149 (JSC::JSNotAnObject::JSNotAnObject):
49150 (JSC::JSNotAnObject::create):
49151 * runtime/JSONObject.cpp:
49152 (JSC::JSONObject::JSONObject):
49153 (JSC::JSONObject::finishCreation):
49154 * runtime/JSONObject.h:
49155 * runtime/JSObjectWithGlobalObject.cpp:
49156 (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
49157 * runtime/JSObjectWithGlobalObject.h:
49158 * runtime/JSStaticScopeObject.h:
49159 (JSC::JSStaticScopeObject::create):
49160 (JSC::JSStaticScopeObject::finishCreation):
49161 (JSC::JSStaticScopeObject::JSStaticScopeObject):
49162 * runtime/JSVariableObject.h:
49163 (JSC::JSVariableObject::JSVariableObject):
49164 * runtime/JSWrapperObject.h:
49165 (JSC::JSWrapperObject::JSWrapperObject):
49166 * runtime/MathObject.cpp:
49167 (JSC::MathObject::MathObject):
49168 (JSC::MathObject::finishCreation):
49169 * runtime/MathObject.h:
49170 * runtime/NumberObject.cpp:
49171 (JSC::NumberObject::NumberObject):
49172 (JSC::NumberObject::finishCreation):
49173 * runtime/NumberObject.h:
49174 * runtime/ObjectPrototype.cpp:
49175 (JSC::ObjectPrototype::ObjectPrototype):
49176 * runtime/ObjectPrototype.h:
49177 (JSC::ObjectPrototype::create):
49178 * runtime/RegExpConstructor.cpp:
49179 (JSC::RegExpMatchesArray::RegExpMatchesArray):
49180 (JSC::RegExpMatchesArray::finishCreation):
49181 * runtime/RegExpMatchesArray.h:
49182 * runtime/RegExpObject.cpp:
49183 (JSC::RegExpObject::RegExpObject):
49184 (JSC::RegExpObject::finishCreation):
49185 * runtime/RegExpObject.h:
49186 * runtime/StrictEvalActivation.cpp:
49187 (JSC::StrictEvalActivation::StrictEvalActivation):
49188 * runtime/StrictEvalActivation.h:
49189 (JSC::StrictEvalActivation::create):
49190 * runtime/StringObject.cpp:
49191 (JSC::StringObject::StringObject):
49192 (JSC::StringObject::finishCreation):
49193 * runtime/StringObject.h:
49195 2011-09-01 Daniel Bates <dbates@rim.com>
49197 QNX GCC distribution doesn't support vasprintf()
49198 https://bugs.webkit.org/show_bug.cgi?id=67423
49200 Reviewed by Antonio Gomes.
49202 * wtf/Platform.h: Don't enable HAVE_VASPRINTF when building with GCC on QNX.
49204 2011-09-01 Michael Saboff <msaboff@apple.com>
49206 Remove simple usage of UString::characters() from JavaScriptCore
49207 https://bugs.webkit.org/show_bug.cgi?id=67340
49209 In preparation to allowing StringImpl to be backed by 8 bit
49210 characters when appropriate, we need to eliminate or change the
49211 usage of StringImpl::characters(). Most of the changes below
49212 change s->characters()[0] to s[0].
49214 Reviewed by Geoffrey Garen.
49216 * bytecompiler/BytecodeGenerator.cpp:
49217 (JSC::keyForCharacterSwitch):
49218 * bytecompiler/NodesCodegen.cpp:
49219 (JSC::processClauseList):
49220 * interpreter/Interpreter.cpp:
49221 (JSC::Interpreter::privateExecute):
49222 * jit/JITStubs.cpp:
49223 (JSC::DEFINE_STUB_FUNCTION):
49224 * runtime/Identifier.cpp:
49225 (JSC::Identifier::addSlowCase):
49226 * runtime/JSGlobalObjectFunctions.cpp:
49229 * runtime/JSString.cpp:
49230 (JSC::JSString::substringFromRope):
49231 * runtime/JSString.h:
49232 (JSC::jsSingleCharacterSubstring):
49234 (JSC::jsSubstring):
49235 (JSC::jsOwnedString):
49236 * runtime/RegExp.cpp:
49237 (JSC::regExpFlags):
49238 * wtf/text/StringBuilder.h:
49239 (WTF::StringBuilder::operator[]):
49241 2011-09-01 Ada Chan <adachan@apple.com>
49243 Export fastMallocStatistics and Heap::objectTypeCounts for https://bugs.webkit.org/show_bug.cgi?id=67160.
49245 Reviewed by Darin Adler.
49247 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
49249 2011-09-01 Hao Zheng <zhenghao@chromium.org>
49251 Define PTHREAD_KEYS_MAX to fix Android port build.
49252 https://bugs.webkit.org/show_bug.cgi?id=67362
49254 Reviewed by Adam Barth.
49256 PTHREAD_KEYS_MAX is not defined in bionic, so explicitly define it.
49258 * wtf/ThreadIdentifierDataPthreads.cpp:
49260 2011-08-31 Oliver Hunt <oliver@apple.com>
49264 * wtf/CheckedArithmetic.h:
49265 (WTF::Checked::Checked):
49266 (WTF::Checked::operator=):
49268 2011-08-31 Oliver Hunt <oliver@apple.com>
49270 fast/regex/overflow.html asserts in debug builds
49271 https://bugs.webkit.org/show_bug.cgi?id=67326
49273 Reviewed by Gavin Barraclough.
49275 The deliberate overflows in these expressions don't interact nicely
49276 with Checked<32bit-type> so we just bump up to Checked<int64_t> for the
49277 intermediate calculations.
49279 * yarr/YarrJIT.cpp:
49280 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
49281 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
49283 2011-08-31 Jeff Miller <jeffm@apple.com>
49285 REGRESSION(92210): AVFoundation media engine is disabled on OS X
49286 https://bugs.webkit.org/show_bug.cgi?id=67316
49288 Move the definition of WTF_USE_AVFOUNDATION on the Mac back to JavaScriptCore/wtf/Platform.h,
49289 since WebKit2 doesn't have access to WebCore/config.h on this platform. This reverts the
49290 changes that were made in r92210.
49292 Reviewed by Darin Adler.
49294 * wtf/Platform.h: Added definition of WTF_USE_AVFOUNDATION on the Mac.
49296 2011-08-31 Peter Beverloo <peter@chromium.org>
49298 Add Android's platform specification and the right atomic functions.
49299 https://bugs.webkit.org/show_bug.cgi?id=66687
49301 Reviewed by Adam Barth.
49304 (WTF::atomicIncrement):
49305 (WTF::atomicDecrement):
49308 2011-08-30 Oliver Hunt <oliver@apple.com>
49310 Add support for checked arithmetic
49311 https://bugs.webkit.org/show_bug.cgi?id=67095
49313 Reviewed by Sam Weinig.
49315 Add a checked arithmetic class Checked<T> that provides overflow-safe
49316 arithmetic over all integral types. Checked<T> supports addition, subtraction
49317 and multiplication, along with "bool" conversions and equality operators.
49319 Checked<> can be used in either CRASH() on overflow or delayed failure modes,
49320 although the default is to CRASH().
49322 To ensure the code is actually in use (rather than checking in dead code) I've
49323 made a couple of properties in YARR use Checked<int> and Checked<unsigned>
49324 instead of raw value arithmetic. This has resulted in a moderate set of changes,
49325 to YARR - mostly adding .get() calls, but a couple of casts from unsigned long
49326 to unsigned for some uses of sizeof, as Checked<> currently does not support
49327 mixed signed-ness of types wider that 32 bits.
49329 Happily the increased type safety of Checked<> means that it's not possible to
49330 accidentally assign away precision, nor accidentally call integer overload of
49331 a function instead of the bool version.
49333 No measurable regression in performance, and SunSpider claims this patch to be
49334 a progression of 0.3%.
49336 * GNUmakefile.list.am:
49337 * JavaScriptCore.gypi:
49338 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
49339 * JavaScriptCore.xcodeproj/project.pbxproj:
49340 * wtf/CheckedArithmetic.h: Added.
49341 (WTF::CrashOnOverflow::overflowed):
49342 (WTF::CrashOnOverflow::clearOverflow):
49343 (WTF::CrashOnOverflow::hasOverflowed):
49344 (WTF::RecordOverflow::RecordOverflow):
49345 (WTF::RecordOverflow::overflowed):
49346 (WTF::RecordOverflow::clearOverflow):
49347 (WTF::RecordOverflow::hasOverflowed):
49351 (WTF::safeMultiply):
49353 (WTF::workAroundClangBug):
49354 (WTF::Checked::Checked):
49355 (WTF::Checked::operator=):
49356 (WTF::Checked::operator++):
49357 (WTF::Checked::operator--):
49358 (WTF::Checked::operator!):
49359 (WTF::Checked::operator UnspecifiedBoolType*):
49360 (WTF::Checked::get):
49361 (WTF::Checked::operator+=):
49362 (WTF::Checked::operator-=):
49363 (WTF::Checked::operator*=):
49364 (WTF::Checked::operator==):
49365 (WTF::Checked::operator!=):
49369 * yarr/YarrInterpreter.cpp:
49370 (JSC::Yarr::ByteCompiler::atomPatternCharacter):
49371 (JSC::Yarr::ByteCompiler::atomCharacterClass):
49372 (JSC::Yarr::ByteCompiler::atomBackReference):
49373 (JSC::Yarr::ByteCompiler::atomParentheticalAssertionEnd):
49374 (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
49375 (JSC::Yarr::ByteCompiler::atomParenthesesOnceEnd):
49376 (JSC::Yarr::ByteCompiler::atomParenthesesTerminalEnd):
49377 * yarr/YarrInterpreter.h:
49378 (JSC::Yarr::ByteTerm::ByteTerm):
49379 (JSC::Yarr::ByteTerm::CheckInput):
49380 (JSC::Yarr::ByteTerm::UncheckInput):
49381 * yarr/YarrJIT.cpp:
49382 (JSC::Yarr::YarrGenerator::generateAssertionEOL):
49383 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
49384 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
49385 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
49386 (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
49387 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
49388 (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
49389 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
49390 * yarr/YarrPattern.cpp:
49391 (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
49392 * yarr/YarrPattern.h:
49394 2011-08-31 Andrei Popescu <andreip@google.com>
49396 Investigate current uses of OS(ANDROID)
49397 https://bugs.webkit.org/show_bug.cgi?id=66761
49399 Unreviewed, build fix for ARM platforms.
49403 2011-08-31 Andrei Popescu <andreip@google.com>
49405 Investigate current uses of OS(ANDROID)
49406 https://bugs.webkit.org/show_bug.cgi?id=66761
49408 Reviewed by Darin Adler.
49410 Remove the last legacy Android code.
49412 No new tests needed as the code wasn't tested in the first place.
49416 * wtf/ThreadingPthreads.cpp:
49417 (WTF::createThreadInternal):
49419 2011-08-30 Aaron Colwell <acolwell@chromium.org>
49421 Add MediaSource API to HTMLMediaElement
49422 https://bugs.webkit.org/show_bug.cgi?id=64731
49424 Reviewed by Eric Carlson.
49426 * Configurations/FeatureDefines.xcconfig:
49428 2011-08-30 Oliver Hunt <oliver@apple.com>
49430 TypedArrays don't ensure that denormalised values are normalised
49431 https://bugs.webkit.org/show_bug.cgi?id=67178
49433 Reviewed by Gavin Barraclough.
49435 Add a couple of assertions to jsNumber() to ensure that
49436 we block signaling NaNs
49438 * runtime/JSValue.h:
49439 (JSC::jsDoubleNumber):
49442 2011-08-30 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
49444 [Qt] Do not unconditionally use pkg-config in .pro files
49445 https://bugs.webkit.org/show_bug.cgi?id=67055
49447 Reviewed by Andreas Kling.
49449 Original patch from Rohan McGovern <rohan.mcgovern@nokia.com>
49451 Using the first pkg-config in PATH is prone to errors when cross
49452 compiling inside the Qt repository (using Qt's build-system).
49454 This patch protect calls for pkg-config with
49455 !contains(QT_CONFIG, no-pkg-config). no-pkg-config is added to
49456 QT_CONFIG by Qt's 'configure' when cross-compiling on systems
49457 without pkg-config.
49459 The respective change in Qt's configure has been submited already.
49461 No new tests as this is just a build change.
49463 * wtf/wtf.pri: protect pkg-config calls
49465 2011-08-29 Daniel Bates <dbates@webkit.org>
49467 Add HAVE(VASPRINTF) macro to test for vasprintf() support
49468 https://bugs.webkit.org/show_bug.cgi?id=67156
49470 Reviewed by Darin Adler.
49472 Encapsulate testing of vasprintf() support in a HAVE macro
49473 instead of hardcoding the list of supported/unsupported
49474 compilers at the call site.
49478 2011-08-29 Mark Hahnenberg <mhahnenberg@apple.com>
49480 Unzip initialization lists and constructors in JSCell hierarchy (3/7)
49481 https://bugs.webkit.org/show_bug.cgi?id=67064
49483 Reviewed by Darin Adler.
49485 Completed the third level of the refactoring to add finishCreation()
49486 methods to all classes within the JSCell hierarchy with non-trivial
49487 constructor bodies.
49489 This primarily consists of pushing the calls to finishCreation() down
49490 into the constructors of the subclasses of the second level of the hierarchy
49491 as well as pulling the finishCreation() calls out into the class's corresponding
49492 create() method if it has one. Doing both simultaneously allows us to
49493 maintain the invariant that the finishCreation() method chain is called exactly
49494 once during the creation of an object, since calling it any other number of
49495 times (0, 2, or more) will cause an assertion failure.
49497 * debugger/DebuggerActivation.cpp:
49498 (JSC::DebuggerActivation::DebuggerActivation):
49499 (JSC::DebuggerActivation::finishCreation):
49500 * debugger/DebuggerActivation.h:
49501 (JSC::DebuggerActivation::create):
49502 * runtime/Arguments.h:
49503 (JSC::Arguments::create):
49504 (JSC::Arguments::createNoParameters):
49505 (JSC::Arguments::Arguments):
49506 (JSC::Arguments::finishCreation):
49507 * runtime/ErrorInstance.cpp:
49508 (JSC::ErrorInstance::ErrorInstance):
49509 * runtime/ErrorInstance.h:
49510 (JSC::ErrorInstance::finishCreation):
49511 * runtime/ExceptionHelpers.cpp:
49512 (JSC::InterruptedExecutionError::InterruptedExecutionError):
49513 (JSC::TerminatedExecutionError::TerminatedExecutionError):
49514 * runtime/Executable.cpp:
49515 (JSC::EvalExecutable::EvalExecutable):
49516 (JSC::ProgramExecutable::ProgramExecutable):
49517 (JSC::FunctionExecutable::FunctionExecutable):
49518 Moved the assignment of m_firstLine and m_lastLine into the
49519 FunctionExecutable::finishCreation() method in Executable.h
49520 * runtime/Executable.h:
49521 (JSC::ScriptExecutable::ScriptExecutable):
49522 (JSC::EvalExecutable::create):
49523 (JSC::ProgramExecutable::create):
49524 (JSC::FunctionExecutable::create):
49525 (JSC::FunctionExecutable::finishCreation):
49526 * runtime/JSArray.cpp:
49527 (JSC::JSArray::JSArray):
49528 (JSC::JSArray::finishCreation):
49529 * runtime/JSArray.h:
49530 * runtime/JSByteArray.cpp:
49531 (JSC::JSByteArray::JSByteArray):
49532 * runtime/JSByteArray.h:
49533 (JSC::JSByteArray::finishCreation):
49534 * runtime/JSNotAnObject.h:
49535 (JSC::JSNotAnObject::JSNotAnObject):
49536 * runtime/JSObject.h:
49537 (JSC::JSNonFinalObject::JSNonFinalObject):
49538 * runtime/JSObjectWithGlobalObject.cpp:
49539 (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
49540 (JSC::JSObjectWithGlobalObject::finishCreation):
49541 * runtime/JSObjectWithGlobalObject.h:
49542 * runtime/JSVariableObject.h:
49543 (JSC::JSVariableObject::JSVariableObject):
49544 (JSC::JSVariableObject::finishCreation):
49545 * runtime/JSWrapperObject.h:
49546 (JSC::JSWrapperObject::JSWrapperObject):
49547 * runtime/ObjectPrototype.cpp:
49548 (JSC::ObjectPrototype::ObjectPrototype):
49549 (JSC::ObjectPrototype::finishCreation):
49550 * runtime/ObjectPrototype.h:
49551 * runtime/StrictEvalActivation.cpp:
49552 (JSC::StrictEvalActivation::StrictEvalActivation):
49554 2011-08-29 Andreas Kling <kling@webkit.org>
49556 Unreviewed build fix after r93990.
49560 2011-08-29 Andreas Kling <kling@webkit.org>
49562 Viewing a post on reddit.com wastes a lot of memory on event listeners.
49563 https://bugs.webkit.org/show_bug.cgi?id=67133
49565 Reviewed by Darin Adler.
49567 Add a minimum table size to the HashTraits, instead of having it hard coded.
49568 The default value remains at 64, but can now be specialized.
49570 * runtime/StructureTransitionTable.h:
49572 (WTF::HashTable::shouldShrink):
49574 (WTF::::checkTableConsistencyExceptSize):
49575 * wtf/HashTraits.h:
49577 2011-08-28 Jonathan Liu <net147@gmail.com>
49579 Fix build error when compiling with MinGW-w64 by disabling JIT
49581 https://bugs.webkit.org/show_bug.cgi?id=61235
49583 Reviewed by Gavin Barraclough.
49585 The fixed mmap executable allocator for JIT on x86_64 requires
49586 sys/mman.h which is not available on Windows.
49590 2011-08-27 Filip Pizlo <fpizlo@apple.com>
49592 JSC::Executable is inconsistent about using weak handle finalizers
49593 and destructors for releasing memory
49594 https://bugs.webkit.org/show_bug.cgi?id=67072
49596 Reviewed by Darin Adler.
49598 Moved more of the destruction of Executable state into the finalizer,
49599 which also resulted in an opportunity to mostly combine this with
49600 discardCode(). This also means that the finalizer is now enabled even
49601 when the JIT is turned off. This is performance neutral on SunSpider,
49604 * runtime/Executable.cpp:
49605 (JSC::ExecutableBase::clearCode):
49606 (JSC::ExecutableFinalizer::finalize):
49607 (JSC::EvalExecutable::clearCode):
49608 (JSC::ProgramExecutable::clearCode):
49609 (JSC::FunctionExecutable::discardCode):
49610 (JSC::FunctionExecutable::clearCode):
49611 * runtime/Executable.h:
49612 (JSC::ExecutableBase::finishCreation):
49614 2011-08-26 Gavin Barraclough <barraclough@apple.com>
49616 DFG JIT - ArithMod may clobber operands.
49617 https://bugs.webkit.org/show_bug.cgi?id=67085
49619 Reviewed by Sam Weinig.
49621 unboxDouble must be called on a temporary.
49623 * dfg/DFGJITCodeGenerator.cpp:
49624 (JSC::DFG::JITCodeGenerator::fillDouble):
49625 * dfg/DFGJITCodeGenerator.h:
49626 (JSC::DFG::JITCodeGenerator::boxDouble):
49627 * dfg/DFGNonSpeculativeJIT.cpp:
49628 (JSC::DFG::NonSpeculativeJIT::compile):
49629 * dfg/DFGSpeculativeJIT.cpp:
49630 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
49632 2011-08-26 Mark Hahnenberg <mhahnenberg@apple.com>
49634 Unzip initialization lists and constructors in JSCell hierarchy (2/7)
49635 https://bugs.webkit.org/show_bug.cgi?id=66957
49637 Reviewed by Darin Adler.
49639 Completed the second level of the refactoring to add finishCreation()
49640 methods to all classes within the JSCell hierarchy with non-trivial
49641 constructor bodies.
49643 * runtime/Executable.h:
49644 (JSC::ExecutableBase::ExecutableBase):
49645 (JSC::ExecutableBase::create):
49646 (JSC::NativeExecutable::create):
49647 (JSC::NativeExecutable::finishCreation):
49648 (JSC::NativeExecutable::NativeExecutable):
49649 (JSC::ScriptExecutable::ScriptExecutable):
49650 (JSC::ScriptExecutable::finishCreation):
49651 * runtime/GetterSetter.h:
49652 (JSC::GetterSetter::GetterSetter):
49653 (JSC::GetterSetter::create):
49654 * runtime/JSAPIValueWrapper.h:
49655 (JSC::JSAPIValueWrapper::create):
49656 (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
49657 * runtime/JSObject.h:
49658 (JSC::JSNonFinalObject::JSNonFinalObject):
49659 (JSC::JSNonFinalObject::finishCreation):
49660 (JSC::JSFinalObject::create):
49661 (JSC::JSFinalObject::finishCreation):
49662 (JSC::JSFinalObject::JSFinalObject):
49663 (JSC::JSObject::JSObject):
49664 * runtime/JSPropertyNameIterator.cpp:
49665 (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
49666 (JSC::JSPropertyNameIterator::create):
49667 * runtime/JSPropertyNameIterator.h:
49668 (JSC::JSPropertyNameIterator::create):
49669 * runtime/RegExp.cpp:
49670 (JSC::RegExp::RegExp):
49671 (JSC::RegExp::createWithoutCaching):
49672 * runtime/ScopeChain.h:
49673 (JSC::ScopeChainNode::ScopeChainNode):
49674 (JSC::ScopeChainNode::create):
49675 * runtime/Structure.cpp:
49676 (JSC::Structure::Structure):
49677 * runtime/Structure.h:
49678 (JSC::Structure::create):
49679 (JSC::Structure::finishCreation):
49680 (JSC::Structure::createStructure):
49681 * runtime/StructureChain.cpp:
49682 (JSC::StructureChain::StructureChain):
49683 * runtime/StructureChain.h:
49684 (JSC::StructureChain::create):
49686 2011-08-26 Filip Pizlo <fpizlo@apple.com>
49688 The GC does not have a facility for profiling the kinds of objects
49689 that occupy the heap
49690 https://bugs.webkit.org/show_bug.cgi?id=66849
49692 Reviewed by Geoffrey Garen.
49694 Destructor calls and object scans are now optionally counted, per
49695 vtable. When the heap is destroyed and profiling is enabled, the
49696 counts are dumped, with care taken to print the names of classes
49697 (modulo C++ mangling) sorted in descending commonality.
49699 * GNUmakefile.list.am:
49700 * JavaScriptCore.exp:
49701 * JavaScriptCore.pro:
49702 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
49703 * JavaScriptCore.xcodeproj/project.pbxproj:
49705 (JSC::Heap::destroy):
49707 * heap/MarkStack.cpp:
49708 (JSC::SlotVisitor::visitChildren):
49709 (JSC::SlotVisitor::drain):
49710 * heap/MarkStack.h:
49711 * heap/MarkedBlock.cpp:
49712 (JSC::MarkedBlock::callDestructor):
49713 * heap/MarkedBlock.h:
49714 * heap/VTableSpectrum.cpp: Added.
49715 (JSC::VTableSpectrum::VTableSpectrum):
49716 (JSC::VTableSpectrum::~VTableSpectrum):
49717 (JSC::VTableSpectrum::countVPtr):
49718 (JSC::VTableSpectrum::count):
49719 (JSC::VTableAndCount::VTableAndCount):
49720 (JSC::VTableAndCount::operator<):
49721 (JSC::VTableSpectrum::dump):
49722 * heap/VTableSpectrum.h: Added.
49725 2011-08-26 Juan C. Montemayor <jmont@apple.com>
49727 Update topCallFrame when calling host functions in the JIT
49728 https://bugs.webkit.org/show_bug.cgi?id=67010
49730 Reviewed by Oliver Hunt.
49732 The topCallFrame is not being updated when a host function is
49733 called by the JIT. This causes problems when trying to create a
49734 stack trace (https://bugs.webkit.org/show_bug.cgi?id=66994).
49736 * jit/JITOpcodes.cpp:
49737 (JSC::JIT::privateCompileCTIMachineTrampolines):
49738 (JSC::JIT::privateCompileCTINativeCall):
49740 2011-08-26 Alexey Proskuryakov <ap@apple.com>
49742 Get rid of frame life support timer
49743 https://bugs.webkit.org/show_bug.cgi?id=66874
49745 Reviewed by Geoff Garen.
49747 * runtime/JSGlobalObject.h:
49748 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
49749 globalExec() no longer needs to be virtual, its only override was in JSDOMWindowBase.
49751 2011-08-26 Chao-ying Fu <fu@mips.com>
49753 Fix MIPS patchOffsetGetByIdSlowCaseCall
49754 https://bugs.webkit.org/show_bug.cgi?id=67046
49756 Reviewed by Gavin Barraclough.
49760 2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
49762 Fixing broken build due to unused variables in release mode
49763 https://bugs.webkit.org/show_bug.cgi?id=67004
49765 Unreviewed, release build fix.
49767 Fixing broken build due to unused variables in ASSERTs in release build.
49769 * runtime/JSObject.h:
49770 (JSC::JSObject::finishCreation):
49771 * runtime/JSString.h:
49772 (JSC::RopeBuilder::finishCreation):
49773 * runtime/ScopeChain.h:
49774 (JSC::ScopeChainNode::finishCreation):
49776 2011-08-25 Mark Hahnenberg <mhahnenberg@apple.com>
49778 Unzip initialization lists and constructors in JSCell hierarchy (1/7)
49779 https://bugs.webkit.org/show_bug.cgi?id=66827
49781 Reviewed by Geoffrey Garen.
49783 Added finishCreation() methods to all immediately subclasses of JSCell with
49784 non-empty constructors. Part of a larger refactoring to "unzip" initialization
49785 lists and constructor bodies. Also renamed JSCell's constructorBody() method
49786 to finishCreation().
49788 * runtime/Executable.h:
49789 (JSC::ExecutableBase::ExecutableBase):
49790 (JSC::ExecutableBase::constructorBody):
49791 * runtime/GetterSetter.h:
49792 (JSC::GetterSetter::GetterSetter):
49793 * runtime/JSAPIValueWrapper.h:
49794 (JSC::JSAPIValueWrapper::constructorBody):
49795 (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
49796 * runtime/JSCell.h:
49797 (JSC::JSCell::JSCell::JSCell):
49798 (JSC::JSCell::JSCell::constructorBody):
49799 * runtime/JSObject.h:
49800 (JSC::JSObject::constructorBody):
49801 (JSC::JSObject::JSObject):
49802 * runtime/JSPropertyNameIterator.h:
49803 (JSC::JSPropertyNameIterator::constructorBody):
49804 * runtime/JSString.h:
49805 (JSC::RopeBuilder::JSString):
49806 (JSC::RopeBuilder::constructorBody):
49807 * runtime/RegExp.cpp:
49808 (JSC::RegExp::RegExp):
49809 (JSC::RegExp::constructorBody):
49810 * runtime/RegExp.h:
49811 * runtime/ScopeChain.h:
49812 (JSC::ScopeChainNode::ScopeChainNode):
49813 (JSC::ScopeChainNode::constructorBody):
49814 * runtime/Structure.cpp:
49815 (JSC::Structure::Structure):
49816 * runtime/StructureChain.cpp:
49817 (JSC::StructureChain::StructureChain):
49818 * runtime/StructureChain.h:
49819 (JSC::StructureChain::create):
49820 (JSC::StructureChain::constructorBody):
49822 2011-08-25 Gabor Loki <loki@webkit.org>
49824 REGRESSION(r93755): It made 14 jsc test and ~500 layout test fail on Qt-ARM bot
49825 https://bugs.webkit.org/show_bug.cgi?id=66956
49827 Rebaseline constants for patching GetByIdSlowCaseCall on ARM.
49829 Reviewed by Oliver Hunt.
49833 2011-08-24 Juan C. Montemayor <jmont@apple.com>
49835 Keep track of topCallFrame for Stack traces
49836 https://bugs.webkit.org/show_bug.cgi?id=66571
49838 Reviewed by Geoffrey Garen.
49840 This patch adds a TopCallFrame to JSC in order to have that information
49841 when an error is thrown to create a stack trace. The TopCallFrame is
49842 updated throughout select points in the Interpreter and the JSC.
49844 * interpreter/Interpreter.cpp:
49845 (JSC::Interpreter::unwindCallFrame):
49846 (JSC::Interpreter::throwException):
49847 (JSC::Interpreter::execute):
49848 (JSC::Interpreter::executeCall):
49849 (JSC::Interpreter::executeConstruct):
49850 (JSC::Interpreter::privateExecute):
49851 * interpreter/Interpreter.h:
49852 (JSC::TopCallFrameSetter::TopCallFrameSetter):
49853 (JSC::TopCallFrameSetter::~TopCallFrameSetter):
49855 * jit/JITInlineMethods.h:
49856 (JSC::JIT::updateTopCallFrame):
49857 * jit/JITStubCall.h:
49858 (JSC::JITStubCall::call):
49859 * jit/JITStubs.cpp:
49860 (JSC::throwExceptionFromOpCall):
49861 (JSC::DEFINE_STUB_FUNCTION):
49862 (JSC::arityCheckFor):
49863 * runtime/JSGlobalData.cpp:
49864 (JSC::JSGlobalData::JSGlobalData):
49865 * runtime/JSGlobalData.h:
49867 2011-08-24 Filip Pizlo <fpizlo@apple.com>
49869 ErrorInstance::create sometimes has two heap object constructions
49871 https://bugs.webkit.org/show_bug.cgi?id=66845
49873 Reviewed by Darin Adler.
49875 The fix is simple since there is already a second create() method
49876 that takes a UString.
49878 * runtime/ErrorInstance.cpp:
49879 (JSC::ErrorInstance::create):
49881 2011-08-24 Filip Pizlo <fpizlo@apple.com>
49883 There is no facility for profiling how the write barrier is used
49884 https://bugs.webkit.org/show_bug.cgi?id=66747
49886 Reviewed by Geoffrey Garen.
49888 Added facilities for the JIT to specify the kind of write barrier
49889 being executed. Added code for profiling the number of each kind
49890 of barrier encountered.
49892 * GNUmakefile.list.am:
49893 * JavaScriptCore.exp:
49894 * JavaScriptCore.pro:
49895 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
49896 * JavaScriptCore.xcodeproj/project.pbxproj:
49897 * dfg/DFGJITCodeGenerator.cpp:
49898 (JSC::DFG::JITCodeGenerator::writeBarrier):
49899 (JSC::DFG::JITCodeGenerator::cachedPutById):
49900 * dfg/DFGJITCodeGenerator.h:
49901 * dfg/DFGJITCompiler.cpp:
49902 (JSC::DFG::JITCompiler::emitCount):
49903 * dfg/DFGJITCompiler.h:
49904 (JSC::DFG::JITCompiler::emitCount):
49905 * dfg/DFGNonSpeculativeJIT.cpp:
49906 (JSC::DFG::NonSpeculativeJIT::compile):
49907 * dfg/DFGRepatch.cpp:
49908 (JSC::DFG::tryCachePutByID):
49909 * dfg/DFGSpeculativeJIT.cpp:
49910 (JSC::DFG::SpeculativeJIT::compile):
49912 (JSC::Heap::writeBarrier):
49913 * heap/WriteBarrierSupport.cpp: Added.
49914 (JSC::WriteBarrierCounters::initialize):
49915 * heap/WriteBarrierSupport.h: Added.
49916 (JSC::WriteBarrierCounters::WriteBarrierCounters):
49917 (JSC::WriteBarrierCounters::jitCounterFor):
49918 (JSC::WriteBarrierCounters::countWriteBarrier):
49920 * jit/JITPropertyAccess.cpp:
49921 (JSC::JIT::emit_op_put_by_id):
49922 (JSC::JIT::privateCompilePutByIdTransition):
49923 (JSC::JIT::emit_op_put_scoped_var):
49924 (JSC::JIT::emit_op_put_global_var):
49925 (JSC::JIT::emitWriteBarrier):
49926 * jit/JITPropertyAccess32_64.cpp:
49927 (JSC::JIT::emit_op_put_by_val):
49928 (JSC::JIT::emit_op_put_by_id):
49929 (JSC::JIT::privateCompilePutByIdTransition):
49930 (JSC::JIT::emit_op_put_scoped_var):
49931 (JSC::JIT::emit_op_put_global_var):
49932 (JSC::JIT::emitWriteBarrier):
49933 * runtime/InitializeThreading.cpp:
49934 (JSC::initializeThreadingOnce):
49935 * runtime/WriteBarrier.h:
49936 (JSC::WriteBarrierBase::setWithoutWriteBarrier):
49938 2011-08-23 Mark Hahnenberg <mhahnenberg@apple.com>
49940 Add checks to ensure allocation does not take place during initialization of GC-managed objects
49941 https://bugs.webkit.org/show_bug.cgi?id=65288
49943 Reviewed by Darin Adler.
49945 Adding the new validation functionality. In its current state, it will performs checks,
49946 but they don't fail unless you do allocation in the arguments to the parent constructor in the
49947 initialization list of a class. The allocateCell() method turns on the global flag disallowing any new
49948 allocations, and the constructorBody() method in JSCell turns it off. This way, allocation is still
49949 allowed in constructor bodies while other refactoring efforts continue.
49951 * runtime/JSCell.h:
49952 (JSC::JSCell::JSCell::constructorBody):
49953 (JSC::JSCell::JSCell::JSCell):
49954 (JSC::JSCell::allocateCell):
49955 * runtime/JSGlobalData.cpp:
49956 (JSC::JSGlobalData::JSGlobalData):
49957 * runtime/JSGlobalData.h:
49958 (JSC::JSGlobalData::isInitializingObject):
49959 (JSC::JSGlobalData::setInitializingObject):
49960 * runtime/StringObjectThatMasqueradesAsUndefined.h:
49961 (JSC::StringObjectThatMasqueradesAsUndefined::create):
49963 2011-08-23 Gavin Barraclough <barraclough@apple.com>
49965 https://bugs.webkit.org/show_bug.cgi?id=55347
49966 "name" and "message" enumerable on *Error.prototype
49968 Reviewed by Sam Weinig.
49970 The default value of a NativeErrorPrototype's message
49971 property is "", not the name of the error.
49973 * runtime/NativeErrorConstructor.cpp:
49974 (JSC::NativeErrorConstructor::NativeErrorConstructor):
49975 * runtime/NativeErrorConstructor.h:
49976 (JSC::NativeErrorConstructor::create):
49977 (JSC::NativeErrorConstructor::constructorBody):
49978 * runtime/NativeErrorPrototype.cpp:
49979 (JSC::NativeErrorPrototype::NativeErrorPrototype):
49980 (JSC::NativeErrorPrototype::constructorBody):
49981 * runtime/NativeErrorPrototype.h:
49982 (JSC::NativeErrorPrototype::create):
49983 * runtime/StringPrototype.cpp:
49984 (JSC::StringPrototype::StringPrototype):
49985 * runtime/StringPrototype.h:
49986 (JSC::StringPrototype::create):
49988 2011-08-23 Steve Block <steveblock@google.com>
49990 Remove last occurrences of PLATFORM(ANDROID)
49991 https://bugs.webkit.org/show_bug.cgi?id=66763
49993 Reviewed by Tony Gentilcore.
49997 2011-08-23 Steve Block <steveblock@google.com>
49999 Remove all mention of removed Android files from build scripts
50000 https://bugs.webkit.org/show_bug.cgi?id=66755
50002 Reviewed by Tony Gentilcore.
50004 * JavaScriptCore.gyp/JavaScriptCore.gyp:
50005 * JavaScriptCore.gypi:
50006 * gyp/JavaScriptCore.gyp:
50008 2011-08-23 Adam Barth <abarth@webkit.org>
50010 Remove WebCore/editing/android and other Android-specific directories
50011 https://bugs.webkit.org/show_bug.cgi?id=66739
50013 Reviewed by Steve Block.
50015 Now that Android shares more code with Chromium, we don't need these
50016 Android-specific files.
50018 * wtf/android: Removed.
50019 * wtf/android/AndroidThreading.h: Removed.
50020 * wtf/android/MainThreadAndroid.cpp: Removed.
50022 2011-08-23 Ilya Tikhonovsky <loislo@chromium.org>
50024 Unreviewed build fix for compile error on Windows for r93560.
50026 * runtime/SamplingCounter.h:
50028 2011-08-22 Filip Pizlo <fpizlo@apple.com>
50030 Sampling counter support is in the bytecode directory
50031 https://bugs.webkit.org/show_bug.cgi?id=66724
50033 Reviewed by Darin Adler.
50035 Moved SamplingCounter to a separate header in runtime/.
50037 * GNUmakefile.list.am:
50038 * JavaScriptCore.pro:
50039 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
50040 * JavaScriptCore.xcodeproj/project.pbxproj:
50041 * bytecode/SamplingTool.cpp:
50042 * bytecode/SamplingTool.h:
50043 * runtime/SamplingCounter.cpp: Added.
50044 (JSC::AbstractSamplingCounter::dump):
50045 * runtime/SamplingCounter.h: Added.
50046 (JSC::AbstractSamplingCounter::count):
50047 (JSC::AbstractSamplingCounter::addressOfCounter):
50048 (JSC::AbstractSamplingCounter::init):
50049 (JSC::SamplingCounter::SamplingCounter):
50050 (JSC::GlobalSamplingCounter::name):
50051 (JSC::DeletableSamplingCounter::DeletableSamplingCounter):
50052 (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
50054 2011-08-21 Martin Robinson <mrobinson@igalia.com>
50056 Fix 'make dist' for WebKitGTK+.
50058 * GNUmakefile.list.am: Add a missing header to the sources list.
50060 2011-08-20 Filip Pizlo <fpizlo@apple.com>
50062 JavaScriptCore bytecompiler does not compute scope depth correctly
50063 in the case of constant declarations
50064 https://bugs.webkit.org/show_bug.cgi?id=66572
50066 Reviewed by Oliver Hunt.
50068 Changed the handling of const to add the dynamic scope depth.
50070 * bytecompiler/NodesCodegen.cpp:
50071 (JSC::ConstDeclNode::emitCodeSingle):
50073 2011-08-19 Daniel Bates <dbates@webkit.org>
50075 Only #include <signal.h> and require SA_RESTART when building with JSC_MULTIPLE_THREADS
50076 https://bugs.webkit.org/show_bug.cgi?id=66617
50078 Both <signal.h> and SA_RESTART usage are guarded behind ENABLE(JSC_MULTIPLE_THREADS).
50079 But we cause a compile error if the platform doesn't support SA_RESTART regardless of
50080 whether JSC_MULTIPLE_THREADS is enabled for the port. Instead, we shouldn't require
50081 SA_RESTART support unless we are building with JSC_MULTIPLE_THREADS enabled.
50083 Reviewed by Antonio Gomes.
50085 * heap/MachineStackMarker.cpp:
50087 2011-08-19 Filip Pizlo <fpizlo@apple.com>
50089 The JSC JIT currently has no facility to profile and report
50090 the types of values
50091 https://bugs.webkit.org/show_bug.cgi?id=65901
50093 Reviewed by Gavin Barraclough.
50095 Added the ability to profile the values seen at function calls (both
50096 arguments and results) and heap loads. This is done with emphasis
50097 on performance. A value profiling site consists of: add, and,
50098 move, and store; no branching is necessary. Each value profiling
50099 site (called a ValueProfile) has a ring buffer of 8 recently-seen
50100 values. ValueProfiles are stored in the CodeBlock; there will be
50101 one for each argument (excluding this) and each heap load or callsite.
50102 Each time a value profiling site executes, it stores the value into
50103 a pseudo-random element in the ValueProfile buffer. The point is
50104 that for frequently executed code, we will have 8 somewhat recent
50105 values in the buffer and will be able to not only figure out what
50106 type it is, but also to be able to reason about the actual values
50107 if we wish to do so.
50109 This feature is currently disabled by default. When enabled, it
50110 results in a 3.7% slow-down on SunSpider.
50112 * JavaScriptCore.xcodeproj/project.pbxproj:
50113 * bytecode/CodeBlock.cpp:
50114 (JSC::CodeBlock::~CodeBlock):
50115 * bytecode/CodeBlock.h:
50116 (JSC::CodeBlock::addValueProfile):
50117 (JSC::CodeBlock::numberOfValueProfiles):
50118 (JSC::CodeBlock::valueProfile):
50119 (JSC::CodeBlock::valueProfileForBytecodeOffset):
50120 * bytecode/ValueProfile.h: Added.
50121 (JSC::ValueProfile::ValueProfile):
50122 (JSC::ValueProfile::numberOfSamples):
50123 (JSC::ValueProfile::computeProbability):
50124 (JSC::ValueProfile::numberOfInt32s):
50125 (JSC::ValueProfile::numberOfDoubles):
50126 (JSC::ValueProfile::numberOfCells):
50127 (JSC::ValueProfile::probabilityOfInt32):
50128 (JSC::ValueProfile::probabilityOfDouble):
50129 (JSC::ValueProfile::probabilityOfCell):
50130 (JSC::getValueProfileBytecodeOffset):
50132 (JSC::JIT::privateCompileSlowCases):
50133 (JSC::JIT::privateCompile):
50135 (JSC::JIT::emitValueProfilingSite):
50137 (JSC::JIT::emit_op_call_put_result):
50138 * jit/JITInlineMethods.h:
50139 (JSC::JIT::emitValueProfilingSite):
50140 * jit/JITPropertyAccess.cpp:
50141 (JSC::JIT::emit_op_get_by_val):
50142 (JSC::JIT::emitSlow_op_get_by_val):
50143 (JSC::JIT::emit_op_method_check):
50144 (JSC::JIT::emit_op_get_by_id):
50145 (JSC::JIT::emitSlow_op_get_by_id):
50146 * jit/JSInterfaceJIT.h:
50148 * wtf/StdLibExtras.h:
50149 (WTF::binarySearch):
50150 (WTF::genericBinarySearch):
50152 2011-08-19 Daniel Bates <dbates@webkit.org>
50154 Don't include DisallowCType.h when building on QNX
50155 https://bugs.webkit.org/show_bug.cgi?id=66616
50157 Reviewed by Antonio Gomes.
50161 2011-08-19 Daniel Bates <dbates@webkit.org>
50163 Implement ExecutableAllocator::cacheFlush() for QNX
50164 https://bugs.webkit.org/show_bug.cgi?id=66611
50166 Reviewed by Antonio Gomes.
50168 * jit/ExecutableAllocator.h:
50169 (JSC::ExecutableAllocator::cacheFlush):
50171 2011-08-19 Daniel Bates <dbates@webkit.org>
50173 Implement WTF::atomic{Increment, Decrement}() for QNX
50174 https://bugs.webkit.org/show_bug.cgi?id=66605
50176 Reviewed by Darin Adler.
50179 (WTF::atomicIncrement):
50180 (WTF::atomicDecrement):
50182 2011-08-19 Beth Dakin <bdakin@apple.com>
50184 https://bugs.webkit.org/show_bug.cgi?id=66590
50185 Re-name scrollbar painter types
50187 Reviewed by Sam Weinig.
50189 WTF_USE_WK_SCROLLBAR_PAINTER is now WTF_USE_SCROLLBAR_PAINTER since WK no longer
50193 2011-08-18 Mark Hahnenberg <mhahnenberg@apple.com>
50195 Move allocation in constructors into separate constructorBody() methods
50196 https://bugs.webkit.org/show_bug.cgi?id=66265
50198 Reviewed by Oliver Hunt.
50200 Refactoring to put all allocations that need to be done after the object's
50201 initialization list has executed but before the object is ready for use
50202 into a separate constructorBody() method. This method is still called by the constructor,
50203 so the patch doesn't resolve any potential issues, it's just to set up the code for further refactoring.
50205 * JavaScriptCore.exp:
50206 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
50208 (GlobalObject::constructorBody):
50209 (GlobalObject::GlobalObject):
50210 * runtime/ErrorInstance.cpp:
50211 (JSC::ErrorInstance::ErrorInstance):
50212 * runtime/ErrorInstance.h:
50213 (JSC::ErrorInstance::constructorBody):
50214 * runtime/ErrorPrototype.cpp:
50215 (JSC::ErrorPrototype::ErrorPrototype):
50216 (JSC::ErrorPrototype::constructorBody):
50217 * runtime/ErrorPrototype.h:
50218 * runtime/Executable.cpp:
50219 (JSC::FunctionExecutable::FunctionExecutable):
50220 * runtime/Executable.h:
50221 (JSC::FunctionExecutable::constructorBody):
50222 * runtime/InternalFunction.cpp:
50223 (JSC::InternalFunction::InternalFunction):
50224 * runtime/InternalFunction.h:
50225 (JSC::InternalFunction::constructorBody):
50226 * runtime/JSByteArray.cpp:
50227 (JSC::JSByteArray::JSByteArray):
50228 * runtime/JSByteArray.h:
50229 (JSC::JSByteArray::constructorBody):
50230 * runtime/JSFunction.cpp:
50231 (JSC::JSFunction::JSFunction):
50232 (JSC::JSFunction::constructorBody):
50233 * runtime/JSFunction.h:
50234 * runtime/JSGlobalObject.h:
50235 (JSC::JSGlobalObject::JSGlobalObject):
50236 (JSC::JSGlobalObject::constructorBody):
50237 * runtime/JSPropertyNameIterator.cpp:
50238 (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
50239 * runtime/JSPropertyNameIterator.h:
50240 (JSC::JSPropertyNameIterator::constructorBody):
50241 * runtime/JSString.h:
50242 (JSC::RopeBuilder::JSString):
50243 (JSC::RopeBuilder::constructorBody):
50244 * runtime/NativeErrorConstructor.cpp:
50245 (JSC::NativeErrorConstructor::NativeErrorConstructor):
50246 * runtime/NativeErrorConstructor.h:
50247 (JSC::NativeErrorConstructor::constructorBody):
50248 * runtime/NativeErrorPrototype.cpp:
50249 (JSC::NativeErrorPrototype::NativeErrorPrototype):
50250 (JSC::NativeErrorPrototype::constructorBody):
50251 * runtime/NativeErrorPrototype.h:
50252 * runtime/StringObject.cpp:
50253 * runtime/StringObject.h:
50254 (JSC::StringObject::create):
50255 * runtime/StringObjectThatMasqueradesAsUndefined.h:
50256 (JSC::StringObjectThatMasqueradesAsUndefined::create):
50257 (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
50258 * runtime/StringPrototype.cpp:
50259 (JSC::StringPrototype::StringPrototype):
50260 * runtime/StringPrototype.h:
50261 (JSC::StringPrototype::create):
50263 2011-08-10 Filip Pizlo <fpizlo@apple.com>
50265 DFG non-speculative JIT does not inline the double case of ValueAdd
50266 https://bugs.webkit.org/show_bug.cgi?id=66025
50268 Reviewed by Gavin Barraclough.
50270 This is a 1.3% win on Kraken overall, with >=8% speed-ups on a few
50271 benchmarks (imaging-darkroom, stanford-crypto-pbkdf2,
50272 stanford-crypto-sha256-iterative). It looks like it might have
50273 a speed-up in SunSpider (though not statistically significant or
50274 particularly reproducible) and a slight slow-down in V8 (0.14%,
50275 not statistically significant). It does slow down v8-crypto by
50278 * dfg/DFGJITCodeGenerator.cpp:
50279 (JSC::DFG::JITCodeGenerator::isKnownInteger):
50280 (JSC::DFG::JITCodeGenerator::isKnownNumeric):
50281 * dfg/DFGNonSpeculativeJIT.cpp:
50282 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
50283 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
50284 * dfg/DFGOperations.cpp:
50286 2011-08-18 Filip Pizlo <fpizlo@apple.com>
50288 [jsfunfuzz] DFG speculative JIT does divide-by-zero checks incorrectly
50289 https://bugs.webkit.org/show_bug.cgi?id=66426
50291 Reviewed by Oliver Hunt.
50293 Changed the branchTestPtr to branchTest32.
50295 * dfg/DFGSpeculativeJIT.cpp:
50296 (JSC::DFG::SpeculativeJIT::compile):
50298 2011-08-17 Thouraya ANDOLSI <thouraya.andolsi@st.com>
50300 https://bugs.webkit.org/show_bug.cgi?id=66379
50301 implements load32WithCompactAddressOffsetPatch function
50302 and fixes store32 and moveWithPatch functions for SH4 platforms.
50304 Reviewed by Gavin Barraclough.
50306 * assembler/MacroAssemblerSH4.h:
50307 (JSC::MacroAssemblerSH4::rshift32):
50308 (JSC::MacroAssemblerSH4::store32):
50309 (JSC::MacroAssemblerSH4::load32WithCompactAddressOffsetPatch):
50310 (JSC::MacroAssemblerSH4::moveWithPatch):
50311 * assembler/SH4Assembler.h:
50312 (JSC::SH4Assembler::movlMemRegCompact):
50313 (JSC::SH4Assembler::readPointer):
50314 (JSC::SH4Assembler::repatchCompact):
50317 2011-08-17 Filip Pizlo <fpizlo@apple.com>
50319 JSC verbose debugging output sometimes doesn't work as expected.
50320 https://bugs.webkit.org/show_bug.cgi?id=66107
50322 Reviewed by Gavin Barraclough.
50324 Hardened the CodeBlock::dump() code so that it no longer crashes. Improved
50325 the DFG verbose code so that it prints slightly more useful information.
50327 * assembler/LinkBuffer.h:
50328 (JSC::LinkBuffer::debugSize):
50329 * bytecode/CodeBlock.cpp:
50330 (JSC::valueToSourceString):
50331 (JSC::CodeBlock::dump):
50332 * bytecode/CodeBlock.h:
50333 (JSC::CodeBlock::numberOfRegExps):
50334 * dfg/DFGJITCompiler.cpp:
50335 (JSC::DFG::JITCompiler::link):
50337 2011-08-16 Michael Saboff <msaboff@apple.com>
50339 Crash in Structure::visitChildren running iAd.js regression test suite under memory pressure
50340 https://bugs.webkit.org/show_bug.cgi?id=66351
50342 JIT::privateCompilePutByIdTransition expects that regT0 and regT1
50343 have the basePayload and baseTag respectively. In some cases,
50344 we may get to this generated code with one or both of these
50345 registers trash. One know case is that regT0 on ARM may be
50346 trashed as regT0 (r0) is also arg0 and can be overrun with sp due
50347 to calls to JIT::restoreReturnAddress(). This patch uses the
50348 values on the stack. A longer term solution is to work out all
50349 cases so that the register entry assumptions can assured.
50351 While fixing this, also determined that the additional stack offset
50352 of sizeof(void*) is not needed for ARM.
50354 Reviewed by Gavin Barraclough.
50356 * jit/JITPropertyAccess32_64.cpp:
50357 (JSC::JIT::privateCompilePutByIdTransition):
50359 2011-08-15 Gavin Barraclough <barraclough@apple.com>
50361 https://bugs.webkit.org/show_bug.cgi?id=66263
50362 DFG JIT does not always zero extend boolean result of DFG operations
50364 Reviewed by Sam Weinig.
50366 * dfg/DFGOperations.cpp:
50367 * dfg/DFGOperations.h:
50368 - Change bool return values to a 64-bit type.
50370 2011-08-15 Gavin Barraclough <barraclough@apple.com>
50372 Crash accessing static property on sealed object
50373 https://bugs.webkit.org/show_bug.cgi?id=66242
50375 Reviewed by Sam Weinig.
50377 * runtime/JSObject.h:
50378 (JSC::JSObject::putDirectInternal):
50379 - should only check isExtensible if checkReadOnly.
50381 2011-08-15 Sam Weinig <sam@webkit.org>
50383 Fix release build when building with Clang.
50385 Reviewed by Anders Carlsson.
50387 * runtime/Identifier.cpp:
50388 (JSC::Identifier::checkCurrentIdentifierTable):
50389 Add NO_RETURN_DUE_TO_CRASH.
50391 2011-08-15 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
50393 Reviewed by Nikolas Zimmermann.
50395 Speed up SVGSMILElement::findInstanceTime.
50396 https://bugs.webkit.org/show_bug.cgi?id=61025
50398 Add a new parameter to StdlibExtras.h::binarySerarch function
50399 to also handle cases when the array does not contain the key value.
50400 This is needed for an svg function.
50402 * wtf/StdLibExtras.h:
50403 (WTF::binarySearch):
50405 2011-08-13 Sam Weinig <sam@webkit.org>
50407 Add back 0xbbadbeef to CRASH to allow for old habits
50408 https://bugs.webkit.org/show_bug.cgi?id=66190
50410 Reviewed by David Kilzer.
50412 * wtf/Assertions.h:
50413 Add back the assignment to the memory address 0xbbadbeef in the CRASH
50414 macro, as it does not cause issue in the clang static analyzer and many
50415 people use its presence in crash reports to easily identify ASSERTs.
50417 2011-08-13 Sam Weinig <sam@webkit.org>
50419 Fix a bunch of minor bugs caught by the clang static analyzer in JavaScriptCore
50420 https://bugs.webkit.org/show_bug.cgi?id=66182
50422 Reviewed by Dan Bernstein.
50424 Fixes 10 warnings in JavaScriptCore and 2 in testapi.
50426 * API/tests/testapi.c:
50428 Remove dead variables.
50430 * dfg/DFGGraph.cpp:
50431 (JSC::DFG::Graph::dump):
50432 Initialize hasPrinted and silence an unused warning by casting to void (Ok here
50433 since it is debug code and I want to keep it clear that if other cases are added,
50434 the hasPrinted flag would be needed).
50438 The variable "de" in the else block is always zero, so there is no reason to
50441 2011-08-12 Sam Weinig <sam@webkit.org>
50443 Use __builtin_trap() for CRASH when building with clang
50444 https://bugs.webkit.org/show_bug.cgi?id=66152
50446 Reviewed by Anders Carlsson.
50448 * wtf/Assertions.h:
50449 Add Clang specific CRASH macro that calls __builtin_trap() instead
50450 of silly techniques to crash. This allows the static analyzer to understand
50451 that we are intentionally crashing. As a result, we need to mark some functions
50454 Also adds a macros that annotates a function as never returning due to ASSERT or CRASH.
50457 Add COMPILIER(CLANG) and fix some formatting and spelling mistakes.
50459 * wtf/FastMalloc.cpp:
50460 (WTF::Internal::fastMallocMatchFailed):
50461 Add NO_RETURN_DUE_TO_CRASH.
50463 * yarr/YarrParser.h:
50464 (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
50465 (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
50466 Add NO_RETURN_DUE_TO_ASSERT.
50468 2011-08-12 Filip Pizlo <fpizlo@apple.com>
50470 DFG JIT has inconsistent use of boxDouble and unboxDouble,
50471 inconsistent use of assertions regarding doubles, and those
50472 assertions are not turned on in debug builds
50473 https://bugs.webkit.org/show_bug.cgi?id=66160
50475 Reviewed by Gavin Barraclough.
50477 JIT assertions are now turned on in debug builds. JIT
50478 assertions are now used for boxing and unboxing doubles, and boxing
50479 and unboxing no longer involves code duplication.
50481 * dfg/DFGJITCodeGenerator.cpp:
50482 (JSC::DFG::JITCodeGenerator::fillDouble):
50483 * dfg/DFGJITCodeGenerator.h:
50484 (JSC::DFG::JITCodeGenerator::boxDouble):
50485 (JSC::DFG::JITCodeGenerator::unboxDouble):
50486 * dfg/DFGJITCompiler.cpp:
50487 (JSC::DFG::JITCompiler::fillNumericToDouble):
50488 (JSC::DFG::GeneralizedRegister::moveTo):
50489 (JSC::DFG::GeneralizedRegister::swapWith):
50490 * dfg/DFGJITCompiler.h:
50491 (JSC::DFG::JITCompiler::boxDouble):
50492 (JSC::DFG::JITCompiler::unboxDouble):
50494 * dfg/DFGNonSpeculativeJIT.cpp:
50495 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
50496 (JSC::DFG::NonSpeculativeJIT::compile):
50497 * dfg/DFGSpeculativeJIT.cpp:
50498 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
50499 (JSC::DFG::SpeculativeJIT::convertToDouble):
50501 2011-08-12 Mark Rowe <mrowe@apple.com>
50503 Be more forward-looking in the choice of compiler.
50505 Rubber-stamped by Jon Honeycutt.
50507 * Configurations/CompilerVersion.xcconfig:
50509 2011-08-12 Kalev Lember <kalevlember@gmail.com>
50511 [GTK] Fix non-pthreads build after r91906.
50512 https://bugs.webkit.org/show_bug.cgi?id=66151
50514 Reviewed by David Levin.
50516 r91906 broke the non-pthreads GTK+ build by including a header which
50517 doesn't exist. Fix it by including DateMath.h instead of DateMap.h.
50519 * wtf/gtk/ThreadingGtk.cpp:
50521 2011-08-12 Mark Rowe <mrowe@apple.com>
50523 Update some configuration settings that were missed back in r92432.
50525 * Configurations/CompilerVersion.xcconfig:
50527 2011-08-12 Filip Pizlo <fpizlo@apple.com>
50529 REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
50531 https://bugs.webkit.org/show_bug.cgi?id=66038
50533 Reviewed by Gavin Barraclough.
50535 Simplest and lowest-impact fix for the case where the spilled format
50536 of a DFG node differs from the register format: if the format is
50537 converted then indicate that the spilled value is no longer valid
50538 ("kill the spill").
50540 * dfg/DFGGenerationInfo.h:
50541 (JSC::DFG::GenerationInfo::killSpilled):
50542 * dfg/DFGJITCodeGenerator.cpp:
50543 (JSC::DFG::JITCodeGenerator::fillDouble):
50544 * dfg/DFGSpeculativeJIT.cpp:
50545 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
50547 2011-08-12 Sam Weinig <sam@webkit.org>
50549 Move compiler specific macros to their own header
50550 https://bugs.webkit.org/show_bug.cgi?id=66119
50552 Reviewed by Anders Carlsson.
50554 * JavaScriptCore.gypi:
50555 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
50556 * JavaScriptCore.xcodeproj/project.pbxproj:
50557 * wtf/CMakeLists.txt:
50560 * wtf/AlwaysInline.h:
50561 Move the contents of this file (which no longer was just about ALWAYS_INLINE) to
50562 Compiler.h. We can remove this file in a later commit.
50564 * wtf/Compiler.h: Added.
50565 Put all compiler specific checks and features in this file.
50568 Move COMPILER macro and definitions (and the odd WARN_UNUSED_RETURN compiler feature)
50569 to Compiler.h. Include Compiler.h since it is necessary.
50571 2011-08-11 Filip Pizlo <fpizlo@apple.com>
50573 DFG JIT-specific structure stub info code offset fields are signed
50574 8-bit, but it is possible for the offsets to be greater than 127
50575 https://bugs.webkit.org/show_bug.cgi?id=66122
50577 Reviewed by Gavin Barraclough.
50579 * bytecode/StructureStubInfo.h:
50580 * dfg/DFGJITCodeGenerator.cpp:
50581 (JSC::DFG::JITCodeGenerator::cachedGetById):
50582 (JSC::DFG::JITCodeGenerator::cachedPutById):
50584 2011-08-11 Filip Pizlo <fpizlo@apple.com>
50586 DFG JIT speculation failure code sometimes picks the wrong register
50587 as a scratch register.
50588 https://bugs.webkit.org/show_bug.cgi?id=66104
50590 Reviewed by Gavin Barraclough.
50592 Hardened the code with more assertions and fixed the bug. Now a
50593 spilled register is only used for scratch if it also isn't being
50594 used for shuffling.
50596 * dfg/DFGJITCompiler.cpp:
50597 (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
50598 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
50600 2011-08-11 Sheriff Bot <webkit.review.bot@gmail.com>
50602 Unreviewed, rolling out r92880.
50603 http://trac.webkit.org/changeset/92880
50604 https://bugs.webkit.org/show_bug.cgi?id=66123
50606 Breaks compile in VS2010 (Requested by jamesr_ on #webkit).
50608 * wtf/PassRefPtr.h:
50610 2011-08-11 Mark Rowe <mrowe@apple.com>
50612 Don't conditionalize the use of -fomit-frame-pointer on compiler version as
50613 all of our supported compilers are now new enough to have the same, sane behavior.
50615 Rubber-stamped by Sam Weinig.
50617 * Configurations/JavaScriptCore.xcconfig:
50619 2011-08-11 Filip Pizlo <fpizlo@apple.com>
50621 DFG JIT verbose mode does not report the generated types of nodes
50622 https://bugs.webkit.org/show_bug.cgi?id=65830
50624 Reviewed by Sam Weinig.
50626 Added code that prints the type selected for each node's result.
50628 * dfg/DFGGenerationInfo.h:
50629 (JSC::DFG::dataFormatToString):
50630 * dfg/DFGNonSpeculativeJIT.cpp:
50631 (JSC::DFG::NonSpeculativeJIT::compile):
50632 * dfg/DFGSpeculativeJIT.cpp:
50633 (JSC::DFG::SpeculativeJIT::compile):
50635 2011-08-11 James Robinson <jamesr@chromium.org>
50637 nullptr can't be used for PassRefPtr
50638 https://bugs.webkit.org/show_bug.cgi?id=66024
50640 Reviewed by Anders Carlsson.
50642 * wtf/PassRefPtr.h:
50643 (WTF::PassRefPtr::PassRefPtr):
50645 2011-08-11 Daniel Bates <dbates@rim.com>
50647 Removed unused variable in StackBounds::initialize() to resolve
50648 compiler warning when building on QNX.
50649 https://bugs.webkit.org/show_bug.cgi?id=66072
50651 Reviewed by Antonio Gomes.
50653 * wtf/StackBounds.cpp:
50654 (WTF::StackBounds::initialize):
50656 2011-08-11 Devdatta Deshpande <pwjd73@motorola.com>
50658 Implementation of monotonically increasing clock on GTK
50659 https://bugs.webkit.org/show_bug.cgi?id=62175
50661 Reviewed by Martin Robinson.
50663 * wtf/CurrentTime.cpp:
50664 (WTF::monotonicallyIncreasingTime):
50665 The default implementation of monotonicallyIncreasingTime only
50666 guarantees the result to be non-decreasing.
50667 If the system time is changed to past then default implementation will
50668 still fail and WebCore timers will not fire.
50670 2011-08-10 Geoffrey Garen <ggaren@apple.com>
50672 Removed some incorrect code that was dead.
50674 Reviewed by Oliver Hunt.
50676 clearSingleTransition() wasn't resetting m_data. Luckily,
50677 no one cares, because its caller was unused. Removed both.
50679 * runtime/Structure.cpp:
50680 * runtime/StructureTransitionTable.h:
50681 (JSC::StructureTransitionTable::~StructureTransitionTable):
50683 2011-08-10 Filip Pizlo <fpizlo@apple.com>
50685 REGRESSION(r92670-r92744): WebKit crashes when opening Gmail
50686 https://bugs.webkit.org/show_bug.cgi?id=66010
50688 Reviewed by Oliver Hunt.
50690 Made sure that Construct calls use() on the this argument.
50692 * dfg/DFGJITCodeGenerator.cpp:
50693 (JSC::DFG::JITCodeGenerator::emitCall):
50695 2011-08-10 Mark Hahnenberg <mhahnenberg@apple.com>
50697 JSC should always throw when function arg list is too long
50698 https://bugs.webkit.org/show_bug.cgi?id=65869
50700 Reviewed by Oliver Hunt.
50702 Changed the behavior of the interpreter and JIT to throw an exception
50703 when too many arguments are passed rather than truncating the list. Added
50704 a new method to create a "Too many arguments." exception used by this
50707 * interpreter/Interpreter.cpp:
50708 (JSC::Interpreter::privateExecute):
50709 * jit/JITStubs.cpp:
50710 (JSC::DEFINE_STUB_FUNCTION):
50711 * runtime/ExceptionHelpers.cpp:
50712 (JSC::createTooManyParamsError):
50713 * runtime/ExceptionHelpers.h:
50715 2011-08-10 Oliver Hunt <oliver@apple.com>
50717 Make GC checks more aggressive in release builds
50718 https://bugs.webkit.org/show_bug.cgi?id=66001
50720 Reviewed by Gavin Barraclough.
50722 * heap/HandleHeap.cpp:
50723 (JSC::HandleHeap::visitStrongHandles):
50724 (JSC::HandleHeap::visitWeakHandles):
50725 (JSC::HandleHeap::finalizeWeakHandles):
50726 (JSC::HandleHeap::writeBarrier):
50727 (JSC::HandleHeap::isLiveNode):
50728 (JSC::HandleHeap::isValidWeakNode):
50729 Increase handle heap validation logic, and make some of
50730 the crashes trigger in release builds as well as debug.
50731 * heap/HandleHeap.h:
50732 (JSC::HandleHeap::allocate):
50733 (JSC::HandleHeap::makeWeak):
50735 * runtime/JSGlobalData.cpp:
50736 (WTF::Recompiler::operator()):
50737 * runtime/JSGlobalObject.cpp:
50738 (JSC::JSGlobalObject::visitChildren):
50739 Fix GC bugs found while testing this patch
50741 2011-08-10 Oliver Hunt <oliver@apple.com>
50743 JSEvaluteScript does not return the correct object when given JSONP data
50744 https://bugs.webkit.org/show_bug.cgi?id=66003
50746 Reviewed by Gavin Barraclough.
50748 Make sure we propagate the result of the function call rather than the
50751 * interpreter/Interpreter.cpp:
50752 (JSC::Interpreter::execute):
50754 2011-08-10 Filip Pizlo <fpizlo@apple.com>
50756 DFG JIT heap prediction causes regressions when combined with
50757 aggressive integer prediction
50758 https://bugs.webkit.org/show_bug.cgi?id=65954
50760 Reviewed by Gavin Barraclough.
50762 Disabled heap prediction, but did not remove the capability.
50763 This improves V8 crypto performance by 20%.
50766 (JSC::DFG::Graph::predict):
50768 2011-08-09 Filip Pizlo <fpizlo@apple.com>
50770 DFG JIT does not speculative integers as aggressively as it should
50771 https://bugs.webkit.org/show_bug.cgi?id=65949
50773 Reviewed by Gavin Barraclough.
50775 Added a tree walk to propagate integer predictions through arithmetic
50778 This is a 71% speed-up on Kraken's imaging-gaussian-blur, which
50779 translates to a 19% speed-up on Kraken overall. It's neutral on
50782 * dfg/DFGByteCodeParser.cpp:
50783 (JSC::DFG::ByteCodeParser::predictInt32):
50785 2011-08-09 Filip Pizlo <fpizlo@apple.com>
50787 DFG JIT has no way of propagating predictions to loads and calls
50788 https://bugs.webkit.org/show_bug.cgi?id=65883
50790 Reviewed by Gavin Barraclough.
50792 This introduces the capability to store predictions on graph
50793 nodes. To save space while being somewhat consistent, the
50794 prediction is always stored in the second OpInfo slot (since
50795 a GetById will use the first one for the identifier). This
50796 change is a natural extension of r92593 (global variable
50799 This is a 1.5% win on V8 in the arithmetic mean, and a 0.6%
50800 win on V8 in the geometric mean. It is neutral on SunSpider
50801 and Kraken. Interestingly, on V8 it regresses crypto by 3%
50802 while progressing deltablue and richards by 2.6% and 4.3%,
50805 * dfg/DFGByteCodeParser.cpp:
50806 (JSC::DFG::ByteCodeParser::addToGraph):
50807 (JSC::DFG::ByteCodeParser::addCall):
50808 (JSC::DFG::ByteCodeParser::parseBlock):
50809 * dfg/DFGGraph.cpp:
50810 (JSC::DFG::Graph::dump):
50812 (JSC::DFG::Graph::predict):
50813 (JSC::DFG::Graph::getPrediction):
50815 (JSC::DFG::isCellPrediction):
50816 (JSC::DFG::isArrayPrediction):
50817 (JSC::DFG::isInt32Prediction):
50818 (JSC::DFG::isDoublePrediction):
50819 (JSC::DFG::isNumberPrediction):
50820 (JSC::DFG::predictionToString):
50821 (JSC::DFG::Node::Node):
50822 (JSC::DFG::Node::hasPrediction):
50823 (JSC::DFG::Node::getPrediction):
50824 (JSC::DFG::Node::predict):
50826 2011-08-09 Filip Pizlo <fpizlo@apple.com>
50828 DFG JIT passes the this argument to constructors even though
50830 https://bugs.webkit.org/show_bug.cgi?id=65943
50832 Reviewed by Gavin Barraclough.
50834 * dfg/DFGJITCodeGenerator.cpp:
50835 (JSC::DFG::JITCodeGenerator::emitCall):
50837 2011-08-09 Chao-ying Fu <fu@mips.com>
50839 Fix one MIPS instruction to call JITStubThunked_##op
50840 https://bugs.webkit.org/show_bug.cgi?id=65942
50842 Reviewed by Gavin Barraclough.
50844 Changed "bal" to "jalr" for a possible processor mode change from
50847 * jit/JITStubs.cpp:
50849 2011-08-09 Filip Pizlo <fpizlo@apple.com>
50851 DFG JIT failure loading web site
50852 https://bugs.webkit.org/show_bug.cgi?id=65930
50854 Reviewed by Oliver Hunt.
50856 Put the use() call after the fpr()/gpr() calls, since doing otherwise
50857 breaks the register allocator.
50859 * dfg/DFGNonSpeculativeJIT.cpp:
50860 (JSC::DFG::NonSpeculativeJIT::compile):
50862 2011-08-09 Mark Hahnenberg <mhahnenberg@apple.com>
50864 Add ParentClass typedef in all JSC classes
50865 https://bugs.webkit.org/show_bug.cgi?id=65731
50867 Reviewed by Oliver Hunt.
50869 Just added the Base typedefs in all the classes that are a subclass of JSCell
50870 to point at their parent classes. This is a change to support future changes to the way
50871 constructors and destructors are implemented in JS objects, among other things.
50873 * API/JSCallbackConstructor.h:
50874 * API/JSCallbackFunction.h:
50875 * API/JSCallbackObject.h:
50876 (JSC::JSCallbackObject::createStructure):
50877 (JSC::JSCallbackObject::visitChildren):
50878 * API/JSCallbackObjectFunctions.h:
50879 (JSC::::asCallbackObject):
50880 (JSC::::JSCallbackObject):
50882 (JSC::::className):
50883 (JSC::::getOwnPropertySlot):
50884 (JSC::::getOwnPropertyDescriptor):
50886 (JSC::::deleteProperty):
50887 (JSC::::getConstructData):
50888 (JSC::::construct):
50889 (JSC::::hasInstance):
50890 (JSC::::getCallData):
50892 (JSC::::getOwnPropertyNames):
50895 (JSC::::setPrivate):
50896 (JSC::::getPrivate):
50898 (JSC::::getStaticValue):
50899 (JSC::::staticFunctionGetter):
50900 (JSC::::callbackGetter):
50901 * debugger/DebuggerActivation.h:
50903 * runtime/Arguments.h:
50904 * runtime/ArrayConstructor.h:
50905 * runtime/ArrayPrototype.h:
50906 * runtime/BooleanConstructor.h:
50907 * runtime/BooleanObject.h:
50908 * runtime/BooleanPrototype.h:
50909 * runtime/DateConstructor.h:
50910 * runtime/DateInstance.h:
50911 * runtime/DatePrototype.h:
50912 * runtime/Error.cpp:
50913 * runtime/ErrorConstructor.h:
50914 * runtime/ErrorInstance.h:
50915 * runtime/ErrorPrototype.h:
50916 * runtime/ExceptionHelpers.cpp:
50917 * runtime/Executable.h:
50918 * runtime/FunctionConstructor.h:
50919 * runtime/FunctionPrototype.h:
50920 * runtime/GetterSetter.h:
50921 * runtime/InternalFunction.h:
50922 * runtime/JSAPIValueWrapper.h:
50923 * runtime/JSActivation.h:
50924 * runtime/JSArray.h:
50925 * runtime/JSFunction.h:
50926 * runtime/JSGlobalObject.h:
50927 * runtime/JSNotAnObject.h:
50928 * runtime/JSONObject.h:
50929 * runtime/JSObject.h:
50930 * runtime/JSPropertyNameIterator.h:
50931 * runtime/JSStaticScopeObject.h:
50932 * runtime/JSString.h:
50933 * runtime/JSVariableObject.h:
50934 * runtime/JSWrapperObject.h:
50935 * runtime/MathObject.h:
50936 * runtime/NativeErrorConstructor.h:
50937 * runtime/NativeErrorPrototype.h:
50938 * runtime/NumberConstructor.h:
50939 * runtime/NumberObject.h:
50940 * runtime/NumberPrototype.h:
50941 * runtime/ObjectConstructor.h:
50942 * runtime/ObjectPrototype.h:
50943 * runtime/RegExp.h:
50944 * runtime/RegExpConstructor.h:
50945 * runtime/RegExpMatchesArray.h:
50946 * runtime/RegExpObject.h:
50947 (JSC::RegExpObject::create):
50948 * runtime/RegExpPrototype.h:
50949 * runtime/ScopeChain.h:
50950 * runtime/StrictEvalActivation.h:
50951 * runtime/StringConstructor.h:
50952 * runtime/StringObject.h:
50953 * runtime/StringObjectThatMasqueradesAsUndefined.h:
50954 * runtime/StringPrototype.h:
50955 * runtime/Structure.h:
50956 * runtime/StructureChain.h:
50958 2011-08-08 Oliver Hunt <oliver@apple.com>
50960 Using mprotect to create guard pages breaks our use of madvise to release executable memory
50961 https://bugs.webkit.org/show_bug.cgi?id=65870
50963 Reviewed by Gavin Barraclough.
50965 Use mmap rather than mprotect to clear guard page permissions.
50967 * wtf/OSAllocatorPosix.cpp:
50968 (WTF::OSAllocator::reserveAndCommit):
50970 2011-08-08 Oliver Hunt <oliver@apple.com>
50972 Non-extensibility does not prevent mutating [[Prototype]]
50973 https://bugs.webkit.org/show_bug.cgi?id=65832
50975 Reviewed by Gavin Barraclough.
50977 Disallow mutation of __proto__ on objects that are not extensible.
50979 * runtime/JSObject.cpp:
50980 (JSC::JSObject::put):
50982 2011-08-08 Filip Pizlo <fpizlo@apple.com>
50984 DFG JIT does not track speculation decisions for global variables
50985 https://bugs.webkit.org/show_bug.cgi?id=65825
50987 Reviewed by Gavin Barraclough.
50989 Added the capability to track predictions for global variables, and
50990 ensured that code can abstract over the source of prediction (local
50991 versus global variable) wherever it is appropriate to do so. Also
50992 cleaned up the code in SpeculativeJIT that decides how to speculate
50993 based on recorded predictions (for example instead of using isInteger,
50994 which makes sense for local predictions where the GetLocal would
50995 return an integer value, we now tend to use shouldSpeculateInteger,
50996 which checks if the value is either already an integer or should be
50997 speculated to be an integer).
50999 This is an 0.8% win on SunSpider, almost entirely thanks to a 25%
51000 win on controlflow-recursive. It's also a 4.8% win on v8-crypto.
51002 * dfg/DFGByteCodeParser.cpp:
51003 (JSC::DFG::ByteCodeParser::predictArray):
51004 (JSC::DFG::ByteCodeParser::predictInt32):
51005 (JSC::DFG::ByteCodeParser::parseBlock):
51006 * dfg/DFGGraph.cpp:
51007 (JSC::DFG::Graph::dump):
51009 (JSC::DFG::Graph::predictGlobalVar):
51010 (JSC::DFG::Graph::predict):
51011 (JSC::DFG::Graph::getGlobalVarPrediction):
51012 (JSC::DFG::Graph::getPrediction):
51013 * dfg/DFGSpeculativeJIT.cpp:
51014 (JSC::DFG::SpeculativeJIT::compile):
51015 * dfg/DFGSpeculativeJIT.h:
51016 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
51017 (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
51019 2011-08-07 Martin Robinson <mrobinson@igalia.com>
51021 Distribution fix for GTK+.
51023 * GNUmakefile.list.am: Strip removed files from the source list.
51025 2011-08-06 Gavin Barraclough <barraclough@apple.com>
51027 https://bugs.webkit.org/show_bug.cgi?id=65821
51028 Don't form identifiers the first time a string is used as a property name.
51030 Reviewed by Oliver Hunt.
51032 This is a 1% win on SunSpider.
51034 * dfg/DFGOperations.cpp:
51035 - Use fastGetOwnProperty.
51036 * jit/JITStubs.cpp:
51037 (JSC::DEFINE_STUB_FUNCTION):
51038 - Use fastGetOwnProperty.
51039 * runtime/JSCell.h:
51040 * runtime/JSObject.h:
51041 (JSC::JSCell::fastGetOwnProperty):
51042 - Fast call to get a property without creating an identifier the first time.
51043 * runtime/PropertyMapHashTable.h:
51044 (JSC::PropertyTable::find):
51045 (JSC::PropertyTable::findWithString):
51046 - Add interface to look up by either strinsg or identifiers.
51047 * runtime/Structure.h:
51048 (JSC::Structure::get):
51049 - Add a get() call that takes a UString, not an Identifier.
51050 * wtf/text/StringImpl.h:
51051 (WTF::StringImpl::hasHash):
51052 - Add a call to check if the has has been set (to detect the first use as a property name).
51054 2011-08-06 Aron Rosenberg <arosenberg@logitech.com>
51056 Reviewed by Benjamin Poulain.
51058 [Qt] Fix build with Intel compiler on Windows
51059 https://bugs.webkit.org/show_bug.cgi?id=65088
51061 Intel compiler needs .lib suffixes instead of .a
51062 Intel compiler doesn't support nullptr
51063 Intel compiler supports unsized arrays
51065 * JavaScriptCore.pri:
51070 2011-08-05 Gavin Barraclough <barraclough@apple.com>
51072 String replace with the empty string means string removal
51073 https://bugs.webkit.org/show_bug.cgi?id=65799
51075 Reviewed by Sam Weinig.
51077 Optimization for String.prototype.replace([RegExp], ""), this improves v8-regexp by ~3%.
51079 * runtime/StringPrototype.cpp:
51080 (JSC::jsSpliceSubstrings):
51081 (JSC::stringProtoFuncReplace):
51083 2011-08-05 Noel Gordon <noel.gordon@gmail.com>
51085 [Chromium] Remove JSZombie references from gyp project files.
51086 https://bugs.webkit.org/show_bug.cgi?id=65798
51088 JSC runtime/JSZombie.{cpp,h} were removed in r92046. Remove references to these
51089 file names from the gyp projects.
51091 Reviewed by Darin Adler.
51093 * JavaScriptCore.gypi: zombies be gone.
51095 2011-08-05 Mark Rowe <mrowe@apple.com>
51097 <http://webkit.org/b/65785> ThreadRestrictionVerifier needs a mode where an object
51098 is tied to a particular dispatch queue
51100 A RefCounted object can be opted in to this mode by calling setDispatchQueueForVerifier
51101 with the dispatch queue it will be tied to. This will cause ThreadRestrictionVerifier
51102 to ensure that all operations are performed on the given dispatch queue.
51104 Reviewed by Anders Carlsson.
51106 * wtf/RefCounted.h:
51107 (WTF::RefCountedBase::setDispatchQueueForVerifier):
51108 * wtf/ThreadRestrictionVerifier.h:
51109 (WTF::ThreadRestrictionVerifier::ThreadRestrictionVerifier):
51110 (WTF::ThreadRestrictionVerifier::~ThreadRestrictionVerifier):
51111 (WTF::ThreadRestrictionVerifier::setDispatchQueueMode):
51112 (WTF::ThreadRestrictionVerifier::setShared):
51113 (WTF::ThreadRestrictionVerifier::isSafeToUse):
51115 2011-08-05 Oliver Hunt <oliver@apple.com>
51117 Inline allocation of function objects
51118 https://bugs.webkit.org/show_bug.cgi?id=65779
51120 Reviewed by Gavin Barraclough.
51122 Inline allocation and initilisation of function objects
51123 in generated code. This ended up being a 60-70% improvement
51124 in function allocation performance. This improvement shows
51125 up as a ~2% improvement in 32bit sunspider and V8, but is a
51128 We currently don't inline the allocation of named function
51129 expressions, as that requires being able to gc allocate a
51133 (JSC::JIT::privateCompileSlowCases):
51135 (JSC::JIT::emitStoreCell):
51136 * jit/JITInlineMethods.h:
51137 (JSC::JIT::emitAllocateBasicJSObject):
51138 (JSC::JIT::emitAllocateJSFinalObject):
51139 (JSC::JIT::emitAllocateJSFunction):
51140 * jit/JITOpcodes.cpp:
51141 (JSC::JIT::emit_op_new_func):
51142 (JSC::JIT::emitSlow_op_new_func):
51143 (JSC::JIT::emit_op_new_func_exp):
51144 (JSC::JIT::emitSlow_op_new_func_exp):
51145 * jit/JITOpcodes32_64.cpp:
51146 Removed duplicate implementation of op_new_func and op_new_func_exp
51147 * runtime/JSFunction.h:
51148 (JSC::JSFunction::offsetOfScopeChain):
51149 (JSC::JSFunction::offsetOfExecutable):
51151 2011-08-04 David Levin <levin@chromium.org>
51153 CStringBuffer should have thread safety checks turned on.
51154 https://bugs.webkit.org/show_bug.cgi?id=58093
51156 Reviewed by Dmitry Titov.
51158 * wtf/text/CString.h:
51159 (WTF::CStringBuffer::CStringBuffer): Removed the ifdef that
51160 turned this off for Chromium.
51162 2011-08-04 Mark Rowe <mrowe@apple.com>
51164 Future-proof Xcode configuration settings.
51166 * Configurations/Base.xcconfig:
51167 * Configurations/DebugRelease.xcconfig:
51168 * Configurations/JavaScriptCore.xcconfig:
51169 * Configurations/Version.xcconfig:
51171 2011-08-04 Mark Hahnenberg <mhahnenberg@apple.com>
51173 Interpreter can potentially GC in the middle of initializing a structure chain
51174 https://bugs.webkit.org/show_bug.cgi?id=65638
51176 Reviewed by Oliver Hunt.
51178 Moved the allocation of a prototype StructureChain before the initialization of
51179 the structure chain within the interpreter that was causing intermittent GC crashes.
51181 * interpreter/Interpreter.cpp:
51182 (JSC::Interpreter::tryCachePutByID):
51185 2011-08-04 Filip Pizlo <fpizlo@apple.com>
51187 Eval handling attempts literal parsing even when the eval
51188 string is in the cache
51189 https://bugs.webkit.org/show_bug.cgi?id=65675
51191 Reviewed by Oliver Hunt.
51193 This is a 25% speed-up on date-format-tofte and a 1.5% speed-up overall
51194 in SunSpider. It's neutral on V8.
51196 * bytecode/EvalCodeCache.h:
51197 (JSC::EvalCodeCache::tryGet):
51198 (JSC::EvalCodeCache::getSlow):
51199 (JSC::EvalCodeCache::get):
51200 * interpreter/Interpreter.cpp:
51201 (JSC::Interpreter::callEval):
51203 2011-08-03 Mark Rowe <mrowe@apple.com>
51205 Bring some order to FeatureDefines.xcconfig to make it easier to follow.
51207 Reviewed by Sam Weinig.
51209 * Configurations/FeatureDefines.xcconfig:
51211 2011-08-03 Mark Rowe <mrowe@apple.com>
51213 Clean up FeatureDefines.xcconfig to remove some unnecessary conditional settings
51215 Reviewed by Dave Kilzer.
51217 * Configurations/FeatureDefines.xcconfig:
51219 2011-08-03 Filip Pizlo <fpizlo@apple.com>
51221 JSC GC heap size improvement breaks build on some platforms due to
51223 https://bugs.webkit.org/show_bug.cgi?id=65641
51225 Reviewed by Darin Adler.
51227 Fix build on non-x86 platforms, by ensuring that the relevant
51228 parameter always appears to be used even when it isn't.
51232 2011-08-03 Carlos Garcia Campos <cgarcia@igalia.com>
51234 [GTK] Reorganize pkg-config files
51235 https://bugs.webkit.org/show_bug.cgi?id=65548
51237 Reviewed by Martin Robinson.
51240 * javascriptcoregtk.pc.in: Renamed from Source/WebKit/gtk/javascriptcoregtk.pc.in.
51242 2011-08-01 David Levin <levin@chromium.org>
51244 Add asserts to RefCounted to make sure ref/deref happens on the right thread.
51245 https://bugs.webkit.org/show_bug.cgi?id=31639
51247 Reviewed by Dmitry Titov.
51249 * GNUmakefile.list.am: Added new files to the build.
51250 * JavaScriptCore.gypi: Ditto.
51251 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
51252 * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
51253 * jit/ExecutableAllocator.h:
51254 (JSC::ExecutablePool::ExecutablePool): Turned off checks for this
51255 due to not being able to figure out what was guarding it (bug 58091).
51256 * parser/SourceProvider.h:
51257 (JSC::SourceProvider::SourceProvider): Ditto.
51258 * wtf/CMakeLists.txt: Added new files to the build.
51259 * wtf/ThreadRestrictionVerifier.h: Added.
51260 Everything is done in the header to avoid the issue with exports
51261 that are only useful in debug but still needing to export them.
51262 * wtf/RefCounted.h:
51263 (WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
51264 and filed bug 58171 about making it stricter.
51265 (WTF::RefCountedBase::hasOneRef): Ditto.
51266 (WTF::RefCountedBase::refCount): Ditto.
51267 (WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
51268 on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
51269 (WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
51270 Filed bug 58174 to remove this method.
51271 (WTF::RefCountedBase::derefBase):
51272 * wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.
51273 * wtf/text/CString.h:
51274 (WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
51275 done in Chromium (bug 58093).
51277 2011-08-02 Filip Pizlo <fpizlo@apple.com>
51279 JSC GC may not be able to reuse partially-free blocks after a
51281 https://bugs.webkit.org/show_bug.cgi?id=65585
51283 Reviewed by Darin Adler.
51285 This fixes the linked list management bug. This fix is performance
51286 neutral on SunSpider.
51288 * heap/NewSpace.cpp:
51289 (JSC::NewSpace::removeBlock):
51291 2011-07-30 Oliver Hunt <oliver@apple.com>
51293 Simplify JSFunction creation for functions written in JS
51294 https://bugs.webkit.org/show_bug.cgi?id=65422
51296 Reviewed by Gavin Barraclough.
51298 Remove hash lookups used to write name property and transition
51299 function structure by caching the resultant structure and property
51300 offset in JSGlobalObject. This doesn't impact performance, but
51301 we can use this change to make other improvements later.
51303 * runtime/Executable.cpp:
51304 (JSC::FunctionExecutable::FunctionExecutable):
51305 * runtime/Executable.h:
51306 (JSC::ScriptExecutable::ScriptExecutable):
51307 (JSC::FunctionExecutable::jsName):
51308 * runtime/JSFunction.cpp:
51309 (JSC::JSFunction::JSFunction):
51310 * runtime/JSGlobalObject.cpp:
51311 (JSC::JSGlobalObject::reset):
51312 * runtime/JSGlobalObject.h:
51313 (JSC::JSGlobalObject::namedFunctionStructure):
51314 (JSC::JSGlobalObject::functionNameOffset):
51316 2011-08-02 Filip Pizlo <fpizlo@apple.com>
51318 JSC GC uses dummy cells to avoid having to remember which cells
51319 it has already destroyed
51320 https://bugs.webkit.org/show_bug.cgi?id=65556
51322 Reviewed by Oliver Hunt.
51324 This gets rid of dummy cells, and ensures that it's not necessary
51325 to invoke a destructor on cells that have already been swept. In
51326 the common case, a block knows that either all of its free cells
51327 still need to have destructors called, or none of them do, which
51328 minimizes the amount of branching that needs to happen per cell
51329 when performing a sweep.
51331 This is performance neutral on SunSpider and V8. It is meant as
51332 a stepping stone to simplify the implementation of more
51333 sophisticated sweeping algorithms.
51336 (JSC::CountFunctor::ClearMarks::operator()):
51337 * heap/MarkedBlock.cpp:
51338 (JSC::MarkedBlock::initForCellSize):
51339 (JSC::MarkedBlock::callDestructor):
51340 (JSC::MarkedBlock::specializedReset):
51341 (JSC::MarkedBlock::reset):
51342 (JSC::MarkedBlock::specializedSweep):
51343 (JSC::MarkedBlock::sweep):
51344 (JSC::MarkedBlock::produceFreeList):
51345 (JSC::MarkedBlock::lazySweep):
51346 (JSC::MarkedBlock::blessNewBlockForFastPath):
51347 (JSC::MarkedBlock::blessNewBlockForSlowPath):
51348 (JSC::MarkedBlock::canonicalizeBlock):
51349 * heap/MarkedBlock.h:
51350 (JSC::MarkedBlock::FreeCell::setNoObject):
51351 (JSC::MarkedBlock::setDestructorState):
51352 (JSC::MarkedBlock::destructorState):
51353 (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
51354 * runtime/JSCell.cpp:
51355 * runtime/JSCell.h:
51356 (JSC::JSCell::JSCell::JSCell):
51357 * runtime/JSGlobalData.cpp:
51358 (JSC::JSGlobalData::JSGlobalData):
51359 (JSC::JSGlobalData::clearBuiltinStructures):
51360 * runtime/JSGlobalData.h:
51361 * runtime/Structure.h:
51363 2011-08-01 Michael Saboff <msaboff@apple.com>
51365 Virtual copying of FastMalloc allocated memory causes madvise MADV_FREE_REUSABLE errors
51366 https://bugs.webkit.org/show_bug.cgi?id=65502
51368 Reviewed by Anders Carlsson.
51370 With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
51371 added an assert to the return code of madvise to catch any regressions.
51373 * wtf/TCSystemAlloc.cpp:
51374 (TCMalloc_SystemRelease):
51376 2011-08-02 Anders Carlsson <andersca@apple.com>
51380 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
51382 2011-08-02 Anders Carlsson <andersca@apple.com>
51384 Fix a Windows build error.
51386 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
51388 2011-08-02 Filip Pizlo <fpizlo@apple.com>
51390 JSC GC is far too conservative about growing the heap size, particularly
51391 on desktop platforms
51392 https://bugs.webkit.org/show_bug.cgi?id=65438
51394 Reviewed by Oliver Hunt.
51396 The minimum heap size is now 16MB instead of 512KB, provided all of the
51397 following are true:
51398 a) ENABLE(LARGE_HEAP) is set, which currently only happens on
51399 x86 targets, but could reasonably happen on any platform that is
51400 known to have a decent amount of RAM.
51401 b) JSGlobalData is initialized with HeapSize = LargeHeap, which
51402 currently only happens when it's the JSDOMWindowBase in WebCore or
51403 in the jsc command-line tool.
51405 This is a 4.1% speed-up on SunSpider.
51407 * JavaScriptCore.exp:
51410 (JSC::Heap::collect):
51414 * runtime/JSGlobalData.cpp:
51415 (JSC::JSGlobalData::JSGlobalData):
51416 (JSC::JSGlobalData::createContextGroup):
51417 (JSC::JSGlobalData::create):
51418 (JSC::JSGlobalData::createLeaked):
51419 (JSC::JSGlobalData::sharedInstance):
51420 * runtime/JSGlobalData.h:
51423 2011-08-02 Filip Pizlo <fpizlo@apple.com>
51425 JSC does a GC even when the heap still has free pages
51426 https://bugs.webkit.org/show_bug.cgi?id=65445
51428 Reviewed by Oliver Hunt.
51430 If the high watermark is not reached, then we allocate new blocks as
51431 before. If the current watermark does reach (or exceed) the high
51432 watermark, then we check if there is a block on the free block pool.
51433 If there is, we simply allocation from it. If there isn't, we
51434 invoke a collectin as before. This effectively couples the elastic
51435 scavenging to the collector's decision function. That is, if an
51436 application rapidly varies its heap usage (sometimes using more and
51437 sometimes less) then the collector will not thrash as it used to.
51438 But if heap usage drops and stays low then the scavenger thread and
51439 the GC will eventually reach a kind of consensus: the GC will set
51440 the watermark low because of low heap usage, and the scavenger thread
51441 will steadily eliminate pages from the free page pool, until the size
51442 of the free pool is below the high watermark.
51444 On command-line, this is neutral on SunSpider and Kraken and a 3% win
51445 on V8. In browser, this is a 1% win on V8 and neutral on the other
51449 (JSC::Heap::allocateSlowCase):
51450 (JSC::Heap::allocateBlock):
51453 2011-08-02 Jeff Miller <jeffm@apple.com>
51455 Move WTF_USE_AVFOUNDATION from JavaScriptCore/wtf/platform.h to WebCore/config.h
51456 https://bugs.webkit.org/show_bug.cgi?id=65552
51458 Since this is a WebCore feature, there's no need to define it in JavaScriptCore/wtf/platform.h.
51460 Reviewed by Adam Roben.
51462 * wtf/Platform.h: Removed WTF_USE_AVFOUNDATION.
51464 2011-08-01 Jean-luc Brouillet <jeanluc@chromium.org>
51466 Removing old source files in gyp files that slow build
51467 https://bugs.webkit.org/show_bug.cgi?id=65503
51469 Reviewed by Adam Barth.
51471 A number of stale files are listed in the gyp files. These slow the
51472 build on Visual Studio 2010. Removing them.
51474 * JavaScriptCore.gypi:
51476 2011-07-14 David Levin <levin@chromium.org>
51478 currentThread is too slow!
51479 https://bugs.webkit.org/show_bug.cgi?id=64577
51481 Reviewed by Darin Adler and Dmitry Titov.
51483 The problem is that currentThread results in a pthread_once call which always takes a lock.
51484 With this change, currentThread is 10% faster than isMainThread in release mode and only
51485 5% slower than isMainThread in debug.
51487 * wtf/ThreadIdentifierDataPthreads.cpp:
51488 (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
51489 which is no longer needed because this is called from initializeThreading().
51490 (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
51491 intialization of the pthread key should already be done.
51492 (WTF::ThreadIdentifierData::initialize): Ditto.
51493 * wtf/ThreadIdentifierDataPthreads.h:
51494 * wtf/ThreadingPthreads.cpp:
51495 (WTF::initializeThreading): Acquire the pthread key here.
51497 2011-08-01 Filip Pizlo <fpizlo@apple.com>
51499 DFG JIT sometimes creates speculation check data structures that have
51500 invalid information about the format of a register
51501 https://bugs.webkit.org/show_bug.cgi?id=65490
51503 Reviewed by Gavin Barraclough.
51505 The code now makes sure to (1) always have correct and up-to-date
51506 information about register format at the time that a speculation
51507 check is emitted, (2) assert that speculation data is correct
51508 inside the speculation check implementation, and (3) avoid creating
51509 speculation data altogether if compilation has already failed, since
51510 at that point the format data is almost guaranteed to be bogus.
51512 * dfg/DFGNonSpeculativeJIT.cpp:
51513 (JSC::DFG::EntryLocation::EntryLocation):
51514 * dfg/DFGSpeculativeJIT.cpp:
51515 (JSC::DFG::SpeculationCheck::SpeculationCheck):
51516 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
51517 (JSC::DFG::SpeculativeJIT::compile):
51518 * dfg/DFGSpeculativeJIT.h:
51519 (JSC::DFG::SpeculativeJIT::speculationCheck):
51521 2011-08-01 Filip Pizlo <fpizlo@apple.com>
51523 REGRESSION(r92092): Build fails on 64 bit
51524 https://bugs.webkit.org/show_bug.cgi?id=65458
51526 Reviewed by Oliver Hunt.
51528 The build was broken because some compilers were smart enough to see
51529 an array index out of bounds due to the decision fuction for when to
51530 go from precise size classes to imprecise size classes being broken:
51531 it would assume that sizes in the range 97..128 belonged to a precise
51532 size class when in fact they belonged to an imprecise one.
51534 In fact, the code would have run correctly, by way of a fluke, because
51535 though the 4th precise size class (for 97..128) didn't exist, the next
51536 array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
51537 its first entry would have been a size class that is appropriate for
51538 allocations in the range 97..128. However, this relies on specific
51539 ordering of fields in NewSpace, so it's still a bug.
51541 This fixes the bug by ensuring that allocations larger than 96 use
51542 the imprecise size classes.
51545 (JSC::NewSpace::sizeClassFor):
51547 2011-07-31 Gavin Barraclough <barraclough@apple.com>
51549 https://bugs.webkit.org/show_bug.cgi?id=64679
51550 Fix bugs in Array.prototype this handling.
51552 Unreviewed - rolling out r91290.
51554 Looks like the wild wild web isn't ready for this yet.
51556 This change broke http://slides.html5rocks.com/#landing-slide.
51557 Interestingly, this might only be due to our lack of bind support -
51558 it looks like this site is calling Array.prototype.slice as a part
51559 of its bind implementation.
51561 * runtime/ArrayPrototype.cpp:
51562 (JSC::arrayProtoFuncJoin):
51563 (JSC::arrayProtoFuncConcat):
51564 (JSC::arrayProtoFuncPop):
51565 (JSC::arrayProtoFuncPush):
51566 (JSC::arrayProtoFuncReverse):
51567 (JSC::arrayProtoFuncShift):
51568 (JSC::arrayProtoFuncSlice):
51569 (JSC::arrayProtoFuncSort):
51570 (JSC::arrayProtoFuncSplice):
51571 (JSC::arrayProtoFuncUnShift):
51572 (JSC::arrayProtoFuncFilter):
51573 (JSC::arrayProtoFuncMap):
51574 (JSC::arrayProtoFuncEvery):
51575 (JSC::arrayProtoFuncForEach):
51576 (JSC::arrayProtoFuncSome):
51577 (JSC::arrayProtoFuncReduce):
51578 (JSC::arrayProtoFuncReduceRight):
51579 (JSC::arrayProtoFuncIndexOf):
51580 (JSC::arrayProtoFuncLastIndexOf):
51582 2011-07-31 Filip Pizlo <fpizlo@apple.com>
51584 JSC GC lays out size classes under wrong assumptions about expected
51586 https://bugs.webkit.org/show_bug.cgi?id=65437
51588 Reviewed by Oliver Hunt.
51590 Changed the atom size - which is both the smallest allocation size and
51591 the smallest possible stepping unit for size class spacing - from
51592 8 bytes to 4 pointer-size words. This is a 1% win on SunSpider.
51594 * heap/MarkedBlock.h:
51596 2011-07-31 Filip Pizlo <fpizlo@apple.com>
51598 DFG non-speculative JIT does not optimize PutByVal
51599 https://bugs.webkit.org/show_bug.cgi?id=65424
51601 Reviewed by Gavin Barraclough.
51603 Added code to emit PutByVal inline fast path.
51605 * dfg/DFGNonSpeculativeJIT.cpp:
51606 (JSC::DFG::NonSpeculativeJIT::compile):
51608 2011-07-31 Filip Pizlo <fpizlo@apple.com>
51610 The JSC garbage collector returns memory to the operating system too
51612 https://bugs.webkit.org/show_bug.cgi?id=65382
51614 Reviewed by Oliver Hunt.
51616 This introduces a memory reuse model similar to the one in FastMalloc.
51617 A periodic scavenger thread runs in the background and returns half the
51618 free memory to the OS on each timer fire. New block allocations first
51619 attempt to get the memory from the collector's internal pool, reverting
51620 to OS allocation only when this pool is empty.
51624 (JSC::Heap::~Heap):
51625 (JSC::Heap::destroy):
51626 (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
51627 (JSC::Heap::waitForRelativeTime):
51628 (JSC::Heap::blockFreeingThreadStartFunc):
51629 (JSC::Heap::blockFreeingThreadMain):
51630 (JSC::Heap::allocateBlock):
51631 (JSC::Heap::freeBlocks):
51632 (JSC::Heap::releaseFreeBlocks):
51634 * heap/MarkedBlock.cpp:
51635 (JSC::MarkedBlock::destroy):
51636 (JSC::MarkedBlock::MarkedBlock):
51637 (JSC::MarkedBlock::initForCellSize):
51638 (JSC::MarkedBlock::reset):
51639 * heap/MarkedBlock.h:
51642 2011-07-30 Filip Pizlo <fpizlo@apple.com>
51644 DFG JIT speculation failure pass sometimes forgets to emit code to
51645 move certain registers.
51646 https://bugs.webkit.org/show_bug.cgi?id=65421
51648 Reviewed by Oliver Hunt.
51650 Restructured the offending loops (for gprs and fprs). It's once again
51651 possible to use spreadsheets on docs.google.com.
51653 * dfg/DFGJITCompiler.cpp:
51654 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
51656 2011-07-30 Patrick Gansterer <paroga@webkit.org>
51658 Remove inclusion of MainThread.h from Threading.h
51659 https://bugs.webkit.org/show_bug.cgi?id=65081
51661 Reviewed by Darin Adler.
51663 Add missing and remove unneeded include statements for MainThread.
51665 * wtf/CryptographicallyRandomNumber.cpp:
51667 * wtf/ThreadingPthreads.cpp:
51668 * wtf/text/StringStatics.cpp:
51670 2011-07-30 Oliver Hunt <oliver@apple.com>
51672 Reduce the size of JSGlobalObject slightly
51673 https://bugs.webkit.org/show_bug.cgi?id=65417
51675 Reviewed by Dan Bernstein.
51677 Push a few members that either aren't commonly used,
51678 or aren't frequently accessed into a separate struct.
51680 * runtime/JSGlobalObject.cpp:
51681 (JSC::JSGlobalObject::init):
51682 (JSC::JSGlobalObject::WeakMapsFinalizer::finalize):
51683 * runtime/JSGlobalObject.h:
51684 (JSC::JSGlobalObject::JSGlobalObjectRareData::JSGlobalObjectRareData):
51685 (JSC::JSGlobalObject::createRareDataIfNeeded):
51686 (JSC::JSGlobalObject::setProfileGroup):
51687 (JSC::JSGlobalObject::profileGroup):
51688 (JSC::JSGlobalObject::registerWeakMap):
51689 (JSC::JSGlobalObject::deregisterWeakMap):
51691 2011-07-30 Balazs Kelemen <kbalazs@webkit.org>
51693 MessageQueue::waitForMessageFilteredWithTimeout can triggers an assertion
51694 https://bugs.webkit.org/show_bug.cgi?id=65263
51696 Reviewed by Dmitry Titov.
51699 (WTF::::operator): Don't check the validity of an iterator
51700 that will be reassigned right now.
51701 * wtf/MessageQueue.h:
51702 (WTF::::removeIf): Revert r51198 as I beleave this is the better
51703 solution for the problem that was solved by that.
51705 2011-07-29 Filip Pizlo <fpizlo@apple.com>
51707 JSC GC zombie support no longer works, and is likely no longer needed.
51708 https://bugs.webkit.org/show_bug.cgi?id=65404
51710 Reviewed by Darin Adler.
51712 This removes zombies, because they no longer work, are not tested, are
51713 probably not needed, and are getting in the way of GC optimization
51716 * JavaScriptCore.xcodeproj/project.pbxproj:
51718 (JSC::HandleConverter::operator->):
51719 (JSC::HandleConverter::operator*):
51720 * heap/HandleHeap.cpp:
51721 (JSC::HandleHeap::isValidWeakNode):
51723 (JSC::Heap::destroy):
51724 (JSC::Heap::collect):
51725 * heap/MarkedBlock.cpp:
51726 (JSC::MarkedBlock::sweep):
51727 * heap/MarkedBlock.h:
51728 (JSC::MarkedBlock::clearMarks):
51729 * interpreter/Register.h:
51730 (JSC::Register::Register):
51731 (JSC::Register::operator=):
51732 * runtime/ArgList.h:
51733 (JSC::MarkedArgumentBuffer::append):
51734 (JSC::ArgList::ArgList):
51735 * runtime/JSCell.cpp:
51737 * runtime/JSCell.h:
51738 * runtime/JSGlobalData.cpp:
51739 (JSC::JSGlobalData::JSGlobalData):
51740 (JSC::JSGlobalData::clearBuiltinStructures):
51741 * runtime/JSGlobalData.h:
51742 * runtime/JSValue.h:
51743 * runtime/JSValueInlineMethods.h:
51744 (JSC::JSValue::JSValue):
51745 * runtime/JSZombie.cpp: Removed.
51746 * runtime/JSZombie.h: Removed.
51747 * runtime/WriteBarrier.h:
51748 (JSC::WriteBarrierBase::setEarlyValue):
51749 (JSC::WriteBarrierBase::operator*):
51750 (JSC::WriteBarrierBase::setWithoutWriteBarrier):
51753 2011-07-29 Filip Pizlo <fpizlo@apple.com>
51755 DFG JIT verbose mode provides no details about predictions
51756 https://bugs.webkit.org/show_bug.cgi?id=65389
51758 Reviewed by Darin Adler.
51760 Added a print-out of the predictions to the IR dump, with names as follows:
51761 "p-bottom" = the parser made no predictions
51762 "p-int32" = the parser predicted int32
51763 ... (same for array, cell, double, number)
51764 "p-top" = the parser made conflicting predictions which will be ignored.
51766 * dfg/DFGGraph.cpp:
51767 (JSC::DFG::Graph::dump):
51769 (JSC::DFG::predictionToString):
51771 2011-07-29 Filip Pizlo <fpizlo@apple.com>
51773 DFG JIT does not have any way of undoing double speculation.
51774 https://bugs.webkit.org/show_bug.cgi?id=65334
51776 Reviewed by Gavin Barraclough.
51778 This adds code to do a branchConvertDoubleToInt on specualtion failure.
51779 This is performance-neutral on most benchmarks but does result in
51780 a slight improvement in Kraken.
51782 * dfg/DFGJITCompiler.cpp:
51783 (JSC::DFG::GeneralizedRegister::moveTo):
51784 (JSC::DFG::GeneralizedRegister::swapWith):
51785 (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
51786 (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
51787 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
51789 2011-07-29 Filip Pizlo <fpizlo@apple.com>
51791 Crash when opening docs.google.com
51792 https://bugs.webkit.org/show_bug.cgi?id=65327
51794 Reviewed by Gavin Barraclough.
51796 The speculative JIT was only checking whether a value is an array when
51797 we had already checked that it was, rather then when we hadn't.
51799 * dfg/DFGSpeculativeJIT.cpp:
51800 (JSC::DFG::SpeculativeJIT::compile):
51802 2011-07-28 Oliver Hunt <oliver@apple.com>
51804 *_list instructions are only used in one place, where the code is wrong.
51805 https://bugs.webkit.org/show_bug.cgi?id=65348
51807 Reviewed by Darin Adler.
51809 Simply remove the instructions and all users. Speeds up the interpreter
51810 slightly due to code motion, but otherwise has no effect (because none
51811 of the _list instructions are ever used).
51813 * bytecode/CodeBlock.cpp:
51814 (JSC::isPropertyAccess):
51815 (JSC::CodeBlock::dump):
51816 (JSC::CodeBlock::visitStructures):
51817 * bytecode/Instruction.h:
51818 * bytecode/Opcode.h:
51819 * interpreter/Interpreter.cpp:
51820 (JSC::Interpreter::privateExecute):
51822 (JSC::JIT::privateCompileMainPass):
51824 2011-07-28 Gavin Barraclough <barraclough@apple.com>
51826 https://bugs.webkit.org/show_bug.cgi?id=65325
51827 Performance tweak to parseInt
51829 Reviewed by Oliver Hunt.
51831 * runtime/JSGlobalObjectFunctions.cpp:
51832 (JSC::globalFuncParseInt):
51833 - This change may an existing optimization redundant,
51834 cleanup from Darin's comments, plus fix existing bugs.
51836 2011-07-28 Gavin Barraclough <barraclough@apple.com>
51838 https://bugs.webkit.org/show_bug.cgi?id=65325
51839 Performance tweak to parseInt
51841 Reviewed by Oliver Hunt.
51843 * runtime/JSGlobalObjectFunctions.cpp:
51844 (JSC::globalFuncParseInt):
51845 - parseInt applied to small positive numbers = floor.
51847 2011-07-28 Dan Bernstein <mitz@apple.com>
51851 * runtime/Executable.cpp:
51852 (JSC::FunctionExecutable::compileForCallInternal):
51854 2011-07-28 Kent Tamura <tkent@chromium.org>
51856 Improve StringImpl::stripWhiteSpace() and simplifyWhiteSpace().
51857 https://bugs.webkit.org/show_bug.cgi?id=65300
51859 Reviewed by Darin Adler.
51861 r91837 had performance regression of StringImpl::stripWhiteSpace()
51862 and simplifyWhiteSpace(). This changes the code so that compilers
51863 generates code equivalent to r91836 or piror.
51865 * wtf/text/StringImpl.cpp:
51866 (WTF::StringImpl::stripMatchedCharacters):
51867 A template member function for stripWhiteSpace(). This function takes a functor.
51868 (WTF::UCharPredicate):
51869 A functor for generic predicate for single UChar argument.
51870 (WTF::SpaceOrNewlinePredicate):
51871 A special functor for isSpaceOrNewline().
51872 (WTF::StringImpl::stripWhiteSpace):
51873 Use stripmatchedCharacters().
51874 (WTF::StringImpl::simplifyMatchedCharactersToSpace):
51875 A template member function for simplifyWhiteSpace().
51876 (WTF::StringImpl::simplifyWhiteSpace):
51877 Use simplifyMatchedCharactersToSpace().
51878 * wtf/text/StringImpl.h:
51880 2011-07-27 Dmitry Lomov <dslomov@google.com>
51882 [chromium] Turn on WTF_MULTIPLE_THREADS.
51883 https://bugs.webkit.org/show_bug.cgi?id=61017
51884 The patch turns on WTF_MULTIPLE_THREADS in chromium and
51885 pushes some relevant initializations from JSC::initializeThreading
51886 to WTF::initializeThreading.
51888 Reviewed by David Levin.
51890 * runtime/InitializeThreading.cpp:
51891 (JSC::initializeThreadingOnce):
51892 * wtf/FastMalloc.cpp:
51893 (WTF::isForbidden):
51894 (WTF::fastMallocForbid):
51895 (WTF::fastMallocAllow):
51897 * wtf/ThreadingPthreads.cpp:
51898 (WTF::initializeThreading):
51899 * wtf/ThreadingWin.cpp:
51900 (WTF::initializeThreading):
51901 * wtf/gtk/ThreadingGtk.cpp:
51902 (WTF::initializeThreading):
51903 * wtf/qt/ThreadingQt.cpp:
51904 (WTF::initializeThreading):
51906 2011-07-27 Mark Hahnenberg <mhahnenberg@apple.com>
51908 Remove operator new from JSCell
51909 https://bugs.webkit.org/show_bug.cgi?id=64999
51911 Reviewed by Oliver Hunt.
51913 Removed the implementation of operator new in JSCell, so any further uses
51914 will not successfully link. Also removed any remaining uses of operator new.
51916 * API/JSContextRef.cpp:
51917 * debugger/DebuggerActivation.h:
51918 (JSC::DebuggerActivation::create):
51919 * interpreter/Interpreter.cpp:
51920 (JSC::Interpreter::execute):
51921 (JSC::Interpreter::createExceptionScope):
51922 (JSC::Interpreter::privateExecute):
51923 * jit/JITStubs.cpp:
51924 (JSC::DEFINE_STUB_FUNCTION):
51925 * runtime/JSCell.h:
51926 * runtime/JSGlobalObject.h:
51927 (JSC::JSGlobalObject::create):
51928 * runtime/JSStaticScopeObject.h:
51929 (JSC::JSStaticScopeObject::create):
51930 (JSC::JSStaticScopeObject::JSStaticScopeObject):
51931 * runtime/StrictEvalActivation.h:
51932 (JSC::StrictEvalActivation::create):
51934 2011-07-27 Filip Pizlo <fpizlo@apple.com>
51936 DFG graph has no notion of double prediction.
51937 https://bugs.webkit.org/show_bug.cgi?id=65234
51939 Reviewed by Gavin Barraclough.
51941 Added the notion of PredictDouble, and PredictNumber, which is the least
51942 upper bound of PredictInt32 and PredictDouble. Least upper bound is
51943 defined as the bitwise-or of two predictions. Bottom is defined as 0,
51944 and Top is defined as all bits being set. Added the ability to explicitly
51945 distinguish between a node having had a prediction associated with it,
51946 and that prediction still being valid (i.e. no conflicting predictions
51947 have also been added). Used this to guard the speculative JIT from
51948 speculating Int32 in cases where the graph knows that the value is
51949 double, which currently only happens for GetLocal nodes on arguments
51950 which were double at compile-time.
51952 * dfg/DFGGraph.cpp:
51953 (JSC::DFG::Graph::predictArgumentTypes):
51955 (JSC::DFG::isCellPrediction):
51956 (JSC::DFG::isArrayPrediction):
51957 (JSC::DFG::isInt32Prediction):
51958 (JSC::DFG::isDoublePrediction):
51959 (JSC::DFG::isNumberPrediction):
51960 * dfg/DFGSpeculativeJIT.cpp:
51961 (JSC::DFG::SpeculativeJIT::compile):
51962 (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
51963 (JSC::DFG::SpeculativeJIT::initializeVariableTypes):
51964 * dfg/DFGSpeculativeJIT.h:
51965 (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
51967 2011-07-27 Gavin Barraclough <barraclough@apple.com>
51969 https://bugs.webkit.org/show_bug.cgi?id=65294
51970 DFG JIT - may speculate based on wrong arguments.
51972 Reviewed by Oliver Hunt
51974 In the case of a DFG compiled function calling to and compiling a second function that
51975 also compiles through the DFG JIT (i.e. compilation triggered with DFGOperations.cpp),
51976 we call compileFor passing the caller functions exec state, rather than the callee's.
51977 This may lead to mis-optimization, since the DFG compiler will example the exec state's
51978 arguments on the assumption that these will be passed to the callee - it is wanting the
51979 callee exec state, not the caller's exec state.
51981 Fixing this for all cases of compilation is tricksy, due to the way the numeric sort
51982 function is compiled, & the structure of the calls in the Interpreter::execute methods.
51983 Only fix for compilation from the JIT, in other calls don't speculate based on arguments
51986 * dfg/DFGOperations.cpp:
51987 * runtime/Executable.cpp:
51988 (JSC::tryDFGCompile):
51989 (JSC::tryDFGCompileFunction):
51990 (JSC::FunctionExecutable::compileForCallInternal):
51991 * runtime/Executable.h:
51992 (JSC::FunctionExecutable::compileForCall):
51993 (JSC::FunctionExecutable::compileFor):
51995 2011-07-27 Oliver Hunt <oliver@apple.com>
51997 Handle callback oriented JSONP
51998 https://bugs.webkit.org/show_bug.cgi?id=65271
52000 Reviewed by Gavin Barraclough.
52002 Handle the callback oriented versions of JSONP. The Literal parser
52003 now handles <Identifier> (. <Identifier>)* (jsonData).
52005 * interpreter/Interpreter.cpp:
52006 (JSC::Interpreter::execute):
52007 * runtime/LiteralParser.cpp:
52008 (JSC::LiteralParser::tryJSONPParse):
52009 (JSC::LiteralParser::Lexer::lex):
52010 * runtime/LiteralParser.h:
52012 2011-07-27 Stephanie Lewis <slewis@apple.com>
52014 Revert http://trac.webkit.org/changeset/90415.
52015 Caused a 5% sunspider regression in-browser.
52017 Unreviewed rollout.
52019 * bytecode/CodeBlock.cpp:
52020 (JSC::CodeBlock::visitAggregate):
52022 (JSC::Heap::collectAllGarbage):
52023 * heap/MarkStack.h:
52024 (JSC::MarkStack::MarkStack):
52025 * runtime/JSGlobalData.cpp:
52026 (JSC::JSGlobalData::releaseExecutableMemory):
52027 * runtime/RegExp.cpp:
52028 (JSC::RegExp::compile):
52029 (JSC::RegExp::invalidateCode):
52030 * runtime/RegExp.h:
52032 2011-07-27 Shinya Kawanaka <shinyak@google.com>
52034 Added an interface to take IsWhiteSpaceFunctionPtr.
52035 https://bugs.webkit.org/show_bug.cgi?id=57746
52037 Reviewed by Kent Tamura.
52039 * wtf/text/StringImpl.cpp:
52040 (WTF::StringImpl::stripWhiteSpace):
52041 Added an interface to take IsWhiteSpaceFunctionPtr.
52042 (WTF::StringImpl::simplifyWhiteSpace): ditto.
52043 * wtf/text/StringImpl.h:
52044 * wtf/text/WTFString.cpp:
52045 (WTF::String::stripWhiteSpace): ditto.
52046 (WTF::String::simplifyWhiteSpace): ditto.
52047 * wtf/text/WTFString.h:
52049 2011-07-27 Filip Pizlo <fpizlo@apple.com>
52051 DFG JIT speculation failure code performs incorrect conversions in
52052 the case where two registers need to be swapped.
52053 https://bugs.webkit.org/show_bug.cgi?id=65233
52055 Reviewed by Gavin Barraclough.
52057 * dfg/DFGJITCompiler.cpp:
52058 (JSC::DFG::GeneralizedRegister::swapWith):
52060 2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
52062 reduce and reduceRight bind callback's this to null rather than undefined
52063 https://bugs.webkit.org/show_bug.cgi?id=62264
52065 Reviewed by Oliver Hunt.
52067 Fixed Array.prototype.reduce and Array.prototype.reduceRight so that they behave correctly
52068 when calling the callback function without an argument for this, which means it should
52069 be undefined according to ES 15.4.4.21 and 15.4.4.22.
52071 * runtime/ArrayPrototype.cpp:
52072 (JSC::arrayProtoFuncReduce):
52073 (JSC::arrayProtoFuncReduceRight):
52075 2011-07-26 Filip Pizlo <fpizlo@apple.com>
52077 JSC command-line tool does not come with any facility for
52078 measuring time precisely.
52079 https://bugs.webkit.org/show_bug.cgi?id=65223
52081 Reviewed by Gavin Barraclough.
52083 Exposed WTF::currentTime() as currentTimePrecise().
52086 (GlobalObject::GlobalObject):
52087 (functionPreciseTime):
52089 2011-07-26 Filip Pizlo <fpizlo@apple.com>
52091 DFG speculative JIT never emits inline double comparisons, even when it
52092 would be obvious more efficient to do so.
52093 https://bugs.webkit.org/show_bug.cgi?id=65212
52095 Reviewed by Gavin Barraclough.
52097 This handles the obvious case of inlining double comparisons: it only addresses
52098 the speculative JIT, and only for fused compare/branch sequences. But it does
52099 handle the case where both operands are double (and there is no slow path),
52100 or where one operand is double and the other is unknown type (in which case it
52101 attempts to unbox the double, otherwise taking slow path). This is an 0.8%
52102 speed-up on SunSpider.
52104 * dfg/DFGSpeculativeJIT.cpp:
52105 (JSC::DFG::SpeculativeJIT::convertToDouble):
52106 (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
52107 (JSC::DFG::SpeculativeJIT::compare):
52108 (JSC::DFG::SpeculativeJIT::compile):
52109 * dfg/DFGSpeculativeJIT.h:
52110 (JSC::DFG::SpeculativeJIT::isRegisterDataFormatDouble):
52111 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
52113 2011-07-26 Filip Pizlo <fpizlo@apple.com>
52115 https://bugs.webkit.org/show_bug.cgi?id=64969
52116 DFG JIT generates inefficient code for speculation failures.
52118 Reviewed by Gavin Barraclough.
52120 This implements a speculation failure strategy where (1) values spilled on
52121 non-speculative but not spilled on speculative are spilled, (2) values that
52122 are in registers on both paths are rearranged without ever touching memory,
52123 and (3) values spilled on speculative but not spilled on non-speculative are
52126 The register shuffling is the most interesting part of this patch. It
52127 constructs a permutation graph for registers. Each node represents a
52128 register, and each directed edge corresponds to the register's value having
52129 to be moved to a different register as part of the shuffling. This is a
52130 directed graph where each node may only have 0 or 1 incoming edges, and
52131 0 or 1 outgoing edges. The algorithm then first finds maximal non-cyclic
52132 subgraphs where all nodes in the subgraph are reachable from a start node.
52133 Such subgraphs always resemble linked lists, and correspond to simply
52134 moving the value in the second-to-last register into the last register, and
52135 then moving the value in the third-to-last register into the second-to-last
52136 register, and so on. Once these subgraphs are taken care of, the remaining
52137 subgraphs are cycles, and are handled using either (a) conversion or no-op
52138 if the cycle involves one node, (b) swap if it involves two nodes, or (c)
52139 a cyclic shuffle involving a scratch register if there are three or more
52142 * dfg/DFGGenerationInfo.h:
52143 (JSC::DFG::needDataFormatConversion):
52144 * dfg/DFGJITCompiler.cpp:
52145 (JSC::DFG::GeneralizedRegister::GeneralizedRegister):
52146 (JSC::DFG::GeneralizedRegister::createGPR):
52147 (JSC::DFG::GeneralizedRegister::createFPR):
52148 (JSC::DFG::GeneralizedRegister::dump):
52149 (JSC::DFG::GeneralizedRegister::findInSpeculationCheck):
52150 (JSC::DFG::GeneralizedRegister::findInEntryLocation):
52151 (JSC::DFG::GeneralizedRegister::previousDataFormat):
52152 (JSC::DFG::GeneralizedRegister::nextDataFormat):
52153 (JSC::DFG::GeneralizedRegister::convert):
52154 (JSC::DFG::GeneralizedRegister::moveTo):
52155 (JSC::DFG::GeneralizedRegister::swapWith):
52156 (JSC::DFG::ShuffledRegister::ShuffledRegister):
52157 (JSC::DFG::ShuffledRegister::isEndOfNonCyclingPermutation):
52158 (JSC::DFG::ShuffledRegister::handleNonCyclingPermutation):
52159 (JSC::DFG::ShuffledRegister::handleCyclingPermutation):
52160 (JSC::DFG::ShuffledRegister::lookup):
52161 (JSC::DFG::lookupForRegister):
52162 (JSC::DFG::NodeToRegisterMap::Tuple::Tuple):
52163 (JSC::DFG::NodeToRegisterMap::NodeToRegisterMap):
52164 (JSC::DFG::NodeToRegisterMap::set):
52165 (JSC::DFG::NodeToRegisterMap::end):
52166 (JSC::DFG::NodeToRegisterMap::find):
52167 (JSC::DFG::NodeToRegisterMap::clear):
52168 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
52169 (JSC::DFG::JITCompiler::linkSpeculationChecks):
52170 * dfg/DFGJITCompiler.h:
52171 * dfg/DFGNonSpeculativeJIT.cpp:
52172 (JSC::DFG::EntryLocation::EntryLocation):
52173 * dfg/DFGNonSpeculativeJIT.h:
52174 * dfg/DFGSpeculativeJIT.cpp:
52175 (JSC::DFG::SpeculationCheck::SpeculationCheck):
52176 * dfg/DFGSpeculativeJIT.h:
52178 2011-07-26 Oliver Hunt <oliver@apple.com>
52180 Buffer overflow creating error messages for JSON.parse
52181 https://bugs.webkit.org/show_bug.cgi?id=65211
52183 Reviewed by Darin Adler.
52185 Parse string length to the UString constructor.
52187 * runtime/LiteralParser.cpp:
52188 (JSC::LiteralParser::parse):
52190 2011-07-26 Mark Hahnenberg <mhahnenberg@apple.com>
52192 Refactor automatically generated JS DOM bindings to replace operator new with static create methods
52193 https://bugs.webkit.org/show_bug.cgi?id=64732
52195 Reviewed by Oliver Hunt.
52197 Replacing the public constructors in the automatically generated JS DOM bindings with static
52198 create methods. JSByteArray is used by several of these bindings in WebCore.
52200 * JavaScriptCore.exp:
52201 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
52202 * runtime/JSByteArray.cpp:
52203 (JSC::JSByteArray::create):
52204 * runtime/JSByteArray.h:
52206 2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
52208 Unreviewed build fix for Qt/Linux.
52210 On platforms with no glib and gstreamer we should not build javascriptcore
52211 with the Glib support. This is related to http://trac.webkit.org/changeset/91752.
52215 2011-07-26 Juan C. Montemayor <jmont@apple.com>
52217 JSON errors should be informative
52218 https://bugs.webkit.org/show_bug.cgi?id=63339
52220 Added error messages to the JSON Parser.
52222 Reviewed by Oliver Hunt.
52224 * runtime/JSONObject.cpp:
52225 (JSC::JSONProtoFuncParse):
52226 * runtime/LiteralParser.cpp:
52227 (JSC::LiteralParser::Lexer::lex):
52228 (JSC::LiteralParser::Lexer::lexString):
52229 (JSC::LiteralParser::Lexer::lexNumber):
52230 (JSC::LiteralParser::parse):
52231 * runtime/LiteralParser.h:
52232 (JSC::LiteralParser::getErrorMessage):
52233 (JSC::LiteralParser::Lexer::sawError):
52234 (JSC::LiteralParser::Lexer::getErrorMessage):
52236 2011-07-26 Sheriff Bot <webkit.review.bot@gmail.com>
52238 Unreviewed, rolling out r91746.
52239 http://trac.webkit.org/changeset/91746
52240 https://bugs.webkit.org/show_bug.cgi?id=65180
52242 It broke SL build (Requested by Ossy on #webkit).
52244 * wtf/text/StringImpl.cpp:
52245 (WTF::StringImpl::stripWhiteSpace):
52246 (WTF::StringImpl::simplifyWhiteSpace):
52247 * wtf/text/StringImpl.h:
52248 * wtf/text/WTFString.cpp:
52249 * wtf/text/WTFString.h:
52251 2011-07-26 Alexis Menard <alexis.menard@openbossa.org>
52253 Reviewed by Andreas Kling.
52255 [Qt] Change default backend to use GStreamer on Linux and QuickTime on Mac.
52256 https://bugs.webkit.org/show_bug.cgi?id=63472
52258 Enable the bits needed for GStreamer only when QtMultimedia is not used.
52262 2011-07-26 Shinya Kawanaka <shinyak@google.com>
52264 Added an interface to take IsWhiteSpaceFunctionPtr.
52265 https://bugs.webkit.org/show_bug.cgi?id=57746
52267 Reviewed by Kent Tamura.
52269 * wtf/text/StringImpl.cpp:
52270 (WTF::StringImpl::stripWhiteSpace):
52271 Added an interface to take IsWhiteSpaceFunctionPtr.
52272 (WTF::StringImpl::simplifyWhiteSpace): ditto.
52273 * wtf/text/StringImpl.h:
52274 * wtf/text/WTFString.cpp:
52275 (WTF::String::stripWhiteSpace): ditto.
52276 (WTF::String::simplifyWhiteSpace): ditto.
52277 * wtf/text/WTFString.h:
52279 2011-07-25 Filip Pizlo <fpizlo@apple.com>
52281 DFG non-speculative JIT emits inefficient code for arithmetic
52282 involving two registers
52283 https://bugs.webkit.org/show_bug.cgi?id=65160
52285 Reviewed by Gavin Barraclough.
52287 The non-speculative JIT now emits inline code for double arithmetic, but
52288 still attempts integer arithmetic first. This is a speed-up on SunSpider
52289 (albeit a small one), and a large speed-up on Kraken.
52291 * dfg/DFGNonSpeculativeJIT.cpp:
52292 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
52294 2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
52296 [EFL] Build break with --debug after r89153.
52297 https://bugs.webkit.org/show_bug.cgi?id=65150
52299 Unreviewed build fix.
52301 * wtf/CMakeListsEfl.txt: Add missing libraries.
52303 2011-07-25 Filip Pizlo <fpizlo@apple.com>
52305 DFG non-speculative JIT emits obviously inefficient code for arithmetic
52306 where one operand is a constant.
52307 https://bugs.webkit.org/show_bug.cgi?id=65146
52309 Reviewed by Gavin Barraclough.
52311 Changed the code to emit double arithmetic inline.
52313 * dfg/DFGNonSpeculativeJIT.cpp:
52314 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
52316 2011-07-25 Filip Pizlo <fpizlo@apple.com>
52318 DFG JIT bytecode parser misuses pointers into objects allocated as part of a
52320 https://bugs.webkit.org/show_bug.cgi?id=65128
52322 Reviewed by Gavin Barraclough.
52324 The bytecode parser code seems to be right to have a DFGNode& phiNode reference
52325 into the graph, since this makes the code greatly more readable. This patch
52326 thus makes the minimal change necessary to make the code right: it uses a
52327 pointer (to disambiguate between reloading the pointer and performing a
52328 copy from one location of the vector to another) and reloads it after the
52329 calls to addToGraph().
52331 * dfg/DFGByteCodeParser.cpp:
52332 (JSC::DFG::ByteCodeParser::processPhiStack):
52334 2011-07-25 Sheriff Bot <webkit.review.bot@gmail.com>
52336 Unreviewed, rolling out r91686.
52337 http://trac.webkit.org/changeset/91686
52338 https://bugs.webkit.org/show_bug.cgi?id=65144
52340 1.5% regression in JSC (Requested by jmontemayor on #webkit).
52342 * runtime/JSONObject.cpp:
52343 (JSC::JSONProtoFuncParse):
52344 * runtime/LiteralParser.cpp:
52345 (JSC::LiteralParser::Lexer::lex):
52346 (JSC::LiteralParser::Lexer::lexString):
52347 (JSC::LiteralParser::Lexer::lexNumber):
52348 (JSC::LiteralParser::parse):
52349 * runtime/LiteralParser.h:
52351 2011-07-25 Jon Lee <jonlee@apple.com>
52353 Assertion called in ExecutableBase::generatedJITCodeForCall() when JIT is not available
52354 https://bugs.webkit.org/show_bug.cgi?id=65132
52355 <rdar://problem/9836297>
52357 Reviewed by Oliver Hunt.
52359 Make sure the JIT is available to use before running the following calls:
52361 * bytecode/CodeBlock.cpp:
52362 (JSC::CodeBlock::unlinkCalls): Added check, return early if JIT is not available.
52363 * bytecode/CodeBlock.h:
52364 (JSC::CodeBlock::addMethodCallLinkInfos): Added assertion.
52366 2011-07-25 Juan C. Montemayor <jmont@apple.com>
52368 JSON errors should be informative
52369 https://bugs.webkit.org/show_bug.cgi?id=63339
52371 Added error messages to the JSON Parser.
52373 Reviewed by Oliver Hunt.
52375 * runtime/JSONObject.cpp:
52376 (JSC::JSONProtoFuncParse):
52377 * runtime/LiteralParser.cpp:
52378 (JSC::LiteralParser::Lexer::lex):
52379 (JSC::LiteralParser::Lexer::lexString):
52380 (JSC::LiteralParser::Lexer::lexNumber):
52381 (JSC::LiteralParser::parse):
52382 * runtime/LiteralParser.h:
52383 (JSC::LiteralParser::getErrorMessage):
52384 (JSC::LiteralParser::Lexer::sawError):
52385 (JSC::LiteralParser::Lexer::getErrorMessage):
52387 2011-07-25 Filip Pizlo <fpizlo@apple.com>
52389 X86-64 assembler emits three instructions instead of two for certain
52391 https://bugs.webkit.org/show_bug.cgi?id=65095
52393 Reviewed by Gavin Barraclough.
52395 Simply made these four methods in the assembler use the scratch register,
52396 which they were previously avoiding. It still optimizes for the case where
52397 an absolute address memory accesses is using EAX. This results in a slight
52398 performance improvement.
52400 * assembler/MacroAssemblerX86_64.h:
52401 (JSC::MacroAssemblerX86_64::load32):
52402 (JSC::MacroAssemblerX86_64::store32):
52403 (JSC::MacroAssemblerX86_64::loadPtr):
52404 (JSC::MacroAssemblerX86_64::storePtr):
52406 2011-07-25 Ryuan Choi <ryuan.choi@samsung.com>
52408 [EFL] Implement EFL-specific current time and monotonicallyIncreasingTime.
52409 https://bugs.webkit.org/show_bug.cgi?id=64354
52411 Use ecore_time_unix_get which returns unix time as double type for currentTime
52412 and ecore_time_get which uses monotonic clock for monotonicallyIncreasingTime.
52414 Reviewed by Kent Tamura.
52416 * wtf/CurrentTime.cpp:
52417 (WTF::currentTime):
52418 (WTF::monotonicallyIncreasingTime):
52420 2011-07-22 Sommer Panage <panage@apple.com>
52422 Reviewed by Oliver Hunt.
52424 export JSContextCreateBacktrace as SPI in JSContextRefPrivate.h
52425 https://bugs.webkit.org/show_bug.cgi?id=64981
52427 UIAutomation for iOS would like to support a Javascript backtrace in our error logs.
52428 Currently, the C API does not provide the tools to do this. However, the private API
52429 does expose the necessary functionality to get a backtrace
52430 (via Interpreter::retrieveLastCaller). We recognize this information may result in
52431 failure in the cases of programs run by 'eval', stack frames beneath host function
52432 call frames, and in programs run from other programs. Thus, we propose exporting our
52433 JSContextCreateBacktrace in JSContextRefPrivate.h. This will provide us with the tools
52434 we need while not advertising an API that isn't really ready for full use.
52436 * API/JSContextRef.cpp:
52437 * API/JSContextRefPrivate.h:
52438 * JavaScriptCore.exp:
52441 2011-07-22 Gavin Barraclough <barraclough@apple.com>
52443 https://bugs.webkit.org/show_bug.cgi?id=65051
52444 DFG JIT - Enable by default for mac platform on x86-64.
52446 Rubber Stamped by Geoff Garen.
52448 This is now a performance progression.
52451 - Removed definition of ENABLE_DFG_JIT_RESTRICTIONS.
52453 2011-07-22 Gavin Barraclough <barraclough@apple.com>
52455 https://bugs.webkit.org/show_bug.cgi?id=65047
52456 DFG JIT - Add support for op_resolve/op_resolve_base
52458 Reviewed by Sam Weinig.
52460 These are necessary for any significant eval code coverage
52461 (and as such increase LayoutTest coverage).
52463 * dfg/DFGAliasTracker.h:
52464 (JSC::DFG::AliasTracker::recordResolve):
52465 - Conservatively blow aliasing optimizations for now.
52466 * dfg/DFGByteCodeParser.cpp:
52467 (JSC::DFG::ByteCodeParser::parseBlock):
52468 - Add support for op_resolve/op_resolve_base.
52469 * dfg/DFGJITCodeGenerator.h:
52470 (JSC::DFG::JITCodeGenerator::callOperation):
52471 - Add call with exec, identifer aguments.
52473 - Add new node types.
52474 (JSC::DFG::Node::hasIdentifier):
52475 - Resolve nodes have identifiers, too!
52476 * dfg/DFGNonSpeculativeJIT.cpp:
52477 (JSC::DFG::NonSpeculativeJIT::compile):
52478 - Add generation for new Nodes.
52479 * dfg/DFGOperations.cpp:
52480 * dfg/DFGOperations.h:
52481 - Added new operations.
52482 * dfg/DFGSpeculativeJIT.cpp:
52483 (JSC::DFG::SpeculativeJIT::compile):
52484 - Add generation for new Nodes.
52486 2011-07-22 Gavin Barraclough <barraclough@apple.com>
52488 https://bugs.webkit.org/show_bug.cgi?id=65036
52489 Messing with the register allocation within flow control = badness.
52491 Reviewed by Sam Weinig.
52493 * dfg/DFGNonSpeculativeJIT.cpp:
52494 (JSC::DFG::NonSpeculativeJIT::compile):
52495 - Fix register allocation.
52497 2011-07-22 Mark Hahnenberg <mhahnenberg@apple.com>
52499 Date.prototype.toISOString doesn't handle negative years or years > 9999 correctly.
52500 https://bugs.webkit.org/show_bug.cgi?id=63986
52502 Reviewed by Geoffrey Garen.
52504 Changed the implementation of Date.prototype.toISOString() to use the extended year
52505 format (+/-yyyyyy) for years outside of [0,9999] to be in compliance with ES 15.9.1.15.1.
52507 * runtime/DatePrototype.cpp:
52508 (JSC::dateProtoFuncToISOString):
52510 2011-07-21 Gavin Barraclough <barraclough@apple.com>
52514 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
52516 2011-07-21 Ryosuke Niwa <rniwa@webkit.org>
52518 Build fix after r91555.
52520 * JavaScriptCore.exp:
52522 2011-07-21 Gavin Barraclough <barraclough@apple.com>
52524 https://bugs.webkit.org/show_bug.cgi?id=19271
52525 eliminate PIC branches by changing NaN handling in JSValue::toNumber
52527 Reviewed by Sam Weinig.
52529 Moving the non-numeric cases out of line seems to be a consistent
52530 win on SunSpider for me, to the order of about 0.5%.
52532 * runtime/JSCell.h:
52533 (JSC::JSCell::JSValue::toNumber):
52534 - Changed to only handle values that are already numbers, moce non-numeric cases out of line.
52535 * runtime/JSValue.cpp:
52536 (JSC::JSValue::toNumberSlowCase):
52537 - Added toNumberSlowCase, handling non-numeric cases.
52538 * runtime/JSValue.h:
52539 - Add declaration of toNumberSlowCase.
52541 2011-07-21 Gavin Barraclough <barraclough@apple.com>
52543 https://bugs.webkit.org/show_bug.cgi?id=64875
52544 Use of `yield` keyword is broken
52546 Reviewed by Sam Weinig.
52548 * parser/Lexer.cpp:
52549 (JSC::Lexer::parseIdentifier):
52550 - The bug here is that a successful match of a RESERVED_IF_STRICT token from
52551 parseKeyword is being nullified back to IDENT. The problem is that in the
52552 case of IDENT matches parseKeyword should not move the lexer's input
52553 position, but in the case of RESERVED_IF_STRICT it has done so.
52555 2011-07-21 Gavin Barraclough <barraclough@apple.com>
52557 https://bugs.webkit.org/show_bug.cgi?id=64900
52558 Function.prototype.apply should accept an array-like object as its second argument
52560 Reviewed by Sam Weinig.
52562 * interpreter/Interpreter.cpp:
52563 (JSC::Interpreter::privateExecute):
52564 * jit/JITStubs.cpp:
52565 (JSC::DEFINE_STUB_FUNCTION):
52566 * runtime/FunctionPrototype.cpp:
52567 (JSC::functionProtoFuncApply):
52568 - Remove the type error if object is not an array.
52570 2011-07-21 Gavin Barraclough <barraclough@apple.com>
52572 https://bugs.webkit.org/show_bug.cgi?id=64964
52573 DFG JIT - Enable support for eval code
52575 Reviewed by Sam Weinig.
52577 This is basically the same as program code, to the JIT!
52579 * bytecode/Opcode.cpp:
52580 * bytecode/Opcode.h:
52581 - Enable opcodeNames in !NDEBUG builds.
52582 * dfg/DFGOperations.cpp:
52583 - Fix a bug exposed by eval support, throw correct type error for new.
52584 * runtime/Executable.cpp:
52585 (JSC::EvalExecutable::compileInternal):
52586 - Enable DFG JIT for eval code.
52588 2011-07-20 Sheriff Bot <webkit.review.bot@gmail.com>
52590 Unreviewed, rolling out r91380.
52591 http://trac.webkit.org/changeset/91380
52592 https://bugs.webkit.org/show_bug.cgi?id=64924
52594 Caused assertion failures in Chromium's IndexedDB tests
52595 (Requested by rniwa on #webkit).
52597 * wtf/ThreadIdentifierDataPthreads.cpp:
52598 (WTF::ThreadIdentifierData::identifier):
52599 (WTF::ThreadIdentifierData::initialize):
52600 (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
52601 (WTF::ThreadIdentifierData::initializeKeyOnce):
52602 * wtf/ThreadIdentifierDataPthreads.h:
52603 * wtf/ThreadingPthreads.cpp:
52604 (WTF::initializeThreading):
52606 2011-07-20 Filip Pizlo <fpizlo@apple.com>
52608 DFG non-speculative JIT does not use() the aliased GetByVal,
52609 resulting in bloated use counts.
52610 https://bugs.webkit.org/show_bug.cgi?id=64911
52612 Reviewed by Gavin Barraclough.
52614 Inserted a call to use() for the aliased GetByVal.
52616 * dfg/DFGNonSpeculativeJIT.cpp:
52617 (JSC::DFG::NonSpeculativeJIT::compile):
52619 2011-07-20 Gavin Barraclough <barraclough@apple.com>
52621 https://bugs.webkit.org/show_bug.cgi?id=64909
52622 DFG JIT - Missing ToInt32 conversions for double constants.
52624 Reviewed by Sam Weinig.
52626 * dfg/DFGByteCodeParser.cpp:
52627 (JSC::DFG::ByteCodeParser::toInt32):
52628 - We cannot trivially omit ToInt32 conversions on double constants.
52630 2011-07-20 Filip Pizlo <fpizlo@apple.com>
52632 DFG speculative JIT sometimes claims to use compare operands twice, leading to
52633 use count corruption.
52634 https://bugs.webkit.org/show_bug.cgi?id=64903
52636 Reviewed by Gavin Barraclough.
52638 Move the calls to use() in SpeculativeJIT::compare() so that they only happen
52639 if the JITCodeGenerator's helper method (which also calls use()) is not called.
52641 * dfg/DFGSpeculativeJIT.cpp:
52642 (JSC::DFG::SpeculativeJIT::compare):
52644 2011-07-20 Oliver Hunt <oliver@apple.com>
52646 Don't throw away code when JSGarbageCollect API is called
52647 https://bugs.webkit.org/show_bug.cgi?id=64894
52649 Reviewed by Sam Weinig.
52651 Just call collectAllGarbage. That will clean up all unneeded
52652 code without causing any pathological recompilation problems.
52655 (JSGarbageCollect):
52657 2011-07-20 Oliver Hunt <oliver@apple.com>
52659 Codeblock doesn't visit cached structures in global resolve instructions
52660 https://bugs.webkit.org/show_bug.cgi?id=64889
52662 Reviewed by Sam Weinig.
52664 Visit the global resolve instructions. This fixes a couple
52665 of random crashes seen in the jquery tests when using the
52668 * bytecode/CodeBlock.cpp:
52669 (JSC::CodeBlock::visitAggregate):
52671 2011-07-20 James Robinson <jamesr@chromium.org>
52673 Revert worker and WebKit2 runloops to use currentTime() for scheduling instead of the monotonic clock
52674 https://bugs.webkit.org/show_bug.cgi?id=64841
52676 Reviewed by Mark Rowe.
52678 http://trac.webkit.org/changeset/91206 converted most of WebKit's deferred work scheduling to using the
52679 monotonic clock instead of WTF::currentTime(). This broke many plugin tests on WebKit2 for reasons that are
52680 unclear. This reverts everything except for WebCore::ThreadTimers back to the previous behavior.
52682 * wtf/ThreadingPthreads.cpp:
52683 (WTF::ThreadCondition::timedWait):
52684 * wtf/ThreadingWin.cpp:
52685 (WTF::absoluteTimeToWaitTimeoutInterval):
52686 * wtf/gtk/ThreadingGtk.cpp:
52687 (WTF::ThreadCondition::timedWait):
52688 * wtf/qt/ThreadingQt.cpp:
52689 (WTF::ThreadCondition::timedWait):
52691 2011-07-14 David Levin <levin@chromium.org>
52693 currentThread is too slow!
52694 https://bugs.webkit.org/show_bug.cgi?id=64577
52696 Reviewed by Darin Adler and Dmitry Titov.
52698 The problem is that currentThread results in a pthread_once call which always takes a lock.
52699 With this change, currentThread is 10% faster than isMainThread in release mode and only
52700 5% slower than isMainThread in debug.
52702 * wtf/ThreadIdentifierDataPthreads.cpp:
52703 (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
52704 which is no longer needed because this is called from initializeThreading().
52705 (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
52706 intialization of the pthread key should already be done.
52707 (WTF::ThreadIdentifierData::initialize): Ditto.
52708 * wtf/ThreadIdentifierDataPthreads.h:
52709 * wtf/ThreadingPthreads.cpp:
52710 (WTF::initializeThreading): Acquire the pthread key here.
52712 2011-07-20 Mark Rowe <mrowe@apple.com>
52714 Fix the 32-bit build.
52716 * runtime/ObjectPrototype.cpp:
52717 (JSC::objectProtoFuncToString):
52719 2011-07-19 Gavin Barraclough <barraclough@apple.com>
52721 https://bugs.webkit.org/show_bug.cgi?id=64678
52722 Fix bugs in Object.prototype this handling.
52724 Reviewed by Darin Adler.
52726 Fix ES5.1 correctness issues identified by Mads Ager.
52728 * runtime/ObjectPrototype.cpp:
52729 (JSC::objectProtoFuncToString):
52730 - ES5.1 expects toString of undefined/null to produce "[object Undefined]"/"[object Null]".
52732 2011-07-19 Mark Hahnenberg <mhahnenberg@apple.com>
52734 [JSC] WebKit allocates gigabytes of memory when doing repeated string concatenation
52735 https://bugs.webkit.org/show_bug.cgi?id=63918
52737 Reviewed by Darin Adler.
52739 When allocating JSStrings during concatenation, we needed to call the Heap's reportExtraMemoryCost
52740 method due to additional string copying within several of the constructors when dealing with
52741 UStrings. This has been added to the UString version of the appendStringInConstruct method
52742 within the JSString class.
52744 * runtime/JSString.h:
52745 (JSC::RopeBuilder::JSString):
52746 (JSC::RopeBuilder::appendStringInConstruct):
52748 2011-07-19 Gavin Barraclough <barraclough@apple.com>
52750 https://bugs.webkit.org/show_bug.cgi?id=64679
52751 Fix bugs in Array.prototype this handling.
52753 Reviewed by Oliver Hunt.
52755 * runtime/ArrayPrototype.cpp:
52756 (JSC::arrayProtoFuncJoin):
52757 (JSC::arrayProtoFuncConcat):
52758 (JSC::arrayProtoFuncPop):
52759 (JSC::arrayProtoFuncPush):
52760 (JSC::arrayProtoFuncReverse):
52761 (JSC::arrayProtoFuncShift):
52762 (JSC::arrayProtoFuncSlice):
52763 (JSC::arrayProtoFuncSort):
52764 (JSC::arrayProtoFuncSplice):
52765 (JSC::arrayProtoFuncUnShift):
52766 (JSC::arrayProtoFuncFilter):
52767 (JSC::arrayProtoFuncMap):
52768 (JSC::arrayProtoFuncEvery):
52769 (JSC::arrayProtoFuncForEach):
52770 (JSC::arrayProtoFuncSome):
52771 (JSC::arrayProtoFuncReduce):
52772 (JSC::arrayProtoFuncReduceRight):
52773 (JSC::arrayProtoFuncIndexOf):
52774 (JSC::arrayProtoFuncLastIndexOf):
52775 - These methods should throw if this value is undefined.
52777 2011-07-19 Gavin Barraclough <barraclough@apple.com>
52779 https://bugs.webkit.org/show_bug.cgi?id=64677
52780 Fix bugs in String.prototype this handling.
52782 Reviewed by Oliver Hunt.
52784 undefined/null this values should throw TypeErrors, not convert to
52785 the global object, and primitive values should not be converted via
52788 * runtime/StringPrototype.cpp:
52789 (JSC::stringProtoFuncReplace):
52790 (JSC::stringProtoFuncCharAt):
52791 (JSC::stringProtoFuncCharCodeAt):
52792 (JSC::stringProtoFuncIndexOf):
52793 (JSC::stringProtoFuncLastIndexOf):
52794 (JSC::stringProtoFuncMatch):
52795 (JSC::stringProtoFuncSearch):
52796 (JSC::stringProtoFuncSlice):
52797 (JSC::stringProtoFuncSplit):
52798 (JSC::stringProtoFuncSubstr):
52799 (JSC::stringProtoFuncSubstring):
52800 (JSC::stringProtoFuncToLowerCase):
52801 (JSC::stringProtoFuncToUpperCase):
52802 (JSC::stringProtoFuncLocaleCompare):
52803 (JSC::stringProtoFuncBig):
52804 (JSC::stringProtoFuncSmall):
52805 (JSC::stringProtoFuncBlink):
52806 (JSC::stringProtoFuncBold):
52807 (JSC::stringProtoFuncFixed):
52808 (JSC::stringProtoFuncItalics):
52809 (JSC::stringProtoFuncStrike):
52810 (JSC::stringProtoFuncSub):
52811 (JSC::stringProtoFuncSup):
52812 (JSC::stringProtoFuncFontcolor):
52813 (JSC::stringProtoFuncFontsize):
52814 (JSC::stringProtoFuncAnchor):
52815 (JSC::stringProtoFuncLink):
52817 - These methods should throw if this value is undefined,
52818 convert ToString directly, not via ToObject.
52820 2011-07-19 Filip Pizlo <fpizlo@apple.com>
52822 DFG JIT sometimes emits spill code even when the respective values
52824 https://bugs.webkit.org/show_bug.cgi?id=64774
52826 Reviewed by Gavin Barraclough.
52828 The main high-level change is that it is now easier to call use() on a
52829 virtual register. JSValueOperand and its other-typed relatives now have
52830 a handy use() method, and jsValueResult() and friends now make it easier to
52831 pass UseChildrenCalledExplicitly.
52833 The rest of this patch hoists the call to use() as high as possible for
52834 all of those cases where either flushRegisters() or silentSpillAllRegisters()
52837 * dfg/DFGJITCodeGenerator.cpp:
52838 (JSC::DFG::JITCodeGenerator::cachedGetById):
52839 (JSC::DFG::JITCodeGenerator::cachedGetMethod):
52840 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
52841 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
52842 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
52843 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
52844 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
52845 (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
52846 (JSC::DFG::JITCodeGenerator::emitBranch):
52847 * dfg/DFGJITCodeGenerator.h:
52848 (JSC::DFG::JITCodeGenerator::use):
52849 (JSC::DFG::JITCodeGenerator::integerResult):
52850 (JSC::DFG::JITCodeGenerator::jsValueResult):
52851 (JSC::DFG::IntegerOperand::use):
52852 (JSC::DFG::DoubleOperand::use):
52853 (JSC::DFG::JSValueOperand::use):
52854 * dfg/DFGNonSpeculativeJIT.cpp:
52855 (JSC::DFG::NonSpeculativeJIT::valueToNumber):
52856 (JSC::DFG::NonSpeculativeJIT::valueToInt32):
52857 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
52858 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
52859 (JSC::DFG::NonSpeculativeJIT::compile):
52860 * dfg/DFGSpeculativeJIT.cpp:
52861 (JSC::DFG::SpeculativeJIT::compile):
52862 * dfg/DFGSpeculativeJIT.h:
52863 (JSC::DFG::SpeculateStrictInt32Operand::use):
52864 (JSC::DFG::SpeculateCellOperand::use):
52866 2011-07-19 Xan Lopez <xlopez@igalia.com>
52868 ARMv7 backend broken, lacks 3 parameter rshift32 method
52869 https://bugs.webkit.org/show_bug.cgi?id=64571
52871 Reviewed by Zoltan Herczeg.
52873 * assembler/MacroAssemblerARMv7.h:
52874 (JSC::MacroAssemblerARMv7::rshift32): add missing rshift32 method.
52876 2011-07-18 Filip Pizlo <fpizlo@apple.com>
52878 DFG JIT does not optimize strict equality as effectively as the old JIT does.
52879 https://bugs.webkit.org/show_bug.cgi?id=64759
52881 Reviewed by Gavin Barraclough.
52883 This adds a more complete set of strict equality optimizations. If either
52884 operand is known numeric, then the code reverts to the old style of optimizing
52885 (first try integer comparison). Otherwise it uses the old JIT's trick of
52886 first simultaneously checking if both operands are either numbers or cells;
52887 if not then a fast path is taken.
52889 * dfg/DFGJITCodeGenerator.cpp:
52890 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeStrictEq):
52891 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeStrictEq):
52892 (JSC::DFG::JITCodeGenerator::nonSpeculativeStrictEq):
52893 * dfg/DFGJITCodeGenerator.h:
52894 * dfg/DFGNonSpeculativeJIT.cpp:
52895 (JSC::DFG::NonSpeculativeJIT::compile):
52896 * dfg/DFGOperations.cpp:
52897 * dfg/DFGOperations.h:
52898 * dfg/DFGSpeculativeJIT.cpp:
52899 (JSC::DFG::SpeculativeJIT::compile):
52901 2011-07-18 Gavin Barraclough <barraclough@apple.com>
52903 https://bugs.webkit.org/show_bug.cgi?id=64760
52904 DFG JIT - Should be able to compile program code.
52906 Reviewed by Geoff Garen.
52908 Add support for op_end, hooks to compile program code in Executable.cpp.
52910 * dfg/DFGByteCodeParser.cpp:
52911 (JSC::DFG::ByteCodeParser::parseBlock):
52912 - Add support for op_end
52913 * dfg/DFGJITCompiler.cpp:
52914 (JSC::DFG::JITCompiler::compileEntry):
52915 (JSC::DFG::JITCompiler::compileBody):
52916 (JSC::DFG::JITCompiler::link):
52917 - Added, separate out steps of compileFunction.
52918 (JSC::DFG::JITCompiler::compile):
52919 - Added, compile program code.
52920 (JSC::DFG::JITCompiler::compileFunction):
52921 - Sections separated out to helper functions.
52922 * dfg/DFGJITCompiler.h:
52923 (JSC::DFG::JITCompiler::JITCompiler):
52924 - Added m_exceptionCheckCount.
52925 * runtime/Executable.cpp:
52926 (JSC::tryDFGCompile):
52927 (JSC::tryDFGCompileFunction):
52928 (JSC::ProgramExecutable::compileInternal):
52929 (JSC::FunctionExecutable::compileForCallInternal):
52930 - Renamed tryDFGCompile to tryDFGCompileFunction, added tryDFGCompile to compile program code.
52932 2011-07-18 Gavin Barraclough <barraclough@apple.com>
52934 https://bugs.webkit.org/show_bug.cgi?id=64678
52935 Fix bugs in Object.prototype this handling.
52937 Reviewed by Oliver Hunt.
52939 undefined/null this values should throw TypeErrors, not convert to the global object,
52940 also, to toLocaleString should be calling the ToObject & invoking the object's toString
52941 function, even for values that are already strings.
52943 * runtime/ObjectPrototype.cpp:
52944 (JSC::objectProtoFuncValueOf):
52945 (JSC::objectProtoFuncHasOwnProperty):
52946 (JSC::objectProtoFuncIsPrototypeOf):
52947 (JSC::objectProtoFuncPropertyIsEnumerable):
52948 (JSC::objectProtoFuncToLocaleString):
52949 (JSC::objectProtoFuncToString):
52951 2011-07-18 Filip Pizlo <fpizlo@apple.com>
52953 JSC GC lazy sweep does not inline the common cases of cell destruction.
52954 https://bugs.webkit.org/show_bug.cgi?id=64745
52956 Reviewed by Oliver Hunt.
52958 This inlines the case of JSFinalObject destruction.
52960 * heap/MarkedBlock.cpp:
52961 (JSC::MarkedBlock::lazySweep):
52963 2011-07-18 Oliver Hunt <oliver@apple.com>
52965 Interpreter build-fix
52967 * interpreter/Interpreter.cpp:
52968 (JSC::Interpreter::privateExecute):
52970 2011-07-18 Filip Pizlo <fpizlo@apple.com>
52972 DFG JIT does not optimize equal-null comparisons and branches.
52973 https://bugs.webkit.org/show_bug.cgi?id=64659
52975 Reviewed by Gavin Barraclough.
52977 Added a peephole-aware compare-to-null implementation to JITCodeGenerator,
52978 which is used by both the speculative and non-speculative JIT. Through
52979 the use of the new isNullConstant helper, the two JITs invoke the
52980 nonSpecualtiveCompareNull() helper instead of their regular comparison
52981 helpers when compiling CompareEq. Through the use of the new isKnownCell
52982 helper, the compare-null code will skip the is-a-cell check if the
52983 speculative JIT had been speculating cell.
52985 * dfg/DFGJITCodeGenerator.cpp:
52986 (JSC::DFG::JITCodeGenerator::isKnownCell):
52987 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompareNull):
52988 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranchNull):
52989 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompareNull):
52990 * dfg/DFGJITCodeGenerator.h:
52991 (JSC::DFG::JITCodeGenerator::isNullConstant):
52992 * dfg/DFGNonSpeculativeJIT.cpp:
52993 (JSC::DFG::NonSpeculativeJIT::compile):
52994 * dfg/DFGOperations.cpp:
52995 * dfg/DFGSpeculativeJIT.cpp:
52996 (JSC::DFG::SpeculativeJIT::compile):
52998 2011-07-18 James Robinson <jamesr@chromium.org>
53000 Timer scheduling should be based off the monotonic clock
53001 https://bugs.webkit.org/show_bug.cgi?id=64544
53003 Reviewed by Darin Adler.
53005 Switches ThreadCondition::timedWait and related utility functions from currentTime() to
53006 monotonicallyIncreasingTime().
53008 Add WTF::monotonicallyIncreasingTime() to list of exported functions so it can be accessed from WebCore/WebKit.
53010 * JavaScriptCore.exp:
53011 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
53012 * wtf/ThreadingPthreads.cpp:
53013 (WTF::ThreadCondition::timedWait):
53014 * wtf/ThreadingWin.cpp:
53015 (WTF::absoluteTimeToWaitTimeoutInterval):
53016 * wtf/gtk/ThreadingGtk.cpp:
53017 (WTF::ThreadCondition::timedWait):
53018 * wtf/qt/ThreadingQt.cpp:
53019 (WTF::ThreadCondition::timedWait):
53021 2011-07-18 Filip Pizlo <fpizlo@apple.com>
53023 JSC JIT does not inline GC allocation fast paths
53024 https://bugs.webkit.org/show_bug.cgi?id=64582
53026 Reviewed by Oliver Hunt.
53028 This addresses inlining allocation for the easiest-to-allocate cases:
53029 op_new_object and op_create_this. Inlining GC allocation fast paths
53030 required three changes. First, the JSGlobalData now saves the vtable
53031 pointer of JSFinalObject, since that's what op_new_object and
53032 op_create_this allocate. Second, the Heap exposes a reference to
53033 the appropriate SizeClass, so that the JIT may inline accesses
53034 directly to the SizeClass for JSFinalObject allocations. And third,
53035 the JIT is extended with code to emit inline fast paths for GC
53036 allocation. A stub call is emitted in the case where the inline fast
53040 (JSC::Heap::sizeClassFor):
53041 (JSC::Heap::allocate):
53043 (JSC::JIT::privateCompileSlowCases):
53045 * jit/JITInlineMethods.h:
53046 (JSC::JIT::emitAllocateJSFinalObject):
53047 * jit/JITOpcodes.cpp:
53048 (JSC::JIT::emit_op_new_object):
53049 (JSC::JIT::emitSlow_op_new_object):
53050 (JSC::JIT::emit_op_create_this):
53051 (JSC::JIT::emitSlow_op_create_this):
53052 * jit/JITOpcodes32_64.cpp:
53053 (JSC::JIT::emit_op_new_object):
53054 (JSC::JIT::emitSlow_op_new_object):
53055 (JSC::JIT::emit_op_create_this):
53056 (JSC::JIT::emitSlow_op_create_this):
53057 * runtime/JSGlobalData.cpp:
53058 (JSC::JSGlobalData::storeVPtrs):
53059 * runtime/JSGlobalData.h:
53060 * runtime/JSObject.h:
53061 (JSC::JSFinalObject::JSFinalObject):
53062 (JSC::JSObject::offsetOfInheritorID):
53064 2011-07-18 Mark Hahnenberg <mhahnenberg@apple.com>
53066 Refactor JSC to replace JSCell::operator new with static create method
53067 https://bugs.webkit.org/show_bug.cgi?id=64466
53069 Reviewed by Oliver Hunt (oliver@apple.com) and Darin Adler (darin@apple.com).
53071 First step in a longer refactoring process to remove the use of
53072 operator new overloading in order to allocate GC objects and to replace
53073 this method with static create methods for each individual type of heap-allocated
53074 JS object. This particular patch only deals with replacing uses of
53075 operator new within JSC proper. Future patches will remove it from the
53076 parts that interface with the DOM. Due to the DOM's continued dependence
53077 on it, operator new has not actually been removed from JSCell.
53079 * API/JSCallbackConstructor.h:
53080 (JSC::JSCallbackConstructor::create):
53081 * API/JSCallbackFunction.h:
53082 (JSC::JSCallbackFunction::create):
53083 * API/JSCallbackObject.h:
53084 (JSC::JSCallbackObject::operator new):
53085 (JSC::JSCallbackObject::create):
53086 * API/JSCallbackObjectFunctions.h:
53087 (JSC::::staticFunctionGetter):
53088 * API/JSClassRef.cpp:
53089 (OpaqueJSClass::prototype):
53090 * API/JSContextRef.cpp:
53091 * API/JSObjectRef.cpp:
53093 (JSObjectMakeFunctionWithCallback):
53094 (JSObjectMakeConstructor):
53095 * JavaScriptCore.exp:
53096 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
53097 * bytecode/CodeBlock.cpp:
53098 (JSC::CodeBlock::createActivation):
53099 * bytecompiler/BytecodeGenerator.cpp:
53100 (JSC::BytecodeGenerator::BytecodeGenerator):
53101 * bytecompiler/BytecodeGenerator.h:
53102 (JSC::BytecodeGenerator::makeFunction):
53103 * bytecompiler/NodesCodegen.cpp:
53104 (JSC::RegExpNode::emitBytecode):
53105 * interpreter/Interpreter.cpp:
53106 (JSC::Interpreter::privateExecute):
53107 (JSC::Interpreter::retrieveArguments):
53108 * jit/JITStubs.cpp:
53109 (JSC::DEFINE_STUB_FUNCTION):
53111 (GlobalObject::create):
53112 (GlobalObject::GlobalObject):
53115 * runtime/Arguments.h:
53116 (JSC::Arguments::create):
53117 (JSC::Arguments::createNoParameters):
53118 * runtime/ArrayConstructor.cpp:
53119 (JSC::constructArrayWithSizeQuirk):
53120 * runtime/ArrayConstructor.h:
53121 (JSC::ArrayConstructor::create):
53122 * runtime/ArrayPrototype.cpp:
53123 (JSC::arrayProtoFuncSplice):
53124 * runtime/ArrayPrototype.h:
53125 (JSC::ArrayPrototype::create):
53126 * runtime/BooleanConstructor.cpp:
53127 (JSC::constructBoolean):
53128 (JSC::constructBooleanFromImmediateBoolean):
53129 * runtime/BooleanConstructor.h:
53130 (JSC::BooleanConstructor::create):
53131 * runtime/BooleanObject.h:
53132 (JSC::BooleanObject::create):
53133 * runtime/BooleanPrototype.h:
53134 (JSC::BooleanPrototype::create):
53135 * runtime/DateConstructor.cpp:
53136 (JSC::constructDate):
53137 * runtime/DateConstructor.h:
53138 (JSC::DateConstructor::create):
53139 * runtime/DateInstance.h:
53140 (JSC::DateInstance::create):
53141 * runtime/DatePrototype.h:
53142 (JSC::DatePrototype::create):
53143 * runtime/Error.cpp:
53144 (JSC::createError):
53145 (JSC::createEvalError):
53146 (JSC::createRangeError):
53147 (JSC::createReferenceError):
53148 (JSC::createSyntaxError):
53149 (JSC::createTypeError):
53150 (JSC::createURIError):
53151 (JSC::StrictModeTypeErrorFunction::create):
53152 (JSC::createTypeErrorFunction):
53153 * runtime/ErrorConstructor.h:
53154 (JSC::ErrorConstructor::create):
53155 * runtime/ErrorInstance.cpp:
53156 (JSC::ErrorInstance::ErrorInstance):
53157 (JSC::ErrorInstance::create):
53158 * runtime/ErrorInstance.h:
53159 * runtime/ErrorPrototype.cpp:
53160 (JSC::ErrorPrototype::ErrorPrototype):
53161 * runtime/ErrorPrototype.h:
53162 (JSC::ErrorPrototype::create):
53163 * runtime/ExceptionHelpers.cpp:
53164 (JSC::InterruptedExecutionError::InterruptedExecutionError):
53165 (JSC::InterruptedExecutionError::create):
53166 (JSC::createInterruptedExecutionException):
53167 (JSC::TerminatedExecutionError::TerminatedExecutionError):
53168 (JSC::TerminatedExecutionError::create):
53169 (JSC::createTerminatedExecutionException):
53170 * runtime/Executable.cpp:
53171 (JSC::FunctionExecutable::FunctionExecutable):
53172 (JSC::FunctionExecutable::fromGlobalCode):
53173 * runtime/Executable.h:
53174 (JSC::ExecutableBase::create):
53175 (JSC::NativeExecutable::create):
53176 (JSC::ScriptExecutable::ScriptExecutable):
53177 (JSC::EvalExecutable::create):
53178 (JSC::ProgramExecutable::create):
53179 (JSC::FunctionExecutable::create):
53180 (JSC::FunctionExecutable::make):
53181 * runtime/FunctionConstructor.cpp:
53182 (JSC::constructFunctionSkippingEvalEnabledCheck):
53183 * runtime/FunctionConstructor.h:
53184 (JSC::FunctionConstructor::create):
53185 * runtime/FunctionPrototype.cpp:
53186 (JSC::FunctionPrototype::addFunctionProperties):
53187 * runtime/FunctionPrototype.h:
53188 (JSC::FunctionPrototype::create):
53189 * runtime/GetterSetter.h:
53190 (JSC::GetterSetter::create):
53191 * runtime/JSAPIValueWrapper.h:
53192 (JSC::JSAPIValueWrapper::create):
53193 (JSC::jsAPIValueWrapper):
53194 * runtime/JSActivation.cpp:
53195 (JSC::JSActivation::argumentsGetter):
53196 * runtime/JSActivation.h:
53197 (JSC::JSActivation::create):
53198 * runtime/JSArray.h:
53199 (JSC::JSArray::create):
53200 * runtime/JSCell.h:
53201 (JSC::JSCell::allocateCell):
53202 * runtime/JSFunction.h:
53203 (JSC::JSFunction::create):
53204 * runtime/JSGlobalObject.cpp:
53205 (JSC::JSGlobalObject::init):
53206 (JSC::JSGlobalObject::reset):
53207 * runtime/JSGlobalObject.h:
53208 (JSC::constructEmptyArray):
53209 (JSC::constructArray):
53210 * runtime/JSNotAnObject.h:
53211 (JSC::JSNotAnObject::create):
53212 * runtime/JSONObject.h:
53213 (JSC::JSONObject::create):
53214 * runtime/JSObject.cpp:
53215 (JSC::JSObject::defineGetter):
53216 (JSC::JSObject::defineSetter):
53217 (JSC::putDescriptor):
53218 * runtime/JSObject.h:
53219 (JSC::JSFinalObject::create):
53220 * runtime/JSPropertyNameIterator.cpp:
53221 (JSC::JSPropertyNameIterator::create):
53222 * runtime/JSPropertyNameIterator.h:
53223 (JSC::JSPropertyNameIterator::create):
53224 * runtime/JSString.cpp:
53225 (JSC::JSString::substringFromRope):
53226 (JSC::JSString::replaceCharacter):
53227 (JSC::StringObject::create):
53228 * runtime/JSString.h:
53229 (JSC::RopeBuilder::JSString):
53230 (JSC::RopeBuilder::create):
53231 (JSC::RopeBuilder::createHasOtherOwner):
53232 (JSC::jsSingleCharacterString):
53233 (JSC::jsSingleCharacterSubstring):
53234 (JSC::jsNontrivialString):
53236 (JSC::jsSubstring):
53237 (JSC::jsOwnedString):
53238 * runtime/JSValue.cpp:
53239 (JSC::JSValue::toObjectSlowCase):
53240 (JSC::JSValue::synthesizeObject):
53241 (JSC::JSValue::synthesizePrototype):
53242 * runtime/Lookup.cpp:
53243 (JSC::setUpStaticFunctionSlot):
53244 * runtime/MathObject.h:
53245 (JSC::MathObject::create):
53246 * runtime/NativeErrorConstructor.cpp:
53247 (JSC::NativeErrorConstructor::NativeErrorConstructor):
53248 * runtime/NativeErrorConstructor.h:
53249 (JSC::NativeErrorConstructor::create):
53250 * runtime/NativeErrorPrototype.h:
53251 (JSC::NativeErrorPrototype::create):
53252 * runtime/NumberConstructor.cpp:
53253 (JSC::constructWithNumberConstructor):
53254 * runtime/NumberConstructor.h:
53255 (JSC::NumberConstructor::create):
53256 * runtime/NumberObject.cpp:
53257 (JSC::constructNumber):
53258 * runtime/NumberObject.h:
53259 (JSC::NumberObject::create):
53260 * runtime/NumberPrototype.h:
53261 (JSC::NumberPrototype::create):
53262 * runtime/ObjectConstructor.h:
53263 (JSC::ObjectConstructor::create):
53264 * runtime/ObjectPrototype.h:
53265 (JSC::ObjectPrototype::create):
53266 * runtime/Operations.h:
53268 * runtime/RegExp.cpp:
53269 (JSC::RegExp::RegExp):
53270 (JSC::RegExp::createWithoutCaching):
53271 (JSC::RegExp::create):
53272 * runtime/RegExp.h:
53273 * runtime/RegExpCache.cpp:
53274 (JSC::RegExpCache::lookupOrCreate):
53275 * runtime/RegExpConstructor.cpp:
53276 (JSC::RegExpConstructor::arrayOfMatches):
53277 (JSC::constructRegExp):
53278 * runtime/RegExpConstructor.h:
53279 (JSC::RegExpConstructor::create):
53280 * runtime/RegExpMatchesArray.h:
53281 (JSC::RegExpMatchesArray::create):
53282 * runtime/RegExpObject.h:
53283 (JSC::RegExpObject::create):
53284 * runtime/RegExpPrototype.cpp:
53285 (JSC::regExpProtoFuncCompile):
53286 * runtime/RegExpPrototype.h:
53287 (JSC::RegExpPrototype::create):
53288 * runtime/ScopeChain.h:
53289 (JSC::ScopeChainNode::create):
53290 (JSC::ScopeChainNode::push):
53291 * runtime/SmallStrings.cpp:
53292 (JSC::SmallStrings::createEmptyString):
53293 (JSC::SmallStrings::createSingleCharacterString):
53294 * runtime/StringConstructor.cpp:
53295 (JSC::constructWithStringConstructor):
53296 * runtime/StringConstructor.h:
53297 (JSC::StringConstructor::create):
53298 * runtime/StringObject.h:
53299 (JSC::StringObject::create):
53300 * runtime/StringObjectThatMasqueradesAsUndefined.h:
53301 (JSC::StringObjectThatMasqueradesAsUndefined::create):
53302 * runtime/StringPrototype.cpp:
53303 (JSC::stringProtoFuncMatch):
53304 (JSC::stringProtoFuncSearch):
53305 * runtime/StringPrototype.h:
53306 (JSC::StringPrototype::create):
53307 * runtime/Structure.h:
53308 (JSC::Structure::create):
53309 (JSC::Structure::createStructure):
53310 * runtime/StructureChain.h:
53311 (JSC::StructureChain::create):
53313 2011-07-17 Ryuan Choi <ryuan.choi@samsung.com>
53315 [EFL] Refactor scheduleDispatchFunctionsOnMainThread to fix crash.
53316 https://bugs.webkit.org/show_bug.cgi?id=64337
53318 Replace ecore_timer_add to Ecore_Pipe.
53319 This is needed because ecore_timer should not be called in a child thread,
53320 but in the main thread.
53322 Reviewed by Antonio Gomes.
53324 * wtf/efl/MainThreadEfl.cpp:
53326 (WTF::monitorDispatchFunctions):
53327 (WTF::initializeMainThreadPlatform):
53328 (WTF::scheduleDispatchFunctionsOnMainThread):
53330 2011-07-17 Filip Pizlo <fpizlo@apple.com>
53332 DFG JIT operationCompareEqual does not inline JSValue::equalSlowCaseInline.
53333 https://bugs.webkit.org/show_bug.cgi?id=64637
53335 Reviewed by Gavin Barraclough.
53337 * dfg/DFGOperations.cpp:
53339 2011-07-16 Gavin Barraclough <barraclough@apple.com>
53341 https://bugs.webkit.org/show_bug.cgi?id=64657
53342 Converted this value not preserved when accessed via direct eval.
53344 Reviewed by Oliver Hunt.
53346 Upon entry into a non-strict function, primitive this values should be boxed as Object types
53347 (or substituted with the global object) - which is done by op_convert_this. However we only
53348 do so where this is used lexically within the function (we omit the conversion op if not).
53349 The problem comes if a direct eval (running within the function's scope) accesses the this
53352 We are safe in the case of a single eval, since the this object will be converted within
53353 callEval, however the converted value is not preserved, and a new wrapper object is allocated
53354 each time eval is invoked. This is inefficient and incorrect, since any changes to the wrapper
53355 object will be lost between eval statements.
53357 * bytecompiler/BytecodeGenerator.cpp:
53358 (JSC::BytecodeGenerator::BytecodeGenerator):
53359 - If a function uses eval, we always need to convert this.
53360 * interpreter/Interpreter.cpp:
53361 (JSC::Interpreter::execute):
53362 - Don't convert primitive values here - this is too late!
53363 (JSC::Interpreter::privateExecute):
53364 - Changed op_convert_this to call new isPrimitive method.
53365 * jit/JITStubs.cpp:
53366 (JSC::DEFINE_STUB_FUNCTION):
53367 - Changed op_convert_this to call new isPrimitive method.
53368 * runtime/JSCell.h:
53369 (JSC::JSCell::JSValue::isPrimitive):
53370 - Added JSValue::isPrimitive.
53371 * runtime/JSValue.h:
53372 - Added JSValue::isPrimitive.
53374 2011-07-16 Filip Pizlo <fpizlo@apple.com>
53376 DFG JIT compare/branch code emits is-integer tests even when a value is
53377 definitely not an integer.
53378 https://bugs.webkit.org/show_bug.cgi?id=64654
53380 Reviewed by Gavin Barraclough.
53382 Added the isKnownNotInteger() method, which returns true if a node is
53383 definitely not an integer and will always fail any is-integer test. Then
53384 modified the compare and branch code to use this method; if it returns
53385 true then is-int tests are omitted and the compiler always emits a slow
53388 * dfg/DFGJITCodeGenerator.cpp:
53389 (JSC::DFG::JITCodeGenerator::isKnownNotInteger):
53390 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
53391 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
53392 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
53393 * dfg/DFGJITCodeGenerator.h:
53394 * dfg/DFGSpeculativeJIT.cpp:
53395 (JSC::DFG::SpeculativeJIT::compare):
53397 2011-07-16 Filip Pizlo <fpizlo@apple.com>
53399 DFG speculative JIT has dead code for slow calls for branches.
53400 https://bugs.webkit.org/show_bug.cgi?id=64653
53402 Reviewed by Gavin Barraclough.
53404 Removed SpeculativeJIT::compilePeepHoleCall.
53406 * dfg/DFGSpeculativeJIT.cpp:
53407 * dfg/DFGSpeculativeJIT.h:
53409 2011-07-15 Mark Rowe <mrowe@apple.com>
53415 2011-07-15 Gavin Barraclough <barraclough@apple.com>
53417 NativeError.prototype objects have [[Class]] of "Object" but should be "Error"
53418 https://bugs.webkit.org/show_bug.cgi?id=55346
53420 Reviewed by Sam Weinig.
53422 * runtime/ErrorPrototype.cpp:
53423 (JSC::ErrorPrototype::ErrorPrototype):
53424 - Switch to putDirect since we're not the only ones tranitioning this Structure now.
53425 * runtime/NativeErrorPrototype.cpp:
53426 (JSC::NativeErrorPrototype::NativeErrorPrototype):
53427 * runtime/NativeErrorPrototype.h:
53428 - Switch base class to ErrorPrototype.
53430 2011-07-15 Gavin Barraclough <barraclough@apple.com>
53432 DFG JIT - Where arguments passed are integers, speculate this.
53433 https://bugs.webkit.org/show_bug.cgi?id=64630
53435 Reviewed by Sam Weinig.
53437 Presently the DFG JIT is overly aggressively predicting double.
53438 Use a bit of dynamic information, and curtail this a little.
53440 * dfg/DFGGraph.cpp:
53441 (JSC::DFG::Graph::predictArgumentTypes):
53442 - Check for integer arguments.
53444 - Function declaration.
53445 * runtime/Executable.cpp:
53446 (JSC::tryDFGCompile):
53447 (JSC::FunctionExecutable::compileForCallInternal):
53448 - Add call to predictArgumentTypes.
53450 2011-07-15 Filip Pizlo <fpizlo@apple.com>
53452 DFG JIT is inconsistent about fusing branches and speculating
53453 integer comparisons for branches.
53454 https://bugs.webkit.org/show_bug.cgi?id=64573
53456 Reviewed by Gavin Barraclough.
53458 This patch moves some of NonSpeculativeJIT's functionality up into the
53459 JITCodeGenerator superclass so that it can be used from both JITs. Now,
53460 in cases where the speculative JIT doesn't want to speculate but still
53461 wants to emit good code, it can reliably emit the same code sequence as
53462 the non-speculative JIT. This patch also extends the non-speculative
53463 JIT's compare optimizations to include compare/branch fusing, and
53464 extends the speculative JIT's compare optimizations to cover StrictEqual.
53466 * dfg/DFGJITCodeGenerator.cpp:
53467 (JSC::DFG::JITCodeGenerator::isKnownInteger):
53468 (JSC::DFG::JITCodeGenerator::isKnownNumeric):
53469 (JSC::DFG::JITCodeGenerator::nonSpeculativePeepholeBranch):
53470 (JSC::DFG::JITCodeGenerator::nonSpeculativeCompare):
53471 * dfg/DFGJITCodeGenerator.h:
53472 (JSC::DFG::JITCodeGenerator::detectPeepHoleBranch):
53473 * dfg/DFGNonSpeculativeJIT.cpp:
53474 (JSC::DFG::NonSpeculativeJIT::compile):
53475 * dfg/DFGNonSpeculativeJIT.h:
53476 * dfg/DFGOperations.cpp:
53477 * dfg/DFGSpeculativeJIT.cpp:
53478 (JSC::DFG::SpeculativeJIT::compare):
53479 (JSC::DFG::SpeculativeJIT::compile):
53480 * dfg/DFGSpeculativeJIT.h:
53483 2011-07-14 Gavin Barraclough <barraclough@apple.com>
53485 https://bugs.webkit.org/show_bug.cgi?id=64250
53486 Global strict mode function leaking global object as "this".
53488 Reviewed by Oliver Hunt.
53490 The root problem here is that we pass the wrong values into
53491 calls, and then try to fix them up in the callee. Correct
53492 behaviour per the spec is to pass in the value undefined,
53493 as this unless either (1) the function call is based on an
53494 explicit property access or (2) the base of the call comes
53495 directly from a 'with'.
53497 This change does away with the need for this conversion of
53498 objects (non strict code should only box primitives), and
53499 does away with all this conversion for strict functions.
53501 This patch may have web compatibility ramifications, and may
53502 require some advocacy.
53504 * bytecode/CodeBlock.cpp:
53505 (JSC::CodeBlock::dump):
53506 - Removed op_convert_this_strict, added op_resolve_with_this.
53507 * bytecode/Opcode.h:
53508 - Removed op_convert_this_strict, added op_resolve_with_this.
53509 * bytecompiler/BytecodeGenerator.cpp:
53510 (JSC::BytecodeGenerator::BytecodeGenerator):
53511 (JSC::BytecodeGenerator::emitResolveWithThis):
53512 - Removed op_convert_this_strict, added op_resolve_with_this.
53513 * bytecompiler/BytecodeGenerator.h:
53514 - Removed op_convert_this_strict, added op_resolve_with_this.
53515 * bytecompiler/NodesCodegen.cpp:
53516 (JSC::EvalFunctionCallNode::emitBytecode):
53517 (JSC::FunctionCallResolveNode::emitBytecode):
53518 - Removed op_convert_this_strict, added op_resolve_with_this.
53519 * dfg/DFGSpeculativeJIT.cpp:
53520 (JSC::DFG::SpeculativeJIT::compile):
53521 - Change NeedsThisConversion check to test for JSString's vptr
53522 (objects no longer need conversion).
53523 * interpreter/Interpreter.cpp:
53524 (JSC::Interpreter::resolveThisAndProperty):
53525 - Based on resolveBaseAndProperty, but produce correct this value.
53526 (JSC::Interpreter::privateExecute):
53527 - Removed op_convert_this_strict, added op_resolve_with_this.
53528 * interpreter/Interpreter.h:
53530 (JSC::JIT::privateCompileMainPass):
53531 (JSC::JIT::privateCompileSlowCases):
53532 - Removed op_convert_this_strict, added op_resolve_with_this.
53534 * jit/JITOpcodes.cpp:
53535 (JSC::JIT::emit_op_resolve_with_this):
53536 - Removed op_convert_this_strict, added op_resolve_with_this.
53537 (JSC::JIT::emit_op_convert_this):
53538 (JSC::JIT::emitSlow_op_convert_this):
53539 - Change NeedsThisConversion check to test for JSString's vptr
53540 (objects no longer need conversion).
53541 * jit/JITOpcodes32_64.cpp:
53542 (JSC::JIT::emit_op_resolve_with_this):
53543 - Removed op_convert_this_strict, added op_resolve_with_this.
53544 (JSC::JIT::emit_op_convert_this):
53545 (JSC::JIT::emitSlow_op_convert_this):
53546 - Change NeedsThisConversion check to test for JSString's vptr
53547 (objects no longer need conversion).
53548 * jit/JITStubs.cpp:
53549 (JSC::DEFINE_STUB_FUNCTION):
53550 - Removed op_convert_this_strict, added op_resolve_with_this.
53552 - Removed op_convert_this_strict, added op_resolve_with_this.
53553 * runtime/JSActivation.h:
53554 - removed NeedsThisConversion flag, added IsEnvironmentRecord.
53555 * runtime/JSStaticScopeObject.h:
53556 - removed NeedsThisConversion flag, added IsEnvironmentRecord.
53557 * runtime/JSString.h:
53558 (JSC::RopeBuilder::createStructure):
53559 - removed NeedsThisConversion.
53560 * runtime/JSTypeInfo.h:
53561 (JSC::TypeInfo::isEnvironmentRecord):
53562 (JSC::TypeInfo::overridesHasInstance):
53563 - removed NeedsThisConversion flag, added IsEnvironmentRecord.
53564 * runtime/JSValue.h:
53565 - removed NeedsThisConversion.
53566 * runtime/JSVariableObject.h:
53567 - Corrected StructureFlags inheritance.
53568 * runtime/StrictEvalActivation.h:
53569 (JSC::StrictEvalActivation::createStructure):
53570 - Added IsEnvironmentRecord to StructureFlags, addded createStructure.
53571 * runtime/Structure.h:
53572 - removed NeedsThisConversion.
53573 * tests/mozilla/ecma/String/15.5.4.6-2.js:
53575 - Removed invalid test case.
53577 2011-07-15 Sheriff Bot <webkit.review.bot@gmail.com>
53579 Unreviewed, rolling out r91082, r91087, and r91089.
53580 http://trac.webkit.org/changeset/91082
53581 http://trac.webkit.org/changeset/91087
53582 http://trac.webkit.org/changeset/91089
53583 https://bugs.webkit.org/show_bug.cgi?id=64616
53585 gtk tests are failing a lot after this change. (Requested by
53586 dave_levin on #webkit).
53588 * wtf/ThreadIdentifierDataPthreads.cpp:
53589 (WTF::ThreadIdentifierData::identifier):
53590 (WTF::ThreadIdentifierData::initialize):
53591 (WTF::ThreadIdentifierData::initializeKeyOnceHelper):
53592 (WTF::ThreadIdentifierData::initializeKeyOnce):
53593 * wtf/ThreadIdentifierDataPthreads.h:
53594 * wtf/ThreadingPthreads.cpp:
53595 (WTF::initializeThreading):
53597 2011-07-15 David Levin <levin@chromium.org>
53599 Another attempted build fix.
53601 * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
53602 up the definition of PTHREAD_KEYS_MAX.
53604 2011-07-15 David Levin <levin@chromium.org>
53606 Chromium build fix.
53608 * wtf/ThreadIdentifierDataPthreads.cpp: Add include to pick
53609 up the definition of PTHREAD_KEYS_MAX.
53611 2011-07-14 David Levin <levin@chromium.org>
53613 currentThread is too slow!
53614 https://bugs.webkit.org/show_bug.cgi?id=64577
53616 Reviewed by Darin Adler and Dmitry Titov.
53618 The problem is that currentThread results in a pthread_once call which always takes a lock.
53619 With this change, currentThread is 10% faster than isMainThread in release mode and only
53620 5% slower than isMainThread in debug.
53622 * wtf/ThreadIdentifierDataPthreads.cpp:
53623 (WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
53624 which is no longer needed because this is called from initializeThreading().
53625 (WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
53626 intialization of the pthread key should already be done.
53627 (WTF::ThreadIdentifierData::initialize): Ditto.
53628 * wtf/ThreadIdentifierDataPthreads.h:
53629 * wtf/ThreadingPthreads.cpp:
53630 (WTF::initializeThreading): Acquire the pthread key here.
53632 2011-07-14 Filip Pizlo <fpizlo@apple.com>
53634 DFG JIT does not optimize Branch as well as it could.
53635 https://bugs.webkit.org/show_bug.cgi?id=64574
53637 Reviewed by Gavin Barraclough.
53639 This creates a common code path for emitting unfused branches, which does
53640 no speculation, and only performs a slow call if absolutely necessary.
53642 * dfg/DFGJITCodeGenerator.cpp:
53643 (JSC::DFG::JITCodeGenerator::emitBranch):
53644 * dfg/DFGJITCodeGenerator.h:
53645 * dfg/DFGNonSpeculativeJIT.cpp:
53646 (JSC::DFG::NonSpeculativeJIT::compile):
53647 * dfg/DFGSpeculativeJIT.cpp:
53648 (JSC::DFG::SpeculativeJIT::compile):
53650 2011-07-14 Filip Pizlo <fpizlo@apple.com>
53652 GC allocation fast path has too many operations.
53653 https://bugs.webkit.org/show_bug.cgi?id=64493
53655 Reviewed by Darin Adler.
53657 Changed the timing of the lazy sweep so that it occurs when we land on
53658 a previously-unsweeped block, rather than whenever we land on an unsweeped
53659 cell. After the per-block lazy sweep occurs, the block is turned into a
53660 singly linked list of free cells. The allocation fast path is now just a
53661 load-branch-store to remove a cell from the head of the list.
53663 Additionally, this changes the way new blocks are allocated. Previously,
53664 they would be populated with dummy cells. With this patch, they are
53665 turned into a free list, which means that there will never be destructor
53666 calls for allocations in fresh blocks.
53668 These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
53669 SunSpider. There are no observed statistically significant slow-downs
53670 on any individual benchmark.
53672 * JavaScriptCore.exp:
53674 (JSC::Heap::allocateSlowCase):
53675 (JSC::Heap::collect):
53676 (JSC::Heap::canonicalizeBlocks):
53677 (JSC::Heap::resetAllocator):
53679 (JSC::Heap::forEachProtectedCell):
53680 (JSC::Heap::forEachCell):
53681 (JSC::Heap::forEachBlock):
53682 (JSC::Heap::allocate):
53683 * heap/MarkedBlock.cpp:
53684 (JSC::MarkedBlock::MarkedBlock):
53685 (JSC::MarkedBlock::lazySweep):
53686 (JSC::MarkedBlock::blessNewBlockForFastPath):
53687 (JSC::MarkedBlock::blessNewBlockForSlowPath):
53688 (JSC::MarkedBlock::canonicalizeBlock):
53689 * heap/MarkedBlock.h:
53690 * heap/NewSpace.cpp:
53691 (JSC::NewSpace::addBlock):
53692 (JSC::NewSpace::canonicalizeBlocks):
53694 (JSC::NewSpace::allocate):
53695 (JSC::NewSpace::SizeClass::SizeClass):
53696 (JSC::NewSpace::SizeClass::canonicalizeBlock):
53697 * heap/OldSpace.cpp:
53698 (JSC::OldSpace::addBlock):
53700 2011-07-14 Filip Pizlo <fpizlo@apple.com>
53702 DFG JIT crashes on host constructor calls in debug mode.
53703 https://bugs.webkit.org/show_bug.cgi?id=64562
53705 Reviewed by Gavin Barraclough.
53707 Fixed the relevant ASSERT.
53709 * dfg/DFGOperations.cpp:
53711 2011-07-14 Filip Pizlo <fpizlo@apple.com>
53713 DFG speculative JIT contains a FIXME for rewinding speculative code generation that
53714 has already been fixed.
53715 https://bugs.webkit.org/show_bug.cgi?id=64022
53717 Reviewed by Gavin Barraclough.
53719 * dfg/DFGSpeculativeJIT.h:
53720 (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
53722 2011-07-14 Ryuan Choi <ryuan.choi@samsung.com>
53724 [EFL] Add OwnPtr specialization for Ecore_Pipe.
53725 https://bugs.webkit.org/show_bug.cgi?id=64515
53727 Add an overload for deleteOwnedPtr(Ecore_Pipe*) on EFL port.
53729 Reviewed by Xan Lopez.
53731 * wtf/OwnPtrCommon.h:
53732 * wtf/efl/OwnPtrEfl.cpp:
53733 (WTF::deleteOwnedPtr):
53735 2011-07-14 Filip Pizlo <fpizlo@apple.com>
53737 DFG JIT unnecessarily boxes and unboxes values during silent spilling.
53738 https://bugs.webkit.org/show_bug.cgi?id=64068
53740 Reviewed by Gavin Barraclough.
53742 Silent spilling and filling of registers is done during slow-path C
53743 function calls. The silent spill/fill logic does not affect register
53744 allocation on paths that don't involve the C function call.
53746 This changes the silent spilling code to spill in unboxed form. The
53747 silent fill will refill in whatever form the register was spilled in.
53748 For example, the silent spill code may choose not to spill the register
53749 because it was already spilled previously, which would imply that it
53750 was spilled in boxed form. The filling code detects this and either
53751 unboxes, or not, depending on what is appropriate.
53753 This change also results in a simplification of the silent spill/fill
53754 API: silent spilling no longer needs to know about the set of registers
53755 that cannot be trampled, since it never does boxing and hence does not
53756 need a temporary register.
53758 * dfg/DFGJITCodeGenerator.cpp:
53759 (JSC::DFG::JITCodeGenerator::cachedGetById):
53760 (JSC::DFG::JITCodeGenerator::cachedPutById):
53761 * dfg/DFGJITCodeGenerator.h:
53762 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
53763 (JSC::DFG::JITCodeGenerator::silentSpillFPR):
53764 (JSC::DFG::JITCodeGenerator::silentFillFPR):
53765 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
53766 * dfg/DFGNonSpeculativeJIT.cpp:
53767 (JSC::DFG::NonSpeculativeJIT::valueToNumber):
53768 (JSC::DFG::NonSpeculativeJIT::valueToInt32):
53769 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
53770 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
53771 (JSC::DFG::NonSpeculativeJIT::compare):
53772 (JSC::DFG::NonSpeculativeJIT::compile):
53773 * dfg/DFGSpeculativeJIT.cpp:
53774 (JSC::DFG::SpeculativeJIT::compile):
53776 2011-07-13 Michael Saboff <msaboff@apple.com>
53778 https://bugs.webkit.org/show_bug.cgi?id=64202
53779 Enh: Improve handling of RegExp in the form of /.*blah.*/
53781 Reviewed by Gavin Barraclough.
53783 Added code to both the Yarr interpreter and JIT to handle
53784 these expressions a little differently. First off, the terms
53785 in between the leading and trailing .*'s cannot capture and
53786 also this enhancement is limited to single alternative expressions.
53787 If an expression is of the right form with the aforementioned
53788 restrictions, we process the inner terms and then look for the
53789 beginning of the string and end of the string. There is handling
53790 for multiline expressions to allow the beginning and end to be
53791 right after and right before newlines.
53793 This enhancement speeds up expressions of this type 12x on
53796 Cleaned up 'case' statement indentation.
53798 A new set of tests was added as LayoutTests/fast/regex/dotstar.html
53800 * yarr/YarrInterpreter.cpp:
53801 (JSC::Yarr::Interpreter::InputStream::end):
53802 (JSC::Yarr::Interpreter::matchDotStarEnclosure):
53803 (JSC::Yarr::Interpreter::matchDisjunction):
53804 (JSC::Yarr::ByteCompiler::assertionDotStarEnclosure):
53805 (JSC::Yarr::ByteCompiler::emitDisjunction):
53806 * yarr/YarrInterpreter.h:
53807 (JSC::Yarr::ByteTerm::DotStarEnclosure):
53808 * yarr/YarrJIT.cpp:
53809 (JSC::Yarr::YarrGenerator::generateDotStarEnclosure):
53810 (JSC::Yarr::YarrGenerator::backtrackDotStarEnclosure):
53811 (JSC::Yarr::YarrGenerator::generateTerm):
53812 (JSC::Yarr::YarrGenerator::backtrackTerm):
53813 * yarr/YarrPattern.cpp:
53814 (JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
53815 (JSC::Yarr::YarrPatternConstructor::containsCapturingTerms):
53816 (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
53817 (JSC::Yarr::YarrPattern::compile):
53818 * yarr/YarrPattern.h:
53819 (JSC::Yarr::PatternTerm::PatternTerm):
53821 2011-07-13 Xan Lopez <xlopez@igalia.com>
53823 [GTK] Fix distcheck
53825 Reviewed by Martin Robinson.
53827 * GNUmakefile.list.am: add missing files.
53829 2011-07-13 Filip Pizlo <fpizlo@apple.com>
53831 DFG JIT does not implement prototype chain or list caching for get_by_id.
53832 https://bugs.webkit.org/show_bug.cgi?id=64147
53834 Reviewed by Gavin Barraclough.
53836 This implements unified support for prototype caching, prototype chain
53837 caching, and polymorphic (i.e. list) prototype and prototype chain
53838 caching. This is done by creating common code for emitting prototype
53839 or chain access stubs, and having it factored out into
53840 generateProtoChainAccessStub(). This function is called by
53841 tryCacheGetByID once the latter determines that some form of prototype
53842 access caching is necessary (i.e. the slot being accessed is not on the
53843 base value but on some other object).
53845 Direct prototype list, and prototype chain list, caching is implemented by
53846 linking the slow path to operationGetByIdProtoBuildList(), which uses the
53847 same helper function (generateProtoChainAccessStub()) as tryCacheGetByID.
53849 This change required ensuring that the value in the scratchGPR field in
53850 StructureStubInfo is preserved even after the stub info is in the
53851 chain, or proto_list, states. Hence scratchGPR was moved out of the union
53852 and into the top-level of StructureStubInfo.
53854 * bytecode/StructureStubInfo.h:
53855 * dfg/DFGJITCompiler.cpp:
53856 (JSC::DFG::JITCompiler::compileFunction):
53857 * dfg/DFGOperations.cpp:
53858 * dfg/DFGOperations.h:
53859 * dfg/DFGRepatch.cpp:
53860 (JSC::DFG::emitRestoreScratch):
53861 (JSC::DFG::linkRestoreScratch):
53862 (JSC::DFG::generateProtoChainAccessStub):
53863 (JSC::DFG::tryCacheGetByID):
53864 (JSC::DFG::tryBuildGetByIDProtoList):
53865 (JSC::DFG::dfgBuildGetByIDProtoList):
53866 (JSC::DFG::tryCachePutByID):
53867 * dfg/DFGRepatch.h:
53869 2011-07-12 Brent Fulgham <bfulgham@webkit.org>
53871 Standardize WinCairo conditionalized code under PLATFORM macro.
53872 https://bugs.webkit.org/show_bug.cgi?id=64377
53874 Reviewed by Maciej Stachowiak.
53876 * wtf/Platform.h: Update to use PLATFORM(WIN_CAIRO) for tests.
53878 2011-07-13 David Levin <levin@chromium.org>
53880 Possible race condition in ThreadIdentifierData::initializeKeyOnce and shouldCallRealDebugger.
53881 https://bugs.webkit.org/show_bug.cgi?id=64465
53883 Reviewed by Dmitry Titov.
53885 There isn't a good way to test this as it is very highly unlikely to occur.
53887 * wtf/ThreadIdentifierDataPthreads.cpp:
53888 (WTF::ThreadIdentifierData::initializeKeyOnce): Since scoped static initialization
53889 isn't thread-safe, change the initialization to be global.
53891 2011-07-12 Gavin Barraclough <barraclough@apple.com>
53893 https://bugs.webkit.org/show_bug.cgi?id=64424
53894 Our direct eval behaviour deviates slightly from the spec.
53896 Reviewed by Oliver Hunt.
53898 The ES5 spec defines a concept of 'Direct Call to Eval' (see section 15.1.2.1.1), where
53899 behaviour will differ from that of an indirect call (e.g. " { eval: window.eval }.eval();"
53900 or "var a = eval; a();" are indirect calls), particularly in non-strict scopes variables
53901 may be introduced into the caller's environment.
53903 ES5 direct calls are any call where the callee function is provided by a reference, a base
53904 of that Reference is an EnvironmentRecord (this corresponds to all productions
53905 "PrimaryExpression: Identifier", see 10.2.2.1 GetIdentifierReference), and where the name
53906 of the reference is "eval". This means any expression of the form "eval(...)", and that
53907 calls the standard built in eval method from on the Global Object, is considered to be
53910 In JavaScriptCore we are currently overly restrictive. We also check that the
53911 EnvironmentRecord that is the base of the reference is the Declaractive Environment Record
53912 at the root of the scope chain, corresponding to the Global Object - an "eval(..)" statement
53913 that hits a var eval in a nested scope is not considered to be direct. This behaviour does
53914 not emanate from the spec, and is incorrect.
53916 * interpreter/Interpreter.cpp:
53917 (JSC::Interpreter::privateExecute):
53918 - Fixed direct eval check in op_call_eval.
53919 * jit/JITStubs.cpp:
53920 (JSC::DEFINE_STUB_FUNCTION):
53921 - Fixed direct eval check in op_call_eval.
53922 * runtime/Executable.h:
53923 (JSC::isHostFunction):
53924 - Added check for host function with specific NativeFunction.
53926 2011-07-13 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
53928 Reviewed by Andreas Kling.
53930 Broken build on QNX
53931 https://bugs.webkit.org/show_bug.cgi?id=63717
53933 QNX doesn't support pthread's SA_RESTART (required by
53934 JSC_MULTIPLE_THREADS), JIT is broken at runtime and there a
53935 few minor compilation errors here and there.
53937 Original patch by Ritt Konstantin <ritt.ks@gmail.com>, also
53938 tested by him on QNX v6.5 (x86)
53940 * wtf/DateMath.cpp: fix usage of abs/labs
53941 * wtf/Platform.h: Disable JIT and JSC_MULTIPLE_THREADS
53942 * wtf/StackBounds.cpp: Add a couple of missing includes (and sort them)
53944 2011-07-12 Anders Carlsson <andersca@apple.com>
53946 If a compiler has nullptr support, include <cstddef> to get the nullptr_t definition
53947 https://bugs.webkit.org/show_bug.cgi?id=64429
53949 Include the cstddef which has the nullptr_t typedef according to the C++0x standard.
53953 2011-07-13 MORITA Hajime <morrita@google.com>
53955 Refactoring: Ignored ExceptionCode value should be less annoying.
53956 https://bugs.webkit.org/show_bug.cgi?id=63688
53958 Added ASSERT_AT macro.
53960 Reviewed by Darin Adler.
53962 * wtf/Assertions.h:
53964 2011-07-12 Filip Pizlo <fpizlo@apple.com>
53966 DFG JIT does not implement op_construct.
53967 https://bugs.webkit.org/show_bug.cgi?id=64066
53969 Reviewed by Gavin Barraclough.
53971 This is a fixed implementation of op_construct. Constructor calls are implemented
53972 by reusing almost all of the code for Call, with care taken to make sure that
53973 where the are differences (like selecting different code blocks), those differences
53974 are respected. The two fixes over the last patch are: (1) make sure the
53975 CodeBlock::unlinkCalls respects differences between Call and Construct, and (2)
53976 make sure that virtualFor() in DFGOperations respects the CodeSpecializationKind
53977 (either CodeForCall or CodeForConstruct) when invoking the compiler.
53979 * dfg/DFGAliasTracker.h:
53980 (JSC::DFG::AliasTracker::recordConstruct):
53981 * dfg/DFGByteCodeParser.cpp:
53982 (JSC::DFG::ByteCodeParser::addCall):
53983 (JSC::DFG::ByteCodeParser::parseBlock):
53984 * dfg/DFGJITCodeGenerator.cpp:
53985 (JSC::DFG::JITCodeGenerator::emitCall):
53987 * dfg/DFGNonSpeculativeJIT.cpp:
53988 (JSC::DFG::NonSpeculativeJIT::compile):
53989 * dfg/DFGOperations.cpp:
53990 * dfg/DFGOperations.h:
53991 * dfg/DFGRepatch.cpp:
53992 (JSC::DFG::dfgLinkFor):
53993 * dfg/DFGRepatch.h:
53994 * dfg/DFGSpeculativeJIT.cpp:
53995 (JSC::DFG::SpeculativeJIT::compile):
53996 * runtime/CodeBlock.cpp:
53997 (JSC::CodeBlock::unlinkCalls):
53999 2011-07-12 Oliver Hunt <oliver@apple.com>
54001 Overzealous type validation in method_check
54002 https://bugs.webkit.org/show_bug.cgi?id=64415
54004 Reviewed by Gavin Barraclough.
54006 method_check is essentially just a value look up
54007 optimisation, but it internally stores the value
54008 as a JSFunction, even though it never relies on
54009 this fact. Under GC validation however we end up
54010 trying to enforce that assumption. The fix is
54011 simply to store the value as a correct supertype.
54013 * bytecode/CodeBlock.h:
54014 * dfg/DFGRepatch.cpp:
54015 (JSC::DFG::dfgRepatchGetMethodFast):
54016 (JSC::DFG::tryCacheGetMethod):
54018 * jit/JITPropertyAccess.cpp:
54019 (JSC::JIT::patchMethodCallProto):
54020 * jit/JITStubs.cpp:
54021 (JSC::DEFINE_STUB_FUNCTION):
54023 2011-07-12 Filip Pizlo <fpizlo@apple.com>
54025 COLLECT_ON_EVERY_ALLOCATION no longer works.
54026 https://bugs.webkit.org/show_bug.cgi?id=64388
54028 Reviewed by Oliver Hunt.
54030 Added a flag to Heap that determines if it's safe to collect (which for now means that
54031 JSGlobalObject has actually been initialized, but it should work for other things, too).
54032 This allows JSGlobalObject to allocate even if the allocator wants to GC; instead of
54033 GCing it just grows the heap, if necessary.
54035 Then changed Heap::allocate() to not recurse ad infinitum when
54036 COLLECT_ON_EVERY_ALLOCATION is set. This also makes the allocator generally more
54037 resilient against bugs; this change allowed me to put in handy assertions, such as that
54038 an allocation must succeed after either a collection or after a new block was added.
54042 (JSC::Heap::tryAllocate):
54043 (JSC::Heap::allocate):
54044 (JSC::Heap::collectAllGarbage):
54045 (JSC::Heap::collect):
54047 (JSC::Heap::notifyIsSafeToCollect):
54048 * runtime/JSGlobalData.cpp:
54049 (JSC::JSGlobalData::JSGlobalData):
54051 2011-07-12 Filip Pizlo <fpizlo@apple.com>
54053 DFG JIT put_by_id transition caching does not inform the GC about the structure and
54054 prototype chain that it is referencing.
54055 https://bugs.webkit.org/show_bug.cgi?id=64387
54057 Reviewed by Gavin Barraclough.
54059 Fixed the relevant code in DFGRepatch to call StructureStubInfo::initPutByIdTransition().
54061 * dfg/DFGRepatch.cpp:
54062 (JSC::DFG::tryCachePutByID):
54064 2011-07-12 Adam Roben <aroben@apple.com>
54066 Ensure no intermediate WTF::Strings are created when concatenating with string literals
54068 Fixes <http://webkit.org/b/63330> Concatenating string literals and WTF::Strings using
54069 operator+ is suboptimal
54071 Reviewed by Darin Adler.
54073 * wtf/text/StringConcatenate.h:
54074 (WTF::StringTypeAdapter<String>::writeTo): Added a macro that can be used for testing how
54075 many WTF::Strings get copied while evaluating an operator+ expression.
54077 * wtf/text/StringOperators.h:
54078 (WTF::operator+): Changed the overload that takes a StringAppend to take it on the left-hand
54079 side, since operator+ is left-associative. Having the StringAppend on the right-hand side
54080 was causing us to make intermediate WTF::Strings when evaluating expressions that contained
54081 multiple calls to operator+. Added some more overloads for that take a left-hand side of
54082 const char* to resolve overload ambiguity for certain expressions. Added overloads that take
54083 a left-hand side of const UChar* (matching the const char* overloads) so that wide string
54084 literals don't first have to be converted to a WTF::String in operator+ expressions.
54086 2011-07-12 Adam Roben <aroben@apple.com>
54088 Unreviewed, rolling out r90811.
54089 http://trac.webkit.org/changeset/90811
54090 https://bugs.webkit.org/show_bug.cgi?id=61025
54092 Several svg tests failing assertions beneath
54093 SVGSMILElement::findInstanceTime
54095 * wtf/StdLibExtras.h:
54096 (WTF::binarySearch):
54098 2011-07-12 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
54100 Reviewed by Nikolas Zimmermann.
54102 Speed up SVGSMILElement::findInstanceTime.
54103 https://bugs.webkit.org/show_bug.cgi?id=61025
54105 Add a new parameter to StdlibExtras.h::binarySerarch function
54106 to also handle cases when the array does not contain the key value.
54107 This is needed for an svg function.
54109 * wtf/StdLibExtras.h:
54110 (WTF::binarySearch):
54112 2011-07-11 Filip Pizlo <fpizlo@apple.com>
54114 DFG speculative JIT does not guard itself against floating point speculation
54115 failures on non-floating-point constants.
54116 https://bugs.webkit.org/show_bug.cgi?id=64330
54118 Reviewed by Gavin Barraclough.
54120 Made fillSpeculateDouble immediate invoke terminateSpeculativeExecution() as
54121 soon as it notices that it's speculating on something that is a non-numeric
54124 * dfg/DFGSpeculativeJIT.cpp:
54125 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
54127 2011-07-11 Filip Pizlo <fpizlo@apple.com>
54129 DFG Speculative JIT does not always insert speculation checks when speculating
54131 https://bugs.webkit.org/show_bug.cgi?id=64254
54133 Reviewed by Gavin Barraclough.
54135 Changed the SetLocal instruction to always validate that the value being stored
54136 into the local variable is an array, if that variable was marked PredictArray.
54137 This is necessary since uses of arrays assume that if a PredictArray value is
54138 in a local variable then the speculation check validating that the value is an
54139 array was already performed.
54141 * dfg/DFGSpeculativeJIT.cpp:
54142 (JSC::DFG::SpeculativeJIT::compile):
54144 2011-07-11 Gabor Loki <loki@webkit.org>
54146 Fix the condition of the optimized code in doubleTransfer
54147 https://bugs.webkit.org/show_bug.cgi?id=64261
54149 Reviewed by Zoltan Herczeg.
54151 The condition of the optimized code in doubleTransfer is wrong. The
54152 data transfer should be executed with four bytes aligned address.
54153 VFP cannot perform unaligned memory access.
54155 Reported by Jacob Bramley.
54157 * assembler/ARMAssembler.cpp:
54158 (JSC::ARMAssembler::doubleTransfer):
54160 2011-07-11 Gabor Loki <loki@webkit.org>
54162 Signed arithmetic bug in dataTransfer32.
54163 https://bugs.webkit.org/show_bug.cgi?id=64257
54165 Reviewed by Zoltan Herczeg.
54167 An arithmetic bug is fixed. If the offset of dataTransfer is half of the
54168 addressable memory space on a 32-bit machine (-2147483648 = 0x80000000)
54169 a load instruction is emitted with a wrong zero offset.
54171 Inspired by Jacob Bramley's patch from JaegerMonkey.
54173 * assembler/ARMAssembler.cpp:
54174 (JSC::ARMAssembler::dataTransfer32):
54176 2011-07-09 Thouraya Andolsi <thouraya.andolsi@st.com>
54178 Fix unaligned userspace access for SH4 platforms.
54179 https://bugs.webkit.org/show_bug.cgi?id=62993
54183 2011-07-09 Chao-ying Fu <fu@mips.com>
54185 Fix MIPS build due to readInt32 and readPointer
54186 https://bugs.webkit.org/show_bug.cgi?id=63962
54188 * assembler/MIPSAssembler.h:
54189 (JSC::MIPSAssembler::readInt32):
54190 (JSC::MIPSAssembler::readPointer):
54191 * assembler/MacroAssemblerMIPS.h:
54192 (JSC::MacroAssemblerMIPS::rshift32):
54194 2011-07-08 Gavin Barraclough <barraclough@apple.com>
54196 https://bugs.webkit.org/show_bug.cgi?id=64181
54197 REGRESSION (r90602): Gmail doesn't load
54199 Rolling out r90601, r90602.
54201 * dfg/DFGAliasTracker.h:
54202 * dfg/DFGByteCodeParser.cpp:
54203 (JSC::DFG::ByteCodeParser::addVarArgChild):
54204 (JSC::DFG::ByteCodeParser::parseBlock):
54205 * dfg/DFGJITCodeGenerator.cpp:
54206 (JSC::DFG::JITCodeGenerator::emitCall):
54208 * dfg/DFGNonSpeculativeJIT.cpp:
54209 (JSC::DFG::NonSpeculativeJIT::compile):
54210 * dfg/DFGOperations.cpp:
54211 * dfg/DFGOperations.h:
54212 * dfg/DFGRepatch.cpp:
54213 (JSC::DFG::tryCacheGetByID):
54214 (JSC::DFG::dfgLinkCall):
54215 * dfg/DFGRepatch.h:
54216 * dfg/DFGSpeculativeJIT.cpp:
54217 (JSC::DFG::SpeculativeJIT::compile):
54218 * runtime/JSObject.h:
54219 (JSC::JSObject::isUsingInlineStorage):
54221 2011-07-08 Kalev Lember <kalev@smartlink.ee>
54223 Reviewed by Adam Roben.
54225 Add missing _WIN32_WINNT and WINVER definitions
54226 https://bugs.webkit.org/show_bug.cgi?id=59702
54228 Moved _WIN32_WINNT and WINVER definitions to config.h so that they are
54229 available for all source files.
54231 In particular, wtf/FastMalloc.cpp uses CreateTimerQueueTimer and
54232 DeleteTimerQueueTimer which are both guarded by
54233 #if (_WIN32_WINNT >= 0x0500)
54237 * wtf/Assertions.cpp:
54239 2011-07-08 Chang Shu <cshu@webkit.org>
54241 Rename "makeSecure" to "fill" and remove the support for displaying last character
54242 to avoid layering violatation.
54243 https://bugs.webkit.org/show_bug.cgi?id=59114
54245 Reviewed by Alexey Proskuryakov.
54247 * JavaScriptCore.exp:
54248 * JavaScriptCore.order:
54249 * wtf/text/StringImpl.cpp:
54250 (WTF::StringImpl::fill):
54251 * wtf/text/StringImpl.h:
54252 * wtf/text/WTFString.h:
54253 (WTF::String::fill):
54255 2011-07-08 Benjamin Poulain <benjamin@webkit.org>
54257 [WK2] Do not forward touch events to the web process when it does not need them
54258 https://bugs.webkit.org/show_bug.cgi?id=64164
54260 Reviewed by Kenneth Rohde Christiansen.
54262 Add a convenience function to obtain a reference to the last element of a Deque.
54265 (WTF::Deque::last):
54267 2011-07-07 Filip Pizlo <fpizlo@apple.com>
54269 DFG JIT does not implement op_construct.
54270 https://bugs.webkit.org/show_bug.cgi?id=64066
54272 Reviewed by Gavin Barraclough.
54274 * dfg/DFGAliasTracker.h:
54275 (JSC::DFG::AliasTracker::recordConstruct):
54276 * dfg/DFGByteCodeParser.cpp:
54277 (JSC::DFG::ByteCodeParser::addCall):
54278 (JSC::DFG::ByteCodeParser::parseBlock):
54279 * dfg/DFGJITCodeGenerator.cpp:
54280 (JSC::DFG::JITCodeGenerator::emitCall):
54282 * dfg/DFGNonSpeculativeJIT.cpp:
54283 (JSC::DFG::NonSpeculativeJIT::compile):
54284 * dfg/DFGOperations.cpp:
54285 * dfg/DFGOperations.h:
54286 * dfg/DFGRepatch.cpp:
54287 (JSC::DFG::dfgLinkFor):
54288 * dfg/DFGRepatch.h:
54289 * dfg/DFGSpeculativeJIT.cpp:
54290 (JSC::DFG::SpeculativeJIT::compile):
54292 2011-07-07 Filip Pizlo <fpizlo@apple.com>
54294 DFG JIT does not implement get_by_id prototype caching.
54295 https://bugs.webkit.org/show_bug.cgi?id=64077
54297 Reviewed by Gavin Barraclough.
54299 * dfg/DFGRepatch.cpp:
54300 (JSC::DFG::emitRestoreScratch):
54301 (JSC::DFG::linkRestoreScratch):
54302 (JSC::DFG::tryCacheGetByID):
54303 * runtime/JSObject.h:
54304 (JSC::JSObject::addressOfPropertyAtOffset):
54306 2011-07-07 Filip Pizlo <fpizlo@apple.com>
54308 DFG JIT method_check implementation does not link to optimized get_by_id
54310 https://bugs.webkit.org/show_bug.cgi?id=64073
54312 Reviewed by Gavin Barraclough.
54314 * dfg/DFGRepatch.cpp:
54315 (JSC::DFG::dfgRepatchGetMethodFast):
54317 2011-07-07 Oliver Hunt <oliver@apple.com>
54319 Encode jump and link sizes into the appropriate enums
54320 https://bugs.webkit.org/show_bug.cgi?id=64123
54322 Reviewed by Sam Weinig.
54324 Finally kill off the out of line jump and link size arrays,
54325 so we can avoid icky loads and constant fold the linking arithmetic.
54327 * assembler/ARMv7Assembler.cpp:
54328 * assembler/ARMv7Assembler.h:
54329 (JSC::ARMv7Assembler::jumpSizeDelta):
54330 (JSC::ARMv7Assembler::computeJumpType):
54332 2011-07-06 Juan C. Montemayor <jmont@apple.com>
54334 ASSERT_NOT_REACHED running test 262
54335 https://bugs.webkit.org/show_bug.cgi?id=63951
54337 Added a case to the switch statement where the code was failing. Fixed
54338 some logic as well that gave faulty error messages.
54340 Reviewed by Gavin Barraclough.
54342 * parser/JSParser.cpp:
54343 (JSC::JSParser::getTokenName):
54344 (JSC::JSParser::updateErrorMessageSpecialCase):
54345 (JSC::JSParser::updateErrorMessage):
54347 2011-07-06 Filip Pizlo <fpizlo@apple.com>
54349 DFG JIT implementation of op_call results in regressions on sunspider
54350 controlflow-recursive.
54351 https://bugs.webkit.org/show_bug.cgi?id=64039
54353 Reviewed by Gavin Barraclough.
54355 * dfg/DFGByteCodeParser.cpp:
54356 (JSC::DFG::ByteCodeParser::isSmallInt32Constant):
54357 (JSC::DFG::ByteCodeParser::parseBlock):
54358 * dfg/DFGSpeculativeJIT.h:
54359 (JSC::DFG::SpeculativeJIT::isInteger):
54361 2011-07-06 Filip Pizlo <fpizlo@apple.com>
54363 DFG JIT does not support method_check
54364 https://bugs.webkit.org/show_bug.cgi?id=63972
54366 Reviewed by Gavin Barraclough.
54368 * assembler/CodeLocation.h:
54369 (JSC::CodeLocationPossiblyNearCall::CodeLocationPossiblyNearCall):
54370 * bytecode/CodeBlock.cpp:
54371 (JSC::CodeBlock::visitAggregate):
54372 * bytecode/CodeBlock.h:
54373 (JSC::MethodCallLinkInfo::MethodCallLinkInfo):
54374 (JSC::MethodCallLinkInfo::seenOnce):
54375 (JSC::MethodCallLinkInfo::setSeen):
54376 * dfg/DFGAliasTracker.h:
54377 (JSC::DFG::AliasTracker::recordGetMethod):
54378 * dfg/DFGByteCodeParser.cpp:
54379 (JSC::DFG::ByteCodeParser::parseBlock):
54380 * dfg/DFGJITCodeGenerator.cpp:
54381 (JSC::DFG::JITCodeGenerator::cachedGetById):
54382 (JSC::DFG::JITCodeGenerator::cachedGetMethod):
54383 * dfg/DFGJITCodeGenerator.h:
54384 * dfg/DFGJITCompiler.cpp:
54385 (JSC::DFG::JITCompiler::compileFunction):
54386 * dfg/DFGJITCompiler.h:
54387 (JSC::DFG::JITCompiler::addMethodGet):
54388 (JSC::DFG::JITCompiler::MethodGetRecord::MethodGetRecord):
54390 (JSC::DFG::Node::hasIdentifier):
54391 * dfg/DFGNonSpeculativeJIT.cpp:
54392 (JSC::DFG::NonSpeculativeJIT::compile):
54393 * dfg/DFGOperations.cpp:
54394 * dfg/DFGOperations.h:
54395 * dfg/DFGRepatch.cpp:
54396 (JSC::DFG::dfgRepatchGetMethodFast):
54397 (JSC::DFG::tryCacheGetMethod):
54398 (JSC::DFG::dfgRepatchGetMethod):
54399 * dfg/DFGRepatch.h:
54400 * dfg/DFGSpeculativeJIT.cpp:
54401 (JSC::DFG::SpeculativeJIT::compile):
54402 * jit/JITWriteBarrier.h:
54403 (JSC::JITWriteBarrier::set):
54405 2011-07-06 Filip Pizlo <fpizlo@apple.com>
54407 DFG JIT op_call implementation will flush registers even when those registers are dead
54408 https://bugs.webkit.org/show_bug.cgi?id=64023
54410 Reviewed by Gavin Barraclough.
54412 * dfg/DFGJITCodeGenerator.cpp:
54413 (JSC::DFG::JITCodeGenerator::emitCall):
54414 * dfg/DFGJITCodeGenerator.h:
54415 (JSC::DFG::JITCodeGenerator::integerResult):
54416 (JSC::DFG::JITCodeGenerator::noResult):
54417 (JSC::DFG::JITCodeGenerator::cellResult):
54418 (JSC::DFG::JITCodeGenerator::jsValueResult):
54419 (JSC::DFG::JITCodeGenerator::doubleResult):
54420 * dfg/DFGNonSpeculativeJIT.cpp:
54421 (JSC::DFG::NonSpeculativeJIT::compile):
54422 * dfg/DFGSpeculativeJIT.cpp:
54423 (JSC::DFG::SpeculativeJIT::compile):
54425 2011-07-06 Filip Pizlo <fpizlo@apple.com>
54427 DFG speculative JIT may crash when speculating int on a non-int JSConstant.
54428 https://bugs.webkit.org/show_bug.cgi?id=64017
54430 Reviewed by Gavin Barraclough.
54432 * dfg/DFGSpeculativeJIT.cpp:
54433 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
54434 (JSC::DFG::SpeculativeJIT::compile):
54436 2011-07-06 Dmitriy Vyukov <dvyukov@google.com>
54438 Reviewed by David Levin.
54440 Allow substitution of dynamic annotations and prevent identical code folding by the linker.
54441 https://bugs.webkit.org/show_bug.cgi?id=62443
54443 * wtf/DynamicAnnotations.cpp:
54444 (WTFAnnotateBenignRaceSized):
54445 (WTFAnnotateHappensBefore):
54446 (WTFAnnotateHappensAfter):
54448 2011-07-06 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
54450 Calls on 32 bit machines are failed after r90423
54451 https://bugs.webkit.org/show_bug.cgi?id=63980
54453 Reviewed by Gavin Barraclough.
54455 Copy the necessary lines from JITCall.cpp.
54457 * jit/JITCall32_64.cpp:
54458 (JSC::JIT::compileOpCall):
54460 2011-07-05 Filip Pizlo <fpizlo@apple.com>
54462 DFG JIT virtual call implementation is inefficient.
54463 https://bugs.webkit.org/show_bug.cgi?id=63974
54465 Reviewed by Gavin Barraclough.
54467 * dfg/DFGOperations.cpp:
54468 * runtime/Executable.h:
54469 (JSC::ExecutableBase::generatedJITCodeForCallWithArityCheck):
54470 (JSC::ExecutableBase::generatedJITCodeForConstructWithArityCheck):
54471 (JSC::ExecutableBase::generatedJITCodeWithArityCheckFor):
54472 (JSC::ExecutableBase::hasJITCodeForCall):
54473 (JSC::ExecutableBase::hasJITCodeForConstruct):
54474 (JSC::ExecutableBase::hasJITCodeFor):
54475 * runtime/JSFunction.h:
54476 (JSC::JSFunction::scopeUnchecked):
54478 2011-07-05 Oliver Hunt <oliver@apple.com>
54480 Force inlining of simple functions that show up as not being inlined
54481 https://bugs.webkit.org/show_bug.cgi?id=63964
54483 Reviewed by Gavin Barraclough.
54485 Looking at profile data indicates the gcc is failing to inline a
54486 number of trivial functions. This patch hits the ones that show
54487 up in profiles with the ALWAYS_INLINE hammer.
54489 We also replace the memcpy() call in linking with a manual loop.
54490 Apparently memcpy() is almost never faster than an inlined loop.
54492 * assembler/ARMv7Assembler.h:
54493 (JSC::ARMv7Assembler::add):
54494 (JSC::ARMv7Assembler::add_S):
54495 (JSC::ARMv7Assembler::ARM_and):
54496 (JSC::ARMv7Assembler::asr):
54497 (JSC::ARMv7Assembler::b):
54498 (JSC::ARMv7Assembler::blx):
54499 (JSC::ARMv7Assembler::bx):
54500 (JSC::ARMv7Assembler::clz):
54501 (JSC::ARMv7Assembler::cmn):
54502 (JSC::ARMv7Assembler::cmp):
54503 (JSC::ARMv7Assembler::eor):
54504 (JSC::ARMv7Assembler::it):
54505 (JSC::ARMv7Assembler::ldr):
54506 (JSC::ARMv7Assembler::ldrCompact):
54507 (JSC::ARMv7Assembler::ldrh):
54508 (JSC::ARMv7Assembler::ldrb):
54509 (JSC::ARMv7Assembler::lsl):
54510 (JSC::ARMv7Assembler::lsr):
54511 (JSC::ARMv7Assembler::movT3):
54512 (JSC::ARMv7Assembler::mov):
54513 (JSC::ARMv7Assembler::movt):
54514 (JSC::ARMv7Assembler::mvn):
54515 (JSC::ARMv7Assembler::neg):
54516 (JSC::ARMv7Assembler::orr):
54517 (JSC::ARMv7Assembler::orr_S):
54518 (JSC::ARMv7Assembler::ror):
54519 (JSC::ARMv7Assembler::smull):
54520 (JSC::ARMv7Assembler::str):
54521 (JSC::ARMv7Assembler::sub):
54522 (JSC::ARMv7Assembler::sub_S):
54523 (JSC::ARMv7Assembler::tst):
54524 (JSC::ARMv7Assembler::linkRecordSourceComparator):
54525 (JSC::ARMv7Assembler::link):
54526 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Reg3Imm8):
54527 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp5Imm5Reg3Reg3):
54528 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp7Reg3Reg3Reg3):
54529 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8Imm8):
54530 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp8RegReg143):
54531 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp9Imm7):
54532 (JSC::ARMv7Assembler::ARMInstructionFormatter::oneWordOp10Reg3Reg3):
54533 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4FourFours):
54534 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16FourFours):
54535 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp16Op16):
54536 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp5i6Imm4Reg4EncodedImm):
54537 (JSC::ARMv7Assembler::ARMInstructionFormatter::twoWordOp12Reg4Reg4Imm12):
54538 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpOp):
54539 (JSC::ARMv7Assembler::ARMInstructionFormatter::vfpMemOp):
54540 * assembler/LinkBuffer.h:
54541 (JSC::LinkBuffer::linkCode):
54542 * assembler/MacroAssemblerARMv7.h:
54543 (JSC::MacroAssemblerARMv7::nearCall):
54544 (JSC::MacroAssemblerARMv7::call):
54545 (JSC::MacroAssemblerARMv7::ret):
54546 (JSC::MacroAssemblerARMv7::moveWithPatch):
54547 (JSC::MacroAssemblerARMv7::branchPtrWithPatch):
54548 (JSC::MacroAssemblerARMv7::storePtrWithPatch):
54549 (JSC::MacroAssemblerARMv7::tailRecursiveCall):
54550 (JSC::MacroAssemblerARMv7::makeTailRecursiveCall):
54551 (JSC::MacroAssemblerARMv7::jump):
54552 (JSC::MacroAssemblerARMv7::makeBranch):
54554 2011-07-05 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
54556 Make "Add optimised paths for a few maths functions" work on Qt
54557 https://bugs.webkit.org/show_bug.cgi?id=63893
54559 Reviewed by Oliver Hunt.
54561 Move the generated code to the .text section instead of .data section.
54562 Fix alignment for the 32 bit thunk code.
54564 * jit/ThunkGenerators.cpp:
54566 2011-07-05 Filip Pizlo <fpizlo@apple.com>
54568 DFG JIT does not implement op_call.
54569 https://bugs.webkit.org/show_bug.cgi?id=63858
54571 Reviewed by Gavin Barraclough.
54573 * bytecode/CodeBlock.cpp:
54574 (JSC::CodeBlock::unlinkCalls):
54575 * bytecode/CodeBlock.h:
54576 (JSC::CodeBlock::setNumberOfCallLinkInfos):
54577 (JSC::CodeBlock::numberOfCallLinkInfos):
54578 * bytecompiler/BytecodeGenerator.cpp:
54579 (JSC::BytecodeGenerator::emitCall):
54580 (JSC::BytecodeGenerator::emitConstruct):
54581 * dfg/DFGAliasTracker.h:
54582 (JSC::DFG::AliasTracker::lookupGetByVal):
54583 (JSC::DFG::AliasTracker::recordCall):
54584 (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
54585 * dfg/DFGByteCodeParser.cpp:
54586 (JSC::DFG::ByteCodeParser::ByteCodeParser):
54587 (JSC::DFG::ByteCodeParser::getLocal):
54588 (JSC::DFG::ByteCodeParser::getArgument):
54589 (JSC::DFG::ByteCodeParser::toInt32):
54590 (JSC::DFG::ByteCodeParser::addToGraph):
54591 (JSC::DFG::ByteCodeParser::addVarArgChild):
54592 (JSC::DFG::ByteCodeParser::predictInt32):
54593 (JSC::DFG::ByteCodeParser::parseBlock):
54594 (JSC::DFG::ByteCodeParser::processPhiStack):
54595 (JSC::DFG::ByteCodeParser::allocateVirtualRegisters):
54596 * dfg/DFGGraph.cpp:
54597 (JSC::DFG::Graph::opName):
54598 (JSC::DFG::Graph::dump):
54599 (JSC::DFG::Graph::refChildren):
54601 * dfg/DFGJITCodeGenerator.cpp:
54602 (JSC::DFG::JITCodeGenerator::useChildren):
54603 (JSC::DFG::JITCodeGenerator::emitCall):
54604 * dfg/DFGJITCodeGenerator.h:
54605 (JSC::DFG::JITCodeGenerator::addressOfCallData):
54606 * dfg/DFGJITCompiler.cpp:
54607 (JSC::DFG::JITCompiler::compileFunction):
54608 * dfg/DFGJITCompiler.h:
54609 (JSC::DFG::CallRecord::CallRecord):
54610 (JSC::DFG::JITCompiler::notifyCall):
54611 (JSC::DFG::JITCompiler::appendCallWithFastExceptionCheck):
54612 (JSC::DFG::JITCompiler::addJSCall):
54613 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
54614 (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
54616 (JSC::DFG::Node::Node):
54617 (JSC::DFG::Node::child1):
54618 (JSC::DFG::Node::child2):
54619 (JSC::DFG::Node::child3):
54620 (JSC::DFG::Node::firstChild):
54621 (JSC::DFG::Node::numChildren):
54622 * dfg/DFGNonSpeculativeJIT.cpp:
54623 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
54624 (JSC::DFG::NonSpeculativeJIT::compare):
54625 (JSC::DFG::NonSpeculativeJIT::compile):
54626 * dfg/DFGOperations.cpp:
54627 * dfg/DFGOperations.h:
54628 * dfg/DFGRepatch.cpp:
54629 (JSC::DFG::dfgLinkCall):
54630 * dfg/DFGRepatch.h:
54631 * dfg/DFGSpeculativeJIT.cpp:
54632 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
54633 (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
54634 (JSC::DFG::SpeculativeJIT::compile):
54635 * dfg/DFGSpeculativeJIT.h:
54636 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
54637 * interpreter/CallFrame.h:
54638 (JSC::ExecState::calleeAsValue):
54641 (JSC::JIT::privateCompileMainPass):
54642 (JSC::JIT::privateCompileSlowCases):
54643 (JSC::JIT::privateCompile):
54644 (JSC::JIT::linkCall):
54645 (JSC::JIT::linkConstruct):
54647 (JSC::JIT::compileOpCall):
54649 (JSC::JITCode::JITCode):
54650 (JSC::JITCode::jitType):
54651 (JSC::JITCode::HostFunction):
54652 * runtime/JSFunction.h:
54653 * runtime/JSGlobalData.h:
54655 2011-07-05 Oliver Hunt <oliver@apple.com>
54657 Initialize new MarkStack member
54659 * heap/MarkStack.h:
54660 (JSC::MarkStack::MarkStack):
54662 2011-07-05 Oliver Hunt <oliver@apple.com>
54664 Don't throw out compiled code repeatedly
54665 https://bugs.webkit.org/show_bug.cgi?id=63960
54667 Reviewed by Gavin Barraclough.
54669 Stop throwing away all compiled code every time
54670 we're told to do a full GC. Instead unlink all
54671 callsites during such GC passes to maximise the
54672 number of collectable functions, but otherwise
54673 leave compiled functions alone.
54676 (JSGarbageCollect):
54677 * bytecode/CodeBlock.cpp:
54678 (JSC::CodeBlock::visitAggregate):
54680 (JSC::Heap::collectAllGarbage):
54681 * heap/MarkStack.h:
54682 (JSC::MarkStack::shouldUnlinkCalls):
54683 (JSC::MarkStack::setShouldUnlinkCalls):
54684 * runtime/JSGlobalData.cpp:
54685 (JSC::JSGlobalData::recompileAllJSFunctions):
54686 (JSC::JSGlobalData::releaseExecutableMemory):
54687 * runtime/RegExp.cpp:
54688 (JSC::RegExp::compile):
54689 (JSC::RegExp::invalidateCode):
54690 * runtime/RegExp.h:
54692 2011-07-05 Filip Pizlo <fpizlo@apple.com>
54694 JSC JIT has code duplication for the handling of call and construct
54695 https://bugs.webkit.org/show_bug.cgi?id=63957
54697 Reviewed by Gavin Barraclough.
54700 (JSC::JIT::linkFor):
54702 * jit/JITStubs.cpp:
54703 (JSC::jitCompileFor):
54704 (JSC::DEFINE_STUB_FUNCTION):
54705 (JSC::arityCheckFor):
54706 (JSC::lazyLinkFor):
54707 * runtime/Executable.h:
54708 (JSC::ExecutableBase::generatedJITCodeFor):
54709 (JSC::FunctionExecutable::compileFor):
54710 (JSC::FunctionExecutable::isGeneratedFor):
54711 (JSC::FunctionExecutable::generatedBytecodeFor):
54712 (JSC::FunctionExecutable::generatedJITCodeWithArityCheckFor):
54714 2011-07-05 Gavin Barraclough <barraclough@apple.com>
54716 Build fix following last patch.
54718 * runtime/JSFunction.cpp:
54719 (JSC::createPrototypeProperty):
54721 2011-07-05 Gavin Barraclough <barraclough@apple.com>
54723 https://bugs.webkit.org/show_bug.cgi?id=63947
54724 ASSERT running Object.preventExtensions(Math.sin)
54726 Reviewed by Oliver Hunt.
54728 This is due to calling scope() on a hostFunction as a part of
54729 calling createPrototypeProperty to reify the prototype property.
54730 But host functions don't have a prototype property anyway!
54732 Prevent callling createPrototypeProperty on a host function.
54734 * runtime/JSFunction.cpp:
54735 (JSC::JSFunction::createPrototypeProperty):
54736 (JSC::JSFunction::preventExtensions):
54738 2011-07-04 Gavin Barraclough <barraclough@apple.com>
54740 https://bugs.webkit.org/show_bug.cgi?id=63880
54741 Evaluation order of conversions of operands to >, >= incorrect.
54743 Reviewed by Sam Weinig.
54745 Add 'leftFirst' parameter to jsLess, jsLessEq matching that described in the ES5
54746 spec. This allows these methods to be reused to perform >, >= relational compares
54747 with correct ordering of type conversions.
54749 * dfg/DFGOperations.cpp:
54750 * interpreter/Interpreter.cpp:
54751 (JSC::Interpreter::privateExecute):
54752 * jit/JITStubs.cpp:
54753 (JSC::DEFINE_STUB_FUNCTION):
54754 * runtime/Operations.h:
54758 2011-07-04 Gavin Barraclough <barraclough@apple.com>
54760 Reviewed by Sam Weinig.
54762 https://bugs.webkit.org/show_bug.cgi?id=16652
54763 Firefox and JavaScriptCore differ in Number.toString(integer)
54765 Our arbitrary radix (2..36) toString conversion is inaccurate.
54766 This is partly because it uses doubles to perform math that requires
54767 higher accuracy, and partly becasue it does not attempt to correctly
54768 detect where to terminate, instead relying on a simple 'epsilon'.
54770 * runtime/NumberPrototype.cpp:
54771 (JSC::decomposeDouble):
54772 - helper function to extract sign, exponent, mantissa from IEEE doubles.
54773 (JSC::Uint16WithFraction::Uint16WithFraction):
54774 - helper class, u16int with infinite precision fraction, used to convert
54775 the fractional part of the number to a string.
54776 (JSC::Uint16WithFraction::operator*=):
54777 - Multiply by a uint16.
54778 (JSC::Uint16WithFraction::operator<):
54779 - Compare two Uint16WithFractions.
54780 (JSC::Uint16WithFraction::floorAndSubtract):
54781 - Extract the integer portion of the number, and subtract it (clears the integer portion).
54782 (JSC::Uint16WithFraction::comparePoint5):
54784 (JSC::Uint16WithFraction::sumGreaterThanOne):
54785 - Passed a second Uint16WithFraction, returns true if the result of adding
54786 the two values would be greater than one.
54787 (JSC::Uint16WithFraction::isNormalized):
54788 - Used by ASSERTs to consistency check internal representation.
54789 (JSC::BigInteger::BigInteger):
54790 - helper class, unbounded integer value, used to convert the integer part
54791 of the number to a string.
54792 (JSC::BigInteger::divide):
54793 - Divide this value through by a uint32.
54794 (JSC::BigInteger::operator!):
54796 (JSC::toStringWithRadix):
54797 - Performs number to string conversion, with the given radix (2..36).
54798 (JSC::numberProtoFuncToString):
54799 - Changed to use toStringWithRadix.
54801 2011-07-04 Gavin Barraclough <barraclough@apple.com>
54803 https://bugs.webkit.org/show_bug.cgi?id=63881
54804 Need separate bytecodes for handling >, >= comparisons.
54806 Reviewed by Oliver Hunt.
54808 This clears the way to fix Bug#63880. We currently handle greater-than comparisons
54809 as being using the corresponding op_less, etc opcodes. This is incorrect with
54810 respect to evaluation ordering of the implicit conversions performed on operands -
54811 we should be calling ToPrimitive on the LHS and RHS operands to the greater than,
54812 but instead convert RHS then LHS.
54814 This patch adds opcodes for greater-than comparisons mirroring existing ones used
54817 * bytecode/CodeBlock.cpp:
54818 (JSC::CodeBlock::dump):
54819 * bytecode/Opcode.h:
54820 * bytecompiler/BytecodeGenerator.cpp:
54821 (JSC::BytecodeGenerator::emitJumpIfTrue):
54822 (JSC::BytecodeGenerator::emitJumpIfFalse):
54823 * bytecompiler/NodesCodegen.cpp:
54824 * dfg/DFGByteCodeParser.cpp:
54825 (JSC::DFG::ByteCodeParser::parseBlock):
54827 * dfg/DFGNonSpeculativeJIT.cpp:
54828 (JSC::DFG::NonSpeculativeJIT::compare):
54829 (JSC::DFG::NonSpeculativeJIT::compile):
54830 * dfg/DFGNonSpeculativeJIT.h:
54831 * dfg/DFGOperations.cpp:
54832 * dfg/DFGOperations.h:
54833 * dfg/DFGSpeculativeJIT.cpp:
54834 (JSC::DFG::SpeculativeJIT::compare):
54835 (JSC::DFG::SpeculativeJIT::compile):
54836 * dfg/DFGSpeculativeJIT.h:
54837 * interpreter/Interpreter.cpp:
54838 (JSC::Interpreter::privateExecute):
54840 (JSC::JIT::privateCompileMainPass):
54841 (JSC::JIT::privateCompileSlowCases):
54843 (JSC::JIT::emit_op_loop_if_greater):
54844 (JSC::JIT::emitSlow_op_loop_if_greater):
54845 (JSC::JIT::emit_op_loop_if_greatereq):
54846 (JSC::JIT::emitSlow_op_loop_if_greatereq):
54847 * jit/JITArithmetic.cpp:
54848 (JSC::JIT::emit_op_jgreater):
54849 (JSC::JIT::emit_op_jgreatereq):
54850 (JSC::JIT::emit_op_jngreater):
54851 (JSC::JIT::emit_op_jngreatereq):
54852 (JSC::JIT::emitSlow_op_jgreater):
54853 (JSC::JIT::emitSlow_op_jgreatereq):
54854 (JSC::JIT::emitSlow_op_jngreater):
54855 (JSC::JIT::emitSlow_op_jngreatereq):
54856 (JSC::JIT::emit_compareAndJumpSlow):
54857 * jit/JITArithmetic32_64.cpp:
54858 (JSC::JIT::emitBinaryDoubleOp):
54859 * jit/JITStubs.cpp:
54860 (JSC::DEFINE_STUB_FUNCTION):
54862 * parser/NodeConstructors.h:
54863 (JSC::GreaterNode::GreaterNode):
54864 (JSC::GreaterEqNode::GreaterEqNode):
54867 2011-07-03 Gavin Barraclough <barraclough@apple.com>
54869 https://bugs.webkit.org/show_bug.cgi?id=63879
54870 Reduce code duplication for op_jless, op_jlesseq, op_jnless, op_jnlesseq.
54872 Reviewed by Sam Weinig.
54874 There is a lot of copy & paste code here; we can reduce duplication by making
54875 a shared implementation.
54877 * assembler/MacroAssembler.h:
54878 (JSC::MacroAssembler::branch32):
54879 (JSC::MacroAssembler::commute):
54880 - Make these function platform agnostic.
54881 * assembler/MacroAssemblerX86Common.h:
54882 - Moved branch32/commute up to MacroAssembler.
54884 (JSC::JIT::emit_op_loop_if_lesseq):
54885 (JSC::JIT::emitSlow_op_loop_if_lesseq):
54886 - Add an implementation matching that for op_loop_if_less, which just calls op_jless.
54887 * jit/JITArithmetic.cpp:
54888 (JSC::JIT::emit_op_jless):
54889 (JSC::JIT::emit_op_jlesseq):
54890 (JSC::JIT::emit_op_jnless):
54891 (JSC::JIT::emit_op_jnlesseq):
54892 (JSC::JIT::emitSlow_op_jless):
54893 (JSC::JIT::emitSlow_op_jlesseq):
54894 (JSC::JIT::emitSlow_op_jnless):
54895 (JSC::JIT::emitSlow_op_jnlesseq):
54896 - Common implmentations of these methods for JSVALUE64 & JSVALUE32_64.
54897 (JSC::JIT::emit_compareAndJump):
54898 (JSC::JIT::emit_compareAndJumpSlow):
54899 - Internal implmementation of jless etc for JSVALUE64.
54900 * jit/JITArithmetic32_64.cpp:
54901 (JSC::JIT::emit_compareAndJump):
54902 (JSC::JIT::emit_compareAndJumpSlow):
54903 - Internal implmementation of jless etc for JSVALUE32_64.
54904 * jit/JITOpcodes.cpp:
54905 * jit/JITOpcodes32_64.cpp:
54906 * jit/JITStubs.cpp:
54908 - Remove old implementation of emit_op_loop_if_lesseq.
54910 2011-07-03 Sheriff Bot <webkit.review.bot@gmail.com>
54912 Unreviewed, rolling out r90347.
54913 http://trac.webkit.org/changeset/90347
54914 https://bugs.webkit.org/show_bug.cgi?id=63886
54916 Build breaks on Leopard, Chromium-win, WinCairo, and WinCE.
54917 (Requested by tkent on #webkit).
54919 * JavaScriptCore.xcodeproj/project.pbxproj:
54920 * runtime/BigInteger.h: Removed.
54921 * runtime/NumberPrototype.cpp:
54922 (JSC::numberProtoFuncToPrecision):
54923 (JSC::numberProtoFuncToString):
54924 * runtime/Uint16WithFraction.h: Removed.
54925 * wtf/MathExtras.h:
54927 2011-06-30 Gavin Barraclough <barraclough@apple.com>
54929 Reviewed by Sam Weinig.
54931 https://bugs.webkit.org/show_bug.cgi?id=16652
54932 Firefox and JavaScriptCore differ in Number.toString(integer)
54934 Our arbitrary radix (2..36) toString conversion is inaccurate.
54935 This is partly because it uses doubles to perform math that requires
54936 higher accuracy, and partly becasue it does not attempt to correctly
54937 detect where to terminate, instead relying on a simple 'epsilon'.
54939 * runtime/NumberPrototype.cpp:
54940 (JSC::decomposeDouble):
54941 - helper function to extract sign, exponent, mantissa from IEEE doubles.
54942 (JSC::Uint16WithFraction::Uint16WithFraction):
54943 - helper class, u16int with infinite precision fraction, used to convert
54944 the fractional part of the number to a string.
54945 (JSC::Uint16WithFraction::operator*=):
54946 - Multiply by a uint16.
54947 (JSC::Uint16WithFraction::operator<):
54948 - Compare two Uint16WithFractions.
54949 (JSC::Uint16WithFraction::floorAndSubtract):
54950 - Extract the integer portion of the number, and subtract it (clears the integer portion).
54951 (JSC::Uint16WithFraction::comparePoint5):
54953 (JSC::Uint16WithFraction::sumGreaterThanOne):
54954 - Passed a second Uint16WithFraction, returns true if the result of adding
54955 the two values would be greater than one.
54956 (JSC::Uint16WithFraction::isNormalized):
54957 - Used by ASSERTs to consistency check internal representation.
54958 (JSC::BigInteger::BigInteger):
54959 - helper class, unbounded integer value, used to convert the integer part
54960 of the number to a string.
54961 (JSC::BigInteger::divide):
54962 - Divide this value through by a uint32.
54963 (JSC::BigInteger::operator!):
54965 (JSC::toStringWithRadix):
54966 - Performs number to string conversion, with the given radix (2..36).
54967 (JSC::numberProtoFuncToString):
54968 - Changed to use toStringWithRadix.
54970 2011-07-02 Gavin Barraclough <barraclough@apple.com>
54972 https://bugs.webkit.org/show_bug.cgi?id=63866
54973 DFG JIT - implement instanceof
54975 Reviewed by Sam Weinig.
54977 Add ops CheckHasInstance & InstanceOf to implement bytecodes
54978 op_check_has_instance & op_instanceof. This is an initial
54979 functional implementation, performance is a wash. We can
54980 follow up with changes to fuse the InstanceOf node with
54981 a subsequant branch, as we do with other comparisons.
54983 * dfg/DFGByteCodeParser.cpp:
54984 (JSC::DFG::ByteCodeParser::parseBlock):
54985 * dfg/DFGJITCompiler.cpp:
54986 (JSC::DFG::JITCompiler::jitAssertIsCell):
54987 * dfg/DFGJITCompiler.h:
54988 (JSC::DFG::JITCompiler::jitAssertIsCell):
54990 * dfg/DFGNonSpeculativeJIT.cpp:
54991 (JSC::DFG::NonSpeculativeJIT::compile):
54992 * dfg/DFGOperations.cpp:
54993 * dfg/DFGOperations.h:
54994 * dfg/DFGSpeculativeJIT.cpp:
54995 (JSC::DFG::SpeculativeJIT::compile):
54997 2011-07-01 Oliver Hunt <oliver@apple.com>
54999 IE Web Workers demo crashes in JSC::SlotVisitor::visitChildren()
55000 https://bugs.webkit.org/show_bug.cgi?id=63732
55002 Reviewed by Gavin Barraclough.
55004 Initialise the memory at the head of the new storage so that
55005 GC is safe if triggered by reportExtraMemoryCost.
55007 * runtime/JSArray.cpp:
55008 (JSC::JSArray::increaseVectorPrefixLength):
55010 2011-07-01 Oliver Hunt <oliver@apple.com>
55012 GC sweep can occur before an object is completely initialised
55013 https://bugs.webkit.org/show_bug.cgi?id=63836
55015 Reviewed by Gavin Barraclough.
55017 In rare cases it's possible for a GC sweep to occur while a
55018 live, but not completely initialised object is on the stack.
55019 In such a case we may incorrectly choose to mark it, even
55020 though it has no children that need marking.
55022 We resolve this by always zeroing out the structure of any
55023 value returned from JSCell::operator new(), and making the
55024 markstack tolerant of a null structure.
55026 * runtime/JSCell.h:
55027 (JSC::JSCell::JSCell::~JSCell):
55028 (JSC::JSCell::JSCell::operator new):
55029 * runtime/Structure.h:
55030 (JSC::MarkStack::internalAppend):
55032 2011-07-01 Filip Pizlo <fpizlo@apple.com>
55034 Reviewed by Gavin Barraclough.
55036 DFG non-speculative JIT always performs slow C calls for div and mod.
55037 https://bugs.webkit.org/show_bug.cgi?id=63684
55039 * dfg/DFGNonSpeculativeJIT.cpp:
55040 (JSC::DFG::NonSpeculativeJIT::compile):
55042 2011-07-01 Juan C. Montemayor <jmont@apple.com>
55044 Reviewed by Oliver Hunt.
55046 Lexer error messages are currently appalling
55047 https://bugs.webkit.org/show_bug.cgi?id=63340
55049 Added error messages for the Lexer. These messages will be displayed
55050 instead of the lexer error messages from the parser that are currently
55053 * parser/Lexer.cpp:
55054 (JSC::Lexer::getInvalidCharMessage):
55055 (JSC::Lexer::setCode):
55056 (JSC::Lexer::parseString):
55058 (JSC::Lexer::clear):
55060 (JSC::Lexer::getErrorMessage):
55061 (JSC::Lexer::setOffset):
55062 * parser/Parser.cpp:
55063 (JSC::Parser::parse):
55065 2011-07-01 Jungshik Shin <jshin@chromium.org>
55067 Reviewed by Alexey Proskuryakov.
55069 Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
55070 build files for ports not using ICU.
55071 Add icu/unicode/uscript.h for ports using ICU. It's taken from
55072 ICU 3.6 (the version used on Mac OS 10.5)
55074 http://bugs.webkit.org/show_bug.cgi?id=20797
55076 * GNUmakefile.list.am:
55077 * JavaScriptCore.gypi:
55078 * icu/unicode/uscript.h: Added for UScriptCode enum.
55079 * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
55080 * wtf/unicode/icu/UnicodeIcu.h:
55081 * wtf/unicode/brew/UnicodeBrew.h:
55082 * wtf/unicode/glib/UnicodeGLib.h:
55083 * wtf/unicode/qt4/UnicodeQt4.h:
55084 * wtf/unicode/wince/UnicodeWinCE.h:
55086 2011-07-01 Gavin Barraclough <barraclough@apple.com>
55088 Reviewed by Sam Weinig.
55090 https://bugs.webkit.org/show_bug.cgi?id=63819
55091 Escaping of forwardslashes in strings incorrect if multiple exist.
55093 The bug is in the parameters passed to a substring - should be
55094 start & length, but we're passing start & end indices!
55096 * runtime/RegExpObject.cpp:
55097 (JSC::regExpObjectSource):
55099 2011-07-01 Adam Roben <aroben@apple.com>
55102 http://trac.webkit.org/changeset/90194
55103 https://bugs.webkit.org/show_bug.cgi?id=63778
55105 Fixes <http://webkit.org/b/63812> REGRESSION (r90194): Multiple tests intermittently failing
55106 assertions in WriteBarrierBase<JSC::Structure>::get
55108 * runtime/JSCell.h:
55109 (JSC::JSCell::JSCell::~JSCell):
55111 2011-06-30 Oliver Hunt <oliver@apple.com>
55113 Reviewed by Gavin Barraclough.
55115 Add optimised paths for a few maths functions
55116 https://bugs.webkit.org/show_bug.cgi?id=63757
55118 Relanding as a Mac only patch.
55120 This adds specialised thunks for Math.abs, Math.round, Math.ceil,
55121 Math.floor, Math.log, and Math.exp as they are apparently more
55122 important in real web content than we thought, which is somewhat
55123 mind-boggling. On average doubles the performance of the common
55124 cases (eg. actually passing numbers in). They're not as efficient
55125 as they could be, but this way gives them the most portability.
55127 * assembler/MacroAssemblerARM.h:
55128 (JSC::MacroAssemblerARM::supportsDoubleBitops):
55129 (JSC::MacroAssemblerARM::andnotDouble):
55130 * assembler/MacroAssemblerARMv7.h:
55131 (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
55132 (JSC::MacroAssemblerARMv7::andnotDouble):
55133 * assembler/MacroAssemblerMIPS.h:
55134 (JSC::MacroAssemblerMIPS::andnotDouble):
55135 (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
55136 * assembler/MacroAssemblerSH4.h:
55137 (JSC::MacroAssemblerSH4::supportsDoubleBitops):
55138 (JSC::MacroAssemblerSH4::andnotDouble):
55139 * assembler/MacroAssemblerX86.h:
55140 (JSC::MacroAssemblerX86::supportsDoubleBitops):
55141 * assembler/MacroAssemblerX86Common.h:
55142 (JSC::MacroAssemblerX86Common::andnotDouble):
55143 * assembler/MacroAssemblerX86_64.h:
55144 (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
55145 * assembler/X86Assembler.h:
55146 (JSC::X86Assembler::andnpd_rr):
55147 * create_hash_table:
55148 * jit/SpecializedThunkJIT.h:
55149 (JSC::SpecializedThunkJIT::finalize):
55150 (JSC::SpecializedThunkJIT::callDoubleToDouble):
55151 * jit/ThunkGenerators.cpp:
55152 (JSC::floorThunkGenerator):
55153 (JSC::ceilThunkGenerator):
55154 (JSC::roundThunkGenerator):
55155 (JSC::expThunkGenerator):
55156 (JSC::logThunkGenerator):
55157 (JSC::absThunkGenerator):
55158 * jit/ThunkGenerators.h:
55160 2011-07-01 David Kilzer <ddkilzer@apple.com>
55162 <http://webkit.org/b/63814> Fix clang build error in JITOpcodes32_64.cpp
55164 Fixes the following build error in clang:
55166 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:9-741:35}: error: operator '?:' has lower precedence than '+'; '+' will be evaluated first [-Werror,-Wparentheses,3]
55167 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
55168 ~~~~~~~~~~~~~~~~~~~~~~~~~~ ^
55169 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36: note: place parentheses around the '+' expression to silence this warning [3]
55170 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
55173 fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:9-741:9}:"("
55174 fix-it:"JavaScriptCore/jit/JITOpcodes32_64.cpp":{741:35-741:35}:")"
55175 JavaScriptCore/jit/JITOpcodes32_64.cpp:741:36:{741:28-741:94}: note: place parentheses around the '?:' expression to evaluate it first [3]
55176 map(m_bytecodeOffset + dynamic ? OPCODE_LENGTH(op_resolve_global_dynamic) : OPCODE_LENGTH(op_resolve_global), dst, regT1, regT0);
55177 ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
55180 * jit/JITOpcodes32_64.cpp:
55181 (JSC::JIT::emit_op_resolve_global): Add parenthesis to make the
55182 tertiary expression evaluate first.
55184 2011-07-01 Sheriff Bot <webkit.review.bot@gmail.com>
55186 Unreviewed, rolling out r90177 and r90179.
55187 http://trac.webkit.org/changeset/90177
55188 http://trac.webkit.org/changeset/90179
55189 https://bugs.webkit.org/show_bug.cgi?id=63790
55191 It caused crashes on Qt in debug mode (Requested by Ossy on
55194 * assembler/MacroAssemblerARM.h:
55195 (JSC::MacroAssemblerARM::rshift32):
55196 (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
55197 (JSC::MacroAssemblerARM::sqrtDouble):
55198 * assembler/MacroAssemblerARMv7.h:
55199 (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
55200 (JSC::MacroAssemblerARMv7::sqrtDouble):
55201 * assembler/MacroAssemblerMIPS.h:
55202 (JSC::MacroAssemblerMIPS::sqrtDouble):
55203 (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
55204 * assembler/MacroAssemblerSH4.h:
55205 (JSC::MacroAssemblerSH4::sqrtDouble):
55206 * assembler/MacroAssemblerX86.h:
55207 * assembler/MacroAssemblerX86Common.h:
55208 * assembler/MacroAssemblerX86_64.h:
55209 * assembler/X86Assembler.h:
55210 * create_hash_table:
55211 * jit/JSInterfaceJIT.h:
55212 (JSC::JSInterfaceJIT::emitLoadDouble):
55213 * jit/SpecializedThunkJIT.h:
55214 (JSC::SpecializedThunkJIT::finalize):
55215 * jit/ThunkGenerators.cpp:
55216 * jit/ThunkGenerators.h:
55218 2011-06-30 Oliver Hunt <oliver@apple.com>
55220 Reviewed by Beth Dakin.
55222 Make GC validation clear cell structure on destruction
55223 https://bugs.webkit.org/show_bug.cgi?id=63778
55225 * runtime/JSCell.h:
55226 (JSC::JSCell::JSCell::~JSCell):
55228 2011-06-30 Geoffrey Garen <ggaren@apple.com>
55230 Reviewed by Gavin Barraclough.
55232 Added write barrier that was missing from put_by_id_transition
55233 https://bugs.webkit.org/show_bug.cgi?id=63775
55235 * dfg/DFGJITCodeGenerator.cpp:
55236 (JSC::DFG::JITCodeGenerator::writeBarrier): Made this static with a
55237 MacroAssembler& argument so our patching functions could use it.
55239 (JSC::DFG::JITCodeGenerator::cachedPutById):
55240 * dfg/DFGJITCodeGenerator.h:
55241 * dfg/DFGNonSpeculativeJIT.cpp:
55242 (JSC::DFG::NonSpeculativeJIT::compile): Updated for signature change.
55244 * dfg/DFGRepatch.cpp:
55245 (JSC::DFG::tryCachePutByID): Missing barrier!
55247 * dfg/DFGSpeculativeJIT.cpp:
55248 (JSC::DFG::SpeculativeJIT::compile): Updated for signature change.
55250 * jit/JITPropertyAccess.cpp:
55251 (JSC::JIT::privateCompilePutByIdTransition):
55252 * jit/JITPropertyAccess32_64.cpp:
55253 (JSC::JIT::privateCompilePutByIdTransition):
55254 * jit/JSInterfaceJIT.h: Same game here. Removed storePtrWithWriteBarrier
55255 because its meaning isn't clear -- maybe in the future we'll have a
55256 clear way to pass all stores through a common function that guarantees
55257 a write barrier, but that's not the case right now.
55259 2011-06-30 Filip Pizlo <fpizlo@apple.com>
55261 Reviewed by Gavin Barraclough.
55263 DFG non-speculative JIT does not reuse registers when compiling comparisons.
55264 https://bugs.webkit.org/show_bug.cgi?id=63565
55266 * dfg/DFGNonSpeculativeJIT.cpp:
55267 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
55268 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
55269 (JSC::DFG::NonSpeculativeJIT::compare):
55271 2011-06-30 Geoffrey Garen <ggaren@apple.com>
55273 Reviewed by Gavin Barraclough.
55275 Added empty write barrier stubs in all the right places in the DFG JIT
55276 https://bugs.webkit.org/show_bug.cgi?id=63764
55278 SunSpider thinks this might be a 0.5% speedup. Meh.
55280 * dfg/DFGJITCodeGenerator.cpp:
55281 (JSC::DFG::JITCodeGenerator::writeBarrier): Le stub.
55283 (JSC::DFG::JITCodeGenerator::cachedPutById): Don't do anything special
55284 for the case where base == scratch, since we now require base and scratch
55285 to be not equal, for the sake of the write barrier.
55287 * dfg/DFGJITCodeGenerator.h: Le stub.
55289 * dfg/DFGNonSpeculativeJIT.cpp:
55290 (JSC::DFG::NonSpeculativeJIT::compile): Don't reuse the base register
55291 as the scratch register, since that's incompatible with the write barrier,
55292 which needs a distinct base and scratch.
55294 Do put the global object into a register before loading its var storage,
55295 since it needs to be in a register for the write barrier to operate on it.
55297 * dfg/DFGSpeculativeJIT.cpp:
55298 (JSC::DFG::SpeculativeJIT::compile):
55299 * jit/JITPropertyAccess.cpp:
55300 (JSC::JIT::emitWriteBarrier): Second verse, same as the first.
55302 * jit/JITPropertyAccess.cpp:
55303 (JSC::JIT::emit_op_get_scoped_var):
55304 (JSC::JIT::emit_op_put_scoped_var):
55305 (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
55308 (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
55309 is a little more than meaningless.
55311 * jit/JITPropertyAccess32_64.cpp:
55312 (JSC::JIT::emit_op_get_scoped_var):
55313 (JSC::JIT::emit_op_put_scoped_var):
55314 (JSC::JIT::emit_op_put_global_var): Deployed offsetOfRegisters() to more
55317 (JSC::JIT::emitWriteBarrier): Added a teeny tiny ASSERT so this function
55318 is a little more than meaningless.
55320 * runtime/JSVariableObject.h:
55321 (JSC::JSVariableObject::offsetOfRegisters): Now used by the JIT, since
55322 we put the global object in a register and only then load its var storage
55325 (JSC::JIT::emitWriteBarrier):
55327 2011-06-30 Oliver Hunt <oliver@apple.com>
55331 * assembler/MacroAssemblerARM.h:
55332 (JSC::MacroAssemblerARM::rshift32):
55334 2011-06-30 Oliver Hunt <oliver@apple.com>
55336 Reviewed by Gavin Barraclough.
55338 Add optimised paths for a few maths functions
55339 https://bugs.webkit.org/show_bug.cgi?id=63757
55341 This adds specialised thunks for Math.abs, Math.round, Math.ceil,
55342 Math.floor, Math.log, and Math.exp as they are apparently more
55343 important in real web content than we thought, which is somewhat
55344 mind-boggling. On average doubles the performance of the common
55345 cases (eg. actually passing numbers in). They're not as efficient
55346 as they could be, but this way gives them the most portability.
55348 * assembler/MacroAssemblerARM.h:
55349 (JSC::MacroAssemblerARM::supportsDoubleBitops):
55350 (JSC::MacroAssemblerARM::andnotDouble):
55351 * assembler/MacroAssemblerARMv7.h:
55352 (JSC::MacroAssemblerARMv7::supportsDoubleBitops):
55353 (JSC::MacroAssemblerARMv7::andnotDouble):
55354 * assembler/MacroAssemblerMIPS.h:
55355 (JSC::MacroAssemblerMIPS::andnotDouble):
55356 (JSC::MacroAssemblerMIPS::supportsDoubleBitops):
55357 * assembler/MacroAssemblerSH4.h:
55358 (JSC::MacroAssemblerSH4::supportsDoubleBitops):
55359 (JSC::MacroAssemblerSH4::andnotDouble):
55360 * assembler/MacroAssemblerX86.h:
55361 (JSC::MacroAssemblerX86::supportsDoubleBitops):
55362 * assembler/MacroAssemblerX86Common.h:
55363 (JSC::MacroAssemblerX86Common::andnotDouble):
55364 * assembler/MacroAssemblerX86_64.h:
55365 (JSC::MacroAssemblerX86_64::supportsDoubleBitops):
55366 * assembler/X86Assembler.h:
55367 (JSC::X86Assembler::andnpd_rr):
55368 * create_hash_table:
55369 * jit/SpecializedThunkJIT.h:
55370 (JSC::SpecializedThunkJIT::finalize):
55371 (JSC::SpecializedThunkJIT::callDoubleToDouble):
55372 * jit/ThunkGenerators.cpp:
55373 (JSC::floorThunkGenerator):
55374 (JSC::ceilThunkGenerator):
55375 (JSC::roundThunkGenerator):
55376 (JSC::expThunkGenerator):
55377 (JSC::logThunkGenerator):
55378 (JSC::absThunkGenerator):
55379 * jit/ThunkGenerators.h:
55381 2011-06-30 Cary Clark <caryclark@google.com>
55383 Reviewed by James Robinson.
55385 Use Skia if Skia on Mac Chrome is enabled
55386 https://bugs.webkit.org/show_bug.cgi?id=62999
55389 Add switch to use Skia if, externally,
55390 Skia has been enabled by a gyp define.
55392 2011-06-30 Juan C. Montemayor <jmont@apple.com>
55394 Reviewed by Geoffrey Garen.
55396 Web Inspector fails to display source for eval with syntax error
55397 https://bugs.webkit.org/show_bug.cgi?id=63583
55399 Web Inspector now displays a link to an eval statement that contains
55405 (JSC::Parser::parse):
55407 2011-06-30 Filip Pizlo <fpizlo@apple.com>
55409 Reviewed by Gavin Barraclough.
55411 X86Assembler does not encode byte registers in 64-bit mode correctly.
55412 https://bugs.webkit.org/show_bug.cgi?id=63665
55414 * assembler/X86Assembler.h:
55415 (JSC::X86Assembler::testb_rr):
55416 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp8):
55418 2011-06-30 Sheriff Bot <webkit.review.bot@gmail.com>
55420 Unreviewed, rolling out r90102.
55421 http://trac.webkit.org/changeset/90102
55422 https://bugs.webkit.org/show_bug.cgi?id=63714
55424 Lots of tests asserting beneath
55425 SVGSMILElement::findInstanceTime (Requested by aroben on
55428 * wtf/StdLibExtras.h:
55429 (WTF::binarySearch):
55431 2011-06-30 Oliver Varga <Varga.Oliver@stud.u-szeged.hu>
55433 Reviewed by Nikolas Zimmermann.
55435 Speed up SVGSMILElement::findInstanceTime.
55436 https://bugs.webkit.org/show_bug.cgi?id=61025
55438 Add a new parameter to StdlibExtras.h::binarySerarch function
55439 to also handle cases when the array does not contain the key value.
55440 This is needed for an svg function.
55442 * wtf/StdLibExtras.h:
55443 (WTF::binarySearch):
55445 2011-06-29 Gavin Barraclough <barraclough@apple.com>
55447 Reviewed by Geoff Garen.
55449 https://bugs.webkit.org/show_bug.cgi?id=63669
55450 DFG JIT - fix spectral-norm regression
55452 The problem is a mis-speculation leading to us falling off the speculative path.
55453 Make the speculation logic slightly smarter, don't predict int if one of the
55454 operands is already loaded as a double (we use this logic already for compares).
55456 * dfg/DFGSpeculativeJIT.cpp:
55457 (JSC::DFG::SpeculativeJIT::compile):
55458 * dfg/DFGSpeculativeJIT.h:
55459 (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
55461 2011-06-29 Filip Pizlo <fpizlo@apple.com>
55463 Reviewed by Gavin Barraclough.
55465 DFG JIT does not do put_by_id transition caching.
55466 https://bugs.webkit.org/show_bug.cgi?id=63662
55468 * dfg/DFGJITCodeGenerator.cpp:
55469 (JSC::DFG::JITCodeGenerator::cachedPutById):
55470 * dfg/DFGJITCompiler.h:
55471 (JSC::DFG::JITCompiler::addPropertyAccess):
55472 * dfg/DFGRepatch.cpp:
55473 (JSC::DFG::testPrototype):
55474 (JSC::DFG::tryCachePutByID):
55476 2011-06-29 Geoffrey Garen <ggaren@apple.com>
55478 Reviewed by Oliver Hunt.
55480 Added a dummy write barrier emitting function in all the right places in the old JIT
55481 https://bugs.webkit.org/show_bug.cgi?id=63667
55483 SunSpider reports no change.
55486 * jit/JITPropertyAccess.cpp:
55487 (JSC::JIT::emit_op_put_by_id):
55488 (JSC::JIT::emit_op_put_scoped_var): Do it.
55490 (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
55491 for the sake of the write barrier.
55493 (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
55495 * jit/JITPropertyAccess32_64.cpp:
55496 (JSC::JIT::emit_op_put_by_val):
55497 (JSC::JIT::emit_op_put_by_id):
55498 (JSC::JIT::emit_op_put_scoped_var): Do it.
55500 (JSC::JIT::emit_op_put_global_var): Global object needs to be in a register
55501 for the sake of the write barrier.
55503 (JSC::JIT::emitWriteBarrier): Empty for now. Not for long!
55505 2011-06-29 Filip Pizlo <fpizlo@apple.com>
55507 Reviewed by Gavin Barraclough.
55509 DFG JIT does not perform get_by_id self list caching.
55510 https://bugs.webkit.org/show_bug.cgi?id=63605
55512 * bytecode/StructureStubInfo.h:
55513 * dfg/DFGJITCompiler.cpp:
55514 (JSC::DFG::JITCompiler::compileFunction):
55515 * dfg/DFGOperations.cpp:
55516 * dfg/DFGOperations.h:
55517 * dfg/DFGRepatch.cpp:
55518 (JSC::DFG::tryCacheGetByID):
55519 (JSC::DFG::tryBuildGetByIDList):
55520 (JSC::DFG::dfgBuildGetByIDList):
55521 * dfg/DFGRepatch.h:
55523 2011-06-28 Filip Pizlo <fpizlo@apple.com>
55525 Reviewed by Gavin Barraclough.
55527 DFG JIT lacks array.length caching.
55528 https://bugs.webkit.org/show_bug.cgi?id=63505
55530 * bytecode/StructureStubInfo.h:
55531 * dfg/DFGJITCodeGenerator.cpp:
55532 (JSC::DFG::JITCodeGenerator::cachedGetById):
55533 (JSC::DFG::JITCodeGenerator::cachedPutById):
55534 * dfg/DFGJITCodeGenerator.h:
55535 (JSC::DFG::JITCodeGenerator::tryAllocate):
55536 (JSC::DFG::JITCodeGenerator::selectScratchGPR):
55537 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
55538 * dfg/DFGJITCompiler.cpp:
55539 (JSC::DFG::JITCompiler::compileFunction):
55540 * dfg/DFGJITCompiler.h:
55541 (JSC::DFG::JITCompiler::addPropertyAccess):
55542 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
55543 * dfg/DFGRegisterBank.h:
55544 (JSC::DFG::RegisterBank::tryAllocate):
55545 * dfg/DFGRepatch.cpp:
55546 (JSC::DFG::tryCacheGetByID):
55548 2011-06-28 Pierre Rossi <pierre.rossi@gmail.com>
55550 Reviewed by Eric Seidel.
55552 Warnings in JSC's JIT on 32 bit
55553 https://bugs.webkit.org/show_bug.cgi?id=63259
55555 Fairly straightforward, just use ASSERT_JIT_OFFSET_UNUSED when it applies.
55557 * jit/JITPropertyAccess32_64.cpp:
55558 (JSC::JIT::emit_op_method_check):
55559 (JSC::JIT::compileGetByIdHotPath):
55560 (JSC::JIT::emit_op_put_by_id):
55562 2011-06-28 Sheriff Bot <webkit.review.bot@gmail.com>
55564 Unreviewed, rolling out r89968.
55565 http://trac.webkit.org/changeset/89968
55566 https://bugs.webkit.org/show_bug.cgi?id=63581
55568 Broke chromium windows compile (Requested by jamesr on
55573 2011-06-28 Oliver Hunt <oliver@apple.com>
55575 Reviewed by Gavin Barraclough.
55578 https://bugs.webkit.org/show_bug.cgi?id=63579
55580 Gets opcode sampling building again, doesn't seem to work alas
55582 * bytecode/SamplingTool.cpp:
55583 (JSC::SamplingTool::notifyOfScope):
55584 * bytecode/SamplingTool.h:
55585 (JSC::SamplingTool::SamplingTool):
55586 * interpreter/Interpreter.cpp:
55587 (JSC::Interpreter::enableSampler):
55588 * runtime/Executable.h:
55589 (JSC::ScriptExecutable::ScriptExecutable):
55591 2011-06-28 Cary Clark <caryclark@google.com>
55593 Reviewed by James Robinson.
55595 Use Skia if Skia on Mac Chrome is enabled
55596 https://bugs.webkit.org/show_bug.cgi?id=62999
55599 Add switch to use Skia if, externally,
55600 Skia has been enabled by a gyp define.
55602 2011-06-28 Oliver Hunt <oliver@apple.com>
55604 Reviewed by Gavin Barraclough.
55606 ASSERT when launching debug builds with interpreter and jit enabled
55607 https://bugs.webkit.org/show_bug.cgi?id=63566
55609 Add appropriate guards to the various Executable's memory reporting
55612 * runtime/Executable.cpp:
55613 (JSC::EvalExecutable::compileInternal):
55614 (JSC::ProgramExecutable::compileInternal):
55615 (JSC::FunctionExecutable::compileForCallInternal):
55616 (JSC::FunctionExecutable::compileForConstructInternal):
55618 2011-06-28 Gavin Barraclough <barraclough@apple.com>
55620 Reviewed by Oliver Hunt.
55622 https://bugs.webkit.org/show_bug.cgi?id=63563
55623 DFG JIT - add support for double arith to speculative path
55625 Add integer support for div & mod, add double support for div, mod,
55626 add, sub & mul, dynamically selecting based on operand types.
55628 * dfg/DFGJITCodeGenerator.cpp:
55629 (JSC::DFG::FPRTemporary::FPRTemporary):
55630 * dfg/DFGJITCodeGenerator.h:
55631 * dfg/DFGJITCompiler.h:
55632 (JSC::DFG::JITCompiler::assembler):
55633 * dfg/DFGSpeculativeJIT.cpp:
55634 (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
55635 (JSC::DFG::SpeculativeJIT::compile):
55636 * dfg/DFGSpeculativeJIT.h:
55637 (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
55638 (JSC::DFG::SpeculateDoubleOperand::~SpeculateDoubleOperand):
55639 (JSC::DFG::SpeculateDoubleOperand::index):
55640 (JSC::DFG::SpeculateDoubleOperand::fpr):
55642 2011-06-28 Oliver Hunt <oliver@apple.com>
55644 Fix interpreter build.
55646 * interpreter/Interpreter.cpp:
55647 (JSC::Interpreter::privateExecute):
55649 2011-06-28 Gavin Barraclough <barraclough@apple.com>
55651 Reviewed by Oliver Hunt.
55653 https://bugs.webkit.org/show_bug.cgi?id=63561
55654 DFG JIT - don't always assume integer in relational compare
55656 If neither operand is known integer, or either is in double representation,
55657 then at least use a function call (don't bail off the speculative path).
55659 * dfg/DFGSpeculativeJIT.cpp:
55660 (JSC::DFG::SpeculativeJIT::compilePeepHoleCall):
55661 (JSC::DFG::SpeculativeJIT::compile):
55662 * dfg/DFGSpeculativeJIT.h:
55663 (JSC::DFG::SpeculativeJIT::isDataFormatDouble):
55664 (JSC::DFG::SpeculativeJIT::compareIsInteger):
55666 2011-06-28 Oliver Hunt <oliver@apple.com>
55668 Reviewed by Gavin Barraclough.
55670 Make constant array optimisation less strict about what constitutes a constant
55671 https://bugs.webkit.org/show_bug.cgi?id=63554
55673 Now allow string constants in array literals to actually be considered constant,
55674 and so avoid codegen in array literals with strings in them.
55676 * bytecode/CodeBlock.h:
55677 (JSC::CodeBlock::addConstantBuffer):
55678 (JSC::CodeBlock::constantBuffer):
55679 * bytecompiler/BytecodeGenerator.cpp:
55680 (JSC::BytecodeGenerator::addConstantBuffer):
55681 (JSC::BytecodeGenerator::addStringConstant):
55682 (JSC::BytecodeGenerator::emitNewArray):
55683 * bytecompiler/BytecodeGenerator.h:
55684 * interpreter/Interpreter.cpp:
55685 (JSC::Interpreter::privateExecute):
55686 * jit/JITStubs.cpp:
55687 (JSC::DEFINE_STUB_FUNCTION):
55689 2011-06-28 Gavin Barraclough <barraclough@apple.com>
55691 Reviewed by Oliver Hunt.
55693 https://bugs.webkit.org/show_bug.cgi?id=63560
55694 DFG_JIT allow allocation of specific machine registers
55696 This allow us to allocate the registers necessary to perform x86
55697 idiv instructions for div/mod, and may be useful for shifts, too.
55699 * dfg/DFGJITCodeGenerator.cpp:
55700 (JSC::DFG::GPRTemporary::GPRTemporary):
55701 * dfg/DFGJITCodeGenerator.h:
55702 (JSC::DFG::JITCodeGenerator::allocate):
55703 (JSC::DFG::GPRResult::GPRResult):
55704 * dfg/DFGRegisterBank.h:
55705 (JSC::DFG::RegisterBank::allocateSpecific):
55706 * dfg/DFGSpeculativeJIT.h:
55707 (JSC::DFG::SpeculativeJIT::isInteger):
55709 2011-06-28 Gavin Barraclough <barraclough@apple.com>
55711 Reviewed by Oliver Hunt.
55713 https://bugs.webkit.org/show_bug.cgi?id=55040
55714 RegExp constructor returns the argument regexp instead of a new object
55716 Per 15.10.3.1, our current behaviour is correct if called as a function,
55717 but incorrect when called as a constructor.
55719 * runtime/RegExpConstructor.cpp:
55720 (JSC::constructRegExp):
55721 (JSC::constructWithRegExpConstructor):
55722 * runtime/RegExpConstructor.h:
55724 2011-06-28 Luke Macpherson <macpherson@chromium.org>
55726 Reviewed by Darin Adler.
55728 Clean up integer clamping functions in MathExtras.h and support arbitrary numeric types and limits.
55729 https://bugs.webkit.org/show_bug.cgi?id=63469
55731 * wtf/MathExtras.h:
55732 (defaultMinimumForClamp):
55733 Version of std::numeric_limits::min() that returns the largest negative value for floating point types.
55734 (defaultMaximumForClamp):
55735 Symmetric alias for std::numeric_limits::max()
55737 New templated clamping function that supports arbitrary output types.
55739 Use new clampTo template.
55741 Use new clampTo template.
55742 (clampToPositiveInteger):
55743 Use new clampTo template.
55745 2011-06-28 Adam Roben <aroben@apple.com>
55747 Windows Debug build fix after r89885
55749 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Exported
55750 JSGlobalData::releaseExecutableMemory for jsc.exe's benefit.
55752 2011-06-28 Shinya Kawanaka <shinyak@google.com>
55754 Reviewed by Kent Tamura.
55756 Add const to show() method in WTFString and AtomicString.
55757 https://bugs.webkit.org/show_bug.cgi?id=63515
55759 The lack of const in show() method is painful when
55760 doing something like printf-debug.
55762 * wtf/text/AtomicString.cpp:
55763 (WTF::AtomicString::show):
55764 * wtf/text/AtomicString.h:
55765 * wtf/text/WTFString.cpp:
55767 * wtf/text/WTFString.h:
55769 2011-06-27 Ryosuke Niwa <rniwa@webkit.org>
55771 Build fix attempt after r89885.
55773 * JavaScriptCore.exp:
55776 2011-06-27 Oliver Hunt <oliver@apple.com>
55778 Reviewed by Geoffrey Garen.
55780 Support throwing away non-running code even while other code is running
55781 https://bugs.webkit.org/show_bug.cgi?id=63485
55783 Add a function to CodeBlock to support unlinking direct linked callsites,
55784 and then with that in place add logic to discard code from any function
55785 that is not currently on the stack.
55787 The unlinking completely reverts any optimized call sites, such that they
55788 may be relinked again in future.
55790 * JavaScriptCore.exp:
55791 * bytecode/CodeBlock.cpp:
55792 (JSC::CodeBlock::unlinkCalls):
55793 (JSC::CodeBlock::clearEvalCache):
55794 * bytecode/CodeBlock.h:
55795 (JSC::CallLinkInfo::CallLinkInfo):
55796 (JSC::CallLinkInfo::unlink):
55797 * bytecode/EvalCodeCache.h:
55798 (JSC::EvalCodeCache::clear):
55800 (JSC::Heap::getConservativeRegisterRoots):
55803 (JSC::JIT::privateCompile):
55806 (JSC::JIT::compileOpCall):
55807 * jit/JITWriteBarrier.h:
55808 (JSC::JITWriteBarrierBase::clear):
55810 (GlobalObject::GlobalObject):
55811 (functionReleaseExecutableMemory):
55812 * runtime/Executable.cpp:
55813 (JSC::EvalExecutable::unlinkCalls):
55814 (JSC::ProgramExecutable::unlinkCalls):
55815 (JSC::FunctionExecutable::discardCode):
55816 (JSC::FunctionExecutable::unlinkCalls):
55817 * runtime/Executable.h:
55818 * runtime/JSGlobalData.cpp:
55819 (JSC::SafeRecompiler::returnValue):
55820 (JSC::SafeRecompiler::operator()):
55821 (JSC::JSGlobalData::releaseExecutableMemory):
55823 2011-06-27 Gavin Barraclough <barraclough@apple.com>
55825 Reviewed by Darin Adler & Oliver Hunt.
55827 https://bugs.webkit.org/show_bug.cgi?id=50554
55828 RegExp.prototype.toString does not escape slashes
55830 The problem here is that we don't escape forwards slashes when converting
55831 a RegExp to a string. This means that RegExp("/").toString() is "///",
55832 which is not a valid RegExp literal. Also, we return an invalid literal
55833 for RegExp.prototype.toString() ("//", which is an empty single-line comment).
55836 "NOTE: The returned String has the form of a RegularExpressionLiteral that
55837 evaluates to another RegExp object with the same behaviour as this object."
55839 * runtime/RegExpObject.cpp:
55840 (JSC::regExpObjectSource):
55841 - Escape forward slashes when getting the source of a RegExp.
55842 * runtime/RegExpPrototype.cpp:
55843 (JSC::regExpProtoFuncToString):
55844 - Remove unnecessary and erroneous hack to return "//" as the string
55845 representation of RegExp.prototype. This is not a valid RegExp literal
55846 (it is an empty single-line comment).
55848 2011-06-27 Gavin Barraclough <barraclough@apple.com>
55850 Reviewed by Oliver Hunt.
55852 https://bugs.webkit.org/show_bug.cgi?id=63497
55853 Add DEBUG_WITH_BREAKPOINT support to the DFG JIT.
55855 * dfg/DFGByteCodeParser.cpp:
55856 (JSC::DFG::ByteCodeParser::parseBlock):
55858 * dfg/DFGNonSpeculativeJIT.cpp:
55859 (JSC::DFG::NonSpeculativeJIT::compile):
55860 * dfg/DFGSpeculativeJIT.cpp:
55861 (JSC::DFG::SpeculativeJIT::compile):
55863 2011-06-27 Juan C. Montemayor <jmont@apple.com>
55865 Reviewed by Mark Rowe.
55867 Indirectly including TextPosition.h and XPathGrammar.h causes compile errors
55868 https://bugs.webkit.org/show_bug.cgi?id=63392
55870 When both TextPosition.h and XPathGrammar.h are included a compile-error
55871 is caused, since XPathGrammar.h defines a macro called NUMBER and
55872 TextPosition has a typedef named NUMBER.
55874 * wtf/text/TextPosition.h:
55875 (WTF::TextPosition::TextPosition):
55876 (WTF::TextPosition::minimumPosition):
55877 (WTF::TextPosition::belowRangePosition):
55879 2011-06-27 Filip Pizlo <fpizlo@apple.com>
55881 Reviewed by Gavin Barraclough.
55883 DFG JIT does not perform put_by_id caching.
55884 https://bugs.webkit.org/show_bug.cgi?id=63409
55886 * bytecode/StructureStubInfo.h:
55887 * dfg/DFGJITCodeGenerator.cpp:
55888 (JSC::DFG::JITCodeGenerator::cachedPutById):
55889 * dfg/DFGJITCodeGenerator.h:
55890 * dfg/DFGJITCompiler.cpp:
55891 (JSC::DFG::JITCompiler::compileFunction):
55892 * dfg/DFGJITCompiler.h:
55893 (JSC::DFG::JITCompiler::addPropertyAccess):
55894 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
55895 * dfg/DFGNonSpeculativeJIT.cpp:
55896 (JSC::DFG::NonSpeculativeJIT::compile):
55897 * dfg/DFGOperations.cpp:
55898 * dfg/DFGOperations.h:
55899 * dfg/DFGRepatch.cpp:
55900 (JSC::DFG::dfgRepatchByIdSelfAccess):
55901 (JSC::DFG::tryCacheGetByID):
55902 (JSC::DFG::appropriatePutByIdFunction):
55903 (JSC::DFG::tryCachePutByID):
55904 (JSC::DFG::dfgRepatchPutByID):
55905 * dfg/DFGRepatch.h:
55906 * dfg/DFGSpeculativeJIT.cpp:
55907 (JSC::DFG::SpeculativeJIT::compile):
55909 2011-06-27 Gustavo Noronha Silva <gns@gnome.org>
55911 Unreviewed build fix. One more filed missing during distcheck, for
55914 * GNUmakefile.list.am:
55916 2011-06-26 Filip Pizlo <fpizlo@apple.com>
55918 Reviewed by Gavin Barraclough.
55920 DFG non-speculative JIT has potentially harmful speculations with respect to arithmetic operations.
55921 https://bugs.webkit.org/show_bug.cgi?id=63347
55923 * dfg/DFGNonSpeculativeJIT.cpp:
55924 - Changed arithmetic operations to speculate in favor of integers.
55925 (JSC::DFG::NonSpeculativeJIT::valueToNumber):
55926 (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
55927 (JSC::DFG::NonSpeculativeJIT::basicArithOp):
55928 (JSC::DFG::NonSpeculativeJIT::compile):
55929 * dfg/DFGNonSpeculativeJIT.h:
55930 * dfg/DFGOperations.cpp:
55931 - Added slow-path routines for arithmetic that perform no speculation; the
55932 non-speculative JIT will generate calls to these in cases where its
55934 * dfg/DFGOperations.h:
55936 2011-06-24 Nikolas Zimmermann <nzimmermann@rim.com>
55938 Reviewed by Rob Buis.
55940 Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
55941 https://bugs.webkit.org/show_bug.cgi?id=59085
55943 * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
55945 2011-06-24 Michael Saboff <msaboff@apple.com>
55947 Reviewed by Gavin Barraclough.
55949 Arm Assembler, Immediate stack offset values truncated to 8 bits for add & sub
55950 https://bugs.webkit.org/show_bug.cgi?id=63345
55952 The methods ARMThumbImmediate::getUInt9 and ARMThumbImmediate::getUInt10
55953 return 9 and 10 bit quantities, therefore changed their return type from
55954 uint8_t to uint16_t. Also casted the places where they are used as they
55955 are currently shifted and used as 7 or 8 bit values.
55957 These methods are currently used for literals for stack offsets,
55958 including creating and destroying stack frames. The prior truncation of
55959 the upper bits caused stack frames to be too small, thus allowing a
55960 JIT'ed function to access and overwrite stack space outside of the
55961 incorrectly sized stack frame.
55963 * assembler/ARMv7Assembler.h:
55964 (JSC::ARMThumbImmediate::getUInt9):
55965 (JSC::ARMThumbImmediate::getUInt10):
55966 (JSC::ARMv7Assembler::add):
55967 (JSC::ARMv7Assembler::ldr):
55968 (JSC::ARMv7Assembler::str):
55969 (JSC::ARMv7Assembler::sub):
55970 (JSC::ARMv7Assembler::sub_S):
55972 2011-06-24 Michael Saboff <msaboff@apple.com>
55974 Reviewed by Geoffrey Garen.
55976 releaseFastMallocFreeMemory doesn't adjust free counts for scavenger
55977 https://bugs.webkit.org/show_bug.cgi?id=63015
55979 Added code to adjust class TCMalloc_PageHeap variables free_committed_pages_ and
55980 min_free_committed_pages_since_last_scavenge_ in ReleaseFreeList(). These
55981 adjustments are a bug. These need to reflect the pages that are released
55982 in ReleaseFreeLsit so that scavenge doesn't try to free that many pages as well.
55983 Made ReleaseFreeList a member of TCMalloc_PageHeap in the process. Updated
55984 Check() and helper method CheckList() to check the number of actual free pages
55985 with free_committed_pages_.
55987 The symptom of the problem of the existing code is that the scavenger may
55988 run unneccesarily without any real work to do, i.e. pages on the free lists.
55989 The scanvenger would also end up freeing too many pages, that is going below
55990 the current 528 target free pages.
55992 Note that the style of the changes was kept consistent with the
55995 * wtf/FastMalloc.cpp:
55996 (WTF::TCMalloc_PageHeap::Check):
55997 (WTF::TCMalloc_PageHeap::CheckList):
55998 (WTF::TCMalloc_PageHeap::ReleaseFreeList):
56000 2011-06-24 Abhishek Arya <inferno@chromium.org>
56002 Reviewed by Darin Adler.
56004 Match other clampTo* functions in style with clampToInteger(float)
56006 https://bugs.webkit.org/show_bug.cgi?id=53449
56008 * wtf/MathExtras.h:
56011 (clampToPositiveInteger):
56013 2011-06-24 Sheriff Bot <webkit.review.bot@gmail.com>
56015 Unreviewed, rolling out r89594.
56016 http://trac.webkit.org/changeset/89594
56017 https://bugs.webkit.org/show_bug.cgi?id=63316
56019 It broke 5 tests on the Qt bot (Requested by Ossy_DC on
56022 * GNUmakefile.list.am:
56023 * JavaScriptCore.gypi:
56024 * icu/unicode/uscript.h: Removed.
56025 * wtf/unicode/ScriptCodesFromICU.h: Removed.
56026 * wtf/unicode/brew/UnicodeBrew.h:
56027 * wtf/unicode/glib/UnicodeGLib.h:
56028 * wtf/unicode/icu/UnicodeIcu.h:
56029 * wtf/unicode/qt4/UnicodeQt4.h:
56030 * wtf/unicode/wince/UnicodeWinCE.h:
56032 2011-06-23 Filip Pizlo <fpizlo@apple.com>
56034 Reviewed by Gavin Barraclough.
56036 DFG non-speculative JIT should have obvious optimizations for GetById and GetByVal
56037 https://bugs.webkit.org/show_bug.cgi?id=63173
56039 * dfg/DFGJITCodeGenerator.cpp:
56040 (JSC::DFG::JITCodeGenerator::cachedGetById):
56041 * dfg/DFGJITCodeGenerator.h:
56042 * dfg/DFGNonSpeculativeJIT.cpp:
56043 (JSC::DFG::NonSpeculativeJIT::compile):
56044 * dfg/DFGSpeculativeJIT.cpp:
56045 (JSC::DFG::SpeculativeJIT::compile):
56047 2011-06-23 Oliver Hunt <oliver@apple.com>
56051 * assembler/ARMAssembler.h:
56052 (JSC::ARMAssembler::readPointer):
56054 2011-06-23 Oliver Hunt <oliver@apple.com>
56058 * assembler/ARMAssembler.h:
56059 (JSC::ARMAssembler::readPointer):
56061 2011-06-23 Stephanie Lewis <slewis@apple.com>
56063 Reviewed by Darin Adler.
56065 https://bugs.webkit.org/show_bug.cgi?id=63298
56066 Replace Malloc with FastMalloc to match the rest of wtf.
56068 * wtf/BlockStack.h:
56069 (WTF::::~BlockStack):
56073 2011-06-23 Oliver Hunt <oliver@apple.com>
56075 Reviewed by Gavin Barraclough.
56077 Add the ability to dynamically modify linked call sites
56078 https://bugs.webkit.org/show_bug.cgi?id=63291
56080 Add JITWriteBarrier as a writebarrier class that allows
56081 reading and writing directly into the code stream.
56083 This required adding logic to all the assemblers to allow
56084 us to read values back out of the instruction stream.
56086 * JavaScriptCore.xcodeproj/project.pbxproj:
56087 * assembler/ARMAssembler.h:
56088 (JSC::ARMAssembler::readPointer):
56089 * assembler/ARMv7Assembler.h:
56090 (JSC::ARMv7Assembler::readPointer):
56091 (JSC::ARMv7Assembler::readInt32):
56092 (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmFirst):
56093 (JSC::ARMv7Assembler::decodeTwoWordOp5i6Imm4Reg4EncodedImmSecond):
56094 * assembler/AbstractMacroAssembler.h:
56095 (JSC::AbstractMacroAssembler::readPointer):
56096 * assembler/MIPSAssembler.h:
56097 (JSC::MIPSAssembler::readInt32):
56098 (JSC::MIPSAssembler::readPointer):
56099 * assembler/MacroAssemblerCodeRef.h:
56100 (JSC::MacroAssemblerCodePtr::operator!):
56101 * assembler/SH4Assembler.h:
56102 (JSC::SH4Assembler::readPCrelativeAddress):
56103 (JSC::SH4Assembler::readPointer):
56104 (JSC::SH4Assembler::readInt32):
56105 * assembler/X86Assembler.h:
56106 (JSC::X86Assembler::readPointer):
56107 * bytecode/CodeBlock.cpp:
56108 (JSC::CodeBlock::visitAggregate):
56109 * bytecode/CodeBlock.h:
56110 (JSC::MethodCallLinkInfo::seenOnce):
56111 (JSC::MethodCallLinkInfo::setSeen):
56112 * heap/MarkStack.h:
56114 (JSC::JIT::privateCompile):
56115 (JSC::JIT::linkCall):
56116 (JSC::JIT::linkConstruct):
56117 * jit/JITPropertyAccess.cpp:
56118 (JSC::JIT::patchMethodCallProto):
56119 * jit/JITPropertyAccess32_64.cpp:
56120 * jit/JITWriteBarrier.h: Added.
56121 (JSC::JITWriteBarrierBase::operator UnspecifiedBoolType*):
56122 (JSC::JITWriteBarrierBase::operator!):
56123 (JSC::JITWriteBarrierBase::setFlagOnBarrier):
56124 (JSC::JITWriteBarrierBase::isFlagged):
56125 (JSC::JITWriteBarrierBase::setLocation):
56126 (JSC::JITWriteBarrierBase::location):
56127 (JSC::JITWriteBarrierBase::JITWriteBarrierBase):
56128 (JSC::JITWriteBarrierBase::set):
56129 (JSC::JITWriteBarrierBase::get):
56130 (JSC::JITWriteBarrier::JITWriteBarrier):
56131 (JSC::JITWriteBarrier::set):
56132 (JSC::JITWriteBarrier::get):
56133 (JSC::MarkStack::append):
56135 2011-06-23 Gavin Barraclough <barraclough@apple.com>
56137 Reviewed by Oliver Hunt.
56139 https://bugs.webkit.org/show_bug.cgi?id=61585
56140 Crash running regexp /(?:(?=g))|(?:m).{2147483648,}/
56142 This is due to use of int instead of unsigned, bad math around
56145 * yarr/YarrInterpreter.cpp:
56146 (JSC::Yarr::ByteCompiler::emitDisjunction):
56147 - Change some uses of int to unsigned, refactor compare logic to
56148 restrict to the range 0..2^32-1 (rather than -2^32-1..2^32-1).
56149 * yarr/YarrJIT.cpp:
56150 (JSC::Yarr::YarrGenerator::generate):
56151 (JSC::Yarr::YarrGenerator::backtrack):
56154 2011-06-22 Gavin Barraclough <barraclough@apple.com>
56156 Reviewed by Sam Weinig.
56158 https://bugs.webkit.org/show_bug.cgi?id=63218
56159 DFG JIT - remove machine type guarantees from graph
56161 The DFG JIT currently makes assumptions about the types of machine registers
56162 that certain nodes will be loaded into. This will be broken as we generate
56163 nodes to produce both integer and double code paths. Remove int<->double
56164 conversions nodes. This design decision also gave rise to multiple types of
56165 constant nodes, requiring separate handling for each type. Merge these back
56168 * dfg/DFGAliasTracker.h:
56169 (JSC::DFG::AliasTracker::equalIgnoringLaterNumericConversion):
56170 * dfg/DFGByteCodeParser.cpp:
56171 (JSC::DFG::ByteCodeParser::getToInt32):
56172 (JSC::DFG::ByteCodeParser::getToNumber):
56173 (JSC::DFG::ByteCodeParser::toInt32):
56174 (JSC::DFG::ByteCodeParser::toNumber):
56175 (JSC::DFG::ByteCodeParser::isInt32Constant):
56176 (JSC::DFG::ByteCodeParser::isDoubleConstant):
56177 (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
56178 (JSC::DFG::ByteCodeParser::valueOfDoubleConstant):
56179 (JSC::DFG::ByteCodeParser::one):
56180 (JSC::DFG::ByteCodeParser::predictInt32):
56181 * dfg/DFGGraph.cpp:
56182 (JSC::DFG::Graph::dump):
56183 * dfg/DFGJITCodeGenerator.h:
56184 (JSC::DFG::JITCodeGenerator::silentFillGPR):
56185 (JSC::DFG::JITCodeGenerator::silentFillFPR):
56186 (JSC::DFG::JITCodeGenerator::isJSConstant):
56187 (JSC::DFG::JITCodeGenerator::isDoubleConstant):
56188 (JSC::DFG::JITCodeGenerator::valueOfJSConstantAsImmPtr):
56189 * dfg/DFGJITCompiler.cpp:
56190 (JSC::DFG::JITCompiler::fillNumericToDouble):
56191 (JSC::DFG::JITCompiler::fillInt32ToInteger):
56192 * dfg/DFGJITCompiler.h:
56193 (JSC::DFG::JITCompiler::isJSConstant):
56194 (JSC::DFG::JITCompiler::isInt32Constant):
56195 (JSC::DFG::JITCompiler::isDoubleConstant):
56196 (JSC::DFG::JITCompiler::valueOfJSConstant):
56197 (JSC::DFG::JITCompiler::valueOfInt32Constant):
56198 (JSC::DFG::JITCompiler::valueOfDoubleConstant):
56200 (JSC::DFG::Node::Node):
56201 (JSC::DFG::Node::isConstant):
56202 (JSC::DFG::Node::notTakenBytecodeOffset):
56203 * dfg/DFGNonSpeculativeJIT.cpp:
56204 (JSC::DFG::NonSpeculativeJIT::isKnownInteger):
56205 (JSC::DFG::NonSpeculativeJIT::isKnownNumeric):
56206 (JSC::DFG::NonSpeculativeJIT::compile):
56207 * dfg/DFGSpeculativeJIT.cpp:
56208 (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
56209 (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
56210 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
56211 (JSC::DFG::SpeculativeJIT::compile):
56213 2011-06-23 Jungshik Shin <jshin@chromium.org>
56215 Reviewed by Alexey Proskuryakov.
56217 Add ScriptCodesFromICU.h to wtf/unicode and make necessary changes in
56218 build files for ports not using ICU.
56219 Add icu/unicode/uscript.h for ports using ICU. It's taken from
56220 ICU 3.6 (the version used on Mac OS 10.5)
56222 http://bugs.webkit.org/show_bug.cgi?id=20797
56224 * GNUmakefile.list.am:
56225 * JavaScriptCore.gypi:
56226 * icu/unicode/uscript.h: Added for UScriptCode enum.
56227 * wtf/unicode/ScriptCodesFromICU.h: UScriptCode enum added.
56228 * wtf/unicode/icu/UnicodeIcu.h:
56229 * wtf/unicode/brew/UnicodeBrew.h:
56230 * wtf/unicode/glib/UnicodeGLib.h:
56231 * wtf/unicode/qt4/UnicodeQt4.h:
56232 * wtf/unicode/wince/UnicodeWinCE.h:
56234 2011-06-23 Ryuan Choi <ryuan.choi@samsung.com>
56236 Reviewed by Andreas Kling.
56238 [EFL][WK2] Add PLATFORM(EFL) to use UNIX_DOMAIN_SOCKETS.
56239 https://bugs.webkit.org/show_bug.cgi?id=63228
56241 * wtf/Platform.h: Add PLATFORM(EFL) guard.
56243 2011-06-23 Sheriff Bot <webkit.review.bot@gmail.com>
56245 Unreviewed, rolling out r89547.
56246 http://trac.webkit.org/changeset/89547
56247 https://bugs.webkit.org/show_bug.cgi?id=63252
56249 "Chrmium crash on start" (Requested by yurys on #webkit).
56251 * wtf/DynamicAnnotations.cpp:
56252 (WTFAnnotateBenignRaceSized):
56253 (WTFAnnotateHappensBefore):
56254 (WTFAnnotateHappensAfter):
56255 * wtf/DynamicAnnotations.h:
56257 2011-06-23 Timur Iskhodzhanov <timurrrr@google.com>
56259 Reviewed by David Levin.
56261 Make dynamic annotations weak symbols and prevent identical code folding by the linker
56262 https://bugs.webkit.org/show_bug.cgi?id=62443
56264 * wtf/DynamicAnnotations.cpp:
56265 (WTFAnnotateBenignRaceSized):
56266 (WTFAnnotateHappensBefore):
56267 (WTFAnnotateHappensAfter):
56268 * wtf/DynamicAnnotations.h:
56270 2011-06-22 Yael Aharon <yael.aharon@nokia.com>
56272 Reviewed by Andreas Kling.
56274 [Qt] Add a build flag for building with libxml2 and libxslt.
56275 https://bugs.webkit.org/show_bug.cgi?id=63113
56279 2011-06-22 Sheriff Bot <webkit.review.bot@gmail.com>
56281 Unreviewed, rolling out r89489.
56282 http://trac.webkit.org/changeset/89489
56283 https://bugs.webkit.org/show_bug.cgi?id=63203
56285 Broke chromium mac build on build.webkit.org (Requested by
56286 abarth on #webkit).
56290 2011-06-22 Cary Clark <caryclark@google.com>
56292 Reviewed by Darin Fisher.
56294 Use Skia if Skia on Mac Chrome is enabled
56295 https://bugs.webkit.org/show_bug.cgi?id=62999
56298 Add switch to use Skia if, externally,
56299 Skia has been enabled by a gyp define.
56301 2011-06-22 Geoffrey Garen <ggaren@apple.com>
56303 Reviewed by Oliver Hunt.
56305 * interpreter/RegisterFile.h: Removed unnecessary #include <stdio.h>.
56307 2011-06-22 Geoffrey Garen <ggaren@apple.com>
56309 Reviewed by Oliver Hunt.
56311 Removed the conceit that global variables are local variables when running global code
56312 https://bugs.webkit.org/show_bug.cgi?id=63106
56314 This is required for write barrier correctness.
56316 SunSpider reports about a 0.5% regression, mostly from bitops-bitwise-and.js.
56317 I was able to reduce the regression with a tiny peephole optimization in
56318 the bytecompiler, but not eliminate it. I'm committing this assuming
56319 that turning on generational GC will win back at least 0.5%.
56321 (FWIW, the DFG JIT can easily eliminate any regression by sharing loads of
56322 the global object's var storage. I considered doing the same kind of
56323 optimization in the existing JIT, but it seemed like moving in the wrong
56326 * bytecompiler/BytecodeGenerator.cpp:
56327 (JSC::BytecodeGenerator::addGlobalVar):
56328 (JSC::BytecodeGenerator::BytecodeGenerator): Don't give global variables
56329 negative indices, since they're no longer negatively offset from the
56330 current stack frame.
56332 Do give global variables monotonically increasing positive indices, since
56333 that's much easier to work with.
56335 Don't limit the number of optimizable global variables, since it's no
56336 longer limited by the register file, since they're no longer stored in
56339 (JSC::BytecodeGenerator::registerFor): Global code never has any local
56340 registers because a var in global code is actually a property of the
56343 (JSC::BytecodeGenerator::constRegisterFor): Ditto.
56345 (JSC::BytecodeGenerator::emitResolve): Did a tiny bit of constant
56346 propagation and dead code elimination to speed up our compiles and
56347 reduce WTFs / minute.
56349 * bytecompiler/BytecodeGenerator.h:
56350 (JSC::BytecodeGenerator::registerFor): Removed special handling of globals.
56352 (JSC::BytecodeGenerator::shouldOptimizeLocals): Don't optimize locals in
56353 global code, since there are none.
56355 (JSC::BytecodeGenerator::canOptimizeNonLocals): Do optimize non-locals
56356 in global code (i.e., global vars), since there are some.
56358 * interpreter/Interpreter.cpp:
56359 (JSC::Interpreter::callEval):
56360 (JSC::Interpreter::Interpreter):
56361 (JSC::Interpreter::dumpRegisters):
56362 (JSC::Interpreter::execute):
56363 * interpreter/Interpreter.h: Updated for deleted / renamed code.
56365 * interpreter/RegisterFile.cpp:
56366 (JSC::RegisterFile::gatherConservativeRoots):
56367 (JSC::RegisterFile::releaseExcessCapacity): Updated for deleted / renamed
56370 * interpreter/RegisterFile.h:
56371 (JSC::RegisterFile::begin):
56372 (JSC::RegisterFile::size):
56373 (JSC::RegisterFile::RegisterFile):
56374 (JSC::RegisterFile::shrink): Removed all code and comments dealing with
56375 global variables stored in the register file.
56377 (JSC::RegisterFile::grow): Updated for same.
56379 Also, a slight correctness fix: Test the VM commit end, and not just the
56380 in-use end, when checking for stack overflow. In theory, it's invalid to
56381 commit past the end of your allocation, even if you never touch that
56382 memory. This makes the usable size of the stack slightly smaller. No test
56383 because we don't know of any case in practice where this crashes.
56385 * runtime/JSGlobalData.cpp:
56386 (JSC::JSGlobalData::JSGlobalData): Updated for changes above.
56388 * runtime/JSGlobalObject.cpp:
56389 (JSC::JSGlobalObject::resizeRegisters):
56390 (JSC::JSGlobalObject::addStaticGlobals):
56391 * runtime/JSGlobalObject.h: Simplified globals to have monotonically
56392 increasing indexes, always located in our external storage.
56394 2011-06-21 MORITA Hajime <morrita@google.com>
56396 Unreviewed, rolling out r89401 and r89403.
56397 http://trac.webkit.org/changeset/89401
56398 http://trac.webkit.org/changeset/89403
56399 https://bugs.webkit.org/show_bug.cgi?id=62970
56401 Breaks mac build and mistakenly enables the spellcheck API
56403 * Configurations/FeatureDefines.xcconfig:
56404 * JavaScriptCore.xcodeproj/project.pbxproj:
56406 2011-06-21 Kent Tamura <tkent@chromium.org>
56408 [Mac] Sort Xcode project files.
56410 * JavaScriptCore.xcodeproj/project.pbxproj:
56412 2011-06-20 MORITA Hajime <morrita@google.com>
56414 Reviewed by Kent Tamura.
56416 Spellcheck API should be build-able.
56417 https://bugs.webkit.org/show_bug.cgi?id=62970
56419 No new tests, changing only build related files
56421 * Configurations/FeatureDefines.xcconfig:
56423 2011-06-21 Geoffrey Garen <ggaren@apple.com>
56425 Reviewed by Oliver Hunt.
56427 Moved 'const' off the global-variable-as-local-variable crack pipe
56428 https://bugs.webkit.org/show_bug.cgi?id=63105
56430 This is necessary for moving the rest of the code off of same.
56432 Many problems remain in our handling of const. I have fixed none of them.
56434 * bytecompiler/BytecodeGenerator.h:
56435 (JSC::BytecodeGenerator::scopeChain): New accessor, needed to enable
56436 const to directly implement its unique scoping rules.
56438 * bytecompiler/NodesCodegen.cpp:
56439 (JSC::PrefixResolveNode::emitBytecode): Do specify that our resolve is
56440 for writing, so we don't overwrite const variables.
56442 (JSC::ConstDeclNode::emitCodeSingle): Don't assume that all declared const
56443 variables are available as local variables, since this won't be the case
56444 once global variables are not available as local variables. Instead, use
56445 put_scoped_var in the case where there is no local variable. Like a local
56446 variable, put_scoped_var succeeds even though const properties are
56447 read-only, since put_scoped_var skips read-only checks. (Yay?)
56449 2011-06-21 Oliver Hunt <oliver@apple.com>
56451 Reviewed by Alexey Proskuryakov.
56453 REGRESSION(r89257): It broke 2 jscore tests (Requested by Ossy_away on #webkit).
56454 https://bugs.webkit.org/show_bug.cgi?id=63052
56456 Release mode only failure, the stack overflow guards were getting there error
56457 handling inlined, so that they were essentially causing their own demise.
56459 * parser/JSParser.cpp:
56460 (JSC::JSParser::updateErrorMessage):
56461 (JSC::JSParser::updateErrorWithNameAndMessage):
56463 2011-06-20 Kenneth Russell <kbr@google.com>
56467 Rolled out r89233 and r89235 because of crashes in http/tests/misc/acid3.html on Snow Leopard and other platforms
56468 https://bugs.webkit.org/show_bug.cgi?id=63022
56472 2011-06-18 Anders Carlsson <andersca@apple.com>
56474 Reviewed by Darin Adler.
56476 Disallow assigning into PassOwnArrayPtr, PassOwnPtr and PassRefPtr
56477 https://bugs.webkit.org/show_bug.cgi?id=62940
56479 Remove clear() and all assignment operators except one which now has a COMPILE_ASSERT.
56481 * wtf/PassOwnArrayPtr.h:
56482 (WTF::PassOwnArrayPtr::operator=):
56483 * wtf/PassOwnPtr.h:
56484 (WTF::PassOwnPtr::operator=):
56485 * wtf/PassRefPtr.h:
56486 (WTF::PassRefPtr::operator=):
56487 (WTF::NonNullPassRefPtr::operator=):
56489 2011-06-20 Oliver Hunt <oliver@apple.com>
56491 Reviewed by Darin Adler.
56493 REGRESSION (r79060): Searching for a flight at united.com fails
56494 https://bugs.webkit.org/show_bug.cgi?id=63003
56496 This original change also broke Twitter, and we attempted to refine the fix to
56497 address that problem (http://trac.webkit.org/changeset/80542), but since it still breaks United,
56498 we need to revert the change until we understand the problem better.
56500 * wtf/DateMath.cpp:
56501 (WTF::parseDateFromNullTerminatedCharacters):
56503 2011-06-20 Juan C. Montemayor <jmont@apple.com>
56505 Reviewed by Oliver Hunt.
56507 No context for javascript parse errors.
56508 https://bugs.webkit.org/show_bug.cgi?id=62613
56510 Parse errors now show more details like:
56511 "Unexpected token: ]"
56513 "Expected token: while"
56515 For reserved names, numbers, indentifiers, strings, lexer errors,
56516 and EOFs, the following error messages are printed:
56518 "Use of reserved word: super"
56519 "Unexpected number: 42"
56520 "Unexpected identifier: "
56521 "Unexpected string: "foobar""
56522 "Invalid token character sequence: \u4023"
56525 * parser/JSParser.cpp:
56526 (JSC::JSParser::consume):
56527 (JSC::JSParser::getToken):
56528 (JSC::JSParser::getTokenName):
56529 (JSC::JSParser::updateErrorMessageSpecialCase):
56530 (JSC::JSParser::updateErrorMessage):
56531 (JSC::JSParser::updateErrorWithNameAndMessage):
56533 (JSC::JSParser::JSParser):
56534 (JSC::JSParser::parseProgram):
56535 (JSC::JSParser::parseVarDeclarationList):
56536 (JSC::JSParser::parseForStatement):
56537 (JSC::JSParser::parseBreakStatement):
56538 (JSC::JSParser::parseContinueStatement):
56539 (JSC::JSParser::parseWithStatement):
56540 (JSC::JSParser::parseTryStatement):
56541 (JSC::JSParser::parseStatement):
56542 (JSC::JSParser::parseFormalParameters):
56543 (JSC::JSParser::parseFunctionInfo):
56544 (JSC::JSParser::parseAssignmentExpression):
56545 (JSC::JSParser::parsePrimaryExpression):
56546 (JSC::JSParser::parseMemberExpression):
56547 (JSC::JSParser::parseUnaryExpression):
56548 * parser/JSParser.h:
56549 * parser/Lexer.cpp:
56551 * parser/Parser.cpp:
56552 (JSC::Parser::parse):
56554 2011-06-20 Nikolas Zimmermann <nzimmermann@rim.com>
56556 Reviewed by Rob Buis.
56558 Integrate SVG Fonts within GlyphPage concept, removing the special SVG code paths from Font, making it possible to reuse the simple text code path for SVG Fonts
56559 https://bugs.webkit.org/show_bug.cgi?id=59085
56561 * wtf/Platform.h: Force Qt-EWS into a full rebuild, otherwhise this patch breaks the EWS.
56563 2011-06-19 Oliver Hunt <oliver@apple.com>
56565 Reviewed by Sam Weinig.
56567 Correct logic for putting errors on the correct line when handling JSONP
56568 https://bugs.webkit.org/show_bug.cgi?id=62962
56570 Minor fix for the minor fix. *sigh*
56572 * interpreter/Interpreter.cpp:
56573 (JSC::Interpreter::execute):
56575 2011-06-19 Oliver Hunt <oliver@apple.com>
56577 Minor fix to correct layout test results.
56579 * interpreter/Interpreter.cpp:
56580 (JSC::Interpreter::execute):
56582 2011-06-17 Oliver Hunt <oliver@apple.com>
56584 Reviewed by Gavin Barraclough.
56586 JSONP is unnecessarily slow
56587 https://bugs.webkit.org/show_bug.cgi?id=62920
56589 JSONP has unfortunately become a fairly common idiom online, yet
56590 it triggers very poor performance in JSC as we end up doing codegen
56591 for a large number of property accesses that will
56592 * only be run once, so the vast amount of logic we dump to handle
56593 caching of accesses is unnecessary.
56594 * We are doing codegen that is directly proportional to just
56595 creating the object in the first place.
56597 This patch extends the use of the literal parser to JSONP-like structures
56598 in global code, handling a number of different forms I have seen online.
56599 In an extreme case this improves performance of JSONP by more than 2x
56600 due to removal of code generation and execution time, and a few optimisations
56601 that I made to the parser itself.
56603 * API/JSValueRef.cpp:
56604 (JSValueMakeFromJSONString):
56605 * interpreter/Interpreter.cpp:
56606 (JSC::Interpreter::callEval):
56607 (JSC::Interpreter::execute):
56608 * parser/Lexer.cpp:
56609 (JSC::Lexer::isKeyword):
56611 * runtime/JSGlobalObjectFunctions.cpp:
56612 (JSC::globalFuncEval):
56613 * runtime/JSONObject.cpp:
56614 (JSC::JSONProtoFuncParse):
56615 * runtime/LiteralParser.cpp:
56616 (JSC::LiteralParser::tryJSONPParse):
56617 (JSC::LiteralParser::makeIdentifier):
56618 (JSC::LiteralParser::Lexer::lex):
56619 (JSC::LiteralParser::Lexer::next):
56620 (JSC::isSafeStringCharacter):
56621 (JSC::LiteralParser::Lexer::lexString):
56622 (JSC::LiteralParser::Lexer::lexNumber):
56623 (JSC::LiteralParser::parse):
56624 * runtime/LiteralParser.h:
56625 (JSC::LiteralParser::LiteralParser):
56626 (JSC::LiteralParser::tryLiteralParse):
56627 (JSC::LiteralParser::Lexer::Lexer):
56629 2011-06-18 Sheriff Bot <webkit.review.bot@gmail.com>
56631 Unreviewed, rolling out r89184.
56632 http://trac.webkit.org/changeset/89184
56633 https://bugs.webkit.org/show_bug.cgi?id=62927
56635 It broke 22 tests on all bot (Requested by Ossy_weekend on
56638 * API/JSValueRef.cpp:
56639 (JSValueMakeFromJSONString):
56640 * interpreter/Interpreter.cpp:
56641 (JSC::Interpreter::callEval):
56642 (JSC::Interpreter::execute):
56643 * parser/Lexer.cpp:
56645 * runtime/JSGlobalObjectFunctions.cpp:
56646 (JSC::globalFuncEval):
56647 * runtime/JSONObject.cpp:
56648 (JSC::JSONProtoFuncParse):
56649 * runtime/LiteralParser.cpp:
56650 (JSC::LiteralParser::Lexer::lex):
56651 (JSC::isSafeStringCharacter):
56652 (JSC::LiteralParser::Lexer::lexString):
56653 (JSC::LiteralParser::Lexer::lexNumber):
56654 (JSC::LiteralParser::parse):
56655 * runtime/LiteralParser.h:
56656 (JSC::LiteralParser::LiteralParser):
56657 (JSC::LiteralParser::tryLiteralParse):
56658 (JSC::LiteralParser::Lexer::Lexer):
56659 (JSC::LiteralParser::Lexer::next):
56661 2011-06-17 Oliver Hunt <oliver@apple.com>
56663 Reviewed by Gavin Barraclough.
56665 JSONP is unnecessarily slow
56666 https://bugs.webkit.org/show_bug.cgi?id=62920
56668 JSONP has unfortunately become a fairly common idiom online, yet
56669 it triggers very poor performance in JSC as we end up doing codegen
56670 for a large number of property accesses that will
56671 * only be run once, so the vast amount of logic we dump to handle
56672 caching of accesses is unnecessary.
56673 * We are doing codegen that is directly proportional to just
56674 creating the object in the first place.
56676 This patch extends the use of the literal parser to JSONP-like structures
56677 in global code, handling a number of different forms I have seen online.
56678 In an extreme case this improves performance of JSONP by more than 2x
56679 due to removal of code generation and execution time, and a few optimisations
56680 that I made to the parser itself.
56682 * API/JSValueRef.cpp:
56683 (JSValueMakeFromJSONString):
56684 * interpreter/Interpreter.cpp:
56685 (JSC::Interpreter::callEval):
56686 (JSC::Interpreter::execute):
56687 * parser/Lexer.cpp:
56688 (JSC::Lexer::isKeyword):
56690 * runtime/JSGlobalObjectFunctions.cpp:
56691 (JSC::globalFuncEval):
56692 * runtime/JSONObject.cpp:
56693 (JSC::JSONProtoFuncParse):
56694 * runtime/LiteralParser.cpp:
56695 (JSC::LiteralParser::tryJSONPParse):
56696 (JSC::LiteralParser::makeIdentifier):
56697 (JSC::LiteralParser::Lexer::lex):
56698 (JSC::LiteralParser::Lexer::next):
56699 (JSC::isSafeStringCharacter):
56700 (JSC::LiteralParser::Lexer::lexString):
56701 (JSC::LiteralParser::Lexer::lexNumber):
56702 (JSC::LiteralParser::parse):
56703 * runtime/LiteralParser.h:
56704 (JSC::LiteralParser::LiteralParser):
56705 (JSC::LiteralParser::tryLiteralParse):
56706 (JSC::LiteralParser::Lexer::Lexer):
56708 2011-06-17 Geoffrey Garen <ggaren@apple.com>
56710 Reviewed by Oliver Hunt.
56712 Moved some property access JIT code into property access JIT files
56713 https://bugs.webkit.org/show_bug.cgi?id=62906
56715 * jit/JITOpcodes.cpp:
56716 * jit/JITOpcodes32_64.cpp:
56717 * jit/JITPropertyAccess.cpp:
56718 (JSC::JIT::emitSlow_op_put_by_val):
56719 (JSC::JIT::emit_op_get_scoped_var):
56720 (JSC::JIT::emit_op_put_scoped_var):
56721 (JSC::JIT::emit_op_get_global_var):
56722 (JSC::JIT::emit_op_put_global_var):
56723 * jit/JITPropertyAccess32_64.cpp:
56724 (JSC::JIT::emit_op_get_scoped_var):
56725 (JSC::JIT::emit_op_put_scoped_var):
56726 (JSC::JIT::emit_op_get_global_var):
56727 (JSC::JIT::emit_op_put_global_var):
56729 2011-06-17 Anders Carlsson <andersca@apple.com>
56733 * JavaScriptCore.xcodeproj/project.pbxproj:
56735 2011-06-17 Geoffrey Garen <ggaren@apple.com>
56737 Try to fix the Leopard build?
56739 * JavaScriptCore.xcodeproj/project.pbxproj:
56741 2011-06-16 Geoffrey Garen <ggaren@apple.com>
56743 Reviewed by Oliver Hunt.
56745 Added some write barrier action, compiled out by default
56746 https://bugs.webkit.org/show_bug.cgi?id=62844
56748 * JavaScriptCore.exp: Build!
56750 * JavaScriptCore.xcodeproj/project.pbxproj: Fixed an incremental build
56751 issue with Heap.cpp.
56754 (JSC::Heap::writeBarrierSlowCase):
56756 (JSC::Heap::writeBarrier):
56757 * heap/MarkedBlock.h:
56758 (JSC::MarkedBlock::isAtomAligned):
56759 (JSC::MarkedBlock::blockFor):
56760 (JSC::MarkedBlock::atomNumber):
56761 (JSC::MarkedBlock::ownerSetNumber):
56762 (JSC::MarkedBlock::addOldSpaceOwner):
56763 (JSC::MarkedBlock::OwnerSet::OwnerSet):
56764 (JSC::MarkedBlock::OwnerSet::add):
56765 (JSC::MarkedBlock::OwnerSet::clear):
56766 (JSC::MarkedBlock::OwnerSet::size):
56767 (JSC::MarkedBlock::OwnerSet::didOverflow):
56768 (JSC::MarkedBlock::OwnerSet::owners): Added a basic write barrier that
56769 tracks owners for regions within blocks. Currently unused.
56771 2011-06-17 Raphael Kubo da Costa <kubo@profusion.mobi>
56773 Reviewed by Eric Seidel.
56775 [EFL] Add some OwnPtr specializations for EFL types.
56776 For now there are specializations for Ecore_Evas and Evas_Object.
56777 https://bugs.webkit.org/show_bug.cgi?id=62877
56779 * wtf/CMakeListsEfl.txt:
56780 * wtf/OwnPtrCommon.h:
56781 * wtf/efl/OwnPtrEfl.cpp: Added.
56782 (WTF::deleteOwnedPtr):
56784 2011-06-17 Joone Hur <joone.hur@collabora.co.uk>
56786 Reviewed by Martin Robinson.
56788 [GTK] Replace GdkRectangle by cairo_rectangle_int_t
56789 https://bugs.webkit.org/show_bug.cgi?id=60687
56791 Replace GdkRectangle by cairo_rectangle_int_t.
56793 * wtf/gobject/GTypedefs.h: Replace GdkRectangle by cairo_rectangle_int_t.
56795 2011-06-16 Gavin Barraclough <barraclough@apple.com>
56797 Reviewed by Oliver Hunt.
56799 https://bugs.webkit.org/show_bug.cgi?id=53014
56800 ES5 strict mode keyword restrictions aren't implemented
56802 The following are future restricted words is strict mode code:
56803 implements, interface, let, package, private, protected, public, static, yield
56805 * parser/JSParser.h:
56806 - Add RESERVED_IF_STRICT token.
56807 * parser/Keywords.table:
56808 - Add new future restricted words.
56809 * parser/Lexer.cpp:
56810 (JSC::Lexer::parseIdentifier):
56811 - Check for RESERVED_IF_STRICT; in nonstrict code this is converted to IDENT.
56813 - Pass strictMode flag to parseIdentifier.
56815 - parseIdentifier needs a strictMode flag.
56816 * runtime/CommonIdentifiers.h:
56817 - Add identifiers for new reserved words.
56819 2011-06-16 Gavin Barraclough <barraclough@apple.com>
56821 Reviewed by Oliver Hunt.
56823 https://bugs.webkit.org/show_bug.cgi?id=23611
56824 Multiline Javascript comments cause incorrect parsing of following script.
56827 "A MultiLineComment [is] simply discarded if it contains no line terminator,
56828 but if a MultiLineComment contains one or more line terminators, then it is
56829 replaced with a single line terminator, which becomes part of the stream of
56830 inputs for the syntactic grammar."
56832 This may result in behavioural changes, due to automatic semicolon insertion.
56834 * parser/Lexer.cpp:
56835 (JSC::Lexer::parseMultilineComment):
56836 - Set m_terminator is we see a line terminator in a multiline comment.
56838 2011-06-16 Gavin Barraclough <barraclough@apple.com>
56840 Reviewed by Sam Weinig.
56842 https://bugs.webkit.org/show_bug.cgi?id=62824
56843 DFG JIT - add support for branch-fusion of compareEq, JSValue comparisons in SpeculativeJIT
56845 CompareEq of non-integer values is the most common cause of speculation failure.
56847 * dfg/DFGSpeculativeJIT.cpp:
56848 (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
56850 (JSC::DFG::SpeculativeJIT::compilePeepHoleEq):
56851 - new! - peephole optimized Eq of JSValues.
56852 (JSC::DFG::SpeculativeJIT::compile):
56853 - Add peephole optimization for CompareEq.
56854 * dfg/DFGSpeculativeJIT.h:
56855 (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
56856 - Add support for dead nodes between compare & branch.
56857 (JSC::DFG::SpeculativeJIT::isInteger):
56858 - Added to determine which form of peephole to do in CompareEq.
56860 2011-06-16 Geoffrey Garen <ggaren@apple.com>
56862 Try to fix the Windows build.
56864 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Export another
56867 * bytecode/EvalCodeCache.h:
56868 * heap/HandleHeap.h:
56869 * heap/HeapRootVisitor.h:
56871 * runtime/ArgList.h:
56872 * runtime/ScopeChain.h:
56873 * runtime/SmallStrings.h:
56874 * runtime/Structure.h: Stop forward-declaring things that don't really
56877 2011-06-16 Geoffrey Garen <ggaren@apple.com>
56879 Try to fix the Mac build: Removed and re-added SlotVisitor.h to the Xcode
56880 project while crossing my fingers and facing west.
56882 * JavaScriptCore.xcodeproj/project.pbxproj:
56884 2011-06-16 Geoffrey Garen <ggaren@apple.com>
56886 Build fix: Removed an incorrect symbol on Windows.
56888 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
56890 2011-06-16 Geoffrey Garen <ggaren@apple.com>
56892 Build fix: Removed an accidental commit from the future.
56896 2011-06-16 Geoffrey Garen <ggaren@apple.com>
56898 Reviewed by Oliver Hunt.
56900 Introduced SlotVisitor into the project
56901 https://bugs.webkit.org/show_bug.cgi?id=62820
56903 This resolves a class vs typedef forward declaration issue, and gives all
56904 exported symbols the correct names.
56907 * GNUmakefile.list.am:
56908 * JavaScriptCore.exp:
56909 * JavaScriptCore.gypi:
56910 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
56911 * JavaScriptCore.xcodeproj/project.pbxproj: Build!
56913 * bytecode/EvalCodeCache.h:
56914 * heap/HandleHeap.h:
56917 (JSC::Heap::markRoots):
56919 * heap/HeapRootVisitor.h: Replaced MarkStack with SlotVisitor. Now no
56920 clients operate on a MarkStack.
56922 * heap/MarkStack.cpp:
56923 (JSC::SlotVisitor::visitChildren):
56924 (JSC::SlotVisitor::drain):
56925 * heap/SlotVisitor.h: Added.
56926 (JSC::SlotVisitor::SlotVisitor): Used 'protected' and a little cheesy
56927 inheritance to give SlotVisitor all the attributes of MarkStack without
56928 making this change giant. Over time, we will move more behavior into
56929 SlotVisitor and its subclasses.
56931 * heap/MarkStack.h:
56932 * heap/NewSpace.h: Replaced MarkStack with SlotVisitor. Now no
56933 clients operate on a MarkStack.
56935 * runtime/ArgList.h:
56936 * runtime/JSCell.h:
56937 * runtime/JSObject.h:
56938 * runtime/ScopeChain.h:
56939 * runtime/SmallStrings.h:
56940 * runtime/Structure.h: Replaced MarkStack with SlotVisitor. Now no
56941 clients operate on a MarkStack.
56943 2011-06-15 Oliver Hunt <oliver@apple.com>
56945 Reviewed by Geoffrey Garen.
56947 Reduce memory usage of resolve_global
56948 https://bugs.webkit.org/show_bug.cgi?id=62765
56950 If we have a large number of resolve_globals in a single
56951 block start planting plain resolve instructions instead
56952 whenever we aren't in a loop. This allows us to reduce
56953 the code size for extremely large functions without
56954 losing the performance benefits of op_resolve_global.
56956 * bytecode/CodeBlock.h:
56957 (JSC::CodeBlock::globalResolveInfoCount):
56958 * bytecompiler/BytecodeGenerator.cpp:
56959 (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
56960 (JSC::BytecodeGenerator::emitResolve):
56961 (JSC::BytecodeGenerator::emitResolveWithBase):
56962 * bytecompiler/BytecodeGenerator.h:
56964 2011-06-16 Qi Zhang <qi.2.zhang@nokia.com>
56966 Reviewed by Laszlo Gombos.
56968 [Qt] Fix building with CONFIG(use_system_icu)
56969 https://bugs.webkit.org/show_bug.cgi?id=62744
56971 Do not define WTF_USE_QT4_UNICODE if WTF_USE_ICU_UNICODE is set.
56975 2011-06-15 Darin Adler <darin@apple.com>
56977 Reviewed by Adam Barth.
56979 Remove obsolete LOOSE_OWN_PTR code
56980 https://bugs.webkit.org/show_bug.cgi?id=59909
56982 The internal Apple dependency on this is gone now.
56984 * wtf/OwnArrayPtr.h: Removed constructor that takes a raw pointer,
56985 set function that takes a raw pointer.
56987 * wtf/OwnPtr.h: Removed constructor that takes a raw pointer,
56988 set functino that takes a raw pointer.
56990 * wtf/PassOwnArrayPtr.h: Made constructor that takes a nullptr
56991 and assignment operator that takes a nullptr unconditional.
56992 Made constructor that takes a raw pointer private and explicit,
56993 and removed assignment operator that takes a raw pointer.
56995 * wtf/PassOwnPtr.h: Made assignment operator that takes a nullptr
56996 unconditional. Made constructor that takes a raw pointer private
56997 and explicit, and removed assignment operator that takes a raw pointer.
56999 2011-06-15 Sam Weinig <sam@webkit.org>
57001 Reviewed by Geoffrey Garen and Gavin Barraclough.
57003 Make access-nseive ~9x faster on the non-speculative path by
57004 adding special casing for doubles that can lossless-ly be converted
57005 to a uint32_t in getByVal and putByVal. This avoids calls to stringification
57006 and the hash lookup. Long term, we should try and get property of a getByVal
57007 and putByVal to be an integer immediate even in the non-speculative path.
57009 * dfg/DFGOperations.cpp:
57010 (JSC::DFG::putByVal):
57011 (JSC::DFG::operationPutByValInternal):
57013 2011-06-15 Oliver Hunt <oliver@apple.com>
57015 Reviewed by Darin Adler.
57017 REGRESSION (r88719): 5by5.tv schedule is not visible
57018 https://bugs.webkit.org/show_bug.cgi?id=62720
57020 Problem here is that the lexer wasn't considering '$' to be
57021 a valid character in an identifier.
57024 (JSC::Lexer::lexExpectIdentifier):
57026 2011-06-15 Oliver Hunt <oliver@apple.com>
57028 Reviewed by Sam Weinig.
57030 Reduce the size of global_resolve
57031 https://bugs.webkit.org/show_bug.cgi?id=62738
57033 Reduce the code size of global_resolve in the JIT by replacing
57034 multiple pointer loads with a single pointer move + two offset
57037 * jit/JITOpcodes.cpp:
57038 (JSC::JIT::emit_op_resolve_global):
57039 * jit/JITOpcodes32_64.cpp:
57040 (JSC::JIT::emit_op_resolve_global):
57042 2011-06-14 Geoffrey Garen <ggaren@apple.com>
57044 Reviewed by Dan Bernstein.
57046 Fixed an inavlid ASSERT I found while investigating
57047 <rdar://problem/9580254> Crash in JSC::HandleHeap::finalizeWeakHandles + 92
57048 https://bugs.webkit.org/show_bug.cgi?id=62699
57050 No test since we don't know of a way to get WebCore to deallocate the
57051 next-to-finalize handle, which is also the last handle in the list,
57052 while finalizing the second-to-last handle in the list.
57054 * heap/HandleHeap.h:
57055 (JSC::HandleHeap::deallocate): Don't ASSERT that m_nextToFinalize has a
57056 non-0 next() after updating it, since it is valid to update m_nextToFinalize
57057 to point to the tail sentinel.
57059 Do ASSERT that m_nextToFinalize has a non-0 next() before updating it,
57060 since it is not valid to update m_nextToFinalize to point past the tail
57063 Also, use m_nextToFinalize consistently for clarity.
57065 2011-06-14 Gavin Barraclough <barraclough@apple.com>
57067 Reviewed by Sam Weinig.
57069 https://bugs.webkit.org/show_bug.cgi?id=43841
57070 SegmentedVector::operator== typo
57072 * wtf/SegmentedVector.h:
57073 (WTF::SegmentedVectorIterator::operator==):
57074 (WTF::SegmentedVectorIterator::operator!=):
57076 2011-06-14 Oliver Hunt <oliver@apple.com>
57078 Reviewed by Gavin Barraclough.
57080 Constant array literals result in unnecessarily large amounts of code
57081 https://bugs.webkit.org/show_bug.cgi?id=62658
57083 Add a new version of op_new_array that simply copies values from a buffer
57084 we hang off of the CodeBlock, rather than generating code to place each
57085 entry into the registerfile, and then copying it from the registerfile into
57086 the array. This is a slight improvement on some sunspider tests, but no
57087 measurable overall change. That's okay though as our goal was to reduce
57088 code size without hurting performance.
57090 * bytecode/CodeBlock.cpp:
57091 (JSC::CodeBlock::dump):
57092 * bytecode/CodeBlock.h:
57093 (JSC::CodeBlock::addImmediateBuffer):
57094 (JSC::CodeBlock::immediateBuffer):
57095 * bytecode/Opcode.h:
57096 * bytecompiler/BytecodeGenerator.cpp:
57097 (JSC::BytecodeGenerator::addImmediateBuffer):
57098 (JSC::BytecodeGenerator::emitNewArray):
57099 * bytecompiler/BytecodeGenerator.h:
57100 * bytecompiler/NodesCodegen.cpp:
57101 (JSC::ArrayNode::emitBytecode):
57102 * interpreter/Interpreter.cpp:
57103 (JSC::Interpreter::privateExecute):
57105 (JSC::JIT::privateCompileMainPass):
57107 * jit/JITOpcodes.cpp:
57108 (JSC::JIT::emit_op_new_array):
57109 (JSC::JIT::emit_op_new_array_buffer):
57110 * jit/JITOpcodes32_64.cpp:
57111 * jit/JITStubs.cpp:
57112 (JSC::DEFINE_STUB_FUNCTION):
57115 2011-06-14 Sheriff Bot <webkit.review.bot@gmail.com>
57117 Unreviewed, rolling out r88841.
57118 http://trac.webkit.org/changeset/88841
57119 https://bugs.webkit.org/show_bug.cgi?id=62672
57121 Caused many tests to crash (Requested by rniwa on #webkit).
57123 * bytecode/CodeBlock.cpp:
57124 (JSC::CodeBlock::dump):
57125 * bytecode/CodeBlock.h:
57126 * bytecode/Opcode.h:
57127 * bytecompiler/BytecodeGenerator.cpp:
57128 (JSC::BytecodeGenerator::emitNewArray):
57129 * bytecompiler/BytecodeGenerator.h:
57130 * bytecompiler/NodesCodegen.cpp:
57131 (JSC::ArrayNode::emitBytecode):
57132 * interpreter/Interpreter.cpp:
57133 (JSC::Interpreter::privateExecute):
57135 (JSC::JIT::privateCompileMainPass):
57137 * jit/JITOpcodes.cpp:
57138 (JSC::JIT::emit_op_new_array):
57139 * jit/JITOpcodes32_64.cpp:
57140 (JSC::JIT::emit_op_new_array):
57141 * jit/JITStubs.cpp:
57144 2011-06-14 Oliver Hunt <oliver@apple.com>
57146 Reviewed by Gavin Barraclough.
57148 Constant array literals result in unnecessarily large amounts of code
57149 https://bugs.webkit.org/show_bug.cgi?id=62658
57151 Add a new version of op_new_array that simply copies values from a buffer
57152 we hang off of the CodeBlock, rather than generating code to place each
57153 entry into the registerfile, and then copying it from the registerfile into
57154 the array. This is a slight improvement on some sunspider tests, but no
57155 measurable overall change. That's okay though as our goal was to reduce
57156 code size without hurting performance.
57158 * bytecode/CodeBlock.cpp:
57159 (JSC::CodeBlock::dump):
57160 * bytecode/CodeBlock.h:
57161 (JSC::CodeBlock::addImmediateBuffer):
57162 (JSC::CodeBlock::immediateBuffer):
57163 * bytecode/Opcode.h:
57164 * bytecompiler/BytecodeGenerator.cpp:
57165 (JSC::BytecodeGenerator::addImmediateBuffer):
57166 (JSC::BytecodeGenerator::emitNewArray):
57167 * bytecompiler/BytecodeGenerator.h:
57168 * bytecompiler/NodesCodegen.cpp:
57169 (JSC::ArrayNode::emitBytecode):
57170 * interpreter/Interpreter.cpp:
57171 (JSC::Interpreter::privateExecute):
57173 (JSC::JIT::privateCompileMainPass):
57175 * jit/JITOpcodes.cpp:
57176 (JSC::JIT::emit_op_new_array):
57177 (JSC::JIT::emit_op_new_array_buffer):
57178 * jit/JITOpcodes32_64.cpp:
57179 * jit/JITStubs.cpp:
57180 (JSC::DEFINE_STUB_FUNCTION):
57183 2011-06-14 Stephanie Lewis <slewis@apple.com>
57185 Rubber stamped by Oliver Hunt.
57187 <rdar://problem/9511169>
57188 Update order files.
57190 * JavaScriptCore.order:
57192 2011-06-14 Sam Weinig <sam@webkit.org>
57194 Reviewed by Geoffrey Garen.
57196 Fix dumping of constants to have the correct constant number.
57198 * bytecode/CodeBlock.cpp:
57199 (JSC::CodeBlock::dump):
57201 2011-06-14 Benjamin Poulain <benjamin@webkit.org>
57203 Reviewed by Eric Seidel.
57205 KeywordLookupGenerator's Trie does not work with Python 3
57206 https://bugs.webkit.org/show_bug.cgi?id=62635
57208 With Python 3, dict.items() return an iterator. Since the iterator
57209 protocol changed between Python 2 and 3, the easiest way to get the
57210 values is to have something that use the iterator implicitely, like a
57213 * KeywordLookupGenerator.py:
57215 2011-06-13 Oliver Hunt <oliver@apple.com>
57217 Reviewed by Gavin Barraclough.
57219 Fix llocp and lvalp names in the lexer to something more meaningful
57220 https://bugs.webkit.org/show_bug.cgi?id=62605
57224 * parser/Lexer.cpp:
57225 (JSC::Lexer::parseIdentifier):
57226 (JSC::Lexer::parseString):
57229 (JSC::Lexer::lexExpectIdentifier):
57231 2011-06-13 Oliver Hunt <oliver@apple.com>
57233 Reviewed by Gavin Barraclough.
57235 Make it possible to inline the common case of identifier lexing
57236 https://bugs.webkit.org/show_bug.cgi?id=62600
57238 Add a lexing function that expects to lex an "normal" alpha numeric
57239 identifier (that ignores keywords) so it's possible to inline the
57240 common parsing cases. This comes out as a reasonable parsing speed
57243 * parser/JSParser.cpp:
57244 (JSC::JSParser::nextExpectIdentifier):
57245 (JSC::JSParser::parseProperty):
57246 (JSC::JSParser::parseMemberExpression):
57247 * parser/Lexer.cpp:
57249 (JSC::Lexer::makeIdentifier):
57250 (JSC::Lexer::lexExpectIdentifier):
57252 2011-06-13 Xan Lopez <xlopez@igalia.com>
57254 Reviewed by Martin Robinson.
57259 * GNUmakefile.list.am:
57261 2011-06-13 Oliver Hunt <oliver@apple.com>
57263 Reviewed by Simon Fraser.
57265 Make it possible to inline Identifier::equal
57266 https://bugs.webkit.org/show_bug.cgi?id=62584
57268 Move Identifier::equal to the Identifier header file.
57270 * runtime/Identifier.cpp:
57271 * runtime/Identifier.h:
57272 (JSC::Identifier::equal):
57274 2011-06-13 Tony Chang <tony@chromium.org>
57276 Reviewed by Dimitri Glazkov.
57278 rename ENABLE_NEW_FLEXBOX to ENABLE_CSS3_FLEXBOX
57279 https://bugs.webkit.org/show_bug.cgi?id=62578
57281 * Configurations/FeatureDefines.xcconfig:
57283 2011-06-13 Tony Chang <tony@chromium.org>
57285 Reviewed by Adam Barth.
57287 rename ENABLE_FLEXBOX to ENABLE_NEW_FLEXBOX
57288 https://bugs.webkit.org/show_bug.cgi?id=62545
57290 * Configurations/FeatureDefines.xcconfig:
57292 2011-06-12 Patrick Gansterer <paroga@webkit.org>
57294 Unreviewed. Build fix for !ENABLE(JIT) after r88604.
57296 * bytecode/CodeBlock.cpp:
57297 (JSC::CodeBlock::visitAggregate):
57299 2011-06-11 Gavin Barraclough <barraclough@apple.com>
57301 Reviewed by Darin Adler.
57303 https://bugs.webkit.org/show_bug.cgi?id=16777
57305 Remove #define NaN per Darin's comments.
57307 * runtime/JSGlobalObjectFunctions.cpp:
57308 (JSC::parseIntOverflow):
57310 (JSC::jsStrDecimalLiteral):
57313 * wtf/DateMath.cpp:
57314 (WTF::equivalentYearForDST):
57315 (WTF::parseES5DateFromNullTerminatedCharacters):
57316 (WTF::parseDateFromNullTerminatedCharacters):
57318 (JSC::parseDateFromNullTerminatedCharacters):
57320 2011-06-11 Gavin Barraclough <barraclough@apple.com>
57322 Rubber stamped by Geoff Garen.
57324 https://bugs.webkit.org/show_bug.cgi?id=62503
57325 Remove JIT_OPTIMIZE_* switches
57327 The alternative code paths are untested, and not well maintained.
57328 These were useful when there was more churn in the JIT, but now
57329 are a maintenance overhead. Time to move on, removing.
57331 * bytecode/CodeBlock.cpp:
57332 (JSC::CodeBlock::visitAggregate):
57334 (JSC::JIT::privateCompileSlowCases):
57335 (JSC::JIT::privateCompile):
57336 (JSC::JIT::linkConstruct):
57339 * jit/JITCall32_64.cpp:
57340 * jit/JITOpcodes.cpp:
57341 (JSC::JIT::privateCompileCTIMachineTrampolines):
57342 (JSC::JIT::privateCompileCTINativeCall):
57343 * jit/JITOpcodes32_64.cpp:
57344 (JSC::JIT::privateCompileCTIMachineTrampolines):
57345 (JSC::JIT::privateCompileCTINativeCall):
57346 (JSC::JIT::softModulo):
57347 * jit/JITPropertyAccess.cpp:
57348 * jit/JITPropertyAccess32_64.cpp:
57349 * jit/JITStubs.cpp:
57350 (JSC::DEFINE_STUB_FUNCTION):
57351 * runtime/Lookup.cpp:
57352 (JSC::setUpStaticFunctionSlot):
57353 * runtime/Lookup.h:
57356 2011-06-10 Gavin Barraclough <barraclough@apple.com>
57358 Reviewed by Sam Weinig.
57360 https://bugs.webkit.org/show_bug.cgi?id=16777
57361 Eliminate JSC::NaN and JSC::Inf
57363 There's no good reason for -K-J-S- JSC to have its own NAN and infinity constants.
57364 The ones in std::numeric_limits are perfectly good.
57365 Remove JSC::Inf, JSC::NaN, switch some cases of (isnan || isinf) to !isfinite.
57367 * API/JSCallbackObjectFunctions.h:
57369 * API/JSValueRef.cpp:
57370 (JSValueMakeNumber):
57372 * JavaScriptCore.exp:
57373 * runtime/CachedTranscendentalFunction.h:
57374 (JSC::CachedTranscendentalFunction::initialize):
57375 * runtime/DateConstructor.cpp:
57376 (JSC::constructDate):
57377 * runtime/DateInstanceCache.h:
57378 (JSC::DateInstanceData::DateInstanceData):
57379 (JSC::DateInstanceCache::reset):
57380 * runtime/JSCell.cpp:
57381 * runtime/JSCell.h:
57382 (JSC::JSCell::JSValue::getPrimitiveNumber):
57383 (JSC::JSCell::JSValue::toNumber):
57384 * runtime/JSGlobalData.cpp:
57385 (JSC::JSGlobalData::JSGlobalData):
57386 (JSC::JSGlobalData::resetDateCache):
57387 * runtime/JSGlobalObject.cpp:
57388 (JSC::JSGlobalObject::reset):
57389 * runtime/JSGlobalObjectFunctions.cpp:
57390 (JSC::globalFuncParseInt):
57391 (JSC::globalFuncIsFinite):
57392 * runtime/JSNotAnObject.cpp:
57393 (JSC::JSNotAnObject::toNumber):
57394 * runtime/JSValue.cpp:
57395 * runtime/JSValue.h:
57396 * runtime/JSValueInlineMethods.h:
57398 * runtime/MathObject.cpp:
57399 (JSC::mathProtoFuncMax):
57400 (JSC::mathProtoFuncMin):
57401 * runtime/NumberConstructor.cpp:
57402 (JSC::numberConstructorNegInfinity):
57403 (JSC::numberConstructorPosInfinity):
57404 * runtime/NumberPrototype.cpp:
57405 (JSC::numberProtoFuncToExponential):
57406 (JSC::numberProtoFuncToFixed):
57407 (JSC::numberProtoFuncToPrecision):
57408 (JSC::numberProtoFuncToString):
57409 * runtime/UString.cpp:
57410 * wtf/DecimalNumber.h:
57411 (WTF::DecimalNumber::DecimalNumber):
57415 2011-06-10 Tony Chang <tony@chromium.org>
57417 Reviewed by Ojan Vafai.
57419 add a compile guard ENABLE(FLEXBOX)
57420 https://bugs.webkit.org/show_bug.cgi?id=62049
57422 * Configurations/FeatureDefines.xcconfig:
57424 2011-06-10 Gavin Barraclough <barraclough@apple.com>
57426 Reviewed by Sam Weinig.
57428 https://bugs.webkit.org/show_bug.cgi?id=55347
57429 "name" and "message" enumerable on *Error.prototype
57431 This arises from chapter 15 of the spec:
57432 "Every other property described in this clause has the attributes
57433 { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }
57434 unless otherwise specified."
57435 Standardized properties are not enumerable.
57437 * runtime/ErrorInstance.cpp:
57438 (JSC::ErrorInstance::ErrorInstance):
57439 * runtime/NativeErrorPrototype.cpp:
57440 (JSC::NativeErrorPrototype::NativeErrorPrototype):
57442 2011-06-09 Geoffrey Garen <ggaren@apple.com>
57444 Build fix: Corrected header spelling.
57448 2011-06-09 Geoffrey Garen <ggaren@apple.com>
57450 Reviewed by Oliver Hunt.
57452 Added OldSpace to the project
57453 https://bugs.webkit.org/show_bug.cgi?id=62417
57457 Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
57458 per-block flag for testing whether you're in NewSpace vs OldSpace.
57461 * GNUmakefile.list.am:
57462 * JavaScriptCore.gypi:
57463 * JavaScriptCore.pro:
57464 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
57465 * JavaScriptCore.xcodeproj/project.pbxproj: Build!
57467 * heap/MarkedBlock.cpp:
57468 (JSC::MarkedBlock::MarkedBlock):
57469 * heap/MarkedBlock.h:
57470 (JSC::MarkedBlock::inNewSpace):
57471 (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
57474 * heap/NewSpace.cpp:
57475 (JSC::NewSpace::addBlock):
57476 (JSC::NewSpace::removeBlock):
57478 (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
57479 NewSpace-specific operations.
57481 * heap/OldSpace.cpp: Added.
57482 (JSC::OldSpace::OldSpace):
57483 (JSC::OldSpace::addBlock):
57484 (JSC::OldSpace::removeBlock):
57485 * heap/OldSpace.h: Added.
57486 (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
57489 2011-06-09 Hyowon Kim <hw1008.kim@samsung.com>
57491 Reviewed by Antonio Gomes.
57493 [EFL] Make accelerated compositing build in Webkit-EFL
57494 https://bugs.webkit.org/show_bug.cgi?id=62361
57496 Add PLATFORM(EFL) to enable ACCELERATED_COMPOSITING on EFL port.
57500 2011-06-09 Gavin Barraclough <barraclough@apple.com>
57502 Reviewed by Geoff Garen.
57504 Bug 62405 - Fix integer overflow in Array.prototype.push
57506 Fix geoff's review comments re static_cast.
57508 * runtime/ArrayPrototype.cpp:
57509 (JSC::arrayProtoFuncPush):
57511 2011-06-09 Geoffrey Garen <ggaren@apple.com>
57513 Reviewed by Oliver Hunt.
57515 Factored MarkedBlock set management into a helper class with a fast case Bloom filter
57516 https://bugs.webkit.org/show_bug.cgi?id=62413
57518 SunSpider reports a small speedup.
57520 This is in preparation for having ConservativeSet operate on arbitrary
57521 sets of MarkedBlocks, and in preparation for conservative scanning
57522 becoming proportionally more important than other GC activities.
57524 * GNUmakefile.list.am:
57525 * JavaScriptCore.gypi:
57526 * JavaScriptCore.xcodeproj/project.pbxproj: Build-o.
57528 * heap/ConservativeRoots.cpp:
57529 (JSC::ConservativeRoots::add):
57530 * heap/ConservativeRoots.h:
57531 (JSC::ConservativeRoots::ConservativeRoots): Operate on a MarkedBlockSet
57532 directly, instead of a Heap, so we can operate on subsets of the Heap
57535 Use a TinyBloomFilter for single-cycle exclusion of most pointers. This
57536 is particularly important since we expect not to find our subject pointer
57537 in the MarkedBlock hash, and hash misses are more expensive than typical
57538 hash lookups because they have high collision rates.
57540 No need for single-pointer add() to be public anymore, since nobody uses it.
57543 (JSC::Heap::markRoots):
57545 (JSC::Heap::forEachCell):
57546 (JSC::Heap::forEachBlock): Use MarkedBlockSet since that's what
57547 ConservativeRoots relies on.
57549 Nixed contains(), since nobody uses it anymore.
57551 * heap/MarkedBlock.h:
57552 (WTF::MarkedBlockHash::hash): Added a faster hash taking advantage of
57553 the VM layout properties of MarkedBlocks.
57555 * heap/MarkedBlockSet.h: Added.
57556 (JSC::MarkedBlockSet::add):
57557 (JSC::MarkedBlockSet::remove):
57558 (JSC::MarkedBlockSet::recomputeFilter):
57559 (JSC::MarkedBlockSet::filter):
57560 (JSC::MarkedBlockSet::set):
57561 * heap/TinyBloomFilter.h: Added.
57562 (JSC::TinyBloomFilter::TinyBloomFilter):
57563 (JSC::TinyBloomFilter::add):
57564 (JSC::TinyBloomFilter::ruleOut): New helper class, used above.
57566 * interpreter/RegisterFile.cpp:
57567 (JSC::RegisterFile::gatherConservativeRoots): No need to specifically
57568 exclude values by tag -- the tiny bloom filter is already a register-register
57569 compare, so adding another "rule out" factor just slows things down.
57571 2011-06-09 Gavin Barraclough <barraclough@apple.com>
57573 Reviewed by Oliver Hunt.
57575 Bug 62405 - Fix integer overflow in Array.prototype.push
57577 There are three integer overflows here, leading to safe (not a security risk)
57578 but incorrect (non-spec-compliant) behaviour.
57580 Two overflows occur when calculating the new length after pushing (one in the
57581 fast version of push in JSArray, one in the generic version in ArrayPrototype).
57582 The other occurs calculating indices to write to when multiple items are pushed.
57584 These errors result in three test-262 failures.
57586 * runtime/ArrayPrototype.cpp:
57587 (JSC::arrayProtoFuncPush):
57588 * runtime/JSArray.cpp:
57589 (JSC::JSArray::put):
57590 (JSC::JSArray::push):
57592 2011-06-09 Dan Bernstein <mitz@apple.com>
57594 Reviewed by Anders Carlsson.
57596 Add Vector::reverse()
57597 https://bugs.webkit.org/show_bug.cgi?id=62393
57600 (WTF::Vector::reverse): Added
57602 2011-06-08 Geoffrey Garen <ggaren@apple.com>
57604 Reviewed by Oliver Hunt.
57606 Factored a bunch of Heap functionality into stand-alone functors
57607 https://bugs.webkit.org/show_bug.cgi?id=62337
57609 This is in preparation for making these functors operate on arbitrary
57610 sets of MarkedBlocks.
57612 * JavaScriptCore.exp: This file is a small tragedy.
57614 * debugger/Debugger.cpp:
57615 (JSC::Debugger::recompileAllJSFunctions): Updated for type change and rename.
57617 * heap/HandleHeap.h:
57618 (JSC::HandleHeap::forEachStrongHandle): New function for iterating all
57619 strong handles, so we can play along in the functor game.
57622 (JSC::CountFunctor::CountFunctor::CountFunctor):
57623 (JSC::CountFunctor::CountFunctor::count):
57624 (JSC::CountFunctor::CountFunctor::returnValue):
57625 (JSC::CountFunctor::ClearMarks::operator()):
57626 (JSC::CountFunctor::ResetAllocator::operator()):
57627 (JSC::CountFunctor::Sweep::operator()):
57628 (JSC::CountFunctor::MarkCount::operator()):
57629 (JSC::CountFunctor::Size::operator()):
57630 (JSC::CountFunctor::Capacity::operator()):
57631 (JSC::CountFunctor::Count::operator()):
57632 (JSC::CountFunctor::CountIfGlobalObject::operator()):
57633 (JSC::CountFunctor::TakeIfEmpty::TakeIfEmpty):
57634 (JSC::CountFunctor::TakeIfEmpty::operator()):
57635 (JSC::CountFunctor::TakeIfEmpty::returnValue):
57636 (JSC::CountFunctor::RecordType::RecordType):
57637 (JSC::CountFunctor::RecordType::typeName):
57638 (JSC::CountFunctor::RecordType::operator()):
57639 (JSC::CountFunctor::RecordType::returnValue): These functors factor out
57640 behavior that used to be in the functions below.
57642 (JSC::Heap::clearMarks):
57643 (JSC::Heap::sweep):
57644 (JSC::Heap::objectCount):
57646 (JSC::Heap::capacity):
57647 (JSC::Heap::protectedGlobalObjectCount):
57648 (JSC::Heap::protectedObjectCount):
57649 (JSC::Heap::protectedObjectTypeCounts):
57650 (JSC::Heap::objectTypeCounts):
57651 (JSC::Heap::resetAllocator):
57652 (JSC::Heap::freeBlocks):
57653 (JSC::Heap::shrink): Factored out behavior into the functors above.
57656 (JSC::Heap::forEachProtectedCell):
57657 (JSC::Heap::forEachCell):
57658 (JSC::Heap::forEachBlock): Added forEach* iteration templates. I chose
57659 functor-based templates instead of plain iterators because they're simpler
57660 to implement in this case and they require a lot less code at the call site.
57662 * heap/MarkedBlock.h:
57663 (JSC::MarkedBlock::VoidFunctor::returnValue): Default parent class for
57666 (JSC::MarkedBlock::forEachCell): Renamed forEach to forEachCell because
57667 we have a few different kind of "for each" now.
57669 * runtime/JSGlobalData.cpp:
57670 (WTF::Recompile::operator()):
57671 (JSC::JSGlobalData::JSGlobalData):
57672 (JSC::JSGlobalData::recompileAllJSFunctions): Updated for type change and rename.
57674 * runtime/JSGlobalData.h: Removed globalObjectCount because it was unused.
57676 2011-06-08 Mikołaj Małecki <m.malecki@samsung.com>
57678 Reviewed by Pavel Feldman.
57680 Web Inspector: Crash by buffer overrun crash when serializing inspector object tree.
57681 https://bugs.webkit.org/show_bug.cgi?id=52791
57683 No new tests. The problem can be reproduced by trying to create InspectorValue
57684 from 1.0e-100 and call ->toJSONString() on this.
57686 * JavaScriptCore.exp:
57687 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
57688 export 2 functions DecimalNumber::bufferLengthForStringExponential and
57689 DecimalNumber::toStringExponential.
57691 2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
57693 Unreviewed, rolling out r88404.
57694 http://trac.webkit.org/changeset/88404
57695 https://bugs.webkit.org/show_bug.cgi?id=62342
57697 broke win and mac build (Requested by tony^work on #webkit).
57699 * JavaScriptCore.gyp/JavaScriptCore.gyp:
57701 2011-06-08 Evan Martin <evan@chromium.org>
57703 Reviewed by Adam Barth.
57705 [chromium] use gyp 'settings' type for settings target
57706 https://bugs.webkit.org/show_bug.cgi?id=62323
57708 The 'settings' gyp target type is for targets that exist solely
57709 for their settings (no build rules). The comment above this target
57710 says it's for this, but it incorrectly uses 'none'.
57712 * JavaScriptCore.gyp/JavaScriptCore.gyp:
57714 2011-06-08 Sailesh Agrawal <sail@chromium.org>
57716 Reviewed by Mihai Parparita.
57718 Chromium Mac: Enable overlay scrollbars
57719 https://bugs.webkit.org/show_bug.cgi?id=59756
57721 Enable WTF_USE_WK_SCROLLBAR_PAINTER for Chromium Mac. This allows us to use overlay scrollbars on future versions of Mac OS X.
57725 2011-06-08 Oliver Hunt <oliver@apple.com>
57727 Reviewed by Geoffrey Garen.
57729 Add faster lookup cache for multi character identifiers
57730 https://bugs.webkit.org/show_bug.cgi?id=62327
57732 Add a non-hash lookup for mutiple character identifiers. This saves us from
57733 adding repeated identifiers to the ParserArena's identifier list as people
57734 tend to not start all their variables and properties with the same character
57735 and happily identifier locality works in our favour.
57737 * parser/ParserArena.h:
57738 (JSC::IdentifierArena::isEmpty):
57739 (JSC::IdentifierArena::clear):
57740 (JSC::IdentifierArena::makeIdentifier):
57742 2011-06-08 Geoffrey Garen <ggaren@apple.com>
57744 Reviewed by Oliver Hunt.
57746 Took some responsibilities away from NewSpace
57747 https://bugs.webkit.org/show_bug.cgi?id=62325
57749 NewSpace is basically just an allocator now.
57751 Heap acts as a controller, responsible for managing the set of all
57754 This is in preparation for moving parts of the controller logic into
57755 separate helper classes that can act on arbitrary sets of MarkedBlocks
57756 that may or may not be in NewSpace.
57760 (JSC::Heap::destroy):
57761 (JSC::Heap::allocate):
57762 (JSC::Heap::markRoots):
57763 (JSC::Heap::clearMarks):
57764 (JSC::Heap::sweep):
57765 (JSC::Heap::objectCount):
57767 (JSC::Heap::capacity):
57768 (JSC::Heap::collect):
57769 (JSC::Heap::resetAllocator):
57770 (JSC::Heap::allocateBlock):
57771 (JSC::Heap::freeBlocks):
57772 (JSC::Heap::shrink): Moved the set of MarkedBlocks from NewSpace to Heap,
57773 along with all functions that operate on the set of MarkedBlocks. Also
57774 moved responsibility for deciding whether to allocate a new MarkedBlock,
57775 and for allocating it.
57778 (JSC::Heap::contains):
57779 (JSC::Heap::forEach): Ditto.
57781 * heap/NewSpace.cpp:
57782 (JSC::NewSpace::addBlock):
57783 (JSC::NewSpace::removeBlock):
57784 (JSC::NewSpace::resetAllocator):
57786 (JSC::NewSpace::waterMark):
57787 (JSC::NewSpace::allocate): Ditto.
57789 2011-06-08 Geoffrey Garen <ggaren@apple.com>
57791 Reviewed by Oliver Hunt.
57793 Some more MarkedSpace => NewSpace renaming
57794 https://bugs.webkit.org/show_bug.cgi?id=62305
57796 * JavaScriptCore.exp:
57797 * JavaScriptCore.order:
57798 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
57801 (JSC::Heap::destroy):
57802 (JSC::Heap::reportExtraMemoryCostSlowCase):
57803 (JSC::Heap::allocate):
57804 (JSC::Heap::markRoots):
57805 (JSC::Heap::objectCount):
57807 (JSC::Heap::capacity):
57808 (JSC::Heap::collect):
57809 (JSC::Heap::isValidAllocation):
57811 (JSC::Heap::markedSpace):
57812 (JSC::Heap::contains):
57813 (JSC::Heap::forEach):
57814 (JSC::Heap::allocate):
57815 * runtime/JSCell.h:
57817 2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
57819 Reviewed by Eric Seidel.
57821 Add export macros to profiler headers.
57822 https://bugs.webkit.org/show_bug.cgi?id=27551
57824 * profiler/Profiler.h:
57826 2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
57828 Reviewed by Eric Seidel.
57830 Add export symbols to parser headers.
57831 https://bugs.webkit.org/show_bug.cgi?id=27551
57833 * parser/SourceProviderCache.h:
57835 2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
57837 Reviewed by Eric Seidel.
57839 Add export symbols to interpreter headers.
57840 https://bugs.webkit.org/show_bug.cgi?id=27551
57842 * interpreter/Interpreter.h:
57844 2011-06-08 Kevin Ollivier <kevino@theolliviers.com>
57846 Reviewed by Eric Seidel.
57848 Add export symbols to debugger headers.
57849 https://bugs.webkit.org/show_bug.cgi?id=27551
57851 * debugger/Debugger.h:
57852 * debugger/DebuggerCallFrame.h:
57854 2011-06-08 Geoffrey Garen <ggaren@apple.com>
57856 Reviewed by Darin Adler.
57858 Moved MarkedSpace.* to NewSpace.* in preparation for more renaming
57859 https://bugs.webkit.org/show_bug.cgi?id=62268
57862 * GNUmakefile.list.am:
57863 * JavaScriptCore.gypi:
57864 * JavaScriptCore.pro:
57865 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
57866 * JavaScriptCore.xcodeproj/project.pbxproj:
57868 * heap/MarkedBlock.h:
57869 * heap/MarkedSpace.cpp: Removed.
57870 * heap/MarkedSpace.h: Removed.
57871 * heap/NewSpace.cpp: Copied from Source/JavaScriptCore/heap/MarkedSpace.cpp.
57872 * heap/NewSpace.h: Copied from Source/JavaScriptCore/heap/MarkedSpace.h.
57874 2011-06-08 Sheriff Bot <webkit.review.bot@gmail.com>
57876 Unreviewed, rolling out r88365.
57877 http://trac.webkit.org/changeset/88365
57878 https://bugs.webkit.org/show_bug.cgi?id=62301
57880 windows bots broken (Requested by loislo_ on #webkit).
57882 * JavaScriptCore.exp:
57884 2011-06-08 Ryan Sleevi <rsleevi@chromium.org>
57886 Reviewed by Tony Chang.
57888 Suppress C++0x compat warnings when compiling Chromium port with GCC 4.6
57890 Compiling Chromium port under GCC 4.6 produces warnings about nullptr
57891 https://bugs.webkit.org/show_bug.cgi?id=62242
57893 * JavaScriptCore.gyp/JavaScriptCore.gyp:
57895 2011-06-08 Ademar de Souza Reis Jr. <ademar.reis@openbossa.org>
57897 Reviewed by Andreas Kling.
57899 Webkit on SPARC Solaris has wrong endian
57900 https://bugs.webkit.org/show_bug.cgi?id=29407
57902 Bug 57256 fixed one crash on misaligned reads on sparc/solaris, but
57903 there are more ocurrences of the same code pattern in webkit.
57905 This patch includes the check on these other parts of the code.
57907 This is a speculative fix, I don't have a sparc machine to test and
57908 don't know which kind of test would trigger a crash (but it's quite
57909 obvious that it's the same code duplicated in different files).
57911 * runtime/UString.h:
57912 (JSC::UStringHash::equal):
57913 * wtf/text/StringHash.h:
57914 (WTF::StringHash::equal):
57916 2011-06-08 Yael Aharon <yael.aharon@nokia.com>
57918 Reviewed by Andreas Kling.
57920 [Qt] Build fix for building QtWebKit inside of Qt.
57921 https://bugs.webkit.org/show_bug.cgi?id=62280
57923 Remove CONFIG=staticlib, because it causes the configure script to add -ljavascriptcore
57926 No new tests, as this is just a build fix.
57928 * JavaScriptCore.pri:
57930 2011-06-07 Geoffrey Garen <ggaren@apple.com>
57932 Reviewed by Oliver Hunt.
57934 Split 'reset' into 'collect' and 'resetAllocator'
57935 https://bugs.webkit.org/show_bug.cgi?id=62267
57938 (JSC::Heap::allocate):
57939 (JSC::Heap::collectAllGarbage):
57940 (JSC::Heap::collect):
57942 * heap/MarkedBlock.h:
57943 (JSC::MarkedBlock::resetAllocator):
57944 * heap/MarkedSpace.cpp:
57945 (JSC::MarkedSpace::resetAllocator):
57946 * heap/MarkedSpace.h:
57947 (JSC::MarkedSpace::SizeClass::resetAllocator):
57949 2011-06-07 Geoffrey Garen <ggaren@apple.com>
57951 Reviewed by Sam Weinig.
57953 Renamed some more marks to visits
57954 https://bugs.webkit.org/show_bug.cgi?id=62254
57956 * heap/HandleHeap.cpp:
57957 (JSC::HandleHeap::visitStrongHandles):
57958 (JSC::HandleHeap::visitWeakHandles):
57959 * heap/HandleHeap.h:
57960 * heap/HandleStack.cpp:
57961 (JSC::HandleStack::visit):
57962 * heap/HandleStack.h:
57964 (JSC::Heap::markProtectedObjects):
57965 (JSC::Heap::markTempSortVectors):
57966 (JSC::Heap::markRoots):
57967 * heap/HeapRootVisitor.h:
57968 (JSC::HeapRootVisitor::visit):
57969 * runtime/ArgList.cpp:
57970 (JSC::MarkedArgumentBuffer::markLists):
57972 2011-06-07 Gavin Barraclough <barraclough@apple.com>
57974 Reviewed by Sam Weinig
57976 https://bugs.webkit.org/show_bug.cgi?id=55537
57977 Functions claim to have 'callee' which they actually don't (and shouldn't)
57979 * JavaScriptCore.xcodeproj/project.pbxproj:
57980 * runtime/JSFunction.cpp:
57981 (JSC::JSFunction::getOwnPropertyNames):
57983 2011-06-07 Juan C. Montemayor <jmont@apple.com>
57985 Reviewed by Darin Adler.
57987 Make JSStaticFunction and JSStaticValue less "const"
57988 https://bugs.webkit.org/show_bug.cgi?id=62222
57990 * API/JSObjectRef.h:
57991 * API/tests/testapi.c:
57992 (checkConstnessInJSObjectNames):
57994 * JavaScriptCore.xcodeproj/project.pbxproj:
57996 2011-06-07 Gavin Barraclough <barraclough@apple.com>
57998 Reviewed by Sam Weinig.
58000 https://bugs.webkit.org/show_bug.cgi?id=62240
58001 DFG JIT - add support for for-loop array initialization.
58003 Support put by val beyond vector length.
58004 Add a operationPutByValBeyondArrayBounds operation, make
58005 PutValVal call this if the vector length check fails.
58007 * dfg/DFGJITCodeGenerator.h:
58008 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
58009 (JSC::DFG::JITCodeGenerator::silentFillGPR):
58010 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
58011 (JSC::DFG::JITCodeGenerator::isDoubleConstantWithInt32Value):
58012 (JSC::DFG::JITCodeGenerator::isJSConstantWithInt32Value):
58013 (JSC::DFG::JITCodeGenerator::isIntegerConstant):
58014 (JSC::DFG::JITCodeGenerator::valueOfIntegerConstant):
58015 * dfg/DFGOperations.cpp:
58016 (JSC::DFG::operationPutByValInternal):
58017 * dfg/DFGOperations.h:
58018 * dfg/DFGSpeculativeJIT.cpp:
58019 (JSC::DFG::SpeculativeJIT::compile):
58020 * dfg/DFGSpeculativeJIT.h:
58022 2011-06-06 James Simonsen <simonjam@chromium.org>
58024 Reviewed by James Robinson.
58026 Add monotonicallyIncreasingTime() to get monotonically increasing time
58027 https://bugs.webkit.org/show_bug.cgi?id=37743
58029 * wtf/CurrentTime.cpp: Add monotonicallyIncreasingTime() for mac and a fallback implementation that just wraps currentTime().
58030 (WTF::monotonicallyIncreasingTime):
58031 * wtf/CurrentTime.h: Add monotonicallyIncreasingTime().
58033 2011-06-06 Alexandru Chiculita <achicu@adobe.com>
58035 Reviewed by Kent Tamura.
58037 Add ENABLE_CSS_EXCLUSIONS support for build-webkit script
58038 https://bugs.webkit.org/show_bug.cgi?id=61628
58040 * Configurations/FeatureDefines.xcconfig:
58042 2011-06-06 Mihnea Ovidenie <mihnea@adobe.com>
58044 Reviewed by Kent Tamura.
58046 Add ENABLE(CSS_REGIONS) guard for CSS Regions support
58047 https://bugs.webkit.org/show_bug.cgi?id=61631
58049 * Configurations/FeatureDefines.xcconfig:
58051 2011-06-06 Carlos Garcia Campos <cgarcia@igalia.com>
58053 Unreviewed. Fix the GTK+ build.
58055 * GNUmakefile.am: Add javascriptcore_cflags variable.
58057 2011-06-04 Kevin Ollivier <kevino@theolliviers.com>
58059 [wx] Unreviewed build fix. Restore the PPC build and allow users to specify architectures
58064 2011-06-04 Gustavo Noronha Silva <gns@gnome.org>
58066 Unreviewed, MIPS build fix.
58068 WebKitGTK+ tarball fails to build on MIPS.
58069 https://buildd.debian.org/status/fetch.php?pkg=webkitgtk%2B&arch=mips&ver=1.4.0-1&stamp=1304786691
58071 * GNUmakefile.list.am: Add missing MIPS-related file to the list
58072 of files that are added to the tarball on make dist, and fix
58075 2011-06-04 Sam Weinig <sam@webkit.org>
58077 Reviewed by Darin Adler.
58079 Fix formatting of the output generated by KeywordLookupGenerator.py
58080 https://bugs.webkit.org/show_bug.cgi?id=62083
58082 - Uses correct year for copyright.
58083 - Puts ending brace on same line as "else if"
58084 - Puts starting brace of function on its own line.
58085 - Adds some tasteful whitespace.
58086 - Adds comments to make clear that scopes are ending
58087 - Make macros actually split on two lines.
58089 * KeywordLookupGenerator.py:
58091 2011-06-04 Adam Barth <abarth@webkit.org>
58093 Reviewed by Eric Seidel.
58095 KeywordLookupGenerator.py spams stdout in Chromium Linux build
58096 https://bugs.webkit.org/show_bug.cgi?id=62087
58098 This action does not appear to be needed.
58100 * JavaScriptCore.gyp/JavaScriptCore.gyp:
58102 2011-06-03 Oliver Hunt <oliver@apple.com>
58104 Reviewed by Maciej Stachowiak.
58106 Lexer needs to provide Identifier for reserved words
58107 https://bugs.webkit.org/show_bug.cgi?id=62086
58109 Alas it is necessary to provide an Identifier reference for keywords
58110 so that we can do the right thing when they're used in object literals.
58111 We now keep Identifiers for all reserved words in the CommonIdentifiers
58112 structure so that we can access them without a hash lookup.
58114 * KeywordLookupGenerator.py:
58115 * parser/Lexer.cpp:
58116 (JSC::Lexer::parseIdentifier):
58118 * runtime/CommonIdentifiers.cpp:
58119 (JSC::CommonIdentifiers::CommonIdentifiers):
58120 * runtime/CommonIdentifiers.h:
58122 2011-06-03 Gavin Barraclough <barraclough@apple.com>
58124 Reviewed by Sam Weinig.
58126 Add debug code to break on speculation failures.
58128 * dfg/DFGJITCompiler.cpp:
58129 (JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
58130 (JSC::DFG::JITCompiler::compileFunction):
58133 2011-06-03 Gavin Barraclough <barraclough@apple.com>
58135 Reviewed by Sam Weinig.
58137 https://bugs.webkit.org/show_bug.cgi?id=62082
58138 DFG JIT - bug passing arguments that need swap
58140 This is really just a typo.
58141 When setting up the arguments for a call out to a C operation, we'll
58142 fail to swap arguments where this is necessary. For example, in the
58143 case of 2 arg calls, where the first argument is in %rdx & the second
58144 is in %rsi we should swap (exec will be passed in %rdi), but we don't.
58146 This can also affect function calls passing three arguments.
58148 * dfg/DFGJITCodeGenerator.h:
58149 (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
58150 - Call swap with the correct arguments.
58152 2011-06-03 Oliver Hunt <oliver@apple.com>
58154 Reviewed by Gavin Barraclough.
58156 Force inlining of some hot lexer functions
58157 https://bugs.webkit.org/show_bug.cgi?id=62079
58159 Fix more GCC stupidity
58162 (JSC::Lexer::isWhiteSpace):
58163 (JSC::Lexer::isLineTerminator):
58165 2011-06-03 Oliver Hunt <oliver@apple.com>
58167 Reviewed by Gavin Barraclough.
58169 GCC not inlining some functions that it really should be
58170 https://bugs.webkit.org/show_bug.cgi?id=62075
58172 Add ALWAYS_INLINE to a number of parsing and lexing functions
58173 that should always be inlined. This gets us ~1.4% on my ad hoc
58176 * KeywordLookupGenerator.py:
58177 * parser/JSParser.cpp:
58178 (JSC::JSParser::next):
58179 (JSC::JSParser::nextTokenIsColon):
58180 (JSC::JSParser::consume):
58181 (JSC::JSParser::match):
58182 (JSC::JSParser::tokenStart):
58183 (JSC::JSParser::tokenLine):
58184 (JSC::JSParser::tokenEnd):
58185 * parser/Lexer.cpp:
58186 (JSC::isIdentPart):
58188 2011-06-03 Oliver Hunt <oliver@apple.com>
58190 Whoops, fix last minute bug.
58192 * parser/Lexer.cpp:
58193 (JSC::Lexer::parseIdentifier):
58195 2011-06-03 Martin Robinson <mrobinson@igalia.com>
58197 Try to fix the GTK+ build.
58199 * GNUmakefile.am: Clean up some spaces that should be tabs.
58200 * GNUmakefile.list.am: Add KeywordLookup.h to the source list
58201 and clean up some spaces that should be tabs.
58203 2011-06-03 Oliver Hunt <oliver@apple.com>
58205 Reviewed by Geoffrey Garen.
58207 Improve keyword lookup
58208 https://bugs.webkit.org/show_bug.cgi?id=61913
58210 Rather than doing multiple hash lookups as we currently
58211 do when trying to identify keywords we now use an
58212 automatically generated decision tree (essentially it's
58213 a hard coded patricia trie). We still use the regular
58214 lookup table for the last few characters of an input as
58215 this allows us to completely skip all bounds checks.
58218 * DerivedSources.make:
58219 * DerivedSources.pro:
58221 * JavaScriptCore.gyp/JavaScriptCore.gyp:
58222 * JavaScriptCore.xcodeproj/project.pbxproj:
58223 * KeywordLookupGenerator.py: Added.
58224 * make-generated-sources.sh:
58225 * parser/Lexer.cpp:
58226 (JSC::Lexer::internalShift):
58227 (JSC::Lexer::shift):
58228 (JSC::Lexer::parseIdentifier):
58231 2011-06-03 Siddharth Mathur <siddharth.mathur@nokia.com>
58233 Reviewed by Benjamin Poulain.
58235 [Qt] Build flag for experimental ICU library support
58236 https://bugs.webkit.org/show_bug.cgi?id=60786
58238 Adds a build-time flag (CONFIG+=use_system_icu) that enables experimental
58239 ICU powered Unicode support.
58241 * JavaScriptCore.pri: Support for use_system_icu CONFIG flag.
58242 * wtf/unicode/qt4/UnicodeQt4.h: Guard an include file with USE(ICU_UNICODE).
58244 2011-06-03 Alexis Menard <alexis.menard@openbossa.org>
58246 Reviewed by Benjamin Poulain.
58248 [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
58249 https://bugs.webkit.org/show_bug.cgi?id=61957
58251 When building inside the Qt source tree, qmake always append the mkspecs
58252 defines after ours. We have to workaround and make sure that we append
58253 our flags after the qmake variable used inside Qt. This workaround was provided
58254 by our qmake folks. We need to append in both case because qmake behave differently
58255 when called with -spec or via SUBDIR+=. This patch unbreak r87950 on Mac for Qt port.
58257 * JavaScriptCore.pro:
58259 2011-06-02 Jay Civelli <jcivelli@chromium.org>
58261 Reviewed by Adam Barth.
58263 Added a method to generate RFC 2822 compliant date strings.
58264 https://bugs.webkit.org/show_bug.cgi?id=7169
58266 * wtf/DateMath.cpp:
58267 (WTF::twoDigitStringFromNumber):
58268 (WTF::makeRFC2822DateString):
58271 2011-06-02 Alexis Menard <alexis.menard@openbossa.org>
58273 Reviewed by Andreas Kling.
58275 [Qt] Build fix of QtWebKit 2.2 when inside Qt tree with GCC 4.6.
58276 https://bugs.webkit.org/show_bug.cgi?id=61957
58278 When building inside the Qt source tree, qmake always append the mkspecs
58279 defines after ours. We have to workaround and make sure that we append
58280 our flags after the qmake variable used inside Qt. This workaround was provided
58281 by our qmake folks.
58283 * JavaScriptCore.pro:
58285 2011-06-01 Oliver Hunt <oliver@apple.com>
58287 Reviewed by Geoffrey Garen.
58289 Add single character lookup cache to IdentifierArena
58290 https://bugs.webkit.org/show_bug.cgi?id=61879
58292 Add a simple lookup cache for single ascii character
58293 identifiers. Produces around a 2% improvement in parse
58294 time for my adhoc parser test.
58296 * parser/ParserArena.h:
58297 (JSC::IdentifierArena::IdentifierArena):
58298 (JSC::IdentifierArena::clear):
58299 (JSC::IdentifierArena::makeIdentifier):
58301 2011-05-31 Oliver Hunt <oliver@apple.com>
58303 Reviewed by Geoffrey Garen.
58305 Freezing a function and its prototype causes browser to crash.
58306 https://bugs.webkit.org/show_bug.cgi?id=61758
58308 Make JSObject::preventExtensions virtual so that we can override it
58309 and instantiate all lazy
58311 * JavaScriptCore.exp:
58312 * runtime/JSFunction.cpp:
58313 (JSC::createPrototypeProperty):
58314 (JSC::JSFunction::preventExtensions):
58315 (JSC::JSFunction::getOwnPropertySlot):
58316 * runtime/JSFunction.h:
58317 * runtime/JSObject.h:
58318 * runtime/JSObject.cpp:
58319 (JSC::JSObject::seal):
58320 (JSC::JSObject::seal):
58322 2011-06-01 Sheriff Bot <webkit.review.bot@gmail.com>
58324 Unreviewed, rolling out r87788.
58325 http://trac.webkit.org/changeset/87788
58326 https://bugs.webkit.org/show_bug.cgi?id=61856
58328 breaks windows chromium canary (Requested by jknotten on
58331 * wtf/DateMath.cpp:
58335 2011-06-01 Jay Civelli <jcivelli@chromium.org>
58337 Reviewed by Adam Barth.
58339 Added a method to generate RFC 2822 compliant date strings.
58340 https://bugs.webkit.org/show_bug.cgi?id=7169
58342 * wtf/DateMath.cpp:
58343 (WTF::twoDigitStringFromNumber):
58344 (WTF::makeRFC2822DateString):
58347 2011-05-31 Yong Li <yoli@rim.com>
58349 Reviewed by Eric Seidel.
58351 https://bugs.webkit.org/show_bug.cgi?id=54807
58352 We have been assuming plain bitfields (like "int a : 31") are always signed integers.
58353 However some compilers can treat them as unsigned. For example, RVCT 4.0 states plain
58354 bitfields (declared without either signed or unsigned qualifiers) are treats as unsigned.
58355 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0348c/Babjddhe.html
58356 Although we can use "--signed-bitfields" flag to make RVCT 4.0 behave as most other compilers,
58357 always using "signed"/"unsigned" qualifier to declare integral type bitfields is still a good
58358 rule we should have in order to make our code independent from compilers and compiler flags.
58360 No new test added because this change is not known to fix any issue.
58362 * bytecode/StructureStubInfo.h:
58364 2011-05-30 Hojong Han <hojong.han@samsung.com>
58366 Reviewed by Geoffrey Garen.
58368 [JSC] malfunction during arithmetic condition check with negative number (-2147483648)
58369 https://bugs.webkit.org/show_bug.cgi?id=61416
58371 * assembler/MacroAssemblerARM.h:
58372 (JSC::MacroAssemblerARM::branch32):
58373 * tests/mozilla/ecma/Expressions/11.12-1.js:
58376 2011-05-29 Geoffrey Garen <ggaren@apple.com>
58378 Reviewed by Sam Weinig.
58380 Some heap refactoring
58381 https://bugs.webkit.org/show_bug.cgi?id=61704
58383 SunSpider says no change.
58385 * JavaScriptCore.exp: Export!
58387 * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
58389 (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
58391 (JSC::Heap::allocate): Changed inline allocation code to only select the
58392 size class, since this can be optimized out at compile time -- everything
58393 else is now inlined into this out-of-line function.
58395 No need to duplicate ASSERTs made in our caller.
58399 (JSC::Heap::isMarked):
58400 (JSC::Heap::testAndSetMarked):
58401 (JSC::Heap::testAndClearMarked):
58402 (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
58403 a layer of indirection through MarkedSpace.
58405 (JSC::Heap::allocate): See above.
58407 * heap/MarkedBlock.cpp:
58408 (JSC::MarkedBlock::create):
58409 (JSC::MarkedBlock::MarkedBlock):
58410 * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
58412 * heap/MarkedSpace.cpp:
58413 (JSC::MarkedSpace::MarkedSpace):
58414 (JSC::MarkedSpace::allocateBlock):
58415 * heap/MarkedSpace.h:
58416 (JSC::MarkedSpace::allocate): Updated to match changes above.
58418 2011-05-28 David Kilzer <ddkilzer@apple.com>
58420 BUILD FIX when building only the interpreter
58422 Fixes the following compiler warning:
58424 JavaScriptCore/runtime/JSGlobalData.cpp:462:6: error: no previous prototype for function 'releaseExecutableMemory' [-Werror,-Wmissing-prototypes,3]
58425 void releaseExecutableMemory(JSGlobalData& globalData)
58428 * jit/ExecutableAllocator.h: Moved declaration of
58429 JSC::releaseExecutableMemory().
58431 2011-05-28 David Kilzer <ddkilzer@apple.com>
58433 BUILD FIX after r87527 with ENABLE(BRANCH_COMPACTION)
58435 * assembler/LinkBuffer.h:
58436 (JSC::LinkBuffer::linkCode): Added missing argument.
58438 2011-05-27 Geoffrey Garen <ggaren@apple.com>
58440 Reviewed by Oliver Hunt.
58442 JS API is too aggressive about throwing exceptions for NULL get or set operations
58443 https://bugs.webkit.org/show_bug.cgi?id=61678
58445 * API/JSCallbackObject.h: Changed our staticValueGetter to a regular
58446 function that returns a JSValue, so it can fail and still forward to
58447 normal property lookup.
58449 * API/JSCallbackObjectFunctions.h:
58450 (JSC::::getOwnPropertySlot): Don't throw an exception when failing to
58451 access a static property -- just forward the access. This allows objects
58452 to observe get/set operations but still let the JS object manage lifetime.
58454 (JSC::::put): Ditto.
58456 (JSC::::getStaticValue): Same as JSCallbackObject.h.
58458 * API/tests/testapi.c:
58459 (MyObject_set_nullGetForwardSet):
58460 * API/tests/testapi.js: Updated tests to reflect slightly less strict
58461 behavior, which matches headerdoc claims.
58463 2011-05-27 Geoffrey Garen <ggaren@apple.com>
58465 Reviewed by Oliver Hunt.
58467 Property caching is too aggressive for API objects
58468 https://bugs.webkit.org/show_bug.cgi?id=61677
58470 * API/JSCallbackObject.h: Opt in to ProhibitsPropertyCaching, since our
58471 callback APIs allow the client to change its mind about our propertis at
58474 * API/tests/testapi.c:
58475 (PropertyCatchalls_getProperty):
58476 (PropertyCatchalls_setProperty):
58477 (PropertyCatchalls_getPropertyNames):
58478 (PropertyCatchalls_class):
58480 * API/tests/testapi.js: Some tests for dynamic API objects.
58482 * interpreter/Interpreter.cpp:
58483 (JSC::Interpreter::tryCachePutByID):
58484 (JSC::Interpreter::tryCacheGetByID):
58485 * jit/JITStubs.cpp:
58486 (JSC::JITThunks::tryCachePutByID):
58487 (JSC::JITThunks::tryCacheGetByID):
58488 (JSC::DEFINE_STUB_FUNCTION): Opt out of property caching if the client
58491 * runtime/JSTypeInfo.h:
58492 (JSC::TypeInfo::TypeInfo):
58493 (JSC::TypeInfo::isFinal):
58494 (JSC::TypeInfo::prohibitsPropertyCaching):
58495 (JSC::TypeInfo::flags): Added a flag to track opting out of property
58496 caching. Fixed an "&&" vs "&" typo that was previously harmless, but
58497 is now harmful since m_flags2 can have more than one bit set.
58499 2011-05-27 Stephanie Lewis <slewis@apple.com>
58503 Fix a typo in the order_file flag.
58505 * Configurations/Base.xcconfig:
58507 2011-05-27 Patrick Gansterer <paroga@webkit.org>
58509 Unreviewed. Build fix for !ENABLE(ASSEMBLER) after r87527.
58511 * runtime/JSGlobalData.cpp:
58512 (JSGlobalData::JSGlobalData):
58514 2011-05-27 Oliver Hunt <oliver@apple.com>
58516 Reviewed by Geoffrey Garen.
58518 Add a few validity assertions to JSCallbackObject
58519 https://bugs.webkit.org/show_bug.cgi?id=61659
58521 * API/JSCallbackObject.h:
58522 (JSC::JSCallbackObject::visitChildren):
58524 2011-05-27 Oliver Hunt <oliver@apple.com>
58528 * runtime/RegExpCache.cpp:
58529 (JSC::RegExpCache::invalidateCode):
58531 2011-05-27 Oliver Hunt <oliver@apple.com>
58533 Reviewed by Geoffrey Garen.
58535 Try to release unused executable memory when the FixedVMPool allocator is under pressure
58536 https://bugs.webkit.org/show_bug.cgi?id=61651
58538 Rather than crashing when full the FixedVMPool allocator now returns a null
58539 allocation. We replace the code that used to CRASH() on null allocations
58540 with logic that asks the provided globalData to release any executable memory
58541 that it can. Currently this just means throwing away all regexp code, but
58542 in future we'll try to be more aggressive.
58544 * assembler/ARMAssembler.cpp:
58545 (JSC::ARMAssembler::executableCopy):
58546 * assembler/ARMAssembler.h:
58547 * assembler/AssemblerBuffer.h:
58548 (JSC::AssemblerBuffer::executableCopy):
58549 * assembler/AssemblerBufferWithConstantPool.h:
58550 * assembler/LinkBuffer.h:
58551 (JSC::LinkBuffer::LinkBuffer):
58552 (JSC::LinkBuffer::linkCode):
58553 * assembler/MIPSAssembler.h:
58554 (JSC::MIPSAssembler::executableCopy):
58555 * assembler/SH4Assembler.h:
58556 (JSC::SH4Assembler::executableCopy):
58557 * assembler/X86Assembler.h:
58558 (JSC::X86Assembler::executableCopy):
58559 (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
58560 * dfg/DFGJITCompiler.cpp:
58561 (JSC::DFG::JITCompiler::compileFunction):
58562 * jit/ExecutableAllocator.h:
58563 (JSC::ExecutablePool::create):
58564 (JSC::ExecutablePool::alloc):
58565 (JSC::ExecutableAllocator::ExecutableAllocator):
58566 (JSC::ExecutableAllocator::poolForSize):
58567 (JSC::ExecutablePool::ExecutablePool):
58568 (JSC::ExecutablePool::poolAllocate):
58569 * jit/ExecutableAllocatorFixedVMPool.cpp:
58570 (JSC::FixedVMPoolAllocator::alloc):
58572 (JSC::JIT::privateCompile):
58573 * jit/JITOpcodes.cpp:
58574 (JSC::JIT::privateCompileCTIMachineTrampolines):
58575 * jit/JITOpcodes32_64.cpp:
58576 (JSC::JIT::privateCompileCTIMachineTrampolines):
58577 (JSC::JIT::privateCompileCTINativeCall):
58578 * jit/JITPropertyAccess.cpp:
58579 (JSC::JIT::stringGetByValStubGenerator):
58580 (JSC::JIT::privateCompilePutByIdTransition):
58581 (JSC::JIT::privateCompilePatchGetArrayLength):
58582 (JSC::JIT::privateCompileGetByIdProto):
58583 (JSC::JIT::privateCompileGetByIdSelfList):
58584 (JSC::JIT::privateCompileGetByIdProtoList):
58585 (JSC::JIT::privateCompileGetByIdChainList):
58586 (JSC::JIT::privateCompileGetByIdChain):
58587 * jit/JITPropertyAccess32_64.cpp:
58588 (JSC::JIT::stringGetByValStubGenerator):
58589 (JSC::JIT::privateCompilePutByIdTransition):
58590 (JSC::JIT::privateCompilePatchGetArrayLength):
58591 (JSC::JIT::privateCompileGetByIdProto):
58592 (JSC::JIT::privateCompileGetByIdSelfList):
58593 (JSC::JIT::privateCompileGetByIdProtoList):
58594 (JSC::JIT::privateCompileGetByIdChainList):
58595 (JSC::JIT::privateCompileGetByIdChain):
58596 * jit/SpecializedThunkJIT.h:
58597 (JSC::SpecializedThunkJIT::finalize):
58598 * jit/ThunkGenerators.cpp:
58599 (JSC::charCodeAtThunkGenerator):
58600 (JSC::charAtThunkGenerator):
58601 (JSC::fromCharCodeThunkGenerator):
58602 (JSC::sqrtThunkGenerator):
58603 (JSC::powThunkGenerator):
58604 * runtime/JSGlobalData.cpp:
58605 (JSC::JSGlobalData::JSGlobalData):
58606 (JSC::JSGlobalData::releaseExecutableMemory):
58607 (JSC::releaseExecutableMemory):
58608 * runtime/JSGlobalData.h:
58609 * runtime/RegExpCache.cpp:
58610 (JSC::RegExpCache::invalidateCode):
58611 * runtime/RegExpCache.h:
58612 * yarr/YarrJIT.cpp:
58613 (JSC::Yarr::YarrGenerator::compile):
58615 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58617 Reviewed by Oliver Hunt.
58619 Optimized ConservativeSet to avoid double-visiting objects
58620 https://bugs.webkit.org/show_bug.cgi?id=61592
58622 SunSpider thinks this might be a 1% speedup
58624 * heap/ConservativeRoots.h:
58625 (JSC::ConservativeRoots::add): Use testAndClearMarked to avoid double-visiting
58629 (JSC::Heap::isMarked):
58630 (JSC::Heap::testAndSetMarked):
58631 (JSC::Heap::testAndClearMarked):
58632 (JSC::Heap::setMarked): Added testAndClearMarked. Changed argument type
58633 to void*, since clients want to ask questions about arbitrary pointers
58634 into the heap, even when they aren't known to be JSCells.
58636 * heap/MarkedBlock.h:
58637 (JSC::MarkedBlock::testAndClearMarked):
58638 * heap/MarkedSpace.h:
58639 (JSC::MarkedSpace::isMarked):
58640 (JSC::MarkedSpace::testAndSetMarked):
58641 (JSC::MarkedSpace::testAndClearMarked):
58642 (JSC::MarkedSpace::setMarked):
58643 (JSC::MarkedSpace::contains): Ditto.
58646 (WTF::::testAndClear): New function for ConservativeRoots's inverted
58649 2011-05-27 Stephanie Lewis <slewis@apple.com>
58651 Rubber Stamped by Adam Roben.
58653 Update Order Files. Use -order_file flag since it can order more of the binary.
58655 * Configurations/Base.xcconfig:
58656 * JavaScriptCore.order:
58658 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58660 Reviewed by Oliver Hunt.
58662 Renamed heapRootMarker to heapRootVisitor to match its class name
58663 https://bugs.webkit.org/show_bug.cgi?id=61584
58666 (JSC::Heap::markProtectedObjects):
58667 (JSC::Heap::markTempSortVectors):
58668 (JSC::Heap::markRoots):
58670 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58672 Reviewed by Oliver Hunt.
58674 Removed some interdependency between Heap and SmallStrings by simplifying
58675 the SmallStrings lifetime model
58676 https://bugs.webkit.org/show_bug.cgi?id=61579
58678 SunSpider reports no change.
58680 Using Weak<T> could accomplish this too, but we're not sure it will give
58681 us the performance we need. This is a first step, and it accomplishes
58682 most of the value of using Weak<T>.
58685 (JSC::Heap::destroy):
58686 (JSC::Heap::markRoots):
58687 (JSC::Heap::reset): Finalize small strings just like other weak handles.
58689 * runtime/SmallStrings.cpp:
58691 (JSC::SmallStrings::finalizeSmallStrings):
58692 * runtime/SmallStrings.h: Make all small strings trivially weak, instead
58693 of having an "all for one, one for all" memory model.
58695 2011-05-26 Oliver Hunt <oliver@apple.com>
58697 Reviewed by Geoffrey Garen.
58699 Make RegExpCache a weak map
58700 https://bugs.webkit.org/show_bug.cgi?id=61554
58702 Switch to a weak map for the regexp cache, and hide that
58703 behaviour behind RegExp::create.
58705 When a RegExp is compiled it attempts to add itself to
58706 the "strong" cache. This cache is a simple round-robin
58707 buffer as was the old strong cache. Happily this can
58708 be smaller than the old strong cache as RegExps are only
58709 added when they're compiled so it is under less pressure
58712 * bytecompiler/NodesCodegen.cpp:
58713 (JSC::RegExpNode::emitBytecode):
58714 * runtime/RegExp.cpp:
58715 (JSC::RegExp::RegExp):
58716 (JSC::RegExp::create):
58717 (JSC::RegExp::match):
58718 * runtime/RegExp.h:
58719 (JSC::RegExp::gcShouldInvalidateCode):
58720 (JSC::RegExp::hasCode):
58721 (JSC::RegExp::key):
58722 * runtime/RegExpCache.cpp:
58723 (JSC::RegExpCache::lookupOrCreate):
58724 (JSC::RegExpCache::RegExpCache):
58725 (JSC::RegExpCache::isReachableFromOpaqueRoots):
58726 (JSC::RegExpCache::finalize):
58727 * runtime/RegExpCache.h:
58728 * runtime/RegExpConstructor.cpp:
58729 (JSC::constructRegExp):
58730 * runtime/RegExpPrototype.cpp:
58731 (JSC::regExpProtoFuncCompile):
58732 * runtime/StringPrototype.cpp:
58733 (JSC::stringProtoFuncMatch):
58734 (JSC::stringProtoFuncSearch):
58736 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58738 Reviewed by Oliver Hunt.
58740 Moved Heap-related functions out of JSCell.h and into respective header files
58741 https://bugs.webkit.org/show_bug.cgi?id=61567
58744 (JSC::Heap::allocate):
58746 * heap/MarkedBlock.h:
58747 (JSC::MarkedBlock::allocate):
58748 * heap/MarkedSpace.h:
58749 (JSC::MarkedSpace::sizeClassFor):
58750 (JSC::MarkedSpace::allocate):
58751 * runtime/JSCell.h:
58752 (JSC::JSCell::destructor):
58754 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58756 Try to fix Windows build.
58758 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
58760 2011-05-26 Ryosuke Niwa <rniwa@webkit.org>
58762 Reviewed by Eric Seidel.
58764 [debug feature] WTFString should have show() method
58765 https://bugs.webkit.org/show_bug.cgi?id=61149
58767 Added String::show and AtomicString::show in NDEBUG.
58769 * wtf/text/AtomicString.cpp:
58770 (WTF::AtomicString::show):
58771 * wtf/text/AtomicString.h:
58772 * wtf/text/WTFString.cpp:
58774 * wtf/text/WTFString.h:
58776 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58778 Reviewed by Geoffrey Garen.
58780 Factored out some Heap ASSERTs
58781 https://bugs.webkit.org/show_bug.cgi?id=61565
58783 * JavaScriptCore.exp:
58785 (JSC::isValidSharedInstanceThreadState):
58786 (JSC::isValidThreadState):
58787 (JSC::Heap::markRoots):
58788 (JSC::Heap::isValidAllocation):
58790 * runtime/JSCell.h:
58791 (JSC::JSCell::Heap::allocate):
58793 2011-05-26 Gavin Barraclough <barraclough@apple.com>
58795 Reviewed by Geoff Garen.
58797 https://bugs.webkit.org/show_bug.cgi?id=61508
58798 DFG JIT - Add support for get by id self caching.
58800 Change the call out to be an unexpected call (using silent spill/fill functions),
58801 add a structure check & compact load to the JIT code, and add repatching mechanisms.
58802 Since DFGOperations may want to be be implemented in asm, make these symbols be extern
58803 "C". Add an asm wrapper to pass the return address to the optimizing get-by-id operation,
58804 so that it can look up its StructureStubInfo.
58806 * JavaScriptCore.xcodeproj/project.pbxproj:
58808 * bytecode/StructureStubInfo.h:
58809 - Added 'unset' entries to union.
58810 * dfg/DFGJITCodeGenerator.h:
58811 (JSC::DFG::JITCodeGenerator::appendCallWithExceptionCheck):
58812 - Return the call, we need this to populate the StructureStubInfo.
58813 * dfg/DFGJITCompiler.cpp:
58814 (JSC::DFG::JITCompiler::compileFunction):
58815 - Populate the CodebBlock's StructureStubInfo Vector.
58816 * dfg/DFGJITCompiler.h:
58817 (JSC::DFG::JITCompiler::appendCallWithExceptionCheck):
58818 - Return the call, we need this to populate the StructureStubInfo.
58819 (JSC::DFG::JITCompiler::addPropertyAccess):
58820 (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
58821 - Add structures to record property access info during compilation.
58822 * dfg/DFGOperations.cpp:
58823 - Made all external methods extern "C".
58824 (JSC::DFG::operationPutByValInternal):
58825 - Moved outside of the extern "C" block.
58826 * dfg/DFGOperations.h:
58827 - Made all external methods extern "C".
58828 * dfg/DFGRepatch.cpp: Added.
58829 (JSC::DFG::dfgRepatchCall):
58830 - repatch a call to link to a new callee function.
58831 (JSC::DFG::dfgRepatchGetByIdSelf):
58832 - Modify the JIT code to optimize self accesses.
58833 (JSC::DFG::tryCacheGetByID):
58834 - Internal implementation of dfgRepatchGetByID (factor out failing cases).
58835 (JSC::DFG::dfgRepatchGetByID):
58836 - Used to optimize 'operationGetByIdOptimize' - repatches to 'operationGetById', and tries to optimize self accesses!
58837 * dfg/DFGRepatch.h: Added.
58838 - Expose dfgRepatchGetByID.
58839 * dfg/DFGSpeculativeJIT.cpp:
58840 (JSC::DFG::SpeculativeJIT::compile):
58841 - Changed implementation of GetById ops.
58843 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58845 Rolled back in http://trac.webkit.org/changeset/87408 with Windows build fixed.
58847 * heap/MarkedBlock.cpp:
58848 (JSC::MarkedBlock::MarkedBlock):
58849 * heap/MarkedBlock.h:
58850 * wtf/DoublyLinkedList.h:
58851 (WTF::::DoublyLinkedListNode):
58856 (WTF::::DoublyLinkedList):
58863 (WTF::::removeHead):
58865 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58867 Rolled out http://trac.webkit.org/changeset/87408 because it broke the
58870 * heap/MarkedBlock.cpp:
58871 (JSC::MarkedBlock::MarkedBlock):
58872 * heap/MarkedBlock.h:
58873 (JSC::MarkedBlock::setPrev):
58874 (JSC::MarkedBlock::setNext):
58875 (JSC::MarkedBlock::prev):
58876 (JSC::MarkedBlock::next):
58877 * wtf/DoublyLinkedList.h:
58878 (WTF::::DoublyLinkedList):
58884 2011-05-26 Geoffrey Garen <ggaren@apple.com>
58886 Reviewed by Oliver Hunt.
58888 Provide a real owner when copying a property table, for the sake of
58890 https://bugs.webkit.org/show_bug.cgi?id=61547
58892 No test because we can't enable the writeBarrier() ASSERT just yet.
58894 * runtime/Structure.cpp:
58895 (JSC::Structure::addPropertyTransition):
58897 2011-05-26 Adam Roben <aroben@apple.com>
58899 Windows build fix after r87346
58901 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Fixed up exports to match
58904 2011-05-26 Patrick Gansterer <paroga@webkit.org>
58906 Reviewed by Adam Barth.
58908 ASSERT(isMainThread()) when using single threaded jsc executable
58909 https://bugs.webkit.org/show_bug.cgi?id=60846
58911 Remove the ASSERT since we do not have the concept of MainThread in JSC.
58913 * wtf/CryptographicallyRandomNumber.cpp:
58914 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomNumber):
58915 (WTF::ARC4Stream::ARC4RandomNumberGenerator::randomValues):
58917 2011-05-25 Gavin Barraclough <barraclough@apple.com>
58919 Reviewed by Sam Weinig.
58921 https://bugs.webkit.org/show_bug.cgi?id=61506
58923 Move the silent spill/fill methods in the DFG JIT to the JITCodeGenerator
58924 so that they are available to the SpeculativeJIT.
58926 * dfg/DFGJITCodeGenerator.h:
58927 (JSC::DFG::JITCodeGenerator::silentSpillGPR):
58928 (JSC::DFG::JITCodeGenerator::silentSpillFPR):
58929 (JSC::DFG::JITCodeGenerator::silentFillGPR):
58930 (JSC::DFG::JITCodeGenerator::silentFillFPR):
58931 (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
58932 (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
58933 * dfg/DFGNonSpeculativeJIT.h:
58935 2011-05-25 Ryosuke Niwa <rniwa@webkit.org>
58937 An attempt to revive Windows bots.
58939 * runtime/RegExp.cpp:
58940 * runtime/RegExp.h:
58942 2011-05-25 Gavin Barraclough <barraclough@apple.com>
58944 Reviewed by Sam Weinig.
58946 Bug 61503 - Move population of CodeBlock::m_structureStubInfos into JIT
58948 This data structure, used at runtime by the JIT, is currently unnecessarily populated
58949 with default entries during byte compilation.
58951 Aside from meaning that there is JIT specific code in the bytecompiler, this also ties
58952 us to one entry per corresponding bytecode op, which may be undesirable. Instead,
58953 populate this array from the JIT.
58955 The type StructureStubInfo has two unused states, one for gets & one for puts. Unify
58956 these, so that the class can have a default constructor (and to simply switch statements
58957 in code walking over the table).
58959 This change has ramification for the DFG JIT, in that the DFG JIT used this datastructure
58960 to check for functions containing property access. Instead do so in the DFGByteCodeParser.
58962 * bytecode/CodeBlock.cpp:
58963 (JSC::printStructureStubInfo):
58964 * bytecode/CodeBlock.h:
58965 (JSC::CodeBlock::setNumberOfStructureStubInfos):
58966 (JSC::CodeBlock::numberOfStructureStubInfos):
58967 * bytecode/StructureStubInfo.cpp:
58968 (JSC::StructureStubInfo::deref):
58969 (JSC::StructureStubInfo::visitAggregate):
58970 * bytecode/StructureStubInfo.h:
58971 (JSC::StructureStubInfo::StructureStubInfo):
58972 * bytecompiler/BytecodeGenerator.cpp:
58973 (JSC::BytecodeGenerator::emitGetById):
58974 (JSC::BytecodeGenerator::emitPutById):
58975 (JSC::BytecodeGenerator::emitDirectPutById):
58976 * dfg/DFGByteCodeParser.cpp:
58977 (JSC::DFG::ByteCodeParser::parseBlock):
58980 (JSC::JIT::privateCompileMainPass):
58981 (JSC::JIT::privateCompileSlowCases):
58982 (JSC::JIT::privateCompile):
58984 * jit/JITPropertyAccess.cpp:
58985 (JSC::JIT::emit_op_get_by_id):
58986 (JSC::JIT::emit_op_put_by_id):
58987 (JSC::JIT::emit_op_method_check):
58988 (JSC::JIT::compileGetByIdHotPath):
58989 (JSC::JIT::compileGetByIdSlowCase):
58990 (JSC::JIT::emitSlow_op_put_by_id):
58991 * jit/JITPropertyAccess32_64.cpp:
58992 (JSC::JIT::emit_op_get_by_id):
58993 (JSC::JIT::emitSlow_op_get_by_id):
58994 (JSC::JIT::emit_op_put_by_id):
58995 (JSC::JIT::emitSlow_op_put_by_id):
58996 (JSC::JIT::emit_op_method_check):
58997 (JSC::JIT::compileGetByIdHotPath):
58998 (JSC::JIT::compileGetByIdSlowCase):
58999 * runtime/Executable.cpp:
59000 (JSC::tryDFGCompile):
59002 2011-05-25 Gavin Barraclough <barraclough@apple.com>
59004 Reviewed by Sam Weinig.
59006 Bug 61501 - Unify AbstractMacroAssembler::differenceBetween methods.
59008 * assembler/AbstractMacroAssembler.h:
59009 (JSC::AbstractMacroAssembler::Call::Call):
59010 (JSC::AbstractMacroAssembler::Call::fromTailJump):
59011 (JSC::AbstractMacroAssembler::Jump::Jump):
59012 (JSC::AbstractMacroAssembler::Jump::link):
59013 (JSC::AbstractMacroAssembler::Jump::linkTo):
59014 (JSC::AbstractMacroAssembler::Jump::isSet):
59015 (JSC::AbstractMacroAssembler::differenceBetween):
59016 (JSC::AbstractMacroAssembler::linkJump):
59017 (JSC::AbstractMacroAssembler::getLinkerCallReturnOffset):
59018 * assembler/LinkBuffer.h:
59019 (JSC::LinkBuffer::link):
59020 (JSC::LinkBuffer::locationOf):
59021 (JSC::LinkBuffer::locationOfNearCall):
59022 (JSC::LinkBuffer::returnAddressOffset):
59023 * assembler/MacroAssemblerARM.h:
59024 (JSC::MacroAssemblerARM::linkCall):
59025 * assembler/MacroAssemblerARMv7.h:
59026 (JSC::MacroAssemblerARMv7::linkCall):
59027 * assembler/MacroAssemblerMIPS.h:
59028 (JSC::MacroAssemblerMIPS::linkCall):
59029 * assembler/MacroAssemblerSH4.cpp:
59030 (JSC::MacroAssemblerSH4::linkCall):
59031 * assembler/MacroAssemblerX86.h:
59032 (JSC::MacroAssemblerX86::linkCall):
59033 * assembler/MacroAssemblerX86_64.h:
59034 (JSC::MacroAssemblerX86_64::linkCall):
59036 2011-05-25 Gavin Barraclough <barraclough@apple.com>
59038 Reviewed by Sam Weinig.
59040 https://bugs.webkit.org/show_bug.cgi?id=61500
59041 Add JSObject::offsetOfPropertyStorage
59043 * jit/JITPropertyAccess.cpp:
59044 (JSC::JIT::compileGetDirectOffset):
59045 (JSC::JIT::compileGetByIdHotPath):
59046 (JSC::JIT::emit_op_put_by_id):
59047 (JSC::JIT::compilePutDirectOffset):
59048 * jit/JITPropertyAccess32_64.cpp:
59049 (JSC::JIT::compileGetByIdHotPath):
59050 (JSC::JIT::emit_op_put_by_id):
59051 (JSC::JIT::compilePutDirectOffset):
59052 (JSC::JIT::compileGetDirectOffset):
59053 * runtime/JSObject.h:
59054 (JSC::JSObject::offsetOfPropertyStorage):
59056 2011-05-25 Oliver Hunt <oliver@apple.com>
59058 Reviewed by Geoffrey Garen.
59060 Make RegExp GC allocated
59061 https://bugs.webkit.org/show_bug.cgi?id=61490
59063 Make RegExp GC allocated. Basically mechanical change to replace
59064 most use of [Pass]RefPtr<RegExp> with RegExp* or WriteBarrier<RegExp>
59065 where actual ownership happens.
59067 Made the RegExpCache use Strong<> references currently to avoid any
59068 changes in behaviour.
59070 * JavaScriptCore.exp:
59071 * bytecode/CodeBlock.cpp:
59072 (JSC::CodeBlock::visitAggregate):
59073 * bytecode/CodeBlock.h:
59074 (JSC::CodeBlock::addRegExp):
59075 * bytecompiler/BytecodeGenerator.cpp:
59076 (JSC::BytecodeGenerator::addRegExp):
59077 (JSC::BytecodeGenerator::emitNewRegExp):
59078 * bytecompiler/BytecodeGenerator.h:
59079 * runtime/JSCell.h:
59080 * runtime/JSGlobalData.cpp:
59081 (JSC::JSGlobalData::JSGlobalData):
59082 (JSC::JSGlobalData::clearBuiltinStructures):
59083 (JSC::JSGlobalData::addRegExpToTrace):
59084 * runtime/JSGlobalData.h:
59085 * runtime/JSGlobalObject.cpp:
59086 (JSC::JSGlobalObject::reset):
59087 * runtime/RegExp.cpp:
59088 (JSC::RegExp::RegExp):
59089 (JSC::RegExp::create):
59090 (JSC::RegExp::invalidateCode):
59091 * runtime/RegExp.h:
59092 (JSC::RegExp::createStructure):
59093 * runtime/RegExpCache.cpp:
59094 (JSC::RegExpCache::lookupOrCreate):
59095 (JSC::RegExpCache::create):
59096 * runtime/RegExpCache.h:
59097 * runtime/RegExpConstructor.cpp:
59098 (JSC::constructRegExp):
59099 * runtime/RegExpObject.cpp:
59100 (JSC::RegExpObject::RegExpObject):
59101 (JSC::RegExpObject::visitChildren):
59102 * runtime/RegExpObject.h:
59103 (JSC::RegExpObject::setRegExp):
59104 (JSC::RegExpObject::RegExpObjectData::RegExpObjectData):
59105 * runtime/RegExpPrototype.cpp:
59106 (JSC::RegExpPrototype::RegExpPrototype):
59107 (JSC::regExpProtoFuncCompile):
59108 * runtime/RegExpPrototype.h:
59109 * runtime/StringPrototype.cpp:
59110 (JSC::stringProtoFuncMatch):
59111 (JSC::stringProtoFuncSearch):
59113 2011-05-25 Oliver Hunt <oliver@apple.com>
59115 Reviewed by Geoffrey Garen.
59117 Generate regexp code lazily
59118 https://bugs.webkit.org/show_bug.cgi?id=61476
59120 RegExp construction now simply validates the RegExp, it does
59121 not perform actual codegen.
59123 * runtime/RegExp.cpp:
59124 (JSC::RegExp::RegExp):
59125 (JSC::RegExp::recompile):
59126 (JSC::RegExp::compile):
59127 (JSC::RegExp::match):
59128 * runtime/RegExp.h:
59129 (JSC::RegExp::recompileIfNecessary):
59130 * runtime/RegExpConstructor.h:
59131 (JSC::RegExpConstructor::performMatch):
59132 * runtime/RegExpObject.cpp:
59133 (JSC::RegExpObject::match):
59134 * runtime/StringPrototype.cpp:
59135 (JSC::stringProtoFuncReplace):
59136 (JSC::stringProtoFuncMatch):
59137 (JSC::stringProtoFuncSearch):
59138 (JSC::stringProtoFuncSplit):
59140 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59142 Reviewed by Geoffrey Garen.
59144 Removed MarkSetProperties because it was unused
59145 https://bugs.webkit.org/show_bug.cgi?id=61418
59147 * heap/MarkStack.h:
59148 (JSC::MarkSet::MarkSet):
59149 (JSC::MarkStack::append):
59150 * runtime/JSActivation.cpp:
59151 (JSC::JSActivation::visitChildren):
59152 * runtime/JSArray.h:
59153 (JSC::JSArray::visitChildrenDirect):
59154 * runtime/JSPropertyNameIterator.cpp:
59155 (JSC::JSPropertyNameIterator::visitChildren):
59156 * runtime/WriteBarrier.h:
59157 (JSC::MarkStack::appendValues):
59159 2011-05-25 Oliver Hunt <oliver@apple.com>
59161 Reviewed by Geoffrey Garen.
59163 Make allocations with guard pages ensure that the allocation succeeded
59164 https://bugs.webkit.org/show_bug.cgi?id=61453
59166 Add null checks, and make PageBlock's operator bool() use
59167 the realbase, rather than the start of usable memory.
59169 * wtf/OSAllocatorPosix.cpp:
59170 (WTF::OSAllocator::reserveAndCommit):
59172 (WTF::PageBlock::operator bool):
59173 (WTF::PageBlock::PageBlock):
59175 2011-04-10 Kevin Ollivier <kevino@theolliviers.com>
59177 Reviewed by Eric Seidel.
59179 Add JS_EXPORT_PRIVATE macro for exported methods in bytecompiler headers.
59181 https://bugs.webkit.org/show_bug.cgi?id=27551
59183 * bytecompiler/BytecodeGenerator.h:
59185 2011-05-24 Keishi Hattori <keishi@webkit.org>
59187 Reviewed by Kent Tamura.
59189 Disable textfield implementation of <input type=color>. Add INPUT_COLOR feature flag. Add input color sanitizer.
59190 https://bugs.webkit.org/show_bug.cgi?id=61273
59192 * Configurations/FeatureDefines.xcconfig: Added COLOR_INPUT feature flag.
59194 2011-05-24 Kevin Ollivier <kevino@theolliviers.com>
59196 Reviewed by Eric Seidel.
59198 Add export macros to WTFString.h.
59200 https://bugs.webkit.org/show_bug.cgi?id=27551
59202 * wtf/text/WTFString.h:
59203 (WTF::String::String):
59204 (WTF::String::findIgnoringCase):
59205 (WTF::String::isHashTableDeletedValue):
59207 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59209 Maybe fix the Mac build now?
59211 * JavaScriptCore.xcodeproj/project.pbxproj:
59213 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59215 Maybe fix the Mac build?
59217 * JavaScriptCore.xcodeproj/project.pbxproj:
59219 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59221 Reviewed by Oliver Hunt.
59223 Split HeapRootVisitor into its own class
59224 https://bugs.webkit.org/show_bug.cgi?id=61399
59226 * GNUmakefile.list.am:
59227 * JavaScriptCore.gypi:
59228 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
59229 * JavaScriptCore.xcodeproj/project.pbxproj:
59230 * heap/HandleHeap.cpp:
59231 * heap/HandleStack.cpp:
59233 * heap/HeapRootVisitor.h: Copied from Source/JavaScriptCore/heap/MarkStack.h.
59234 * heap/MarkStack.h:
59235 * runtime/ArgList.cpp:
59236 * runtime/SmallStrings.cpp:
59238 2011-05-24 Jay Civelli <jcivelli@chromium.org>
59240 Rubberstamped by David Kilzer.
59242 Updated some files that I forgot in my previous MHTML CL.
59244 * Configurations/FeatureDefines.xcconfig:
59246 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59248 Fix the Mac build: Yes, please do remove these files, svn.
59250 * JavaScriptCore.xcodeproj/project.pbxproj:
59252 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59254 Reviewed by Oliver Hunt.
59256 Let's just have one way to get the system page size, bokay?
59257 https://bugs.webkit.org/show_bug.cgi?id=61384
59259 * CMakeListsEfl.txt:
59260 * CMakeListsWinCE.txt:
59261 * GNUmakefile.list.am:
59262 * JavaScriptCore.exp:
59263 * JavaScriptCore.gypi:
59264 * JavaScriptCore.pro:
59265 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj: MarkStack[Platform].cpp
59266 is gone completely now, since it only existed to provide a duplicate way
59267 to access the system page size.
59269 * heap/MarkStack.cpp:
59270 (JSC::MarkStack::reset):
59271 * heap/MarkStack.h:
59272 (JSC::::MarkStackArray):
59273 (JSC::::shrinkAllocation): Use WTF::pageSize.
59275 * heap/MarkStackPosix.cpp:
59276 * heap/MarkStackSymbian.cpp:
59277 * heap/MarkStackWin.cpp: Removed now-empty files.
59279 * jit/ExecutableAllocator.cpp:
59280 (JSC::ExecutableAllocator::reprotectRegion):
59281 * jit/ExecutableAllocator.h:
59282 (JSC::ExecutableAllocator::ExecutableAllocator):
59283 (JSC::ExecutablePool::ExecutablePool):
59284 (JSC::ExecutablePool::poolAllocate):
59285 * jit/ExecutableAllocatorFixedVMPool.cpp: Use WTF::pageSize.
59287 * wscript: Removed now-empty files.
59289 * wtf/PageBlock.cpp:
59290 (WTF::systemPageSize): Integrated questionable Symbian page size rule
59291 from ExecutableAllocator, because that seems like what the original
59292 author should have done.
59294 2011-05-24 Oliver Hunt <oliver@apple.com>
59296 Reviewed by Gavin Barraclough.
59298 Interpreter crashes with gc validation enabled due to failure to mark initial cache structure
59299 https://bugs.webkit.org/show_bug.cgi?id=61385
59301 The interpreter uses the structure slot of get_by_id and put_by_id to hold
59302 the initial structure it encountered so that it can identify whether a
59303 given access is stable.
59305 When marking though we only visit the slot when we've decided to cache, and
59306 so this value could die. This was "safe" as the value was only used for a
59307 pointer compare, but it was incorrect. We now just mark the slot like we
59308 should have been doing already.
59310 * bytecode/CodeBlock.cpp:
59311 (JSC::CodeBlock::visitStructures):
59313 2011-05-24 Adam Roben <aroben@apple.com>
59317 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed now-inline functions.
59319 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59321 Windows build fix: update the #if OS(WINDOWS) section to match my last patch.
59323 * heap/MarkStack.h:
59324 (JSC::::shrinkAllocation):
59326 2011-05-24 Geoffrey Garen <ggaren@apple.com>
59328 Rubber-stamped by Oliver Hunt.
59330 Split out function definitions and class definitions from class
59331 declarations in MarkStack.h, for readability.
59333 * heap/MarkStack.h:
59334 (JSC::MarkStack::MarkStack):
59335 (JSC::MarkStack::~MarkStack):
59336 (JSC::MarkStack::addOpaqueRoot):
59337 (JSC::MarkStack::containsOpaqueRoot):
59338 (JSC::MarkStack::opaqueRootCount):
59339 (JSC::MarkSet::MarkSet):
59340 (JSC::MarkStack::allocateStack):
59341 (JSC::MarkStack::releaseStack):
59342 (JSC::MarkStack::pageSize):
59343 (JSC::::MarkStackArray):
59344 (JSC::::~MarkStackArray):
59347 (JSC::::removeLast):
59351 (JSC::::shrinkAllocation):
59353 2011-05-24 Oliver Hunt <oliver@apple.com>
59355 Reviewed by Geoffrey Garen.
59357 Avoid creating unnecessary identifiers and strings in the syntax checker
59358 https://bugs.webkit.org/show_bug.cgi?id=61378
59360 Selectively tell the lexer that there are some places it does not need to
59361 do the real work of creating Identifiers for IDENT and STRING tokens.
59363 Make parseString and parseIdentifier templatized on whether they should
59364 do real work, or merely validate the tokens.
59366 SunSpider --parse-only reports ~5-8% win depending on hardware.
59368 * parser/ASTBuilder.h:
59369 (JSC::ASTBuilder::createDotAccess):
59370 * parser/JSParser.cpp:
59371 (JSC::JSParser::next):
59372 (JSC::JSParser::consume):
59373 (JSC::JSParser::parseVarDeclarationList):
59374 (JSC::JSParser::parseConstDeclarationList):
59375 (JSC::JSParser::parseExpression):
59376 (JSC::JSParser::parseAssignmentExpression):
59377 (JSC::JSParser::parseConditionalExpression):
59378 (JSC::JSParser::parseBinaryExpression):
59379 (JSC::JSParser::parseProperty):
59380 (JSC::JSParser::parseObjectLiteral):
59381 (JSC::JSParser::parseArrayLiteral):
59382 (JSC::JSParser::parseArguments):
59383 (JSC::JSParser::parseMemberExpression):
59384 * parser/Lexer.cpp:
59385 (JSC::Lexer::parseIdentifier):
59386 (JSC::Lexer::parseString):
59389 * parser/SyntaxChecker.h:
59390 (JSC::SyntaxChecker::createDotAccess):
59391 (JSC::SyntaxChecker::createProperty):
59393 2011-05-23 Michael Saboff <msaboff@apple.com>
59395 Reviewed by Mark Rowe.
59397 Safari often freezes when clicking "Return free memory" in Caches dialog
59398 https://bugs.webkit.org/show_bug.cgi?id=61325
59400 There are two fixes and improvement in instrumentation code used to find
59401 one of the problems.
59402 Changed ReleaseFreeList() to set the "decommitted" bit when releasing
59403 pages to the system and moving Spans from the normal list to the returned
59405 Added a "not making forward progress" check to TCMalloc_PageHeap::scavenge
59406 to eliminate an infinite loop if we can't meet the pagesToRelease target.
59407 Added a check for the decommitted bit being set properly in
59408 TCMalloc_PageHeap::CheckList.
59410 * wtf/FastMalloc.cpp:
59411 (WTF::TCMalloc_PageHeap::scavenge):
59412 (WTF::TCMalloc_PageHeap::Check):
59413 (WTF::TCMalloc_PageHeap::CheckList):
59414 (WTF::ReleaseFreeList):
59416 2011-05-23 Gavin Barraclough <barraclough@apple.com>
59418 Reviewed by Geoff Garen.
59420 https://bugs.webkit.org/show_bug.cgi?id=61306
59422 The begin characters optimization currently has issues (#61129),
59423 and does not appear to still be a performance win. The prudent
59424 next step seems to be to disable while we ascertain whether this
59425 is still a useful performance optimization.
59427 * yarr/YarrInterpreter.cpp:
59428 (JSC::Yarr::Interpreter::matchDisjunction):
59429 (JSC::Yarr::Interpreter::interpret):
59430 * yarr/YarrInterpreter.h:
59431 (JSC::Yarr::BytecodePattern::BytecodePattern):
59432 * yarr/YarrPattern.cpp:
59433 (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
59434 (JSC::Yarr::YarrPattern::compile):
59435 (JSC::Yarr::YarrPattern::YarrPattern):
59436 * yarr/YarrPattern.h:
59437 (JSC::Yarr::YarrPattern::reset):
59439 2011-05-23 Matthew Delaney <mdelaney@apple.com>
59441 Reviewed by Simon Fraser.
59443 Remove safeFloatToInt() in FloatRect.cpp and replace with working version of clampToInteger()
59444 https://bugs.webkit.org/show_bug.cgi?id=58216
59446 * wtf/MathExtras.h:
59448 (clampToPositiveInteger):
59450 2011-05-23 Ruben <chromium@hybridsource.org>
59452 Reviewed by Tony Chang.
59454 Chromium gyp patch to use new POSIX defines toolkit_uses_gtk and os_posix
59455 https://bugs.webkit.org/show_bug.cgi?id=61219
59457 * JavaScriptCore.gyp/JavaScriptCore.gyp:
59459 2011-05-23 Thouraya ANDOLSI <thouraya.andolsi@st.com>
59461 Reviewed by Gavin Barraclough.
59463 [SH4] AssemblerLabel does not name a type
59464 https://bugs.webkit.org/show_bug.cgi?id=59927
59466 SH4Assembler.h file shoold be included before AbstractMacroAssembler.h.
59468 * assembler/MacroAssemblerSH4.h:
59470 2011-05-23 Ryuan Choi <ryuan.choi@samsung.com>
59472 Rubber stamped by Eric Seidel.
59474 [CMAKE] Refactoring wtf related code.
59475 https://bugs.webkit.org/show_bug.cgi?id=60146
59477 Move wtf-files to Source/JavaScriptCore/wtf/CMakeLists.txt.
59480 * CMakeListsEfl.txt:
59481 * wtf/CMakeLists.txt:
59482 * wtf/CMakeListsEfl.txt:
59484 2011-05-22 Adam Barth <abarth@webkit.org>
59486 Enable strict PassOwnPtr for everyone. I expect this patch will need
59487 some followups to make the GTK and EFL bots green again.
59489 * wtf/PassOwnPtr.h:
59491 2011-05-20 Oliver Hunt <oliver@apple.com>
59493 Reviewed by Gavin Barraclough.
59495 Reduce size of inline cache path of get_by_id on ARMv7
59496 https://bugs.webkit.org/show_bug.cgi?id=61221
59498 This reduces the code size of get_by_id by 20 bytes
59500 * assembler/ARMv7Assembler.h:
59501 (JSC::ARMv7Assembler::ldrCompact):
59502 (JSC::ARMv7Assembler::repatchCompact):
59503 (JSC::ARMv7Assembler::setUInt7ForLoad):
59504 * assembler/MacroAssemblerARMv7.h:
59505 (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
59508 2011-05-20 Zoltan Herczeg <zherczeg@inf.u-szeged.hu>
59510 Reviewed by Oliver Hunt.
59512 Zombies should "live" forever
59513 https://bugs.webkit.org/show_bug.cgi?id=61170
59515 Reusing zombie cells could still hide garbage
59516 collected cell related bugs.
59518 * JavaScriptCore.pro:
59519 * heap/MarkedBlock.cpp:
59520 (JSC::MarkedBlock::clearMarks):
59521 * heap/MarkedBlock.h:
59522 * heap/MarkedSpace.cpp:
59523 (JSC::MarkedSpace::destroy):
59524 * runtime/JSCell.h:
59525 (JSC::JSCell::JSValue::isZombie):
59526 * runtime/JSZombie.h:
59527 (JSC::JSZombie::~JSZombie):
59528 * runtime/WriteBarrier.h:
59529 (JSC::WriteBarrierBase::setWithoutWriteBarrier):
59531 2011-05-20 Brady Eidson <beidson@apple.com>
59533 Reviewed by Sam Weinig.
59535 <rdar://problem/9472883> and https://bugs.webkit.org/show_bug.cgi?id=61203
59536 Horrendous bug in callOnMainThreadAndWait
59538 * wtf/MainThread.cpp:
59539 (WTF::dispatchFunctionsFromMainThread): Before signaling the background thread with the
59540 syncFlag condition, reacquire the mutex first.
59542 2011-05-20 Oliver Hunt <oliver@apple.com>
59544 Reviewed by Sam Weinig.
59546 Remove unnecessary double->int conversion at the end of op_div
59547 https://bugs.webkit.org/show_bug.cgi?id=61198
59549 We don't attempt this conversion on 64bit, removing it actually speeds
59550 up sunspider and v8 slightly, and it reduces code size.
59552 * jit/JITArithmetic32_64.cpp:
59553 (JSC::JIT::emit_op_div):
59555 2011-05-19 Evan Martin <evan@chromium.org>
59557 Reviewed by Tony Chang.
59559 [chromium] remove <(library) variable
59560 https://bugs.webkit.org/show_bug.cgi?id=61158
59562 This was for a build experiment; we can just use the correct value now.
59564 * JavaScriptCore.gyp/JavaScriptCore.gyp:
59566 2011-05-20 Oliver Hunt <oliver@apple.com>
59568 Reviewed by Sam Weinig.
59570 Interpreter uses wrong bytecode offset for determining exception handler
59571 https://bugs.webkit.org/show_bug.cgi?id=61191
59573 The bytecode offset given for the returnPC from the JIT is
59574 actually the offset for the start of the instruction triggering
59575 the call, whereas in the interpreter it is the actual return
59576 VPC. This means if the next instruction following a call was
59577 in an exception region we would incorrectly redirect to its
59578 handler. Long term we want to completely redo how exceptions
59579 are handled anyway so the simplest and lowest risk fix here is
59580 to simply subtract one from the return vPC so that we have an
59581 offset in the triggering instruction.
59583 It turns out this is caught by a couple of tests already.
59585 * interpreter/Interpreter.cpp:
59586 (JSC::Interpreter::unwindCallFrame):
59588 2011-05-20 Xan Lopez <xlopez@igalia.com>
59590 Reviewed by Oliver Hunt.
59592 JIT requires VM overcommit (particularly on x86-64), Linux does not by default support this without swap?
59593 https://bugs.webkit.org/show_bug.cgi?id=42756
59595 Use the MAP_NORESERVE flag for mmap on Linux to skip the kernel
59596 check of the available memory. This should give us an
59597 overcommit-like behavior in most systems, which is what we want.
59599 * wtf/OSAllocatorPosix.cpp:
59600 (WTF::OSAllocator::reserveAndCommit): pass MAP_NORSERVE to mmap.
59602 2011-05-19 Gabor Loki <loki@webkit.org>
59604 Fix ARM build after r86919
59606 * assembler/ARMAssembler.h:
59607 (JSC::ARMAssembler::nop):
59609 2011-05-19 Oliver Hunt <oliver@apple.com>
59611 Reviewed by Gavin Barraclough.
59613 Randomise code starting location a little
59614 https://bugs.webkit.org/show_bug.cgi?id=61161
59616 Add a nop() function to the Assemblers so that we
59617 can randomise code offsets slightly at no real cost.
59619 * assembler/ARMAssembler.h:
59620 (JSC::ARMAssembler::nop):
59621 * assembler/ARMv7Assembler.h:
59622 (JSC::ARMv7Assembler::nop):
59623 * assembler/MacroAssemblerARM.h:
59624 (JSC::MacroAssemblerARM::nop):
59625 * assembler/MacroAssemblerARMv7.h:
59626 (JSC::MacroAssemblerARMv7::nop):
59627 * assembler/MacroAssemblerMIPS.h:
59628 (JSC::MacroAssemblerMIPS::nop):
59629 * assembler/MacroAssemblerSH4.h:
59630 (JSC::MacroAssemblerSH4::nop):
59631 * assembler/MacroAssemblerX86Common.h:
59632 (JSC::MacroAssemblerX86Common::nop):
59633 * assembler/X86Assembler.h:
59634 (JSC::X86Assembler::nop):
59637 (JSC::JIT::privateCompile):
59639 * runtime/WeakRandom.h:
59640 (JSC::WeakRandom::getUint32):
59642 2011-05-19 Oliver Hunt <oliver@apple.com>
59646 * wtf/OSAllocatorWin.cpp:
59647 (WTF::OSAllocator::reserveUncommitted):
59648 (WTF::OSAllocator::reserveAndCommit):
59650 2011-05-19 Oliver Hunt <oliver@apple.com>
59652 Reviewed by Gavin Barraclough.
59654 Add guard pages to each end of the memory region used by the fixedvm allocator
59655 https://bugs.webkit.org/show_bug.cgi?id=61150
59657 Add mechanism to notify the OSAllocator that pages at either end of an
59658 allocation should be considered guard pages. Update PageReservation,
59659 PageAllocation, etc to handle this.
59661 * JavaScriptCore.exp:
59662 * jit/ExecutableAllocatorFixedVMPool.cpp:
59663 (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
59664 * wtf/OSAllocator.h:
59665 * wtf/OSAllocatorPosix.cpp:
59666 (WTF::OSAllocator::reserveUncommitted):
59667 (WTF::OSAllocator::reserveAndCommit):
59668 * wtf/PageAllocation.h:
59669 (WTF::PageAllocation::PageAllocation):
59670 * wtf/PageAllocationAligned.h:
59671 (WTF::PageAllocationAligned::PageAllocationAligned):
59673 (WTF::PageBlock::PageBlock):
59674 * wtf/PageReservation.h:
59675 (WTF::PageReservation::reserve):
59676 (WTF::PageReservation::reserveWithGuardPages):
59677 Add a new function to make a reservation that will add guard
59678 pages to the ends of an allocation.
59679 (WTF::PageReservation::PageReservation):
59681 2011-05-19 Oliver Hunt <oliver@apple.com>
59683 Reviewed by Geoffrey Garen.
59685 Make Executables release their JIT code as soon as they become dead
59686 https://bugs.webkit.org/show_bug.cgi?id=61134
59688 Add an ability to clear an Executable's jit code without requiring
59689 it to be destroyed, and then call that from a finalizer.
59695 (JSC::JITCode::clear):
59696 * runtime/Executable.cpp:
59697 (JSC::ExecutableFinalizer::finalize):
59698 (JSC::ExecutableBase::executableFinalizer):
59699 * runtime/Executable.h:
59700 (JSC::ExecutableBase::ExecutableBase):
59701 (JSC::ExecutableBase::clearExecutableCode):
59703 2011-05-19 Adam Roben <aroben@apple.com>
59705 Remove a redundant and broken data export
59707 Data can't be exported from JavaScriptCore.dll by listing it in the .def file. The
59708 JS_EXPORTDATA macro must be used instead. (In this case it was already being used, leading
59709 to a linker warning about multiple definitions.)
59711 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Removed JSGlobalData::s_info.
59713 2011-05-18 Oliver Hunt <oliver@apple.com>
59715 Reviewed by Gavin Barraclough.
59717 Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
59718 https://bugs.webkit.org/show_bug.cgi?id=61064
59720 Switch NonFinalObject to using WriteBarrier<> rather than WriteBarrierBase<>
59721 for its inline storage. This resolves the problem of GC occurring before
59722 a subclass has initialised its anonymous storage.
59724 * runtime/JSObject.h:
59726 2011-05-18 Adam Barth <abarth@webkit.org>
59728 Reviewed by Sam Weinig.
59731 https://bugs.webkit.org/show_bug.cgi?id=61084
59733 It's been a year and we've failed to complete this project. It's time
59734 to throw in the towel.
59736 * JavaScriptCore.xcodeproj/project.pbxproj:
59737 * wtf/url: Removed.
59738 * wtf/url/api: Removed.
59739 * wtf/url/api/ParsedURL.cpp: Removed.
59740 * wtf/url/api/ParsedURL.h: Removed.
59741 * wtf/url/api/URLString.h: Removed.
59742 * wtf/url/src: Removed.
59743 * wtf/url/src/RawURLBuffer.h: Removed.
59744 * wtf/url/src/URLBuffer.h: Removed.
59745 * wtf/url/src/URLCharacterTypes.cpp: Removed.
59746 * wtf/url/src/URLCharacterTypes.h: Removed.
59747 * wtf/url/src/URLComponent.h: Removed.
59748 * wtf/url/src/URLEscape.cpp: Removed.
59749 * wtf/url/src/URLEscape.h: Removed.
59750 * wtf/url/src/URLParser.h: Removed.
59751 * wtf/url/src/URLQueryCanonicalizer.h: Removed.
59752 * wtf/url/src/URLSegments.cpp: Removed.
59753 * wtf/url/src/URLSegments.h: Removed.
59754 * wtf/url/wtfurl.gyp: Removed.
59756 2011-05-18 Oliver Hunt <oliver@apple.com>
59758 Reviewed by Sam Weinig.
59760 JSGlobalObject and some others do GC allocation during initialization, which can cause heap corruption
59761 https://bugs.webkit.org/show_bug.cgi?id=61090
59763 Remove the Structure-free JSGlobalObject constructor and instead always
59764 pass the structure into the JSGlobalObject constructor.
59765 Stop DebuggerActivation creating a new structure every time, and simply
59766 use a single shared structure held by the GlobalData.
59768 * API/JSContextRef.cpp:
59769 * debugger/DebuggerActivation.cpp:
59770 (JSC::DebuggerActivation::DebuggerActivation):
59772 (GlobalObject::GlobalObject):
59775 * runtime/JSGlobalData.cpp:
59776 (JSC::JSGlobalData::JSGlobalData):
59777 (JSC::JSGlobalData::clearBuiltinStructures):
59778 * runtime/JSGlobalData.h:
59779 * runtime/JSGlobalObject.h:
59781 2011-05-18 Oliver Hunt <oliver@apple.com>
59783 Reviewed by Adam Roben.
59785 Disable gc validation in release builds
59786 https://bugs.webkit.org/show_bug.cgi?id=60680
59788 Add back the NDEBUG check
59792 2011-05-17 Geoffrey Garen <ggaren@apple.com>
59794 Rolled out attempts to fix EFL build because they're not enough -- the
59795 build script needs to be fixed.
59797 * runtime/BooleanPrototype.cpp:
59798 * runtime/DateConstructor.cpp:
59799 * runtime/ErrorPrototype.cpp:
59801 2011-05-17 Geoffrey Garen <ggaren@apple.com>
59803 More attempts to work around the EFL build system being borken.
59805 * runtime/DateConstructor.cpp:
59806 * runtime/ErrorPrototype.cpp:
59808 2011-05-17 Geoffrey Garen <ggaren@apple.com>
59810 Try to fix the EFL build.
59812 * runtime/BooleanPrototype.cpp:
59814 2011-05-16 Geoffrey Garen <ggaren@apple.com>
59816 Rolling back in r86653 with build fixed.
59818 Reviewed by Gavin Barraclough and Oliver Hunt.
59820 Global object initialization is expensive
59821 https://bugs.webkit.org/show_bug.cgi?id=60933
59823 Changed a bunch of globals to allocate their properties lazily, and changed
59824 the global object to allocate a bunch of its globals lazily.
59826 This reduces the footprint of a global object from 287 objects with 58
59827 functions for 24K to 173 objects with 20 functions for 15K.
59829 Large patch, but it's all mechanical.
59831 * DerivedSources.make:
59832 * JavaScriptCore.exp: Build!
59834 * create_hash_table: Added a special case for fromCharCode, since it uses
59835 a custom "thunk generator".
59838 (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
59839 overcount objects that were owned through more than one mechanism because
59840 it was getting in the way of counting the results for this patch.
59842 * interpreter/CallFrame.h:
59843 (JSC::ExecState::arrayConstructorTable):
59844 (JSC::ExecState::arrayPrototypeTable):
59845 (JSC::ExecState::booleanPrototypeTable):
59846 (JSC::ExecState::dateConstructorTable):
59847 (JSC::ExecState::errorPrototypeTable):
59848 (JSC::ExecState::globalObjectTable):
59849 (JSC::ExecState::numberConstructorTable):
59850 (JSC::ExecState::numberPrototypeTable):
59851 (JSC::ExecState::objectPrototypeTable):
59852 (JSC::ExecState::regExpPrototypeTable):
59853 (JSC::ExecState::stringConstructorTable): Added new tables.
59855 * runtime/ArrayConstructor.cpp:
59856 (JSC::ArrayConstructor::ArrayConstructor):
59857 (JSC::ArrayConstructor::getOwnPropertySlot):
59858 (JSC::ArrayConstructor::getOwnPropertyDescriptor):
59859 * runtime/ArrayConstructor.h:
59860 (JSC::ArrayConstructor::createStructure):
59861 * runtime/ArrayPrototype.cpp:
59862 (JSC::ArrayPrototype::getOwnPropertySlot):
59863 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
59864 * runtime/ArrayPrototype.h:
59865 * runtime/BooleanPrototype.cpp:
59866 (JSC::BooleanPrototype::BooleanPrototype):
59867 (JSC::BooleanPrototype::getOwnPropertySlot):
59868 (JSC::BooleanPrototype::getOwnPropertyDescriptor):
59869 * runtime/BooleanPrototype.h:
59870 (JSC::BooleanPrototype::createStructure):
59871 * runtime/DateConstructor.cpp:
59872 (JSC::DateConstructor::DateConstructor):
59873 (JSC::DateConstructor::getOwnPropertySlot):
59874 (JSC::DateConstructor::getOwnPropertyDescriptor):
59875 * runtime/DateConstructor.h:
59876 (JSC::DateConstructor::createStructure):
59877 * runtime/ErrorPrototype.cpp:
59878 (JSC::ErrorPrototype::ErrorPrototype):
59879 (JSC::ErrorPrototype::getOwnPropertySlot):
59880 (JSC::ErrorPrototype::getOwnPropertyDescriptor):
59881 * runtime/ErrorPrototype.h:
59882 (JSC::ErrorPrototype::createStructure): Standardized these objects
59883 to use static tables for function properties.
59885 * runtime/JSGlobalData.cpp:
59886 (JSC::JSGlobalData::JSGlobalData):
59887 (JSC::JSGlobalData::~JSGlobalData):
59888 * runtime/JSGlobalData.h: Added new tables.
59890 * runtime/JSGlobalObject.cpp:
59891 (JSC::JSGlobalObject::reset):
59892 (JSC::JSGlobalObject::addStaticGlobals):
59893 (JSC::JSGlobalObject::getOwnPropertySlot):
59894 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
59895 * runtime/JSGlobalObject.h:
59896 * runtime/JSGlobalObjectFunctions.cpp:
59897 * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
59898 static table for its global functions. This required uninlining some
59899 things to avoid a circular header dependency. However, those things
59900 probably shouldn't have been inlined in the first place.
59902 Even more global object properties can be made lazy, but that requires
59903 more in-depth changes.
59905 * runtime/MathObject.cpp:
59906 * runtime/NumberConstructor.cpp:
59907 (JSC::NumberConstructor::getOwnPropertySlot):
59908 (JSC::NumberConstructor::getOwnPropertyDescriptor):
59909 * runtime/NumberPrototype.cpp:
59910 (JSC::NumberPrototype::NumberPrototype):
59911 (JSC::NumberPrototype::getOwnPropertySlot):
59912 (JSC::NumberPrototype::getOwnPropertyDescriptor):
59913 * runtime/NumberPrototype.h:
59914 (JSC::NumberPrototype::createStructure):
59915 * runtime/ObjectPrototype.cpp:
59916 (JSC::ObjectPrototype::ObjectPrototype):
59917 (JSC::ObjectPrototype::put):
59918 (JSC::ObjectPrototype::getOwnPropertySlot):
59919 (JSC::ObjectPrototype::getOwnPropertyDescriptor):
59920 * runtime/ObjectPrototype.h:
59921 (JSC::ObjectPrototype::createStructure):
59922 * runtime/RegExpPrototype.cpp:
59923 (JSC::RegExpPrototype::RegExpPrototype):
59924 (JSC::RegExpPrototype::getOwnPropertySlot):
59925 (JSC::RegExpPrototype::getOwnPropertyDescriptor):
59926 * runtime/RegExpPrototype.h:
59927 (JSC::RegExpPrototype::createStructure):
59928 * runtime/StringConstructor.cpp:
59929 (JSC::StringConstructor::StringConstructor):
59930 (JSC::StringConstructor::getOwnPropertySlot):
59931 (JSC::StringConstructor::getOwnPropertyDescriptor):
59932 * runtime/StringConstructor.h:
59933 (JSC::StringConstructor::createStructure): Standardized these objects
59934 to use static tables for function properties.
59936 2011-05-17 Sam Weinig <sam@webkit.org>
59938 Reviewed by Oliver Hunt.
59940 JSGlobalContextRelease should not trigger a synchronous garbage collection
59941 https://bugs.webkit.org/show_bug.cgi?id=60990
59943 * API/JSContextRef.cpp:
59944 Change synchronous call to collectAllGarbage to a call to trigger the
59947 2011-05-16 Oliver Hunt <oliver@apple.com>
59949 Reviewed by Gavin Barraclough.
59951 Reduce code size for inline cache
59952 https://bugs.webkit.org/show_bug.cgi?id=60942
59954 This patch introduces the concept of a "compact" address that
59955 allows individual architectures to control the maximum offset
59956 used for the inline path of get_by_id. This reduces the code
59957 size of get_by_id by 3 bytes on x86 and x86_64 and slightly
59958 improves performance on v8 tests.
59960 * assembler/ARMAssembler.h:
59961 (JSC::ARMAssembler::repatchCompact):
59962 * assembler/ARMv7Assembler.h:
59963 (JSC::ARMv7Assembler::repatchCompact):
59964 * assembler/AbstractMacroAssembler.h:
59965 (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
59966 (JSC::AbstractMacroAssembler::differenceBetween):
59967 (JSC::AbstractMacroAssembler::repatchCompact):
59968 * assembler/CodeLocation.h:
59969 (JSC::CodeLocationDataLabelCompact::CodeLocationDataLabelCompact):
59970 (JSC::CodeLocationCommon::dataLabelCompactAtOffset):
59971 * assembler/LinkBuffer.h:
59972 (JSC::LinkBuffer::locationOf):
59973 * assembler/MIPSAssembler.h:
59974 (JSC::MIPSAssembler::repatchCompact):
59975 * assembler/MacroAssembler.h:
59976 (JSC::MacroAssembler::loadPtrWithCompactAddressOffsetPatch):
59977 * assembler/MacroAssemblerARM.h:
59978 (JSC::MacroAssemblerARM::load32WithCompactAddressOffsetPatch):
59979 * assembler/MacroAssemblerARMv7.h:
59980 (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
59981 * assembler/MacroAssemblerMIPS.h:
59982 (JSC::MacroAssemblerMIPS::load32WithCompactAddressOffsetPatch):
59983 * assembler/MacroAssemblerSH4.h:
59984 (JSC::MacroAssemblerSH4::load32WithAddressOffsetPatch):
59985 * assembler/MacroAssemblerX86.h:
59986 (JSC::MacroAssemblerX86::repatchCompact):
59987 * assembler/MacroAssemblerX86Common.h:
59988 (JSC::MacroAssemblerX86Common::loadCompactWithAddressOffsetPatch):
59989 * assembler/MacroAssemblerX86_64.h:
59990 (JSC::MacroAssemblerX86_64::loadPtrWithCompactAddressOffsetPatch):
59991 * assembler/RepatchBuffer.h:
59992 (JSC::RepatchBuffer::repatch):
59993 * assembler/SH4Assembler.h:
59994 (JSC::SH4Assembler::repatchCompact):
59995 * assembler/X86Assembler.h:
59996 (JSC::X86Assembler::movl_mr_disp8):
59997 (JSC::X86Assembler::movq_mr_disp8):
59998 (JSC::X86Assembler::repatchCompact):
59999 (JSC::X86Assembler::setInt8):
60000 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp_disp8):
60001 (JSC::X86Assembler::X86InstructionFormatter::oneByteOp64_disp8):
60002 (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
60004 * jit/JITPropertyAccess.cpp:
60005 (JSC::JIT::compileGetByIdHotPath):
60006 (JSC::JIT::emit_op_put_by_id):
60007 (JSC::JIT::patchGetByIdSelf):
60008 * jit/JITPropertyAccess32_64.cpp:
60009 (JSC::JIT::compileGetByIdHotPath):
60010 (JSC::JIT::emit_op_put_by_id):
60011 (JSC::JIT::patchGetByIdSelf):
60012 * jit/JITStubs.cpp:
60013 (JSC::JITThunks::tryCacheGetByID):
60015 2011-05-16 Sheriff Bot <webkit.review.bot@gmail.com>
60017 Unreviewed, rolling out r86653.
60018 http://trac.webkit.org/changeset/86653
60019 https://bugs.webkit.org/show_bug.cgi?id=60944
60021 "Caused regressions on Windows, OSX and EFL" (Requested by
60024 * DerivedSources.make:
60025 * DerivedSources.pro:
60027 * GNUmakefile.list.am:
60028 * JavaScriptCore.exp:
60029 * JavaScriptCore.gypi:
60030 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
60031 * create_hash_table:
60033 (JSC::TypeCounter::operator()):
60034 * interpreter/CallFrame.h:
60035 (JSC::ExecState::arrayTable):
60036 (JSC::ExecState::numberTable):
60037 * runtime/ArrayConstructor.cpp:
60038 (JSC::ArrayConstructor::ArrayConstructor):
60039 * runtime/ArrayConstructor.h:
60040 * runtime/ArrayPrototype.cpp:
60041 (JSC::ArrayPrototype::getOwnPropertySlot):
60042 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
60043 * runtime/ArrayPrototype.h:
60044 * runtime/BooleanPrototype.cpp:
60045 (JSC::BooleanPrototype::BooleanPrototype):
60046 * runtime/BooleanPrototype.h:
60047 * runtime/DateConstructor.cpp:
60048 (JSC::DateConstructor::DateConstructor):
60049 * runtime/DateConstructor.h:
60050 * runtime/ErrorPrototype.cpp:
60051 (JSC::ErrorPrototype::ErrorPrototype):
60052 * runtime/ErrorPrototype.h:
60053 * runtime/JSGlobalData.cpp:
60054 (JSC::JSGlobalData::JSGlobalData):
60055 (JSC::JSGlobalData::~JSGlobalData):
60056 * runtime/JSGlobalData.h:
60057 * runtime/JSGlobalObject.cpp:
60058 (JSC::JSGlobalObject::reset):
60059 * runtime/JSGlobalObject.h:
60060 (JSC::JSGlobalObject::addStaticGlobals):
60061 (JSC::JSGlobalObject::getOwnPropertySlot):
60062 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
60063 * runtime/JSGlobalObjectFunctions.cpp:
60064 (JSC::globalFuncJSCPrint):
60065 * runtime/JSGlobalObjectFunctions.h:
60066 * runtime/MathObject.cpp:
60067 * runtime/NumberConstructor.cpp:
60068 (JSC::NumberConstructor::getOwnPropertySlot):
60069 (JSC::NumberConstructor::getOwnPropertyDescriptor):
60070 * runtime/NumberPrototype.cpp:
60071 (JSC::NumberPrototype::NumberPrototype):
60072 * runtime/NumberPrototype.h:
60073 * runtime/ObjectPrototype.cpp:
60074 (JSC::ObjectPrototype::ObjectPrototype):
60075 (JSC::ObjectPrototype::put):
60076 (JSC::ObjectPrototype::getOwnPropertySlot):
60077 * runtime/ObjectPrototype.h:
60078 * runtime/RegExpPrototype.cpp:
60079 (JSC::RegExpPrototype::RegExpPrototype):
60080 * runtime/RegExpPrototype.h:
60081 * runtime/StringConstructor.cpp:
60082 (JSC::StringConstructor::StringConstructor):
60083 * runtime/StringConstructor.h:
60085 2011-05-16 Geoffrey Garen <ggaren@apple.com>
60087 Reviewed by Geoffrey Garen.
60089 Global object initialization is expensive
60090 https://bugs.webkit.org/show_bug.cgi?id=60933
60092 Changed a bunch of globals to allocate their properties lazily, and changed
60093 the global object to allocate a bunch of its globals lazily.
60095 This reduces the footprint of a global object from 287 objects with 58
60096 functions for 24K to 173 objects with 20 functions for 15K.
60098 Large patch, but it's all mechanical.
60100 * DerivedSources.make:
60101 * JavaScriptCore.exp: Build!
60103 * create_hash_table: Added a special case for fromCharCode, since it uses
60104 a custom "thunk generator".
60107 (JSC::TypeCounter::operator()): Fixed a bug where the type counter would
60108 overcount objects that were owned through more than one mechanism because
60109 it was getting in the way of counting the results for this patch.
60111 * interpreter/CallFrame.h:
60112 (JSC::ExecState::arrayConstructorTable):
60113 (JSC::ExecState::arrayPrototypeTable):
60114 (JSC::ExecState::booleanPrototypeTable):
60115 (JSC::ExecState::dateConstructorTable):
60116 (JSC::ExecState::errorPrototypeTable):
60117 (JSC::ExecState::globalObjectTable):
60118 (JSC::ExecState::numberConstructorTable):
60119 (JSC::ExecState::numberPrototypeTable):
60120 (JSC::ExecState::objectPrototypeTable):
60121 (JSC::ExecState::regExpPrototypeTable):
60122 (JSC::ExecState::stringConstructorTable): Added new tables.
60124 * runtime/ArrayConstructor.cpp:
60125 (JSC::ArrayConstructor::ArrayConstructor):
60126 (JSC::ArrayConstructor::getOwnPropertySlot):
60127 (JSC::ArrayConstructor::getOwnPropertyDescriptor):
60128 * runtime/ArrayConstructor.h:
60129 (JSC::ArrayConstructor::createStructure):
60130 * runtime/ArrayPrototype.cpp:
60131 (JSC::ArrayPrototype::getOwnPropertySlot):
60132 (JSC::ArrayPrototype::getOwnPropertyDescriptor):
60133 * runtime/ArrayPrototype.h:
60134 * runtime/BooleanPrototype.cpp:
60135 (JSC::BooleanPrototype::BooleanPrototype):
60136 (JSC::BooleanPrototype::getOwnPropertySlot):
60137 (JSC::BooleanPrototype::getOwnPropertyDescriptor):
60138 * runtime/BooleanPrototype.h:
60139 (JSC::BooleanPrototype::createStructure):
60140 * runtime/DateConstructor.cpp:
60141 (JSC::DateConstructor::DateConstructor):
60142 (JSC::DateConstructor::getOwnPropertySlot):
60143 (JSC::DateConstructor::getOwnPropertyDescriptor):
60144 * runtime/DateConstructor.h:
60145 (JSC::DateConstructor::createStructure):
60146 * runtime/ErrorPrototype.cpp:
60147 (JSC::ErrorPrototype::ErrorPrototype):
60148 (JSC::ErrorPrototype::getOwnPropertySlot):
60149 (JSC::ErrorPrototype::getOwnPropertyDescriptor):
60150 * runtime/ErrorPrototype.h:
60151 (JSC::ErrorPrototype::createStructure): Standardized these objects
60152 to use static tables for function properties.
60154 * runtime/JSGlobalData.cpp:
60155 (JSC::JSGlobalData::JSGlobalData):
60156 (JSC::JSGlobalData::~JSGlobalData):
60157 * runtime/JSGlobalData.h: Added new tables.
60159 * runtime/JSGlobalObject.cpp:
60160 (JSC::JSGlobalObject::reset):
60161 (JSC::JSGlobalObject::addStaticGlobals):
60162 (JSC::JSGlobalObject::getOwnPropertySlot):
60163 (JSC::JSGlobalObject::getOwnPropertyDescriptor):
60164 * runtime/JSGlobalObject.h:
60165 * runtime/JSGlobalObjectFunctions.cpp:
60166 * runtime/JSGlobalObjectFunctions.h: Changed JSGlobalObject to use a
60167 static table for its global functions. This required uninlining some
60168 things to avoid a circular header dependency. However, those things
60169 probably shouldn't have been inlined in the first place.
60171 Even more global object properties can be made lazy, but that requires
60172 more in-depth changes.
60174 * runtime/MathObject.cpp:
60175 * runtime/NumberConstructor.cpp:
60176 (JSC::NumberConstructor::getOwnPropertySlot):
60177 (JSC::NumberConstructor::getOwnPropertyDescriptor):
60178 * runtime/NumberPrototype.cpp:
60179 (JSC::NumberPrototype::NumberPrototype):
60180 (JSC::NumberPrototype::getOwnPropertySlot):
60181 (JSC::NumberPrototype::getOwnPropertyDescriptor):
60182 * runtime/NumberPrototype.h:
60183 (JSC::NumberPrototype::createStructure):
60184 * runtime/ObjectPrototype.cpp:
60185 (JSC::ObjectPrototype::ObjectPrototype):
60186 (JSC::ObjectPrototype::put):
60187 (JSC::ObjectPrototype::getOwnPropertySlot):
60188 (JSC::ObjectPrototype::getOwnPropertyDescriptor):
60189 * runtime/ObjectPrototype.h:
60190 (JSC::ObjectPrototype::createStructure):
60191 * runtime/RegExpPrototype.cpp:
60192 (JSC::RegExpPrototype::RegExpPrototype):
60193 (JSC::RegExpPrototype::getOwnPropertySlot):
60194 (JSC::RegExpPrototype::getOwnPropertyDescriptor):
60195 * runtime/RegExpPrototype.h:
60196 (JSC::RegExpPrototype::createStructure):
60197 * runtime/StringConstructor.cpp:
60198 (JSC::StringConstructor::StringConstructor):
60199 (JSC::StringConstructor::getOwnPropertySlot):
60200 (JSC::StringConstructor::getOwnPropertyDescriptor):
60201 * runtime/StringConstructor.h:
60202 (JSC::StringConstructor::createStructure): Standardized these objects
60203 to use static tables for function properties.
60205 2011-05-16 David Kilzer <ddkilzer@apple.com>
60207 <http://webkit.org/b/60913> C++ exceptions should not be enabled when building with llvm-gcc-4.2
60208 <rdar://problem/9446430>
60210 Reviewed by Mark Rowe.
60212 * Configurations/Base.xcconfig: Fixed typo.
60214 2011-05-16 Oliver Hunt <oliver@apple.com>
60216 Reviewed by Geoffrey Garen.
60218 JSWeakObjectMap finalisation may occur while gc is in inconsistent state
60219 https://bugs.webkit.org/show_bug.cgi?id=60908
60220 <rdar://problem/9409491>
60222 We need to ensure that we have called all the weak map finalizers while
60223 the global object (and hence global context) is still in a consistent
60224 state. The best way to achieve this is to simply use a weak handle and
60225 finalizer on the global object.
60227 * JavaScriptCore.exp:
60228 * runtime/JSGlobalObject.cpp:
60229 (JSC::JSGlobalObject::WeakMapFinalizer::finalize):
60230 * runtime/JSGlobalObject.h:
60231 (JSC::JSGlobalObject::registerWeakMap):
60233 2011-05-16 Siddharth Mathur <siddharth.mathur@nokia.com>
60235 Reviewed by Laszlo Gombos.
60237 [Qt][WK2][Symbian] Shared memory implementation for Symbian
60238 https://bugs.webkit.org/show_bug.cgi?id=55875
60240 * wtf/Platform.h: Exclude Symbian OS from USE(UNIX_DOMAIN_SOCKETS) users
60242 2011-05-16 Gavin Barraclough <barraclough@apple.com>
60244 Rubber stamped by Geoff Garen.
60246 https://bugs.webkit.org/show_bug.cgi?id=60866
60247 Evaluation order broken for empty alternatives in subpatterns
60249 Reverting https://bugs.webkit.org/show_bug.cgi?id=51395
60251 * yarr/YarrPattern.cpp:
60252 (JSC::Yarr::YarrPatternConstructor::atomParenthesesEnd):
60254 2011-05-15 Gavin Barraclough <barraclough@apple.com>
60256 Reviewed by Geoff Garen & Michael Saboff.
60258 https://bugs.webkit.org/show_bug.cgi?id=60860
60259 Simplify backtracking in YARR JIT
60261 YARR JIT currently performs a single pass of code generation over the pattern,
60262 with special handling to allow the code generation for some backtracking code
60263 out of line. We can simplify things by moving to a common mechanism whereby all
60264 forwards matching code is generated in one pass, and all backtracking code is
60265 generated in another. Backtracking code can be generated in reverse order, to
60266 optimized the common fall-through case.
60268 To make it easier to walk over the pattern, we can first convert to a more
60269 byte-code like format before JIT generating. In time we should unify this with
60270 the YARR interpreter to more closely unify the two.
60272 * yarr/YarrJIT.cpp:
60273 (JSC::Yarr::YarrGenerator::jumpIfNoAvailableInput):
60274 (JSC::Yarr::YarrGenerator::YarrOp::YarrOp):
60275 (JSC::Yarr::YarrGenerator::BacktrackingState::BacktrackingState):
60276 (JSC::Yarr::YarrGenerator::BacktrackingState::append):
60277 (JSC::Yarr::YarrGenerator::BacktrackingState::fallthrough):
60278 (JSC::Yarr::YarrGenerator::BacktrackingState::link):
60279 (JSC::Yarr::YarrGenerator::BacktrackingState::linkTo):
60280 (JSC::Yarr::YarrGenerator::BacktrackingState::takeBacktracksToJumpList):
60281 (JSC::Yarr::YarrGenerator::BacktrackingState::isEmpty):
60282 (JSC::Yarr::YarrGenerator::BacktrackingState::linkDataLabels):
60283 (JSC::Yarr::YarrGenerator::BacktrackingState::ReturnAddressRecord::ReturnAddressRecord):
60284 (JSC::Yarr::YarrGenerator::generateAssertionBOL):
60285 (JSC::Yarr::YarrGenerator::backtrackAssertionBOL):
60286 (JSC::Yarr::YarrGenerator::generateAssertionEOL):
60287 (JSC::Yarr::YarrGenerator::backtrackAssertionEOL):
60288 (JSC::Yarr::YarrGenerator::matchAssertionWordchar):
60289 (JSC::Yarr::YarrGenerator::generateAssertionWordBoundary):
60290 (JSC::Yarr::YarrGenerator::backtrackAssertionWordBoundary):
60291 (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
60292 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterOnce):
60293 (JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
60294 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterFixed):
60295 (JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
60296 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterGreedy):
60297 (JSC::Yarr::YarrGenerator::generatePatternCharacterNonGreedy):
60298 (JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):
60299 (JSC::Yarr::YarrGenerator::generateCharacterClassOnce):
60300 (JSC::Yarr::YarrGenerator::backtrackCharacterClassOnce):
60301 (JSC::Yarr::YarrGenerator::generateCharacterClassFixed):
60302 (JSC::Yarr::YarrGenerator::backtrackCharacterClassFixed):
60303 (JSC::Yarr::YarrGenerator::generateCharacterClassGreedy):
60304 (JSC::Yarr::YarrGenerator::backtrackCharacterClassGreedy):
60305 (JSC::Yarr::YarrGenerator::generateCharacterClassNonGreedy):
60306 (JSC::Yarr::YarrGenerator::backtrackCharacterClassNonGreedy):
60307 (JSC::Yarr::YarrGenerator::generateTerm):
60308 (JSC::Yarr::YarrGenerator::backtrackTerm):
60309 (JSC::Yarr::YarrGenerator::generate):
60310 (JSC::Yarr::YarrGenerator::backtrack):
60311 (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
60312 (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
60313 (JSC::Yarr::YarrGenerator::opCompileAlternative):
60314 (JSC::Yarr::YarrGenerator::opCompileBody):
60315 (JSC::Yarr::YarrGenerator::YarrGenerator):
60316 (JSC::Yarr::YarrGenerator::compile):
60318 2011-05-15 Adam Barth <abarth@webkit.org>
60320 Enable strict PassOwnPtr on Qt. (Build fixes to follow.)
60322 * wtf/PassOwnPtr.h:
60324 2011-05-15 Geoffrey Garen <ggaren@apple.com>
60326 Reviewed by Maciej Stachowiak.
60328 Partial fix for <rdar://problem/9417875> REGRESSION: SunSpider ~17% slower
60329 in browser than on command line
60331 This patch fixes a few issues in generated code that could unreasonably
60332 prolong object lifetimes.
60335 (JSC::Heap::collectAllGarbage): Throw away all function code before doing
60336 a major collection. We want to clear polymorphic caches, since they can
60337 keep alive large object graphs that have gone "stale". For the same reason,
60338 but to a lesser extent, we also want to clear linked functions and other
60341 This has the side-benefit of reducing memory footprint from run-once
60342 functions, and of allowing predictions and caches that have failed to
60345 Eventually, if compilation costs rise far enough, we may want a more
60346 limited strategy for de-specializing code without throwing it away
60347 completely, but this works for now, and it's the simplest solution.
60349 * jit/JITStubs.cpp:
60350 (JSC::JITThunks::hostFunctionStub):
60352 * runtime/JSFunction.cpp: Made the host function stub cache weak --
60353 otherwise it's effectively a memory leak that can seriously fragment the
60356 (JSC::JSFunction::JSFunction):
60357 (JSC::JSFunction::visitChildren): Cleared up some comments that confused
60358 me when working with this code.
60360 2011-05-13 Oliver Hunt <oliver@apple.com>
60362 Reviewed by Geoffrey Garen.
60364 Make GC validation more aggressive
60365 https://bugs.webkit.org/show_bug.cgi?id=60802
60367 This patch makes the checks performed under GC_VALIDATION
60368 much more aggressive, and adds the checks to more places
60369 in order to allow us to catch GC bugs much closer to the
60372 * JavaScriptCore.exp:
60373 * JavaScriptCore.xcodeproj/project.pbxproj:
60374 * debugger/DebuggerActivation.cpp:
60375 (JSC::DebuggerActivation::visitChildren):
60376 * heap/MarkedBlock.cpp:
60377 (JSC::MarkedBlock::MarkedBlock):
60378 * heap/MarkedSpace.cpp:
60379 * runtime/Arguments.cpp:
60380 (JSC::Arguments::visitChildren):
60381 * runtime/Executable.cpp:
60382 (JSC::EvalExecutable::visitChildren):
60383 (JSC::ProgramExecutable::visitChildren):
60384 (JSC::FunctionExecutable::visitChildren):
60385 * runtime/Executable.h:
60386 * runtime/GetterSetter.cpp:
60387 (JSC::GetterSetter::visitChildren):
60388 * runtime/GetterSetter.h:
60389 * runtime/JSAPIValueWrapper.h:
60390 (JSC::JSAPIValueWrapper::createStructure):
60391 (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
60392 * runtime/JSActivation.cpp:
60393 (JSC::JSActivation::visitChildren):
60394 * runtime/JSArray.cpp:
60395 (JSC::JSArray::visitChildren):
60396 * runtime/JSCell.cpp:
60397 (JSC::slowValidateCell):
60398 * runtime/JSCell.h:
60399 (JSC::JSCell::JSCell::unvalidatedStructure):
60400 (JSC::JSCell::JSCell::JSCell):
60401 * runtime/JSFunction.cpp:
60402 (JSC::JSFunction::visitChildren):
60403 * runtime/JSGlobalObject.cpp:
60404 (JSC::JSGlobalObject::visitChildren):
60405 (JSC::slowValidateCell):
60406 * runtime/JSONObject.h:
60407 * runtime/JSObject.cpp:
60408 (JSC::JSObject::visitChildren):
60409 * runtime/JSPropertyNameIterator.cpp:
60410 (JSC::JSPropertyNameIterator::visitChildren):
60411 * runtime/JSPropertyNameIterator.h:
60412 * runtime/JSStaticScopeObject.cpp:
60413 (JSC::JSStaticScopeObject::visitChildren):
60414 * runtime/JSString.h:
60415 (JSC::RopeBuilder::JSString):
60416 * runtime/JSWrapperObject.cpp:
60417 (JSC::JSWrapperObject::visitChildren):
60418 * runtime/NativeErrorConstructor.cpp:
60419 (JSC::NativeErrorConstructor::visitChildren):
60420 * runtime/PropertyMapHashTable.h:
60421 (JSC::PropertyMapEntry::PropertyMapEntry):
60422 * runtime/RegExpObject.cpp:
60423 (JSC::RegExpObject::visitChildren):
60424 * runtime/ScopeChain.cpp:
60425 (JSC::ScopeChainNode::visitChildren):
60426 * runtime/ScopeChain.h:
60427 (JSC::ScopeChainNode::ScopeChainNode):
60428 * runtime/Structure.cpp:
60429 (JSC::Structure::Structure):
60430 (JSC::Structure::addPropertyTransition):
60431 (JSC::Structure::visitChildren):
60432 * runtime/Structure.h:
60433 (JSC::JSCell::classInfo):
60434 * runtime/StructureChain.cpp:
60435 (JSC::StructureChain::visitChildren):
60436 * runtime/StructureChain.h:
60437 * runtime/WriteBarrier.h:
60438 (JSC::validateCell):
60440 (JSC::JSGlobalObject):
60441 (JSC::WriteBarrierBase::set):
60442 (JSC::WriteBarrierBase::setMayBeNull):
60443 (JSC::WriteBarrierBase::setEarlyValue):
60444 (JSC::WriteBarrierBase::get):
60445 (JSC::WriteBarrierBase::operator*):
60446 (JSC::WriteBarrierBase::operator->):
60447 (JSC::WriteBarrierBase::unvalidatedGet):
60448 (JSC::WriteBarrier::WriteBarrier):
60449 * wtf/Assertions.h:
60451 2011-05-13 Oliver Hunt <oliver@apple.com>
60453 Reviewed by Geoffrey Garen.
60455 Make GC validation more aggressive
60456 https://bugs.webkit.org/show_bug.cgi?id=60802
60458 This patch makes the checks performed under GC_VALIDATION
60459 much more aggressive, and adds the checks to more places
60460 in order to allow us to catch GC bugs much closer to the
60463 * JavaScriptCore.exp:
60464 * JavaScriptCore.xcodeproj/project.pbxproj:
60465 * debugger/DebuggerActivation.cpp:
60466 (JSC::DebuggerActivation::visitChildren):
60467 * heap/MarkedBlock.cpp:
60468 (JSC::MarkedBlock::MarkedBlock):
60469 * heap/MarkedSpace.cpp:
60470 * runtime/Arguments.cpp:
60471 (JSC::Arguments::visitChildren):
60472 * runtime/Executable.cpp:
60473 (JSC::EvalExecutable::visitChildren):
60474 (JSC::ProgramExecutable::visitChildren):
60475 (JSC::FunctionExecutable::visitChildren):
60476 * runtime/Executable.h:
60477 * runtime/GetterSetter.cpp:
60478 (JSC::GetterSetter::visitChildren):
60479 * runtime/GetterSetter.h:
60480 * runtime/JSAPIValueWrapper.h:
60481 (JSC::JSAPIValueWrapper::createStructure):
60482 (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
60483 * runtime/JSActivation.cpp:
60484 (JSC::JSActivation::visitChildren):
60485 * runtime/JSArray.cpp:
60486 (JSC::JSArray::visitChildren):
60487 * runtime/JSCell.cpp:
60488 (JSC::slowValidateCell):
60489 * runtime/JSCell.h:
60490 (JSC::JSCell::JSCell::unvalidatedStructure):
60491 (JSC::JSCell::JSCell::JSCell):
60492 * runtime/JSFunction.cpp:
60493 (JSC::JSFunction::visitChildren):
60494 * runtime/JSGlobalObject.cpp:
60495 (JSC::JSGlobalObject::visitChildren):
60496 (JSC::slowValidateCell):
60497 * runtime/JSONObject.h:
60498 * runtime/JSObject.cpp:
60499 (JSC::JSObject::visitChildren):
60500 * runtime/JSPropertyNameIterator.cpp:
60501 (JSC::JSPropertyNameIterator::visitChildren):
60502 * runtime/JSPropertyNameIterator.h:
60503 * runtime/JSStaticScopeObject.cpp:
60504 (JSC::JSStaticScopeObject::visitChildren):
60505 * runtime/JSString.h:
60506 (JSC::RopeBuilder::JSString):
60507 * runtime/JSWrapperObject.cpp:
60508 (JSC::JSWrapperObject::visitChildren):
60509 * runtime/NativeErrorConstructor.cpp:
60510 (JSC::NativeErrorConstructor::visitChildren):
60511 * runtime/PropertyMapHashTable.h:
60512 (JSC::PropertyMapEntry::PropertyMapEntry):
60513 * runtime/RegExpObject.cpp:
60514 (JSC::RegExpObject::visitChildren):
60515 * runtime/ScopeChain.cpp:
60516 (JSC::ScopeChainNode::visitChildren):
60517 * runtime/ScopeChain.h:
60518 (JSC::ScopeChainNode::ScopeChainNode):
60519 * runtime/Structure.cpp:
60520 (JSC::Structure::Structure):
60521 (JSC::Structure::addPropertyTransition):
60522 (JSC::Structure::visitChildren):
60523 * runtime/Structure.h:
60524 (JSC::JSCell::classInfo):
60525 * runtime/StructureChain.cpp:
60526 (JSC::StructureChain::visitChildren):
60527 * runtime/StructureChain.h:
60528 * runtime/WriteBarrier.h:
60529 (JSC::validateCell):
60531 (JSC::JSGlobalObject):
60532 (JSC::WriteBarrierBase::set):
60533 (JSC::WriteBarrierBase::setMayBeNull):
60534 (JSC::WriteBarrierBase::setEarlyValue):
60535 (JSC::WriteBarrierBase::get):
60536 (JSC::WriteBarrierBase::operator*):
60537 (JSC::WriteBarrierBase::operator->):
60538 (JSC::WriteBarrierBase::unvalidatedGet):
60539 (JSC::WriteBarrier::WriteBarrier):
60540 * wtf/Assertions.h:
60542 2011-05-14 Csaba Osztrogonác <ossy@webkit.org>
60544 Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt.
60546 Make GC validation more aggressive
60547 https://bugs.webkit.org/show_bug.cgi?id=60802
60549 * JavaScriptCore.exp:
60550 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
60551 * JavaScriptCore.xcodeproj/project.pbxproj:
60552 * debugger/DebuggerActivation.cpp:
60553 (JSC::DebuggerActivation::visitChildren):
60554 * heap/MarkedBlock.cpp:
60555 (JSC::MarkedBlock::MarkedBlock):
60556 * heap/MarkedSpace.cpp:
60557 * runtime/Arguments.cpp:
60558 (JSC::Arguments::visitChildren):
60559 * runtime/Executable.cpp:
60560 (JSC::EvalExecutable::visitChildren):
60561 (JSC::ProgramExecutable::visitChildren):
60562 (JSC::FunctionExecutable::visitChildren):
60563 * runtime/Executable.h:
60564 (JSC::ProgramExecutable::createStructure):
60565 (JSC::FunctionExecutable::createStructure):
60566 * runtime/GetterSetter.cpp:
60567 (JSC::GetterSetter::visitChildren):
60568 * runtime/GetterSetter.h:
60569 (JSC::GetterSetter::createStructure):
60570 * runtime/JSAPIValueWrapper.h:
60571 (JSC::JSAPIValueWrapper::createStructure):
60572 * runtime/JSActivation.cpp:
60573 (JSC::JSActivation::visitChildren):
60574 * runtime/JSArray.cpp:
60575 (JSC::JSArray::visitChildren):
60576 * runtime/JSCell.cpp:
60577 * runtime/JSCell.h:
60578 (JSC::JSCell::JSCell::JSCell):
60579 * runtime/JSFunction.cpp:
60580 (JSC::JSFunction::visitChildren):
60581 * runtime/JSGlobalObject.cpp:
60582 (JSC::JSGlobalObject::visitChildren):
60583 * runtime/JSONObject.h:
60584 (JSC::JSONObject::createStructure):
60585 * runtime/JSObject.cpp:
60586 (JSC::JSObject::visitChildren):
60587 * runtime/JSPropertyNameIterator.cpp:
60588 (JSC::JSPropertyNameIterator::visitChildren):
60589 * runtime/JSPropertyNameIterator.h:
60590 * runtime/JSStaticScopeObject.cpp:
60591 (JSC::JSStaticScopeObject::visitChildren):
60592 * runtime/JSString.h:
60593 (JSC::RopeBuilder::createStructure):
60594 * runtime/JSWrapperObject.cpp:
60595 (JSC::JSWrapperObject::visitChildren):
60596 * runtime/NativeErrorConstructor.cpp:
60597 (JSC::NativeErrorConstructor::visitChildren):
60598 * runtime/PropertyMapHashTable.h:
60599 (JSC::PropertyMapEntry::PropertyMapEntry):
60600 * runtime/RegExpObject.cpp:
60601 (JSC::RegExpObject::visitChildren):
60602 * runtime/ScopeChain.cpp:
60603 (JSC::ScopeChainNode::visitChildren):
60604 * runtime/ScopeChain.h:
60605 (JSC::ScopeChainNode::ScopeChainNode):
60606 * runtime/Structure.cpp:
60607 (JSC::Structure::Structure):
60608 (JSC::Structure::addPropertyTransition):
60609 (JSC::Structure::visitChildren):
60610 * runtime/Structure.h:
60611 (JSC::Structure::createStructure):
60612 (JSC::JSCell::classInfo):
60613 * runtime/StructureChain.cpp:
60614 (JSC::StructureChain::visitChildren):
60615 * runtime/StructureChain.h:
60616 * runtime/WriteBarrier.h:
60617 (JSC::WriteBarrierBase::set):
60618 (JSC::WriteBarrierBase::get):
60619 (JSC::WriteBarrierBase::operator*):
60620 (JSC::WriteBarrierBase::operator->):
60621 (JSC::WriteBarrier::WriteBarrier):
60622 * wtf/Assertions.h:
60624 2011-05-13 Oliver Hunt <oliver@apple.com>
60626 Reviewed by Geoffrey Garen.
60628 Make GC validation more aggressive
60629 https://bugs.webkit.org/show_bug.cgi?id=60802
60631 This patch makes the checks performed under GC_VALIDATION
60632 much more aggressive, and adds the checks to more places
60633 in order to allow us to catch GC bugs much closer to the
60636 * JavaScriptCore.exp:
60637 * JavaScriptCore.xcodeproj/project.pbxproj:
60638 * debugger/DebuggerActivation.cpp:
60639 (JSC::DebuggerActivation::visitChildren):
60640 * heap/MarkedBlock.cpp:
60641 (JSC::MarkedBlock::MarkedBlock):
60642 * heap/MarkedSpace.cpp:
60643 * runtime/Arguments.cpp:
60644 (JSC::Arguments::visitChildren):
60645 * runtime/Executable.cpp:
60646 (JSC::EvalExecutable::visitChildren):
60647 (JSC::ProgramExecutable::visitChildren):
60648 (JSC::FunctionExecutable::visitChildren):
60649 * runtime/Executable.h:
60650 * runtime/GetterSetter.cpp:
60651 (JSC::GetterSetter::visitChildren):
60652 * runtime/GetterSetter.h:
60653 * runtime/JSAPIValueWrapper.h:
60654 (JSC::JSAPIValueWrapper::createStructure):
60655 (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
60656 * runtime/JSActivation.cpp:
60657 (JSC::JSActivation::visitChildren):
60658 * runtime/JSArray.cpp:
60659 (JSC::JSArray::visitChildren):
60660 * runtime/JSCell.cpp:
60661 (JSC::slowValidateCell):
60662 * runtime/JSCell.h:
60663 (JSC::JSCell::JSCell::unvalidatedStructure):
60664 (JSC::JSCell::JSCell::JSCell):
60665 * runtime/JSFunction.cpp:
60666 (JSC::JSFunction::visitChildren):
60667 * runtime/JSGlobalObject.cpp:
60668 (JSC::JSGlobalObject::visitChildren):
60669 (JSC::slowValidateCell):
60670 * runtime/JSONObject.h:
60671 * runtime/JSObject.cpp:
60672 (JSC::JSObject::visitChildren):
60673 * runtime/JSPropertyNameIterator.cpp:
60674 (JSC::JSPropertyNameIterator::visitChildren):
60675 * runtime/JSPropertyNameIterator.h:
60676 * runtime/JSStaticScopeObject.cpp:
60677 (JSC::JSStaticScopeObject::visitChildren):
60678 * runtime/JSString.h:
60679 (JSC::RopeBuilder::JSString):
60680 * runtime/JSWrapperObject.cpp:
60681 (JSC::JSWrapperObject::visitChildren):
60682 * runtime/NativeErrorConstructor.cpp:
60683 (JSC::NativeErrorConstructor::visitChildren):
60684 * runtime/PropertyMapHashTable.h:
60685 (JSC::PropertyMapEntry::PropertyMapEntry):
60686 * runtime/RegExpObject.cpp:
60687 (JSC::RegExpObject::visitChildren):
60688 * runtime/ScopeChain.cpp:
60689 (JSC::ScopeChainNode::visitChildren):
60690 * runtime/ScopeChain.h:
60691 (JSC::ScopeChainNode::ScopeChainNode):
60692 * runtime/Structure.cpp:
60693 (JSC::Structure::Structure):
60694 (JSC::Structure::addPropertyTransition):
60695 (JSC::Structure::visitChildren):
60696 * runtime/Structure.h:
60697 (JSC::JSCell::classInfo):
60698 * runtime/StructureChain.cpp:
60699 (JSC::StructureChain::visitChildren):
60700 * runtime/StructureChain.h:
60701 * runtime/WriteBarrier.h:
60702 (JSC::validateCell):
60704 (JSC::JSGlobalObject):
60705 (JSC::WriteBarrierBase::set):
60706 (JSC::WriteBarrierBase::setMayBeNull):
60707 (JSC::WriteBarrierBase::setEarlyValue):
60708 (JSC::WriteBarrierBase::get):
60709 (JSC::WriteBarrierBase::operator*):
60710 (JSC::WriteBarrierBase::operator->):
60711 (JSC::WriteBarrierBase::unvalidatedGet):
60712 (JSC::WriteBarrier::WriteBarrier):
60713 * wtf/Assertions.h:
60715 2011-05-01 Holger Hans Peter Freyther <holger@moiji-mobile.com>
60717 Reviewed by Steve Block.
60719 [android] OS(ANDROID) does not imply PLATFORM(ANDROID)
60720 https://bugs.webkit.org/show_bug.cgi?id=59888
60722 It is possible to build QtWebKit and others for OS(ANDROID). Let
60723 the buildsystem decide which platform is to be build.
60727 2011-05-12 Maciej Stachowiak <mjs@apple.com>
60729 Reviewed by Darin Adler.
60731 XMLDocumentParserLibxml2 should play nice with strict OwnPtrs
60732 https://bugs.webkit.org/show_bug.cgi?id=59394
60734 This portion of the change introduces a PassTraits template, which
60735 is used to enable takeFirst() to work for a Deque holding OwnPtrs,
60736 and optimize it for a Deque holding RefPtrs. In the future it can
60737 be deployed elsewhere to make our data structures work better with
60738 our smart pointers.
60740 * GNUmakefile.list.am:
60741 * JavaScriptCore.gypi:
60742 * JavaScriptCore.vcproj/WTF/WTF.vcproj:
60743 * JavaScriptCore.xcodeproj/project.pbxproj:
60744 * wtf/CMakeLists.txt:
60746 (WTF::::takeFirst):
60747 * wtf/PassTraits.h: Added.
60748 (WTF::PassTraits::transfer):
60750 2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
60754 Revert r86334, it broke the win build. WinCE build is fixed even without this patch. WinCairo remains broken atm, everything else works.
60756 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
60758 2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
60762 String operator+ reallocates unnecessarily when concatting > 2 strings
60763 https://bugs.webkit.org/show_bug.cgi?id=58420
60765 Try to fix WinCE/WinCairo linking by exporting three symbols, not sure whether it's correct though. Win worked just fine before.
60767 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
60769 2011-05-12 Nikolas Zimmermann <nzimmermann@rim.com>
60771 Reviewed by Darin Adler.
60773 String operator+ reallocates unnecessarily when concatting > 2 strings
60774 https://bugs.webkit.org/show_bug.cgi?id=58420
60776 Provide a faster String append operator.
60777 Up until now, "String operator+(const String& a, const String& b)" copied String a into a temporary
60778 object, and used a.append(b), which reallocates a new buffer of aLength+bLength. When concatting
60779 N strings using operator+, this leads to N-1 reallocations.
60781 Replace this with a flexible operator+ implementation, that avoids these reallocations.
60782 When concatting a 'String' with any string type (char*, UChar, Vector<char>, String, AtomicString, etc..)
60783 a StringAppend<String, T> object is created, which holds the intermediate string objects, and delays
60784 creation of the final string, until operator String() is invoked.
60786 template<typename T>
60787 StringAppend<String, T> operator+(const String& string1, T string2)
60789 return StringAppend<String, T>(string1, string2);
60792 template<typename U, typename V, typename W>
60793 StringAppend<U, StringAppend<V, W> > operator+(U string1, const StringAppend<V, W>& string2)
60795 return StringAppend<U, StringAppend<V, W> >(string1, string2);
60798 When concatting three strings - "String a, b, c; String result = a + b + c;" following happens:
60799 first a StringAppend<String, String> object is created by operator+(const String& string1, String string2).
60800 Then operator+(String string1, const StringAppend<String, String>& string2) is invoked, which returns
60801 a StringAppend<String, StringAppend<String, String> > object.
60802 Then operator String() is invoked, which allocates a StringImpl object, once, large enough to hold the
60803 final string - it uses tryMakeString provided by StringConcatenate.h under the hoods, which guards us
60804 against too big string allocations, etc.
60806 Note that the second template, defines a recursive way to concat an arbitary number of strings
60807 into a single String with just one allocation.
60809 * GNUmakefile.list.am: Add StringOperators.h to build.
60810 * JavaScriptCore.exp: Export WTF::emptyString(). Remove no longer needed symbols.
60811 * JavaScriptCore.gypi: Add StringOperators.h to build.
60812 * JavaScriptCore.vcproj/WTF/WTF.vcproj: Ditto.
60813 * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
60814 * wtf/text/AtomicString.h: Pull in StringConcatenate.h at the end of the file.
60815 * wtf/text/StringConcatenate.h: Conditionally include AtomicString.h to avoid a cyclic dependency. Pull in StringOperators.h at the end of the file.
60816 * wtf/text/StringOperators.h: Added. This is never meant to be included directly, including either WTFString.h or AtomicString.h automatically pulls in this file.
60817 (WTF::StringAppend::StringAppend):
60818 (WTF::StringAppend::operator String):
60819 (WTF::StringAppend::operator AtomicString):
60820 (WTF::StringAppend::writeTo):
60821 (WTF::StringAppend::length):
60823 * wtf/text/WTFString.cpp: Remove operator+ implementations that use String::append().
60824 (WTF::emptyString): Add new shared empty string free function.
60825 * wtf/text/WTFString.h: Replace operator+ implementations by StringAppend template solution. Pull in AtomicString.h at the end of the file.
60827 2011-05-12 Philippe Normand <pnormand@igalia.com>
60829 Unreviewed, GTK build fix.
60833 2011-05-12 Keith Kyzivat <keith.kyzivat@nokia.com>
60835 Reviewed by Csaba Osztrogonác.
60837 [Qt] Arm debug build failing on ARMAssembler::debugOffset()
60838 https://bugs.webkit.org/show_bug.cgi?id=60688
60840 Related to svn rev 85523
60842 * assembler/ARMAssembler.h:
60843 (JSC::ARMAssembler::debugOffset):
60845 2011-05-11 Igor Oliveira <igor.oliveira@openbossa.org>
60847 Reviewed by Eric Seidel.
60849 WebKit does not build with GCCE
60850 https://bugs.webkit.org/show_bug.cgi?id=60667
60852 Allow compile WebKit with GCCE
60857 2011-05-11 Adam Barth <abarth@webkit.org>
60859 Reviewed by Eric Seidel.
60861 Enable strict PassOwnPtr on Mac
60862 https://bugs.webkit.org/show_bug.cgi?id=60684
60864 This should build cleanly now.
60866 * wtf/PassOwnPtr.h:
60868 2011-05-11 Oliver Hunt <oliver@apple.com>
60870 Reviewed by Darin Adler.
60872 Protect JSC from WebCore executing JS during JS wrapper finalization
60873 https://bugs.webkit.org/show_bug.cgi?id=60672
60874 <rdar://problem/9350997>
60876 Detect when we're trying to execute JS during GC and prevent the
60877 execution from happening. We also assert that this isn't happening
60878 as it implies incorrect behaviour of an object's destructor.
60880 * JavaScriptCore.exp:
60883 (JSC::Heap::isBusy):
60884 * interpreter/Interpreter.cpp:
60885 (JSC::Interpreter::execute):
60886 (JSC::Interpreter::executeCall):
60887 (JSC::Interpreter::executeConstruct):
60888 * runtime/JSGlobalData.h:
60889 (JSC::JSGlobalData::isCollectorBusy):
60891 2011-05-11 Oliver Hunt <oliver@apple.com>
60893 Reviewed by Gavin Barraclough.
60895 Enable gc mark validation in temporarily in release builds
60896 https://bugs.webkit.org/show_bug.cgi?id=60678
60898 Make it easier to turn the gc mark validation on and off, and
60899 temporarily turn it on for all builds.
60901 * heap/MarkStack.cpp:
60902 * heap/MarkStack.h:
60903 (JSC::MarkStack::append):
60904 (JSC::MarkStack::internalAppend):
60905 * runtime/WriteBarrier.h:
60906 (JSC::MarkStack::appendValues):
60909 2011-05-11 Geoffrey Garen <ggaren@apple.com>
60911 Reviewed by Oliver Hunt.
60913 <rdar://problem/9331651> REGRESSION: RPRVT grows by 1MB / sec @ dvd2blu.com
60915 SunSpider reports no change.
60917 This bug was caused by changing Structure and Executable to being GC
60918 objects, and by a long-standing bug that would thrash the global object
60919 between dictionary and non-dictionary states.
60921 * runtime/BatchedTransitionOptimizer.h:
60922 (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer): Don't
60923 eagerly transition to dictionary -- this can cause pathological dictionary
60924 churn, and it's not necessary, since objects know how to automatically
60925 transition to dictionary when necessary.
60927 * runtime/Executable.cpp:
60928 (JSC::EvalExecutable::compileInternal):
60929 (JSC::ProgramExecutable::compileInternal):
60930 (JSC::FunctionExecutable::compileForCallInternal):
60931 (JSC::FunctionExecutable::compileForConstructInternal): Be sure to report
60932 extra cost from compilation, because it can be quite high. This is especially
60933 important for program code, since DOM timers can repeatedly allocate
60934 program code without allocating any other objects.
60936 * runtime/JSObject.cpp:
60937 (JSC::JSObject::removeDirect): Don't transition to the uncacheable state
60938 if the thing we're trying to remove doesn't exist. This can happen during
60939 compilation, since the compiler needs to ensure that no pre-existing
60940 conflicting definitions exist for certain declarations.
60942 2011-05-11 Oliver Hunt <oliver@apple.com>
60944 Reviewed by Gavin Barraclough.
60946 Make mark stack validation functions do something useful in a release build
60947 https://bugs.webkit.org/show_bug.cgi?id=60645
60949 Turn ASSERTs into actual if(...) CRASH(); statements.
60951 * heap/MarkStack.cpp:
60952 (JSC::MarkStack::validateValue):
60954 2011-05-11 Xan Lopez <xlopez@igalia.com>
60956 Reviewed by Martin Robinson.
60958 Fix copy&paste error in comment.
60960 * jit/JITPropertyAccess.cpp:
60961 (JSC::JIT::stringGetByValStubGenerator): the value is stored in
60964 2011-05-11 Adam Roben <aroben@apple.com>
60966 WinCE build fixes for strict PassOwnPtr
60968 * wtf/unicode/CollatorDefault.cpp:
60969 (WTF::Collator::userDefault): Use adoptPtr.
60971 2011-05-11 Holger Hans Peter Freyther <holger@moiji-mobile.com>
60973 Unreviewed build fix.
60975 [MIPS] Fix compilation of the MIPS JIT
60977 Include the MIPSAssembler.h first to indirectly include
60978 AssemblerBuffer.h before the AbstractMacroAssembler.h. This
60979 order is used for the ARM and X86 MacroAssembler*.h
60981 * assembler/MacroAssemblerMIPS.h:
60983 2011-05-11 Adam Roben <aroben@apple.com>
60985 Turn on strict PassOwnPtr on Windows
60987 Fixes <http://webkit.org/b/60632> Windows should build with strict PassOwnPtr enabled
60989 Reviewed by Adam Barth.
60991 * wtf/PassOwnPtr.h:
60993 2011-05-10 Stephanie Lewis <slewis@apple.com>
60997 Revert accidental JavaScriptCore change in http://trac.webkit.org/changeset/86130
60999 * Configurations/JavaScriptCore.xcconfig:
61001 2011-05-10 Adam Barth <abarth@webkit.org>
61003 Reviewed by David Levin.
61005 Enable strict PassOwnPtr on Chromium
61006 https://bugs.webkit.org/show_bug.cgi?id=60502
61008 Other platforms to follow.
61010 * wtf/PassOwnPtr.h:
61012 2011-05-10 Geoffrey Garen <ggaren@apple.com>
61014 Reviewed by Darin Adler.
61016 Fixed up some #include dependencies so the WriteBarrier class can actually call Heap::writeBarrier
61017 https://bugs.webkit.org/show_bug.cgi?id=60532
61019 * GNUmakefile.list.am:
61020 * JavaScriptCore.gypi:
61021 * JavaScriptCore.xcodeproj/project.pbxproj: Build!
61023 * heap/Handle.h: Moved HandleTypes to its own header because that's the
61024 WebKit style, and it was necessary to resolve a circular dependency
61025 between Handle.h and WriteBarrier.h.
61028 (JSC::Heap::writeBarrier): Added an inline no-op writeBarrier(), to
61029 verify that all the code is in the right place.
61031 * heap/MarkStack.h: Moved WriteBarrier operations to WriteBarrier.h to
61032 resolve a circular dependency.
61034 * runtime/ArgList.h:
61035 * runtime/JSCell.h: #include WriteBarrier.h since we don't get it for
61038 * runtime/PropertyMapHashTable.h:
61039 (JSC::PropertyTable::PropertyTable): Call the real writeBarrier()
61040 function, now that it exists.
61042 * runtime/SmallStrings.h: Removed a stray #include to resolve a circular
61045 * runtime/WriteBarrier.h:
61046 (JSC::WriteBarrierBase::set):
61047 (JSC::MarkStack::append):
61048 (JSC::MarkStack::appendValues): Updated to match the changes above.
61050 2011-05-10 Oliver Hunt <oliver@apple.com>
61054 * heap/MarkStack.cpp:
61055 (JSC::MarkStack::validateValue):
61057 2011-05-10 Oliver Hunt <oliver@apple.com>
61059 Reviewed by Gavin Barraclough.
61061 Add some aggressive GC validation to debug builds.
61062 https://bugs.webkit.org/show_bug.cgi?id=60601
61064 When assertions are enabled we now do some validity checking
61065 of objects being added to the mark stack.
61067 * bytecode/Instruction.h:
61068 (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
61069 (JSC::PolymorphicAccessStructureList::visitAggregate):
61070 * heap/MarkStack.cpp:
61071 (JSC::MarkStack::validateSet):
61072 (JSC::MarkStack::validateValue):
61073 * heap/MarkStack.h:
61074 (JSC::MarkStack::appendValues):
61075 (JSC::MarkStack::append):
61076 (JSC::MarkStack::internalAppend):
61078 2011-05-09 Darin Adler <darin@apple.com>
61080 Reviewed by Oliver Hunt.
61082 http://bugs.webkit.org/show_bug.cgi?id=60509
61083 Wrong type used for return value from strlen
61085 * wtf/FastMalloc.cpp:
61086 (WTF::fastStrDup): Use size_t. Also don't bother checking for failure since
61087 fastMalloc won't return if it fails.
61089 2011-05-09 Adam Barth <abarth@webkit.org>
61091 Reviewed by Eric Seidel.
61093 CSP should block Function constructor
61094 https://bugs.webkit.org/show_bug.cgi?id=60240
61096 When eval is disabled, we need to block the use of the function
61097 constructor. However, the WebCore JSC bindings call the function
61098 constructor directly to create inline event listeners. To support that
61099 use, this patch adds an entrypoint that bypasses the check for whether
61102 * JavaScriptCore.exp:
61103 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
61104 * runtime/FunctionConstructor.cpp:
61105 (JSC::constructFunction):
61106 (JSC::constructFunctionSkippingEvalEnabledCheck):
61107 * runtime/FunctionConstructor.h:
61109 2011-05-09 Adam Roben <aroben@apple.com>
61111 Automatically touch WebKit.idl whenever any other WebKit1 IDL file changes
61113 Fixes <http://webkit.org/b/60468> WebKit.idl needs to be manually touched whenever any other
61114 WebKit1 IDL file changes to avoid build errors
61116 Reviewed by Tim Hatcher.
61118 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.make:
61119 * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreGenerated.vcproj:
61120 Updated for script rename.
61122 * JavaScriptCore.vcproj/JavaScriptCore/react-to-vsprops-changes.py: Removed.
61123 * JavaScriptCore.vcproj/JavaScriptCore/work-around-vs-dependency-tracking-bugs.py: Renamed
61124 from react-to-vsprops-changes.py.
61125 (top level): Moved a constant here from main.
61126 (main): Moved most code from here to react_to_vsprops_changes. Added a call to the new
61127 react_to_webkit1_interface_changes function.
61128 (react_to_vsprops_changes): Moved code here from main. Updated to use the
61129 TOP_LEVEL_DIRECTORY global. Moved some code from here to mtime_of_newest_file_matching_globa
61130 and touch_if_older_than.
61131 (react_to_webkit1_interface_changes): Added. Touches WebKit.idl if any other WebKit1 IDL
61133 (mtime_of_newest_file_matching_glob): Added. Code came from main.
61134 (touch_if_older_than): Added. Code came from main.
61136 2011-05-08 Jessie Berlin <jberlin@apple.com>
61138 Reviewed by Dan Bernstein.
61140 Make JSRetainPtr work with JSGlobalContextRefs.
61141 https://bugs.webkit.org/show_bug.cgi?id=60452
61143 Add specialized functions for JSRetain and JSRelease when dealing with JSGlobalContextRefs.
61145 * API/JSRetainPtr.h:
61148 * heap/CopiedSpace.cpp:
61149 (JSC::CopiedSpace::tryAllocateOversize):
61150 (JSC::CopiedSpace::tryReallocateOversize):
61151 (JSC::CopiedSpace::doneCopying):
61152 (JSC::CopiedSpace::getFreshBlock):
61153 (JSC::CopiedSpace::freeAllBlocks):
61154 * heap/CopiedSpaceInlineMethods.h:
61155 (JSC::CopiedSpace::recycleBlock): Make sure to call destroy before
61156 returning a block to the BlockAllocator. Otherwise, our destructors
61157 won't run. (If we get this wrong now, we'll get a compile error.)
61159 * heap/HeapBlock.h:
61160 (JSC::HeapBlock::HeapBlock): const!
61162 * heap/MarkedAllocator.cpp:
61163 (JSC::MarkedAllocator::allocateBlock): No need to distinguish between
61164 create and recycle -- MarkedBlock always accepts memory allocated by
61167 * heap/MarkedBlock.cpp:
61168 (JSC::MarkedBlock::create): Don't allocate memory -- we assume that we're
61169 passed already-allocated memory, to clarify the responsibility for VM
61172 (JSC::MarkedBlock::destroy): Do run our destructor before giving back
61173 our VM -- that is the whole point of this patch.
61175 (JSC::MarkedBlock::MarkedBlock):
61176 * heap/MarkedBlock.h:
61178 * heap/MarkedSpace.cpp: const!
61180 (JSC::MarkedSpace::freeBlocks): Make sure to call destroy before
61181 returning a block to the BlockAllocator. Otherwise, our destructors
61182 won't run. (If we get this wrong now, we'll get a compile error.)
61184 == Rolled over to ChangeLog-2012-05-22 ==