Import WebKit commit 3ca7a25a550e473d60bbbe321475c6c0ef114b31

Change-Id: I480668a0cb8114dccf7a1195190a993282875759
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

4 files changed, 33 insertions, 25 deletions

diff --git a/Source/JavaScriptCore/runtime/ArgList.cpp b/Source/JavaScriptCore/runtime/ArgList.cpp
index 3023151bf..7813b404f 100644
--- a/Source/JavaScriptCore/runtime/ArgList.cpp
+++ b/Source/JavaScriptCore/runtime/ArgList.cpp
@@ -30,6 +30,19 @@ using std::min;
 
 namespace JSC {
 
+void MarkedArgumentBuffer::addMarkSet(JSValue v)
+{
+    if (m_markSet)
+        return;
+
+    Heap* heap = Heap::heap(v);
+    if (!heap)
+        return;
+
+    m_markSet = &heap->markListSet();
+    m_markSet->add(this);
+}
+
 void ArgList::getSlice(int startIndex, ArgList& result) const
 {
     if (startIndex <= 0 || startIndex >= m_argCount) {
@@ -51,40 +64,31 @@ void MarkedArgumentBuffer::markLists(HeapRootVisitor& heapRootVisitor, ListSet&
     }
 }
 
-void MarkedArgumentBuffer::slowAppend(JSValue v)
+void MarkedArgumentBuffer::expandCapacity()
 {
     int newCapacity = (Checked<int>(m_capacity) * 2).unsafeGet();
     size_t size = (Checked<size_t>(newCapacity) * sizeof(EncodedJSValue)).unsafeGet();
     EncodedJSValue* newBuffer = static_cast<EncodedJSValue*>(fastMalloc(size));
-    for (int i = 0; i < m_capacity; ++i)
+    for (int i = 0; i < m_capacity; ++i) {
         newBuffer[i] = m_buffer[i];
+        addMarkSet(JSValue::decode(m_buffer[i]));
+    }
 
     if (EncodedJSValue* base = mallocBase())
         fastFree(base);
 
     m_buffer = newBuffer;
     m_capacity = newCapacity;
+}
+
+void MarkedArgumentBuffer::slowAppend(JSValue v)
+{
+    if (m_size >= m_capacity)
+        expandCapacity();
 
     slotFor(m_size) = JSValue::encode(v);
     ++m_size;
-
-    if (m_markSet)
-        return;
-
-    // As long as our size stays within our Vector's inline 
-    // capacity, all our values are allocated on the stack, and 
-    // therefore don't need explicit marking. Once our size exceeds
-    // our Vector's inline capacity, though, our values move to the 
-    // heap, where they do need explicit marking.
-    for (int i = 0; i < m_size; ++i) {
-        Heap* heap = Heap::heap(JSValue::decode(slotFor(i)));
-        if (!heap)
-            continue;
-
-        m_markSet = &heap->markListSet();
-        m_markSet->add(this);
-        break;
-    }
+    addMarkSet(v);
 }
 
 } // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/ArgList.h b/Source/JavaScriptCore/runtime/ArgList.h
index 8ae622d07..b7e6e4a1a 100644
--- a/Source/JavaScriptCore/runtime/ArgList.h
+++ b/Source/JavaScriptCore/runtime/ArgList.h
@@ -78,7 +78,7 @@ public:
 
     void append(JSValue v)
     {
-        if (m_size >= m_capacity)
+        if (m_size >= m_capacity || mallocBase())
             return slowAppend(v);
 
         slotFor(m_size) = JSValue::encode(v);
@@ -100,6 +100,10 @@ public:
     static void markLists(HeapRootVisitor&, ListSet&);
 
 private:
+    void expandCapacity();
+
+    void addMarkSet(JSValue);
+
     JS_EXPORT_PRIVATE void slowAppend(JSValue);
         
     EncodedJSValue& slotFor(int item) const
@@ -109,7 +113,7 @@ private:
         
     EncodedJSValue* mallocBase()
     {
-        if (m_capacity == static_cast<int>(inlineCapacity))
+        if (m_buffer == m_inlineBuffer)
             return 0;
         return &slotFor(0);
     }
diff --git a/Source/JavaScriptCore/runtime/ErrorPrototype.cpp b/Source/JavaScriptCore/runtime/ErrorPrototype.cpp
index 5bc2ec3c8..d17a28e5b 100644
--- a/Source/JavaScriptCore/runtime/ErrorPrototype.cpp
+++ b/Source/JavaScriptCore/runtime/ErrorPrototype.cpp
@@ -122,7 +122,7 @@ EncodedJSValue JSC_HOST_CALL errorProtoFuncToString(ExecState* exec)
 
     // 9. If msg is the empty String, return name.
     if (!messageString.length())
-        return JSValue::encode(name.isString() ? name : jsNontrivialString(exec, nameString));
+        return JSValue::encode(name.isString() ? name : jsString(exec, nameString));
 
     // 10. Return the result of concatenating name, ":", a single space character, and msg.
     return JSValue::encode(jsMakeNontrivialString(exec, nameString, ": ", messageString));
diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.h b/Source/JavaScriptCore/runtime/ScopedArguments.h
index 8d36a1bab..5e2df3cc9 100644
--- a/Source/JavaScriptCore/runtime/ScopedArguments.h
+++ b/Source/JavaScriptCore/runtime/ScopedArguments.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -100,7 +100,7 @@ public:
         ASSERT_WITH_SECURITY_IMPLICATION(canAccessIndexQuickly(i));
         unsigned namedLength = m_table->length();
         if (i < namedLength)
-            m_scope->variableAt(m_table->get(i)).set(vm, this, value);
+            m_scope->variableAt(m_table->get(i)).set(vm, m_scope.get(), value);
         else
             overflowStorage()[i - namedLength].set(vm, this, value);
     }